CFD brokers
leaning on automated compliance systems just got a wake-up call from the UK
regulator. The Financial Conduct Authority (FCA) forced one of the firms under
review to freeze all operations and return customer funds after discovering
that its screening tools failed to detect basic red flags that manual checks
would have revealed within minutes.
In a world
increasingly dominated by artificial intelligence and automation, the case
shows that this may not always be the right direction for compliance in the
financial services sector.
BeAccount Case Study
That
analysis is based on a supervisory notice published by the FCA in the middle of
last month against
BeAccount Ltd. While the company operates in the payments sector,
compliance requirements in the UK remain broadly similar across all regulated
firms, including CFD brokers, particularly with regard to anti-money laundering
(AML) and related obligations
Obligations
In finance, an obligation is a financial responsibility where the terms of a contract must be met. Should an obligation between parties fail then the party who is at default may face legal action. In this scenario, the guilty party will not only have to agree to pay the set amount to fulfill the contractual arrangement but may also be responsible for covering all legal proceedings cost. Routine payments or outstanding debt of any kind are considered financial obligations, so if someone owes you
In finance, an obligation is a financial responsibility where the terms of a contract must be met. Should an obligation between parties fail then the party who is at default may face legal action. In this scenario, the guilty party will not only have to agree to pay the set amount to fulfill the contractual arrangement but may also be responsible for covering all legal proceedings cost. Routine payments or outstanding debt of any kind are considered financial obligations, so if someone owes you
Read this Term.
According
to the FCA’s findings BeAccount's automated systems onboarded a client whose
beneficial owner had been fined
over $11 million by the US Commodity Futures Trading Commission for his role at
Banc de Binary, the binary options operation that defrauded retail traders.
The
software only flagged criminal convictions, not civil enforcement actions, so
the compliance team never saw the multimillion-dollar fine or the permanent
trading ban.
Staff took
the beneficial owner's word that his involvement was "administrative
only" without questioning why regulators had imposed such massive
penalties. Under BeAccount's own risk assessment rules, the regulatory
sanctions should have automatically blocked onboarding. But nobody applied
those rules because the system didn't flag anything.
"There
is an overreliance on automated screening, notably for scanning adverse media.
There is no evidence of the firm undertaking manual open-source checks in any
of the files," the FCA wrote in its December 17 supervisory notice.
When Software Says
"Data Not Verified"
BeAccount's
screening software produced incomplete reports for some of the customers,
displaying messages that stated "data is not received/verified." The
compliance
Compliance
In finance, banking, investing, and insurance compliance refers to following the rules or orders set down by the government regulatory authority, either as providing a service or processing a transaction. Compliance concerning finance would also be a state of being following established guidelines or specifications. This designation can also encompass efforts to ensure that organizations are abiding by both industry regulations and government legislation. Understanding ComplianceCompliance is a
In finance, banking, investing, and insurance compliance refers to following the rules or orders set down by the government regulatory authority, either as providing a service or processing a transaction. Compliance concerning finance would also be a state of being following established guidelines or specifications. This designation can also encompass efforts to ensure that organizations are abiding by both industry regulations and government legislation. Understanding ComplianceCompliance is a
Read this Term team, however, never followed up. They just onboarded the clients
anyway.
The tools
also missed geographic red flags in at least 10 cases. Screening reports showed
customers completing forms in different countries from where they claimed to
live. Nobody at the firm asked about these mismatches.
FCA staff
ran simple Companies House searches on the same clients and immediately found
beneficial owners with multiple failed companies, address inconsistencies
between government registers and company websites, and undisclosed business
relationships. One beneficial owner was connected to 35 other companies,
including eight active ones, but BeAccount's systems flagged nothing.
The firm's
money laundering reporting officer approved high-risk clients with minimal
review. Most approvals consisted of a single word - "approved" - with
no explanation. Some approvals came within minutes of receiving thick
onboarding packages.
Cyprus: Seven Out of Nine
Seven of
the nine client files the FCA reviewed had Cyprus connections. BeAccount's risk
assessment rated Cyprus as low risk in every case, even though the UK National
Risk Assessment 2025 specifically identifies Cyprus as a jurisdiction
"frequently part of complex, multi-jurisdictional corporate
structures" linked to fraud and corruption.
One
customer operated a real estate business in Cyprus. The 2019 Financial Action
Task Force mutual evaluation report on Cyprus highlighted specific weaknesses
in how the country addresses money laundering risks in real estate. BeAccount's
files contained no evidence anyone considered this sector-specific risk.
Karoline
Merino, a compliance analyst at Indigo FX who previously worked in tech,
highlighted the case as evidence that "paper compliance is no longer
enough."
"This
is a particularly useful read for first line of defense teams, including
onboarding, KYC, and customer risk analysts. It clearly shows how frontline
decision-making plays a critical role in ensuring controls operate effectively
in day-to-day activity," Merino wrote on LinkedIn following the FCA's
notice.
Immediate Shutdown
The FCA
didn't gradually restrict BeAccount's operations. The regulator imposed
immediate requirements prohibiting the firm from onboarding new customers,
accepting new funds, or conducting any electronic money or payment services
without written permission.
BeAccount
must return all customer funds "as soon as practicable" and notify
every customer by December 24, 2025. The firm must also preserve all records in
their original form at a UK location for potential regulatory review.
The FCA
concluded BeAccount could no longer meet its authorization conditions because
it lacked "operational effectiveness and adequacy required to be able to
identify, manage, monitor and report the risk of its business being used to
facilitate financial crime."
What This Means for
Trading Firms
CFD brokers
using automated compliance systems should audit how their tools handle
incomplete data, beneficial owners with enforcement histories, and customers
with complex corporate structures across multiple jurisdictions.
Merino
pointed to the automated screening overreliance as particularly concerning.
"Having previously worked in a tech firm, specifically in AI, and now
working in compliance, I've seen first-hand that AI should make processes more
seamless and efficient but giving it full control? I'm not convinced we're
there yet."
The case
makes clear that automated screening works as a first filter, not a complete
solution. Civil enforcement actions carry the same weight as criminal
convictions when assessing fitness. Geographic risk assessments need regular
updates based on current regulatory guidance, not static country lists.
BeAccount's
automated systems weren't obviously broken. They processed data, generated
reports, and scored risks according to their programming. They just couldn't
replace human judgment about whether those scores made sense given the full
context of each customer relationship.
For an
industry where regulators increasingly scrutinize how firms prevent their
platforms from facilitating fraud or money laundering, that distinction may
matter more than compliance teams might want to admit.
"AI is
a powerful tool, but it's not a substitute for human judgment, accountability,
and effective oversight,” Merino concluded.
CFD brokers
leaning on automated compliance systems just got a wake-up call from the UK
regulator. The Financial Conduct Authority (FCA) forced one of the firms under
review to freeze all operations and return customer funds after discovering
that its screening tools failed to detect basic red flags that manual checks
would have revealed within minutes.
In a world
increasingly dominated by artificial intelligence and automation, the case
shows that this may not always be the right direction for compliance in the
financial services sector.
BeAccount Case Study
That
analysis is based on a supervisory notice published by the FCA in the middle of
last month against
BeAccount Ltd. While the company operates in the payments sector,
compliance requirements in the UK remain broadly similar across all regulated
firms, including CFD brokers, particularly with regard to anti-money laundering
(AML) and related obligations
Obligations
In finance, an obligation is a financial responsibility where the terms of a contract must be met. Should an obligation between parties fail then the party who is at default may face legal action. In this scenario, the guilty party will not only have to agree to pay the set amount to fulfill the contractual arrangement but may also be responsible for covering all legal proceedings cost. Routine payments or outstanding debt of any kind are considered financial obligations, so if someone owes you
In finance, an obligation is a financial responsibility where the terms of a contract must be met. Should an obligation between parties fail then the party who is at default may face legal action. In this scenario, the guilty party will not only have to agree to pay the set amount to fulfill the contractual arrangement but may also be responsible for covering all legal proceedings cost. Routine payments or outstanding debt of any kind are considered financial obligations, so if someone owes you
Read this Term.
According
to the FCA’s findings BeAccount's automated systems onboarded a client whose
beneficial owner had been fined
over $11 million by the US Commodity Futures Trading Commission for his role at
Banc de Binary, the binary options operation that defrauded retail traders.
The
software only flagged criminal convictions, not civil enforcement actions, so
the compliance team never saw the multimillion-dollar fine or the permanent
trading ban.
Staff took
the beneficial owner's word that his involvement was "administrative
only" without questioning why regulators had imposed such massive
penalties. Under BeAccount's own risk assessment rules, the regulatory
sanctions should have automatically blocked onboarding. But nobody applied
those rules because the system didn't flag anything.
"There
is an overreliance on automated screening, notably for scanning adverse media.
There is no evidence of the firm undertaking manual open-source checks in any
of the files," the FCA wrote in its December 17 supervisory notice.
When Software Says
"Data Not Verified"
BeAccount's
screening software produced incomplete reports for some of the customers,
displaying messages that stated "data is not received/verified." The
compliance
Compliance
In finance, banking, investing, and insurance compliance refers to following the rules or orders set down by the government regulatory authority, either as providing a service or processing a transaction. Compliance concerning finance would also be a state of being following established guidelines or specifications. This designation can also encompass efforts to ensure that organizations are abiding by both industry regulations and government legislation. Understanding ComplianceCompliance is a
In finance, banking, investing, and insurance compliance refers to following the rules or orders set down by the government regulatory authority, either as providing a service or processing a transaction. Compliance concerning finance would also be a state of being following established guidelines or specifications. This designation can also encompass efforts to ensure that organizations are abiding by both industry regulations and government legislation. Understanding ComplianceCompliance is a
Read this Term team, however, never followed up. They just onboarded the clients
anyway.
The tools
also missed geographic red flags in at least 10 cases. Screening reports showed
customers completing forms in different countries from where they claimed to
live. Nobody at the firm asked about these mismatches.
FCA staff
ran simple Companies House searches on the same clients and immediately found
beneficial owners with multiple failed companies, address inconsistencies
between government registers and company websites, and undisclosed business
relationships. One beneficial owner was connected to 35 other companies,
including eight active ones, but BeAccount's systems flagged nothing.
The firm's
money laundering reporting officer approved high-risk clients with minimal
review. Most approvals consisted of a single word - "approved" - with
no explanation. Some approvals came within minutes of receiving thick
onboarding packages.
Cyprus: Seven Out of Nine
Seven of
the nine client files the FCA reviewed had Cyprus connections. BeAccount's risk
assessment rated Cyprus as low risk in every case, even though the UK National
Risk Assessment 2025 specifically identifies Cyprus as a jurisdiction
"frequently part of complex, multi-jurisdictional corporate
structures" linked to fraud and corruption.
One
customer operated a real estate business in Cyprus. The 2019 Financial Action
Task Force mutual evaluation report on Cyprus highlighted specific weaknesses
in how the country addresses money laundering risks in real estate. BeAccount's
files contained no evidence anyone considered this sector-specific risk.
Karoline
Merino, a compliance analyst at Indigo FX who previously worked in tech,
highlighted the case as evidence that "paper compliance is no longer
enough."
"This
is a particularly useful read for first line of defense teams, including
onboarding, KYC, and customer risk analysts. It clearly shows how frontline
decision-making plays a critical role in ensuring controls operate effectively
in day-to-day activity," Merino wrote on LinkedIn following the FCA's
notice.
Immediate Shutdown
The FCA
didn't gradually restrict BeAccount's operations. The regulator imposed
immediate requirements prohibiting the firm from onboarding new customers,
accepting new funds, or conducting any electronic money or payment services
without written permission.
BeAccount
must return all customer funds "as soon as practicable" and notify
every customer by December 24, 2025. The firm must also preserve all records in
their original form at a UK location for potential regulatory review.
The FCA
concluded BeAccount could no longer meet its authorization conditions because
it lacked "operational effectiveness and adequacy required to be able to
identify, manage, monitor and report the risk of its business being used to
facilitate financial crime."
What This Means for
Trading Firms
CFD brokers
using automated compliance systems should audit how their tools handle
incomplete data, beneficial owners with enforcement histories, and customers
with complex corporate structures across multiple jurisdictions.
Merino
pointed to the automated screening overreliance as particularly concerning.
"Having previously worked in a tech firm, specifically in AI, and now
working in compliance, I've seen first-hand that AI should make processes more
seamless and efficient but giving it full control? I'm not convinced we're
there yet."
The case
makes clear that automated screening works as a first filter, not a complete
solution. Civil enforcement actions carry the same weight as criminal
convictions when assessing fitness. Geographic risk assessments need regular
updates based on current regulatory guidance, not static country lists.
BeAccount's
automated systems weren't obviously broken. They processed data, generated
reports, and scored risks according to their programming. They just couldn't
replace human judgment about whether those scores made sense given the full
context of each customer relationship.
For an
industry where regulators increasingly scrutinize how firms prevent their
platforms from facilitating fraud or money laundering, that distinction may
matter more than compliance teams might want to admit.
"AI is
a powerful tool, but it's not a substitute for human judgment, accountability,
and effective oversight,” Merino concluded.
