"Move fast and break things" was the motto that helped start ups from Facebook to Google go from the pet projects of university students to global behemoths. But many challenger banks have gotten into trouble for following the same strategy.
In July of 2021, Monzo revealed that it was under investigation by the Financial Conduct Authority over possible breaches of anti-money laundering regulations. Similarly, Revolut was questioned by financial regulators in 2019 after it emerged that the company had "“erroneous[ly] switched off an automated system for flagging potential money laundering for several months the previous year." The concerns with challenger banks and compliance with financial crime controls forced the FCA to take a closer look at their operations.
According to a recent review by the FCA, there was a rise in the number of Suspicious Activity Reports reported by challenger banks in 2021. The FCA was also worried about the "quality" of the SARs that challenger banks submitted. According to the FCA, this has raised concerns regarding whether these banks are performing the necessary client due diligence when accepting new customers. For example, challenger banks often failed to obtain information about client income and occupation. This means that the bank cannot properly and completely assess the risk associated with each new client, and leaves them open to unknowingly onboarding clients with illegitimate sources of income.
In addition, they found that some challenger banks were not using adequate enhanced due diligence procedures, especially when dealing with potentially high-risk clients such as politically exposed persons. More generally, many challenger banks did not have sufficiently developed customer risk assessment frameworks to properly assess the risk levels of new clients. In fact, some challenger banks reviewed by the FCA did not even have a customer risk assessment framework in place at all.
The FCA also concluded that some of the challenger banks scrutinised for their review did not have appropriate methods or systems for reviewing transaction management alerts. One example given by the FCA is that alerts were often discounted without a proper justification. Challenger banks on several occasions did not have policies and procedures in place to adequately review transaction monitoring alerts when their internal controls alerted them to a potentially high-risk transaction.
Recently the FCA has handed out eye watering fines to traditional banks such as Standard Chartered (£46.5 million) and HSBC (£64 million) for regulatory violations. In addition, for the first time, a financial institution (Natwest) has faced criminal prosecution by the FCA for AML violations, with a judge handing down a financial penalty of £265 million. In total, the FCA has levied £567,765,219.95 in fines in 2021. With the increase in the value of the penalties being imposed for breaches of regulatory compliance, this is not an area where challenger banks can afford to be caught out on.