Starling: Paying the price for failures in financial crime systems and controls

Due to failures in anti-money laundering (“AML”) and sanctions controls, Starling Bank Limited ("Starling") has been fined £28,959,426 by the FCA.

In scathing commentary, the bank’s sanctions controls were criticised by the regulator as “shockingly lax”.

Breach of the VREQ

Following a Skilled Person review, Starling accepted a Voluntary Requirement (“VREQ”) in September 2021, restricting it from opening new accounts for high or higher-risk customers until AML controls had improved.

The bank failed to fully implement the requirements and sub-requirements of the VREQ, opening 54,359 accounts for 49,183 high or higher-risk customers during the relevant period, in direct contravention of its terms.

Lack of sanctions control

Adding to its woes, Starling identified (in January 2023) that its automated sanctions screening system had inadequately screened new and existing customers against the Consolidated List since implementation in 2017.

Whilst immediate efforts were made to rectify the position, a deeper review unearthed systemic problems; including deficiencies in risk assessment, inadequate sanctions policies and procedures and a lack of management information (“MI”) on matters such as alert volumes and trends.

The FCA found that Starling's failure to design, implement, and maintain adequate systems and controls to mitigate financial crime risks, especially in relation to sanctions, constituted a breach of FCA Principle 3, which requires firms to “take reasonable care to organise and control its affairs responsibly and effectively, with adequate risk management systems”.

Mitigation

Proactive measures taken by Starling to address identified breaches and enhance its overall financial crime control framework were taken into account by the FCA; including the implementation of enhanced controls for monitoring compliance with the VREQ and the remediation of customer accounts opened in contravention of the VREQ, as well as historic sanctions screening reviews of the entire customer base and payments dating back to 2017 and a significant boost to compliance resource.

Starling's full cooperation with the FCA, including proactive presentations and the voluntary provision of important additional information throughout the investigation, was also acknowledged.

Key take-aways

The fine emphasises the importance of developing and maintaining stringent financial crime controls. For newer institutions navigating the complexities of rapid growth, the need for scalable, effective AML and financial sanctions frameworks is critical. Starling's case highlights the enormous consequences of failing to meet required standards.

Our recommendations:

• Financial crime systems and controls need to be underpinned by up-to-date risk assessments that are regularly re-evaluated;
• Controls should evolve to remain appropriate for the size and complexity of the organisation as well as the markets it operates in;
• Policies and procedures need to reflect identified risks and the compliance activities (such as sanctions screening) carried out; and
• Sanctions MI must be of sufficient quality to identify alert volume and trends to allow senior management to conduct effective and compliant oversight.

All financial institutions, regardless of their size or growth rate, must prioritise the establishment and maintenance of robust compliance mechanisms to safeguard against the risks of financial crime.