Accountability in action — FCA’s enforcement against Monzo & Barclays explained

In July 2025, the Financial Conduct Authority (FCA) issued significant enforcement actions against Monzo Bank Limited, Barclays Bank UK PLC and Barclays Bank PLC, highlighting systemic weaknesses in financial crime controls across both traditional and digital banking models. 

These enforcement actions align with the FCA’s 2024 supervisory strategy, which identified financial crime as one of its priorities for retail banks.

Here, Dan Stowers and Sarah A Smith from our corporate defence & compliance team provide an overview of the actions and set out some key implications for professional services firms.

Monzo & Barclays penalties explained

Monzo Bank Limited 

On 7 July 2025 the FCA issued a financial penalty of £21,091,300 (discounted from £30,130,475) for inadequate anti-financial crime systems and controls between October 2018 and August 2020, as well as for onboarding over 34,000 high-risk customers between August 2020 and June 2022.

The FCA found that Monzo’s financial crime controls were inadequate and failed to keep pace with the bank’s rapid growth. Between October 2018 and August 2020, Monzo didn’t maintain effective systems and controls to counter the risk of being used for financial crime. 

The FCA highlighted that Monzo onboarded customers using implausible information — such as well-known London landmarks as residential addresses — and failed to apply appropriate due diligence. Furthermore, between August 2020 and June 2022 Monzo breached a specific restriction by onboarding over 34,000 high-risk customers. These failings were attributed to insufficient resourcing, poor governance and a lack of effective oversight by senior management.

Barclays Bank UK PLC 

On 14 July 2025 the FCA issued Barclays Bank UK PLC a financial penalty of £3,093,600 (discounted from £4,419,500) for failures in customer due diligence (CDD) when opening a client account for WealthTek LLP between January 2021 and April 2023. 

During that period, Barclays UK didn’t gather essential information about the purpose of the account, the types of clients whose funds would be held or the expected transaction volumes. Critically, it failed to check whether WealthTek was authorised to hold client money. 

The FCA noted that Barclays UK’s internal policies didn’t require these checks and the only verification performed was whether the customer had been assigned a BIC code. These deficiencies exposed client funds to significant risk and undermined market integrity and consumer protection.

Barclays Bank PLC

On 14 July 2025 the FCA issued Barclays Bank PLC a financial penalty of £39,303,600 (discounted from £56,148,000) for failures in financial crime controls related to its relationship with a high-risk client, Fowler Oldfield — a high-risk gold dealer later linked to a major money laundering operation — between February 2012 and March 2016. 

During that time, Barclays failed to identify and manage the financial crime risks associated with this client. Despite receiving multiple red flags — including alerts from law enforcement — Barclays didn’t escalate concerns or take appropriate action. The FCA found that the bank’s systems and controls were insufficient to detect and respond to suspicious activity and that senior management failed to ensure effective oversight. These failings allowed millions of pounds to flow through the financial system unchecked.

Key failings & themes

Regulatory commentary

Therese Chambers — the FCA’s joint executive director of enforcement and market oversight — emphasised the importance of robust financial crime controls in both cases.

Monzo

“Banks are a vital line of defence in the collective fight against financial crime. They must have the systems in place to prevent the flow of ill-gotten gains into the financial system. Monzo fell far short of what we, and society, expect.

Monzo onboarded customers on the basis of limited, and in some cases, obviously implausible information — such as customers using well known London landmarks as an address. This illustrates how lacking Monzo's financial crime controls were. This was compounded by its inability to properly comply with the requirement not to onboard high-risk customers”.

In response, Monzo CEO TS Anil said: “The FCA’s findings relate to a historical period that ended three years ago and draw a line under issues that have been resolved and are firmly in the past, with our learnings at the time leading to substantial improvements in our controls.

I’m pleased the FCA recognises the significant investments we have made, as well as our ongoing commitment to managing these risks today, as we go from strength to strength as a business approaching 13 million customers”.

Barclays

“The consequences of poor financial crime controls are very real — they allow criminals to launder the proceeds of their crimes, and they allow fraudsters to defraud consumers. Banks need to take responsibility and act promptly, particularly when obvious risks are brought to their attention.

In the first of these cases, Barclays secured a significant reduction in its fine through its extensive co-operation with our investigation and through making a voluntary payment to affected consumers at our request”.

In a statement, a spokesperson for Barclays stated: “Barclays remains deeply committed to the fight against financial crime and fraud. The FCA’s investigation relating to Stunt & Co was centred around historical money laundering activity and made no findings that the bank had breached money laundering regulations. As acknowledged by the FCA, Barclays undertook an extensive review and self-reported its findings to the FCA. Barclays fully cooperated with both investigations and has further strengthened its financial crime and other control capabilities”.

5 lessons for the financial sector

These enforcement actions offer critical lessons for financial institutions:

1. CDD is foundational

Barclays’ case shows that even a single client account can pose systemic risks if basic due diligence is neglected.

2. Scalable compliance systems

Monzo’s rapid growth outpaced its compliance infrastructure, demonstrating the need for scalable AML systems. Firms must ensure that AML systems scale in-line with business expansion. This includes investing in automated monitoring tools, staff training and governance structures that can handle increased volumes and complexity.

3. Senior management accountability

Both cases reflect governance failures, reinforcing the importance of clear accountability under the Senior Managers and Certification Regime (SM&CR). Firms must ensure that AML responsibilities are clearly allocated and that senior managers can demonstrate reasonable steps to discharge their duties.

4. Regulatory vigilance

The FCA’s actions signal heightened scrutiny and a zero-tolerance approach to financial crime failings.

5. Data & record keeping

The FCA criticised Monzo’s failure to effectively collect customer information (Para 2.4; 2.5; 2.11). This meant that Monzo was unable “effectively to assess whether transactions were consistent with activity or were suspicious” (Para 2.11). Firms must ensure that data systems are integrated, auditable and capable of supporting real-time monitoring and retrospective investigations.

Implications for professional services firms

While these cases focus on banks, the implications extend to professional services firms — including law firms, accountancy practices, estate agents and trust and company service providers — which are also subject to the Money Laundering Regulations 2017 (MLRs).

Such firms must:

1. Adopt a risk-based approach to client onboarding and transaction monitoring, especially in high-risk sectors such as crypto-assets, offshore structures and politically exposed persons (PEPs). This includes enhanced due diligence for high-risk clients and sectors as well as periodic reviews of client risk profiles.
2. Ensure cultural accountability, with compliance embedded across all levels of the firm — not just within compliance teams. The FCA’s broader regulatory agenda increasingly targets non-financial misconduct and cultural failings. Firms must foster a culture of compliance, supported by training, whistleblowing mechanisms and clear escalation procedures.
3. Prepare for increased regulatory scrutiny, particularly in light of the FCA’s expanding remit, the widening of corporate criminal liability by the Economic Crime and Corporate Transparency Act 2023 and new obligations around beneficial ownership and suspicious activity reporting. 

Talk to us

The FCA’s enforcement trajectory suggests that professional services firms will face greater expectations around governance, data integrity and proactive risk management. Firms that fail to act may face not only financial penalties but also reputational damage and regulatory intervention.

Our corporate defence and compliance lawyers are here to support you. We advocate the ethos that ‘prevention is better than cure’ and have been instructed to advise corporates on the strength of their existing compliance regimes, as well as adopting suitably risk-assessed policies to protect against prosecution.

To find out how we can help, talk to us by giving us a call on 0333 004 4488, sending us an email at hello@brabners.com or completing our contact form below.