Enforcement Action Trends: Insights for 2025

In 2024, regulatory bodies took significant steps to enforce compliance and issued record-breaking penalties that underscored the critical importance of adhering to BSA/AML regulations. Most notably was an enforcement action that assessed more than $3 billion in penalties for systemic BSA/AML violations, including lapses in suspicious activity reporting and broader compliance controls for a single financial services organization. The bank became the first in U.S. history to plead guilty to conspiracy to commit money laundering. Among the billions of dollars in penalties, the Financial Crimes Enforcement Network (FinCEN) imposed a $1.3 billion penalty, setting a record as the largest ever imposed by FinCEN on a depository institution in the history of both FinCEN and the U.S. Department of the Treasury. This amount surpassed the previous record of a $390 million civil monetary penalty imposed on a bank in 2021. This landmark settlement mandated multiyear independent monitoring and required long-term remediation by the bank. Further, the settlement sent a strong message that compliance with AML regulations is crucial and mandatory and that banks can face severe consequences if they do not prioritize AML compliance.

Analysis of the 2024 enforcement actions identified several trends. Notably, a significant number of these actions targeted smaller financial services organizations, a reminder that noncompliance risks can impact entities of various sizes. Of the BSA/AML-related enforcement actions issued in 2024, 39 were issued to banks, while the remaining three targeted a casino, a brokerage firm, and a crypto assets platform. Interestingly, 54% of the actions issued to banks were issued to those with asset sizes under $1 billion. The following chart illustrates the distribution of BSA/AML enforcement actions among banks in 2024, categorized by their asset size.

Several recurring themes emerge from our analysis of the BSA/AML enforcement actions in 2024.

• Suspicious activity monitoring and reporting. This issue was the most prevalent, with 28 out of 42 enforcement actions identifying deficiencies in the systems and controls for monitoring suspicious activities. For instance, regulators cited a midsized regional bank for failing to implement an effective transaction monitoring system that could adequately identify unusual activity patterns across its diverse product offerings. The bank’s system lacked integration across its various platforms, resulting in missed alerts for transactions that spanned multiple accounts or involved international transfers. This deficiency led to a significant delay in identifying and reporting suspicious activities, which regulators noted could have facilitated money laundering activities. The bank was required to enhance its monitoring systems to provide comprehensive coverage and timely reporting.
• CDD and EDD enhancements. A total of 26 actions highlighted the lack of comprehensive customer due diligence (CDD) and enhanced due diligence (EDD) processes. For example, regulators identified that a community bank had inadequate procedures for assessing the risk profiles of its high net worth clients. The bank failed to collect sufficient information on the source of funds and the nature of business activities for these clients, which are critical components of a robust CDD program. This oversight resulted in the bank’s inability to identify potentially high-risk customers who might be involved in illicit activities. As a corrective measure, the bank was mandated to implement a more rigorous CDD framework, including periodic reviews and updates of customer information, especially for those deemed high risk.
• BSA officer and AML team staffing. Failures related to a BSA officer were noted in 23 actions, while 21 actions highlighted broader concerns regarding staffing of the AML team. In one case, regulators cited a large financial services organization for not having a qualified, board-approved BSA officer with sufficient authority and resources to oversee the organization’s AML program. Additionally, the organization’s AML department was understaffed, which led to backlogs in transaction reviews and delayed suspicious activity reporting. Regulators emphasized the need for the organization to appoint a qualified BSA officer and increase its AML staffing levels to support effective compliance with BSA requirements. The organization was also required to provide ongoing training to its AML staff members to enhance their ability to detect and respond to emerging threats.
• Program-level enhancements. Regulators determined that many organizations had BSA programs that did not fully comply with the required pillars of the Bank Secrecy Act, which included ineffective internal controls. For example, regulators cited a multinational bank for having fragmented internal controls that failed to provide a cohesive approach to risk management. The bank’s policies and procedures were outdated and not aligned with current regulatory expectations, which resulted in inconsistent application across its global operations. This lack of uniformity in the BSA program exposed the bank to significant compliance risks. As part of the enforcement action, the bank was required to conduct a comprehensive review and update its BSA program to confirm that it adhered to the core pillars of the BSA, including customer identification, recordkeeping, and reporting requirements. The bank also had to establish a centralized compliance function to oversee and coordinate its global AML efforts.

Sanctions-specific enforcement actions in 2024

In addition to the BSA/AML enforcement actions issued in 2024, sanctions enforcement also was a key priority for regulators in 2024. OFAC issued 12 enforcement actions totaling $48.8 million in penalties, targeting non-U.S. companies using U.S.-based services to engage with sanctioned entities. The Department of Justice also increased its focus on sanctions violations, particularly those related to Russia. Individual prosecutions rose significantly, and more than 70 were charged, compared to approximately 38 in 2023. Additionally, in 2024, cross-border collaboration among regulators emerged as a significant theme in enforcement trends. U.S. agencies partnered closely with international counterparts to tackle global compliance challenges, including money laundering via offshore entities and networks evading sanctions. A notable example is the UK’s Financial Conduct Authority, which levied Europe’s largest sanctions fine of the year due to deficiencies in screening systems, highlighting the international scope of enforcement efforts.

Evolving priorities, emerging technology, and a culture of compliance

During 2024, FinCEN introduced new regulations that expanded AML obligations to include investment advisers and nonfinance real estate transactions – sectors traditionally not covered by the AML framework. It proposed updates mandating that financial services organizations incorporate risk assessments as a sixth pillar of their AML programs to help them align with evolving risks and business models. Additionally, FinCEN initiated the implementation of beneficial ownership reporting requirements under the Corporate Transparency Act for foreign businesses registered to conduct business in the U.S. Although ongoing litigation is delaying their full enforcement, these requirements highlight a significant move toward greater transparency.

It is imperative for financial services organizations to remain vigilant and well informed about evolving regulatory priorities. Regulatory bodies such as the OCC and the FDIC have outlined strategic plans that emphasize critical areas for examination, including the management of risks associated with bank-fintech partnerships and the security of payment systems. Examiners are increasingly scrutinizing the robustness of financial services organizations’ compliance programs to effectively mitigate the risks of money laundering and other illicit activities.

In addition to regulatory vigilance, financial services organizations should consider the integration of emerging technologies, particularly AI and machine learning (ML), into compliance programs, which is becoming increasingly vital. These technologies offer the potential to significantly enhance the efficiency and effectiveness of BSA/AML and OFAC compliance efforts. By automating routine tasks, improving the accuracy of suspicious activity detection, and providing deeper insights into transaction patterns, AI and ML can transform compliance operations. Financial services organizations that strategically use these technologies can strengthen their compliance posture and gain a competitive advantage by reducing operational costs and enhancing customer experience.

While staying abreast of regulatory priorities and emerging technologies is important, one critical area that financial services organizations should nurture is a culture of compliance. Regulators are increasingly focused on the pivotal role of leadership in establishing a compliance-oriented tone and making sure that it is deeply embedded in the organization’s values and operations. A robust culture of compliance empowers organizations to proactively identify and address potential risks, thereby significantly reducing the likelihood of enforcement actions. By fostering an environment in which compliance is a shared responsibility, organizations can better navigate the complexities of the regulatory landscape and safeguard their reputations in an ever-evolving financial ecosystem.

A proactive and agile approach

The landscape of BSA/AML and OFAC enforcement will continue to evolve in response to and amid regulatory changes and technological advancements. Financial services organizations must remain agile and proactive in adapting to these changes to remain compliant and protect against financial crime. By understanding the key trends and themes of 2024 enforcement actions, using emerging technologies, and fostering a culture of compliance, organizations can strengthen their compliance frameworks and protect themselves from financial crime.