The £124 Million Wake-Up Call: Why the FCA Is Done Waiting and What AI Compliance Actually Looks Like in 2026

Someone opened a Monzo account using Buckingham Palace as their home address.

Not as a joke. Not as a stress test. As an actual customer onboarding. The account was approved. The person was welcomed to Monzo. Nobody flagged it.

That detail — buried in the FCA's enforcement notice from July 2025 — tells you everything you need to know about the state of anti-money laundering compliance in British financial services. Not the glossy conference version. Not the "we take our obligations extremely seriously" press release version. The real version. The one where a neobank valued at billions lets someone register with the literal home of the King of England and nobody blinks.

The FCA blinked. And it cost Monzo twenty-one million pounds.

The Year the FCA Stopped Being Patient

2025 was the year the Financial Conduct Authority decided that polite letters and supervisory visits were not working.

The numbers are stark. The FCA imposed over £124 million in fines during 2025, with anti-money laundering and financial crime failures as the dominant theme. Five separate enforcement notices targeted AML controls specifically — more than any other category.

The headline cases read like a who's who of British banking:

Nationwide Building Society: £44 million. The UK's largest building society was fined for wide-scale failings in maintaining up-to-date Customer Due Diligence. In plain English: they did not know enough about their own customers. The systems that were supposed to keep records current had fallen behind, and nobody had caught it until the regulator came knocking.

Barclays: £39.3 million. One of the world's most recognisable banks was fined for failing to properly identify, assess, or mitigate money laundering risks within a longstanding corporate banking relationship. The FCA concluded that Barclays had not done enough to understand who it was doing business with — or what that business involved.

Monzo: £21.1 million. The fintech darling. The poster child for digital banking. Fined because its rapid customer growth — the very thing investors celebrated — had outpaced the maturity of its compliance infrastructure. Between 2018 and 2022, Monzo opened over 34,000 high-risk customer accounts in direct violation of FCA requirements. The Buckingham Palace address was just the most colourful example of a systemic problem.

And the FCA is not slowing down. The 2026 total already stands at £15.7 million and counting, with the regulator making clear that enforcement is now its primary tool for driving behaviour change.

Why Compliance Is Broken

Here is the uncomfortable truth that most compliance professionals already know but rarely say publicly: the traditional approach to anti-money laundering does not work.

Not "could be improved." Not "needs updating." Does not work.

The model that most financial institutions still rely on was designed in the 1990s. It assumes that you can detect financial crime by running customer names against sanctions lists, setting transaction thresholds, and training staff to spot suspicious patterns. It was built for a world of branch banking, paper forms, and wire transfers that took three days to clear.

That world no longer exists.

Today, a customer can open a bank account in four minutes from their phone. Payments settle in seconds. Cryptocurrency transactions move across borders without touching a single regulated institution. Criminal enterprises operate with the sophistication of multinational corporations — because that is what they are.

ComplyAdvantage's State of Financial Crime 2026 report puts a number on it: transnational crime revenue now reaches up to $16.2 trillion annually. That makes the global criminal economy roughly the size of China's GDP. These are not petty criminals stuffing cash into suitcases. These are professionalised, technology-enabled networks that move money faster than compliance teams can flag it.

And the compliance teams? They are drowning.

The average AML compliance operation spends the majority of its time on false positives — alerts that look suspicious but are not. Legacy screening systems generate vast numbers of these because they rely on crude matching rules. A name that partially matches a sanctions list. A transaction that exceeds an arbitrary threshold. A country of origin that appears on a risk list.

Each alert must be manually reviewed by a human analyst. Most are cleared as false positives within minutes. But those minutes add up. Across the industry, compliance teams spend between 60% and 80% of their time investigating alerts that turn out to be nothing — while the real risks slip through the gaps.

That is how someone opens an account at Buckingham Palace. Not because nobody cares. Because the people who care are buried under thousands of meaningless alerts, reviewing them one by one, in systems built for a different era.

The New Threat Landscape

The criminals have upgraded. The question is whether compliance has kept pace.

Three trends are reshaping the financial crime landscape in 2026, according to the State of Financial Crime report:

Cybercrime is the top concern. 54% of compliance decision-makers now rank cyber-enabled financial crime as their greatest exposure. This includes everything from APP fraud (where victims are tricked into authorising payments to criminals) to AI-generated deepfakes used for identity fraud. The tools that criminals use are getting better at the same pace as the tools used to stop them.

Organised crime is professionalising. 37% of firms highlight organised crime as a growing threat. Criminal networks now operate dedicated money laundering departments, hire compliance experts to help them evade detection, and use AI tools to optimise their operations. The irony is not lost on the industry.

Stablecoins and crypto are creating new blind spots. Stablecoin transaction volumes reached $9.8 trillion in 2025, and 61% of firms are now prioritising real-time monitoring capabilities to keep pace. Traditional transaction monitoring was designed for bank transfers that take hours or days. Crypto transactions settle in minutes or seconds. The monitoring has to match the speed of the money.

How AI Is Actually Changing Compliance

This is where the story shifts from "everything is broken" to "here is what is being built to fix it."

AI in compliance is not new. Banks have been using machine learning for fraud detection for years. But the current generation of tools — what the industry is calling "agentic AI" — represents a genuine step change.

The difference is autonomy. Traditional AI in compliance works like a filter: data goes in, alerts come out, humans review every single one. Agentic AI works more like an analyst: it receives an alert, gathers additional context, makes a risk assessment, and either resolves the case or escalates it to a human — with a full explanation of its reasoning.

This matters because the bottleneck in compliance has never been detection. The systems catch plenty of suspicious activity. The bottleneck is resolution — the human review of every alert. Agentic AI breaks that bottleneck by handling the straightforward cases automatically and routing only the genuinely complex ones to human experts.

The numbers from firms using this approach are striking: 65-85% of routine cases resolved without human intervention. 85-90% productivity gains for junior analysts. Human experts freed up to focus on the cases that actually require human judgment.

93% of businesses surveyed in the State of Financial Crime 2026 report are now using some form of AI for AML customer screening. 87% are using it for transaction monitoring. This is no longer experimental. It is the new baseline.

ComplyAdvantage: What It Actually Does

ComplyAdvantage is the company that publishes that State of Financial Crime report, and they are also one of the tools driving the shift to AI-native compliance. Let us look at what they have built.

Founded in 2014 by Charles Delingpole in London, ComplyAdvantage has raised $158 million from investors including Andreessen Horowitz and Goldman Sachs. They serve over 3,000 enterprises across 75 countries and employ 474 people. In March 2026, they were ranked number 25 in the Chartis Financial Crime and Compliance 50, and their AML solution was named a Leader in the G2 Grid Report.

The core product is Mesh, launched in October 2025. Mesh is a cloud-based platform that unifies four things that most organisations handle separately:

Customer screening. When a new customer signs up — or an existing customer's circumstances change — Mesh screens them against sanctions lists, politically exposed persons databases, adverse media, and watchlists in real time. Not once a day. Not in a batch overnight. In real time, as the data changes.

Transaction monitoring. Every payment, transfer, and transaction is analysed against risk rules and behavioural patterns. The system learns what "normal" looks like for each customer and flags deviations. Critically, it does this across payment types — traditional bank transfers, instant payments, and crypto transactions through the same platform.

Risk scoring. Instead of binary "suspicious/not suspicious" flags, Mesh assigns nuanced risk scores that consider dozens of factors: jurisdiction, business type, transaction patterns, network connections, adverse media mentions, and more. This means compliance teams can prioritise their time on the highest-risk cases rather than working through alerts in order.

Agentic case remediation. This is the headline feature. Mesh's AI agents work around the clock to review and resolve low-risk alerts — the ones that would otherwise consume the majority of an analyst's day. The agent gathers context, applies rules, documents its reasoning, and either closes the case or passes it to a human with a clear explanation of why.

The combined effect, according to ComplyAdvantage's published data: up to 95% of AML reviews automated, onboarding times cut by 50%, false positives reduced by 70%, and teams handling 7x more work with the same headcount.

Those numbers deserve scrutiny, and they will get it from regulators and auditors. But the direction is clear. The question is no longer whether AI will handle the bulk of compliance work — it is how quickly the transition happens.

The UK Context: What You Need to Know

If you are running a business in the UK that touches financial services — and that includes fintechs, payment processors, crypto exchanges, lending platforms, estate agents, accountants, and legal firms — the regulatory landscape is shifting underneath you.

The Economic Crime and Corporate Transparency Act 2023 expanded the scope of money laundering regulations and introduced new offences for companies that fail to prevent fraud. The FCA's enforcement actions in 2025 signal a clear intent to use that expanded authority.

Key things to understand:

The FCA is targeting systems, not just outcomes. The Nationwide and Barclays fines were not for specific instances of money laundering. They were for having inadequate systems and controls — even if those systems had not yet resulted in a specific crime being facilitated. The message is clear: waiting until something goes wrong is not a defence.

Growth does not excuse compliance gaps. The Monzo fine is the cautionary tale for every scaling fintech and startup. Growing fast? Congratulations. But your compliance infrastructure needs to grow at the same pace. The FCA explicitly noted that Monzo's rapid customer acquisition had outstripped its compliance capabilities.

SMBs are not exempt. While the headline fines target large institutions, the FCA's broader supervisory approach extends to smaller firms. Accountancy practices, estate agencies, and smaller financial services firms all have AML obligations under the Money Laundering Regulations 2017 — and the FCA and HMRC are increasingly willing to enforce them.

Who Actually Needs a Tool Like ComplyAdvantage?

Let us be direct about this. ComplyAdvantage is an enterprise tool with enterprise pricing. It is not designed for a five-person startup.

If you are a regulated financial institution — a bank, a payment processor, a lending platform, an investment firm — and you are still running AML on legacy systems with manual review workflows, you are exposed. The FCA fines from 2025 make the cost of inaction clear. ComplyAdvantage, Napier AI, and similar platforms represent the current state of the art.

If you are a scaling fintech — growing fast, onboarding customers at pace — the Monzo case should be pinned to your office wall. Your compliance infrastructure needs to scale with your customer base, not lag behind it. Tools like ComplyAdvantage allow you to automate the routine screening and focus human expertise on the hard cases.

If you are in professional services — legal, accountancy, estate agency — with AML obligations, you may not need the full Mesh platform. But you do need to understand that the regulatory expectation is moving from "reasonable steps" to "effective systems." The bar is rising.

If none of the above applies to you, this article is still worth sharing with anyone you know in financial services. Because the compliance landscape in 2026 is not what it was in 2020, and the cost of not keeping up is no longer theoretical. It is £124 million and counting.

The Verdict

The financial crime compliance industry is in the middle of a generational shift. The old model — manual reviews, crude rule-based screening, reactive investigation — is being replaced by AI-driven, real-time, agentic systems that can handle the volume and speed of modern financial services.

ComplyAdvantage is one of the companies leading that shift. Their Mesh platform represents a credible, well-funded attempt to rebuild compliance from the ground up — AI-native rather than AI-bolted-on. The partnership with Sumsub, the Chartis FCC50 ranking, and the G2 Leader designation all suggest the market agrees.

But the bigger story is not about one company. It is about an industry that has been fined £124 million in a single year being told, in no uncertain terms, that the old way of doing things is no longer acceptable. The FCA is not asking firms to adopt better technology. It is fining them when they do not.

The tools exist. The data proves they work. The regulator has made the consequences of inaction explicit.

The only question left is whether your compliance team is using them — or still approving accounts at Buckingham Palace.