There isn’t a fixed/mandated set, it’s up to us at Monzo to pick a Certificate Authority and get a certificate from them that your computer trusts. Right now we use mostly Amazon and LetsEncrypt (A lot of stuff at Monzo is hosted on AWS after all)
There are a lot of initiatives in PKI right now to try and shore up against rogue certificate authorities, because it has happened, most notably when DigiNotar issued a rogue certificate for google.com
There’s DNS CAA which allows us to restrict which Certificate Authorities can issue certificates for Monzo even when they would normally be allowed to by default, our CAA records only let Comodo, DigiCert, BuyPass, LetsEncrypt and Amazon issue certificates for monzo.com
There’s also Certificate Transparency, which means that certificate authorities have to publish any new certificates they issue to a public ledger, this means that rogue certificates can be spotted as soon as they’re issued and action can be taken faster if a Certificate Authority gets compromised.
EDIT: Just going to add you can search Certificate Transparency ledgers using handy sites like crt.sh, for example https://crt.sh/?q=%.monzo.com