From DORA preparations to TD Bank’s historic US$3 billion fine and the implementation of the T+1 updated securities settlement, Lexology PRO explores the enforcement and rule change activity across banking and financial services to identify key risks and trends for businesses.
This series will cover the following work areas for the period November 2023 to November 2024: data protection, anti-bribery and corruption (ABC) and anti-money laundering (AML), banking, and sanctions.
Scanner, our automated regulatory monitoring tool, covers 14 regulatory areas and tracks over 1,200 regulatory sources. We have published over 33,000 regulatory updates between November 2023 and November 2024.
Please note that the data in this article is based on Scanner’s regulatory coverage, full details of which can be found here.
Most enforcement activity
The Asia-Pacific region (APAC) was particularly active in banking and financial services enforcement, followed by Europe and North America.
India and China were some of the most active jurisdictions when it came to enforcement actions in APAC. This includes India’s central bank fining Union Bank of India 10,640,000 rupees (US$124,200) in August 2024 for non-compliance with its Central Repository of Large Common Exposures Across Banks and Know-Your-Customer (KYC) regulations. The authority also fined CSB Bank 18,600,000 rupees (US$217,600) in the same month for non-compliance with its risk management and outsourcing guidelines. China’s Banking and Insurance Regulatory Commission fined a string of banks for various compliance violations.
It is worth noting that according to a report released in October 2024 by the European Securities and Market Authority (ESMA), European regulators trailed their UK and US counterparts in imposing fines on businesses in 2023. France’s financial regulator, known as the AMF, led continental regulators with €35 million (US$36.3 million) in administrative penalties across the 2023 period, far more than all other European national competent authorities.
The UK Financial Conduct Authority (FCA) imposed over £176 million (US $220.5 million) in fines against individuals and businesses in 2024, more than tripling its £53 million (US $66.4 million) total for 2023. This included notable fines against Citigroup (trading systems and control failures), Barclays (conduct during emergency fundraising), Starling (sanctions screening failures), TSB Bank (failing to fairly treat indebted customers) and Metro Bank (financial crime failings). Despite this, parliamentarians have called for the FCA to be reformed, branding the regulator as “incompetent” in a report published in November 2024.
Active European regulators included the Swiss Financial Market Supervisory Authority, the Financial Supervisory Authority of Norway, and Germany’s Federal Financial Supervisory Authority (BaFin). The German authority fined Citi for a trading and control failure incident involving a £1 billion fat-finger error in 2022, following its UK counterparts who took similar action as mentioned above.
TD Bank was fined US $3.09 billion by multiple authorities in October 2024 after becoming the first bank in US history to plead guilty to failures under the Banking Secrecy Act and for conspiring to commit money laundering offences. “By making its services convenient for criminals, TD Bank became one,” US Attorney General Merrick Garland said. A breakdown of the key lessons from this historic fine can be found here.
In October 2024, JP Morgan was ordered to pay US$151 million to settle five US Securities and Exchange Commission enforcement actions, one of which included making misleading disclosures to investors.
The US Consumer Financial Protection Bureau (CFPB), which has been increasingly active under the previous Biden administration, issued a significant number of enforcement actions. In October 2024, the CFPB fined Goldman Sachs and Apple a total of US$89 million, for the Goldman-backed Apple Card’s failures in mishandling transaction disputes and misleading consumers about interest-free payments.
Most rule change activity
Global rule change trends within banking and financial services included tougher rules on buy now, pay later (BNPL) services, rule changes on cryptoassets, European regulators implementing Digital Operational Resilience Act (DORA) reforms ahead of the 17 January 2025 deadline, and major jurisdictions transitioning to a T+1 securities settlement cycle.
Within the APAC region, Singaporean and South Korean regulators were some of the most active when it came to rule changes. The Monetary Authority of Singapore outlined new protections for cryptoasset holders in September 2024 following FTX’s collapse. Meanwhile, South Korea’s Financial Services Commission tightened its short-selling rules in September 2024, ahead of lifting its blanket ban on the practice in March 2025. Under the changes, institutional and corporate investors planning to engage in short sale transactions will be required to establish their own electronic short sale processing systems and establish internal control standards.
In the US, the CFPB issued a new open banking rule in October 2024, mandating that financial institutions allow consumers to request their data be shared with authorised third parties. The Bank Policy Institute and Kentucky Bankers’ Association filed a lawsuit against the rule immediately, claiming that the regulator “overstepped its statutory authority" and that the rule would "jeopardise" consumers’ privacy and data security.
The Central Bank of Colombia led the number of rule changes among national regulators, with many changes relating to the functioning of payments systems. This included a change in November 2024 focused on risk control in open market and liquidity operations.
The UK’s FCA implemented a new anti-greenwashing rule to prevent businesses from misleading consumers over their sustainability credentials. The rule came into force in May 2024, after survey data from the FCA revealed 81% of UK adults would like their investments to do good as well as provide financial returns.