Monzo says issues ‘have been resolved and are firmly in the past’.
The UK Financial Conduct Authority (FCA) has fined British online bank Monzo more than £21m for failing to implement systems that mitigate financial crime.
The bank, which serves UK residents only, quickly rose from 250,000 customers in 2017, to more than 7.4m in 2023 and is now approaching close to 13m users.
However, an FCA inquiry into the neo-bank, which took a number of years, found that Monzo’s customer risk assessments – a key part of the bank’s financial crime framework – did not keep pace with its rapid expansion.
Between 2018 and 2020, Monzo had no process to verify customer addresses, the watchdog’s assessment finds.
This led to accounts being given to customers who listed their PO box as the UK prime minister’s residence at 10 Downing Street, Buckingham Palace, Monzo’s own business address, as well as foreign addresses with UK postcodes.
The lack of risk mitigation tactics also allowed customers to open multiple bank accounts without Monzo being aware, include two whose accounts had been closed as a result of financial crime concerns.
The FCA says that an absence of full knowledge of customer activities meant that the bank was unable to assess risks around money laundering.
In addition, Monzo also repeatedly breached a requirement that prevented it from opening accounts for new or existing high-risk customers between 2020 and 2022. In that period, it is estimated that Monzo opened more than 34,000 bank accounts associated with high-risk customers.
“Monzo onboarded customers on the basis of limited, and in some cases, obviously implausible information – such as customers using well known London landmarks as an address. This illustrates how lacking Monzo’s financial crime controls were,” said Therese Chambers, the FCA joint executive director of enforcement and market oversight.
“This was compounded by its inability to properly comply with the requirement not to onboard high-risk customers.”
The bank, however, has since made progress in enhancing its financial crime framework, and as a result, received a lesser penalty than it would have otherwise.
In a statement to SiliconRepublic.com, Monzo said that the FCA’s findings “relate to a historical period that ended three years ago and draw a line under issues that have been resolved and are firmly in the past”.
The bank said that the “learnings” led to “substantial improvements” to its controls.
Fraudsters often use a blend of real and fake identity data to bypass basic security checks, explains Gus Tomlinson, the managing director of identity fraud at GBG, a provider of identity, fraud and location intelligence.
“This case shows how fraudsters use obviously fake credentials such as well-known landmarks as their home address or a fake name like ‘Homer Simpson’ to open the door.
“That’s why businesses need robust, layered identity verification at onboarding, combining signals like address data, mobile intelligence and biometric checks to flag risks in real time,” she added.
Don’t miss out on the knowledge you need to succeed. Sign up for the Daily Brief, Silicon Republic’s digest of need-to-know sci-tech news.
Updated, 12.55pm, 9 July 2025: An earlier version of the article incorrectly described GBG as an IT consultancy.