FCA fine Barclays Bank Plc (“Barclays”) £39,314,700 due to AML failures on its client, Stunt & Co Ltd

Final notice 2025: Barclays Bank plc. https://www.fca.org.uk/publication/final-notices/barclays-bank-plc-2025.pdf

1. For the reasons given in this Final Notice, the Authority hereby imposes on Barclays Bank Plc (“Barclays”) a financial penalty of £39,314,700 under section 206 of the Act. 
2. Barclays agreed to resolve this matter and qualified for a 30% (stage 1) discount under the Authority’s executive settlement procedures.
3. Were it not for this discount, the Authority would have imposed a financial penalty of £56,163,900 on Barclays.

Summary of the FCA Final Notice to Barclays Bank Plc (14 July 2025)

• The Financial Conduct Authority (FCA) imposed a financial penalty of £39,314,700 on Barclays Bank Plc for breaches of Principle 2 of the FCA’s Principles for Businesses, which requires firms to conduct business with due skill, care, and diligence.
• The penalty relates to Barclays’ failure to adequately identify, assess, monitor, and manage money laundering risks associated with its client, Stunt & Co Ltd, during the period from January 9, 2015, to April 23, 2021 (the Relevant Period).
• Barclays settled early, qualifying for a 30% discount, reducing the penalty from £56,163,900.

Money Laundering Aspects

Context and Risks:

• The FCA emphasised that financial institutions must minimise the risk of being used for money laundering to protect the integrity of the UK financial system;
• This involves robust Customer Due Diligence (CDD), Enhanced Due Diligence (EDD) for high-risk clients, and ongoing transaction monitoring;
• Stunt & Co, a company involved in gold refining and trading, received £46.8 million from Fowler Oldfield Ltd, a UK jewellery business under criminal investigation for money laundering; and
• The FCA concluded that these funds were proceeds of crime, and Stunt & Co’s account was used to launder them.

Barclays’ Relationship with Stunt & Co:

• Stunt & Co opened an account with Barclays in January 2015, with James Stunt as its director and sole shareholder;
• Barclays classified Stunt & Co as low risk, despite its business involving high-risk jurisdictions (West Africa and the Middle East) and a high-risk industry (gold trading); and
• Between July 2015 and August 2016, Stunt & Co received £46.8 million in electronic transfers from Fowler Oldfield, including 361 round-sum payments of £100,000, which the FCA identified as a money laundering red flag.

Mistakes and Red Flags

Barclays’ failures in managing money laundering risks included:

1. Inadequate CDD at Onboarding:
• Barclays failed to obtain sufficient information about Stunt & Co’s business, source of wealth, and source of funds, assigning it a low-risk rating without justification;
• The industry classification as “Jewellery” (instead of gold refining) was inaccurate, and no EDD was applied despite the high-risk nature of the business; and
• High-risk indicators, such as trading in West Africa and the Middle East, were not adequately considered, and adverse media checks were conducted but not followed up.
2. Failure to Apply EDD:
• Despite Barclays’ 2013 AML policy requiring EDD for high-risk industries and jurisdictions, no EDD was conducted for Stunt & Co at onboarding or during the relationship, except for a brief period (March 2019–May 2020) when it was rated medium risk; and
• The Relationship Director’s attestation falsely confirmed no compliance referrals or red flags, despite clear triggers for EDD.
3. Inadequate Ongoing Monitoring:
• Barclays failed to monitor Stunt & Co’s transactions to ensure consistency with its known business profile;
• Significant payments from Fowler Oldfield (£9 million in three months, later totalling £46.8 million) were not scrutinised, despite being inconsistent with the expected annual turnover of £3 million; and
• Round-sum payments of £100,000 were not flagged as potential money laundering indicators.
4. Missed Red Flags:
• Adverse Media: Media reports in November 2015 questioned James Stunt’s source of wealth, but Barclays did not escalate this for further review;
• Fowler Oldfield Transactions: The high volume and value of payments from Fowler Oldfield, a company later investigated for money laundering, were not flagged as suspicious;
• Law Enforcement Requests: In August 2016, Barclays received a law enforcement request indicating Fowler Oldfield’s potential money laundering and Stunt & Co’s involvement, but this was not shared with relevant teams (e.g., IMI team or Relationship Director) due to resource constraints and a lack of transparent processes;
• Production Orders: Between August and November 2016, Barclays received Production Orders related to Stunt & Co. and James Stunt, but these did not trigger a review of the risk rating or EDD; and
• Police Raids: In September 2016, police raids on Fowler Oldfield and Stunt & Co, with 12 arrests at Fowler Oldfield, were not adequately investigated, despite police confirmation of a “close link” between the two entities.
5. KYC Refresh Failures:
• A 2016 KYC refresh, prompted by adverse media, failed to verify Stunt & Co’s business or James Stunt’s source of wealth;
• Barclays accepted incomplete and unverified information from Stunt & Co’s accountant and did not follow up on missing CDD data about Fowler Oldfield; and
• The KYC refresh was certified complete in January 2017, despite outstanding queries and awareness of a police investigation into Fowler Oldfield.
6. Poor Internal Communication:
• Information from law enforcement and Production Orders was not shared across relevant teams (e.g., Barclays AML Intelligence team, IMI team, and Court Orders Unit), preventing a holistic assessment of risks; and
• The 2016 “Project Dust” review, initiated after Production Orders and police raids, concluded Stunt & Co’s transactions were consistent with its KYC, ignoring round-sum transfers and failing to consider law enforcement intelligence.
7. Failure to Respond to Court Orders (2017–2020):
• Additional court orders, including a restraint order in August 2018, did not prompt Barclays to reassess Stunt & Co’s risk rating or conduct EDD, contrary to its AML Customer Lifecycle Standard.

Lessons Learned

1. Robust CDD and EDD Processes:
• Firms must thoroughly verify the nature of a client’s business, source of wealth, and source of funds at onboarding, particularly for high-risk industries or jurisdictions. EDD should be applied promptly when risk indicators are present.
2. Effective Ongoing Monitoring:
• Continuous transaction monitoring is critical to detect inconsistencies with a client’s known business profile. Round-sum payments and high-value transactions should be flagged and investigated as potential red flags for money laundering.
3. Response to Red Flags:
• Adverse media, law enforcement requests, and court orders must trigger immediate reviews of a client’s risk rating and potential EDD. Firms should have transparent escalation processes for such events.
4. Internal Information Sharing:
• Firms need robust systems to ensure that critical information (e.g., law enforcement intelligence, court orders) is shared across relevant teams to enable comprehensive risk assessments.
5. Resource Allocation:
• Adequate resources and transparent processes are essential to handle law enforcement requests and conduct thorough investigations without delays due to resource constraints.
6. Proactive Risk Management:
• Firms should proactively reassess client risk ratings in response to trigger events and not rely on incomplete or unverified information. Periodic reviews should be conducted for high-risk clients, even if initially rated as low risk.
7. Compliance with Guidance:
• Barclays’ failures occurred despite FCA and JMLSG guidance emphasising robust AML controls. Firms must align their policies with regulatory expectations and ensure compliance through regular training and audits.

Conclusion

• Barclays’ failure to implement adequate AML controls allowed Stunt & Co to receive £46.8 million in suspected criminal proceeds from Fowler Oldfield.
• The bank’s deficiencies in CDD, EDD, transaction monitoring, and response to red flags highlight systemic weaknesses in its AML framework.
• The FCA’s penalty highlights the importance of proactive, risk-sensitive AML measures in preventing financial crime.
• Barclays’ self-initiated review in 2021 (Project Rufus) and cooperation with the FCA mitigated the penalty; however, the case highlights the need for robust internal controls and effective communication to manage money laundering risks effectively.

Source

• https://www.comsuregroup.com/news/barclays-fined-42-million-for-banking-dirty-money-associated-with-fowler-oldfield-wealthtek/
• https://www.fca.org.uk/publication/final-notices/barclays-bank-plc-2025.pdf