Print Article

Global enforcement fines amounted to USD 5.65 billion in Q3 2023, growing by 30% since the beginning of the year.


Corlytics has released a global enforcement fines report for the third quarter of 2023. The enforcement activities have shown a clear increase in the fine amounts imposed ($5.65 billion) as compared to the first 2 quarters of this year ($1.5 billion and $ 2.27 billion respectively).


Fines imposed by the US regulators comprised the bulk of the fines issued in Q3 and accounted for over 85% of the total fines globally, bringing the total global amount for 2023 to $5.65 billion. For example, just recently DWS Investment Management Americas, a subsidiary of Deutsche Bank, faced hefty penalties of $25 million from the US Securities and Exchange Commission (SEC) for lacking an AML program and making misleading ESG claims. The firm has settled the SEC enforcement action.

The top amounts of fines from US regulators were faced by UBS Group issued by the US Department of Justice (DoJ) and the Federal Reserve Board (Fed).

Fifteen years after the 2008 financial crisis, UBS agreed to pay $1.44 billion in penalties to settle a civil action alleging misconduct in relation to its underwriting and issuance of residential mortgage-backed securities (RMBS) issued in 2006 and 2007. This was the last case brought by the Justice Department RMBS Working Group which was set up to investigate fraud and abuse in the RMBS market leading up to the 2008 financial crisis. The Fed announced a consent order and another $0.27 billion fine with UBS Group AG, for misconduct by Credit Suisse, which UBS acquired in June 2023.

The SEC has continued to focus on the use of off-channel communications, such as WhatsApp, used by employees of regulated entities. Rounds of penalties were issued in August and September, along with a requirement for those firms to review their policies and procedures for retaining electronic communications. Further regulatory scrutiny is expected and firms should be taking steps to review their policies and employee compliance frameworks.


Risk management deficiencies have also been an area of regulatory focus. In July, the UK Prudential Regulatory Authority (PRA) imposed a record fine of  £87 million on Credit Suisse for risk management and governance failures in connection with its exposure to Archegos Capital Management. It was also the first time that the PRA established breaches of four PRA Fundamental Rules. The PRA fine formed part of a global enforcement action, with action also taken by the Swiss Financial Market Supervisory Authority (FINMA) and the Fed and combined penalties of  $387.5 million being imposed in the UK and USA.

“Counterparty risk management remains firmly on the regulators’ agenda: in October this year, the Bank of England issued a letter to bank CROs stating that it was disappointed that messages communicated following the Archegos default have not been fully addressed. We are also continuing to see the highest fines in Europe being imposed for breaches of GDPR with the DPC in Ireland fining TikTok €345 million in relation to its processing of children’s personal data,” Susie MacKenzie, Head of Legal & Regulatory Analytics at Corlytics, comments.


Data protection is another emerging significant area with high-profile data breaches such as the historic groundbreaking Q2 2023 GDPR fine surpassing €1.2 billion to Meta from the Irish Data Protection Commission (DPC) influencing the ongoing trend. Companies should be acting to ensure compliance with data protection legislation leading to growing demands for stronger data protection measures. Regulatory bodies in Europe and the US are responding by enacting and enforcing data privacy regulations.


Financial crime and corporate governance continue to be the two categories where most enforcement activity took place, with fines for fraud, money laundering and terrorist financing going up and topping the list of enforcement action in this category. Regulators highlight the importance of having adequate anti-money laundering (AML) systems and controls in place to be able to address the growing threat and sophistication of money laundering.

In the UK, a broker affiliate of Archer Daniels Midland was ordered to pay nearly £6.5 million by the Financial Conduct Authority (FCA) for not timely addressing anti-money laundering (AML) systems and controls deficiencies first alleged by the regulator in 2014.


Failures in culture, conduct, and ethics have also been subject to a number of fines recently. The US Consumer Protection Financial Bureau (CFPB) fined Bank of America $140 million in the third quarter for violations of c. The Office of the Comptroller of the Currency (OCC) also fined the Bank of America, N.A. $60 million for violations of law relating to its practice of assessing multiple overdraft and insufficient funds fees against customers for a single transaction. Financial services that are fined multi-million dollar fines for compliance, ethics, or conduct violations usually face serious consequences that range from losing professional accreditation to lengthy custodial sentences.

Although conduct is not at the top of the table, financial authorities have clearly been shifting their focus to conduct and ethics in recent years. Regulators have been developing tools and frameworks specifically designed to assess and improve conduct and ethics. Besides, there is a rise in demand for consumer protection, consumer rights which also influences this trend and pushes for more stringent regulation and consequently, enforcement action. Financial services, in their turn, have started to acknowledge that the quality of consumer services is directly impacted by internal ethics, internal behaviour.


“In regulatory monitoring, teams spend 75% of their time reading irrelevant regulatory updates, that is 75% of the time that could be spent on value-add tasks. On the other side, creating an cis challenging due to the complexity of the regulatory environment and the use of outdated tools or even the lack of tools at all. Enforcement actions highlight that firms are still struggling with those challenges and it is vital to use technology to strengthen regulatory compliance and change management. We see a future where smart regulations can be embedded into internal compliance programs fostering the culture of compliance being embedded into the organisation,” Evgeny Likhoded, President at Corlytics, added.


Corlytics’ forensic analysis of regulatory data is provided by a team of experts to meet today’s requirement to track regulatory activity across the globe. The company provides quarterly updates of global enforcement analytics and this data is charted by amount, by year, by jurisdiction, by regulatory category, by control failings.


The Team

Meet the team of industry experts behind Comsure

Find out more

Latest News

Keep up to date with the very latest news from Comsure

Find out more


View our latest imagery from our news and work

Find out more


Think we can help you and your business? Chat to us today

Get In Touch

News Disclaimer

As well as owning and publishing Comsure's copyrighted works, Comsure wishes to use the copyright-protected works of others. To do so, Comsure is applying for exemptions in the UK copyright law. There are certain very specific situations where Comsure is permitted to do so without seeking permission from the owner. These exemptions are in the copyright sections of the Copyright, Designs and Patents Act 1988 (as amended)[]. Many situations allow for Comsure to apply for exemptions. These include 1] Non-commercial research and private study, 2] Criticism, review and reporting of current events, 3] the copying of works in any medium as long as the use is to illustrate a point. 4] no posting is for commercial purposes [payment]. (for a full list of exemptions, please read here]. Concerning the exceptions, Comsure will acknowledge the work of the source author by providing a link to the source material. Comsure claims no ownership of non-Comsure content. The non-Comsure articles posted on the Comsure website are deemed important, relevant, and newsworthy to a Comsure audience (e.g. regulated financial services and professional firms [DNFSBs]). Comsure does not wish to take any credit for the publication, and the publication can be read in full in its original form if you click the articles link that always accompanies the news item. Also, Comsure does not seek any payment for highlighting these important articles. If you want any article removed, Comsure will automatically do so on a reasonable request if you email