The UK financial regulator has fined digital bank Monzo for inadequate anti-financial crime systems that allowed customers to open bank accounts using Buckingham Palace and 10 Downing Street as addresses.
Shutterstock/Emre Akkoyun
The Financial Conduct Authority (FCA) announced the £21.09 million penalty today, citing Monzo’s poor controls between 2018 and 2020. These included failing to design, implement and maintain adequate customer onboarding, customer risk assessment and transaction monitoring systems to mitigate the risk of financial crime.
Monzo’s customer base has expanded steadily since it began offering banking services in 2017. While it increased almost tenfold from around 600,000 in 2018 to over 5.8 million in 2022, the FCA said its financial crime controls “failed to keep pace with its customer and product growth”.
The digital bank’s systems did not flag or record specific transactions which triggered transaction monitoring alerts, and Monzo’s transaction reviewers were expected to identify the alerting transactions themselves and “had no starting point or context to assist their reviews”. The bank also allowed them to leave alerts as “undecided”, which in 2019 accounted for 45% of all transaction monitoring alerts.
The FCA began an independent review of the firm's financial crime framework in August 2020. Alongside the review it blocked Monzo from opening new accounts for high-risk customers.
But the FCA said Monzo nonetheless opened more than 34,000 high-risk accounts between August 2020 and June 2022, including for customers who had previously had their accounts shut down over financial crime concerns.
Monzo onboarded customers with limited and implausible information such as using well-known London landmarks like Buckingham Palace and 10 Downing Street as their addresses, which went against its risk appetite and business proposition being predicated on customers having a legitimate UK address, the FCA said.
“This illustrates how lacking Monzo’s financial crime controls were. This was compounded by its inability to properly comply with the requirement not to onboard high-risk customers,” FCA joint enforcement chief Therese Chambers said. .
Monzo’s decision not to verify or monitor customer addresses also gave rise to other issues, such as customers using UK addresses when applying for accounts and then subsequently re-ordering cards to be delivered outside the UK.
These control weaknesses, and Monzo’s resulting exposure to financial crime, were compounded by the fact that Monzo itself had “promoted the lack of address verification on its website and online media channels”, the FCA’s order said.
Chambers stressed that banks must have systems in place to prevent the flow of ill-gotten gains into the financial system, saying that Monzo “fell far short of what we, and society, expect”.
Lexology PRO understands the FCA also opened investigations into possible criminal breaches of the Money Laundering Regulations 2017 but terminated these in 2023.
Monzo agreed to resolve the matter with the FCA, reducing its penalty by 30%. It must pay this in full by 21 July.
Monzo chief executive TS Anil said the FCA’s findings “draw a line under issues that have been resolved and are firmly in the past - with our learnings at the time leading to substantial improvements in our controls”.