Lessons from Starling Bank’s AML fine: A wake up call for banks

by Laurence Hamilton , Chief Commercial Officer , Consilient

The FCA’s recent £41 million fine imposed on Starling Bank for “shockingly lax” AML controls highlights issues that extend beyond the financial crime department, reaching the highest levels of leadership.

While the FCA’s Final Notice focus was primarily on sanctions screening, the reality is that controls, systems, and processes throughout Starling’s financial crime department were lacking. These failures ultimately stem from leadership shortcomings, emphasizing the key role that top-level management plays in ensuring robust AML practices.

This blog post will examine the challenges challenger banks face and lessons that can benefit the entire banking sector. By examining Starling Bank’s missteps, we can gain valuable insights into the delicate balance between rapid growth and maintaining stringent compliance standards.

The challenge of launching a challenger bank

Launching a bank is complex and hard to achieve. That’s why it’s essential to understand the issues in the context of launching a new consumer and commercial bank. The challenges are considerable, especially when the new bank starts with transaction accounts in a predominantly non-fee / low-fee-based ‘free’ banking environment.

Why?

Firstly, setting up and running a ‘transaction’ bank is extraordinarily costly. The list of areas that need to be addressed is so broad:

  • 🟣Developing flexible, robust systems and controls across diverse functions.
  • 🟣Meeting stringent capital requirements and managing treasury operations.
  • 🟣Ensuring compliance with an array of regulatory obligations.
  • 🟣Implementing comprehensive risk management, including AML, fraud prevention, and credit assessment.
  • 🟣Creating compelling multi-product offerings to attract valuable customers in a market with low switching rates.

Even established banks with vast resources can stumble when venturing into new territories. Goldman Sachs‘ foray into consumer banking is a prime example. Despite their reputation, financial might, and technological capabilities, they incurred losses exceeding $3 billion in just three years. Their failure stemmed from a lack of customer understanding, an overreliance on technology, and a scatter-gun approach to product offerings. CEO David Solomon admitted, “We tried to do too much, too quickly.” 

While banks primarily generate revenue by leveraging customer deposits—making rapid customer acquisition a top priority—this pressure to grow quickly can overshadow equally critical aspects in areas like compliance and risk management

As pointed out in the FT, Starling Bank grew from nothing in 2016 to 3.16mn customers and £452.8mn in revenue by its 2023 year-end. However, by focusing on new customer growth, it left a gaping hole in its AML compliance systems. 

“Starling’s financial sanction screening controls were shockingly lax,” said Therese Chambers, FCA’s Joint Executive Director of Enforcement and Market Oversight, in a press release. 

“It left the financial system wide open to criminals and those subject to sanctions. It compounded this by failing to properly comply with FCA requirements it had agreed to, which were put in place to lower the risk of Starling facilitating financial crime.”

With this in mind, let’s take a closer look at the key issues identified by the FCA. 

Key issues identified by the FCA

The FCA’s notice highlighted several critical shortcomings in Starling Bank’s operations, providing valuable insights for the entire banking sector:

#1. Senior management skills

The bank struggled to recruit and retain individuals with the right skills and experience. While recruiting the right talent is hard—some people can be fantastic in interviews and drop all the right buzzwords but behind the veneer, lack experience—the talent in the organization was lacking and this was a significant factor in its shortcomings.

#2. Poor systems, tools and controls

The bank’s infrastructure failed to effectively identify and manage risks. Procedures were not followed or properly set up. Systems were not able to adequately identify risk. Clients were accepted for new accounts even though they had previously been subject to SARs. 

#3. Poor oversight and accountability

The Notice states that roles and responsibilities were unclear, leading to gaps in oversight and a lack of challenge across all defence lines.  People need to be empowered, resourced and then held accountable. All lines of defence didn’t adopt the right level of challenge and focus. Partially down to a lack of clear ownership. 

#4. Underinvestment in compliance

Perhaps most critical of all, the financial crime unit was under-resourced, both in terms of personnel and technology. The systems were not sophisticated, and flexible enough to be adapted and effective. This reflects a common challenge for growing banks: balancing investment in revenue-generating activities with essential risk management functions.

#5. A lack of Management Information (MI)

A bank marches on its MI, it is the key informer for decision making and understanding what is actually happening. While data was collected, it wasn’t effectively analyzed or acted upon. This shows the importance of not just gathering MI, but having the skills to interpret it critically and use it to drive decision-making.

#6. Leadership 

At its core, these issues stem from leadership that didn’t prioritize financial crime prevention. This serves as a frank reminder that compliance and risk management must be championed at the highest levels of an organization.

FCA guidance for new banks: Setting the bar for compliance

In April 2022, the Financial Conduct Authority (FCA) published a review of new and challenger banks, providing crucial insights into their expectations for financial crime controls. This guidance serves as a roadmap for emerging financial institutions and a reminder for established ones. The key points emphasized by the FCA include:

#1. Scalable financial crime controls: As banks grow, their financial crime prevention measures must keep pace. Resources, processes, and technology should be commensurate with the bank’s expansion to ensure robust protection against evolving threats.

#2. Continuous adaptation: Financial crime controls cannot be static. Banks must continuously evaluate and enhance their systems to ensure they remain fit for purpose as the business develops and grows. This requires ongoing investment and a culture of vigilance.

#3. Effective alert management: The FCA highlighted inadequacies in how banks manage transaction monitoring alerts. They stressed the need for consistent and thorough rationales when discounting alerts, ensuring that potential risks are not overlooked due to poor processes or hasty decision-making.

The FCA expects all banks, regardless of their size or stage of development, to maintain high standards in financial crime prevention. They emphasize that compliance is not a one-time achievement but an ongoing process that requires constant attention and investment.

For challenger banks, these requirements present both a challenge and an opportunity. While meeting these standards requires significant resources and expertise, it also provides a framework for building robust systems from the ground up, potentially avoiding the legacy issues that often plague more established institutions.

Let’s look at how this can be achieved.

Solving the challenge for challengers: a strategic approach

While the hurdles facing challenger banks are significant, they are not insurmountable. By adopting a strategic approach to compliance and risk management, banks can turn these challenges into opportunities for differentiation and long-term success. 

Here are the key areas of focus:

1. Resource, processes and technology

As you know, setting up a bank or venturing into new territories is challenging. The focus is often on market share, product differentiation, marketing, and growth. Financial crime prevention, however, is rarely considered a key driver for a CEO when launching a bank or new offering. 

The problem is, financial crime units are not income drivers. Therefore, they often fall behind other areas for investment. In fact, it has been known for CEOs to relax controls to drive customer growth, only to search for scapegoats when problems arise.

Companies spend billions of dollars building, buying, and implementing core banking systems. With any new system comes implementation challenges and learning curves.There’s often an underestimation of the manual effort required to run these systems and their output effectively, leading to unrealistic budgets. Recruitment is another issue, where impressive resumes and confident interviewees may actually lack the experience or forward-looking capabilities they claim. 

To address these challenges, banks should invest properly in systems and controls that help prevent financial crime. It’s crucial to look beyond existing known technology and carry out proper market due diligence. Employ talent that is truly up to the task and ensure that CFOs and budget holders set realistic budgets with contingencies. 

2. Fit for purpose financial crime controls

New banks start at a disadvantage. From the outset, they have no customer outcome data to build effective automated systems. They can only rely on ‘expert’ systems and knowledge rather than empirical data. Generally, tried and trusted heuristic rules-based systems are deployed, but these rules are well-known and easily circumvented, often creating enormous amounts of false positives.

While credit risk and lending banks can draw upon credit reference agencies to understand behaviors and outcomes of potential customers, such data is not available for financial crime prevention. However, new technologies such as AI Federated Learning can advance new banks’ systems and processes far quicker than ever before. Federated Learning allows a new bank to draw upon the experience of organizations with established strong financial crime controls, utilizing known suspicious outcomes to identify suspicious activity patterns in the new bank’s customer transactions.

3. False alerts and consistent reviews

Transaction monitoring systems often generate enormous amounts of alerts that, if fully investigated, would require unsustainable resources. With over 95% of all alerts being false positives, new banks without a history of good vs. bad outcomes need ways to reduce the noise.

New banks, purporting to be technologically advanced, need to adopt new technology for financial crime prevention. The old ways, for new banks without experience, put them in a doubly difficult situation. Without data and outcome history, in-house machine learning models are very difficult to build. AI Federated Learning provides a step forward by offering pre-trained models that are easily deployable without the need for historical data. In tests, AI Federated Learning has proven to improve detection rates by up to 300% while reducing false positive alert investigations by 75%.

Redefining financial crime compliance for the digital age

Challenger banks don’t need to invest more in financial crime compliance and detection. Instead, banks need to deploy capital in smarter ways. They should ensure that being new is not an encumbrance but a benefit. First, get employees with the right experience and forward-thinking attitude that reflects the ethos of challenger banks. The clue is in the word ‘challenger’.

Next, think creatively about the problem. Don’t just walk the well-trodden path. Explore new technologies, such as AI Federated Learning, to protect against falling into the legacy traps that older banks have to deal with. By doing so, challenger banks can build robust, efficient financial crime prevention systems that support their growth while meeting regulatory requirements.

Finally and importantly it has to be part of the CEO and leadership highest priorities and reported appropriately and consistently. 

Media Contact Email: enquiry@consilient.com

October 10, 2024 | Blog