Revolut discovered a spate of suspected money laundering on its digital payments system a few months ago, prompting the UK’s fastest growing financial technology company to notify law enforcement authorities and the financial watchdog.
The act of reporting the suspected criminal activity to the National Crime Agency and the Financial Conduct Authority underlines the significance of the potential wrongdoing that Revolut found. It also highlights how seriously the company takes its legal obligations.
Companies usually only file suspicious activity reports to the NCA, but the FCA expects to be informed when they are particularly material.
The incident could be seized on by Revolut’s critics, who question whether it can maintain strong enough defences against financial crime while pursuing its super-charged growth strategy. It is advertising for its third compliance head in the past year.
The company launched three years ago in a crowded field of British pre-paid card operators seeking to disrupt traditional banks by offering cheap cross-border payments. But it quickly diversified into cryptocurrency and small business services, and recently more than doubled its customers to 2.25m in six months.
The Financial Times has spoken to several current and former Revolut employees, as well as rivals and regulatory officials, about the company’s efforts to stay on top of its commitments to fight financial crime. The NCA and FCA declined to comment.
Many of the people said that Revolut’s rapid growth and use of automated compliance checks, which make it popular with customers who can open an account in only a few seconds, could leave it vulnerable to abuse by increasingly sophisticated financial criminals.
Nikolay Storonsky, co-founder and chief executive of Revolut, declined to comment on the suspected money laundering issue. He defended the company’s compliance systems. He also pointed out that it had recently been re-authorised under the EU’s second payments services directive and came through an FCA review of industry-wide anti-money laundering controls. *
The company restricts users to about £25,000 of payments a year when they first sign up — building from a £500 limit for the first month — making it hard for criminals to launder large sums. But customers can increase the limit by providing proof of the source of their funds. Small business accounts are less restricted.
Mr Storonsky suggested that it had more rigorous checks than big banks such as HSBC, which employs thousands of compliance staff, as he demonstrated its new transaction monitoring system that ranks each payment by its riskiness. A Russian cash withdrawal is rated high risk while a payment to a UK bank account is low risk. “Depending on who you send money to it is weighted by risk and that accumulates,” he said.
The Revolut boss, who created the company in 2015 after working for Lehman Brothers and Credit Suisse, denied rumours that it was poised to launch in his native Russia.
He said that its priorities were the US, Canada, Australia, New Zealand, Singapore, Hong Kong and Japan. “We are not launching in any jurisdictions until we are completely ready,” he said.
Yet several people familiar with Revolut said the company’s culture of aggressive growth was stretching its ability to stay on top of compliance. “The culture is expand at all costs, which is not a phrase that sits well with regulators,” said a former regulatory official.
Mr Storonsky denied that its culture was to play down compliance. “At Revolut, we have an open culture, junior people can challenge you, and people we have hired from banks don’t like it.”
Revolut met UK regulators about applying for a banking licence last year but decided to apply for one in Lithuania instead, partly to avoid the disruption of Brexit. It plans to expand into the US via partnerships with local banks before applying for a banking licence there.
The company employs 40-50 compliance analysts in London and Krakow, Poland, and has about 80 software engineers in Russia. It recently moved out of the Level 39 start-up accelerator in Canary Wharf, London, into its own offices a few streets away.
Another person familiar with Revolut’s approach claimed that certain managers had sometimes sought to bypass compliance requirements, alleging that on one occasion an executive changed a key code to dial down compliance controls and ease pressure on the customer support team.
Revolut denied such a move had happened, saying it would have needed approval from the risk committee of its board.
An executive at a company that carried out due diligence on Revolut said it had walked away from an opportunity to work with it because of worries about its limited checks when customers sign up. “It is basically piggybacking on the banks and relying on its transaction monitoring system to catch any suspicious activity,” said the person.
Revolut said that its checks were more comprehensive than required by regulators when signing up clients but were speeded up by automation and facial recognition technology. “My view is we need to automate as much as possible,” said Mr Storonsky. “Banks are now copying us.”
Another person familiar with the company said: “They grew faster than expected and beat their own targets. That stretched them. Are they perfect? Probably not. But are they making every best reasonable effort? I think they are now really starting to put energy behind it.”
* This article has been amended since publication to clarify that Revolut participated in an industry-wide review of anti-money laundering controls by the FCA and was not the subject of a company-specific exercise.
Get alerts on Fintech when a new story is published