Enforcement Themes

Key Takeaways

Regulators globally are converging on the same core reporting failures: missing reporting, data inaccuracy, late submissions, weak governance, and slow remediation.

Enforcement outcomes are increasingly tied to the strength of a firm’s systems, controls, and supervision-not just the reporting errors themselves.

The most damaging consequence is often not the fine, but the lasting impact: reputational harm, increased supervisory scrutiny, and sustained operational oversight.

Firms can reduce risk by treating reporting as a controlled operational process: validated, reconciled, continuously monitored, and backed by accountable governance.

Qomply recently conducted research around the common enforcement themes across major regulators,including the CFTC (US), FCA (UK), ESMA (Europe), MAS (Singapore), ASIC(Australia), HKMA/HKTR (Hong Kong) and CSA (Canada).

Whilst many regulators do not publish enforcement actions, those that do publish appear to point to the same recurring reporting breakdowns. Where enforcement notices aren’t public or easily searchable, regulators publish rulebooks, reporting manuals, and supervisory communications that set the same expectations. The underlying messaging and warnings are remarkably consistent.

Common Reporting Failures

It may come as no surprise however regulators across jurisdictions repeatedly highlight the following deficiencies:

• Failure to report - including missing submissions and, in derivatives regimes, issues connected to outstanding/open positions.
• Incomplete or inaccurate reporting - where regulators cannot rely on the dataset for market integrity, surveillance, or systemic risk analysis.
• Incorrect primary economic terms - including core fields and identifiers (e.g., notional, price/rate, UTI/UTI handling, lifecycle/event sequencing).
• Late submissions or systematically missed deadlines - including breaches of “T+1” style reporting expectations.
• Slow remediation - delays in correcting known issues, back-reporting, and restoring data integrity at scale.
• Weak systems and governance - inadequate supervision, testing, monitoring, and controls to prevent recurrence.
• Repeat offences - where firms fail to fix previously identified failures, resulting in persistent or repeated breaches.

Determining Penalties

When imposing penalties, regulators typically assess a consistent set of aggravating and mitigating factors-often centred on the severity, duration, impact, and the firm’s governance and remediation response.

1. Duration of the issue
   How long did the problem persist before being identified or remediated?
2. Volume and scale of affected records
   Were hundreds, thousands, or millions of transactions incorrectly reported?
3. Sophistication and role of the firm
   Should the firm, given its size and resources, reasonably have had stronger systems and controls?
4. Quality of remediation
   Did the firm promptly self-identify, self-report, correct/back-report, and implement structural improvements?
5. Supervisory failings
   Regulators frequently add “failure to supervise” where oversight, governance, or testing was inadequate-linking enforcement outcomes directly to the strength of systems & controls.

What Hurts the Most

Financial penalties can be significant, but they are often not the most damaging outcome. The long-term cost typically comes from:

• Reputational damage
• Loss of trust from clients and counterparties
• Increased supervisory scrutiny
• Heightened operational and compliance oversight for years after the breach

Rebuilding trust requires demonstrating that reporting is not only submitted, but also validated, reconciled, and governed with seriousness. Regulators increasingly expect proactive governance, robust controls, and continuous improvement.

---

Sources

1. FCA - “FCA issues first fine for transaction reporting failures under MiFIR” (Press release, 29 Jan 2025). View
2. CFTC - “CFTC Orders Three Financial Institutions to Pay Over $50 Million for Swap Reporting Failures…” (Press release, 29 Sep 2023). View
3. ASIC - “Westpac pays $127,250 to comply with infringement notice penalty” (Media release, 27 Jun 2017). View
4. CSA - Staff Notice 96-308 “Derivatives Trade Reporting – Notice of Significant Error or Omission” (1 May 2025). View (PDF)
5. Reuters - “CIBC fined $1.25 mln by CFTC for swap reporting delays” (24 Sep 2024). View
6. Reuters - “Bank of New York Mellon to pay $5 mln over swap reporting, supervision failures, CFTC says” (26 Aug 2024). View
7. Reuters - “JPMorgan to pay $100 million over CFTC trade reporting violations” (23 May 2024). View
8. Reuters - “Barclays to pay $4 mln to settle US CFTC charges over swap reporting” (1 Oct 2024). View

Top 5 FAQs: Regulatory Reporting Failures

What are the most common regulatory reporting failures?

Common Failures include missing or incomplete reports, inaccurate data, incorrect identifiers (such as UTIs), late submissions, and weak governance or controls.

Why do firms struggle with regulatory reporting accuracy?

Firms often face challenges due to fragmented systems, manual processes, unclear ownership, and complex requirements across jurisdiction.

Which regulators are most focused on reporting quality?

Regulators including the FCA, ESMA, CFTC, MAS, ASIC, and CSA all prioritise reporting accuracy and have taken enforcement action for persistent faliures.

How do regulators assess the seriousness of reporting issues?

Regulators consider how long the issue persisted, the number of impacted reports, the firm's sophistication, remediation speed, and the strength of oversight and governance.

What should firms do when a reporting problem is identified?

Firms are expected to investigate root cause, correct submissions quickly, complete any required back-reporting, and strengthen controls to prevent recurrence.