What Ofgem found at Ovo

Ofgem's investigation concluded that Ovo Energy, the UK's third-largest domestic energy supplier with roughly four million customer accounts, did not adequately monitor customers using prepayment meters (PPMs), according to the regulator's findings published on 3 June 2026, as first reported by the Guardian. The failings extended to customers on the priority services register, a database of households identified as vulnerable due to age, disability, chronic illness, or other factors.

The regulator determined that Ovo breached licence conditions designed to protect customers in vulnerable situations. Ofgem described the shortcomings as having exposed those customers "to clear risk of harm," according to the regulator's assessment.

The £10m-plus payment represents a significant financial consequence. It sits alongside reputational damage that boards at regulated consumer-facing businesses cannot easily quantify but will recognise as material.

Ovo acquired SSE Energy Services in 2020, a deal that roughly doubled its customer base. The integration of systems and processes across two large retail energy operations has presented well-documented challenges. Inadequate monitoring infrastructure of the kind Ofgem identified is, in operational terms, a foreseeable risk when legacy systems from separate organisations are merged without sufficient investment in compliance tooling.

The wider regulatory crackdown on prepayment meters

The Ovo case does not exist in isolation. Ofgem's enforcement posture on prepayment meters hardened sharply after revelations in early 2023 that energy suppliers were forcibly installing PPMs in vulnerable households, sometimes by obtaining magistrates' warrants and entering homes. Media investigations, notably by The Times, exposed cases involving elderly and disabled customers.

The resulting public and political pressure led to a voluntary moratorium on forced PPM installations across the sector. Ofgem subsequently introduced new licence conditions that took effect in November 2023, tightening the rules around when and how suppliers could switch customers to prepayment arrangements and strengthening monitoring obligations for those already on meters.

The most prominent enforcement action before the Ovo case targeted Centrica, the owner of British Gas. In 2023, Centrica agreed to pay £10.8m after Ofgem found that British Gas agents, acting through a third-party contractor, had forcibly installed prepayment meters in the homes of vulnerable customers. That case set a benchmark for the financial consequences of PPM-related compliance failures.

The Ovo penalty, at more than £10m, sits in a comparable range. The signal from Ofgem is consistent: suppliers that fail to protect vulnerable customers on prepayment meters face costs in the tens of millions of pounds, a figure large enough to register on the balance sheets of even the biggest retail energy businesses.

Operational lessons for boards in regulated sectors

The pattern across recent Ofgem enforcement actions points to a recurring operational weakness: inadequate systems for identifying, tracking, and acting on vulnerability data. Monitoring obligations are not new. The priority services register has existed for years. What the regulator is now penalising is the gap between the obligation on paper and the infrastructure in practice.

For boards at energy suppliers and other regulated consumer businesses, the Ovo case underlines several points.

First, integration risk is compliance risk. When organisations merge customer bases, the technical and procedural work required to maintain monitoring standards across combined systems is substantial. Cutting corners, or simply failing to prioritise that work, creates exposure that regulators are now actively looking for.

Second, the cost of remediation after enforcement far exceeds the cost of prevention. A £10m penalty, plus the legal and operational costs of an investigation, plus reputational damage, dwarfs the investment required to build and maintain robust vulnerability monitoring systems.

Third, Ofgem has established a pricing framework for harm. The Centrica and Ovo cases together suggest that penalties in the range of £10m to £11m represent the regulator's current view of appropriate consequences for systemic PPM monitoring failures. Boards should treat that figure as a baseline, not a ceiling, particularly if future cases involve evidence of actual harm rather than risk of harm.

Beyond energy

The principle extends beyond the energy sector. Financial services firms regulated by the FCA face analogous obligations under the Consumer Duty, which took effect in July 2023. Water companies face scrutiny from Ofwat over customer vulnerability practices. In each case, the regulatory expectation is the same: organisations must have operational systems capable of identifying vulnerable customers and ensuring they are not exposed to disproportionate harm.

What comes next for Ovo and the sector

Ovo has agreed to the payment, which, according to the Guardian's report, amounts to more than £10m. The company has not disclosed the precise figure or the breakdown between penalty and customer redress.

For the wider sector, the direction of travel is clear. Ofgem has moved from voluntary commitments to binding licence conditions and is backing those conditions with material enforcement. Suppliers that have not yet invested in comprehensive PPM monitoring systems face a narrowing window in which to act before the regulator acts for them.

The November 2023 licence conditions remain relatively new, and Ofgem is likely still assessing compliance across the sector. Further enforcement actions are plausible, particularly where suppliers can be shown to have had adequate notice of their obligations and failed to meet them.

For finance directors and board members at regulated utilities, the calculation is straightforward. The question is not whether compliance infrastructure is expensive. It is whether it is more expensive than the alternative.