EnforcementFinancial CrimeGovernance£44.1m

FCA Fines Nationwide £44.1m for Prolonged Anti-Money Laundering Control Failures

FCA Final Notice·12 Dec 2025·5 min read·13 views

This article is based on publicly available FCA sources and is provided for educational purposes only. It does not constitute legal or regulatory advice.

Overview

The FCA fined Nationwide Building Society £44.1m for serious and prolonged failures in its anti-money laundering systems and controls between October 2016 and July 2021. Internal audits repeatedly flagged the weaknesses but remediation was too slow, allowing suspicious activity to go undetected.

Nationwide Building Society

£44.1m

View FCA source

What Happened

On 12 December 2025 the FCA published its Final Notice fining Nationwide Building Society £44,078,500 — the largest FCA fine of 2025 — for inadequate anti-financial crime systems and controls maintained over a five-year period between October 2016 and July 2021. The FCA found that Nationwide operated with fundamentally flawed systems for maintaining customer due diligence and risk assessments across its entire personal current account customer base. Its transaction monitoring framework relied on narrow, retrospective rules and thresholds that were too high and not calibrated to detect evolving money laundering patterns.

In one serious case highlighted by the regulator, Nationwide missed multiple opportunities to identify a customer using personal current accounts to receive fraudulent Covid-19 furlough payments worth millions of pounds. Nationwide was aware of the weaknesses and undertook some improvement work. However the FCA concluded this was neither effective nor timely enough. The building society eventually launched a large-scale financial

crime transformation programme in July 2021 — but only after years of known deficiencies remained unaddressed. The original fine was £62.97m. Nationwide qualified for a 30% settlement discount after agreeing to resolve the matter, reducing the final penalty to £44.1m.

Why It Matters For Your Firm

This case is directly relevant to any FCA-regulated firm that relies on manual reviews, periodic checks or static monitoring rules to manage financial crime risk. The FCA has now imposed over £300m in fines on banks and building societies for AML systems and controls failures since 2021. The message is consistent: awareness of a weakness without prompt, effective remediation is itself a regulatory failure. For smaller regulated firms, the lesson is not about the scale of Nationwide's operation. It is about the underlying pattern — known issues, slow action, insufficient evidence of control, and a monitoring framework that did not evolve as risks changed. These failures occur at firms of every size. The FCA's joint executive director of enforcement, Therese Chambers, stated directly: "Nationwide failed to get a proper grip of the financial crime risks lurking within its customer base. It took too long to address its flawed systems and weak controls, meaning red flags were missed with serious consequences."

What Went Wrong

  • Customer due diligence systems were described internally as an "unsophisticated, interim solution" — and remained so for years
  • Transaction monitoring thresholds were too high, not reviewed and applied indiscriminately, meaning suspicious patterns were missed
  • Nationwide had no process for periodic or event-driven reviews of a large portion of its customer base, breaching its own policies
  • Business activity flowing through personal accounts was tolerated without appropriate financial crime controls being applied
  • Internal audits and risk papers repeatedly flagged weaknesses but remediation was not effective or timely
  • No accurate picture of which customers presented higher financial crime risk was maintained across the customer base

Lessons For Regulated SMEs

  • Knowing about a control weakness is not enough — firms must remediate promptly and apply fixes across the entire relevant customer population
  • Transaction monitoring must evolve as customer behaviour changes — static rules quickly become regulatory liabilities
  • Periodic reviews of customer due diligence must be structured, evidenced and completed on time — not left to ad hoc activity
  • Where customers use accounts in ways that create higher risk, firms need documented controls — not just a policy that prohibits it
  • Internal audit findings that identify control gaps must lead to named owners, deadlines and evidence of closure — not acknowledgement followed by delay

What Should Have Happened

  • Assign a named owner to every identified control weakness with a clear remediation deadline and evidence requirement
  • Review and recalibrate transaction monitoring thresholds regularly to reflect actual customer risk profiles and evolving patterns
  • Implement a structured programme of periodic customer due diligence reviews with documented completion evidence
  • Escalate unresolved control weaknesses to senior management and board with clear risk-impact statements
  • Test remediation actions to confirm they work in practice — not just on paper — before marking issues as resolved
  • Maintain a live record of control status, evidence coverage and outstanding remediation items accessible to compliance leadership at all times

How HIMAYA Helps

The Nationwide case illustrates exactly the problem HIMAYA was built to solve. The building society knew its controls were weak. Internal audits confirmed it. The FCA found evidence of that knowledge throughout the five-year period. What was missing was structured, continuous remediation with named owners, deadlines and evidence that issues were actually fixed. HIMAYA gives regulated firms continuous visibility over control drift — detecting when reviews are overdue, evidence is missing or remediation has stalled before these become regulatory problems. Every issue identified through ATLAS gets a named owner, an SLA deadline and a closure requirement. Nothing is marked resolved until evidence is uploaded and validated. For firms managing financial crime controls alongside other regulatory obligations, HIMAYA's monthly assurance reporting gives leadership and the board a clear, evidenced view of what is working, what is drifting and what needs immediate action — so the kind of prolonged, known but-unresolved weakness that cost Nationwide £44.1m does not quietly compound between annual reviews.

Source

https://www.fca.org.uk/news/press-releases/fca-fines-nationwide-building-society

This analysis is based on publicly available FCA enforcement information.

Share this insight:

Find out where your controls are drifting.

Book a 15-minute readiness call with HIMAYA.

Ask HIMAYA