Cedric Iggiotti, VP Product, Screening at ThetaRay noted recently that in an era where financial institutions face growing pressure from regulators, Starling Bank’s enforcement action by the UK’s Financial Conduct Authority (FCA) serves as an important reminder: a robust compliance framework isn’t just a regulatory checkbox.
Cedric Iggiotti, VP Product, Screening at ThetaRay added that it is essential for the integrity of the financial services ecosystem.
Cedric Iggiotti of ThetaRay also mentioned that as the regulatory penalties become all too common, any lapse in compliance can quite likely have some very dire consequences.
Since launching operations back in 2016, UK-based Starling Bank has seen steady growth, amassing about 3.6 million customers by 2023.
Although this is a key milestone, Cedric Iggiotti, VP Product, Screening at ThetaRay said that the constant expansion efforts tend to come with their “unique” set of compliance challenges.
Cedric Iggiotti of ThetaRay added that the major institution’s financial crime controls failed to “keep pace with its growth.”
Cedric of ThetaRay further noted that the FCA’s recent review “raised flags” about Starling’s anti-money laundering (AML) and financial sanctions framework.
They continued to note that the bank’s automated screening system only checked customer names against a “mere fraction” of the Consolidated List, screening only “39 of the 3,088 sanctioned individuals.”
Cedric added that this oversight, missing out on the names of individuals who did not have a UK residency or citizenship, “highlights a fundamental flaw in their system configuration or implementation process, raising questions about the effectiveness of their chosen technology and/or the due diligence exercised during its integration.”
Moreover, Starling was screening its customers “only once every 14 days — far below industry standards — which left significant gaps where high-risk individuals could operate undetected.”
Cedric of ThetaRay also noted that in a global industry where timely responses to emerging threats are crucial, “infrequent monitoring combined with inadequate screening for all cross-border payments, undermined the integrity of the bank’s compliance framework.”
Consequently, Cedric of ThetaRay explained that this posed “substantial” risks to both the institution and its customers.
They also noted that you can imagine a “potential” money launderer or sanctioned individual “slipping through the cracks,” engaging in illicit activities without timely detection.
As stated in a blog post by ThetaRay, such oversights not only tend to seriously jeopardize Starling’s “integrity” but also the broader financial system.
According to the ThetaRay blog post, the lack of “formal testing” or calibration of Starling’s financial watchlist screening systems after implementation further “compounded these issues.”
The update from ThetaRay also noted that without ongoing assessments, undetected failures in customer and payment screening processes went unchecked, creating “an environment ripe for illicit activities.”
Compliance is not a “one-time endeavor” and it requires “continuous evaluation and adjustment, particularly as regulations evolve and new risks emerge.”
A key aspect of this was insufficient Management Information (MI) related to financial sanctions, such as alert volumes and trends, which “hindered the bank’s ability to effectively monitor and adjust its screening processes.”
In a well-functioning compliance framework, “regular testing and calibration of systems are paramount.”
This includes validating that screening algorithms are “functioning correctly” and that any updates to regulation are integrated into the “screening criteria.”
Failure to do so not only leaves institutions vulnerable to regulatory action but also puts them at risk of reputational damage that can take years to recover from — an especially “pressing concern for a hyper-growth neobank like Starling, where so much rests on its reputation and the niche market it has built to attract customers.”
Only in 2023 did Starling Bank become aware that, since the implementation of its financial sanctions screening framework in 2017, its “automated screening system had only been screening names of new and existing customers against a fraction of the Consolidated list.”
As mentioned in the insights from ThetaRay, it raises concerns about how a platform designed for automated compliance could facilitate a screening frequency of only every 14 days, “highlighting the need for clarity on the default settings and guidance provided to clients like Starling.”
In addition, the customer success and implementation teams could potentially have ensured that the system was “calibrated correctly” and that all compliance features were “fully operational.”
As noted in the blog post from ThetaRay, this recent enforcement serves as a wake-up call for technology vendors to “strengthen their oversight processes and mitigate potential liability.”
In light of the serious concerns raised by the National Risk Assessment (NRA) regarding the rapid onboarding processes of challenger banks, it’s imperative that these “institutions take immediate action to bolster their financial crime controls.”
The NRA highlighted a critical vulnerability: the allure of quick account openings may inadvertently attract high-risk customers “due to insufficient due diligence practices.”
The Authority’s review of financial crime controls across various challenger banks, which included an analysis of “over 8 million customers, highlights the need for robust governance, effective risk assessments, and rigorous ongoing monitoring.”
The ThetaRay blog post also noted that enforcement action against Starling Bank serves as a crucial lesson for “all challenger banks and their technology partners.”
A robust compliance framework can leverage advanced tech but it must similarly ensure systems are “properly configured, continuously monitored, and regularly assessed.”
By integrating AI-driven solutions and maintaining rigorous oversight, institutions can better “protect themselves and their customers from financial crime risks.”
Starling’s experience emphasizes the necessity and utmost importance of “ongoing compliance evaluations.”
As stated in the insights shared by ThetaRay, FIs should not only focus on implementing advanced screening technologies but also cultivate a culture of compliance that prioritizes “vigilance and adaptability.”
As explained in the update, this involves “regular training” for compliance teams, engaging with tech vendors for updates and support, and fostering an environment where compliance is viewed as “a strategic asset rather than a checkbox to tick.”
The blog post from ThetaRay further noted that FIs need to recognize that the landscape of financial crime detection is “ever-evolving,” and their compliance frameworks must be “equally dynamic.”
By learning from Starling’s challenges and “prioritizing proactive compliance measures,” banks would be in a position to build more “resilient” systems that address important regulatory requirements while also “safeguarding their reputations” and the trust of their customers.
Cedric from ThetaRay concluded that a firm commitment to ongoing and consistent improvement would transform compliance from a “reactive obligation” into a “proactive strategy” for success.