The FCA’s recent publication of a Final Notice in respect of Monzo Bank Limited (the Firm) provides a number of key takeaways for regulated firms in relation to FCA supervisory powers and expectations with respect to financial crime frameworks.  A summary of these is set out below but for more detail on the Final Notice please see our Notice in a Nutshell.

  1. Consequences of breaching a Voluntary Requirement (VREQ): When considering the fine to impose on the Firm, the FCA increased the figure by £10,000,000 to achieve credible deterrence in relation to repeated breaches of a VREQ which was imposed on the Firm from 5 August 2020 to 26 February 2025.  This underscores the importance of VREQs as a supervisory tool and sends a message to firms that adherence is imperative given the serious consequences of non-compliance, particularly given other recent cases involving VREQ breaches.
  2. Financial crime systems and controls keeping pace with growth: The FCA highlighted the rapid growth that the Firm has had since obtaining full banking permissions in April 2017, with its customer base growing to 12 million by April 2025, and criticised the Firm for not ensuring that key elements of its financial crime measures were equipped to keep up with its expansion, particularly in relation to customer risk assessment and the collection of customer information. The Final Notice serves as a reminder that the FCA expects firms to ensure their financial crime frameworks evolve with the scale of the risks they are facing and that the costs of non-compliance can significantly impact benefits gained through growth.
  3. Multiple weaknesses in financial crime systems and controls: The FCA highlighted a number of weaknesses in the Firm’s financial crime systems and controls, including in its customer onboarding, customer risk assessment, enhanced due diligence, treatment of PEPs and transaction monitoring systems. This emphasises the need for firms to ensure that their financial crime frameworks are robust from all angles and that they would not be open to similar criticism. Areas of focus include the collection and verification of customer data as part of the onboarding process and ensuring that high-risk customers are appropriately identified in line with the firm’s risk appetite and subjected to relevant enhanced customer due diligence.

If you would like any more information on the issues raised in this blog please do not hesitate to contact any of the authors. For further knowledge resources in this area, please see our dedicated Financial services interventions and investigations hub.