FCA Cracks Down on AML Failures: £3.2 Million in Fines for UK Firms

Jerome Lussan in collaboration with Charlotte Hide

Is anti-money laundering still catching you out?

The anti-money laundering movement has been at the forefront of compliance including battling cyber-crime for years, so why is it still a problem to be solved?

The FCA has noted a spike in failures in anti-money laundering that shows complacency from regulated firms in the UK. This is sometimes due to old processes being deemed acceptable past their realistic expiry dates. Other reasons for these fines include failing to carry out risk assessments, not having appropriate anti-money laundering controls, and failing to conduct proper due diligence checks.1

Despite anti-money laundering having been tackled for years, due to the ever-evolving nature of criminal activities, combatting it is also an evolving task. The FCA directly published a statement in March 2024 that ‘all […] firms should assess their financial crime controls against the common weaknesses we found within the next six months’.1 This demonstrates a clear need for improvement in anti-money laundering processes, and an urgent one if it is due by September 2024.

The issue with current anti-money laundering processes and their effectiveness lies in the perspective with which firms approach it as part of their compliance. Firms perceive anti-money laundering training and defences as a tick box exercise to avoid the eagle eyes of the FCA. However, to truly keep anti-money laundering processes efficient and updated, there must be the motivation of avoiding the actual consequences of money laundering, a change in attitude and culture, reflected in modern processes under regular review. Otherwise, those FCA eyes will see the flaws and impose penalties.

What are the punishments and fines for anti-money laundering failings?

To mark how severely the FCA are viewing the failings of firms in their anti-money laundering processes, over the last year an abundance of fines have been dished out to a range of institutions. These fines include hundreds of businesses being fined up to £3.2 million for ‘breaching anti-money laundering rules’.2 This crackdown is also not exclusive to the UK, but is being recognised globally, with Deutsche Bank being fined $186 million by the Federal Reserve ‘for inadequate efforts in addressing money laundering issues’.3

In the US and UK alike, the FCA and the Federal Reserve are both promising ‘more severe fines if deficiencies are not promptly rectified’.4 Following their fine, Deutsche Bank has publicly committed to ‘enhancing risk and data management systems to address the identified weaknesses’.5 Germany’s financial watchdog, BaFin, has also ‘penalised Commerzbank with a fine of 1.45 million euros for failing to fulfil its anti-money laundering responsibilities’, taking this crackdown on failed anti-money laundering to all corners of Europe.6

In the UK, most firms and organisations to be fined by the FCA have been based around London as the country’s financial hub. This includes Xpress Money Services Ltd, based in London, which was hit with a large fine of £1.4 million for failing to carry out risk assessments, not having appropriate anti-money laundering controls, and failing to conduct proper due diligence checks.’ 7

The FCA is expected to continue its strict approach to increasing the severity of punishments for inadequate AML processes, or where firms fail to recognise their own responsibility regarding their setups. The areas that the FCA identifies most often with regards to fines are:

  • Failure to update customer data promptly
  • Inadequate due diligence
  • Inadequate companywide risk assessment
  • No Money Laundering Reporting Officer (MLRO)
  • Not knowing if they are affected by regulations
  • Inadequate record keeping

How could you avoid getting fined?

At Leo, we have seen plenty of evidence, through interactions with firms in the industry, that the lighter the approach, the less it works. This has included firms using anti-money laundering frameworks based on Excel, relying on gathering information through emails or on a combination of processes from front-end client questionnaires in Word, to one or two software (including internet searches) for background checks or ID checks. Once there is any volume the risk of skipping steps in this human process is high, and reliance on standard background checks (which usually but not always cover adverse media, sanctions and PEPs) is not sufficient unless it is integrated to the client onboarding questionnaire. ID checks are also an issue in that the more manual the more business is delayed if clients have to obtain notarised copies of passports for example, and the more likelihood firms will skip that step and forget.

The FCA is pushing for firms’ processes to be integrated to avoid these errors and is focused on a firm’s ability to demonstrate, for example, a regular formal review of policies and whether processes are adequate. This is often not done or not documented. What regulators want is for all firms to adapt their mindset with the aim of contributing to the ethical efforts anti-money laundering intends, as well as demonstrate compliance with the obvious checks required by law, that would put them in a safe place and benefit the community.

As such, applying a one-stop shop software that covers it all makes more and more sense, especially with the added value of AI now included in a premium software like Leo. Modern adopters of such solutions will both be taking an active responsibility towards improving the industry but also comply faster and thus improve the client journey benefitting their P&L. One more key benefit for Money Laundering Officers is to avoid prosecution as they are in the direct line of fire facing criminal liability.

So, what can firms do?

Integrating improvement: Regularly schedule risk assessments, and policy reviews, according to well-organised automatic reminders. Review the effectiveness of checks and which tools are used for this. Consider whether standard web searches are enough. Which tools provide good background checks bearing in mind the pain of dealing with false positives. Consider too, which tools provide good corporate information as this is the hardest part to get right, considering that most company information is not available online to the public and that it may be behind a paywall, so watch out for the limitations of any software that purports to do this.
We have tested many at Leo, as we build APIs with best-of-breed providers and it is a hard nut to crack. In any case, demonstrating this approach with relevant notes or minutes will provide much security to the firms that take this approach. This integration of improvement should also include having a plan in place in the event of discovering a breach or weakness. This means organising a follow-up and link to further diarised duties. 

Prioritisation of Due Diligence: If Client Due Diligence (CDD), under which we refer to the whole client journey including Client Categorisation, Know Your Client (KYC) checks and ID checks, is properly implemented as part of the anti-money laundering processes, then any information found that could be harmful to the firm is more likely to be acted upon, with obvious benefits to the firm, and the community. The need to work between standard or enhanced due diligence, which determines the levels of KYC that may be required is important and should be captured by policies, with an adequate escalation process, ideally all organised via software as there are many moving parts to working through these options. What has been an issue is the cost associated with background check tools and quality even among the most well-known brands. Whereas it is recognised that most firms pay for KYC, firms that only focus on this and ignore the rest are part of the issue identified by the FCA. Prioritising due diligence is key but not a panacea.  

Proof of ethical conscience: As we touched upon above the FCA believes that ‘AML compliance is not just a regulatory requirement but a central component of operational integrity in today’s financial landscape’. To integrate this ethical awareness of the extensive consequences of anti-money laundering, a good option is to provide training for employees. Another option is to document, not only, the risk to the company through risk checks and assessments, but the further human risk based on which criminal activities laundered money may be funding. The documentation and evidence of management thinking about these issues is very important and usually when applied leads to AML improvements. Be ready to note down meeting points and related action plans.

How can Leo play a part in bettering your processes and avoiding getting fine?

We have noted some examples where Leo can be the one-stop shop that you need. Leo’s Online Training Solution is also a first line of defence. There are many more benefits such as being able to rely on a remediation register to tag when and who should follow up on certain actions.

Further Leo provides a way to adapt to the FCA’s statement that ‘current methods’ to aid in anti-money laundering processes are ‘costly and ineffective’. Leo’s framework is effective in managing policy reviews and includes a resulting KYC and biometrics software all in one place. It is priced low and aims to automate and streamline processes to make them far more effective. It results in firms accommodating more ambitious anti-money laundering processes.

Leo is a great software in that, it is a unique framework for compliance, providing a centralised policy review system, through compliance oversight checks, diarised tasks, duty separation with user access rights, reports dedicated to AML such as the MLRO report, and, of course, best of breed KYC and ID checks. But it does more than this.

Some of the solution’s features include:

  • User access for potential clients to deliver all relevant information and evidence KYC and ID checks for the compliance team to review. The Software will chase up missing documents too.
  • Leo’s CDD reports link to client registers and repositories for relevant documents. It also links to remediation registers if any anomalies are picked up. And this is the point where compliance can decide if it is necessary to carry out enhanced due diligence if this was not yet the case.
  • A dedicated online training platform for all staff which can be set up to automatically chase staff, complete staff training registers linked to internal compliance reports and provide relevant certificates appreciated by regulators
  • Integrated meeting reports configurable to your needs to evidence regular reviews and discussions.
  • Duplication of reports year on year to evidence progress and improvements on a particular client where necessary.
  • Time savings of about 40% on any one CDD.
  • Cost savings of one staff member as estimated by users.
  • Peace of mind for management who can see things are done and security from potential prosecution.

To learn more about how we can help with our SaaS click below. As one client noted this was a “Software as a Saviour” … come and check it out for yourself.

Contact us


[1] https://www.fca.org.uk/news/news-stories/fca-warns-firms-over-anti-money-laundering-failings

[2] https://www.gov.uk/government/news/hmrc-issues-32-million-in-money-laundering-penalties

[3] https://www.thetaray.com/blog/the-biggest-aml-penalties-that-defined-2023/

[4] https://www.thetaray.com/blog/the-biggest-aml-penalties-that-defined-2023/

[5] https://www.thetaray.com/blog/the-biggest-aml-penalties-that-defined-2023/

[6] https://www.skillcast.com/blog/biggest-aml-fines-2024#:~:text=HMRC%20has%20revealed%20that%20254,Money%20Laundering%20Regulations%20(MLR).

[7] https://www.gov.uk/government/news/hmrc-issues-32-million-in-money-laundering-penalties

The FCA Tightens the Grip: Stricter Crypto Regulations and Enforcement Actions

Read more
Transforming AI: Labour’s Vision for a New Era

Read more
UK 05/07/24
FCA Cracks Down on AML Failures: £3.2 Million in Fines for UK Firms

The anti-money laundering movement has been at the forefront of compliance including battling cyber-crime for years, so why is it still a problem...

Read more
UK 30/05/24
LETFs: The Trojan Horse to the everyday Investor  

Mis-selling of ETFs is damaging and illegal, but the mis-selling of Leveraged ETFs (LTEFs) has the potential to be far more catastrophic.

Read more
UK 26/04/24
Cybersecurity: New Attack on a Scottish Law Firm

Read more