On 12 December 2025, the FCA imposed a £44 million fine on Nationwide Building Society for what it described as serious deficiencies in its anti-financial crime systems and controls, exposing the institution to significant money laundering risks.
Background
Between October 2016 and July 2021, Nationwide operated with fundamentally flawed systems for maintaining customer due diligence and risk assessments across its personal current account base. The building society's transaction monitoring was similarly deficient, creating substantial gaps in its ability to detect and prevent financial crime.
The deficiencies in Nationwide's customer risk assessment framework were stark. At the start of the relevant period, the building society's system for individually risk assessing customers was described as an "unsophisticated, interim solution". Unless customers fell into certain very limited categories, such as having been charged or convicted of a financial crime, they were automatically classified as standard risk. Following improvements to the risk assessment tool after the relevant period, the number of customers assessed as high risk increased from 2,000 to 18,000.
Nationwide further failed to implement adequate periodic and event-driven reviews of customer relationships. Despite internal policies mandating periodic reviews at defined intervals based on customer risk ratings, Nationwide lacked appropriate systems to give effect to these requirements for a substantial proportion of its customer base. For the majority of the relevant period, and in breach of its own policies, Nationwide had no process for undertaking either periodic or event-driven reviews of customers not already assessed as high risk. The absence of these controls throughout the relevant period materially prolonged the time required for existing customer relationships to be reviewed.
A critical weakness also arose from Nationwide's awareness that customers were using personal accounts for business purposes, breaching its terms and conditions. Without business current account offerings, Nationwide lacked appropriate processes to manage the heightened financial crime risks associated with such activity.
These systemic failures prevented Nationwide from effectively identifying, assessing, monitoring or managing money laundering risks amongst its personal current account holders. The building society could not accurately determine which customers presented elevated risks, fundamentally undermining its regulatory obligations.
In one egregious case, Nationwide failed to identify a customer exploiting personal accounts to receive fraudulent COVID furlough payments. Over 13 months, this customer received 24 payments totalling £27.3 million, with £26.01 million deposited within just eight days. Whilst HMRC recovered £26.5 million, approximately £800,000 remains unrecovered; a direct loss attributable to Nationwide's control failures.
Nationwide was aware of these weaknesses and initiated remedial efforts but failed to address deficiencies with adequate urgency, allowing vulnerabilities to persist unacceptably. A comprehensive financial crime transformation programme eventually commenced in July 2021.
Comment
In calculating the penalty, the FCA applied its standard five-step framework. At Step 2, the regulator determined that 15% of Nationwide's relevant revenue of £1.66 billion produced a figure of £248.9 million. However, the FCA exercised its discretion under DEPP 6.5.3(3)G to reduce this figure, concluding that such a penalty would be "disproportionately high for the breaches concerned". The Step 2 figure was accordingly reduced to £57.2 million, representing a reduction of precisely 77%.
The Final Notice provides no detailed reasoning for this adjustment beyond a reference to "previous cases". In 2022, Santander received a fine of £107 million for AML failings (in relation to business banking) and did not benefit from a proportionality adjustment. In contrast, in 2017, Deutsche Bank was fined £163 million but benefitted from an 88.5% proportionality reduction. In each case, seriousness was deemed to be level 4.
The case does demonstrate the FCA's continuing focus on AML and financial crime. Although the FCA increasingly uses supervisory tools such as skilled person reviews and the imposition of requirements on firms, the FCA continues to take enforcement action against some large or high profile firms or where it deems failings to be particularly egregious.