In a landmark ruling, the UK’s Financial Conduct Authority (FCA) has imposed a hefty fine of £29 million on Starling Bank, a leading digital bank, for its inadequate controls against financial crime. This unprecedented penalty highlights the increasing scrutiny that neobanks face as they grow rapidly in a competitive financial landscape, raising serious questions about their compliance capabilities.
Why Starling Bank Was Fined
The FCA’s investigation revealed that Starling Bank’s efforts to identify potential money laundering and breaches of financial sanctions were alarmingly insufficient. Over the past six years, Starling Bank grew from approximately 43,000 customers in 2017 to 3.6 million in 2023. However, as the bank expanded its customer base, its controls to combat financial crime did not keep pace, leading to significant vulnerabilities in its operations.
Therese Chambers, the FCA’s joint executive director of enforcement and market oversight, was particularly critical of Starling Bank’s financial sanction screening controls, stating they were “shockingly lax.” This negligence left the financial system vulnerable to exploitation by criminals and individuals subject to sanctions.
Starling Bank had entered into a voluntary agreement with regulators to refrain from opening new accounts for high-risk customers until improvements in its financial crime controls were implemented. Despite this commitment, the bank opened 54,000 accounts for 49,000 high-risk customers between September 2021 and November 2023, further aggravating the situation.
Systemic Issues with Automated Screening
The investigation revealed troubling flaws in Starling Bank’s automated screening systems. In January 2023, the bank realized that for six years, its system had screened customers against only a fraction of the complete list of individuals subject to financial sanctions. This revelation prompted an internal review, which identified systemic issues within the bank’s financial sanctions framework. Consequently, Starling Bank reported multiple potential breaches of financial sanctions to the appropriate authorities.
The FCA’s Broader Regulatory Landscape
The fine against Starling Bank is particularly noteworthy as it marks the first time a digital bank has been penalized to this extent. The FCA has increasingly focused on the financial crime controls of neobanks, highlighting growing concerns about their ability to conduct adequate due diligence when onboarding new customers.
Meta Faces €91 Million Fine from Ireland Over GDPR Violation
In recent years, the regulator has issued substantial fines to traditional banks for similar failings. Notable examples include a £108 million penalty for Santander UK in 2022 and a £265 million fine for NatWest in 2021. The FCA’s actions indicate a clear intention to hold all financial institutions, regardless of their operational model, accountable for lapses in compliance.
Implications for Digital Banks and Fintechs
As the landscape of digital banking evolves, regulatory experts suggest that the Starling Bank case could signal a broader crackdown on fintechs. Startups in this sector often struggle to scale their financial crime controls in tandem with their rapid user acquisition. The increase in financial sanctions imposed after Russia’s invasion of Ukraine has further complicated due diligence efforts for banks.
Kathryn Westmore, a senior research fellow at the Royal United Services Institute think tank, emphasized that the FCA was “very critical” of Starling Bank’s senior management, noting a lack of experience and capability to implement their compliance agreement. This criticism serves as a cautionary tale for other digital banks and payment firms about the necessity of establishing robust compliance measures as they scale.
Acknowledging Past Mistakes
In light of the ruling, Starling Bank’s chair, David Sproul, publicly acknowledged the bank’s failings and assured stakeholders that it has invested heavily in rectifying these issues. The bank has strengthened its board governance and compliance capabilities to prevent such incidents from recurring.
While the bank claims that these issues are “historic,” the fine serves as a significant reminder of the consequences of inadequate compliance practices. Sproul’s reassurance reflects a commitment to learning from the investigation and addressing systemic weaknesses.
The £29 million fine against Starling Bank is not just a penalty; it is a clarion call for all digital banks to take financial crime compliance seriously. As the fintech sector continues to grow, the emphasis on effective anti-money laundering measures and robust compliance frameworks will only intensify. This case serves as a vital lesson for the entire industry: ensuring that financial crime controls evolve in step with growth is not just regulatory box-ticking; it is essential for maintaining trust in the banking system and protecting it from criminal exploitation.
