Digital bank Monzo signed up 34,000 “high-risk customers” in just 22 months, the UK’s financial watchdog said on July 8, fining it £21 million.

Monzo, which was granted full banking permissions in April 2017, suffered the significant AML and KYC failings until June 2022, the FCA said. 

Critically, it was unable to confirm that all customers were UK-based, with many using PO Box addresses or landmarks like Buckingham Palace.

See also: A $1 billion fat finger helps drive Citi's $13.6bn IT spending plans

For a long period customer onboarding involved sending a video selfie and uploading ID but this was not cross-referenced against data from a credit agency to confirm address, the FCA found, among other issues. 

“Relevant data which Monzo did gather at onboarding (e.g. tax residency, ID type, IP address and adverse media) was not utilised when making decisions about customer risk…  [Monzo also accepted several] account applications linked to devices already associated with at least two other customers” – The FCA

In November 2021 Monzo hired a law firm to conduct an independent review of the “root causes and implementation issues” of its AML failings. Its key finding: Monzon had applied an “insufficiently robust governance framework to manage the implementation and operation of the VREQ.”

(The VREQ refers to a ‘voluntary requirement’ under FCA rules.)

Monzo CEO TS Anil said the problems "have been resolved and are firmly in the past" and that it has since made "substantial improvements.”

The fine follows a similar penalty for rival Starling Bank, which the FCA hit with a £29 million fine in 2024 for similar failings. That penalty exposed major communications failings between corporate leadership and IT.

The FCA acknowledged that Monzo “significantly increased its headcount in its financial crime collective and financial crime compliance team, and saw an even greater increase in its financial crime team focused on customer operations” between 2020 and 2021.

The link has been copied!