The Financial Conduct Authority (FCA) has placed anti-money laundering (AML) failures under sharp scrutiny in its five-year strategy for 2025–2030, signalling that financial crime remains a key regulatory priority. The watchdog is increasing enforcement while demanding more from firms on onboarding, monitoring, and reporting.
According to ACA Group, recent penalties show that even some of the most established financial institutions are falling short, with fines reaching hundreds of millions. While banks dominate headlines, asset managers also face significant risks.
Many rely on third-party administrators for tasks such as screening and risk assessments without checking whether those processes are sufficient. The FCA has stressed that regulated firms remain accountable for their own compliance obligations, including investor categorisation and AML oversight.
The role of the Money Laundering Reporting Officer (SMF17) often sits with the chief compliance officer, but competing responsibilities can dilute focus on financial crime. Regulators are urging firms to take a more structured approach, embedding proactive and regularly tested controls across their organisations.
One major UK bank was fined £42m after opening a client account for an unauthorised investment firm without conducting proper checks. It also failed to monitor suspicious activity tied to a known laundering scheme, despite receiving law enforcement alerts. The regulator emphasised that basic due diligence and swift responses to red flags are non-negotiable.
A digital bank was hit with a £21m fine after onboarding high-risk customers in breach of restrictions. Failures in monitoring and risk assessment compounded the issues. The FCA said AML frameworks must form part of core infrastructure rather than afterthoughts. Restrictions set by regulators should be embedded in systems, not treated as manual workarounds.
Another retail bank faced a £16.7m penalty after failing to monitor more than 60m transactions due to a long-running system error. The problem lasted for over four years, highlighting the risks of untested or poorly calibrated monitoring tools. Regulators expect firms to review, test, and adjust their monitoring systems continuously.
A UK challenger bank was also fined £29m for weaknesses in sanctions screening and AML systems. Despite promising not to onboard high-risk customers, it opened over 50,000 such accounts. The regulator discovered that its screening software had only checked a fraction of the required sanctions list. The case highlighted the need for systems that scale with growth and undergo regular, rigorous testing.
The largest penalty in recent months saw a retail bank fined £107.7m after repeated AML breaches. The FCA found the bank failed to verify customer business activities, ignored red flags, and delayed closing suspicious accounts. In one case, more than £298m flowed through an account before action was taken. Regulators warned that risk-based AML frameworks must be applied consistently and backed by strong governance.
The UK is not alone in ramping up enforcement. Regulators in France, the US, Switzerland, and Singapore have all taken action in 2025, signalling a coordinated global crackdown. These efforts reflect heightened expectations and a demand for financial institutions worldwide to demonstrate effective, risk-based financial crime defences.
For firms, the message is clear: enforcement will continue to escalate, and compliance must go beyond box-ticking. Strong AML frameworks, tested systems, and clear governance are essential not only to avoid fines but also to safeguard reputation. Many organisations are turning to external specialists to review policies, deliver training, and implement monitoring tools that can keep pace with evolving risks.
Copyright © 2025 RegTech Analyst
Copyright © 2018 RegTech Analyst
