The Financial Conduct Authority (FCA) fined Starling Bank Ltd £28.9m for significant failures in financial crime controls and inadequate anti-money laundering procedures.
Background:
According to the report, from the opening of its first account in July 2016, Starling Bank enjoyed exponential growth. The Bank grew from around 43,000 customers in 2017 to around 3.6 million in 2023 while its revenues increased to £452.8m. However, its anti-money laundering (AML) and financial crime controls were not adapted to follow such a rate of expansion.
In 2021, the FCA identified serious concerns and imposed a breach of a voluntary requirement, known as VREQ, which required the Bank not to open new accounts for any high-risk customers until improvements were made. The Bank however failed to comply, as exemplified by over 54,350 accounts being opened for 49,000 high-risk customers between September 2021 and November 2023.
An internal review revealed systemic issues with the financial sanctions framework resulting in Starling reporting multiple potential breaches to the authorities.
On 31 March 2023, the Authority wrote to Starling again in relation to its AML and financial sanctions control framework and its failed implementation of the VREQ. The Authority however duly recognised the significant investment made by Starling in its AML systems and controls and operational capacity to address the findings of the FCA’s review in March of 2021. Starling engaged a consultancy firm to conduct an independent review of the implementation of the VREQ.
Decision:
The VREQ was imposed under Section 55L(5)(a) of the Financial Services and Markets Act 2000 (FSMA 2000). Under Section 204A of the Act, they are therefore ‘relevant requirements’ in respect of a contravention of which the Authority is entitled to take action.
Moreover, the Bank’s actions contravene Principle 3 of the FCA’s Principles for Businesses which requires that a firm must take reasonable care to organise and control its affairs responsibly and effectively, together with adequate risk management systems.
Sanctions are imposed according to Chapter 6 of the Decision Procedure and Penalties (DEPP) manual. DEPP 6.5A sets out the details of the five-step framework that applies in respect of financial penalties imposed on firms. The first step is called the disgorgement, while the second outlines the seriousness of the breach and various levels of deviation from 1 to 5 (0% to 20%). The third step covers any aggravating or mitigating factors. The fourth is any adjustment for deterrence and the final set is the settlement discount. The original fine (of £40,959,426) was reduced by 30% due to the cooperation of the Bank and its agreement to resolve the matters. The breach of the VREQ thus influenced the size of the fine imposed.
Implications:
This is the first time the FCA fined a well-known bank such a large amount. This decision sends a warning to companies that compliance is essential to avoid heavy fines, especially for fast-growing companies. It is also the FCA’s largest fine in 2024 and one which demonstrates a growth in the regulation and scrutiny of neobanks.
This decision also highlights that not complying with a VREQ will influence the size of the fine and that cooperating with authorities is beneficial and helps to reduce the original fine. The key conclusion from this case is that, when a company agrees with the FCA to take steps to remedy identified problems and the company does not follow through, the consequences will be harsher. The swift completion of the investigation also demonstrates that the FCA would not leave the case to fester but would rather keep monitoring to ensure compliance with the promises.
The moral of the story is that companies must take financial sanctions screening seriously.