Skip to content

Enforcement Actions

Monzo fined £21 million for fincrime failures, third challenger bank fine inside a year

By 0 minute read

July 8, 2025

Challenger bank Monzo has been handed a £21 million fine by the UK Financial Conduct Authority (FCA) for failings in its financial crime systems and controls. These led to the onboarding of customers with “obviously implausible information”, according to Therese Chambers, the FCA’s joint executive director of enforcement and market oversight.

Monzo is the third challenger bank to be fined in the past 12 months over inadequate financial crime controls, following multi-million-pound fines given to Metro and Starling last autumn.

According to the FCA final notice, Monzo compounded its financial crime failures by continuing to onboard high-risk customers after agreeing a voluntary requirement (VREQ) with the FCA in August 2020. This failing echoes that of Starling Bank, which likewise continued to onboard high-risk customers despite agreeing a VREQ .

The FCA also identified weaknesses in financial crime controls at challenger banks during a 2021 review.

John Cronin, founder of research and analysis firm SeaPoint Insights said the fine marked another “embarrassing moment” for the digital challenger banks.

Challenger bank fines for fincrime failings

July 2025 – Monzo fined £21 million

November 2024 – Metro fined £16.7 million

September 2024 – Starling fined £29 million

“What caught my eye in particular was the FCA’s scathing remark – that ‘the weaknesses in Monzo’s financial crime controls resulted from incorrect assumptions about the nature of many of its customers and products and about the effectiveness of Monzo’s transaction monitoring systems to mitigate the lack of customer data gathered at onboarding’ – highlighting the alarming immaturity of its internal controls just a few short years ago. Indeed, this development is likely to further intensify stakeholder scepticism regarding the stewardship and trustworthiness of these burgeoning digital institutions.

“That being said, these banks are demonstrably tightening their controls, and some early stumbles are indeed par for the course for new entrants”, Cronin said.

Rapid growth

Monzo’s customer base grew almost tenfold in just four years — rising from 600,000 in 2018 to 5.8 million by 2022. However, the bank’s financial crime controls failed to keep pace with this growth. The FCA imposed a skilled person review under its Section 166 powers in August 2020. According to the final notice, published today, this required the firm to “undertake a full and substantive review of the state of its financial crime risk management”.

Alongside the Section 166, Monzo applied for the VREQ, which prevented it from onboarding high-risk customers. Despite the FCA imposing this ban on August 5, 2020, between August 2020 and June 2022 Monzo added a further 34,000 such customers.

Rory Doyle, head of financial crime policy at software group Fenergo, said the fine is an example of challenger banks “prioritising growth over compliance”.

“Any firm onboarding tens of thousands of high-risk clients must not neglect to deploy robust know your customer (KYC ) controls to keep bad actors out, in line with regulatory obligations,” he said, adding “Neobanks would be wise to treat this as a warning shot – scale fast, but fail to implement the proper controls and you’ll publicly pay the price.”

Simran Bharaj, founder of financial crime compliance group GKSB Consultancy, said the Monzo final notice highlighted the need for firms that enter into VREQs to ensure they understand what they are agreeing to.

“This fine only seeks to demonstrate that the FCA will enforce the VREQ terms and can do so relatively easily. Firms should be putting additional processes and controls in place to ensure compliance beyond just hiring a skilled person. Firmsʼ focus can often be on the remediation and not the exact wording of the VREQ , but firms have to be extra careful before agreeing the wording,” Bharaj said.

Continuing to onboard high-risk customers after undertaking not to, as both Monzo and Starling did, is increasingly common, she added.

Firms need to realise that they must put additional resources and controls in place to comply with the VREQ, as well as carrying out any remediation required under the Section 166, said Bharaj. She recommends firms obtain an expert opinion on the proposed terms of the VREQ before signing, to avoid breaching them and incurring further FCA sanctions.

Monzoʼs failure to comply with the terms of the VREQ prompted the FCA to apply a £10 million uplift to the initial fine for financial crime systems and controls failures.

Change in leadership

According to the FCA Register, TS Anil, Monzo’s CEO, and Grant Doulton, its money laundering risk officer (MLRO) SMF17, joined the bank after the FCA imposed requirements on the bank in August 2020. Iain Laing, chief risk and compliance officer (SMF 4 & 16), joined the bank in April 2021.

“The FCA’s findings relate to a historical period that ended three years ago and draw a line under issues that have been resolved and are firmly in the past — with our learnings at the time leading to substantial improvements in our controls,” said Anil in statement issued after the FCA fine was announced.

“I’m pleased the FCA recognises the significant investments we have made, as well as our ongoing commitment to managing these risks today, as we go from strength to strength as a business approaching 13 million customers. Financial crime is an issue that affects the entire industry — and at Monzo, we have the right team, best-in-class technology and an unwavering commitment to doing all we can to stop it in its tracks,” he added.