The FCA’s latest fines have sent a clear message: weaknesses in anti-money laundering (AML) frameworks can cost firms millions, no matter their size, history, or growth story.
In July 2025, Barclays Bank plc (Barclays Bank), Barclays Bank UK plc (Barclays Bank UK) and Monzo Bank Ltd (Monzo) incurred substantial fines for financial crime failings. While the circumstances differ, the underlying theme is the same: gaps in customer due diligence and risk monitoring remain one of the regulator’s top concerns.
In this article, we explore the similarities and differences between the two, and the practical lessons for firms aiming to stay on the right side of the Financial Conduct Authority (FCA).
What Happened? Overview of the Fines
On 14th July, Barclays Bank was fined £39m for onboarding Stunt & Co Ltd (owned solely by James Stunt, a personal banking customer of Barclays Bank) as low risk, failing to conduct Source of Wealth checks despite high reported transactional volumes. The firm later received payments totalling £46.8m from Fowler Oldfield, a known money-laundering front, yet Barclays Bank failed to update the firm’s low risk assessment of the customer. This breached Principle 2 of FCA Handbook.
On the same day, Barclays Bank UK was fined £3m for opening a Client Premium Account (a type of account for regulated businesses, with both authorisation and the legal requirement to hold money on behalf of their customers) for WealthTek Ltd, despite the firm lacking FCA authorisation to hold client money. This breached Principle 3 of the FCA Handbook.
On 7th July, Monzo was fined £21m by the FCA for onboarding customers using addresses such as Buckingham Palace, 10 Downing Street, foreign locations with UK postcodes and PO boxes between October 2018 and August 2020. Monzo’s fine concerned a broader onboarding failure, with inadequate customer due diligence processes during rapid growth.
Different Cases, Same Problem
At face value, the two fines are very different. The Monzo fine demonstrated systemic and widespread challenges across the framework, whilst the Barclays fines related to two specific customers. Monzo experienced issues with gathering CDD information and conducting EDD, which meant that ongoing transaction monitoring was also not effective. The firm also faced technical challenges with both systems and human error in complying with a FCA Voluntary Requirement (VREQ). Barclays, on the other hand, faced specific onboarding weaknesses in two scenarios. Whilst the systems and controls failings were emblematic of failings in procedures (not just in the two client files) and required remediation, the fines pull out weaknesses in specific checks – not across the whole framework.
Despite their differences, all three of the fines illustrate a similar issue – challenges in collecting and monitoring key customer due diligence factors to effectively assess customer risk. For Monzo, the firm failed to verify addresses during onboarding, which was a key data point to feed into the customer risk assessment to ensure customers are all UK-resident (in line with their risk appetite). Barclays Bank failed to investigate adverse media - another data point in the dynamic monitoring of customer risk. Barclays Bank UK failed to conduct the check on the FCA Register, which again is a key data point to assess the customer risk for this client type.
From our perspective, the key learning here is to ensure that each firm captures and monitors the right data points to facilitate a real and true assessment of customer risk and is compliance with regulatory requirements.
Four Key Takeaways for Firms
On the back of these failings, there are several takeaways that serve as good practice for firms to follow:
- Ensure compliance keeps pace with growth
Whether you're a fast-scaling fintech like Monzo or a legacy institution like Barclays, your compliance framework must grow with your business. Firms should conduct regular gap analyses as they scale, ensuring that systems, controls, and staffing levels are adequate and proportionate to their risk exposure.
How Thistle can help: We help firms build AML systems and controls aligned to the size and scale of their business, this includes building end-to-end customer journeys, policy and procedure development and governance framework reviews. - Ensure customer risk assessments are updated dynamically
All fines demonstrate the consequences of firms treating customer onboarding and ongoing monitoring as a box-ticking formality rather than a continuous, risk-based assessment.
How Thistle can help: We work with firms to design and implement dynamic risk scoring into their customer risk assessments and rigorous ongoing review of customers based on their risk level. - Ensure external red flags are reviewed
In the Barclays Bank case, external events - such as police raids and news reports - should have triggered immediate internal scrutiny. Instead, risk levels remained unchanged, and funds continued to flow. This shows that external red flags were not being investigated at all.
How Thistle can help: We assist firms with the design and implementation of ongoing due diligence frameworks which include regular monitoring of regulatory and news alerts for signs of red flags in customer relationships. - Embed compliance in the firm’s culture
All the fines illustrated that documented controls alone are not enough, creating an effective compliance culture encompassing adequate training is key.
How Thistle can help: We support firms with the delivery of training programs, helping them embed a strong compliance culture. AML frameworks must be understood beyond just compliance teams. Across the three lines of defence, all staff should be trained to challenge inconsistencies and escalate red flags.
If you would like to discuss strengthening your AML framework or preparing for FCA scrutiny, please get in touch with our team.
Meet the Expert
Randal Lindsell, Consultant 
Randal joined Thistle Initiatives' Financial Crime Team as a Consultant. With a varied background in financial crime, he previously worked as a paralegal at both the SFO and the FCA, where he was involved in investigating complex, high-value fraud cases. In addition to his work in financial crime, Randal is the Managing Director of a tutoring agency that he founded in 2023.