From record fines in Canada and Germany to an unprecedented rollback in the US following Trump’s return to the White House, Lexology PRO analyses enforcement activity across banking to identify key risks and trends.
The data in this article is based on Lexology PRO’s Scanner, our automated regulatory monitoring tool covering 18 regulatory areas and tracking over 1500 regulatory sources. Full details on Scanner’s regulatory coverage can be found here.
Enforcement in this series includes any action regulators have taken as part of their enforcement powers, including active investigations, audits, decisions, fines, penalties, settlements, and/or orders. This report covers data – primarily agency announcements – released between 1 November 2024 and 1 November 2025.
Banking-related enforcement activity has remained strong in 2025, with authorities globally prioritising anti-money laundering (AML) compliance, governance and cybersecurity while taking steps to strengthen regulatory frameworks across crypto and AI.
Non-bank financial institutions have been exposed to significant enforcement action over the last 12 months as traditional banks continue to cede market share to crypto firms, fintechs and private credit funds. This was evident in the Financial Transactions and Reports Analysis Centre of Canada’s record-shattering C$177 million (US$125 million) penalty issued to crypto exchange Xeltox Enterprises over AML failures.
But traditional banks remain exposed, with the German regulator BaFin issuing JP Morgan’s European arm a record €45 million (US$52 million) fine after finding “systemic” suspicious transaction reporting failures.
Lexology PRO explores trends in global banking enforcement from Scanner’s data, highlighting significant enforcers, penalties and jurisdictions while looking ahead to 2026 for key risks.
Dominating the enforcement landscape this year were jurisdictions with advanced economies and large, globalised financial centres, led by India, China, the US and EU.
Key priority compliance areas included financial crime, internal governance and cybersecurity. Enforcement action globally was often responding to emerging technologies and novel sectors including digital assets and AI alongside an evolving – and deteriorating – geopolitical landscape, which was cited by many as a key risk going into 2025. This has included Western authorities issuing significant sanctions-related enforcement over Russia and Iran.
Donald Trump’s return to the White House has seen the level of significant enforcement action fall in the US. Despite remaining an active jurisdiction, some federal regulators have adopted a laxer approach to enforcement, with the Consumer Financial Protection Bureau (CFPB) collapsing and the Securities and Exchange Commission (SEC) dropping a slate of crypto enforcement.
The EU has seen significant regulatory developments such as the Digital Operational Resilience Act (DORA) and the early implementation stages of its latest AML package and remains a busy enforcement jurisdiction. Individual European jurisdictions including Germany and non-EU members Norway, the UK and Switzerland feature among the most prominent countries.
Australia has proven to be a robust enforcement jurisdiction with its regulators adopting a more aggressive posture this year. Herbert Smith Freehills Kramer partner Andrew Bradley in Sydney told Lexology PRO that Australian regulators have been “showing their teeth” this year: the Australian Securities and Investments Commission (ASIC) alone has secured over A$300 million (US$196 million) in penalties. Having doubled its investigations this year and brought twice as many cases to court, Bradley expects this trend to continue into 2026.
Citing large fines including ANZ Bank’s A$240 million (US$157 million) penalty for non-financial misconduct, he said: “Despite the focus on new and emerging technologies and on impeding regulatory change, the key theme of 2025 has been getting the basics right.”
While the Reserve Bank of India (RBI) again dwarfed international counterparts, its decisions largely comprise small fines – but it continues to prove a significant enforcer, with entities operating in the country facing clear compliance risks and challenges.
Compared to the same period last year, the most prolific regulatory authorities are similar, with the RBI, Norway’s Financial Supervisory Authority (FSA) and Switzerland’s FINMA among the top five most active enforcers across both periods. Germany’s BaFin and the UK’s Financial Conduct Authority (FCA) were also strong European enforcers, focusing on combating financial crime under local and, where applicable, European AML law.
The Norwegian regulator’s announcements offer a glimpse into the wider European enforcement landscape, having published a series of supervisory reports relating to cybersecurity and ICT risk management over the period. This highlights a prominent regulatory risk not only as European entities adapt to new responsibilities under DORA but also respond to an evolving geopolitical risk landscape marked by cyber risks associated with Russia and sophisticated non-state actors.
Also reflective of the geopolitical impact on enforcement, the US Treasury Department – which houses the Office of Foreign Assets Control – focused its enforcement action on sanctions and disrupting terrorist financing networks.
The data reveals that financial crime remains the top global regulatory priority, with key AML legislation – such as Switzerland’s Anti-Money Laundering Act 1997 and the US Bank Secrecy Act 1970 – often guiding actions.
The penalty landscape: record fines in Europe but a decline in the US
European regulators issued many notable fines, including the Swedish Financial Supervisory Authority’s SEK 500 million (US$53 million) fine against buy now pay later leader Klarna in December for AML failures. The Central Bank of Ireland’s €21.5 million ($25 million) penalty against crypto exchange Coinbase for similar reasons this month outlines the ongoing compliance risks faced by businesses.
The UK’s Financial Conduct Authority has handed large fines to entities for poor financial crime controls and compliance failures, including a £39.3 million (US$51.8 million) fine against Barclays in July for treating a client as low-risk for more than two years after it was raided by police in connection with money laundering. The same month, it issued a £21.1 million (US$27.8 million) penalty to Monzo, saying the digital bank had inadequate anti-financial crime systems that allowed customers to open bank accounts using false addresses including Buckingham Palace and 10 Downing Street.
While European authorities have been busy, US regulators have shied away from slapping entities with large fines under President Trump despite remaining active enforcers.
Trump’s presidency has changed the risk landscape for US firms. For example, the CFPB appears an active enforcer this year, but a granular examination reveals the vast majority of enforcement action was issued in the final days and months of Joe Biden’s administration, including a $175 million settlement with Cash App’s parent company Block, with a clear fall in enforcement activity thereafter.
But investigations predating the Trump administration have been settled, including the Department of Justice’s $500 million settlement with Seychelles-based crypto exchange OXK in February over AML violations and its failure to obtain a licence.
Financial crime has been a priority in APAC too, with the Monetary Authority of Singapore in July issuing S$25 million (US$21 million) in fines to nine financial institutions, including UBS and Citibank’s regional outfits, after failing to detect red flags in a multi-billion-dollar money laundering scheme.
What to expect in 2026 and beyond
Financial crime to remain at heart of enforcement landscape
Global enforcement trends clearly indicate financial services firms will continue to face significant risks over AML compliance and financial crime more broadly next year as regulatory authorities continue efforts to tackle poor compliance and controls, especially among non-bank financial institutions.
There is change on the horizon in Australia, where a new AML regime is set to be rolled out, in Europe, where the EU AML package and Anti-Money Laundering Authority will continue to be implemented, and in the UK, where the FCA will take over AML supervision for lawyers.
Cross-border compliance to become more complex as jurisdictions diverge
Businesses with cross-border operations will continue to face significant risks as regulatory frameworks covering emerging sectors including digital assets diverge. The G20’s risk watchdog the Financial Stability Board warned in October that global fragmentation on crypto standards threatens regulatory arbitrage and financial stability. This heightens compliance risks for companies operating in multiple jurisdictions and reporting to multiple enforcers.
Businesses should expect continued uncertainty as a result, with doubts remaining over the Trump administration’s deregulatory agenda and its commitment to international agreements including Basel III – which has continually been delayed.
What are regulators’ key priorities?
ASIC has said its 2026 enforcement priorities include private credit practices, financial reporting misconduct, insurance complaints, complaints handling and misleading pricing. HSFK’s Bradley said he also expects Australia’s regulators to focus on the extended Financial Accountability Regime, which now covers insurers and superannuation funds, while referencing private credit as the “proverbial guinea pig” of 2026.
In Europe, FINMA has said cyber and real estate remain areas of vulnerability going forward, while the FCA will continue its crypto roadmap to create a digital assets regulatory framework and provide greater clarity to businesses.
And in North America, the SEC will focus its exam priorities on AI use, cybersecurity and operational resilience in 2026 while Canada is expected to pass a law introducing a harsher penalty framework to increase maximum non-compliance penalties by 40 times across all violation categories.