Greg Kilminster
Head of Product - Content
SEC director outlines enforcement priorities
In a speech at the Securities Enforcement Forum in Washington, DC, Sanjay Wadhwa, Acting Director of the US Securities and Exchange Commission’s (SEC) Division of Enforcement, emphasised the agency’s commitment to robust enforcement across the financial industry. His remarks highlighted three key focus areas: recordkeeping compliance, whistleblower protections, and the value of cooperation with SEC investigations.
Recordkeeping violations and the “WhatsApp initiative”
Wadhwa spotlighted the SEC’s ongoing “off-channel communications initiative,” colloquially referred to as the “WhatsApp initiative.” This programme aims to ensure that regulated entities comply with federal recordkeeping laws by capturing all relevant communications. He explained that noncompliance with these rules “thwarts effective oversight of the industry, harming investors.”
In fiscal year 2024, the SEC levied $600 million in penalties on more than 70 firms, marking a cumulative total of $2 billion in fines since the initiative launched in 2021. The Division recently filed cases involving municipal advisers for the first time under this initiative, signalling the SEC’s commitment to “comprehensive industry compliance.”
Reflecting on the initiative’s impact, Wadhwa noted that firms are increasingly adopting improved recordkeeping measures, self-reporting issues, and implementing “remedial measures.” He emphasised, “The best measure of the success of the initiative is how it has changed industry behaviour.”
Whistleblower protections under scrutiny
Wadhwa also stressed the importance of safeguarding whistleblowers' ability to report violations to the SEC, saying, “The SEC’s whistleblower programme plays a critical role in our ability to effectively detect wrongdoing, protect investors and the marketplace, and hold violators accountable.”
The SEC has brought multiple enforcement actions in recent years targeting agreements that impede whistleblowers. This includes confidentiality or employment agreements that restrict individuals from contacting the SEC or which seek to prevent employees from receiving financial rewards for whistleblowing. To address these barriers, the SEC has recently issued significant penalties against firms violating whistleblower protection rules.
Wadhwa expressed hope that these actions would have a “significant deterrent effect,” and pointed out the heightened industry focus on the topic as evidence of the SEC’s impact. “The outlook is promising,” he said, noting that whistleblower rights are now frequently discussed at industry panels and conferences.
Cooperation with SEC investigations
Wadhwa highlighted the SEC’s efforts to encourage firms and individuals to self-report violations and cooperate fully with investigations. He referenced a speech by former Enforcement Director Gurbir Grewal, who emphasised the SEC’s approach, stating, “work with us and we’ll work with you.” Wadhwa explained that cooperation benefits both parties, as it may lead to reduced penalties and quicker resolution of cases, adding that proactive compliance measures also serve to protect investors.
He illustrated this point with recent cases involving JPMorgan, which self-reported misconduct and voluntarily paid over $100 million in restitution to affected investors. By stepping up, Wadhwa explained, firms not only resolve investigations more efficiently but also shield investors from future risk by strengthening their compliance frameworks.
Wadhwa acknowledged concerns from legal professionals regarding the consistency of cooperation credit. While he recognised that “we don’t have a formal policy that guarantees certain outcomes,” he stressed that “our message is clearly being heard” by firms willing to take proactive steps toward compliance.
A broad impact across the industry
Wadhwa closed his remarks by highlighting the cumulative effect of the SEC’s enforcement actions, beyond individual penalties. “An important part of [enforcement] is to hold bad actors accountable,” he said. “But a crucial purpose is to deter future violations and promote compliance throughout the industry.”
As the SEC prepares to release its full enforcement report for fiscal year 2024, Wadhwa anticipates that the figures will demonstrate the Division’s ongoing commitment to investor protection and regulatory integrity. The Division’s focus on recordkeeping, whistleblower protections, and incentivising cooperation, he argued, sends a clear message to the industry: compliance is not optional.
Click here to read the full RegInsight on CUBE's RegPlatform.
SEC’s Examinations director calls for industry collaboration to strengthen compliance
In a speech at the 2024 National Compliance Outreach Seminar, Keith E Cassidy, Acting Director of the US Securities and Exchange Commission’s (SEC) Division of Examinations, spoke about the essential role of compliance within financial services, especially in a fast-evolving market landscape marked by technological innovation, economic instability, and growing cybersecurity threats.
Reflecting on recent years of disruption, Cassidy acknowledged the pivotal role of compliance professionals: “Each of you are committed to the long-term success of strengthening compliance and protecting investors.” He pointed out the mounting challenges that industry professionals face, given factors such as the ongoing shift to virtual business models, advancements in artificial intelligence, and an increasingly decentralised workforce.
Adapting to the complexities of a changing market
Cassidy outlined the Division’s Four Pillars, which frame its mission to “promote compliance, prevent fraud, monitor risk, and inform policy.” These guiding principles drive the Division’s examination work with entities across the financial sector.
“EXAMS has a unique mission and role at the Commission,” Cassidy stated, as he detailed the Division’s oversight of an extensive range of financial market participants. He emphasised the Division’s need to continuously adapt its examination priorities to align with new technologies and the evolving risks they pose, including the impact of cryptocurrency and artificial intelligence on compliance practices. Noting the Division’s upcoming 30th anniversary, Cassidy reflected on the growth of digital and automated trading, which, while “democratising finance,” introduces new compliance challenges for firms and regulators alike.
He added, “When compared to the industry we examine, we are a fraction of a vast landscape and must leverage all tools at our disposal—including technology and communications to increase efficiency and effectiveness.”
Fostering a compliance culture
Cassidy highlighted the importance of fostering a proactive compliance culture across the industry. “Our examinations, coupled with your effective compliance programs, are essential elements of our collective shared interest in investor protection and preserving market integrity,” he said. Stressing the need for compliance programmes to be strong and adaptable, Cassidy stated, “Strong investor protection requires empowered compliance professionals and strong cultures of compliance within firms.”
A notable development in the Division’s approach to promoting compliance is a shift in its communication strategy. Cassidy explained that the Division now releases its examination priorities earlier in the fiscal year. This change allows compliance officers to integrate these priorities into their annual planning and resource allocation discussions more effectively. “By announcing our priorities earlier, we are more closely aligned with the fiscal year, which drives our work, transparency and messaging,” Cassidy said. He encouraged compliance officers to thoroughly review the Fiscal Year 2025 Priorities document.
Using communication as a tool for compliance
Cassidy pointed to the Division’s extensive use of risk alerts to keep industry professionals informed. Since 2011, the Division has issued more than 70 alerts, covering a broad spectrum of regulatory concerns. “Our risk alerts raise awareness of compliance and industry risks and are meant to encourage firms to think about their own policies and procedures in particular areas,” he explained. These alerts offer firms an opportunity to evaluate their practices against regulatory observations made during SEC examinations, enabling them to make proactive adjustments.
In addition to written guidance, Cassidy stressed the Division’s active engagement with the industry through regional seminars, workshops, and conferences. This outreach is part of a deliberate effort to “create a roadmap for strengthening compliance and investor protection,” he said. He voiced his satisfaction in hearing that Chief Compliance Officers (CCOs) leverage these communications to advocate for appropriate resources and budgets within their firms, given the shared goal of investor protection.
Recognising the role of compliance professionals
Cassidy closed by thanking compliance professionals for their commitment to advancing investor protection and promoting compliance standards across the industry. “We share a common commitment to protecting our nation’s savers and investors,” he said, expressing optimism about the continued partnership between the SEC and the industry.
Click here to read the full RegInsight on CUBE's RegPlatform.
CFPB fines Navy Federal Credit Union $95m for illegal overdraft fees
The Consumer Financial Protection Bureau (CFPB) has ordered Navy Federal Credit Union, the largest credit union in the US, to refund more than $80 million to customers and pay a $15 million penalty after finding the institution illegally charged overdraft fees. The agency’s investigation revealed that Navy Federal charged fees on transactions even when customers’ account balances initially showed sufficient funds, only applying fees when transactions posted and caused negative balances days later.
The fees, tied to Navy Federal’s “Optional Overdraft Protection Service” (OOPS), generated nearly $1 billion from 2017 to 2021, with an average of $44 million annually in surprise fees. Additionally, Navy Federal charged fees on transactions with payment services like Zelle, PayPal, and Cash App, where customers believed funds were immediately available, only to be penalised due to delayed posting times.
CFPB Director Rohit Chopra condemned the practices as harmful “junk fees” targeting active-duty service members and veterans. The CFPB order requires Navy Federal to:
- refund $80 million to affected customers,
- cease specific overdraft fees, including those on delayed postings and sufficient-balance transactions, and
- pay a $15 million civil penalty to the CFPB’s victims relief fund.
This enforcement marks the CFPB’s largest fine against a credit union and aligns with the agency’s recent efforts to combat unexpected and unfair banking fees.
Click here to read the full RegInsight on CUBE's RegPlatform.
Australian regulator announces new stress tests, operational standards, and climate risk assessment
In a speech at the Financial Services Institute of Australasia’s Regulators event, Therese McCarthy Hockey, Executive Board Member of the Australian Prudential Regulation Authority (APRA), laid out APRA’s agenda for 2025. She addressed the regulator’s initiatives for maintaining stability in the financial system amid increasing economic uncertainties, including new stress testing measures, heightened operational standards, and a climate vulnerability assessment for insurers.
System-wide stress test to examine financial interconnections
A central focus of McCarthy Hockey ‘s address was APRA’s upcoming System Risk Stress Test, designed to assess potential risks across the banking and superannuation sectors. Set to begin in early 2025, the test will evaluate how a severe market disruption could affect liquidity, asset markets, and operational stability. She explained, “The scenario will contain significant disruptions to financial markets, which will help us explore the impacts of liquidity stress between super funds and banks.”
This system-wide approach reflects APRA’s recognition of increased interconnectivity in and amongst financial markets. APRA anticipates that the test will deepen understanding of risks across sectors, particularly for superannuation trustees, who, she noted, “typically have less stress testing experience and capability than the banking sector.”
New operational risk standards under CPS 230
McCarthy Hockey also highlighted the importance of robust operational risk management in light of recent incidents like the CrowdStrike outage in July. She discussed the upcoming CPS 230 Operational Risk Management standard, which requires APRA-regulated entities to improve their resilience against risks such as cyber disruptions, industrial disputes, or physical infrastructure failures. “We are keeping a far closer eye on industry implementation of the new CPS 230 Operational Risk Management,” she stated, adding that APRA will closely monitor compliance when the standard comes into effect in July 2025.
Assessing climate risks to financial stability
Another key priority for APRA is understanding how climate change could affect the financial system. McCarthy Hockey introduced APRA’s Climate Vulnerability Assessment (CVA) for the general insurance industry, involving Australia’s five largest household insurers. The initiative, she explained, “examines the potential impact of climate change on household insurance affordability out to 2050.” By analysing climate risks, APRA aims to guide industry efforts to maintain insurance affordability in the face of natural disasters and climate-related disruptions.
Governance standards to be reviewed
McCarthy Hockey announced that APRA would soon publish a discussion paper on potential updates to its governance and “fit and proper” prudential standards. Noting that the last revision of these standards was about a decade ago, she emphasised that APRA’s proposals would bring governance standards in line with modern practices and global standards. The review will focus on key areas including board accountability, skills, and integrity, which, she said, are intended to “improve accountability for board performance and embed better practice.”
Industry-specific priorities for banking, superannuation, and insurance
McCarthy Hockey outlined APRA’s sector-specific goals for 2025, with a focus on banking and superannuation. In response to the collapse of Silicon Valley Bank last year, APRA will conduct a broad review of liquidity requirements for banks, as well as a review of feedback on proposals to phase out certain forms of capital. “We will also be reviewing our licensing framework for banks to see if it continues to strike the right balance between encouraging greater competition and protecting financial stability,” she noted.
In superannuation, APRA will intensify its oversight of trustee spending to ensure it aligns with members’ best interests, and will closely monitor trustees’ preparations for the Financial Accountability Regime, due in March. This includes assessing liquidity stress preparedness and the effective implementation of retirement income obligations.
For the insurance sector, APRA is leading an insurance data transformation project, aimed at increasing transparency around factors driving premium rises. Hockey noted that APRA is working with stakeholders across government and industry to close the “household insurance protection gap,” an issue exacerbated by climate-related risks and premium increases.
Strategic plan for turbulent times
McCarthy Hockey concluded by reaffirming APRA’s commitment to its strategic priorities during this period of economic volatility. With a multi-pronged approach addressing interconnected financial risks, operational resilience, and climate impact, Hockey expressed confidence in APRA’s agenda for 2025, asserting, “In these uncertain times, we believe APRA’s strategic plan is the right one.”
Click here to read the full RegInsight on CUBE's RegPlatform.
ASIC highlights priorities amid rising consumer and technological risks
In a speech at the Financial Services Institute of Australasia’s Regulators event, ASIC Commissioner Alan Kirkland outlined the Australian Securities and Investments Commission's (ASIC) priorities for the coming year, emphasising consumer protection and resilience in an increasingly complex regulatory landscape. Kirkland highlighted key areas where ASIC is intensifying efforts, including responses to economic pressures, climate-related financial risks, and the rapid evolution of digital technology.
Rising financial pressures and consumer hardships
Kirkland began by acknowledging the effect of recent economic pressures on Australian households, with inflation, rising interest rates, and increased rent costs placing a significant strain on household budgets. He pointed to a record level of complaints to the Australian Financial Complaints Authority (AFCA), particularly regarding financial hardship assistance, as a signal of the challenges consumers face in seeking support. “Many Australians have been doing it tough – and when they have asked for help, they have not always been heard,” Kirkland remarked, noting that some lenders’ processes are so burdensome that “one in three Australians dropped out at least once” during hardship support processes.
Amidst this environment, ASIC is particularly focused on business models that attempt to bypass consumer credit laws, often targeting vulnerable consumers. Kirkland warned of companies that “purport to help people to manage their debts” but may exploit the financially vulnerable.
Climate change and insurance pressures
Kirkland highlighted climate change as a major risk for the financial system, noting that more frequent natural disasters have exacerbated insurance affordability stress for millions of Australians. According to the Actuaries Institute, approximately 1.6 million households now face “insurance affordability stress,” with premiums consuming over four weeks of gross household income.
In light of these pressures, Kirkland stressed the need for insurers to adapt to the surge in claims related to extreme weather events, describing these events as “business as usual” rather than extraordinary.
Challenges and opportunities from new technologies
Turning to technological developments, Kirkland discussed the rapid adoption of artificial intelligence (AI) and advancements in payment technologies, both of which are transforming consumer interactions with financial services. He acknowledged the potential for new technologies to benefit consumers but warned of their risks, particularly in the area of fraud. “Scammers used technology to steal $2.7 billion from Australians last year,” he said, adding that ASIC is working with the National Anti-Scam Centre to address these risks. International criminal organisations continue to exploit technologies, including cryptocurrency, to facilitate scams, despite ASIC’s efforts to shut down fraudulent websites.
ASIC’s strategic priorities for 2024-25
In response to these challenges, Kirkland outlined ASIC’s five strategic priorities for 2024-25:
- Improving consumer outcomes: work on financial hardship assistance and consumer credit, reflecting ASIC’s core commitment to consumer protection. “Improving consumer outcomes is first and foremost,” Kirkland stated, adding that it reflects ASIC’s “strong track record of enforcement outcomes in recent years.”
- Addressing climate change-related financial risks: ASIC will continue monitoring how insurers manage claims after major climate events, ensuring they can withstand the pressures of an increasingly volatile climate environment.
- Pursuing better retirement outcomes and member services: Kirkland emphasised that ASIC’s focus extends beyond superannuation to include financial advice models that impact retirement savings, aiming to prevent the erosion of superannuation balances through poor advice practices.
- Enhancing digital resilience and safety: This priority includes overseeing the use of AI by licensed entities and cracking down on investment scams. ASIC seeks to bolster the security and resilience of digital financial services to protect consumers from evolving digital threats.
- Promoting consistency and transparency across markets: This area includes efforts to understand shifts in public and private markets, with the goal of ensuring transparency and maintaining market integrity.
Kirkland concluded by reinforcing ASIC’s longstanding commitment to consumer protection, which he described as being “in our DNA at ASIC.” He urged financial service professionals to align with ASIC’s emphasis on consumer-focused outcomes, stating, “high standards of professional practice are surely ultimately about producing good outcomes for your customers.”
Click here to read the full RegInsight on CUBE's RegPlatform.
FATF publishes latest risk assessment guidance
In its latest guidance on conducting National Risk Assessments (NRAs) for money laundering, the Financial Action Task Force (FATF) highlights the importance of a comprehensive and evolving approach to understanding and mitigating money laundering (ML) risks. This guidance highlights FATF Recommendation 1, which mandates that countries "identify, assess, and understand" their ML risks and take appropriate action to mitigate them.
The NRA process, as outlined, is central to a country’s anti-money laundering and counter-terrorist financing (AML/CFT) framework. A strong NRA allows a country to establish a foundation for AML/CFT strategies that align with its specific risk landscape, spanning both domestic and international threats. Conducting an NRA involves assessing ML and terrorist financing (TF) risks across various factors, including sectoral and geographic vulnerabilities. Based on these findings, countries can allocate resources more effectively and tailor AML/CFT measures to the level of risk.
This guidance document is structured into three key sections:
- NRA Preparation and Set-up: This phase includes crucial preliminary steps, such as securing political commitment, establishing inclusive mechanisms, defining objectives, and gathering data. These prerequisites, while not always sequential, lay the groundwork for a focused analytical approach.
- Assessing and Understanding Money Laundering Risks: This section provides a structured framework for threat and vulnerability analysis. While no specific methodology is prescribed, countries are encouraged to tailor the NRA process according to their capacity and unique risk contexts.
- Post-NRA Actions: The final section suggests steps for countries to ensure their AML/CFT measures reflect the risks identified. This includes communicating findings to stakeholders, adapting strategies as needed, and refining the NRA process over time.
The guidance reflects experiences from 90 countries across the FATF network, highlighting best practices and common challenges. One of the key insights is the need for NRAs to be dynamic—constantly adjusting to emerging risks. Additionally, the report emphasises the significance of an evidence-based, data-driven approach in NRAs and advocates collaboration across agencies and stakeholders to build a holistic understanding of ML risks.
Although not a formal standard, this guidance aims to assist countries in implementing NRAs that are responsive to their unique risks and regulatory environments, with examples that accommodate countries at various stages of AML maturity. As the FATF notes, developing a culture of continuous risk assessment is essential for sustainable and effective AML frameworks worldwide.
Click here to read the full RegInsight on CUBE's RegPlatform.