Contact us
Contact us
THIRD PARTY RISK MANAGEMENT

Metro Bank’s £16m fine showed regulators are setting the tone for 2025

Sophie Rothbarth
Author

Sophie Rothbarth

Last November you may have seen that the FCA fined Metro Bank £16m for failings in its Automated Transaction Monitoring System (ATMS) 

The figure is staggering, but the story behind it is even more so. Over 60 million transactions, worth £51 billion, went unmonitored. This wasn’t the result of a one-off error, but of systemic issues that spanned over four years. 

This case reflects an increasing willingness by regulators to scrutinise how technology is deployed – and a shift towards holding firms accountable for systemic governance failings. Boards across the financial sector should take note: whilst technology implementations can deliver significant time savings, they are only effective when their scope and implementation are comprehensive.

Metro Bank’s £16m fine showed regulators are setting the tone for 2025
Metro Bank’s £16m fine showed regulators are setting the tone for 2025

Around the same time as the Metro Bank fine was revealed, I attended the Financial Risk and Compliance Conference, where these issues cropped up consistently in the breaks. From my conversations, risk teams were concerned that whilst their organisations were adopting and implementing AI, they were doing so without proper governance and challenge.  

Perhaps a case of firms getting carried away by the potential time and cost savings without properly challenging that the scope of the implementation was clearly enough defined? Clearly, there are real lessons to learn. 

When people speak up, don’t tune out

Reading about the Metro Bank fine, it seems junior staff recognised problems with Metro’s systems as far back as 2017. Concerns about Bad Data and transactions falling through the cracks were raised in meetings, but instead of tackling the issues, references to them were removed from the meeting’s minutes. 

This isn’t just an oversight. It’s a reminder of what happens when governance fails. When employees try to escalate risks but are ignored, opportunities to fix problems early are lost. By the time Metro Bank acted, years had passed, and the damage was done. 

Their ‘Lookback Review’ in 2019 uncovered the scope of the problem. Over 150 new suspicious activity reports were filed, and 43 accounts were closed – proof that those unmonitored transactions posed a genuine risk to the financial system.  

It begs the question: how many other warnings are being missed across the industry today? 

Technology is a tool, not a crutch

Metro Bank’s failings are a stark reminder that AI and automation are only as good as the people and processes behind them. Technology, however advanced, cannot replace governance.  

The ‘Time Stamp Code Logic Error’ at the heart of Metro Bank’s issue – a technical flaw that rejected transactions when accounts were opened and transacted on the same day – could have been resolved swiftly if proper reconciliation processes had been in place. 

Instead, it persisted for years, with no one questioning why transactions weren’t being monitored. 

For me, this is the crux of the issue: too often, organisations view technology as a ‘golden bullet’ rather than the enabler. They deploy systems and expect they will work flawlessly, neglecting the essential checks, balances, and human input that underpin success.  

As AI inevitably becomes more and more prevalent in our industry, we need to go in open-eyed, ready to deploy the essential pillars of data governance, bias prevention and human oversight. 

Resilience starts with people

I expect we will see many more fines similar to Metro Bank.  

This isn’t a story about bad technology. Rather, it’s a story about governance – or the lack thereof. As a tool, technology should amplify human insight, not replace it. In Metro Bank’s case, the employees who raised the alarm early could have been the team's greatest asset. Instead, their warnings went unheard. 

Firms looking to avoid a similar fate should focus on implementing robust reconciliation processes, designing governance frameworks that integrate technology oversight with human input, and running regular audits to test system outputs against expected results. 

As AI becomes increasingly embedded in financial services, we need to recognise that operational resilience comes from putting your people first. Empower your teams to challenge systems, to escalate risks, and to act. Build a culture where technology supports people, not the other way around. 

In 2025, let’s make Metro Bank’s case be the example we learn from, not the one we follow. 

 

At BeyondFS, we help financial services firms strengthen governance, integrate technology effectively, and empower their people. If Metro Bank’s story resonates with challenges your organisation is facing, get in touch – we’d love to help. 

Let's make change happen.

We help Financial Institutions accelerate digital transformation – delivering improved efficiencies, better risk controls and enhanced customer experiences.