Lessons from Monzo Bank’s fine for financial crime failings

What matters

Financial institutions are again reminded that the FCA will impose significant penalties on Banks when they fail to have in place appropriate policies and procedures to combat financial crime.

What matters next

Banks and firms in the financial services sector will need to note the findings contained in the FCAs final notice and apply the lessons learned to their own anti-money laundering policies and procedures.

Monzo Bank Limited, a digital challenger bank, was fined £21,091,300 (after 30% discount), by the Financial Conduct Authority for inadequate anti-financial crime systems and controls.

Key facts:

  • key elements of Monzo’s financial crime framework, particularly with regard to customer risk assessments and the collection of customer information did not keep pace with the firm’s expansion and were inadequate to counter actual and potential financial crime risks
  • monzo failed to obtain information about the purpose and nature of the proposed customer relationship and at times failed to review adverse media hits
  • for business customers, due diligence procedures did not provide for the verification of the identity of all  beneficial owners or persons of significant control
  • until 2020 Monzo’s processes did not (for personal customers) provide circumstances in which enhanced due diligence would be necessary
  • monzo onboarded customers ‘on the basis of limited, and in some cases, obviously implausible information’
  • despite Monzo voluntarily accepting a requirement from the FCA in August 2020 (VREQ) not to open any new accounts for high-risk customers, it subsequently. contravened the VREQ by onboarding 33,039 accounts in breach of the VREQ. 26,325 of these accounts were for high-risk customers

Key takeaways:

  • financial crime controls should be reviewed and revised on a regular basis to ensure that they are appropriate for the nature and size of the business and the risks identified. This would particularly apply to a business that is growing, introducing new products and/or entering new markets
  • firms should ensure that customer risk assessments are appropriate having regard to the nature of the business
  • firms should ensure that customer due diligence procedures make it clear when enhanced due diligence (‘EDD’) is necessary and how and when EDD is undertaken and documented
  • firms should ensure that they obtain sufficient information to enable them to assess financial crime risks which in turn will enable them to undertake monitoring and to identify when activity is unusual / suspicious
  • relevant staff should be provided with appropriate training to enable an effective investigation to be undertaken into transaction monitoring alerts
  • when agreeing to a VREQ, firms should ensure that they have systems and controls in place to ensure compliance (including effective monitoring)

Disclaimer

This information is for general information purposes only and does not constitute legal advice. It is recommended that specific professional advice is sought before acting on any of the information given. Please contact us for specific advice on your circumstances. © Shoosmiths LLP 2025.

 

Insights

Read the latest articles and commentary from Shoosmiths or you can explore our full insights library.