Q1 2025 Enforcement Update

Systemic Gaps and Strategic Self-Reporting Take Centre Stage

Regulatory enforcement activity remained high in the first quarter of 2025, with more than $150 million in penalties issued across six jurisdictions. This quarter’s actions reveal a sharper regulatory focus on data integrity, system vulnerabilities, and the advantages—both strategic and financial—of self-reporting compliance failures.

In Q1 2025, we saw:

37 enforcement actions:

Across 6 jurisdictions

Totalling $153.3 Million

eComms recordkeeping enforcement: Self-reporting emerges as a strategic lever

The SEC’s continued crackdown on eComms recordkeeping failures dominated the start of the year. Nine investment advisers and three broker-dealers were fined a combined $62.6 million for failing to maintain and preserve electronic communications.

Among the sanctioned were household names like Blackstone ($12m), KKR ($11m), Schwab ($10m), Apollo, Carlyle, TPG, and Santander. Each firm was found to have allowed employees to communicate business matters via off-channel platforms without proper retention policies, violating the recordkeeping provisions of the Exchange Act.

However, PJT Partners LP stood out. While fined $600,000, the firm self-reported its deficiencies—a move that led to a significantly reduced penalty. This reflects a broader trend in North America where regulators are not only rewarding transparency, but actively encouraging it. For firms weighing reputational damage against regulatory goodwill, coming forward may mitigate the financial and legal fallout. Self-reporting is a robust risk-reduction strategy. Firms that surface issues early, cooperate fully, and remediate quickly are seeing materially lower penalties.

Cross-border manipulation via dual-listing arbitrage

One of the quarter’s most technically intricate enforcement actions came from France’s AMF, which fined U.S.-based investment fund EcoR1 Capital and its director, Oleg Nodelman, a combined €10 million (~$10.8 million USD) for market manipulation and disclosure failures. The case illustrates how cross-border enforcement is evolving—particularly where dual-listed instruments create opportunities for price distortion across jurisdictions.

The events centre around Innate Pharma, a biotech company primarily listed on Euronext Paris. In October 2019, Innate launched a secondary listing on the Nasdaq through the issuance of American Depositary Shares (ADSs). Crucially, the subscription price for the ADSs was not independently set. Instead, it was calculated based on the five-day volume-weighted average of Innate’s closing share price on Euronext Paris immediately preceding the offering. This mechanism created a clear dependency between the French market and the U.S.-based issuance.

During the pricing window, EcoR1 engaged in heavy selling of Innate shares on Euronext Paris, particularly at the close of each trading day. These sales, which were large relative to market volume, had the effect of depressing the daily closing price. Because the ADS price was directly derived from the average of those closes, EcoR1 was able to artificially lower the subscription price of the ADSs it would go on to purchase in the U.S. offering. Put simply, the firm used its influence in the French market to drive down the cost of securities it would acquire on the Nasdaq—effectively arbitraging the pricing link between the two listings.

Robinhood’s multimillion-dollar mistakes

Robinhood’s operations came under fire from both the SEC and FINRA this quarter, demonstrating the potential scale of compliance deficiencies when systems, supervision, and disclosure all fail.

In total, Robinhood was fined $74.75 million across two actions:

• SEC action ($45m) covered:
  
  • Failure to file suspicious activity reports in a timely manner (2020–2022)
  • Inadequate policies to prevent identity theft (2019–2022)
  • Cybersecurity vulnerabilities exploited by third parties in 2021
  • Off-channel communications and poor retention of brokerage data
  • Reg SHO violations tied to short sale practices, including order-marking, locate, and close-out requirements
  • Incomplete and inaccurate blue sheet reporting over five years
    
• FINRA action ($29.75m) addressed:
  
  • Misleading disclosures on “collared” market orders
  • Deficiencies in AML programs and customer identification
  • Severe latency and clearing issues in response to high-volume trading events
  • Supervision gaps in influencer marketing communications
  • Persistent failings in trade and CAT reporting

Together, the actions paint a picture of systemic governance failure, where foundational issues spanned surveillance, IT infrastructure, marketing oversight, and trade reporting. This was a multi-vector breakdown across the entire control framework.

Robinhood has agreed to internal audits and remediation, but the scale of deficiencies underscores the risks when growth outpaces governance.

Other highlights from Q1 2025

Insider trading cases continue

• The SEC charged a network of traders and broker-dealer reps in a long-running scheme to front-run follow-on offerings—resulting in hundreds of thousands of dollars in profits.
• In a separate case, former CIO Alfred Tobia Jr. and his sister-in-law paid $1.36m to settle charges tied to material non-public information.
• Asia-Pacific regulators pursued several high-profile insider trading cases, including one in Hong Kong linked to a chauffeur’s tip-off and another in Australia involving share placement exploitation.

Singapore crack down on market manipulation

• In Singapore, MAS imposed over $600,000 in penalties across multiple individuals for false trading and unauthorised account use in a coordinated pump-and-dump scheme.

Trade reporting failures remain under scrutiny

• FINRA fined UBS $1.1m for submitting blue sheets with errors across multiple data fields.
• BofA, G1 Execution, and others faced penalties for delayed or inaccurate TRACE and OTC reporting, with operational volumes and OMS design flaws cited as contributing factors.
  

Our thoughts

This quarter’s actions reinforce a few clear takeaways:

• Self-reporting can significantly reduce penalties, especially in eComms enforcement where violations are widespread and regulatory expectations are well-publicised.
• Data integrity is the new frontline—whether it’s trade reporting under MiFIR or blue sheets in the US, regulators are no longer tolerating systemic errors in submissions.
• Multi-domain deficiencies like those seen in Robinhood are drawing coordinated regulatory responses.

As regulators push forward with more real-time surveillance, cross-jurisdictional cooperation, and an expanding risk perimeter, firms must treat every aspect of operational oversight as a potential compliance risk.