The collapse of Greensill Capital has led to a series of investigations into how the company got into the financial mess it did and why alarm bells didn’t ring. But one investigation is noticeably conspicuous by its absence—why the company wasn’t properly regulated in the first place.

Especially when you consider Greensill’s failure could end up costing the U.K. government £5 billion (U.S. $7.08 billion).

The very name of the company and the nature of its business—providing payment services including factoring and supply chain financing so that companies could receive cash injections while waiting for clients to pay up—would lend itself to the belief the firm was part of the financial services industry and should duly come under the oversight of the U.K.’s Financial Conduct Authority (FCA) or the Prudential Regulation Authority (PRA). But no.

The PRA has never regulated Greensill because the company is too small for it to monitor. The company’s failure would not impact the U.K.’s financial stability (unlike a major bank), so it is technically of no importance to the Bank of England, said the U.K. central bank’s governor, Andrew Bailey, in a May 6 letter to the U.K. Parliament’s Treasury Select Committee.

The FCA has also said it was not responsible for regulating Greensill. In a similarly addressed letter made public May 11, FCA CEO Nikhil Rathi said the regulator was only in charge of supervising the company’s compliance with anti-money laundering (AML) rules. This is because Greensill was classed as a “registered entity” rather than an “authorized entity” under the Financial Services and Markets Act, the U.K.’s piece of legislation which sets out what activities are regulated (and by which regulator).

The FCA’s wider conduct rules do not apply to “registered” firms. Further, the origination of a supply chain finance instrument is not a regulated activity, according to the FCA. Similarly, employer salary advance services—such as those that were offered by Greensill—are not considered to be a credit-related regulated activity.

In fact, most commercial lending falls outside the FCA’s remit—a situation that has been flagged up previously (though not remedied).

In 2018, the FCA had to drop a probe and enforcement proceedings into Royal Bank of Scotland (RBS) and its senior managers over allegations that its specialist turnaround unit had asset-stripped struggling businesses instead of saving them.

The FCA admitted it had “very limited” powers to take any action against RBS. The regulator tried to hold individuals to account under the Senior Managers Regime instead, which would have prohibited them from working in the financial services industry, even in an unregulated area of business, if they were found to not be fit and proper. However, the FCA pulled the plug because it couldn’t prove its own case.

The problem of shaky financial supervision isn’t limited to the United Kingdom. For years, Germany’s supposed FinTech star Wirecard escaped strict scrutiny because the country’s financial regulator, BaFin, focused its attention on its banking unit rather than the company as a whole. This failure (among others) has contributed to the German government announcing it is preparing to overhaul how—and who—BaFin regulates.

Evidence suggests there are potentially hundreds of companies operating in Europe that may be providing financial services in plain sight of financial watchdogs but are not being regulated by them.

According to the European Banking Authority (EBA), the EU’s banking regulator, only companies where financial activities like lending and taking deposits account for 50 percent or more of their business are subject to financial regulatory scrutiny—nowhere near the compliance threshold to which banks and other financial services providers are subject.

New entrants—such as cryptocurrency and FinTech firms—still appear to be operating under the radar in many cases. According to EBA estimates, nearly a third (31 percent) of FinTech firms in Europe are not subject to any regulation at all.

It is doubtful there is much appetite for governments to revise the status quo and change such lax scrutiny at present; public finances are on their knees as the world battles COVID-19. It is also doubtful whether regulators would want to increase their workloads while budgets and resources remain static (at best).

Those companies currently not subject to such scrutiny are likely to say any increased compliance burden may stifle innovation. As a result, we should expect more embarrassing scandals to appear soon.