What happened?

​Dutch online bank Bunq has been fined €2.6 million by the Dutch Central Bank (DNB) for failures in its anti-money laundering (AML) controls. The regulator cited serious shortcomings between January 2021 and May 2022, where Bunq failed to properly investigate and report potential financial crime indicators. [NB Bunq passports its credit institutions services into Ireland from the The Netherlands pursuant to the terms of the EU Directive 2013/36/EU].

DNB noted that Bunq had previously been warned and fined for similar weaknesses, yet meaningful improvements were not made. Despite this, Bunq maintains that it takes its gatekeeping responsibilities seriously, pointing to its use of advanced technology and ongoing system improvements.

This fine comes against a backdrop of heightened regulatory scrutiny in the Netherlands, where major lenders including ING, ABN Amro, and Rabobank have also faced significant enforcement actions and legal challenges over AML control deficiencies.

What is important for MLROs to note from this case

This case underlines the importance of sustained, demonstrable improvements in AML frameworks, particularly following regulatory warnings or fines.

For an MLRO, the key lesson is that technology alone is insufficient without robust governance, oversight, and a culture of accountability. Regulators expect not only initial remediation but also evidence of lasting effectiveness in transaction monitoring, customer due diligence, and suspicious activity reporting.
​
An experienced MLRO should recognize that repeated regulatory findings indicate weaknesses in escalation, board engagement, and risk ownership. Embedding AML into the bank’s strategic priorities—through continuous training, effective quality assurance, and proactive engagement with regulators—is essential. Failure to do so not only risks financial penalties but also reputational damage and possible criminal liability for the institution and senior management.

Work conducted by the DNB

DNB conducted an examination into the way in which Bunq complies with the Wwft. As part of the examination, DNB assessed how Bunq analyses and assesses its risks of facilitating money laundering and terrorist financing. In addition, it examined customer files and the transaction monitoring alerts associated with these files and conducted interviews with relevant officers.

The high-risk files examined showed that Bunq was deficient in following up on its transaction monitoring alerts. As a result, signals of possible financial crime were not investigated in sufficient depth, if at all. Bunq was also unable to demonstrate why transactions with similar characteristics were reported to FIU-NL in one case and not in the other. As a result, there was a risk that unusual transactions were not detected, or not detected in time and that they were not reported, or not reported in time. Transaction monitoring deficiencies can cause illicit money flows to continue unchecked.

Bunq failed to exercise adequate ongoing monitoring in the four files on which DNB's administrative fine is based. As a result, Bunq did not have sufficient insight into these customers and their transactions. Given the severity and extent of the deficiencies in these files, DNB considers the fine imposed both necessary and appropriate.

What is the justification for the size of the fine?

Between 2018 and 2023, DNB carried out several examinations into Bunq’s compliance with the Wwft. During these examinations various instances of non-compliance with the Wwft were identified, that were found to be both severe and culpable. DNB already took enforcement action on several occasions, including imposing a fine. However, this has not resulted in sustained compliance with the Wwft by Bunq. Following DNB’s examinations, Bunq has not made sufficient progress in complying with its statutory obligations under the Wwft. DNB has therefore decided to impose a punitive fine on Bunq due to the severity of the non-compliance with Section 3(2)(d) of the Wwft.

DNB’s enforcement approach is primarily aimed at compliance with the law. In addition, the more severe and culpable the non-compliance, the sooner DNB will impose a fine. This is done on a case-by-case basis. Bunq's size and ability to pay have been taken into account, and the fact that Bunq completed a remedial programme to address the identified deficiencies after DNB's most recent examination has been taken into account in favour of the bank. 

Can Bunq appeal?

Bunq lodged an objection to DNB's decision to impose a fine. The objection process is still pending.

A decision becomes final if no legal remedy has been exercised against it. Any interested party may lodge an objection against the decision within six weeks of its date. The decision on the objection can be appealed in court within six weeks. Further appeal against the court ruling may be lodged with the Trade and Industry Appeals Tribunal (College van Beroep voor het bedrijfsleven – CBb). If no objection, appeal or further appeal is lodged, the decision becomes irrevocable. The table shows the current status of this decision.

What is the gatekeeper role of the DNB?

From the DNB's website:

"Tackling money laundering is a priority for the government because it is key to effectively fighting all manner of serious crime. Concealing the origin of criminal proceeds enables perpetrators to steer clear of the investigative authorities and enjoy their ill-gotten gains undisturbed. The Anti-Money Laundering and Anti-Terrorist Financing Act (Wet ter voorkoming van witwassen en terrorismefinanciering – Wwft) aims to ensure that our financial system is not abused for money laundering and terrorist financing. Under this legislation, banks act as gatekeepers and are obliged to carry out anti-money laundering controls. This means that banks must know who their customers are, where the customers’ money comes from and what customers intend to do with financial products, e.g. payment accounts. Once customers are accepted, the bank must monitor them on an ongoing basis and report unusual transactions to the Financial Intelligence Unit (FIU-NL) so that the investigative authorities can examine suspicious transactions. Banks may use a risk-based approach to monitor their customers, meaning that high-risk customers will require more in-depth monitoring than low-risk customers." ​

Sources: 

• https://www.dnb.nl/en/general-news/enforcement-measures-2025/fine-for-bunq-b-v-for-insufficient-customer-due-diligence/
• https://www.rte.ie/news/business/2025/0825/1530008-online-bunq-fined-for-sloppy-money-laundering-control/

A very interesting case study / typology for fast growing digital banks, payments firms and crypto-asset services providers and indeed any fintech in any country where there are anti-money laundering requirements.

A few days ago our Peter Oakes wrote a piece on Linkedin about Monzo Bank's continuing plans to establish an authorised bank in Ireland.  See https://www.linkedin.com/feed/update/urn:li:activity:7347556992883843072.

Today the UK Financial Conduct Authority issued an enforcement notice and fine of £21mn against the rapidly growing digital bank.

Hope this short blog helps financial crime professionals and MLROs with some useful thought for AFC training and the typology library.


📈 As Growth Accelerates, So Must Your Controls
Rapid client onboarding and frequent product rollouts increase exposure to money laundering (ML) and terrorist financing (TF) risk. Firms often focus on scaling—the tech stack, user experience, marketing—while compliance lags. Regulatory expectations, however, demand that internal controls scale simultaneously. Digital banks must avoid the “too little, too late” trap.

A detailed, documented risk assessment underpins everything: products, client segments, geographies, channels. That assessment must inform transaction monitoring rules, reporting thresholds, enhanced due diligence, ongoing review, staff training, management information (MI), and audit cycles.

🛡️ Foundation: AML/CTF Risk Assessment
* Per Irish and EU standards, and echoed in Central Bank of Ireland guidance, your AML/CFT framework must include key elements:
* Thorough risk assessment at the outset and with any material change (new product, geography, channel)
* Board and senior management oversight with regular MI and challenge sessions
* Tailored governance, controls, training, and testing based on risk
This creates the durable infrastructure needed for AML resilience.

🧱 Case Study: Monzo’s £21M Fine for AML Failings
In June 2025, the FCA levied a £21 million penalty on Monzo, citing systemic weaknesses in financial crime control frameworks as the firm scaled its product footprint.

The FCA’s Final Notice (link below) highlighted:

• Insufficient customer risk profiling
• Flawed transaction monitoring
• Under-resourced compliance function

👉 Access the case materials from FCA:
“FCA fines Monzo £21 m for failings in financial crime controls”

• FCA's Final Notice - https://www.fca.org.uk/publication/final-notices/monzo-bank-limited.pdf
• FCA's Press Release - https://www.fca.org.uk/news/press-releases/fca-fines-monzo-21m-failings-financial-crime-controls  

This is a red flag for high-growth fintechs: internal control gaps are not just theoretical—they trigger high-profile enforcement.

🧭 Key Tactical Takeaways

• Embed risk assessment into product development and expansion
• Treat each new product or market like a mini ML/TF risk assessment project.
• Strengthen transaction monitoring in pace with growth
• Ensure value, frequency, and risk coverage evolve with transaction volumes.
• Elevate compliance’s role in tech decisions
• Document regtech capabilities and embed regular health checks.
• Invest in MI for senior leadership and board visibility
• Highlight top risk trends, STR volumes, alert outcomes, and audit results.
• Audit governance effectiveness frequently
• Compliance committees, challenge sessions, and record-keeping must be independently reviewed.
• Prepare for external audit and supervisory attention
• Firms like Monzo have shown regulators won’t hesitate to name and penalize.

✍️ Final Word for MLROs
As MLROs at high-growth firms, your role is to translate risk into action. Ensure your AML/CFT framework is not just documented—but truly operational across all products and regions. Be proactive, visible, and predictive.

CENTRAL BANK OF IRELAND PRESS RELEASE – Wednesday 2 July 2025

The Central Bank takes enforcement action against Swilly Mulroy Credit Union for breaches of Anti Money Laundering requirements.

The Central Bank of Ireland (the Central Bank) has fined Swilly Mulroy Credit Union (Swilly Mulroy) €36,273 for breaching requirements of the Criminal Justice (Money Laundering and Terrorist Financing) Act 2010 (the 2010 Act) and the Credit Union Act 1997 (the 1997 Act).

The 2010 Act requires firms to put in place safeguards against the risk of money laundering and the 1997 Act requires credit unions to develop and implement risk management systems to monitor and manage risks.

The Central Bank’s investigation found that Swilly Mulroy operated a practice of soliciting and accepting cash from depositors who did not hold accounts with the Credit Union. This money would then be electronically transferred to a branch of a local bank, without first being deposited in an account in the customer’s name at Swilly Mulroy. As a result, Swilly Mulroy failed to conduct the necessary Anti-Money Laundering checks on the depositors and the transactions.

This specific cash intensive practice had been flagged to the credit union sector as presenting a heightened money laundering risk.

The investigation found that Swilly Mulroy operated in this way between 2 January 2014 and 30 June 2021, during which time it processed €8,751,694 in deposits from 2,329 cash lodgements. The Board of Swilly Mulroy was aware of the risks associated with the practice from 2015 but failed to act on its risk management obligations under the 1997 Act.  A new management team ceased the practice in 2021 and subsequently brought it to the attention of the Board.

The issue was not brought to the Central Bank’s attention and was discovered in 2022 during an inspection by the Central Bank’s Anti-Money Laundering Division.  The Central Bank commenced this enforcement investigation in 2023.

The investigation yielded multiple examples of cash lodgements, which in the usual course should have triggered additional and careful scrutiny but instead were processed without any Anti-Money Laundering checks. 

Swilly Mulroy has therefore breached multiple requirements of the 2010 Act.

Swilly Mulroy has admitted the prescribed contraventions and has agreed to the undisputed facts as set out in the attached Settlement Notice. As part of the settlement agreement reached between the Central Bank and Swilly Mulroy, the Central Bank has determined that sanctions comprising a reprimand and monetary penalty in the amount of €51,819 are both warranted and proportionate to the size of the firm. The application of a 30% settlement scheme brings the amount to €36,273. The sanctions have been accepted by Swilly Mulroy. The sanctions are subject to confirmation by the High Court and will not take effect unless confirmed.
​
Colm Kincaid, the Central Bank’s Director of Enforcement, said:
​
“Anti-money laundering and counter terrorist financing legislation is designed to prevent the financial system being used to launder the proceeds of crime or fund terrorist activities. One of its key safeguards is that regulated financial service providers have controls in place to identify their customers and detect potential money laundering or terrorist financing. Where firms allow gaps in their control framework, they create opportunities for criminals and terrorists to use our financial system to pursue their illegal activities. It is also important that, when firms identify that such control gaps exist, they must report it to the Central Bank, so that appropriate actions can be taken to manage and mitigate the risk.

This action demonstrates the Central Bank’s continued focus on firms’ compliance with their legal obligations to safeguard the integrity of our financial system.”  

​
​

​​Thank you to our money laundering typology guest contributor who is a senior AFC professional working in Ireland on international financial crime matters.  This person freely gives time to source interesting typologies and analyses them for our visitors. Contact us if you would like to do likewise, whether anonymous or credited.

Metro Bank fined £16.6m for failings over money laundering checks

1. Summary

• i. Metro Bank was fined £16.6 million by the UK’s Financial Conduct Authority (FCA) for serious failings in its anti-money laundering (AML) systems and controls between June 2016 and December 2020. These deficiencies affected over 60 million transactions, collectively valued at more than £51 billion.
• ii. The issues primarily arose from flaws in Metro Bank’s automated transaction monitoring system, introduced in 2016. Due to data input errors, the system failed to flag transactions on the same day accounts were opened and missed other high-risk activities until records were updated. Despite concerns raised by junior staff in 2017 and 2018, these problems persisted, with only partial fixes implemented in 2019 and full resolution achieved in late 2020.
• iii. The FCA noted that the prolonged lapses in Metro Bank's controls created significant vulnerabilities in the UK's financial system, exposing it to criminal exploitation. Metro Bank has since updated its processes to address the deficiencies and strengthen its AML framework.

2. What’s interesting
i. The Metro Bank case provides critical lessons for AML professionals, highlighting key areas of interest:

• Challenges with Automated Monitoring Systems: The failure of Metro Bank's transaction monitoring system due to input errors illustrates the risks of over-reliance on technology without robust validation and ongoing oversight. AML professionals must ensure data accuracy and conduct regular system audits to prevent similar issues.
• Escalation and Governance Shortcomings: Despite junior staff raising concerns about the system's performance as early as 2017, meaningful action wasn't taken until years later. This underscores the importance of having strong escalation mechanisms and responsive governance structures to address identified weaknesses swiftly.
• Regulatory Expectations for Proactive Risk Management: The FCA highlighted that prolonged lapses in addressing AML deficiencies significantly increase exposure to financial crime. AML professionals should note the regulator's emphasis on proactive risk identification and timely remediation as non-negotiable compliance standards.
• Impact of Deficiencies on Financial System Integrity: Over £51 billion in transactions were inadequately monitored, exposing the system to exploitation by criminals. This reinforces the importance of comprehensive controls to safeguard the financial ecosystem, particularly for high-risk activities like account opening and large transactions.
• Fines and Reputational Risk: The £16.6 million fine and public criticism demonstrate the severe consequences of AML failings, serving as a warning about the financial and reputational damage that can result from non-compliance.

​
ii. This case highlights the critical need for robust systems, effective governance, and a culture of vigilance to maintain strong defences against money laundering risks.

Source: ​ https://www.ireland-live.ie/news/city/1653413/metro-bank-fined-16m-for-failings-over-money-laundering-checks.html

​Thank you to our money laundering typology guest contributor who is a senior AFC professional working in Ireland on international financial crime matters.  This person freely gives time to source interesting typologies and analyses them for our visitors. Contact us if you would like to do likewise, whether anonymous or credited.

1. Summary

• i.Waystone Fund Management (IE) Limited (WFM) was fined €393,512 by the Central Bank of Ireland for breaching EU AIFM regulations.
• ii.Breaches included inadequate due diligence, poor conflict-of-interest management, weak delegate oversight, insufficient risk management, and unreliable valuation procedures.
• iii.Between 2018 and 2019, €17.7 million was invested in illiquid private assets (loan notes) without adequate oversight, leading to a loss of €10.2 million for the fund’s investors.
• iv.WFM later reached a settlement with investors, who recovered their initial investments.
• v.The Central Bank imposed the fine and emphasized the importance of due diligence, effective governance, and robust valuation practices to protect investors.

2. What’s interesting

• i. Due Diligence Failures: The case highlights the critical need for comprehensive due diligence processes when managing investments in high-risk, illiquid assets.
• ii. Conflict of Interest Management: Effective identification and mitigation of conflicts of interest are central to maintaining investor trust and regulatory compliance.
• iii. Regulatory Accountability: This case underscores how regulators enforce compliance through penalties and public reprimands to uphold financial system integrity.
• iv. Valuation Accuracy: Proper valuation methods are essential to avoid exposing investors to unnecessary risks.
• v. Oversight on Delegates: Strong oversight of third-party managers is vital to ensure adherence to regulatory standards and protect against mismanagement.
• vi. For AML professionals, the case serves as a reminder to integrate stringent controls, risk assessments, and monitoring mechanisms into investment fund operations to avoid regulatory repercussions.

Source: https://m.independent.ie/business/waystone-fined-by-regulator-over-funds-management-of-loan-note-investment/a1485619477.html