Internal Control Failure!

The report analyses FCA enforcement action from 2021-2025 and examines cases where weaknesses in internal controls are clearly identifiable. The headline finding is stark: 52 out of 97 fines (54%) directly referenced Internal control failures, with total financial penalties exceeding £1bn. 

Most control failures were concentrated in anti-money laundering (AML), fraud and financial crime.  These are often symptoms of deeper issues in the internal control environment, including weak governance and oversight. 

Our key message is that firms should respond to these findings by strengthening their internal controls through more robust internal audit capabilities that operate in accordance with our Internal Audit Code of Practice and the Global Internal Audit Standards. 

The report includes key insights from analysis of all the final notices issued by the FCA over the five-year period we examined and includes practical recommendations for internal audit functions, boards and audit committees, and regulators. 

       Download the report here     

Key Findings

• 97 FCA fines issued between 2021 and 2025; 52 were reported as directly relating to internal control failures (54%).
• Total value of fines issued over 2021–2025: £1,025,543,747, representing a significant financial impact on the financial services sector.
• Reported internal control-related fines were concentrated in AML, fraud and financial crime, with repeated weaknesses in customer due diligence, transaction monitoring, sanctions screening and governance.
• Several final notices referenced gaps in coordination across the second and third lines, limited assurance over second-line functions, and delayed or insufficient follow-through on high-priority actions.