Q3 2025 Enforcement Update

Q3 marked a sharp escalation in enforcement activity, with both the volume and value of fines rising dramatically compared to Q2. Regulators focused their firepower on high-impact, systemic misconduct while also streamlining smaller cases to clear backlogs more efficiently.

In Q3, we saw 49 enforcement actions:

Across 5 jurisdictions:

Totaling $122.4 Million

ANZ’s record penalty for trade reporting failures

The standout case of the quarter came from ASIC’s AUD $240 million penalty against ANZ, with AUD $125 million tied to markets and trading misconduct (the AUD $115 million levied for “retail matters” is excluded from this quarter’s data, given it is not connected with market conduct). The regulator found that ANZ had engaged in “unconscionable conduct” when executing a $14 billion government bond deal, prioritising short-term profits over its duty to the Australian Office of Financial Management. By dumping large volumes of futures at pricing time, ANZ undermined its client – effectively, the taxpayer.

Compounding this was widespread misreporting of bond turnover, inflating trading volumes by tens of billions of dollars. That data was fed directly into the government’s dealer selection process, making this a distortion of market transparency at the expense of public trust.

ASIC’s case cuts across execution standards, trade reporting accuracy, and fiduciary duty, all areas where firms rely on trade surveillance and best execution controls. This is a textbook case illustrating the cost of inadequate reporting frameworks.

The CFTC’s “Enforcement Sprint”

In Washington, Acting CFTC Chair Caroline Pham unveiled an “enforcement sprint”; a tactical decision to fast-track resolution of low-level compliance cases, to clear the backlog of minor violations, and free up resources to deal with more severe market abuse cases.

The strategy was visible in Q3 outcomes. Minor fines against banks for eComms surveillance failures (Santander, BNY Mellon, SMBC) and trade reporting errors (US Bank, Citi) were settled swiftly, with firms receiving mitigation credit for self-reporting. Citi’s penalty in particular was pared back significantly thanks to what the CFTC described as “exemplary cooperation.”

Drowning in false positives: calibration is king

In September, FINRA fined Velocity Clearing $1 million for widespread surveillance failures.

Between December 2019 and June 2023, its legacy surveillance platform generated nearly 150,000 alerts for spoofing, layering, cross trades, and wash trading. At around 38,000 alerts per year, this was more noise than any compliance team could realistically process. With no written escalation protocols in place, large volumes of alerts were closed without proper review.

Velocity replaced the system in mid-2023, only to repeat the same cycle on a larger scale. The new platform generated ~15.2 million alerts in under two years. More than 5.2 million went unreviewed, and a third were closed the same day they were opened, leaving no assurance that genuine red flags were addressed.

Technology alone doesn’t solve the problem. As we highlighted in our 2024 surveillance trends report, regulators are increasingly zeroing in on how firms configure, calibrate, and monitor their surveillance frameworks — not just whether they have systems in place. The French AMF, for instance, flagged “poorly calibrated tools” as a priority risk in its latest inspection program, while the FCA and ASIC have both penalised firms for ineffective thresholds and escalation protocols that allowed misconduct to slip through undetected.

Market gatekeeper failures persist in 2025

Regulators remain unforgiving toward firms that neglect their role as market gatekeepers. After record penalties in 2024 (including ASIC’s AUS $4.995 million fine against Macquarie), the theme has continued into 2025.

Société Générale Securities Australia was fined AUS $3.88 million for failing to prevent 33 manipulative client orders in electricity and wheat futures. Most trades were placed in the final two minutes of trading to manipulate settlement prices (“marking the close”). ASIC had repeatedly warned the firm in 2023 about volatility and suspicious activity, yet it failed to act.

Gatekeeper responsibilities demand calibrated tools, resourced teams, and robust escalation frameworks. Without them, firms risk being next in line for enforcement.

FCA shows tech-enabled agility in enforcement

The FCA has been working toward faster, more decisive enforcement. That approach came into focus with its case against Sigma Broking. An independent review in February 2025 found that 924,584 reports (nearly 100% of transactions handled between December 2018 and December 2023) were inaccurate.

Deficiencies stemmed from a misconfigured reporting system and weak oversight processes, leaving the FCA without reliable data to detect and investigate market abuse.

What makes the latest case notable is not only the scale of the misconduct but the speed with which the FCA brought it to resolution. From case opening to public sanction, the matter was concluded in just 16 months, less than half the 42-month average for cases closed in 2023/24.

Cases such as these underscore the regulator’s growing ability to handle high-volume, technically complex cases with agility, supported by increasingly sophisticated surveillance and enforcement systems.

The bottom line

The pattern that continues to emerge is one of sharper contrasts: firms that cooperate and remediate quickly are rewarded, while those that ignore red flags or rely on unchecked processes are hit with escalating penalties.

Looking ahead to the remainder of 2025 and into 2026, firms should expect regulators to:

• Turn greater attention to market abuse and manipulation, now that smaller cases have been triaged and cleared.
• Escalate penalties for gatekeeper failures, where firms neglect frontline responsibilities in monitoring, escalation, or reporting.
• Demand demonstrable evidence that surveillance systems are calibrated, resourced, and effectively detecting misconduct.

Enforcement is becoming faster, more unforgiving, and more data-driven, and the firms that fail to adapt risk being next in line.

For more information on how eflow’s regulatory technology can help your firm to mitigate these risks, book your no-obligation consultation call today.