Legacy modernization
Kickstart your legacy modernization initiative with generative AI
The recent £21 million fine slapped on Monzo by the Financial Conduct Authority (FCA) is a real moment of truth for everyone in digital banking. It shouldn’t be seen as a telling-off — instead, it’s a vital reminder of the core principles that build trust, drive innovation and ensure lasting success in financial services.
Monzo's rise from plucky start-up to major player in financial services demonstrates what you can do with clever design and agile working. However, the FCA's findings hit home a harsh truth: when you're growing at speed, you need robust controls in place, especially when it comes to stopping financial crime. Those examples of what the FCA called "obviously implausible UK addresses" (which customers had used to apply for accounts) and the struggle to manage high-risk customers during a period of rapid customer acquisition point to a significant disconnect between ambitious growth plans and vital, if supposedly less glamorous, compliance work.
Key lessons for financial services organizations
From our perspective — as folks who live and breathe digital transformation and software engineering — this situation throws up a few crucial lessons for all financial institutions, particularly those challenger brands seeking to disrupt the industry status quo.
Compliance must be built-in, not bolted on
The fine makes it crystal clear that things like anti-money laundering (AML) and know your customer (KYC) aren't something you can just add into the mix later or at the end of a project; they've got to be part of the fundamental design of your product or service right from the start. That means building systems that handle data collection, verification and risk assessment. They also need to be able to grow as your customer base and offerings get bigger.
Effective engineering can help scale compliance mechanisms
As a company expands, the types and scale of financial crime risks change. Manual processes or systems designed for a smaller customer base will simply crumble under the pressure.
At Thoughtworks, we champion using sound engineering practices like microservices, event-driven systems and automated testing for your compliance frameworks. They allow you to adapt quickly to new rules and emerging threats without slowing down operations or frustrating your customers.
People and tech need to work together
While AI and machine learning are fantastic for spotting significant — perhaps problematic — patterns in data and automating routine tasks, the Monzo case reminds us that human oversight remains vital. Yes, algorithms can flag things, but human judgement, backed by deep expertise, is essential for understanding risk and making smart decisions, especially for tricky cases or high-risk profiles. Combining smart automation with human insight will create a much stronger defence against financial crime.
Good data is non-negotiable
Monzo's "implausible" addresses point straight to basic data quality issues. In this digital age, data is currency: its accuracy and integrity are paramount for managing risk effectively. Financial institutions must, then, invest in strong data governance and make sure the data used for compliance is clean, consistent and reliable across all systems.
Be proactive when it comes to regulation
Monzo's commitment to a "comprehensive financial crime change programme" is a positive step. This proactive approach to fixing things and constantly getting better, working hand-in-hand with regulators, is essential. Compliance isn't a fixed state; it's an ongoing journey of adapting and improving as threats and rules change.
Compliance shouldn’t be seen as a chore: it needs to be understood as something that can give financial services and banking organizations a real competitive edge.
Compliance shouldn’t be seen as a chore: it needs to be understood as something that can give financial services and banking organizations a real competitive edge.
The opportunity to build a more resilient financial future
We see this fine as proof of what we've always believed: that technology is a critical component in building robust and compliant financial institutions. With it, organizations can respond to regulatory demands and implement effective compliance, much faster. In turn, this will minimize the risks of legal penalties and operational disruption.
More specifically, there are four key areas that we believe organizations serious about compliance need to attend to.
Strategic compliance roadmapping. It’s vital to look beyond quick fixes and develop a holistic, forward-thinking strategy for preventing financial crime that fits your growth ambitions and regulatory duties. This involves looking at what you have now, spotting gaps and deciding where to invest in new technology and processes.
Building modern AML/CTF (counter-terrorist financing) platforms. Some complex compliance challenges can be tackled by building a robust, scalable platform. This might involve updating existing systems, bringing in advanced data analytics and AI for better monitoring or creating more efficient and accurate ways to bring new customers on board.
Top-notch data quality and governance. It’s critical that teams develop solid data pipelines, implement necessary data quality checks and build a comprehensive data governance framework. These are all essential for both accurate risk assessment and reporting to regulators. This would, in fact, directly tackle the "implausible information" problems we see in the Monzo case.
A culture of responsible innovation. Beyond just tech, building a culture where compliance and risk management are part of every agile team and development cycle can play an important part in strengthening your compliance posture. It helps ensure new features and rapid scaling don't accidentally create new weak spots.
These are all vital components in ensuring regulatory compliance; they’re also all things Thoughtworks helps organizations deliver on, fast. Of course, the right approach will depend on where you are right now as an organization, but crafting an appropriate initiative that plays to your strengths is paramount.
A wake up call for responsible innovation
The Monzo fine isn’t a story about regulation hampering innovation: it’s a wake up call for a more responsible approach. Compliance shouldn’t be seen as a chore: instead, it needs to be understood as something that can, when done well, give financial services and banking organizations a real competitive edge. It isn’t a barrier to growth — it can drive it.
Providing customers with exemplary experiences and ensuring confidence will help build lasting relationships that deliver long-term value.
Disclaimer: The statements and opinions expressed in this article are those of the author(s) and do not necessarily reflect the positions of Thoughtworks.
