CFD brokers leaning on automated compliance systems just got a wake-up call from the UK regulator. The Financial Conduct Authority (FCA) forced one of the firms under review to freeze all operations and return customer funds after discovering that its screening tools failed to detect basic red flags that manual checks would have revealed within minutes.

In a world increasingly dominated by artificial intelligence and automation, the case shows that this may not always be the right direction for compliance in the financial services sector.

BeAccount Case Study

That analysis is based on a supervisory notice published by the FCA in the middle of last month against BeAccount Ltd. While the company operates in the payments sector, compliance requirements in the UK remain broadly similar across all regulated firms, including CFD brokers, particularly with regard to anti-money laundering (AML) and related obligations Obligations In finance, an obligation is a financial responsibility where the terms of a contract must be met. Should an obligation between parties fail then the party who is at default may face legal action. In this scenario, the guilty party will not only have to agree to pay the set amount to fulfill the contractual arrangement but may also be responsible for covering all legal proceedings cost. Routine payments or outstanding debt of any kind are considered financial obligations, so if someone owes you In finance, an obligation is a financial responsibility where the terms of a contract must be met. Should an obligation between parties fail then the party who is at default may face legal action. In this scenario, the guilty party will not only have to agree to pay the set amount to fulfill the contractual arrangement but may also be responsible for covering all legal proceedings cost. Routine payments or outstanding debt of any kind are considered financial obligations, so if someone owes you Read this Term.

According to the FCA’s findings BeAccount's automated systems onboarded a client whose beneficial owner had been fined over $11 million by the US Commodity Futures Trading Commission for his role at Banc de Binary, the binary options operation that defrauded retail traders.

The software only flagged criminal convictions, not civil enforcement actions, so the compliance team never saw the multimillion-dollar fine or the permanent trading ban.

• UK Watchdog Extends Consumer Duty Lens from CFDs to “Complex” Exchange Traded Products
• 7 Million Britons Sit on Cash as FCA Moves to Nudge Them into Investing
• FCA Unveils Consumer Tool as The UK Investment Scams Hit 800,000 Victims

Staff took the beneficial owner's word that his involvement was "administrative only" without questioning why regulators had imposed such massive penalties. Under BeAccount's own risk assessment rules, the regulatory sanctions should have automatically blocked onboarding. But nobody applied those rules because the system didn't flag anything.

"There is an overreliance on automated screening, notably for scanning adverse media. There is no evidence of the firm undertaking manual open-source checks in any of the files," the FCA wrote in its December 17 supervisory notice.

When Software Says "Data Not Verified"

BeAccount's screening software produced incomplete reports for some of the customers, displaying messages that stated "data is not received/verified." The compliance Compliance In finance, banking, investing, and insurance compliance refers to following the rules or orders set down by the government regulatory authority, either as providing a service or processing a transaction. Compliance concerning finance would also be a state of being following established guidelines or specifications. This designation can also encompass efforts to ensure that organizations are abiding by both industry regulations and government legislation. Understanding ComplianceCompliance is a In finance, banking, investing, and insurance compliance refers to following the rules or orders set down by the government regulatory authority, either as providing a service or processing a transaction. Compliance concerning finance would also be a state of being following established guidelines or specifications. This designation can also encompass efforts to ensure that organizations are abiding by both industry regulations and government legislation. Understanding ComplianceCompliance is a Read this Term team, however, never followed up. They just onboarded the clients anyway.

The tools also missed geographic red flags in at least 10 cases. Screening reports showed customers completing forms in different countries from where they claimed to live. Nobody at the firm asked about these mismatches.

FCA staff ran simple Companies House searches on the same clients and immediately found beneficial owners with multiple failed companies, address inconsistencies between government registers and company websites, and undisclosed business relationships. One beneficial owner was connected to 35 other companies, including eight active ones, but BeAccount's systems flagged nothing.

The firm's money laundering reporting officer approved high-risk clients with minimal review. Most approvals consisted of a single word - "approved" - with no explanation. Some approvals came within minutes of receiving thick onboarding packages.

Cyprus: Seven Out of Nine

Seven of the nine client files the FCA reviewed had Cyprus connections. BeAccount's risk assessment rated Cyprus as low risk in every case, even though the UK National Risk Assessment 2025 specifically identifies Cyprus as a jurisdiction "frequently part of complex, multi-jurisdictional corporate structures" linked to fraud and corruption.

One customer operated a real estate business in Cyprus. The 2019 Financial Action Task Force mutual evaluation report on Cyprus highlighted specific weaknesses in how the country addresses money laundering risks in real estate. BeAccount's files contained no evidence anyone considered this sector-specific risk.

Karoline Merino, a compliance analyst at Indigo FX who previously worked in tech, highlighted the case as evidence that "paper compliance is no longer enough."

"This is a particularly useful read for first line of defense teams, including onboarding, KYC, and customer risk analysts. It clearly shows how frontline decision-making plays a critical role in ensuring controls operate effectively in day-to-day activity," Merino wrote on LinkedIn following the FCA's notice.

Immediate Shutdown

The FCA didn't gradually restrict BeAccount's operations. The regulator imposed immediate requirements prohibiting the firm from onboarding new customers, accepting new funds, or conducting any electronic money or payment services without written permission.

BeAccount must return all customer funds "as soon as practicable" and notify every customer by December 24, 2025. The firm must also preserve all records in their original form at a UK location for potential regulatory review.

The FCA concluded BeAccount could no longer meet its authorization conditions because it lacked "operational effectiveness and adequacy required to be able to identify, manage, monitor and report the risk of its business being used to facilitate financial crime."

What This Means for Trading Firms

CFD brokers using automated compliance systems should audit how their tools handle incomplete data, beneficial owners with enforcement histories, and customers with complex corporate structures across multiple jurisdictions.

Merino pointed to the automated screening overreliance as particularly concerning. "Having previously worked in a tech firm, specifically in AI, and now working in compliance, I've seen first-hand that AI should make processes more seamless and efficient but giving it full control? I'm not convinced we're there yet."

The case makes clear that automated screening works as a first filter, not a complete solution. Civil enforcement actions carry the same weight as criminal convictions when assessing fitness. Geographic risk assessments need regular updates based on current regulatory guidance, not static country lists.

BeAccount's automated systems weren't obviously broken. They processed data, generated reports, and scored risks according to their programming. They just couldn't replace human judgment about whether those scores made sense given the full context of each customer relationship.

For an industry where regulators increasingly scrutinize how firms prevent their platforms from facilitating fraud or money laundering, that distinction may matter more than compliance teams might want to admit.

"AI is a powerful tool, but it's not a substitute for human judgment, accountability, and effective oversight,” Merino concluded.