The ECB restrictions on Revolut’s European arm show how quickly product-led growth can become a governance issue once a fintech operates as a regulated bank. The European Central Bank temporarily curbed Revolut’s permission to release new products in the European Economic Area last year, according to the supplied facts, after concerns over “deficiencies” in approval processes. Revolut was also ordered to commission a third-party review of the risk, compliance and legal functions governing new product launches in Europe.
The Governance Issue In Brief
The European Central Bank placed increased restrictions on Revolut’s European operations last year after concerns over how the company rapidly approved new financial products. According to the supplied facts, the ECB temporarily limited the European arm’s ability to release new products in the EEA until approval-process deficiencies were addressed.
The regulator also ordered a third-party review of Revolut’s risk, compliance and legal functions relating to product launches. Revolut’s European arm faced tighter restrictions outside the EEA, including limits on bringing on new customers and making corporate acquisitions in countries outside the continent.
The scale of Revolut’s business gives the governance issue wider commercial weight. Revolut has grown to 75mn customers since being founded in 2015, reported £1.7bn in pre-tax profits on £4.5bn of revenue last year, and is currently linked to a share sale valuing the company at $115bn. The case highlights a central challenge for fast-growth fintechs: bank-scale growth requires bank-grade governance.
Regulatory Action in Brief
The authority involved is the European Central Bank. Revolut’s European operations are regulated through the ECB and the Bank of Lithuania, which awarded Revolut a European banking licence in 2018.
The supplied facts state that the ECB temporarily curbed permission for Revolut’s European division to launch new products in the EEA until the company had rectified deficiencies in approval processes. The ECB also ordered Revolut to conduct a third-party review of the risk, compliance and legal functions governing new product launches in Europe.
The facts also state that Revolut’s European arm faced tighter restrictions outside the EEA, including being prevented from bringing on new customers or making corporate acquisitions in countries outside the continent. No financial penalty from the ECB is included in the supplied facts. Revolut said it is in continuous and constructive dialogue with regulators, including the ECB, and that it is committed to high standards of governance and risk management. Revolut’s wider banking expansion has also included new licence, mortgage and IPO ambitions, showing how quickly the company is trying to move from fintech platform to full-scale international bank.
What Is Known So Far
Revolut is described in the supplied facts as Europe’s most valuable fintech. Its European board was informed of the ECB restrictions in July 2025. The restrictions came as Revolut was preparing for a share sale that valued the company at $75bn.
The FT could not establish whether all restrictions had been lifted or whether some remained in place. A person close to the company said Revolut had improved its internal product launch process since last summer, including enhanced reviews of new initiatives by internal experts.
Over the past year, Revolut has launched products across Europe, including mortgages, teen accounts and branches, and has continued growing its customer base. It has also secured a banking licence in Mexico and applied in March for a US banking charter.
Separately, Revolut was fined €11.5mn in Italy in April for giving customers misleading information about fees and terms for investment products.
The Regulatory, Legal Or Accountability Issue
The accountability issue is product governance. The ECB’s concern, based on the supplied facts, was not simply that Revolut was growing quickly. The issue was whether the company’s internal approval processes, risk checks, legal review and compliance oversight were strong enough for the pace and breadth of its product rollout.
For banks and regulated fintechs, this distinction changes the operating model. Fintech firms often grow by moving quickly, testing products, expanding across markets and building around customer adoption. Banking supervision works differently. Regulators expect documented controls, clear accountability, product sign-off, risk assessment, capital planning and evidence that customer and financial-system risks have been considered before products are launched.
The supplied facts say the ECB ordered Revolut to review staffing levels, skills, competences and independence within its approval methods. It also ordered the company to ensure future products would receive sign-off from internal experts and urged the bank’s board to consider how new products would affect capital and liquidity levels.
The accountability standard changed once Revolut was operating through a licensed banking structure. Product speed had to be supported by evidence that risk, compliance, legal and board-level controls were working before launch.
What Appears To Have Failed
The confirmed weakness identified in the supplied facts is deficiency in approval processes. The facts do not establish fraud, financial misconduct or customer losses from the ECB action.
The risk mechanism is clear. Revolut’s strategy relied on rapid development and launch of new financial products. Its chief executive, Nik Storonsky, had described staff as “self-guided missiles” who could “press the button” and reach goals themselves. That culture may support speed and innovation, but in a regulated banking environment it must be balanced by risk, compliance, legal and board-level oversight.
The failure point appears to sit at the boundary between start-up operating style and bank supervisory expectation. Product launch speed outpaced the level of approval discipline the ECB expected from a licensed banking operation.
Root Cause & Control Failure Analysis
The facts point to several control areas that required attention: product approval processes, risk review, compliance input, legal sign-off, staffing capability, independence of approval methods, and board consideration of capital and liquidity effects.
The root governance question is whether internal functions had enough authority to challenge product teams before launches went ahead. The control risk emerges when legal, risk and compliance teams are asked to validate products late in the process rather than shape them from the design stage.
Capital and liquidity review is also central. New financial products can affect a bank’s balance sheet, customer liabilities, operational risk and regulatory obligations. A board cannot properly approve expansion unless it understands how each new product changes the group’s risk profile.
The ECB intervention therefore appears to have been aimed at strengthening the control environment around product launches, rather than stopping innovation altogether.
Warning Signs Organisations Should Monitor
Fast-growing fintechs and digital banks should monitor several warning signs.
One is repeated product launch pressure without matching growth in control functions. If product, engineering and commercial teams expand faster than risk, compliance and legal teams, governance can become reactive.
Another warning sign is informal approval culture. If product launches rely on speed, founder preference, internal momentum or commercial targets without documented sign-off from the relevant experts, the firm may struggle to evidence regulatory control.
Boards should also watch for weak capital and liquidity analysis attached to new products. A product may look commercially attractive while still creating funding, conduct, balance-sheet or operational risks.
Another warning sign is weak customer-impact assessment, especially where fees, product terms or investment features are communicated differently across markets.
Other warning signs include unclear ownership of product risk, poor records of challenge, approval meetings without independent attendance, limited legal review, compliance testing after launch rather than before launch, and expansion into new jurisdictions before local governance is mature.
Controls Firms Should Review Now
Firms exposed to similar risks should review whether every new product has a documented approval file showing product owner sign-off, legal review, compliance assessment, risk approval, customer-impact analysis, capital and liquidity assessment, and board visibility where the product materially changes the business.
They should also test whether control functions can delay or stop launches, rather than simply comment after commercial decisions have already been made. That authority should be visible in minutes, approval records and escalation logs. Senior management should be accountable for proving that product-launch controls are not bypassed under commercial pressure. Internal audit should test a sample of recent launches to confirm that the documented approval process matches what happened in practice.
Governance, Compliance And Financial Implications
Executives need to align the growth model with the regulatory model. A fintech can operate with technology-company speed, but once it holds banking permissions, product development must sit inside a controlled approval framework.
Boards should be able to see which products are being launched, who approved them, what risks were identified, how legal and compliance concerns were addressed, and whether capital and liquidity effects were assessed.
Compliance teams should be involved before launch, not after the product is already built. Their role should include product design, customer-impact assessment, regulatory classification, fee disclosure, suitability of terms, complaints risk and monitoring obligations.
For customers, weak product governance can increase the risk that products are launched before fees, terms, suitability, service obligations or complaints processes have been properly tested.
For investors, the consequence is valuation quality. Revolut has been linked to valuations of $75bn, $115bn and a potential future $200bn IPO target. Those figures make governance strength commercially important. A high-growth fintech valued against expansion potential still faces the regulatory constraints of a bank.
Lessons For Organisations
The first lesson is that regulated firms need product governance that can keep pace with innovation. Speed is valuable only if approval controls are strong enough to support it.
The second lesson is that risk, compliance and legal teams must have genuine authority. Their role should not be symbolic. They need access to product information, enough skilled staff, independence from commercial pressure and the ability to delay launches where controls are not ready.
The third lesson is that boards must consider the balance-sheet effect of new products. Capital and liquidity implications should be reviewed before launch, especially when a firm is expanding across countries or adding products that change customer exposure. The fourth lesson is that international growth increases control complexity. Revolut’s European operations were regulated through the ECB and Bank of Lithuania, while the company has also pursued licences in Mexico and the US. Cross-border expansion requires strong central governance and local regulatory understanding.
Internal audit should periodically test whether product approval controls operate in practice, including whether risk and legal objections are documented, escalated and resolved before launch.
Regulatory Trends And Enforcement Priorities
The supplied facts show the ECB focused on product approval, internal expertise, risk controls, compliance review, legal oversight, staffing competence and board assessment of capital and liquidity. That points to a broader supervisory priority: regulators expect fintechs with banking licences to behave like banks in their control environment, even if their customer experience, product design and technology stack look more like a digital platform. The same regulatory direction can be seen in FCA’s approach to crypto regulation in the UK, where the focus is on whether firms have the governance, disclosures, controls and risk-management systems needed before financial harm emerges. The ECB’s action involving Revolut sits in a different regulatory lane, but the underlying message is similar: fast-moving financial products need control frameworks strong enough to protect customers, investors and the wider market.
The tension is not between innovation and regulation in the abstract. It is between rapid launch culture and evidence-based supervisory control. Regulators may tolerate innovation, but they still expect firms to show who approved a product, what risks were assessed, what customer impact was considered and how the board understood the consequences.
The Wider Ramifications
The Revolut case extends beyond one fintech because many financial firms are trying to combine rapid product development with regulated-market permissions. That creates a structural governance challenge.
If similar weaknesses appear elsewhere, firms may recognise them through delayed compliance involvement, weak launch documentation, under-resourced control functions, unclear risk ownership, poor board reporting and product expansion that moves faster than governance capacity.
The consequence of ignoring those weaknesses can include launch restrictions, increased supervisory scrutiny, delayed expansion, reputational pressure, investor concern and higher compliance costs.
What Happens Next
The supplied facts do not confirm whether all ECB restrictions have been lifted. Revolut said it regularly strengthens its internal control environment and operational processes in line with supervisory expectations. For firms watching the case, the response should be practical. Boards should review product approval frameworks, capital and liquidity assessment, compliance involvement, legal sign-off, staffing levels, internal expertise and independence of control functions.
For regulated fintechs, growth only compounds value when the control framework is strong enough to withstand supervisory scrutiny.
