The Nationwide fine is part of a broader pattern of regulatory enforcement. Since 2021, the FCA has imposed 13 fines – totalling £300,767,526 – on banks for anti-money laundering systems and controls failings. Nationwide would have been fined £62,969,297, but it agreed to resolve these matters and so qualified for a 30% discount under the FCA’s processes.
The most striking failure involved a customer who received 24 payments totalling £27.3m over 13 months, including £26m deposited over eight days in fraudulent COVID furlough payments. While HMRC managed to claw back most of the cash, approximately £800,000 remains unrecovered.
Nationwide was unable to effectively identify, assess, monitor or manage the money laundering risks among its personal current account customers. It also meant Nationwide did not have an accurate picture of its customers who presented a higher risk of financial crime.
Nationwide was also aware that some of those customers were using their personal accounts for business activity, in breach of its terms. Nationwide did not offer business current accounts at this point, so did not have the right processes in place to manage the financial crime risks from business activity.
Perhaps most damaging was the regulator’s finding that ”Nationwide was aware of weaknesses in its systems and controls and undertook work to make improvements. However, it failed to adequately address those weaknesses in a timely manner.“
The FCA’s 5-year strategy emphasises a proactive approach to fighting financial crime, focusing on those who seek to use the fact they are regulated to do harm. The regulator will go further to disrupt criminals and support firms to be an effective line of defence.
As FCA director Therese Chambers noted: “Building societies and banks have a key role in the fight against financial crime. Firms must remain vigilant in this fight.”
This case highlights the convergence of multiple regulatory frameworks demanding comprehensive fraud prevention:
Under Provision 29 of the 2024 UK Corporate Governance Code, boards must make declarations on the effectiveness of their material internal controls, which specifically include fraud controls among financial, operational, compliance and reporting controls. When making this declaration, boards must consider any failings, near misses or weaknesses of the material controls.
The Economic Crime and Corporate Transparency Act creates criminal liability where an employee commits fraud intending to benefit the organisation, and the organisation lacks reasonable fraud prevention procedures. While distinct from AML failures, this creates a complementary compliance framework that came into force on 1 September 2025.
Combined, these regulatory frameworks create the need for a comprehensive supervision structure that encompasses:
The Nationwide case demonstrates that regulatory tolerance for financial crime control failures has reached its limit. With Provision 29 requiring board declarations on fraud controls and ECCTA creating criminal liability for employee fraud, the compliance landscape has fundamentally changed.
The convergence of AML obligations, board accountability requirements, and criminal liability for fraud prevention failures demands a holistic, proactive approach to risk management.
The question isn’t whether your organisation will face scrutiny – it’s whether you’ll be ready when it comes.
We would be pleased to answer any queries or have an informal chat to discuss your possible governance needs.