Really sorry for the delay responding to this thread. Things are pretty hectic at Monzo Towers right now 
There are very valid questions in this thread regarding storage, retention, and deletion of data, but we don’t think that this is the best place for us to respond to them all. We’ve decided to publish a blog post early next year that goes into detail about how we handle your data, under what conditions you can request that it is deleted, and how to go about that. 
Hopefully that will make everything clear.
To respond to this specifically, the relevant legislation is the The Money Laundering, Terrorist Financing and Transfer of Funds (Information on the Payer) Regulations 2017, which states that we must retain the relevant documentation for a period of at least five years after our relationship with a customer comes to an end.
As @daniel mentioned above, our internal Data Collection and Retention Policy was to keep this information for six years after a customer leaves the bank, providing the customer has not been investigated. This was a typo in the policy 
, which was always meant to align with what the regulation compels us to do. We’re going to amend the policy to five years, as was always intended. I think this is a great example of transparency being beneficial to everyone; we probably wouldn’t have noticed this error for much longer if it weren’t for this thread 