Over the past two years, the Financial Conduct Authority (FCA) has stepped up criminal prosecutions and accelerated investigations, clear signals of a more focused approach to financial crime. This shift aligns with its 2025-2030 strategy, which reinforces financial crime as a top regulatory priority.

Recent anti-money laundering (AML) news headlines — from luxury asset seizures to record-breaking fines — add urgency to the call for stronger oversight. 

Even as financial institutions improve their AML controls, FCA publications continue to reveal vulnerabilities. For firms, the consequences are steep: heavy fines, reputational damage, and operational inefficiencies that drive up compliance costs.

This article looks at five recent UK money laundering cases and shares key takeaways to help firms improve their AML frameworks.

Customer risk ratings reflect real-world activity

In 2021, a major UK bank became the first to face criminal charges from the FCA for AML compliance failures, resulting in a £265 million fine. At the centre of the case was Fowler Oldfield, a jewellery firm projected to earn £15 million per year — but it deposited £365 million over four years, including £264 million in cash.

Despite being a high-risk customer, the customer was misclassified as low-risk for two years. The bank had originally understood that Fowler Oldfield would not handle cash, but millions moved through multiple branches.

During the relationship, suspicious activity — including large sums of musty-smelling Scottish banknotes deposited in English branches —  failed to trigger adequate scrutiny. Additionally, the bank’s transaction monitoring software misclassified some of the cash deposits as cheques, which were subject to less stringent rules.

This case highlights that even as financial crime becomes more sophisticated, fundamental AML practices, including spotting clear signs of unusual activity, should not be overlooked.

Firms should:

• Update customer risk ratings based on real activity. Risk levels should reflect actual transaction patterns and new red flags, not just the information gathered at onboarding.

• Treat Know Your Customer (KYC) as an ongoing process, not a point-in-time check.

AML systems must scale in step with business growth

Between 2016 and 2023, a fast-growing challenger bank grew its customer base from 43,000 to 3.6 million. But while volumes of higher-risk activity like cross-border transactions increased,  its compliance framework failed to keep pace. Because digital-first banks prioritise fast onboarding, criminals often see them as easier entry points than traditional institutions. 

In 2024, the FCA fined the bank £29 million for serious financial crime control failures. For nearly six years, its screening systems had checked customer names against only a limited portion of the UK Consolidated List. Customers were also only screened once every 14 days — a cadence that no longer met industry expectations for an institution of its size.  

Instead of using a dedicated payment screening solution, the bank relied on its customer screening system — a tool not designed to monitor transactions. Neither screening system was formally tested at or after implementation, leaving the bank unaware of coverage or configuration gaps.  

This case shows what can happen when AML controls fail to evolve alongside business growth.

Firms should:

• Design AML systems with scalability in mind. Rapid growth without tools that scale alongside growth leads to oversight gaps.

• Use fit-for-purpose technology and test it regularly.

KYB must be ongoing and risk-based

From 2012 to 2017, a major UK retail bank failed to maintain effective AML controls, affecting more than 500,000 business banking accounts. In 2022, the FCA fined the bank £107.7 million for persistent AML failings.

At onboarding, the bank often failed to collect enough information to understand the nature of a customer’s business — leaving it unable to properly assess money laundering risk. If a customer wasn’t flagged and recorded as high risk, no checks were done to confirm their stated activities. The bank also failed to conduct periodic reviews, so its understanding of customer risk quickly became outdated.

In one prominent example, a customer opened an account as a small translation business with projected monthly deposits of £5,000. Within months, the account was receiving millions in deposits and rapidly transferring the funds elsewhere.  Although the AML team flagged the account for closure in 2014, internal gaps meant it stayed open for 18 more months.

This case shows how static or incomplete KYB processes can cause firms to miss red flags and delay critical action.

Firms should:

• Treat KYB as a continuous obligation, not a point-in-time checkbox. Reviews should be risk-based and ongoing, with controls in place to reassess customers as their behaviour changes.

• Strengthen under-resourced teams to ensure they can act quickly on identified risks.

Sanctions screening must evolve to detect indirect and hidden risk

In 2024, Operation Destabilise, a major investigation led by the UK’s National Crime Agency (NCA), uncovered a large-scale money laundering network connecting street-level crime, digital assets, and sanctions evasion.

Two Russian-speaking criminal groups, Smart and  TGR, offered professional laundering services to a broad client base that included drug traffickers, ransomware operators, sanctioned oligarchs, and Russian elites. Their model involved collecting proceeds in cash, converting them to cryptocurrency and moving funds globally through a trusted, informal network.

In one case, two individuals ran a courier operation that moved more than £12 million in just 74 days. These services enabled clients to acquire assets like UK property, fund criminal operations, and support Russian state interests. The networks operated on the same principles as hawala: an informal value transfer system based on personal trust outside the formal banking system.

This case shows how money laundering operations have become increasingly professionalised, complex, and cross-border.

Firms should:

• Ensure sanctions screening systems are robust, extending checks to include proxies, shell companies, and facilitators. 

• Strengthen transaction monitoring to detect rapid, fragmented flows — leveraging artificial intelligence (AI)-powered tools to uncover complex patterns and networked behaviour. 

AML controls must adapt to jurisdictional risk and requirements

From 2009 to 2014, a multinational bank failed to apply adequate AML controls in two areas: its correspondent banking operations and its branches in the UAE. Despite being high-risk, the bank did not implement sufficient oversight or extend UK-equivalent AML standards across its global operations. Regulators uncovered serious lapses in due diligence and ongoing monitoring — including weak oversight of correspondent banking relationships.  The bank was fined £102 million by the FCA.

In one case, a customer opened an account for a consulate in the UAE and deposited £500,000 in cash, brought in by a suitcase, without the bank verifying the source of funds or assessing the risk.  In another example, a customer exported commercial goods with potential military applications to over 75 countries, including conflict zones, without sufficient checks.

These failings demonstrate that the bank's overseas branches were not consistently collecting enough information to understand the nature and purpose of customers' activity, nor were they verifying the source of funds in accordance with UK standards, as required by the Money Laundering Regulations 2007.

This case shows how inconsistent application of AML standards across jurisdictions can expose firms to significant regulatory and reputational risks.

Firms should: 

• Align policies, procedures, and technologies with regulatory requirements, taking jurisdictional differences into account.

How Facctum can help

Across these major UK cases, common themes emerge: gaps in oversight, inconsistent risk controls, and technologies that struggle to scale or adapt.  

Facctum’s AML compliance solutions, including transaction monitoring, customer screening, watchlist management, and KYB, help firms close these gaps and respond to evolving regulatory expectations.

With scalable, auditable solutions powered by AI, Facctum helps firms build AML frameworks that are proactive and compliant.