By Katya Davis, Manager, Financial Crime
On 12 November 2024, the FCA fined Metro Bank £16.7 million for serious lapses in its transaction monitoring controls. Between 2016 and 2020, Metro Bank processed over 60 million transactions, totalling £51 billion, without adequate oversight—leaving it vulnerable to money laundering risks. Here’s what compliance professionals need to know.
Metro Bank relied heavily on automated transaction monitoring, but a critical data integration error meant that early transactions on new accounts weren’t being captured. Metro Bank also failed to regularly review and stress-test its system, even after initial issues surfaced. Without regular validation and updates, even the most sophisticated systems can overlook vital activity.
Takeaway: Verify that your transaction monitoring is accurately capturing all activity from day one. Conduct regular testing of your proprietary or external systems to ensure accuracy, reduce false positives, and refine system performance.
In 2017 and 2018, junior Metro Bank staff raised concerns about unmonitored transactions, yet these warnings never reached senior management. Clear escalation channels are essential to prevent minor concerns from escalating into undetected, systemic issues.
Lesson: Ensure clear reporting lines and escalation protocols so all staff know how—and to whom—to report compliance issues. A compliance-first culture should start at the top.
After implementing a “fix” in July 2019, Metro continued to experience monitoring issues into 2020 as the firm lacked a mechanism to verify that all relevant transactions were consistently fed into the system. Internal adjustments alone are often insufficient without third-party verification to identify and address hidden gaps.
Best Practice: Annual external Financial Crime or AML audits can provide an objective check on your controls, helping to catch lingering vulnerabilities and maintain compliance.
A lack of training on transaction monitoring left Metro’s staff ill-equipped to manage concerns effectively. Despite junior staff raising issues, gaps in understanding and escalation meant these weren’t addressed until years later. Without a culture of awareness and training, even the best systems may become ineffective due to human oversight.
Action: Develop a strong culture of AML awareness, ensuring that all levels of staff understand their role in risk management and reporting. Automated systems require human oversight to function reliably.
By addressing these core areas, organisations can strengthen their transaction monitoring frameworks and reduce exposure to financial crime risks.
For help with any of the above core areas, please contact us at 0207 436 0630 or via email at info@thistleinitiatives.co.uk.