Why financial crime controls fail when firms do not act
The FCA’s £44 million fine against Nationwide Building Society reinforces a core regulatory message. Financial crime controls only protect firms when they drive action.
Between 2016 and 2021, weaknesses in Nationwide’s financial crime systems meant risks were not identified or managed effectively. Although the firm knew some accounts operated outside expected use, it did not respond quickly enough. Consequently, significant harm followed and the FCA intervened.
This case offers clear lessons for all regulated firms.
Controls Must Trigger Action
Most firms have AML policies, procedures, and risk assessments. However, the FCA continues to focus on how those controls operate in practice.
Nationwide identified personal accounts used for business activity. That behaviour sat outside its risk assumptions. However, controls did not adapt, and risks increased over time.
For example, one customer received 24 fraudulent COVID-19 furlough payments totalling £27.3 million. Earlier intervention could have reduced this exposure.
Controls that do not trigger challenge or escalation do not work.
Knowing Is Not Enough
Identifying a financial crime risk is only the starting point. What matters is how firms respond.
When activity changes, firms must reassess risk. They must also consider whether controls remain effective. If they do not, firms must strengthen them quickly.
Delay creates regulatory exposure. Therefore, the FCA expects timely remediation once issues are known.
This applies across AML, fraud, sanctions, and transaction monitoring.
Oversight Drives Effectiveness
Strong financial crime controls rely on effective oversight. Boards and senior management must receive clear, meaningful Management Information (“MI”).
However, MI must highlight risk trends and unresolved issues. It must also support challenge and accountability.
Someone must own the issue. Someone must drive remediation. Without this, weaknesses persist and regulators take notice.
A Practical Review Approach
This enforcement action should prompt firms to perform a targeted sense check.
- Changes in customer behaviour trigger review.
- Transaction monitoring remains effective.
- Known control weaknesses close promptly.
- Governance and MI support challenge.
A well- structured, concise review reinforces assurance and demonstrates proactive financial crime oversight.
At Leaman Crellin, we support firms with:
- Financial Crime Risk Assessments
- Transaction Monitoring Effectiveness Reviews
- Compliance Risk Assessments and Health Checks
Key Takeaway
Financial crime controls must evolve as risks change. When something does not look right, firms must act. Waiting increases harm, cost, and regulatory scrutiny. The FCA’s message is clear. Awareness without action is not enough.
