Greg Kilminster
Head of Product - Content
Starling Bank fined for anti-money laundering lapses
Starling Bank has been fined £28.96 million by the Financial Conduct Authority (FCA) for significant failures in its anti-money laundering (AML) and financial sanctions controls. The penalty, which was reduced from £40.96 million following Starling’s agreement to an early settlement, reflects the bank’s inability to manage the risks of financial crime during its rapid expansion from 2016 to 2023. The fine comes just a month after the Competition and Markets Authority (CMA) issued a letter to Starling Bank regarding their non-compliance with Part 3 of the Retail Banking Market Investigation Order 2017 (Order).
Some context
Since its launch in 2016, Starling has grown significantly, reaching 3.6 million customers by 2023 and generating revenues of £452.8 million. However, this growth outpaced its development of adequate financial crime controls. The FCA first raised concerns in 2021 during its review of challenger banks’ AML frameworks. Starling responded by implementing an AML Enhancement Plan, but the FCA found that the bank did not fully comply with its voluntary restrictions, known as the VREQ, which were designed to limit its exposure to high-risk customers while its controls were improved.
Key takeaways
Breach of regulatory restrictions
Between 2021 and 2023, Starling opened 54,359 accounts for 49,183 high or higher-risk customers, in direct breach of the VREQ. The FCA noted that Starling failed to monitor its compliance with these restrictions, leading to serious lapses in the bank’s AML controls during a critical period of its expansion.
Failures in sanctions screening
In January 2023, Starling discovered that its sanctions screening system had been ineffective since its introduction in 2017, as it had only been checking a fraction of customer names against the UK’s Consolidated List of sanctioned individuals and entities. While Starling took immediate action to address this issue, a subsequent review revealed wider systemic problems in its financial sanctions framework, including poor risk assessments and a lack of monitoring information.
Principle 3 violation
The FCA determined that Starling had breached Principle 3 of the regulator’s Principles for Businesses, which requires firms to have adequate risk management systems. Starling’s failures in its AML and sanctions controls were deemed to be a serious breach of this obligation.
Remediation efforts
Since the discovery of these failings, Starling has undertaken significant remediation measures. This has included reviewing all accounts opened in breach of the VREQ, conducting a historic review of financial sanctions screening, enhancing internal oversight, and increasing its financial crime compliance resources. These efforts have led to third-party verification of Starling’s sanctions screening systems, which are now deemed to be functioning effectively.
Next steps
While Starling has made strides in addressing its past failings, the substantial penalty confirms the FCA’s commitment to holding firms accountable for financial crime control failures, particularly in a rapidly evolving regulatory environment.
Click here to read the full RegInsight on CUBE’s RegPlatform
Basel progress update
Member jurisdictions of the Basel Committee on Banking Supervision have made notable progress in implementing the final elements of the Basel III regulatory framework. According to the Committee's latest progress update, published on 2 October 2024, more than two-thirds of member jurisdictions have finalised the necessary rules, with over a third already enforcing them.
Some context
The Basel III framework, introduced in response to the 2008 global financial crisis, sets out comprehensive reforms aimed at strengthening the regulation, supervision, and risk management of banks. These reforms are designed to improve banks' ability to absorb shocks and enhance the overall stability of the global financial system.
The final elements of Basel III, released in December 2017, include updated standards for credit risk, market risk, and operational risk, along with an output floor that limits the variability of risk-weighted assets calculated using internal models. The implementation date for these reforms was initially set for 1 January 2023, following a decision by the Basel Committee’s oversight body, the Governors and Heads of Supervision (GHOS), in March 2020.
Key takeaways
Progress in implementation
Over the past year, roughly half of the Basel Committee’s 27 member jurisdictions have published final rules for the revised standards covering credit, market, and operational risks, as well as the output floor. As of September 2024, more than two-thirds of member jurisdictions have adopted these rules, and over a third have already enforced them within their banking sectors.
Monitoring and oversight
The Basel Committee remains committed to ensuring the full and consistent implementation of Basel III standards across member jurisdictions. The latest update includes a monitoring dashboard, which tracks the progress of individual jurisdictions in adopting the standards, offering transparency to stakeholders and reinforcing the Committee’s ongoing supervisory role.
Importance of a robust framework
The renewed focus on swift and consistent implementation reflects the financial shocks experienced by global markets in recent years. These events underscored the need for a strong global regulatory framework to ensure the resilience of banks and maintain financial stability.
Next steps
The Basel Committee will continue to monitor the implementation of Basel III reforms. The Committee remains focused on ensuring that all member jurisdictions meet the expectation of full and consistent adoption of the standards as soon as possible.
With financial stability at the forefront, the Committee's efforts will play a key role in reinforcing the resilience of the global banking system amidst ongoing market challenges.
Click here to read the full RegInsight on CUBE’s RegPlatform
New £85,000 cap confirmed for APP scam reimbursements
The UK’s Payment Systems Regulator (PSR) has confirmed that the maximum reimbursement for victims of authorised push payment (APP) scams via Faster Payments will be set at £85,000 per claim, effective from 7 October 2024. This new limit will, it is claimed, ensure 99.8% of APP scam cases by volume and 90% by value are fully reimbursed, providing protection for consumers while balancing prudential risks for payment service providers (PSPs).
Some context
The decision follows a consultation that began in September 2024, which proposed reducing the maximum reimbursement cap from £415,000—initially set in December 2023—to £85,000. This revision came after feedback from industry stakeholders who raised concerns about the potential financial impact of the higher limit on PSPs, including risks to solvency and long-term investor confidence. These concerns prompted the regulator to reassess the earlier cap, with a focus on maintaining consumer protections without stifling innovation or competition within the UK payments sector.
Key takeaways
Maximum reimbursement set at £85,000
The new limit will apply to claims under the Faster Payments system and aligns with the Financial Services Compensation Scheme (FSCS) deposit protection limit. While this cap will not automatically track any future changes to the FSCS limit, any adjustments will be considered during the PSR’s regular review process.
Impact on consumers and PSPs
The £85,000 cap ensures that the vast majority of APP scam victims will be reimbursed in full, covering most cases by both volume and value. The cap also aims to mitigate potential risks to PSPs' financial health, which could, in turn, have affect their ability to innovate and compete in the payments market. The Bank of England, which operates the CHAPS system, has also set the same reimbursement limit for CHAPS APP scams.
Policy rationale and stakeholder feedback
The PSR’s decision reflects the need to strike a balance between protecting consumers and supporting the long-term sustainability of PSPs. During the consultation, 147 responses were received, with many stakeholders favouring a lower cap to manage PSPs' exposure to fraud-related liabilities. The regulator also emphasised that maintaining a consistent reimbursement limit across different payment systems (Faster Payments and CHAPS) would provide clarity and fairness for consumers and the industry alike.
Next steps
The PSR has committed to reviewing the cap and the overall reimbursement scheme after 12 months of implementation, ensuring it remains fit for purpose. This review will consider any emerging fraud trends and the scheme's impact on PSPs' anti-fraud measures. The Bank of England will also review the CHAPS cap next year.
As the 7 October 2024 implementation date approaches, PSPs are under pressure to ensure their fraud detection and prevention systems are up to standard. Both the PSR and the Bank of England will continue to monitor the effectiveness of the cap and make adjustments as necessary to ensure the scheme remains effective and proportionate in the years to come.
Click here to read the full RegInsight on CUBE’s RegPlatform
New powers for UK banks
The UK government has published the final draft of legislation that will allow payment service providers to slow down the processing of outbound payments when there are reasonable grounds to suspect fraud or dishonesty.
The proposed legislation will extend the current payment delay window by 72 hours, allowing banks more time to identify and prevent fraudulent transactions.
Protecting consumers from scammers
The move comes in response to the increasing prevalence of fraud, with an estimated £460 million lost to scammers last year alone. The government aims to better protect vulnerable individuals and communities from these harmful practices.
Key provisions of the proposed legislation:
- Extended payment delay: Banks will be allowed to temporarily hold payments for up to 72 hours if there are reasonable grounds to suspect fraud.
- Increased investigation time: This additional time will enable banks to conduct more thorough investigations and identify potential scams.
- Enhanced consumer protection: The measures aim to safeguard individuals from financial losses and emotional distress caused by fraudulent activities.
Industry support and collaboration
The proposed legislation has garnered support from various industry bodies and financial institutions. For example, UK Finance, a leading trade association, has long advocated for such powers to combat fraud effectively. The industry is committed to collaborating with regulators and law enforcement agencies to prevent fraud and protect consumers.
Safeguards and compensation
To ensure customer protection, banks will be required to inform customers when a payment is delayed and explain the necessary steps to unblock it. Additionally, banks will be obligated to compensate customers for any interest or late payment fees incurred due to delays.
The government's proposed measures represent a step forward in the battle against fraud. By providing banks with enhanced powers to investigate and prevent fraudulent transactions, the legislation aims to protect consumers and disrupt the activities of scammers.
Click here to read the full RegInsight on CUBE’s RegPlatform
US regulators offer relief to financial institutions hit by Hurricane Helene
The Office of the Comptroller of the Currency (OCC), alongside other federal and state financial regulatory agencies (collectively, "the agencies"), have announced measures to support financial institutions affected by Hurricane Helene. The move aims to ensure continued financial services for communities affected by the disaster.
Lending flexibility for borrowers
The agencies encourage banks and other lenders to work constructively with borrowers struggling financially due to the hurricane. Modifications to existing loan terms, such as extensions or reduced payments, are supported by the agencies and will not be penalised by examiners. This flexibility aligns with US accounting principles, whereby institutions can adjust loan terms without triggering stricter classifications like "troubled debt restructurings." When making these adjustments, regulators emphasise considering individual circumstances of each borrower.
Temporary facilities to aid recovery
Recognising potential difficulties in reopening permanent branches due to staffing and infrastructure damage, the agencies are streamlining the process for establishing temporary facilities. Financial institutions facing such challenges can seek expedited approval from their primary regulator, often requiring only an initial phone call followed by written notification. This should ensure faster restoration of critical financial services in affected areas.
Regulatory relief for reporting
Damage caused may hinder compliance with regulations on branch closures, relocations, and temporary facilities. Institutions facing difficulties in meeting these requirements are encouraged to contact their relevant regulator. The agencies state they will not penalise institutions taking reasonable and prudent steps towards compliance, even if they face delays due to the disaster. Regulators are prepared to work with affected institutions on a case-by-case basis, considering the status of their reporting systems and underlying records.
Community Reinvestment Act (CRA) incentives
Financial institutions have the opportunity to earn favourable CRA consideration for offering loans, investments, or services that support recovery efforts in federally designated disaster areas. This applies not only to the immediate affected areas but also to institutions' broader assessment areas.
Monitoring municipal investments
The agencies advise institutions to monitor closely municipal securities and loans potentially affected by the hurricane. Recognising the potential strain on local government projects, regulators encourage prudent efforts to stabilise these investments.
This collaborative approach by the OCC and other agencies shows a commitment to supporting financial institutions in their vital role of aiding communities through disaster recovery.
Click here to read the full RegInsight on CUBE’s RegPlatform
Industry calls for clarification on DORA’s definition of ICT services
In a joint statement, industry trade associations have urged the European Supervisory Authorities (ESAs) and the European Commission to clarify the definition of ICT services under the Digital Operational Resilience Act (DORA) ahead of its implementation deadline in January 2025. The request follows concerns raised during a recent “Dry-Run” exercise on DORA’s Register of Information, where divergences emerged over whether certain regulated financial services, such as those provided by financial market infrastructures (FMIs), should be classified as ICT services.
The statement, issued by the Association for Financial Markets in Europe, the European Association of CCP Clearing Houses, the European Central Securities Depositories Association, the Federation of European Securities Exchanges and the Futures Industry Association, emphasised the need for the ESAs to provide further Q&A guidance, reinforcing the notion that regulated financial services, including those offered by FMIs, credit institutions, and investment firms, should not fall under the scope of ICT services as defined in DORA. "Regulated financial services...should not be deemed ICT services in the scope of DORA, consistent with a proportionate and risk-based approach," the statement reads, highlighting concerns about additional regulatory burdens.
The industry argues that treating these services as ICT services could lead to unnecessary complexity and operational challenges, potentially affecting the smooth provision of critical financial services. The statement warned that such an approach could create significant hurdles, particularly around third-party arrangements and compliance with due diligence requirements under DORA.
With the application deadline fast approaching, the statement called for urgent clarification, noting that existing frameworks like the European Market Infrastructure Regulation (EMIR) already provide tailored oversight for many of these services. The ESAs’ anticipated Q&A updates are seen as crucial to avoid unnecessary regulatory duplication.
The industry also hinted at the possibility of future exemptions for entities such as trading venue operators, central securities depositories, and other regulated institutions, given their existing oversight by financial regulators. This would help avoid the risk of unintentionally subjecting these entities to the DORA regime for activities already covered by other regulatory frameworks.
Clarification, if issued promptly, would alleviate pressure on financial entities as they prepare for DORA’s application and ensure that only truly ICT-focused services fall under its scope.
Click here to read the full RegInsight on CUBE’s RegPlatform
EBA issues latest work programme
The European Banking Authority (EBA) has released its work programme for 2025, outlining its priorities and strategic objectives for the next three years. The programme reflects the EBA’s commitment to enhancing the stability of the financial system, strengthening the EU Single Rulebook, and embracing new responsibilities under the Digital Operational Resilience Act (DORA) and the Markets in Crypto-Assets Regulation (MiCAR).
Priorities for 2025-2027
The EBA’s medium-term priorities for 2025-2027 focus on five key areas:
- Finalising and implementing the EU Single Rulebook.
- Fostering financial stability amid ongoing economic transitions.
- Enhancing data infrastructure for improved assessment and disclosure.
- Implementing oversight under DORA and MiCAR.
- Ensuring a smooth transition to the new EU anti-money laundering and counter-terrorism financing (AML/CFT) framework.
These priorities will shape the EBA’s approach as it navigates evolving economic and regulatory landscapes, including heightened geopolitical risks, market volatility, and the transition to more sustainable financial practices.
Implementation of EU banking package
A key focus for 2025 will be the continued implementation of the EU banking package, which includes the Capital Requirements Regulation III (CRR III) and Capital Requirements Directive VI (CRD VI). The EBA will work to enhance the EU Single Rulebook through its role in shaping regulatory standards, ensuring a consistent application of these rules across member states, and further strengthening the resilience of the European banking sector.
Financial stability and stress testing
In response to the economic uncertainty, inflationary pressures, and financial market volatility, the EBA will intensify its efforts to monitor risks and enhance financial stability across the EU. The authority plans to refine its stress-testing methodology, using forward-looking analyses to better anticipate and address risks that may arise from economic or geopolitical developments.
Digital oversight under DORA and MiCAR
With the implementation of DORA and MiCAR, the EBA will assume new responsibilities in 2025. The authority will begin its oversight of critical third-party IT service providers under DORA, ensuring that the financial sector remains resilient to operational disruptions. Simultaneously, the EBA will start supervising significant crypto-asset service providers under MiCAR, reflecting the growing importance of digital assets within the financial ecosystem.
Transition to the new AML/CFT framework
Another significant area of focus will be the transition to the new EU AML/CFT framework, which will see the establishment of a new authority, the Authority for Anti-Money Laundering and Countering the Financing of Terrorism (AMLA), in 2025. The EBA will work to ensure a smooth transfer of its existing AML/CFT responsibilities to AMLA by the end of the year, while continuing to support the development of robust anti-financial crime measures.
Flexibility and future adjustments
The EBA acknowledges that its work programme may need to be adjusted to accommodate new EU priorities, particularly following the European elections in 2024. Economic and geopolitical developments could also influence the authority’s focus areas.
Resource allocation and collaboration
Operating with slightly increased resources in 2025, driven by its new DORA and MiCAR responsibilities, the EBA will focus on optimising the use of staff and funds. The authority’s planning for 2025 also incorporates lessons learned from recent organisational changes, designed to improve agility and planning capabilities. Close collaboration with other EU and non-EU institutions will be essential to ensure the effective delivery of the EBA’s mandates.
Conclusion
The EBA’s work programme for 2025 reflects its commitment to safeguarding financial stability, enhancing regulatory frameworks, and embracing new digital oversight responsibilities. As it prepares for a year of significant transitions, the EBA remains focused on addressing the evolving challenges facing the European financial sector.
Click here to read the full RegInsight on CUBE’s RegPlatform
ESMA issues latest newsletter
The European Securities and Markets Authority (ESMA) has released the latest edition of its ‘Spotlight on Markets’ newsletter. The newsletter contains factsheets highlighting key events during the month, including:
- Coverage of ESMA chair Verena Ross’s speech in London
- A summary of ESMA’s latest work programme
- Next steps for the selection of Consolidated Tape Providers
The newsletter also includes the latest updates on consultations, noting five that have closing deadlines in October.
Click here to read the full RegInsight on CUBE’s RegPlatform