Skip to content

Enforcement and litigation update – Key developments including the FCA Enforcement Guide and Upper Tribunal decisions

Insight

magnifying glass

Financial Institutions 360: Enforcement and litigation update

Read other sections of this edition of the Financial Institutions 360:

Revised FCA Enforcement Guide

On 3 June the FCA published Policy Statement PS25/5 on its revised Enforcement Guide along with its final policy on its controversial proposals on ‘naming and shaming’.

The PS confirms the FCA’s earlier policy announcement that they will not be proceeding with their proposals to increase the transparency of enforcement investigations, subject to a public interest test. Instead, the FCA will revert to their previous policy of providing details of enforcement investigations into regulated firms only in exceptional circumstances.

The FCA will however provide further detail of investigations in the following (limited) circumstances:

  • If there is suspected unauthorised activity and/or criminal offences relating to unregulated activity.
  • To provide a reactive confirmation of an investigation, once it is already in the public domain.
  • To share information on an anonymised basis.

The updated enforcement guide (ENFG) is intended to be more streamlined and accessible.

Digital bank Monzo fined £21m

On 7 July 2025, the FCA published a final notice to Monzo Bank Limited, and fined it £21.1 million due to serious systems and controls failures in relation to its anti-money laundering procedures.

Since obtaining its full banking permissions in 2017, Monzo’s customer base increased substantially, growing from 250,000 customers in 2017 to over 12 million customers by April 2025. The FCA found that the firm’s systems and controls to counter financial crime did not keep pace with this expansion.

The FCA found that in the period from October 2018 to August 2020, Monzo had performed inadequate customer due diligence on its customers, including onboarding customers who had given addresses such as ‘Buckingham Palace’. The FCA considered that Monzo’s financial crime framework, in particular its customer risk assessments and the collection of customer information, were inadequate, including in relation to higher risk customers.

In August 2020, the FCA required the firm to appoint a skilled person to review their financial risk management, and Monzo also agreed to a variation of their permissions (VREQ), which prevented them from processing new or additional account applications from high-risk customers. However, during the following two years they onboarded over 25,000 high-risk customers in breach of the VREQ, as well as other separate breaches of the terms of the VREQ.

The FCA therefore found that Monzo had breached Principle 3 of the FCA’s Principles for Businesses and the terms of the VREQ and fined them accordingly. The firm cooperated with the FCA’s investigation and so received a 30% discount on its fine.

Upper Tribunal upholds James Staley ban

On 26 June 2025 the Upper Tribunal handed down its judgment in the case of James Staley v the FCA, relating to a decision notice issued to Mr Staley in 2023, in which the FCA had banned Mr Staley from holding a senior role in financial services, and fined him £1.8m. The Upper Tribunal upheld the ban but reduced the fine.

The matter relates to a letter sent to the FCA from Barclays in 2019, which the FCA alleged contained misleading statements relating to the closeness of Mr Staley’s relationship with the late Jeffrey Epstein. The letter had stated that the friendship was not close, and that the last contact was well before Mr Staley had joined Barclays Bank as CEO in December 2015. The FCA contended that both of these statements were misleading, as they were contradicted by emails subsequently disclosed to the FCA by JP Morgan, and that Mr Staley had been reckless in approving the contents of the letter.

The FCA found that Mr Staley was therefore in breach of provisions of its Code of Conduct, including by failing:

  • to act with integrity (ICR 1);
  • be open and cooperative with the FCA and other regulators (ICR 3); and
  • to disclose any information of which the FCA would reasonably expect notice (SMCR 4).

The FCA prohibited Mr Staley from performing any senior management or significant influence function in relation to any regulated activity carried on by an authorised person, and fined him £1.8m.

The Upper Tribunal upheld the FCA prohibition order, but reduced the fine to £1.1m as Barclays had, subsequent to the FCA’s decision, withdrawn Mr Staley’s right to receive deferred shares to which he was otherwise entitled, which reduced his income on which the level of the fine was based.

Metro Bank executives fined for breach of the Listing Rules

On 16 June 2025, the Upper Tribunal handed down its judgment in the case of Donaldson and Arden v the FCA. Mr Donaldson was the CEO of Metro Bank and shortly before the relevant period, Mr Arden joined as CFO. In October 2018 Metro Bank published its Q3 trading update, making statements including that capital ratios remained robust, that risk weighted assets (RWAs) were £7,398m, and that total capital as a percentage of RWAs was 19%. These figures were not correct and when the real figures were published in January 2019, Metro Bank’s share price dropped by nearly 40%.

The FCA investigated and found that Metro Bank had breached the Listing Rules, and imposed a fine of £10m on the firm, which was not contested. The FCA also found that Mr Donaldson and Mr Arden were ‘knowingly concerned’ (in that they had acted negligently) in the breach of the Listing Rules, and imposed six figure fines on each of them.

They referred their Decision Notices to the Upper Tribunal which considered a) whether the firm had breached the Listing Rules, b) whether Mr Donaldson and Mr Arden had been knowingly concerned in the breach of the Listing Rules, and c), whether to uphold the penalties.

The Upper Tribunal upheld the decisions of the FCA with regards to the first two issues, but reduced the penalties.

The Bank of England fines Vocalink £11.9 million after compliance failure

On 9 July 2025 the Bank of England published a final notice to Vocalink Ltd, a payment systems infrastructure firm, of £11.9 million.

Vocalink designs, builds and operates payments systems infrastructure and was brought under the regulatory remit of the Bank of England in 2018 as a “specified service provider”. 

The Bank of England issued a Direction in 2021, requiring Vocalink to remediate certain failings relating to its systems and controls. In 2022 the Bank required Vocalink to appoint an independent expert to assess whether the firm had complied with the Bank’s Direction. Further to the expert’s report, the Bank found that Vocalink was in breach of its supervisory direction and had failed to undertake the required remediation work, and so fined it accordingly.

This is the first Bank of England fine against a financial market infrastructure firm.

This publication is a general summary of the law. It should not replace legal advice tailored to your specific circumstances.

© Farrer & Co LLP, July 2025

Want to know more?

Contact us

About the authors

Grania Baird banking lawyer

Grania Baird

Partner

Grania leads the financial services regulatory and funds practice at Farrer & Co. She has over 20 years of experience acting for clients across the sector, including private banks, wealth managers, asset managers and, more recently, payment services firms and Fintech businesses.

Grania leads the financial services regulatory and funds practice at Farrer & Co. She has over 20 years of experience acting for clients across the sector, including private banks, wealth managers, asset managers and, more recently, payment services firms and Fintech businesses.

Email Grania +44 (0)20 3375 7443

More by the authors

Further reading

Related sectors & services

Continue to next section
Back to top