AML Failures Under the Microscope: Lessons from FCA Enforcement

  • Article
  • AML and Financial Crime, FCA, Trade and Transaction
  • Belinda Makumbi, Michael Strug

In its five-year strategy plan (2025-2030), the FCA makes clear that financial crime is a key risk to the region. With a sharper focus on AML, the UK regulator is ramping up enforcement and expecting more from firms regarding onboarding, monitoring, and reporting.

Recent fines show that even well-established financial institutions are falling short, and the consequences are steep.

While banks dominate the headlines, asset managers should not assume they’re out of scope. Many rely heavily on fund administrators for AML processes like screening, refreshes, and business-wide risk assessments, often without verifying whether those controls are fit for purpose. Yet FCA-regulated firms are required to be fully accountable for their own compliance, including maintaining investor categorisation records and AML oversight.

Although the responsibilities of the Money Laundering Reporting Officer (MLRO, also known as SMF17) frequently sit with the CCO, who may have limited time or focus on financial crime, there’s a growing need for firms to take a more proactive and structured approach.

Recent FCA enforcement actions send a clear message that financial crime controls must be robust, integrated, and continuously tested to keep pace with regulatory expectations. Firms should regularly assess their onboarding and monitoring systems and promptly address identified issues.

1. UK Bank Fined £42 Million for Poor Handling of Financial Crime Risks

A large UK bank was fined for two separate failings:

  • Opening a client money account for an unauthorised investment firm without basic checks.
  • Failing to monitor suspicious activity linked to a corporate client involved in a known laundering operation.

Despite law enforcement alerts, the bank delayed action until another institution was prosecuted.

Lesson

Basic due diligence and timely response to red flags are non-negotiable.

Actions to Consider:
  • Conduct comprehensive customer due diligence before account opening.
  • Maintain up-to-date customer risk profiles and ongoing monitoring.
  • Implement automated transaction monitoring systems capable of detecting and escalating suspicious transactions for review.
  • Ensure staff are trained and empowered to apply AML policies effectively.

2. Digital Bank Fined £21 Million for Onboarding and Monitoring Breaches

A fast-growing digital bank repeatedly breached FCA restrictions by onboarding high-risk customers while under regulatory review. Failures cited also included risk assessment and transaction monitoring.

Lesson

AML controls must be embedded in systems, not bolted on, and regulatory restrictions must be enforced operationally.

Actions to Consider:
  • Money laundering and financial crime controls must be embedded as core infrastructure, not afterthoughts. AML frameworks must evolve with the changing landscape, supported by scalable technology, regular process reviews, and robust risk governance.
  • Banks must ensure that restrictions or special conditions imposed by regulators are integrated into core operating systems rather than treated as manual workarounds. The failure to prevent onboarding of high-risk customers demonstrates the risks of inadequate system integration and poor internal communication.
  • Independent reviews and remediation programs are only effective if their recommendations are fully implemented and tested. Ongoing regulatory dialogue and clear accountability are crucial.
  • Senior management and boards must prioritise AML compliance, investing both in technology and ongoing staff training.

3. Retail Bank Fined £16.7 Million for Transaction Monitoring Failures

A UK retail bank failed to monitor over 60 million transactions due to a data error in its automated system—an issue that persisted for over four years despite internal concerns.

Lesson

Transaction monitoring systems must be tested, calibrated, and regularly reviewed, especially after implementation.

Actions to Consider:
  • Implement a robust, fit-for-purpose transaction monitoring system with rules and alerts designed to capture all customer types and behaviors.
  • Regularly review outputs of transaction monitoring results to ensure the mechanism and logic are calibrated correctly.
  • Design effective monitoring and testing of transaction monitoring systems.
  • Provide clear guidelines for potential financial crime-related scenarios that could lead to account termination or closure.
  • Ensure employees receive adequate training on a regular basis to identify potentially suspicious activity and act through suspicious activity reporting and account terminations.

4. Bank Fined £29 Million for Sanctions Screening and AML Failures

A UK challenger bank was fined for weaknesses in its financial crime systems, including sanctions screening and onboarding controls. Despite agreeing not to onboard high-risk customers, the bank opened over 50,000 such accounts. It also discovered that its sanctions screening system had only been checking a fraction of the required list for several years.

Lesson

Sanctions and AML controls must scale with growth and be rigorously tested for coverage, proportionality, and regulatory compliance.

Actions to Consider:
  • Firms should ensure their current financial crime controls are operating effectively, including their sanction screening processes and systems.
  • Sanction screening should be repeated at defined intervals through an automated process as determined by internal policies.
  • Consider risks posed by an organization’s products, services, and relationships, such as cross-border payments where account holders must comply with their country’s sanctions requirements.

5. Large Retail Bank Fined £107.7 Million for Repeated AML Failures

A major UK retail bank was fined for persistent gaps in its AML controls. The regulator purported that it failed to verify customer business activities, monitor account behavior, or act on internal recommendations to close suspicious accounts. Over £298 million passed through one such account before action was taken.

Lesson

AML frameworks must be risk-based, consistently applied, and supported by strong governance and escalation processes.

Actions to Consider:
  • Set up and review your onboarding processes regularly to capture key information about your customers that could impact your assessment of financial crime risks.
  • Include clear guidance in your onboarding documentation for evaluating and verifying business activities, and identifying potential red flags that may indicate incorrect or misleading customer activities.
  • Review and update your process for managing high-risk relationships, such as those involving politically exposed persons (PEPs), to embed clear steps for identifying high-risk customers. Apply appropriate due diligence, such as establishing and verifying source of funds or wealth, and impose enhanced monitoring of the business relationship.
  • Make sure your customer risk assessment, whether manual or automated, is clearly recorded within the customer risk profile, with an audit trail for any changes to the customer’s risk rating.
  • Implement clear processes for customer termination and confirm these are understood by all relevant departments.
  • Maintain appropriate monitoring and oversight arrangements to detect non-compliance, such as failing to close accounts following a suspicious activity or other financial crime concerns.

It’s Not Just the FCA

While the FCA has been particularly active, regulators globally are stepping up AML enforcement:

These actions reflect a coordinated international push to tighten financial crime controls. Firms operating across jurisdictions should be prepared to meet rising expectations.

Future-Proof Your AML Strategy

Recent enforcement actions highlight persistent weaknesses in AML frameworks and rising regulatory expectations. Staying ahead means more than avoiding fines; it’s about protecting your reputation, ensuring risk assessments reflect a proportionate risk-based review methodology, and building resilience.

Strong financial crime controls must be embedded, tested, and continuously improved. For many firms, third-party support offers the expertise and objectivity needed to identify gaps and strengthen defences.

Explore ACA’s AML Compliance Solutions

ACA helps firms stay ahead of regulatory expectations by identifying gaps in their financial crime frameworks and delivering practical, risk-based solutions. Our services include:

  • Targeted thematic reviews: Deep dives into specific areas of your AML program to assess effectiveness and identify weaknesses.
  • Policies and procedures: Draft, review, and enhance AML policies and procedures to ensure they are risk-based, up to date with regulatory expectations, and embedded across your business.
  • Financial crime risk assessments: Comprehensive reviews of your firm’s exposure to financial crime risks and the adequacy of your controls.
  • Specialist advisory support: Bespoke advice from experienced consultants to help you remediate issues and build resilient compliance programmes.
  • Surveillance and monitoring tools: Automate transaction monitoring, sanctions screening, and surveillance workflows.
  • Managed services: Outsource ongoing AML monitoring, execute KYC refresh and remediation, provide outsourced compliance and Money Laundering Reporting Officer (MLRO) support, and manage regulatory filings to help firms meet daily compliance obligations efficiently.

Speak with our team about strengthening your AML framework or addressing specific regulatory concerns, get in touch with us.

Connect With Us
Contact
Contact