The UK’s Financial Conduct Authority (FCA) has delivered a stark warning to regulated firms in 2025, imposing more than £124m in fines by year-end, with the majority linked to anti-money laundering (AML) and financial crime control failures.
According to Alessa, the scale and concentration of penalties underline a clear supervisory theme: ineffective systems and controls are no longer tolerated, particularly where firms fail to identify and manage evolving financial crime risks.
Among the most significant enforcement actions was a £39.3m fine against Barclays Bank plc. The FCA concluded that the bank had not properly identified, assessed or mitigated money laundering risks within a longstanding corporate banking relationship. According to the regulator, weaknesses persisted for years, exposing deeper shortcomings in risk assessment and ongoing monitoring frameworks. The case reinforces a central compliance lesson: AML risk assessments must be dynamic and continuously refreshed. Controls that are left static quickly become regulatory vulnerabilities.
Nationwide Building Society received the largest penalty of the year, totalling £44.1m, for breaches of Principle 3 relating to systems and controls. The FCA highlighted governance and oversight failings, signalling that accountability at senior levels is critical to an effective AML framework. Strong documentation alone is insufficient; regulators expect boards and senior management to demonstrate active engagement with financial crime controls. Governance gaps, the FCA made clear, can be as serious as technical system deficiencies.
Monzo Bank Limited was fined £21.1m after rapid customer growth outpaced the maturity of its compliance infrastructure. The FCA stressed that innovation and expansion do not dilute regulatory expectations. As onboarding volumes increase, customer due diligence and transaction monitoring must scale accordingly. The enforcement action serves as a reminder that growth amplifies financial crime risk, and scaling controls in parallel with business expansion is essential.
The regulator’s reach extended beyond retail banking. The London Metal Exchange was fined £9.2m for breaches linked to market conduct and control frameworks. While not a conventional AML case, it demonstrates that financial crime expectations apply broadly across financial markets. Similarly, Barclays Bank UK plc faced a separate £3.1m penalty for failures in account opening controls for client money accounts, highlighting persistent weaknesses in know your customer (KYC) processes.
Across these actions, consistent themes emerge: inadequate transaction monitoring, outdated customer risk assessments, weak governance oversight, deficiencies in regulatory reporting and overreliance on manual processes. Collectively, these shortcomings suggest the FCA is prioritising demonstrable effectiveness over well-written policies. Firms must show that alerts are appropriately investigated, suspicious activity is escalated in a timely manner and reporting obligations are met accurately.
This supervisory stance is accelerating the adoption of RegTech solutions. Integrated AML platforms such as Alessa are increasingly positioned as tools to help firms consolidate onboarding, monitoring and reporting into a single risk view. By reducing false positives, strengthening enhanced due diligence and automating regulatory reporting, such technologies aim to address the precise failings identified in recent enforcement cases.
The FCA’s message is unambiguous. AML weaknesses are expensive, reputationally damaging and, in many cases, avoidable. Firms that align governance, operational processes and scalable technology will be better equipped to withstand regulatory scrutiny. Those that fail to modernise risk management frameworks may find that enforcement penalties are not a one-off event, but part of a recurring cycle of supervisory intervention.
Copyright © 2026 FinTech Global
