A delayed response to known control weaknesses has culminated in one of the FCA’s most significant recent AML penalties against a UK retail institution.
The UK’s Financial Conduct Authority has fined Nationwide Building Society £44.1m after finding serious and prolonged weaknesses in its anti-money laundering and financial crime controls, including failures that allowed millions of pounds in fraudulent Covid support payments to pass through personal current accounts unchecked.
The penalty, announced on December 12, relates to deficiencies in Nationwide’s systems and controls between October 2016 and July 2021, a period in which the regulator concluded the mutual was unable to “effectively identify, assess, monitor or manage” money laundering risks across its personal current account customer base nationwide-building-society-2025.
Nationwide would have been fined £62.97m but it agreed to resolve these matters and so qualified for a 30% discount under the FCA’s processes. Since 2021, the FCA has imposed 13 fines – totalling £300.7m – on banks for anti-money laundering systems and controls failings.
At the heart of the FCA’s a case is the building society’s failure to maintain up-to-date customer due diligence and risk assessments, alongside ineffective transaction monitoring that was not calibrated to detect higher-risk activity as customer behaviour changed over time.
Business activity through personal accounts
A key aggravating factor was Nationwide’s handling of customers using personal current accounts for business purposes, despite the firm not offering SME current accounts during the period and explicitly prohibiting such use in its terms and conditions.
The FCA noted that the financial crime risk profile of business customers is materially different from that of retail customers and ordinarily requires additional controls. Yet Nationwide “failed to address in an effective or timely way” the risks created by business activity flowing through personal accounts, creating what the regulator described as “a particularly high risk” cohort of customers nationwide-building-society-2025.
Internal audits and risk papers repeatedly flagged the issue, but the FCA found that Nationwide lacked the operational capability and guidance to investigate and manage such accounts properly. As a result, “unusual or suspicious activity could remain undetected and not reported when appropriate” to law enforcement nationwide-building-society-2025.
Transaction monitoring gaps
The FCA’s Final Notice is particularly critical of Nationwide’s transaction monitoring framework, which it says relied on narrow, retrospective rules and high thresholds that failed to reflect evolving money laundering typologies.
An internal assessment in early 2021 rated the building society’s transaction monitoring as needing “significant improvement”, while a subsequent MLRO report concluded that the rules in place provided “only partial coverage of risks and money laundering typologies that Nationwide is exposed to” nationwide-building-society-2025.
The regulator found that, even by the end of the relevant period, Nationwide still lacked fully effective systems for ensuring customer information remained current, monitoring relationships on a risk-sensitive basis, and scrutinising transactions against what it knew about its customers nationwide-building-society-2025.
Covid fraud case
The weaknesses had tangible consequences. In one of the most serious examples cited, Nationwide failed to identify a customer using personal current accounts to receive fraudulent Covid furlough payments.
Over a 13-month period, the customer received 24 payments totalling £27.36m, including £26.01m deposited over just eight days. While HMRC was able to recover the majority of the funds, around £800,000 remains unrecovered, according to the FCA.
The regulator concluded that Nationwide missed multiple opportunities to identify and escalate the activity earlier, despite the scale and velocity of the transactions.
“Took too long to fix known weaknesses”
Therese Chambers, joint executive director of enforcement and market oversight at the FCA, said Nationwide “failed to get a proper grip of the financial crime risks lurking within its customer base”, adding that the firm “took too long to address its flawed systems and weak controls”.
The FCA acknowledged that Nationwide cooperated with the investigation and has since invested heavily in remediation, including launching a large-scale financial crime transformation programme in mid-2021. These steps reduced the penalty by 30% under the FCA’s settlement discount, bringing the final fine to £44.1m.
However, the regulator stressed that cooperation is an expectation, not a mitigating factor, and that the firm “was aware, or ought to have been aware, of the importance of establishing, implementing and maintaining adequate AML systems and controls” throughout the period in question nationwide-building-society-2025.
Wider regulatory signal
The enforcement action is one of the FCA’s most significant AML penalties against a UK retail banking institution in recent years and sends a clear message to banks and building societies as scrutiny of transaction monitoring effectiveness, customer risk profiling and pandemic-era fraud continues to intensify.
For payment and banking providers, the case underscores the regulatory expectation that firms must adapt controls as customer behaviour evolves, even where activity falls outside a firm’s formal product set.
As the FCA warned in its Final Notice, tolerating higher-risk activity does not dilute regulatory obligations. Firms must still ensure their systems are “comprehensive and proportionate to the nature, scale and complexity” of the risks they choose to carry nationwide-building-society-2025.