FCA Fines Nationwide £44.1m for Prolonged Anti-Money Laundering Control Failures
This article is based on publicly available FCA sources and is provided for educational purposes only. It does not constitute legal or regulatory advice.
The FCA fined Nationwide Building Society £44.1m for serious and prolonged failures in its anti-money laundering systems and controls between October 2016 and July 2021. Internal audits repeatedly flagged the weaknesses but remediation was too slow, allowing suspicious activity to go undetected.
On 12 December 2025 the FCA published its Final Notice fining Nationwide Building Society £44,078,500 — the largest FCA fine of 2025 — for inadequate anti-financial crime systems and controls maintained over a five-year period between October 2016 and July 2021. The FCA found that Nationwide operated with fundamentally flawed systems for maintaining customer due diligence and risk assessments across its entire personal current account customer base. Its transaction monitoring framework relied on narrow, retrospective rules and thresholds that were too high and not calibrated to detect evolving money laundering patterns.
In one serious case highlighted by the regulator, Nationwide missed multiple opportunities to identify a customer using personal current accounts to receive fraudulent Covid-19 furlough payments worth millions of pounds. Nationwide was aware of the weaknesses and undertook some improvement work. However the FCA concluded this was neither effective nor timely enough. The building society eventually launched a large-scale financial
crime transformation programme in July 2021 — but only after years of known deficiencies remained unaddressed. The original fine was £62.97m. Nationwide qualified for a 30% settlement discount after agreeing to resolve the matter, reducing the final penalty to £44.1m.
- Customer due diligence systems were described internally as an "unsophisticated, interim solution" — and remained so for years
- Transaction monitoring thresholds were too high, not reviewed and applied indiscriminately, meaning suspicious patterns were missed
- Nationwide had no process for periodic or event-driven reviews of a large portion of its customer base, breaching its own policies
- Business activity flowing through personal accounts was tolerated without appropriate financial crime controls being applied
- Internal audits and risk papers repeatedly flagged weaknesses but remediation was not effective or timely
- No accurate picture of which customers presented higher financial crime risk was maintained across the customer base
- Knowing about a control weakness is not enough — firms must remediate promptly and apply fixes across the entire relevant customer population
- Transaction monitoring must evolve as customer behaviour changes — static rules quickly become regulatory liabilities
- Periodic reviews of customer due diligence must be structured, evidenced and completed on time — not left to ad hoc activity
- Where customers use accounts in ways that create higher risk, firms need documented controls — not just a policy that prohibits it
- Internal audit findings that identify control gaps must lead to named owners, deadlines and evidence of closure — not acknowledgement followed by delay
This analysis is based on publicly available FCA enforcement information.