Napier AI has backed a warning from the Chartered Institute of Internal Auditors after new analysis found UK financial services organisations have incurred more than £1 billion in fines linked to internal control failings since 2021.
The Chartered Institute of Internal Auditors reviewed 97 Financial Conduct Authority enforcement cases and found that 52 were directly related to internal control failures. Anti-money laundering, fraud, and financial crime accounted for most of those penalties, with repeated weaknesses in customer due diligence, transaction monitoring, sanctions screening, and governance.
The report also found that several organisations had already been warned by internal audit teams about control weaknesses but failed to act. Final notices cited gaps in coordination across second and third lines of defence, limited assurance over second-line functions, and delayed follow-through on high-priority actions.
Arleen McGichen, President, Chartered Institute of Internal Auditors, said: “Between 2021 and 2025, over half of all the fines issued by the Financial Conduct Authority (FCA) related to internal control failures, weaknesses or absences, to the value of over £1bn. This should concern regulators, boards and senior leaders across the financial services sector, and it should focus minds within internal audit functions in financial services and beyond.”
The report also noted that time spent dealing with public and regulatory scrutiny, as well as reputational damage, can reduce the time available for strategic execution and forward planning.
Commenting on the findings, Dr Janet Bastiman, Chief Data Scientist at Napier AI, said: “Money laundering drains 5.35% of GDP from the UK economy each year, according to our AI / AML Index, so it’s vital that financial services firms heed the CIIA’s warning to stem the losses. It cannot be treated as a box-ticking exercise, as financial criminals are constantly on the lookout to exploit weak controls, costing the UK $195 billion annually alongside the financial, reputational and regulatory damage facing individual organisations.”
Bastiman added: “Effective AML oversight requires being able to detect financial crime typologies across large volumes of transactions, rather than periodic manual checks that leave the exploitation window open. Explainable AI, with clear audit trails, can monitor transactions in real time, flagging suspicious signals and allowing compliance teams to prevent illicit activity.”
She also said: “Regulator collaboration is vital to driving better AML outcomes, directly stepping in to supervise the highest risk financial institutions, which is reflective of the new AMLA approach. Working together to establish best practice and getting the basics right for internal controls to boost financial crime compliance can save the UK economy billions each year.”
The analysis adds to regulatory pressure on banks, payments groups, and other financial services organisations to show that core controls are operating effectively across monitoring, governance, and escalation.
You must be logged in to post a comment.