Metro Bank, in November 2024, faced a £16,675,200 penalty by the FCA (UK) for significant anti-money laundering (AML) breaches.The original fine, before a 30% reduction for early settlement, would have been £23,821,700.
What Went Wrong at Metro Bank
Inadequate Transaction Monitoring Systems:
In 2016, Metro implemented an Automated Transaction Monitoring System. However, the system suffered from flaws in its setup and oversight, which went undetected for years. Over 60 million transactions, totaling over £51 billion, went unmonitored as a result.
Time Stamp Code Logic Error (2019)
A coding error in the data extraction methodology caused the Automated Transaction Monitoring System to reject a large number of transactions. For example, if a customer opened an account and made transactions on the same day, these transactions were not included in the data feed and went unmonitored.
This oversight affected roughly 166,000 accounts, allowing £31.5 billion in transactions to bypass monitoring.
Delayed Response
Despite discovering the error in 2019, Metro took until late 2020 to implement effective data feed checks. Consequently, a significant number of transactions were missed, and suspicious activity went unreported.
Governance Failures Escalation of the “Bad Data” problem was inconsistent. Junior staff identified and flagged issues in 2017 and 2018, but it took over a year to bring these concerns to senior leadership.Inadequate Remediation A lookback review, which began later, was not completed until 2022. The review led to 153 suspicious activity reports (SARs) and 43 account closures, underscoring the scale of oversight failures.
Lessons Learned
If you are a financial institution, a fintech, or a startup engaging in financial services, it's important to set up things the right way from the very beginning.
With regard to transaction monitoring, to prevent finding youreslf in such unpleasant sitution elike Metro Bank, ensure that you:
Regularly reconcile data sources with monitoring systems to prevent missing or erroneous data from compromising transaction monitoring.
Implement a robust review process and immediate follow-up on rejected transactions.
Escalate problems and issues to senior decision-makers promptly.
Regularly test all systems, including code logic and data feeds, to identify and address flaws before they impact monitoring capabilities.
Comments