In July 2025, the Financial Conduct Authority (FCA) fined Monzo Bank £21m for serious anti-money laundering (AML) control failings, marking one of the most consequential enforcement actions against a UK digital bank to date.
According to Flagright, the penalty, detailed in a Final Notice, related to weaknesses in customer due diligence (CDD), risk assessment and transaction monitoring between October 2018 and August 2020.
It also addressed Monzo’s breach of an FCA restriction that prohibited the onboarding of high-risk customers between August 2020 and June 2022. Despite that ban, more than 34,000 high-risk accounts were opened. FCA enforcement director Therese Chambers said Monzo “fell far short of what we, and society, expect” of a bank acting as a gatekeeper against financial crime.
The regulator concluded that Monzo’s rapid expansion significantly outpaced its compliance capabilities. During the relevant period, most new customers were automatically categorised as presenting “no identified risk”, and onboarding processes were simplified in ways that undermined effective checks. In some instances, implausible addresses – including well-known landmarks – were accepted without adequate verification. Basic information regarding account purpose and source of funds was not consistently obtained. For business accounts, beneficial ownership checks were incomplete. These weaknesses meant the bank was unable to properly assess customer risk or conduct effective ongoing monitoring. Although Monzo later undertook remediation work, the FCA made clear that historical failings do not diminish current regulatory expectations.
The £21m fine, reduced from £30m following settlement, sends a forward-looking signal. The FCA increased the penalty to reflect the seriousness of breaching supervisory restrictions, reinforcing that voluntary requirements and growth caps must be treated as binding obligations. The case establishes a broader precedent: fintech innovation and rapid scaling do not justify weak controls. Regulators expect “adequate systems and controls” from day one, regardless of whether a firm is a challenger bank or an incumbent.
In practical terms, “scalable AML” requires compliance frameworks capable of handling exponential growth without losing effectiveness. That includes real-time onboarding gates that automatically flag sanctions or politically exposed person (PEP) hits before activation; dynamic risk scoring that continuously updates customer profiles based on behavioural changes; and rules-based transaction monitoring engines that evolve alongside transaction volumes. Effective scalability also demands unified workflows, integrating fraud and AML alerts into a single case management environment, as well as continuous testing and assurance to validate control performance. Compliance cannot be a one-off project; it must function as a living, adaptable system.
Monzo’s case reflects a wider enforcement trend. In October 2024, the FCA fined Starling Bank £29m for similarly weak financial crime controls, including breaches of restrictions on high-risk account onboarding. In April 2025, Revolut was fined €3.5m by the Bank of Lithuania for AML monitoring shortcomings. Dutch regulator De Nederlandsche Bank penalised Bunq €2.6m for persistent compliance failures, while the Central Bank of Ireland imposed a €21.5m fine on Coinbase’s European arm for transaction monitoring deficiencies. Across jurisdictions, the message is consistent: scalable AML controls are now table stakes for FinTechs.
For fast-growing payment service providers and digital banks, the lesson is clear. Risk-based onboarding segmentation, automated enhanced due diligence triggers, four-eyes approval processes for high-risk cases, early deployment of transaction monitoring systems and integrated fraud-AML case management are no longer optional enhancements. They are foundational requirements. Regulators expect firms to design compliance frameworks for the scale they anticipate, not the scale they currently operate at.
The Monzo fine therefore represents more than a historical sanction. It is a strategic signal to the FinTech sector that growth and governance must move in lockstep. In 2026 and beyond, scalable AML infrastructure will not be viewed as a competitive disadvantage – but as the minimum standard for participation in regulated financial services.
Copyright © 2026 FinTech Global
