On fines

The FCA’s £21 million fine for UK challenger bank Monzo’s historic AML failings is a valuable lesson for the startup ecosystem.

It makes it abundantly clear transaction monitoring cannot be relied on alone if there is not enough customer due diligence. And there is a broader issue. With fast start up, high growth fintech businesses, the temptation will be to trade robust onboarding for speed and scale.

What can go wrong when speed overtakes structure?

Startups will understandably be tempted to loosen onboarding processes to simplify customer acquisition. But when they do this, they risk accepting dubious customer data, for example fake addresses, unclear relationship intent or missing documentation. This will affect every control they put into place further down the line.

When firms skip or underinvest early-stage due diligence, their ability to have a clear picture of customer behaviour and intent is undermined. And without this foundation, even the most sophisticated transaction monitoring system will be unable to help.

Alongside this, risk frameworks may be undeveloped or inconsistently applied.Where risk ratings are manually assigned by staff using personal judgment, without reference to any overarching framework they may be applied inconsitently. This lack of structure makes it near impossible to build truly effective transaction monitoring rules that are based on risk levels. It will create uncertainty around what is “unusual activity,” so financial crime may go undetected for a much longer period.

Controls must work in synergy

Effective AML controls don’t exist in silos. So, if startups ease onboarding at all to accelerate growth, they must then enhance other controls to offset this added risk. KYC, risk assessments, transaction monitoring and business-wide risk assessments need to work together as an integrated system. When one element is relaxed, compensatory measures kick in elsewhere to ensure resilience.

Firms cannot view transaction monitoring as a catch all safety net. Without accurate customer data and some knowledge around customer behaviour, monitoring tools simply do not have the context they need to spot suspicious activity.

Understanding what is normal for a specific customer is key to identifying what’s unusual and this depends on the strength of onboarding and risk assessment protocols

How does Ermi support your compliance?

We designed Ermi specifically to help startups and growing firms build strong AML frameworks from day one. For early-stage firms, Ermi provides an FCA-ready transaction monitoring solution that will integrate seamlessly with your existing tools such as Excel and Google Drive. This allows for meaningful oversight without needing complex and costly implementation.

Instead of building monitoring rules in isolation, at Ermi we start with a detailed review of your product offerings and customer base. This helps at this early stage to uncover the risks inherent in your business so you can tailor rules for specific threats. Then as your firm grows and risks evolve, Ermi’s auto-updating rule engine keeps pace with you to ensure your monitoring is always as relevant and effective as possible.

To strengthen risk alignment, we also link alerts directly to onboarding data, customer profiles and expected activity. This ensures that monitoring is more than reactive, it’s predictive.

The FCA’s actions in fining Monzo is a crucial reminder that transaction monitoring, no matter how advanced, is not enough on its own. Startups must recognise that AML is a system of interdependent parts working together to ensure resilience, credibility and long-term success.

Using Ermi, firms will move transaction beyond a compliance tick box exercise and build an AML framework that matches the actual risks and reduces financial crime.

Get in touch if we can help.