British neobank, Monzo, has become the latest big name in the financial world to come under fire from the Financial Conduct Authority (FCA) for failing to implement adequate controls to stop financial crime between 2018 and 2022. Now facing a £21million fine in 2025, we see if Monzo has learnt from its mistakes, as well as how other firms can avoid a similar fate.
According to the UK’s financial regulator, the FCA, there were two periods of time in which Monzo’s financial crime controls were not up to standard. Between October 2018 and August 2020, Monzo was found guilty of breaching Principle 3 of the FCA’s Principles of Business: a firm must take reasonable steps to ensure that it has organised its affairs responsibly and effectively, with adequate risk management systems.
In the FCA’s Final Notice to Monzo, the regulator stated the bank “failed to take reasonable care to organise and control its systems and controls for managing the risk of financial crime (in particular in connection with customer onboarding) responsibly and effectively”. For failings in this time period, the bank was fined £19.3million.
In August 2020, in addition to the FCA requiring Monzo to review the state of its financial crime risk management, the digital bank also applied for voluntary requirements (VREQ) to be placed on it to, as said in the final notice, “prevent it from accepting or processing new or additional account applications for high-risk customers”.
However, a follow up of failings were found by the FCA between August 2020 and June 2022. The regulator revealed that Monzo repeatedly breached the VREQ, preventing it from opening accounts for around 34,000 high-risk customers. Consequently, the bank has also been fined £10.8million for failings in this time.
A new and improved Monzo
In 2018, Monzo’s customer base was only 600,000. Since then, the company has skyrocketed, hitting 5.8 million customers in 2022 and over 12 million in 2025. During this period of growth, it has ensured that it has dealt with its early onboarding and risk management problems. In fact, the fine initially would have been over £30million, but Monzo agreed to resolve the problems and therefore qualified for a 30 per cent discount.
Evidence of cooperation to solve the issue can be seen in the FCA’s final notice, as it notes that the digital bank made a “significant investment in its recruitment and resourcing of key financial crime
roles” between August 2020 and April 2021.
Additionally, in February 2021, Monzo took part in a financial crime change programme to remediate and enhance its wider financial crime control framework in line with recommendations made in the independent review.
Looking to the future at how Monzo can grow from its mistakes, TS Anil, group CEO of Monzo, said: “The FCA’s findings relate to a historical period that ended three years ago and draw a line under issues that have been resolved and are firmly in the past – with our learnings at the time leading to substantial improvements in our controls.
“I’m pleased the FCA recognises the significant investments we have made, as well as our ongoing commitment to managing these risks today, as we go from strength to strength as a business approaching 13 million customers. Financial crime is an issue that affects the entire industry – and at Monzo, we have the right team, best-in-class technology and an unwavering commitment to doing all we can to stop it in its tracks.”
Leading by example
Monzo isn’t the first and certainly won’t be the last organisation to suffer the consequences of poor risk management. Nine other organisations have been fined by the FCA for financial crime in the last four years, with 83 open investigations focused on financial crime in 2024 alone.
The digital bank is now at a very strong point in its journey, says Sara Henna, learning and content manager at VinciWorks, the compliance tools and training platform. However, it has also been at rock bottom, accepting Buckingham Palace and Downing Street as valid consumer addresses. Nonetheless, Monzo has an opportunity to show other firms how to ensure anti-money laundering (AML) can be done correctly now.
She says: “Monzo’s £21million fine is a clear reminder that slick UX means nothing without solid onboarding controls. Consumers trust digital banks to grow without cutting corners; this case damages that trust. When a bank misses glaring red flags like customers listing addresses as ‘Buckingham Palace’ or ‘10 Downing Street’, it raises serious questions about how risks were assessed and who was (or wasn’t) paying attention.
“This should be a wake-up call for the sector. Every fintech needs to scrutinise their CDD processes, especially in light of the FCA’s new PEP guidance, which lowers the default risk threshold for UK PEPs. The burden is now on firms to demonstrate good judgment. That means involving humans, not just algorithms, in risk decisions.
“That said, the issues at Monzo relate to a historical window, and both the FCA and Monzo say those gaps have been addressed. If Monzo has truly rebuilt its compliance infrastructure, there’s every reason to believe it can lead the sector in doing AML the right way. But with lowered regulatory thresholds and rising expectations, other firms can’t afford to assume this won’t happen to them.”
Efficiency can’t come at the cost of compliance
For Alessandro Hatami, managing partner, Pacemakers.io, the management consultants supporting the digital transformation of banks and financial services organisations, efficiency in a digital financial services provider is important – it’s what sets them apart from incumbents, but it cannot come at the cost of ensuring compliance.
Exploring this further, he states: “The FCA’s fine is a stark reminder that rapid growth can’t come at the expense of effective controls. Monzo’s onboarding failings during this period exposed the bank – and its customers – to significant risk. Trust is the bedrock of any financial institution, and breaches of this nature inevitably undermine consumer confidence.
“However, this is not the Monzo of 2020. The bank has matured, invested heavily in compliance, and both Monzo and the FCA confirm that the issues have been addressed. It’s right that past failings are penalised – but it’s equally important to acknowledge change.
“For other banks, particularly fast-growing fintechs, this should be a wake-up call. Automating onboarding and risk checks can drive efficiency, but only if those systems are rigorously tested and properly governed. Growth must be matched by operational resilience.
“If Monzo can now pair its customer-first mindset with robust compliance, it remains one of the UK’s strongest digital banking brands. The opportunity is still huge – for Monzo and the sector as a whole – but only if trust is maintained and strengthened.”
Bad press can harm hard-earned trust
Echoing similar views on the importance of trust, Amy Knight, business commentator at NerdWallet UK, the financial advice platform, also comments: “While this specific failure is in the past, and all challenger banks should not be tarred with the same brush, Monzo’s fine will force its rivals to take note of the need to prioritise crime prevention.
“Digital-first banks rely on superior technology and user experience to win customers from traditional high street providers. NerdWallet UK’s latest business survey revealed that a quarter (25 per cent) of UK business leaders think traditional banks have poor mobile or online banking features, and 27 per cent feel traditional banks have been too slow to adopt digital tools.
“Tech outages have hit big banks hard in recent years, which has worked in the challengers’ favour. Trust in digital banks has grown rapidly in the last 12 months, with NerdWallet’s data showing a 23 per cent increase in the proportion of business leaders who think challenger banks are just as reputable as traditional banks. However, another FCA investigation into a challenger bank could wipe out some of the ground they’ve gained, so all digital-first players need to ensure they’re not sacrificing due diligence in pursuit of growth.
“Assuming Monzo continues strengthening its compliance infrastructure, particularly when it comes to identifying high-risk customers, its reputation can stay on course. The brand could even benefit from transparency about what they’ve fixed. But to continue growing market share, the challengers may need to do more to demonstrate that security is just as core to their brand as innovation.”
Silver lining
Though a negative headline like “Monzo fined £21million for financial crime failures” is not a good one, Lee Travers, CEO at Fintech Investments, does note that the article brings to light how Monzo has dealt with the problem and is no longer facing it. Consequently, this could drive consumers to trust the bank, providing bad press doesn’t become a regular occurance.
“The Monzo penalty is being framed as a cautionary tale, but there’s another way to read it: a visible price tag on compliance debt, the invisible liability that accumulates when a start-up scales faster than its control stack. By writing that debt down at £21million, Monzo has effectively settled the past and bought an unplanned, yet valuable, asset: a live, regulator-endorsed stress-test of its new onboarding engine.
“In a sector where rivals Starling, Metro and even Revolut have collected recent AML reprimands of their own, that ‘stamp’ could evolve into a differentiator rather than a scarlet letter.
“For consumers, the episode is a reminder that a neon debit card does not equal radical reinvention of banking’s unglamorous plumbing; trust will hinge on whether the next two years are scandal-free, not on yesterday’s news. Yet the fine may ultimately strengthen user confidence precisely because it quantifies the risk and signals oversight is working, something incumbent high-street brands rarely manage to communicate.
“Competitors, meanwhile, should worry less about being fined and more about being priced out: every enforcement action nudges the regulator’s “good-enough” bar higher, inflating future compliance costs and favouring players that have already absorbed a public flogging and rebuilt. In that sense, the FCA has inadvertently raised the moat around the very fintech it chastised.
“The question is no longer whether Monzo can purge legacy flaws, it’s whether newer entrants can afford to match the upgraded standard without first suffering a headline of their own.”
