Nationwide Building Society was fined £44m (after 30% discount), by the Financial Conduct Authority ('FCA') for inadequate anti-financial crime systems and controls between October 2016 to July 2021. Here we outline the key facts and takeaways from the FCA’s Final Notice dated 11 December 2025.

Published 15 December 2025

Key facts:

• Nationwide’s system for risk assessing customers, at the start of the relevant period, was unsophisticated with only limited categories (e.g. person charged or convicted of financial crime) falling within the definition of a high-risk customer
• Nationwide did not have effective systems for refreshing customer due diligence (‘CDD’) and conducting customer risk assessments
• there were (i) gaps in the CDD undertaken for existing customers, (ii) some risk assessments were not fully completed, and (iii) Nationwide could not be confident that it had identified all high-risk customers
• the deficiencies had a potentially material impact on the ability to monitor customer activity
• Nationwide had no process for undertaking either periodic or event-driven reviews of a substantial proportion of its customer relationships
• Nationwide allowed personal accounts to be used for business purposes, without effective mitigating controls. In particular, (i) CDD measures were not calibrated to capture business characteristics (ii) transaction monitoring systems were not designed to identify unusual / suspicious business activity, and (iii) training and processes did not include sufficient guidance on how to investigate business use accounts
• Nationwide missed opportunities to identify unusual activity when payments, related to the Coronavirus Job Retention Scheme, were received into the accounts of personal customers

Key takeaways:

• firms must establish and maintain an adequate risk-based anti-money laundering control framework which is comprehensive and proportionate to the nature, scale and complexity of the firm’s activities
• a firm’s AML framework must include measures to establish the identity of customers accurately at the start of the relationship and to undertake sufficient CDD to enable the firm to understand the purpose and nature of the customer’s intended relationship so that the firm can assess the money laundering risks presented by the customer
• where AML risks are high, firms should undertake enhanced due diligence
• firms should monitor the activities of customers, to ensure that the conduct is consistent with the firms understating of the customer. The extent and frequency of the monitoring will depend on the risks identified
• where the risk associated with the customer relationship is high, enhanced ongoing monitoring of the relationship must be undertaken
• where customer activity is inconsistent with the firm’s understanding of the customer, it should investigate and (where appropriate) submit a suspicious activity report to the National Crime Agency
• given that there is an elevated risk of financial crime in the retail banking sector (because of the volume of transactions, simple onboarding processes and its mass market nature), additional precautions need to be taken in respect of SME customers
• retail banks need to be wary of account holders using personal current accounts for business purposes and must have systems in place to detect / identify the scale of the issue. FCA referenced one egregious case in its press release, where Nationwide failed to identify unusual activity on the part of a customer (i.e., during an 8-day window, the customer fraudulently claimed and received £26m of payments relating to the Coronavirus Job Retention Scheme)

More information

For more information or advice, please contact our Financial Services Disputes and Investigations team.