The Financial Conduct Authority (FCA) has issued more than £1.07 billion in fines across 27 cases over the past decade for Anti-Money Laundering (AML) failings. But the numbers only tell part of the story.
When you dig into the data, a pattern emerges: one that shows where firms continue to fail, which sectors are under fire, and how the regulator’s approach has shifted.
Research highlights
Between 2015 and 2025, the FCA issued 27 fines. Annual fines rose from 1 in 2015 to 3 in 2025, while total values fell 68%.
Banks vs fintechs
Up to 2022, retail and investment banks like Santander, NatWest, and Commerzbank carried the highest fines. From 2024, fintechs Starling and Monzo made up over 90% of totals.
Governance failures
Out of 27 fines, 20 related to PRIN 3 (management failings) and 5 to PRIN 2 (skill, care, diligence), exposing systemic weaknesses.
The first criminal case
In 2021, NatWest faced £264.8m in fines and criminal charges after £365m in deposits went unmonitored, including £264m in cash.
A decade in numbers 📈
Between 2015 and 2025, the FCA’s approach to enforcement has shifted noticeably. Back in 2015, it handed down only a single fine – though it was a hefty one at £72 million. Fast-forward to 2025, and there are three fines totalling £23 million. On the surface, fine values have dropped by 68% across the period. But the number of fines has risen steadily from isolated cases in the mid-2010s to multiple actions per year now.
In other words, the regulator has shifted from handing out rare, blockbuster penalties to casting the net wider and spreading scrutiny across more firms. For you, that means the risk of enforcement has increased, even if the individual fine might not reach recording-breaking levels.
- Total fines issued for money laundering and financial crime failings 2015-2025: £1,071,216,632
- Total number of AML fines: 27
- Average AML fine: £39,674,690
| Year | Total value of fines | Biggest fine |
|---|---|---|
| 2015 | £72,069,400 | Barclays: £72,069,400 |
| 2016 | £3,268,500 | Sonali Bank (UK) Ltd: £3,250,600 |
| 2017 | £163,076,224 | Deutsche Bank AG: £163,076,224 |
| 2018 | £896,100 | Canara Bank: £896,100 |
| 2019 | £102,163,200 | Standard Chartered Bank: £102,163,200 |
| 2020 | £37,805,400 | Commerzbank: £37,805,400 |
| 2021 | £476,730,020 | NatWest: £264,772,620 |
| 2022 | £125,911,500 | Santander: £107,793,300 |
| 2023 | £20,618,700 | Guaranty Trust Bank Ltd: £7,671,800 |
| 2024 | £45,634,626 | Starling Bank: £28,959,426 |
| 2025 | £23,042,963 | Monzo: £21,091,300 |
Sectors in the firing line 🎯
Between 2015 and 2022, retail and investment banks dominated enforcement. Barclays, Deutsche Bank, Standard Chartered, Santander, and NatWest all feature heavily. The common thread across those cases: weaknesses in AML frameworks, risk management, and due diligence.
But since 2024, a clear shift has taken place. fintechs have begun topping the enforcement list. Starling was fined £28.9 million in 2024, and Monzo £21 million in 2025. That’s more than 90% of fine values in those two years combined.
Clearly, fintechs are no longer being treated as nimble disruptors finding their feet. The FCA is holding them to the same standards as legacy banks. If your business is scaling fast but hasn’t invested at the same pace in AML and compliance infrastructure, you are exactly the kind of firm the regulator will target next.
You might also like: The biggest AML blunders: 5 case studies and lessons learned
Where firms keep failing: PRIN 2 and PRIN 3 📜
The FCA’s Principles for Businesses set out the standard of behaviour expected across the entire industry. What stands out, though, is how often the same two principles come up in enforcement cases.
Out of 27 fines, 20 involved breaches of Principle 3, and another 5 were tied to Principle 2. That’s nearly every enforcement case based around two very human problems: how the business is managed, and how people do their jobs.
Principle 2 sets the bar for individual competence and professional care. In practice, this is about staff doing their roles with the diligence you’d expect if client money or market integrity were on the line – because they usually are. For compliance professionals, it means knowing your AML framework inside out, questioning anomalies rather than waving them through, and being able to evidence why a decision was reasonable at the time.
Principle 3 concerns the systems, processes, and governance that are meant to stop things going wrong. A firm can hire brilliant people, but if management doesn’t give them the tools, authority, or clarity to do their jobs properly, the FCA will call it out.
This principle is breached when oversight is patchy or when risk frameworks look fine on audit but collapse the moment they’re tested by reality. In other words, it’s about whether a firm is genuinely in control of its business or just appearing to be.
Why these two keep cropping up:
It’s telling that the majority of fines cite Principles 2 and 3. The FCA isn’t aiming for perfection, it knows no control framework will catch everything. What it won’t tolerate is complacency: people cutting corners, managers ignoring red flags, or governance bodies signing off reports they don’t really understand. For AML professionals, that means your credibility rests as much on how decisions are documented and escalated as on spotting the suspicious transaction itself. Enforcement in this space is a reminder that the regulator expects more than good intentions; it wants to see firms that can prove they are both diligent in action and effective in oversight.
You might also like: The top 10 FCA AML fines from the last decade
Frequently Asked Questions (FAQs) about FCA AML fines 🤔
The FCA has ramped up enforcement against non-compliant businesses, especially in high-risk sectors like property and accountancy.
What trends can be observed in FCA fines over the decade?
Fine activity broadened over the decade but the total value of fines has generally decreased since the large penalties in 2021. Fewer blockbuster fines have been issued, but enforcement has become more consistent across different firms.
Which sectors are most affected by AML fines in the UK?
Large retail and investment banks initially dominated fines, but more recently fintechs, like Starling and Monzo, accounted for a significant portion of annual fines.
How much can businesses be fined for AML breaches?
FCA fines vary widely, from a few thousand pounds to several hundred million, depending on the severity, duration, and scale of non-compliance.
Do small firms get fined for AML failures?
Yes. The FCA has penalised both small and medium-sized firms, showing that size does not exempt any business from compliance obligations.
What is the FCA’s role in AML enforcement?
The FCA supervises financial firms under the UK Money Laundering Regulations, monitoring compliance, conducting investigations, and issuing fines or other enforcement actions.
How can businesses avoid AML fines from the FCA?
Firms should implement robust AML policies, conduct thorough risk-based due diligence, maintain accurate and up-to-date records, and regularly train staff on compliance obligations.
How often does the FCA update its list of AML penalties?
The FCA publishes enforcement actions and fine data periodically, often alongside annual or quarterly updates, to ensure transparency and deter breaches.
What is the trend in AML compliance across the UK?
FCA enforcement has increased in frequency and scope, reflecting stronger scrutiny and a lower tolerance for regulatory lapses.
Where can I find the latest FCA AML fine data?
The FCA’s official website provides detailed data on fines, including historical enforcement actions, and through analysis reports like this 10-year AML compliance breakdown.
Sources 🗂️
- 2025 fines
- 2024 fines
- 2023 fines
- 2022 fines
- 2021 fines
- 2020 fines
- 2019 fines
- 2018 fines
- 2017 fines
- 2016 fines
- 2015 fines
NorthRow empowers regulated businesses to stay compliant and combat economic crime with end-to-end AML solutions. Discover NorthRow’s Know Your Customer (KYC), Know Your Business (KYB), and ID&V tools designed to streamline onboarding, verify identities, and mitigate fraud risk across industries.
