Barclays Bank has once again come under the regulatory spotlight, this time with a hefty £42 million fine imposed by the Financial Conduct Authority (FCA) for serious lapses in money laundering risk management. The fine, split between two cases involving WealthTek and Stunt & Co, serves as a cautionary tale for all financial institutions, mainly that failing to uphold financial crime controls can have costly, reputational and regulatory consequences.

Here’s what went wrong and, significantly, how organisations can avoid similar failures.

Case 1: A failure of basic due diligence 

What happened? Barclays Bank opened a client money account for WealthTek without conducting adequate due diligence. Critically, the bank failed to perform a simple yet vital check: Consulting the Financial Services Register. Had it done so, it would have discovered that WealthTek was not authorised by the FCA to hold client money.

As a result, £34 million was deposited into an account that should never have been opened. These lapses in onboarding led to increased risks of misappropriation and money laundering. In December 2024, WealthTek’s principal partner, John Dance, was charged with multiple offences, including money laundering and fraud.

Fallout: Barclays voluntarily paid £6.3 million to WealthTek clients to cover losses. While the bank cooperated with the FCA, the failures exposed deep gaps in its control environment.

Case 2: Ignoring red flags

What happened? Barclays Bank provided banking services to Stunt & Co, a business linked to Fowler Oldfield, a known money laundering operation. Over £46.8 million flowed through the firm in just over a year. Even after law enforcement raided both companies and warned of financial crime concerns, Barclays did not reassess its risk exposure.

The bank only acted after it learned the FCA was prosecuting NatWest for a similar case, well after the damage had been done.

Fallout: A £39.3 million fine and a reputational hit for failing to respond to clear money laundering indicators.

Barclays and Monzo: Two money laundering failures, one message

While Barclays’ breaches stemmed largely from a failure to act on known risks, the case of neobank Monzo reveals a different but equally dangerous threat: Systemic weaknesses born from unchecked growth.

In May 2024, Monzo was fined £21.1 million after a six-year FCA investigation revealed widespread AML failures. The bank allowed customers to open accounts using clearly fake or implausible details, such as addresses at 10 Downing Street and Buckingham Palace, without triggering red flags. In another case, more than 100 accounts were linked to a single address, yet no enhanced checks were carried out.

Where Barclays failed to respond to clear external indicators, such as police raids or regulatory warnings, Monzo failed to build the necessary internal infrastructure in the first place. Its customer risk assessments were incomplete or missing. Ongoing monitoring was ineffective. AML alerts were frequently ignored or closed without proper review. Even Suspicious Activity Reports (SARs) were delayed or missed entirely. In both cases, governance was fragmented, and lines of responsibility were unclear.

At Barclays, intelligence from law enforcement wasn’t shared internally, and obvious compliance gaps, such as WealthTek’s unauthorised status, went unchecked. At Monzo, the FCA cited a complete breakdown in oversight, risk assessments and due diligence, exacerbated by a compliance framework that simply didn’t scale with the firm’s rapid customer growth.

Importantly, both firms were found to have inadequate enhanced due diligence (EDD) processes. Barclays failed to apply EDD to high-risk clients like Stunt & Co, despite adverse media and links to known criminal activity. Monzo lacked documented triggers for EDD altogether, even onboarding Politically Exposed Persons (PEPs) before appropriate checks were completed.

And while the contexts differed, Barclays a traditional bank with legacy processes, Monzo a digital-first disruptor, the result was the same: Customers and the financial system were exposed to serious financial crime risks, and both firms were held accountable.

A crackdown on neobanks?

Monzo’s case is particularly instructive. The FCA has been increasingly focused on challenger banks since its 2022 sector review revealed that many were prioritising user experience and growth at the expense of robust AML controls. Common findings included poor quality SARs, minimal due diligence during onboarding and compliance frameworks that weren’t commensurate with the scale of operations.

Monzo’s fine was a wake-up call: Rapid growth does not excuse weak compliance. In fact, as firms scale, their controls must grow in tandem.

Lessons for financial firms

Whether you’re a neobank, traditional institution or fintech startup, these enforcement cases offer concrete lessons:

1. Scale your controls with your business.
   Growth is not an excuse. Resourcing for compliance must be proportional to your customer base and product risk. 
2. Risk assessments must be real, not just theoretical.
   Having a framework is not enough. You need accurate, completed assessments, monitored and updated regularly. 
3. Ongoing monitoring is a continuous obligation.
   AML is not a one-time exercise. You must adapt as new information or red flags emerge. 
4. Red flags must trigger action.
   Police raids, adverse media or duplicate addresses are not minor oversights. They demand a response. 
5. Responsibility cannot be outsourced.
   Whether using third parties for onboarding or automated tools for screening, the regulated firm is ultimately accountable. 

Compliance is not just a checkbox

Both Barclays and Monzo have now committed to strengthening their AML frameworks. But the FCA’s message is crystal clear: Reactive remediation is not enough. Prevention must be embedded from day one, and sustained throughout the client lifecycle.

The cost of inaction is now obvious, £42 million for Barclays, £21 million for Monzo, and that’s before you factor in lost reputation, consumer trust or legal exposure. Whether you’re a fintech or an established bank, it’s time to treat financial crime controls not as a compliance cost but as a strategic necessity.

Our Conversational Learning course on AML due diligence turns passive training into active engagement. Through rich, multimedia scenarios and guidance from our AI experts, you’ll explore fundamental AML principles with the ability to adapt to your experience, role and level of understanding. Try it now.