Metro Bank’s £16.7M Fine

Published on Nov 28, 2024

Metro Bank’s £16.7M Fine: A Wake-Up Call for Financial Institutions

In November 2024, the Financial Conduct Authority (FCA) imposed a £16.7 million fine on Metro Bank for significant anti-money laundering (AML) failings. These failings, rooted in deficiencies in transaction monitoring and data governance, highlight the challenges faced by financial institutions in balancing growth and regulatory compliance. The fine follows a £29 million penalty issued to Starling Bank by the FCA just a month earlier for similar challenges, underscoring the regulator’s firm stance on AML failings and serving as a cautionary message to other challenger banks. 

What Went Wrong at Metro Bank?

The FCA’s investigation found that Metro Bank failed to have the right controls to adequately monitor over 60m transactions worth over £51bn.  It found systemic issues in Metro Bank’s Automated Transaction Monitoring Systems (ATMS), which had been in operation since 2016. A critical flaw referred to as a “Time Stamp Code Logic Error” led to over 46.5 million transactions worth £31.5 billion going unmonitored for almost three years. This exposed the bank to significant financial crime risks and delayed the identification of suspicious activities.  

Governance lapses in the bank heightened these problems. Junior staff flagged the risks of “Bad Data”, which was a term used by the bank to refer to data records which were rejected by the ATMs. However, senior management failed to act on these risks and discussions on these issues were omitted from meetings, leading to unresolved risks remaining untracked for years.  

Key Areas of Failure 

In its report, the FCA identified several key failings. 

  1. Deficient Monitoring Systems 
    The bank’s automated monitoring systems suffered from data quality issues and incomplete/incorrect records were routinely rejected from monitoring.  Once transactions or records were identified as “Bad Data”, there was no clear process to review them. As a result, many records and transactions were left unmonitored.  

  2. Inadequate Governance and Oversight
    The risks were not adequately addressed because working groups lacked the required oversight and escalation mechanisms. The process for handling exceptions related to rejected records was poorly designed. There was a lack of consistency in escalating these issues to senior management and committees failed to act despite warnings from junior staff.  

  3. Lack of Proactive Risk Management 
    Metro Bank was not able to see how large the volume of unmonitored transactions was because reporting did not differentiate between internal bank transactions and customer transactions. This contributed to delays in addressing these risks.  

  4. Delayed Efforts to Resolve Compliance Failures  
    Although the issue was discovered in 2019, it took Metro years to fully correct it. A mechanism to check that all relevant transactions were being monitored took until December 2020 to be fully implemented. A comprehensive “Lookback Review” was only completed in 2022 and faced challenges as coding errors led to 4000 alerts and 1400 customers left out of the initial scope.  

Law and Legal Services Industry

Key Lessons for Finance Industry 

The fine imposed on the bank offers key lessons not only to other challenger banks, but also the wider financial industry.  

  1. Testing Automated Systems Regularly
    Banks that use automated systems for compliance must ensure they are rigorously tested and have auditing systems in place. Periodic reviews and stress tests are critical to identifying and addressing anomalies. Metro Bank’s failure to monitor millions of transactions shows why it is vital to have automated alerts when anomalies are detected in systems and a clear follow-up process.  

  1. Strengthen Governance
    Financial institutions must ensure they have clear escalation protocols, accountability structures and transparency in decision making.  Roles and responsibilities must be clearly defined across the organisation. Governance practices should be regularly reviewed and gaps must be quickly rectified.  

  1. Developing a Culture of Compliance
    Instilling a culture of compliance throughout an institution can prevent minor issues escalating into systemic failures. Staff must remain updated on the latest regulatory developments and how to use new technologies effectively through the use of training programmes. Senior leaders must champion compliance initiatives, set strong ethical standards and encourage cross-functional collaboration.  


Conclusion

Metro Bank has since invested significantly in remediating its compliance processes and strengthening oversight mechanisms, efforts that have been recognised by the FCA. This fine serves as a critical reminder of the importance of robust AML systems and a proactive, integrated approach to risk management. 

While innovative technologies enable challenger banks to scale rapidly, they must be complemented by vigilant human oversight. Compliance should not be seen as a tick box exercise or burden but rather as a cornerstone of sustainable growth. The Metro Bank case highlights why viewing compliance as a strategic asset is essential for fostering trust, ensuring operational integrity and driving long-term success in the financial sector.

 

Comply and Outperform with our complete Customer Lifecycle Management platform

Our Customer Lifecycle Management SaaS Platform takes care of all aspects, from creating the right first impression with rapid risk-based onboarding, through to award winning screening and KYC refresh that enable your business to:  

  • Realise massive operational efficiencies 
  • Achieve rapid ROI through the speedy deployment of our no code solutions 
  • Master complexity with solutions that evolve as regulations change

 All at the same time as delivering even higher levels of compliance assurance. 

 
View platform
Platform for the solution spage