Starling Bank has been fined £29 million by the Financial Conduct Authority (FCA) for failing to properly screen high-risk customers, leaving the bank vulnerable to financial crime.
The FCA found that the digital bank, valued at over $3 billion, breached regulations by allowing thousands of risky accounts to be opened between 2021 and 2023, despite warnings to tighten its controls.
Starling Bank is often seen as a poster child of the UK’s booming fintech sector. In 2017, it had a modest user base of just 43,000 customers. Fast-forward to 2023, and the bank boasts nearly four million users. Impressive growth, right? Absolutely, but that rapid success came with a serious downside: the infrastructure to protect against financial crime didn’t keep pace.
Here’s where it gets tricky. According to the FCA, Starling repeatedly breached its obligations by failing to properly vet high-risk customers.
The FCA’s requirements are crystal clear: banks must conduct thorough screening to ensure they’re not providing services to individuals or entities that might be involved in illegal activities. Starling’s system, unfortunately, didn’t meet the mark.
Between 2021 and 2023, Starling opened a staggering 49,000 accounts for high-risk customers, despite being under pressure from the FCA to tighten its controls. That’s the equivalent of opening more than 67 high-risk accounts every single day over those two years.
Why does this matter? High-risk accounts are a gateway for things like money laundering, terrorist financing, and fraud. Banks have a legal and moral obligation to screen these customers to keep the financial system clean. Starling’s failure to do so isn’t just a slip-up—it could have serious consequences for global financial stability.
Therese Chambers, joint executive director of enforcement at the FCA, minced no words when talking about the bank’s failures. “Starling’s financial sanction screening controls were shockingly lax. It left the financial system wide open to criminals and those subject to sanctions,” she said.
This is a stark reminder of the dangers lurking in the world of financial technology, where ease of access and customer growth can sometimes overshadow security concerns.
The FCA’s Swift Action: A New Trend?
There’s one silver lining here: the FCA acted much faster than it typically does. The investigation into Starling took 14 months to complete—a sharp contrast to the 42-month average for similar enforcement cases in the 2023/24 period. This could signal a new era of faster action from the regulator, which could be a game-changer for financial oversight in the UK.
The FCA’s decision to move quickly might be due to the scale of Starling’s customer base and the potential risk its shortcomings posed. With millions of users and rapid expansion, a lag in enforcement could have resulted in even more high-risk accounts slipping through the cracks.
Starling Bank didn’t shy away from accepting responsibility. The bank’s chairman, David Sproul, publicly apologized for the failings outlined by the FCA. He assured customers that the issues identified were “historic” and that the bank had since taken significant steps to address them.
“We have invested heavily to put things right, including strengthening our board governance and capabilities,” Sproul said. He emphasized that Starling has since completed a detailed re-screening of transactions and implemented additional safeguards to prevent such issues from happening again.
This is a pivotal moment for Starling. As a leading fintech player, how it responds to this fine and the underlying issues will likely influence not only its reputation but also the broader industry.
Sproul was keen to reassure both customers and employees that the bank’s growth strategy is now backed by a stronger risk management framework, designed to support safe and sustainable expansion.
The Bigger Picture: What Does This Mean for Fintech?
Starling isn’t the only fintech firm that’s faced scrutiny over its crime prevention measures. The challenge for fast-growing digital banks, especially those without a long legacy of traditional banking, is striking the right balance between user acquisition and regulatory compliance. As they expand, fintechs often prioritize speed and innovation, but when it comes to the world of finance, security can’t be an afterthought.
Research shows that financial crime is a growing global issue, with the UN estimating that up to 5% of global GDP—roughly $2 trillion—is laundered annually. As banks move online and adopt more digital services, the risk of facilitating financial crime increases if adequate controls aren’t in place.
A 2021 study by the UK’s National Crime Agency highlighted that fintech firms, while innovating at breakneck speed, often face greater challenges in building robust compliance systems than traditional banks.
The convenience and ease of opening accounts digitally mean that screening systems need to be more agile and technologically advanced to keep up.
The FCA’s action against Starling sends a clear message: even the fintech darlings are not immune from scrutiny. The regulator’s decision to impose a substantial fine on a major player like Starling is likely to send ripples across the industry.
Other fintechs may well take this as a warning shot. The temptation to prioritize growth over security is understandable, especially when millions of new customers are at stake. But the long-term consequences—both in terms of financial penalties and reputational damage—are too great to ignore.
As the world of banking becomes increasingly digital, expect regulators to get even tougher on compliance, and for the stakes to get higher.
