• FCA fines Monzo £21 million for widespread financial crime control failings
• Fraudsters opened accounts with fake addresses like 10 Downing Street and Buckingham Palace
• The bank allowed 34,000 high-risk accounts after the ban, and repeat offenders to open new accounts
• Failures occurred largely between 2018 and 2020, with some continuing into 2022
• FCA criticises Monzo for being ill-prepared to scale compliance with growth
• Chief executive TS Anil says controls have since been overhauled
• Monzo is now one of nine UK banks fined for AML failures in recent years
• FCA likely to increase scrutiny of digital and challenger banks
• Watchdog cites fintech sector’s broader vulnerabilities in tackling fraud
• Traditional AML standards must apply to digital-first banks too

Monzo has been hit with a £21 million fine by the Financial Conduct Authority (FCA) after investigators revealed that fraudsters opened thousands of accounts using implausible addresses – including Buckingham Palace, 10 Downing Street, and even the bank’s own headquarters.

In a scathing judgment, the regulator said Monzo’s controls for preventing financial crime were “completely inadequate,” particularly during a period of rapid growth between 2018 and 2022.

The FCA found that the bank not only failed to identify obvious red flags in customer onboarding, but also continued to open accounts for high-risk individuals even after being formally banned from doing so.

“Banks are a vital line of defence in the collective fight against financial crime,” said Therese Chambers, joint executive director of enforcement at the FCA. “Monzo fell far short of what we, and society, expect.”

Monzo, now boasting more than 12 million customers, has been one of the most high-profile success stories in Britain’s challenger bank boom.

But according to the FCA, its internal systems and compliance culture did not keep pace with customer acquisition. The regulator’s findings paint a picture of a digital bank struggling to perform basic checks while scaling up at speed.

Among the most damning breaches were Monzo’s acceptance of applications with false, high-profile UK addresses, such as royal residences and government buildings.

In some cases, customers used PO boxes, mail-forwarding services, or invalid non-UK addresses disguised with UK postcodes.

Many accounts were linked to previous fraudsters or were used to redirect cards overseas almost immediately after setup.

In total, Monzo opened 34,000 accounts for high-risk customers nearly two years after it had been ordered to stop doing so.

The FCA also found that customers whose accounts had been shut down for suspicious activity were often able to open new accounts without facing meaningful scrutiny.

Most of the failings took place between October 2018 and August 2020, but the bank continued to breach the high-risk customer ban until as late as June 2022.

The regulator acknowledged that Monzo has since implemented significant reforms to its anti-financial crime systems, with the bank claiming to have invested heavily in compliance and oversight.

Monzo chief executive TS Anil responded to the findings by stressing that the breaches were historical and that the bank had “learned from past mistakes.”

He added, “We’ve since invested heavily in our systems and controls. I’m pleased the FCA acknowledges our progress.”

Monzo’s fine places it among a growing list of UK banks penalised for anti-money laundering failures.

Nine others have faced similar enforcement action in the past four years, as regulators ramp up pressure on financial institutions to strengthen fraud prevention.

However, this case is especially significant for what it reveals about the vulnerabilities in the UK’s fast-growing digital banking sector.

The FCA warned that as fraud and scam attempts increase across the financial industry, challenger banks must ensure their controls are as robust as those of their traditional counterparts.

While Monzo has earned loyalty from millions of users through its mobile-first interface and transparency, this penalty marks a reputational blow and a stark reminder that innovation cannot come at the cost of basic regulatory compliance.