Regulatory Enforcement Actions: Trend & Thematic Analysis

Author

RegBrief Analytics

Published

April 4, 2026

Q1 2026 | Comprehensive Analysis of AML/Compliance Enforcement Patterns

Executive Summary

Enforcement activity appears concentrated in a relatively small number of high-severity cases. Across 20 actions, regulators imposed $84.4 million in penalties, but the distribution is highly skewed: the average penalty was $5.3 million while the median was only $450,000, with a maximum single penalty of $35.0 million. This indicates that although many cases remain moderate in size, a handful of major actions are driving overall financial exposure. The 112 total compliance findings also suggest that regulators are not citing isolated control failures, but broader, multi-issue breakdowns within firms’ compliance frameworks.

Geographically, enforcement is dominated by the United States, which accounted for 14 of 20 actions and nearly all monetary penalties at $84.0 million. Canada contributed five actions but only $372,075 in penalties, pointing to lower-severity or more targeted interventions, while the Netherlands appeared in one action with no monetary penalty disclosed. The involvement of six regulators across only three countries suggests a fragmented but active supervisory environment, with U.S. authorities setting the tone on penalty severity and likely influencing expectations beyond their jurisdiction. For multinational institutions, this reinforces the need to calibrate controls to the most stringent regulatory standards, not just local minimum requirements.

The most persistent compliance weaknesses are concentrated in core financial crime controls. KYC & Onboarding led with 41 findings, followed by Transaction Monitoring (34) and Investigations & Reporting (30), indicating recurring deficiencies across the customer lifecycle, alert handling, and escalation/reporting processes. Root-cause data shows these are primarily structural issues rather than isolated execution errors: Process Design Flaw (37.9%) and Governance Failure (26.7%) together account for nearly two-thirds of identified causes. Insufficient Technology, Resource Constraints, and Cultural/Tone Issues further indicate that many firms are operating with compliance frameworks that are inadequately designed, weakly governed, or not scaled to risk.

For financial institutions, the key implication is that regulators are focusing on the effectiveness and integration of AML/sanctions control environments rather than standalone policy compliance. Firms should prioritize end-to-end remediation of onboarding, monitoring, and investigations processes; strengthen governance accountability and management oversight; and invest in technology that improves data quality, alert effectiveness, and case management. Given the skew toward large U.S. penalties, institutions should also stress-test whether current controls could withstand scrutiny in a high-enforcement jurisdiction. Actionable next steps include targeted control testing in high-risk business lines, root-cause-based remediation plans, and board-level tracking of recurring issues to ensure weaknesses are addressed systemically rather than case by case.

Dataset Overview

This analysis examines 20 regulatory enforcement actions issued in Q1 2026, with sanctioned activity spanning 2012–2026. The dataset covers multiple jurisdictions and financial services sectors and includes detailed compliance findings1, root cause analysis, and remediation roadmaps.

Key Statistics

  • Total Enforcement Actions: 20
  • Total Penalties Imposed: $84,354,736
  • Average Penalty: $5,272,171
  • Median Penalty: $450,000
  • Penalty Range: $24,750 - $35,000,000
  • Countries Represented: 3
  • Regulators Involved: 6
  • Industry Sectors: 6

Monetary Penalties Analysis

Total Penalties by Country/Region

The geographic distribution of penalties reveals significant concentration in specific jurisdictions, with enforcement intensity varying considerably across regions.

Figure 1: Total monetary penalties by country

Regional Penalties Summary Table

Table 1: Summary of penalties by country
Total Penalties Average Penalty Max Penalty Number of Actions
country
US $83,982,661 $6,998,555 35000000.0 14
Canada $372,075 $93,019 148912.0 5
Netherlands $0 $nan NaN 1

Penalties by Regulator

Different regulatory bodies demonstrate varying enforcement approaches and penalty magnitudes.

Figure 2: Total penalties by regulatory authority

Regulatory Insights

Enforcement intensity is overwhelmingly concentrated in the US, which accounts for 14 of 20 actions and roughly $84.0M in penalties, with far higher average sanctions than Canada or the Netherlands. Within the US, the pattern shows a barbell effect: FinCEN imposed the single largest penalty ($35M), signaling willingness to pursue major AML failures with outsized consequences, while FINRA drove the highest action volume (8 cases; $22.2M total), indicating frequent supervisory and controls-based enforcement. The SEC also remains material, with only 2 actions but a high average penalty ($10.1M), suggesting selective but severe intervention. OFAC’s lower average penalty relative to FinCEN/SEC still reflects meaningful sanctions risk, particularly where screening, sanctions controls, and transaction monitoring intersect. By contrast, Canada shows lower-severity but recurring enforcement through FINTRAC (5 actions; modest penalty levels), consistent with a pattern of steady supervisory pressure rather than blockbuster fines. The Netherlands data point is too limited to infer low risk from the zero-penalty outcome.

For multi-jurisdiction compliance programs, the implication is that firms should calibrate controls not just to legal requirements, but to enforcement style by regulator: in the US, programs must be built to withstand both high-frequency examinations and high-severity outcomes, especially across AML, sanctions, supervision, and books-and-records governance. A practical model is to maintain a global baseline framework, then apply jurisdiction-specific uplift in higher-risk markets such as the US, with particular focus on transaction monitoring, customer due diligence, sanctions screening, escalation governance, and evidence of effective supervisory oversight. Canada’s lower penalty levels should not invite underinvestment; repeated actions suggest regulators still expect mature controls and may use cumulative pressure to drive remediation. Strategically, firms should allocate testing, audit, and management attention based on both penalty exposure and action frequency, while ensuring local accountability and rapid remediation capabilities across all operating regions.

Penalties by Industry Sector

Figure 3: Total penalties by industry sector (USD)

Industry Insights

Enforcement exposure is overwhelmingly concentrated in the Broker-Dealer / Investment Firm sector, which accounts for $78.5 million in total penalties across 12 actions. This is by far the dominant driver of penalty volume, exceeding the next-largest sector, Corporate / Non-Financial, at $3.93 million across just 2 actions, by a very large margin. After that, the totals fall off sharply: Academic Institution / Education shows $1.72 million from 1 action, while Real Estate Brokerage ($107,250), Gaming / Casinos ($91,163), and FinTech / Payments ($24,750 across 3 actions) are comparatively minor in total penalty terms. The key divergence between action count and penalty volume is that FinTech / Payments has more actions than several sectors but contributes very little total penalty value, whereas Academic Institution / Education** has only a single action yet a materially higher total penalty than several sectors with multiple actions.

Average penalty levels suggest that the largest sectors by total penalties are also being driven by high-value actions rather than just frequency. Broker-Dealer / Investment Firm has an average penalty of $7.85 million, indicating that its high total is not merely a function of having 12 actions, but of those actions being individually severe. Similarly, Corporate / Non-Financial has a high average of $1.96 million across only 2 actions, and Academic Institution / Education sits at $1.72 million from a single case, implying concentrated exposure from a small number of significant matters. By contrast, FinTech / Payments shows the opposite pattern: 3 actions but only $24,750 total, with an average penalty of $24,750, indicating lower-severity enforcement outcomes. This suggests the penalty landscape is not broadly distributed across sectors; instead, it is concentrated in a few sectors and, within those sectors, often in relatively large individual cases.

From a compliance investment perspective, Broker-Dealers / Investment Firms should be the clear top priority, given both the largest total exposure and the highest average penalty, which together point to sustained and costly enforcement risk. A second tier for investment would include Corporate / Non-Financial and relevant Education institutions with international tuition/recruiting exposure, because even limited enforcement activity in these sectors can produce seven-figure outcomes. Lower-total sectors such as Gaming / Casinos, Real Estate Brokerage, and especially FinTech / Payments may still warrant targeted controls, but the data suggests a more calibrated, risk-based approach rather than equal spending across all sectors. In short, compliance budgets should be prioritised not by action count alone, but by where penalty severity is concentrated, and here the divergence is clear: Broker-Dealer enforcement dominates both in scale and per-action financial impact.

Compliance Theme Analysis

This section examines the frequency and distribution of compliance failures across key AML/compliance domains.

Theme Frequency Overview

Figure 4: Compliance findings by domain

Theme Frequency Table

Table 2: Detailed breakdown of compliance themes
Number of Findings Number of Entities
domain_display
KYC & Onboarding 41 13
Transaction Monitoring 34 8
Investigations & Reporting 30 13
Sanctions Screening 7 3

Multi-Domain Violation Patterns

Compliance failures often span multiple domains. Understanding which domains tend to fail together helps identify systemic weaknesses.

Table 3: Co-occurrence of compliance domain failures
Unnamed: 0 Domain 1 Domain 2 Co-occurrences
0 0 Investigations & Reporting KYC & Onboarding 9
1 1 Investigations & Reporting Transaction Monitoring 8
2 2 KYC & Onboarding Transaction Monitoring 7
3 3 KYC & Onboarding Sanctions Screening 2
4 4 Investigations & Reporting Sanctions Screening 2
5 5 Sanctions Screening Transaction Monitoring 1

Theme Pattern Insights

The most problematic domains are clearly KYC & Onboarding, Transaction Monitoring, and Investigations & Reporting. KYC & Onboarding has the highest number of findings (41) and affects the most entities (13, tied for highest), which suggests weaknesses are both frequent and widespread across firms. Investigations & Reporting is similarly broad-based, with 30 findings across 13 entities, indicating that even where alerts are generated, firms often struggle to investigate them effectively or escalate/report suspicious activity in a timely manner. Transaction Monitoring has slightly fewer findings (34) but is concentrated across only 8 entities, which implies that where monitoring fails, it tends to fail more deeply or systematically. By contrast, Sanctions Screening appears less prevalent (7 findings across 3 entities), but this should not lead to complacency given the typically high regulatory and enforcement sensitivity of sanctions breaches.

The multi-domain patterns show that failures are not isolated; they cluster in ways that reflect the AML control lifecycle. The strongest pairing is Investigations & Reporting + KYC & Onboarding (9 co-occurrences), followed closely by Investigations & Reporting + Transaction Monitoring (8) and KYC & Onboarding + Transaction Monitoring (7). This suggests a common root-cause pattern: firms with weak customer risk assessment and onboarding controls often also have poorly calibrated monitoring, which then leads to weak case investigation and suspicious activity reporting. In other words, bad inputs at onboarding degrade monitoring quality, and weak monitoring overwhelms or misdirects investigations teams. The presence of three-way interconnectedness among these domains indicates regulators are often seeing end-to-end AML program breakdowns, not single control failures. Even the smaller sanctions overlaps imply that where compliance governance is weak, sanctions issues may emerge alongside broader AML deficiencies.

Prioritization should therefore focus first on foundational controls that improve multiple downstream domains. Start with KYC/customer risk profiling, including beneficial ownership, source-of-funds/wealth, expected activity, and trigger-based refreshes, because these data elements directly drive monitoring scenarios and investigator decisioning. Second, perform a transaction monitoring effectiveness review: scenario tuning, threshold calibration, segmentation, data lineage, and alert quality metrics should be tested to reduce both under-monitoring and false positives. Third, strengthen investigations and SAR/STR reporting through clear escalation standards, better case documentation, root-cause analysis, and QA over closure decisions. From a resource perspective, firms should prioritize entities or business lines showing combined weaknesses across these three domains, since co-occurrence data indicates these combinations carry the highest risk of repeat regulatory criticism. Sanctions screening should remain a targeted fourth priority, with emphasis on screening data quality, list governance, and alert disposition controls, especially in higher-risk cross-border business.

Priority Distribution by Domain

The severity of compliance gaps varies across domains, with different distributions of high, medium, and low priority findings.2

Figure 5: Gap priority distribution across compliance domains

Root Cause Analysis

Understanding the underlying causes of compliance failures is critical for effective remediation.

Overall Root Cause Frequency

Figure 6: Top root causes of compliance failures

Root Cause Summary Table

Table 4: Complete root cause frequency distribution
Frequency Percentage
root_cause
Process Design Flaw 61 37.9
Governance Failure 43 26.7
Insufficient Technology 16 9.9
Resource Constraints 13 8.1
Cultural/Tone Issues 11 6.8
Information Siloing 8 5.0
Data Quality Issues 6 3.7
External Factors 2 1.2
Data Governance 1 0.6

Root Causes by Compliance Domain

Different compliance domains exhibit distinct root cause patterns.

Table 5: Cross-tabulation of root causes by compliance domain
Cultural/Tone Issues Data Governance Data Quality Issues External Factors Governance Failure Information Siloing Insufficient Technology Process Design Flaw Resource Constraints
domain_display
Investigations & Reporting 7 0 1 0 10 0 0 12 0
KYC & Onboarding 0 0 1 1 10 2 3 23 1
Other 3 1 0 1 18 2 3 13 8
Sanctions Screening 0 0 0 0 2 2 2 1 0
Transaction Monitoring 1 0 4 0 3 2 8 12 4

Root Cause Insights

The most significant systemic drivers are process design flaws and governance failures, which together account for roughly two-thirds of all cited root causes. This suggests that most compliance breakdowns are not primarily caused by isolated employee error or external shocks, but by weaknesses in how control frameworks are designed, owned, escalated, and sustained. Process design flaws are especially significant because they point to onboarding, screening, monitoring, and reporting workflows that were poorly calibrated, inconsistently executed, or not built to handle real operational complexity. Governance failures reinforce this pattern: even where controls existed, firms often lacked clear accountability, effective challenge from compliance or risk functions, timely issue escalation, and board/senior management oversight. The secondary tier of causes—insufficient technology, resource constraints, and cultural/tone issues—indicates that many institutions also struggled to operationalize compliance expectations at scale, particularly where legacy systems, fragmented workflows, or weak management signals undermined effective execution.

Root causes vary meaningfully by compliance domain. KYC & Onboarding is dominated by process design flaws (23) and governance failures (10), indicating structural weaknesses in customer due diligence workflows, documentation standards, exception handling, and ownership of risk decisions; smaller contributions from technology and siloing suggest that fragmented systems and handoffs also impair onboarding quality. Transaction Monitoring shows a more technology-heavy profile, with high counts in process design flaws (12), insufficient technology (8), and data quality issues (4), which is consistent with ineffective alert scenarios, poor data feeds, and monitoring environments that cannot reliably support risk-based surveillance. Investigations & Reporting is concentrated in process design flaws (12), governance failures (10), and cultural/tone issues (7), implying that the challenge is not just identifying issues, but ensuring they are investigated thoroughly, escalated appropriately, and reported without delay or bias. Sanctions Screening has a smaller sample but appears shaped by a mix of governance, siloing, and technology gaps rather than pure capacity issues. Overall, the pattern suggests that different domains fail in different ways, but nearly all are linked by weak control architecture and insufficient end-to-end ownership.

Strategic Actions by Root Cause

For the top root cause categories, following are some strategic actions that can be taken to prevent such lapses occuring at yout institution.

Governance Failure

  1. Stand Up Board-Level Financial Crime Governance and Independent Oversight: Establish a formal governance structure with a board- or senior-management committee, independent compliance/AML assurance, and clear escalation, issue-management, and reporting routines. This creates accountability for risk decisions, remediation progress, surveillance performance, and unresolved control gaps.
  2. Implement Enterprise Risk Appetite, Dynamic Risk Assessment, and Policy Governance: Define a documented risk appetite and risk taxonomy for AML/sanctions/conduct risk, and link it to dynamic enterprise risk assessments, onboarding/EDD thresholds, and explicit accept-mitigate-exit decisions. Support this with policy governance, regulatory change management, and training workflows so procedures and controls stay aligned to evolving obligations.
  3. Centralize Control Ownership, Surveillance Governance, and Compliance Assurance: Consolidate control evidence, case metrics, KRIs, and testing results into a governed platform with automated certifications, QA, and independent validation. This enables management to monitor alert backlogs, SLA adherence, onboarding overrides, and control effectiveness in real time and intervene before issues become systemic.

Insufficient Technology

  1. Build an Integrated Financial Crime Data and Surveillance Architecture: Create a centralized data environment that unifies customer, account, transaction, trading, issuer, ownership, and external-risk data to support behavioral analytics, network linkage detection, and end-to-end surveillance. This improves detection of complex schemes and eliminates fragmented monitoring across products and entities.
  2. Automate High-Risk Control Workflows with Event-Driven Decisioning: Deploy technology that automatically triggers sanctions reviews, identity verification, payment/reporting obligations, and exception workflows when key lifecycle events occur, with full audit trails and reason-code lineage. This reduces manual workarounds and ensures critical controls operate consistently at scale.
  3. Modernize Control Monitoring, Resiliency, and Channel Governance: Implement continuous control monitoring, real-time health checks, and resilient architectures across surveillance, execution, and communications channels, with regular audits and board reporting on control failures. This strengthens operational reliability while giving compliance leaders early warning of degraded control performance.

Process Design Flaw

  1. Redesign Client Lifecycle Processes Around Dynamic Risk and Event Triggers: Rebuild onboarding, CDD/EDD, periodic review, and offboarding processes so customer risk scores update continuously based on ownership changes, payment activity, trading behavior, adverse media, and sanctions events. This ensures monitoring intensity, restrictions, and escalation requirements adapt to actual risk rather than static onboarding profiles.
  2. Centralize Investigations, Case Management, and SAR/STR Governance: Establish a single investigations model with standardized workflows, evidence capture, QA, escalation rules, and management reporting across AML, sanctions, fraud, and market-abuse matters. This improves consistency, auditability, and timeliness of dispositioning alerts and filing suspicious activity reports.
  3. Implement Enterprise-Wide Risk-Based Surveillance and Control Design: Replace fragmented or threshold-driven monitoring with integrated surveillance and workflow controls that combine customer, transaction, trading, and external intelligence across business lines. Pair this with model/scenario governance, completeness testing, and continuous tuning so detection logic remains effective against evolving typologies.

Additional Thematic Analyses

Penalty Severity vs Root Cause

Examining whether specific root causes correlate with higher penalties can inform prioritization.

Total Allocated Penalty by Root Cause (Top 8)

Penalties allocated proportionally across findings by priority weight (high=3, medium=2, low=1).

  • Process Design Flaw: $32,941,458 (53 findings across 16 actions)
  • Governance Failure: $18,878,496 (33 findings across 14 actions)
  • Cultural/Tone Issues: $9,464,293 (7 findings across 6 actions)
  • Resource Constraints: $8,095,538 (8 findings across 5 actions)
  • Insufficient Technology: $6,900,510 (13 findings across 9 actions)
  • Information Siloing: $5,296,322 (7 findings across 6 actions)
  • Data Quality Issues: $2,640,619 (4 findings across 4 actions)
  • Data Governance: $137,500 (1 findings across 1 actions)

Temporal Patterns

Violation Period Statistics

  • Average violation duration: 1642 days
  • Median violation duration: 1460 days
  • Longest violation period: 5082 days
  • Shortest violation period: 60 days

AI Investment Themes

AI opportunities identified in enforcement actions are mapped directly to the root causes that drove each violation. For each of the top three root cause categories, the three highest-impact AI use cases are surfaced below, followed by an investment reference table.

Top Use Cases by Root Cause

Process Design Flaw

Missing controls, poor workflow design, or inadequate compliance procedures.

  1. (PD-1) Use rules-plus-AI workflow orchestration to detect reportable events from source records, route tasks, and monitor filing SLAs. Technology: Process Automation, Decision Support, Natural Language Processing

  2. (PD-2) Event-driven customer risk scoring triggered by alerts, adverse media, sanctions developments, and external inquiries. Technology: Predictive Analytics, Natural Language Processing, Decision Support, Probabilistic & Causal Methods

  3. (PD-3) Automated document extraction and entity resolution for ownership structures and control persons. Technology: Natural Language Processing, Process Automation, Graph-Based Learning, Computer Vision

Governance Failure

Weak oversight, unclear accountability, or insufficient board/senior management engagement.

  1. (GF-1) Automated analysis of policy documents, risk assessments, training logs, and control inventories to highlight regulatory gaps and testing priorities for the biennial review. Technology: Natural Language Processing, Process Automation, Decision Support, Explainable AI

  2. (GF-2) AI-assisted compliance review planner and evidence analyzer to prioritize testing areas, summarize findings, and track remediation activities. Technology: Process Automation, Natural Language Processing, Decision Support, Simulation & Optimization

  3. (GF-3) Adaptive e-learning with AI-generated micro-modules and quizzes tailored to roles (agents, brokers, admin) and observed knowledge gaps. Technology: Natural Language Processing, Generative AI, Adaptive Learning, Agentic Automation

Insufficient Technology

Legacy systems, lack of automation, or inadequate tooling for compliance obligations.

  1. (IT-1) AI-assisted alert triage and prioritization to rank surveillance exceptions by manipulation, execution, and AML risk for analyst review. Technology: Pattern Recognition, Process Automation, Decision Support, Explainable AI

  2. (IT-2) AI-assisted surveillance completeness testing to detect missing populations, excluded account types, and parameter mismatches between actual trading and monitoring coverage. Technology: Pattern Recognition, Process Automation, Explainable AI, Simulation & Optimization

  3. (IT-3) Intelligent workflow orchestration and alerting for EFT reporting deadlines, predicting which cases risk breaching the five-day submission window. Technology: Process Automation, Predictive Analytics, Agentic Automation

Investment Reference Table

Table 6: AI use case investment reference — expected benefit, ROI, and key risks
  Expected Benefit Estimated ROI Risks
Use Case      
PD-1 Improves timeliness and completeness of filings while reducing missed deadlines caused by manual tracking. 6-12 months Compliance Risk: AI should not replace deterministic legal filing triggers; Operational Risk: integration gaps may miss source events; Model Risk: misclassification of unstructured case notes
PD-2 Ensure emerging customer risk information is reflected faster and more consistently in CDD and EDD decisions. 6-12 months Model Risk: Weak data linkage could assign events to wrong customers; Compliance Risk: Risk scores must remain explainable and reviewable; Reputational Risk: Adverse media models may over-trigger on weak allegations
PD-3 Reduce manual ownership review effort, improve consistency, and surface opaque or high-risk ownership structures earlier. 6-12 months Model Risk: OCR or extraction errors could misidentify owners; Compliance Risk: Human validation remains necessary for legal entity onboarding; Operational Risk: Vendor dependency for external corporate data
GF-1 Reduces manual effort in preparing and scoping independent reviews; improves completeness and consistency of coverage across regulatory requirements. 12–18 months through time saved on reviews and earlier detection of material compliance weaknesses. Over-reliance on AI summaries, missing nuanced issues detectable only via expert judgment; Potential misalignment between AI-detected gaps and regulator expectations; Need for strong access controls to protect sensitive compliance data
GF-2 Reduces manual effort in planning and documenting reviews, standardizes workpapers, and strengthens the evidence trail for regulatory examinations. Payback within 6–12 months through reduced external consulting needs and more efficient internal reviews. Overdependence on AI suggestions instead of professional judgment; Potential documentation gaps if workflows are not configured correctly; Need to clearly distinguish AI-generated notes from reviewer conclusions
GF-3 Improves training relevance and retention, automates content updates aligned with policy changes, and generates detailed training records for FINTRAC exams. Estimated 30–40% efficiency gain in training development and administration within 12 months. Inaccurate or non-compliant content if generative outputs are not properly reviewed; Need to evidence that training content covers all mandatory regulatory topics; Data privacy for any user performance data used to adapt training
IT-1 Reduces backlog, improves review timeliness, and focuses analysts on highest-risk exceptions first. 6-12 months Model Risk: Poor labels from weak historical closures may bias prioritization; Compliance Risk: Need auditable rationale for deprioritized alerts; Operational Risk: Overreliance on automation could hide queue build-up
IT-2 Improves surveillance coverage assurance and reduces risk that entire business lines are omitted from AML monitoring. 6-12 months Compliance Risk: Incomplete source data may cause false assurance; Model Risk: Detection logic may miss novel exclusions without periodic tuning; Operational Risk: Overreliance on vendor or model outputs without manual validation
IT-3 Minimizes late EFT filings by proactively surfacing at-risk reports and automating routine steps in the reporting process. 6–12 months through avoided penalties and reduced manual tracking effort. Operational dependency on the AI workflow engine, requiring robust fallback procedures; Alert fatigue if configuration is not tuned to focus on genuine deadline risks; Need to ensure clear human accountability remains for final submissions

Appendix

Priority Level Definitions

Priority levels are assigned using a deterministic decision tree applied during document extraction:

  • High — penalty >$10M attributable to this gap; regulator labelled the conduct “egregious”; gap enabled actual illegal activity; or criminal referral was made
  • Medium — significant control weakness attracting explicit regulatory criticism; contributed to the penalty but was not the primary driver
  • Low — documentation or procedural gap only; technical non-compliance with no evidence of exploitation

Data Sources

  • Primary Data: Regulatory enforcement action records (regbriefs-Q12026.csv)
  • Fields Analyzed: Entity, regulator, industry, penalty amounts, violation periods, findings by domain, root causes, priorities
  • Time Period: 2012-2026
  • Geographic Coverage: 3 countries, 6 regulators

Source Documents

Entity Regulator Source Document(s)
Cetera Advisors LLC; Cetera Wealth Services, LLC (formerly Cetera Advisor Networks LLC); Cetera Investment Services LLC FINRA
Caleen Financial Services B.V. DNB (NL) [1] [2] [3]
Jonathon M. Webster FINRA [1]
Boustead Securities, LLC; Sutter Securities Incorporated; Keith Charles Moore FINRA [1]
Navy Capital Green Management, LLC SEC
Commerciale I.C. - Pacific Inc. (also operating as I.C. - Pacific Trading Inc.) FINTRAC [1]
TreasureMeta Corporation (registered with FINTRAC as Cappo FX Inc.) FINTRAC [1]
Century 21 Heritage Group Ltd. FINTRAC [1]
Manor Windsor Realty Ltd. FINTRAC [1]
IMG Academy, LLC OFAC [1]
Undisclosed Individual (U.S. Person-1) OFAC [1]
Canaccord Genuity LLC FINRA [1]
Herold & Lantern Investments, Inc. FINRA [1]
Canaccord Genuity LLC FinCEN [1]
Canaccord Genuity LLC SEC [1]
TradeStation Securities, Inc. OFAC [1]
Stash Capital LLC FINRA [1]
The Ultima Global Markets (USA), Inc. FINRA [1]
Northern Isga Foundation FINTRAC [1]
Stash Capital LLC FINRA [1]

Report Generated: 2026-04-04 14:31:03

Report Period: Q1 2026

Footnotes

  1. Findings are discrete compliance gaps identified within each enforcement action document. Each enforcement action may contain multiple findings across one or more compliance domains.↩︎

  2. See [Appendix: Priority Level Definitions] for the criteria used to assign each priority level.↩︎