The Financial Conduct Authority (FCA) has threatened to fine Tesco Bank up to £30mn after an "unprecedented and serious" cyber attack affected thousands of customers two years ago.

The UK regulator has discussed the penalty although a final figure, which could be lower, will be agreed in the next few weeks.

The cyber attack on Tesco Bank saw money stolen from 20,000 and over 40,000 customers, plunging the lender into chaos and forcing it to shut down online transactions for two days in 2016.

If regulators find that failures in Tesco Bank’s systems and controls contributed to the incident then the lender could be hit with a penalty over and above the cost of refunding affected customers and any other compensation, sources told Sky News which first reported the fine.

At the time of the attack, customers complained that they were kept on hold for hours and received no communication from Tesco Bank despite losing hundreds of pounds after the cyber attack hit paralysed the bank's IT systems.

The Telegraph reported the probability of a multi-million fine if regulators found that failures in Tesco Bank’s systems and controls contributed to the incident.