Starling Bank Fined £29M for Lax Financial Crime Controls

Starling Bank, one of the UK's leading challenger banks, has been hit with a hefty £29 million fine by the Financial Conduct Authority (FCA) for "shockingly lax" financial crime controls that left the financial system vulnerable to criminal activity and sanctions violations. The bank's rapid growth outpaced its ability to implement robust anti-money laundering and sanctions screening measures, putting the integrity of the banking system at risk.

Uncovering Starling Bank's Compliance Failures

Rapid Expansion Outpaced Financial Crime Controls

Starling Bank, founded in 2014 by entrepreneur Anne Boden and backed by Goldman Sachs, has experienced remarkable growth, expanding from 43,000 customers in 2017 to 3.6 million in 2023. However, the bank's measures to tackle financial crime did not keep pace with this rapid expansion, leaving the financial system wide open to exploitation by criminals and those subject to sanctions.

Failure to Comply with FCA Requirements

The FCA's review of financial crime controls at challenger banks in 2021 identified serious concerns with Starling's anti-money laundering and sanctions framework. The bank had agreed to a requirement restricting it from opening new accounts for high-risk customers until these issues were addressed, but it failed to comply. Instead, Starling opened more than 54,000 accounts for 49,183 high-risk customers between September 2021 and November 2023, earning £900,000 in interest and fees from these accounts.

Systemic Failures in Sanctions Screening

In January 2023, Starling became aware that its automated screening system had, since 2017, only been screening customers against a fraction of the full list of those subject to financial sanctions. An internal review revealed systemic issues in the bank's financial sanctions framework, leading Starling to report multiple potential breaches of financial sanctions to the relevant authorities.

Inadequate Customer Screening and Risk Management

The FCA's investigation also found that Starling's financial crime risk control had not been updated correctly, resulting in 294 customers that had previously been ditched by the bank for financial crime reasons opening new accounts. Of these customers, 161 had been previously subject to a suspicious activity report, and 112 had either a full or partial match on the fraud prevention service Cifas.Furthermore, Starling's customers or prospective clients were only screened against sanctions records for individuals with UK citizenship or residency, accounting for just 39 of the 3,088 people on the UK sanctions list. This meant there was a "material risk" that Russians on the sanctions list would have been able to open or maintain accounts with the bank, and the FCA found that at least one person on the sanctions list had indeed opened an account with Starling.

Starling's Response and Remedial Actions

Starling has acknowledged its failings and apologized for the issues outlined by the FCA. The bank has paid the £29 million fine as a full and final settlement and has taken steps to address the identified problems, including rescreening transactions, reviewing customer accounts in depth, and introducing additional safeguards.The bank's chair, David Sproul, has also provided reassurance that Starling has "invested heavily to put things right, including strengthening our board governance and capabilities." However, the FCA's findings highlight the significant challenges faced by rapidly growing challenger banks in maintaining robust financial crime controls and the importance of proactive compliance measures to protect the integrity of the financial system.