The Financial Conduct Authority (FCA) has put anti-money laundering (AML) failures firmly in its sights as part of its five-year strategy plan for 2025–2030. The regulator has made clear that financial crime poses one of the biggest threats to the UK financial system, pledging to ramp up enforcement against firms with weak controls and to demand higher standards around onboarding, monitoring, and reporting.
According to ACA Group, a series of fines in recent months have shown that even established institutions are not immune to serious compliance lapses. The financial consequences of these failures have been steep, with penalties stretching into the hundreds of millions of pounds.
While banks dominate much of the enforcement news, the FCA has also stressed that asset managers cannot consider themselves outside the scope of scrutiny. Many rely heavily on third-party administrators to carry out screening, refreshes, and risk assessments. However, the FCA requires regulated firms themselves to retain full accountability, including record-keeping around investor categorisation and AML oversight.
Responsibility often sits with the money laundering reporting officer (MLRO), or SMF17, which is frequently combined with the role of chief compliance officer. Given the pressures on compliance leaders, the FCA expects firms to adopt structured, proactive approaches rather than reactive measures when issues arise.
Recent enforcement cases underline these expectations. One major UK bank was fined £42m for two separate breaches: opening a client account for an unauthorised firm without conducting checks and failing to act on red flags around suspicious activity linked to a known laundering operation. Regulators said the institution ignored warnings until another bank faced prosecution, reinforcing the lesson that timely due diligence and swift responses to alerts are essential.
A digital bank was fined £21m for onboarding and monitoring breaches after repeatedly taking on high-risk customers while under review. The FCA said the bank had failed to embed AML controls properly into its systems, showing the dangers of manual workarounds and poor communication across internal teams.
A further £16.7m penalty was issued against a retail bank that failed to monitor over 60m transactions due to a data error that went undetected for four years, despite internal concerns. The case highlighted the need for robust testing and calibration of monitoring systems.
In another case, a challenger bank was fined £29m for weaknesses in sanctions screening and onboarding controls. Regulators said it had opened more than 50,000 high-risk accounts despite prior commitments not to, and its sanctions screening tool was found to be checking only a fraction of the required data.
The largest fine so far—£107.7m—was handed to a UK retail bank that repeatedly failed to verify customer activities, monitor accounts, or close suspicious relationships, even after internal recommendations. Regulators said more than £298m flowed through a single account before corrective action was taken, underscoring the importance of risk-based AML frameworks supported by strong governance and escalation.
The UK watchdog is not alone in tightening its stance. International regulators have also stepped up enforcement. In July 2025, France’s AMF imposed €1.89m in penalties for disclosure breaches. In June, the US Treasury’s FinCEN barred banks from engaging with three foreign institutions linked to illicit opioid trafficking. Switzerland’s FINMA has called for stronger due diligence in high-risk markets, and Singapore’s MAS has responded with new AML/CFT requirements for exchanges and operators.
The wave of global actions reflects a coordinated effort to clamp down on financial crime. Firms operating across multiple jurisdictions must therefore be prepared for more stringent oversight.
For financial institutions, the message is clear: AML frameworks must be embedded into systems, continuously tested, and updated to reflect evolving risks. Beyond avoiding fines, strong controls are central to protecting reputations, meeting client expectations, and building long-term resilience.
For more, find on RegTech Analyst.
Copyright © 2025 FinTech Global
