CASE RECAP:

​​

What happened, and why it is worth your attention:

​

On 17 December 2025, the Financial Conduct Authority issued a First Supervisory Notice to BeAccount Ltd, a small FCA-authorised electronic money institution trading under the name Payine. The notice took effect immediately. All electronic money and payment services were suspended. 2,201 clients were unable to transact. The firm was required to return all customer funds and notify its entire client base within days. There was no fine. The FCA simply stopped

the business.

 

BeAccount is not a household name. It is not a global bank. It is a small firm with a board, an MLRO, a customer risk assessment methodology, external compliance auditors, and a documented set of policies and procedures. It looks, in other words, like a firm that had taken compliance seriously enough to build the infrastructure. What the FCA found was that none of that infrastructure was working.

 

This recap covers the key facts from the case. Read it carefully. The quiz questions that follow are based on the specific details here, and they will require you to have understood the case rather than simply recognised it.

 

The regulatory action:

​

The FCA acted under regulation 11(1) of the Electronic Money Regulations 2011, which allows it to vary a firm's authorisation where the firm no longer meets, or is unlikely to meet, the conditions for authorisation. The specific condition at issue was regulation 6(5)(b) of the EMRs: the requirement to have effective procedures to identify, manage, monitor and report any risks to which the firm might be exposed.

 

BeAccount is a payment services firm, and its authorisation sits under the EMRs rather than the Financial Services and Markets Act 2000. But the Money Laundering Regulations 2017 applied to it in full, as they do to any financial institution conducting payment services. Every obligation that the MLRs impose, on risk assessment, CDD, EDD, ongoing monitoring, PEP screening, and suspicious activity reporting, applied to BeAccount in exactly the same way they apply to any other regulated firm. The fact pattern that follows is therefore directly translatable to any FCA-supervised firm subject to the MLRs.

 

What the FCA found:

​

The FCA reviewed nine client files, selected from the firm's top clients by transactional volume and value, with a proportional spread across BeAccount's own risk ratings to give a representative picture. The purpose was to test whether the firm's financial crime controls were working in practice. Every single file was rated inadequate.

 

Customer risk assessments. The CRAs across all nine files provided no commentary on how the firm had assessed risk or justified its onboarding decision. The methodology was not being followed consistently, fields were left blank without explanation, and the risk ratings produced were not supported by evidence. In one file, a turnover figure was recorded as 25 instead of 250; a tenfold error. That single mistake changed the client's risk rating from high to low, which moved its periodic review cycle from annual to every three years. The MLRO approved the rating. No one at any stage identified the error. When the FCA arrived, that client's 2025 review was overdue.

 

Customer due diligence. All nine application forms were incomplete, and none were dated. Business models were described in terms such as "makes sense" with no explanation of why. In seven of the nine files, it was unclear why the customer wanted to open an account with a UK authorised institution: there were clients with no UK presence, no employees in the UK, and UBOs based in overseas jurisdictions, with no evidence that the firm had explored the rationale. Documents such as bank statements and management accounts had been collected in some files but showed no evidence of having been reviewed or analysed.

 

The “Customer 2” decision. Customer 2 in the FSN is one of the most significant individual findings in the case. The UBO of this customer had been the subject of civil enforcement proceedings by the US Commodity Futures Trading Commission, fined in excess of $11 million, and subjected to a permanent ban on offering or trading certain contracts to US customers. BeAccount's own CRA methodology included a field for regulatory sanctions and stated explicitly that a "Yes" response was an automatic prohibition. The onboarding team ticked "No" for both adverse findings and regulatory sanctions. The MLRO approved the onboarding. The justification recorded on the file: the UBO had no criminal record, and he had confirmed that his involvement in the convicted activity was administrative only. BeAccount accepted that explanation. The client was onboarded.

 

PEP and sanctions screening. All nine files were rated inadequate in this area. The firm was over-reliant on automated screening tools and conducted no manual open-source checks in any of the files. In one customer file, the FCA identified a potential PEP connection: links via a business associate to a politically influential individual with alleged connections to a foreign head of government. They did this through open-source searches that took minutes. The firm's

automated tools had identified nothing.

 

Transaction monitoring and MLRO decisions. Transaction monitoring rules were generic rather than calibrated to individual client profiles. Across all nine files, MLRO decisions on onboardings were recorded as a single word "approved" with no rationale, no reference to the risk rating, and no reference to board approval. In one file, a large transaction was flagged for review. The MLRO requested source of wealth information. Two hours later, the transaction

was approved, citing that the MLRO had "seen the tax return." There was no evidence in the file that the tax return had ever been received. In a separate file, the MLRO approved a transaction and recorded: "I think I am satisfied." The FCA noted that the phrasing expresses doubt. Doubt requires further investigation, not approval.

 

Suspicious activity reporting. Across all nine client files, not a single SAR had been submitted. The FCA's concern was not that every file required a SAR. It was that the files contained insufficient substance to even determine whether SARs should have been filed. The reporting framework was not generating enough information for the obligation to be discharged

properly.

 

The “Customer 6” offboarding. For ten months preceding Customer 6’s account closure request in June 2025, the customer had been transacting at volumes and values that significantly exceeded its own stated forecast. When asked, the client had explained this as a result of its success and "significant level of activity." In June 2025, the same client asked to close its account, citing a significant reduction in activity and business costs. The two explanations directly contradicted each other. BeAccount closed the account on the same day the request was received. There was no escalation, no board discussion, and no documented consideration of whether a SAR should be raised before the relationship ended.

 

The outcome:

​

The FCA considered the requirements necessary indefinitely. Based on BeAccount's own financial data (monthly fixed costs of £225,000 against liquid assets of approximately £850,000) the FCA assessed that the firm had an estimated eight months before insolvency. There was no graduated warning, no opportunity to remediate before the action took effect. A First Supervisory Notice, and the business effectively ceased to exist.

 

Before you attempt the quiz:

​

The questions that follow test your understanding of the specific facts and regulatory findings in this case. Some questions ask what happened; others ask why it mattered from a regulatory perspective. A few test whether you can distinguish between what BeAccount did and what it should have done. The facts in this document contain everything you need.

 

 

 

 

 

Coventium | Training Materials | Not for further distribution