Lessons from Starling Bank’s fine for failings in their financial crime systems and controls

What matters

Starling voluntarily accepted a requirement from the FCA in September 2021 (VREQ) not to open any new accounts for high or higher risk customers while it improved its anti-money laundering control framework. It subsequently contravened the VREQ by onboarding 49,183 high or higher risk customers.

What matters next

Financial crime controls should be reviewed and revised on a regular basis to ensure that they are appropriate for the nature and size of the business and the risks identified. This would particularly apply to a business that is growing, introducing new products or entering new markets.

Starling Bank Limited, a digital challenger bank, was fined £28,959,426 (after 30% discount), by the Financial Conduct Authority for ‘shockingly lax’  financial crime systems and controls.

Key facts:

  • Following the work of a Skilled Person, Starling voluntarily accepted a requirement from the FCA in September 2021 (VREQ) not to open any new accounts for high or higher risk customers while it improved its anti-money laundering control framework. It subsequently contravened the VREQ by onboarding 49,183 high or higher risk customers.
  • Starling identified, in January 2023, that its automated financial sanctions screening system (implemented in 2017) had only been screening the names of new and existing customers against a fraction of the names on the Consolidated List.
  • In a subsequent review of its financial sanctions framework, Starling identified wider systemic issues including assessment of its financial sanctions risk, policies and procedures, testing and calibration of screening systems and a lack of MI regarding alert volumes and trends.
  • Potential financial sanctions breaches were identified and reported to the relevant authorities.

Key takeaways:

  • Financial crime controls should be reviewed and revised on a regular basis to ensure that they are appropriate for the nature and size of the business and the risks identified. This would particularly apply to a business that is growing, introducing new products or entering new markets.
  • When agreeing to a VREQ firms should ensure that they have systems and controls in place to ensure compliance (including effective monitoring).
  • Firms should ensure that how sanctions screening systems work in practice are consistent with the approach set out in its policies and procedures.
  • Screening should encompass customers and payments (both domestic and international).
  • Firms should consider the frequency of screening and whether the approach adopted is appropriate having regard to the risks.
  • Firms should regularly test and calibrate financial sanctions screening systems and maintain records of the tests undertaken.
  • Unusual occurrences (for example, a lack of alerts for a period of time) should be quickly investigated to establish the root cause and whether it is indicative of a problem with the screening systems.
  • Firms should ensure that risk assessments relating to financial sanctions are appropriate having regard to the nature of the business.
  • Operational MI relating to financial sanctions should be produced showing (amongst other things) alert volumes and trends.
  • Assurance testing should be undertaken by the second line of defence and audits undertaken by the third line of defence in relation to the sanctions screening systems.
  • Firms should ensure that they have sufficient sanctions screening expertise in-house and provide regular role specific training to relevant employees.

Disclaimer

This information is for general information purposes only and does not constitute legal advice. It is recommended that specific professional advice is sought before acting on any of the information given. Please contact us for specific advice on your circumstances. © Shoosmiths LLP 2025.

 


Insights

Read the latest articles and commentary from Shoosmiths or you can explore our full insights library.