In an era where financial institutions face mounting pressure from regulators, Starling Bank’s recent enforcement action by the Financial Conduct Authority (FCA) serves as a poignant reminder: a robust compliance framework isn’t just a regulatory checkbox; it’s essential for the integrity of the financial system. As regulatory penalties become all too common, any lapse in compliance can have dire consequences.
The Challenge of rapid growth with inadequate tools
Since launching in 2016, Starling Bank has seen explosive growth, amassing around 3.6 million customers by 2023. While this is an impressive milestone, rapid expansion comes with unique compliance challenges. The institution’s financial crime controls failed to keep pace with its growth. The FCA’s recent review raised flags about Starling’s anti-money laundering (AML) and financial sanctions framework. The bank’s automated screening system only checked customer names against a mere fraction of the Consolidated List, screening only 39 of the 3,088 sanctioned individuals! This oversight, missing out on the names of individuals who did not have a UK residency or citizenship, highlights a fundamental flaw in their system configuration or implementation process, raising questions about the effectiveness of their chosen technology and/or the due diligence exercised during its integration.
Moreover, Starling was screening its customers only once every 14 days — far below industry standards — which left significant gaps where high-risk individuals could operate undetected. In a global industry where timely responses to emerging threats are crucial, infrequent monitoring combined with inadequate screening for all cross-border payments, undermined the integrity of the bank’s compliance framework. Consequently, this posed substantial risks to both the institution and its customers. Imagine a potential money launderer or sanctioned individual slipping through the cracks, engaging in illicit activities without timely detection. Such oversights not only jeopardize Starling’s integrity but also the broader financial system.
The imperative for rigorous testing beyond basic checks
The lack of formal testing or calibration of Starling’s financial watchlist screening systems after implementation further compounded these issues. Without ongoing assessments, undetected failures in customer and payment screening processes went unchecked, creating an environment ripe for illicit activities.
Compliance is not a one-time endeavor; it requires continuous evaluation and adjustment, particularly as regulations evolve and new risks emerge.
A critical aspect of this was insufficient Management Information (MI) related to financial sanctions, such as alert volumes and trends, which hindered the bank’s ability to effectively monitor and adjust its screening processes.
In a well-functioning compliance framework, regular testing and calibration of systems are paramount. This includes validating that screening algorithms are functioning correctly and that any updates to regulation are integrated into the screening criteria. Failure to do so not only leaves institutions vulnerable to regulatory action but also puts them at risk of reputational damage that can take years to recover from — an especially pressing concern for a hyper-growth neobank like Starling, where so much rests on its reputation and the niche market it has built to attract customers.
The role of Starling’s technology vendor compliance platform
Only in 2023 did Starling Bank become aware that, since the implementation of its financial sanctions screening framework in 2017, its automated screening system had only been screening names of new and existing customers against a fraction of the Consolidated list. It raises concerns about how a platform designed for automated compliance could facilitate a screening frequency of only every 14 days, highlighting the need for clarity on the default settings and guidance provided to clients like Starling.
Additionally, the customer success and implementation teams could potentially have ensured that the system was calibrated correctly and that all compliance features were fully operational. This enforcement serves as a wake-up call for technology vendors to strengthen their oversight processes and mitigate potential liability.
Lessons learned from Starling’s compliance crisis
In light of the serious concerns raised by the National Risk Assessment (NRA) regarding the rapid onboarding processes of challenger banks, it’s imperative that these institutions take immediate action to bolster their financial crime controls. The NRA highlighted a critical vulnerability: the allure of quick account openings may inadvertently attract high-risk customers due to insufficient due diligence practices. The Authority’s comprehensive review of financial crime controls across six challenger banks, which included an analysis of over 8 million customers, highlights the need for robust governance, effective risk assessments, and rigorous ongoing monitoring.
The enforcement action against Starling Bank serves as a crucial lesson for all challenger banks and their technology partners. A robust compliance framework can leverage advanced technology but it must similarly ensure systems are properly configured, continuously monitored, and regularly assessed. By integrating AI-driven solutions and maintaining rigorous oversight, institutions can better protect themselves and their customers from financial crime risks.
Starling’s experience emphasizes the necessity of ongoing compliance evaluations. Financial institutions should not only focus on implementing advanced screening technologies but also cultivate a culture of compliance that prioritizes vigilance and adaptability. This involves regular training for compliance teams, engaging with technology vendors for updates and support, and fostering an environment where compliance is viewed as a strategic asset rather than a checkbox to tick.
A path forward to future-proofing compliance
As we reflect on Starling Bank’s experience, it’s clear that the stakes are high, and the time for proactive measures is now. The future of compliance will increasingly involve adoption of AI and machine learning technologies, which can provide real-time insights and support increased operational efficiencies. However, technology alone cannot solve compliance challenges. A comprehensive approach that combines advanced tools with rigorous oversight and continuous improvement is essential.
Financial institutions must recognize that the landscape of financial crime detection is ever-evolving, and their compliance frameworks must be equally dynamic. By learning from Starling’s challenges and prioritizing proactive compliance measures, banks can build resilient systems that not only meet regulatory requirements but also safeguard their reputations and the trust of their customers. A commitment to ongoing improvement can transform compliance from a reactive obligation into a proactive strategy for success.
Disclaimer: This article represents the author’s personal opinions and should not be construed as a legal assessment or definitive analysis of Starling Bank’s compliance or vendor practices. Readers are encouraged to consider this piece as expressing opinions that carry no legal consequences.
Written by:
Cedric Iggiotti, VP Product, Screening