Author: SteelEye
12 November 2024
Metro Bank Fine Amount: £16,675,200
Date: 12 November 2024
Violation Period: June 2016 - December 2020
Primary Violation: Transaction Monitoring
The FCA has fined Metro Bank £16.7m for failing to maintain adequate transaction monitoring systems and controls between June 2016 and December 2020. During this period, over 60 million transactions worth more than £51 billion were not properly monitored for potential money laundering activity.
Metro Bank implemented an Automated Transaction Monitoring System (ATMS) in June 2016. However, a significant technical error meant that:
Transactions made on the same day an account was opened were not monitored.
Subsequent transactions remained unmonitored until the account record was updated.
This error affected approximately 166,000 accounts and over 46.5 million transactions with a value exceeding £31.5 billion.
A key focus of the enforcement action was Metro Bank's management of "Bad Data," which led to the rejection of approximately 10.8% of all transactions—1.6 million by March 2018. The system rejected records for several reasons, including:
Missing or Incorrect Address Information: Issues with address, postcode, or residence details meant the records were rejected.
Account Records: Rejected when corresponding customer records were incomplete or unavailable.
There were several significant issues in how rejections were handled, including:
Limited Access: The team responsible for resolving rejected records could access only about one-third of the problematic entries.
Lack of Escalation Protocols: No formal process was in place to address records deemed unfixable.
Inadequate Monitoring: Rejected transactions could not be retroactively monitored, leaving gaps in oversight.
Although junior staff raised concerns as early as 2017-2018, meaningful action was not taken until late 2018.
The FCA highlighted several critical control deficiencies:
Data Completeness Oversight: No checks on data completeness were conducted between June 2016 and April 2019.
Inadequate Rejection Handling: Processes for managing rejected transaction data were insufficient.
Flawed Reconciliation: The reconciliation process remained ineffective until December 2020.
Obscured Customer Activity: Internal transactions distorted the actual volume of unmonitored customer transactions.
June 2016: ATMS system implemented.
2017-2018: Junior staff at Metro Bank raised concerns about unmonitored transactions.
April 2019: A 'timestamp' error was discovered during system upgrade testing.
July 2019: An initial fix was applied to address the issue.
December 2020: Comprehensive reconciliation process fully established.
In response to these issues, Metro Bank took the following corrective actions:
Conducted a thorough review of previously unmonitored transactions.
Filed 153 additional suspicious activity reports (SARs).
Closed 43 customer accounts linked to suspicious activity.
Strengthened data controls and revamped system architecture.
Made substantial investments in new resources and enhanced capabilities.
The FCA calculated the fine as follows:
Initial penalty amount: £23,821,700
30% reduction for early settlement: -£7,146,500
Final penalty: £16,675,200
About
LOCATIONS
United Kingdom - 5th Floor, 55 Strand, London, WC2N 5LR
United States - 600 Fifth Avenue, New York, NY 10020
Singapore - 600 North Bridge Road #23-01 Parkview Square Singapore 188778
Portugal - Av. da Liberdade 747 1ºD, 4710-251 Braga
India - No. 613, 12th Main, HAL 2nd Stage, Bangalore - 560008
STEELEYE LIMITED, A COMPANY REGISTERED IN ENGLAND AND WALES WITH COMPANY NUMBER: 10581067, VAT NUMBER: 260818307 AND REGISTERED ADDRESS AT 55 STRAND, LONDON, WC2N 5LR.