In July 2025, the Financial Conduct Authority (FCA) fined Monzo Bank approximately £21m for serious anti-money laundering (AML) control failings. The penalty, detailed in an FCA Final Notice, related to weaknesses in customer due diligence (CDD), risk assessment and transaction monitoring between October 2018 and August 2020.
It also addressed Monzo’s breach of an FCA restriction prohibiting the onboarding of high-risk customers between August 2020 and June 2022, according to Flagright.
During that period, Monzo opened more than 34,000 high-risk accounts in defiance of the order. FCA enforcement director Therese Chambers said Monzo “fell far short of what we, and society, expect” of a bank acting as a gatekeeper against financial crime.
The regulator found that Monzo’s rapid customer growth significantly outpaced its compliance infrastructure. Large volumes of new customers were defaulted to “no identified risk”, and onboarding was streamlined without adequate safeguards. Accounts were opened using implausible addresses, including well-known landmarks, without sufficient verification.
In many cases, Monzo failed to gather basic information on customers’ source of funds or account purpose. For business customers, beneficial ownership checks were inconsistently applied. These failings meant Monzo could neither assess financial crime risk effectively nor monitor suspicious activity appropriately. Although the bank later implemented a remediation programme, the original £30m fine was only reduced to £21m following a settlement discount, underscoring the seriousness of the breaches.
The FCA’s message is unmistakably forward-looking. While Monzo characterised the issues as historical, the regulator made clear that scalable compliance is expected from day one. Innovation and growth offer no mitigation where systems and controls are inadequate. The Final Notice reinforced that financial crime frameworks must evolve in line with expansion. Challenger banks and FinTech firms are held to the same standards as incumbents, regardless of size or business model.
This enforcement trend extends beyond Monzo. In October 2024, the FCA fined Starling Bank £29m for AML failures, including onboarding high-risk customers in breach of regulatory restrictions. In April 2025, Revolut was fined €3.5m by the Bank of Lithuania for deficiencies in transaction monitoring. Dutch neobank Bunq received a €2.6m penalty from De Nederlandsche Bank for persistent AML lapses, while Coinbase was fined €21.5m by the Central Bank of Ireland for failures in monitoring crypto transactions. Across jurisdictions, regulators are converging on a consistent theme: scalable AML controls are non-negotiable.
In practice, “scalable AML” means designing compliance infrastructure capable of handling exponential growth without degrading effectiveness. Real-time onboarding gates must validate identity data and screen sanctions or PEP risks before account activation.
Dynamic risk scoring should continuously update customer risk profiles as behaviours change. Automated, rules-based transaction monitoring engines must detect suspicious patterns in real time, supported by sufficient investigative capacity to prevent alert backlogs. Integrated fraud and AML workflows enable a unified view of financial crime risk, while continuous assurance mechanisms – including periodic audits, re-KYC cycles and back-testing of monitoring rules – ensure systems remain effective.
For fast-growing FinTechs and payment service providers, practical steps include segmented, risk-based onboarding flows; automated triggers for enhanced due diligence; four-eyes approval for high-risk decisions; early deployment of transaction monitoring; and unified case management processes. The lesson from Monzo is clear: compliance should be built for the company you expect to become, not the company you are today.
Technology providers increasingly offer unified financial crime platforms that integrate CDD, sanctions screening, monitoring and case management into a single framework. Such solutions can help fintechs embed enterprise-grade controls early, reducing fragmentation and enabling scalable growth. Ultimately, the regulatory direction of travel is clear. In 2026 and beyond, scalable AML is not a competitive disadvantage – it is the baseline for participation in regulated financial services.
Copyright © 2026 RegTech Analyst
Copyright © 2018 RegTech Analyst
