The Oxford English Dictionary defines ‘hindsight’ as “The understanding that you have of a situation only after it has happened.” So, with due apologies to those at Starling who were actually there when it happened, here’s another article saying what should have happened. But whilst, perhaps taking their lead from the Final Notice there have been a number of articles on the significant fine given to Starling Bank for its financial crime systems and controls failures (including senior management failures) which occurred after the appointment of a skilled person and the entering of a VREQ (Voluntary Application for Imposition of Requirements) by the FCA, this one focuses instead on how Starling even got into such a position in the first place, and attempts to draw out some lessons to be learned for anyone leading a regulated firm (whether financial or non-financial) in this age of regulation – and reputation. Because the truth is that there had been significant warning signs long before the advent of the VREQ.
So, one has to ask: “Why”? Why were there poor systems and controls over a significant period of time? Why were not more experienced financial crime professionals employed from day one? Why did senior management apparently have insufficient FC (Financial Crime) knowledge? Other comments in the Final Notice alongside the timeline and events below suggest a more fundamental issue behind the failures which is not directly referred to in the notice – senior management itself.
The evidence for this, as set out in the table below, begs the further question of what sanctions should the FCA implement on individual senior managers in such cases, even if this is limited to specific mention, by name, in Final Notices?
Let’s look at the evidence through the timeline of events leading up to the VREQ, which a) should have warned senior management as to the problems ahead and b) highlights their apparent continued lack of oversight. You decide.
Timeline of events
| Dates | Events | Comments/Questions |
| 2016 to 2023 | Major increase in customer base and revenues. (43k customers to 3.6mio) | Did senior management ask: – Have we the infrastructure for ALL our systems and processes to cope? Do we, as an organization, have sufficient knowledge and expertise on FC matters to manage the risks of such a massive expansion in the customer base? |
| 2017 | Starling implement Sanctions screening | Did anyone in senior management oversee the implementation or did they merely ‘sign off’? How swayed were they by the upfront investment costs and to what extent was it a case of “how can we do this at the least cost”? |
| Nov 2018 | Internal Audit identify gaps and recommend these be addressed by Nov 2019 | Were senior management at the audit committee demanding urgent resolution of these gaps as an urgent priority in themselves, or was there actual or subliminal ‘linkage’ to how resolution options would impact the growth of the company? |
| Dec 2020 | NRA (National Risk Assessment) raises concerns about of criminals deliberately choosing challenger banks for money laundering because their due diligence was perceived as being insufficiently robust. | Did senior management show cultural organizational leadership by pouncing on this and demanding to know what was being done to ensure that Starling could not be accused of this – and then following up, resolutely and persistently? Or were the concerns weighed against the likely effect of stronger due diligence on the company’s growth trajectory? |
| 2020/2021 | FCA review of challenger banks (Incl. Starling identified) refers to “serious concerns” | How seriously did senior management view the FCA review? Did they initiate any action? |
The small table above simply details the events in the Final Notice leading up to the VREQ. It seems to indicate that Starling’s senior management had plenty of warning as to potential financial crime issues.
Our (extensive) experience is that in many banks (to be clear, not necessarily in Starling, but in many banks), senior management’s entire focus (and no doubt celebration) is on the growth and financial success of the company. Concerns surrounding financial crime, for example as raised by internal audit in this case in 2018 and implementing further controls to deal with those concerns are sometime brushed aside as “business prevention” and funds and resources are prioritized, instead, towards further expanding the business.
Culturally, such attitudes can ‘bleed’ into control functions – particularly inexperienced ones – and affect them in a very negative way and in some instances, this can lead to a reluctance to press home the need for action in an urgent enough way. In other words, they get the message “Don’t bring us problems” and they heed it. For example, external warnings as given in National Risk Assessments can be dismissed as “This does not apply to us.”
Finally, perhaps it is now time for the FCA to consider what sanctions they should apply over and above corporate financial penalties. While such penalties make headlines, like most newspaper headlines, they are soon forgotten. The FCA should seriously consider action against senior managers with ultimate responsibility, It is time to ‘name and shame’ at the very least and, in the worst cases, levy individual financial penalties and legal action against very senior management – perhaps on a ‘failure to prevent’ basis. Only this will ensure that senior manager responsibility and oversight occurs with the strength and persistence required.
Stuart Hammond
Director, Regulatory and Compliance
Marker AI