Enforcement Themes

Qomply recently conducted research around the common enforcement themes across major regulators,including the CFTC (US), FCA (UK), ESMA (Europe), MAS (Singapore), ASIC(Australia), HKMA/HKTR (Hong Kong) and CSA (Canada).

Whilst many regulators do not publish enforcement actions, those that do publish appear to point to the same recurring reporting breakdowns. Where enforcement notices aren’t public or easily searchable, regulators publish rulebooks, reporting manuals, and supervisory communications that set the same expectations. The underlying messaging and warnings are remarkably consistent.

Common Reporting Failures

It may come as no surprise however regulators across jurisdictions repeatedly highlight the following deficiencies:

• Failure to report - including missing submissions and, in derivatives regimes, issues connected to outstanding/open positions.
• Incomplete or inaccurate reporting - where regulators cannot rely on the dataset for market integrity, surveillance, or systemic risk analysis.
• Incorrect primary economic terms - including core fields and identifiers (e.g., notional, price/rate, UTI/UTI handling, lifecycle/event sequencing).
• Late submissions or systematically missed deadlines - including breaches of “T+1” style reporting expectations.
• Slow remediation - delays in correcting known issues, back-reporting, and restoring data integrity at scale.
• Weak systems and governance - inadequate supervision, testing, monitoring, and controls to prevent recurrence.
• Repeat offences - where firms fail to fix previously identified failures, resulting in persistent or repeated breaches.

Determining Penalties

When imposing penalties, regulators typically assess a consistent set of aggravating and mitigating factors-often centred on the severity, duration, impact, and the firm’s governance and remediation response.

1. Duration of the issue
   How long did the problem persist before being identified or remediated?
2. Volume and scale of affected records
   Were hundreds, thousands, or millions of transactions incorrectly reported?
3. Sophistication and role of the firm
   Should the firm, given its size and resources, reasonably have had stronger systems and controls?
4. Quality of remediation
   Did the firm promptly self-identify, self-report, correct/back-report, and implement structural improvements?
5. Supervisory failings
   Regulators frequently add “failure to supervise” where oversight, governance, or testing was inadequate-linking enforcement outcomes directly to the strength of systems & controls.

What Hurts the Most

Financial penalties can be significant, but they are often not the most damaging outcome. The long-term cost typically comes from:

• Reputational damage
• Loss of trust from clients and counterparties
• Increased supervisory scrutiny
• Heightened operational and compliance oversight for years after the breach

Rebuilding trust requires demonstrating that reporting is not only submitted, but also validated, reconciled, and governed with seriousness. Regulators increasingly expect proactive governance, robust controls, and continuous improvement.

---

Sources

1. FCA - “FCA issues first fine for transaction reporting failures under MiFIR” (Press release, 29 Jan 2025). View
2. CFTC - “CFTC Orders Three Financial Institutions to Pay Over $50 Million for Swap Reporting Failures…” (Press release, 29 Sep 2023). View
3. ASIC - “Westpac pays $127,250 to comply with infringement notice penalty” (Media release, 27 Jun 2017). View
4. CSA - Staff Notice 96-308 “Derivatives Trade Reporting – Notice of Significant Error or Omission” (1 May 2025). View (PDF)
5. Reuters - “CIBC fined $1.25 mln by CFTC for swap reporting delays” (24 Sep 2024). View
6. Reuters - “Bank of New York Mellon to pay $5 mln over swap reporting, supervision failures, CFTC says” (26 Aug 2024). View
7. Reuters - “JPMorgan to pay $100 million over CFTC trade reporting violations” (23 May 2024). View
8. Reuters - “Barclays to pay $4 mln to settle US CFTC charges over swap reporting” (1 Oct 2024). View