Contact
Contact

Search Ocorian
Looking down on the Southbank Centre

FCA Fines Nationwide £44m for AML failings – What This Means for Your Business

24 February, 2026
London Regulatory, Compliance & Legal Anti Money Laundering

The FCA brought the curtain down on their year with the imposition of a £44 million fine on Nationwide Building Society for significant weaknesses in its anti-money laundering (AML) controls.

The FCA also affirmed that they will have an unwavering focus on financial crime in 2026, so firms must take these warnings seriously. When you are looking to learn the lessons from the Nationwide fine and continue your focus on improving financial crime controls, it is vital to avoid the trap of maintaining a framework that is formally compliant but operationally fragile.

 

What went wrong at Nationwide?

The FCA identified key control failings, including:

  • Inadequate customer risk assessments, resulting in higher-risk customers not being consistently identified or managed appropriately; which lead to

  • Weak transaction monitoring controls, limiting the firm’s ability to detect potentially suspicious activity; and which was exacerbated by

  • Poor governance and oversight, including insufficient assurance that AML policies were operating effectively in practice

As is often the case, the FCA did not find evidence of actual money laundering.

 

Why AML frameworks fail despite significant investment

Firms rarely lack policies and procedures. Indeed, documentation is often extensive and well-articulated. But the proof of the pudding is in the eating, and we have found that many firms struggle with:

  • Controls that work initially but degrade under the stresses of volume and change

  • Risk assessments that are not dynamically reflected in operation

  • Known gaps that remain open because they sit across multiple functions

These weaknesses are more likely when firms cannot bridge the gap between framework design – how it works in practice and the outcomes it achieves.

 

Key takeaways for firms

Ultimately, if your AML framework was tested tomorrow, would it demonstrate effective risk management or just polished documentation?

With the FCA focussing on how the framework operates in practice and what outcomes it achieves, the key question is whether the framework works effectively in a live environment, and there are three indicators to think about:

  • Backlogs are not just signs of inefficiency – they are indicators of unmanaged risk

  • Long-running remediation requires demonstrable reduction of risk

  • Governance effectiveness matters as much as control design

We know that facing these questions can be uncomfortable. But it is far less uncomfortable than answering to them under regulatory scrutiny.

 

Effective AML framework assessment

Facing these uncomfortable truths begins with a review of your own framework that, critically, moves from considering individual components like transaction monitoring, CDD, or SAR processes on a standalone basis, to looking at how these elements interact to deliver good outcomes. There is no cause for cracking champagne because transaction monitoring is working well when the firm’s SAR process is strangled by weak governance.  A solid assessment needs to test frameworks horizontally, across functions.

Unsurprisingly, we also consider it critical to distinguish between control design and control effectiveness. It is difficult to do that without moving beyond a desk-based review to in-the-detail operational testing. This operational testing should embrace the above-discussed cross-function approach. Where hand offs between processes have occurred, test whether the framework has continued to function with real samples. If transaction monitoring is well calibrated and operating well, consider, for example, whether SAR protocol is building on this good work or fumbling the ball.

And key to success with such testing is being willing to challenge risk acceptance that has become normalised. Part of compliance is setting risk thresholds and building protocol around them. But these thresholds should not be chiselled in stone. Firms need to have the wisdom to accept either that they got it wrong before or simply that the landscape has changed and old approaches are becoming obsolete. In short, do not begin your assessment seeking to find a way to validate the status quo at any cost; the idea is to improve your firm even if this means material change or acceptance of mistakes.

 

Our perspective

We work with a variety of clients in this sphere, supporting models from those of the high-street bank to those of the fledgling wealth manager gathering its first customers. We know how to apply the rules to each client type, aware that a sure way to fail to operationalise a framework is if the proposed approach has not considered size and complexity of a business.

Naturally, Ocorian would like all firms to seek us out to run their review of their AML framework in action. And positively, current demand in this space is strong. But we are aware that not every firm can afford a full audit, a reality FCA messaging often fails to acknowledge. Where firms need a steer or need specialist advice on a particular pain point, we are happy to offer a flexible approach that enables them to get what they need while managing costs.

Get in touch to discuss a targeted AML review tailored to your risk exposure.

Monica Rodriguez

Layla Abdel-Spence

Related Items

View all
View all articles