The Financial Conduct Authority has levied a substantial £44 million penalty against Nationwide Building Society for systemic failures in its anti-money laundering (AML) controls between October 2016 and July 2021. The building society maintained inadequate systems for keeping customer due diligence and risk assessments current for all personal current account holders and possessed insufficient transaction monitoring capabilities. This regulatory action highlights the persistent risk exposure created when financial institutions fail to adapt their compliance frameworks to evolving business practices and regulatory standards. The duration and scope of the failings demonstrate a fundamental lapse in adhering to the core obligations mandated by the UK’s money laundering prevention legislation.

Inadequate AML Customer Due Diligence

The foundational requirement of any effective anti-money laundering framework is robust customer due diligence (CDD) and a comprehensive understanding of the financial crime risks a firm is exposed to. Nationwide’s failings stemmed from a persistent inability to effectively identify, assess, monitor, and manage the money laundering risks among its personal current account customers. The building society was aware that a number of its personal account customers were using these accounts for business activity, a clear breach of its terms and conditions. The lack of a business current account offering at the time meant the institution did not have the necessary processes or control systems in place to manage the elevated financial crime risks inherently associated with business transactions.

This situation created a significant, unmitigated vulnerability within the organization. Failing to capture and analyze the true nature and purpose of account use—shifting from personal transactions to commercial activity—meant that the risk profile assigned to the customer was inaccurate. The firm lacked an accurate picture of which customers presented a higher financial crime risk, which is a direct contradiction of the risk-based approach required under The Money Laundering, Terrorist Financing and Transfer of Funds (Information on the Payer) Regulations 2017 (MLR 2017) and its preceding legislation. Without precise customer risk ratings, the subsequent lines of defence, particularly transaction monitoring, were rendered ineffective. The regulator made clear that the firm’s systems and controls were not merely deficient but were “inadequate” for the scale and complexity of the business, exposing it to the risk of being used to facilitate serious financial crime.

Transaction Monitoring Systems and Missed Red Flags

The inadequacy of the transaction monitoring systems proved catastrophic in at least one serious case highlighted by the Financial Conduct Authority (FCA). Transaction monitoring, the systematic scrutiny of customer transactions to detect unusual or suspicious activity, relies on accurate customer profiling derived from initial and ongoing due diligence. The weaknesses in Nationwide’s foundational CDD processes directly undermined its ability to monitor transactions effectively. The monitoring systems either lacked the necessary calibrations to flag the business use of personal accounts or failed to trigger alerts commensurate with the high-volume, rapid-fire transactions seen in high-risk scenarios.

The case involved a customer who utilized personal current accounts to receive fraudulent payments related to the Covid furlough scheme. Over a 13-month period, the customer received 24 payments totaling approximately £27.3 million. Crucially, about £26.01 million of this was deposited over a highly concentrated period of just eight days. This sudden and enormous influx of funds, coupled with the nature of the transfers, should have generated immediate and critical red flags within any properly calibrated transaction monitoring system. The sheer velocity and value of the deposits, being completely inconsistent with a normal personal current account profile, represented a classic money laundering typology of structuring or smurfing and layering. Nationwide missed multiple opportunities to identify this suspicious activity, allowing the funds to be laundered through its accounts and ultimately causing approximately £800,000 in criminal proceeds to remain unrecovered by His Majesty’s Revenue & Customs (HMRC). This failure underscores the requirement for firms to conduct ongoing monitoring to ensure transactions are consistent with the firm’s knowledge of the customer, their business, and their risk profile, a key provision of the MLR 2017.

Compliance Oversight and Remediation Delays

The protracted nature of the failings, spanning nearly five years, points to significant deficiencies in compliance oversight and governance at the senior management level. The building society was reportedly aware of weaknesses in its systems and controls for some time, yet failed to address the deficiencies in a sufficiently effective or timely manner. This delay in remediation is a major aggravating factor in regulatory enforcement, as it demonstrates a failure to take reasonable care to organize and control its affairs responsibly and effectively, a breach of Principle 3 of the FCA’s Principles for Businesses.

The FCA’s expectations, reinforced in several “Dear CEO” letters to the retail banking sector, place the accountability for robust AML controls squarely on the board and senior management. The continued tolerance of unmanaged financial crime risk, particularly the known issue of business use of personal accounts, constituted an unacceptable exposure to money laundering risk. While Nationwide eventually commenced a large-scale financial crime transformation program in July 2021, the regulator concluded that the action taken between 2016 and 2021 was insufficient. This timeframe of non-compliance ultimately resulted in a massive financial penalty, which was imposed because the firm’s failures increased the risk that it could be used for the purpose of financial crime. The fine serves as a potent reminder that acknowledging compliance weakness is not enough; firms must implement and test effective, demonstrable, and timely remediation.

The Imperative for Vigilant Anti-Money Laundering Frameworks

The decisive enforcement action by the Financial Conduct Authority against Nationwide Building Society sends a compelling message about the critical role financial institutions play in the national effort to combat illicit finance. The substantial £44 million penalty underscores that a lapse in foundational controls—such as basic customer due diligence and effective transaction monitoring—is viewed by the regulator as a severe breach of regulatory obligations with tangible real-world consequences, demonstrated by the significant amount of fraudulent money missed. Building societies and banks act as gatekeepers of the financial system, and their negligence directly facilitates the flow of criminal funds.

The case illustrates a crucial anti-money laundering typology: the exploitation of retail banking products, specifically personal accounts, for undeclared business purposes. This scenario complicates the detection of suspicious transactions, as the expected activity on a personal account is vastly different from that of a commercial account. Financial crime risks are constantly evolving, and the burden is perpetually on firms to ensure their systems and controls are not only compliant with the current Money Laundering Regulations but are also dynamically calibrated to the specific risks their products, services, customers, and delivery channels present. The regulator emphasizes that financial institutions must remain perpetually vigilant, continuously reviewing and upgrading their systems to detect, prevent, and report suspicious activities, thereby protecting the integrity of the financial markets and reducing the harm caused by financial crime.

---

Key Points

• FCA issued a £44 million fine to Nationwide for inadequate anti-money laundering systems and controls over a nearly five-year period.
• The primary failure involved ineffective customer due diligence and transaction monitoring for personal current accounts, especially those used for business activity.
• A serious money laundering case, involving £27.3 million in fraudulent Covid furlough payments, went undetected due to the control failings.
• The building society was aware of the system weaknesses but failed to implement timely and effective remediation, violating Principle 3 of the FCA’s Principles for Businesses.
• The case highlights the high-risk money laundering typology of using retail personal accounts for undeclared, high-volume commercial transactions.

---

Related Links

• The Money Laundering, Terrorist Financing and Transfer of Funds (Information on the Payer) Regulations 2017
• FCA Financial Crime Guide: Governance and Controls
• FATF Guidance on the Risk-Based Approach for the Banking Sector
• UK National Risk Assessment of Money Laundering and Terrorist Financing

Other FinCrime Central Articles About Previous FCA Actions

• Monzo Penalized £21 Million as FCA Targets AML Lapses
• FCA Hits Barclays with Solid £42 Million Fine over Financial Crime Lapses
• Former Credit Suisse VP and 2 MDs Banned for Life From Working in any UK Regulated Financial Service Activity

Source: FCA

Some of FinCrime Central’s articles may have been enriched or edited with the help of AI tools. It may contain unintentional errors.

Want to promote your brand, or need some help selecting the right solution or the right advisory firm? Email us at info@fincrimecentral.com; we probably have the right contact for you.