On 12 December 2025, the FCA fined Nationwide Building Society £44,078,500 for inadequate anti-financial crime systems and controls between October 2016 and July 2021. The initial fine of £62,969,297 was reduced by 30% due to an early settlement discount.

This is a direct warning to retail banks and building societies: weaknesses in Customer Due Diligence (CDD) upkeep, risk assessment coverage, and transaction monitoring effectiveness—especially when known and not remediated quickly—will be treated as a material governance failure.

1. What the FCA Says Went Wrong (In Practical Terms)

The FCA highlighted three specific control failures that are common across many financial services firms:

• CDD and Risk Assessments were not kept up to date for personal current account customers, at scale.
• Transaction monitoring was ineffective, meaning the firm could not reliably identify and manage money laundering risks in its current account base.
• Management of Account-Purpose Drift: Nationwide knew some customers were using personal accounts for business activity (in breach of terms). The firm did not have the right processes to manage the subsequent, higher financial crime risk.

The Tangible Consequence: COVID Fraud

The FCA also references a serious case where Nationwide missed opportunities to identify fraudulent COVID furlough payments, including 24 payments totalling £27.3m, with around £800,000 unrecovered at the time of the FCA’s summary.

2. The Key Learnings for Firms

The enforcement action crystalises three immediate compliance imperatives:

A. "Population Coverage" is a Control, Not an Assumption

If your risk engine or monitoring capability cannot confidently “see” the entire population (or the right data fields), you are operating blind.

• Action: You must evidence the effectiveness of your monitoring with:
  • Reconciliation
  • Exception Management Information (MI)
  • Ageing analysis
  • Clear remediation ownership.

B. Account-Purpose Drift Must Be Treated as an AML Risk Driver

Where personal accounts behave like business accounts, the risk profile changes materially. Controls must adapt:

• Action: Do not rely solely on Terms & Conditions (T&Cs). Instead, you need:
  • Business-use indicators (e.g., volume/velocity alerts).
  • CDD uplift (re-profiling the customer).
  • Refreshed risk ratings immediately upon identifying drift.
  • Monitoring calibrated to the observed higher-risk behaviour.

C. Slow Remediation is Enforcement Fuel

The FCA explicitly noted Nationwide was aware of weaknesses and undertook improvements, but failed to address them in a timely way. The firm began its large-scale transformation programme late (July 2021), long after issues were first identified.

3. How This Fits the Wider 2025 Enforcement Pattern

The FCA’s running 2025 fines total is £123,911,524.40 (excluding court fines), as last updated 12 December 2025.

Several of the most material outcomes reinforce the same “systems and controls” theme:

Across firms with very different operating models, the FCA is consistently penalising the same failure mode: controls that are not operating effectively in real conditions (scale, change, customer behaviour, product misuse).

4. Use the MEMA Dashboard & Establish a Tight Operating Rhythm

To turn enforcement patterns into proactive internal action, establish a disciplined operating rhythm:

Use the FCAfines.MEMA dashboard to track these themes (free)

• Access the daily feed of FCA fines and decision notices, sorted by theme:
• https://fcafines.memaconsultants.com/

A Tight Operating Rhythm (That Stands Up in Audits)

• Weekly: Scan new outcomes by theme (AML, systems & controls, governance).
• Monthly: Drop the one-page summary into your Risk/Compliance Committee pack.
• Quarterly: Refresh monitoring tests and remediation priorities based on what the FCA is actually enforcing.

This article is for general information only and does not constitute legal, regulatory or investment advice.

‍