Breaking Enforcement Actions
What went wrong — and what compliance teams should learn from it.
Every major SEC, DOJ, FINRA, and state enforcement action, broken down for practitioners. Not press release summaries — actual analysis of what failed, what regulators cited, and what your program needs to have ready.
◆ Updated weekly · US-focused
◆ What you'll find here
Not press releases. Practitioner analysis.
◆ 01
Practitioner analysis
Not repackaged press releases. Every case is broken down into what failed, what regulators cited, and the specific compliance gaps that led to enforcement.
◆ 02
Compliance lessons
Every case includes actionable takeaways. What controls were missing, what documentation would have helped, and what your program should have ready.
◆ 03
US-focused
SEC, DOJ, FINRA, OCC, FinCEN, and state regulators. Covering the agencies and enforcement patterns that matter to US financial services teams.
◆ When a finding hits your desk
Track issues before they become enforcement actions.
Every case on this page started with findings someone didn't track, remediate, or escalate. The Issues Management Tracker is built for teams managing MRAs, audit findings, and self-identified issues.
Issues Management Tracker & Template
A structured issues management system that tracks findings from internal audits, regulatory exams, and self-identified issues through to closure. Includes root cause analysis templates, remediation planning tools, and executive reporting dashboards designed for financial services governance. Whether it's an MRA from your last exam or an internal finding your ops team flagged, this tracker keeps everything in one place with clear owners, due dates, and status. The executive dashboard gives your board and risk committee a snapshot without you having to build a slide deck every month. Designed for teams managing 10–200 open issues at any given time.
- ◆ Issues log and tracking register
- ◆ Root cause analysis template
- ◆ Remediation action plan template
- ◆ Management reporting dashboard
- ◆ Regulatory exam tracking module
- ◆ Closure validation checklist
58+
Enforcement actions analyzed
5+
Agencies covered · SEC · DOJ · FINRA · OCC · state AGs
US
Federal & state enforcement actions
● Latest cases
Enforcement actions.
Regulatory Compliance
CFPB's New Enforcement Principles: What the Bilt Case Tells You About How the Bureau Intends to Police Consumer Finance
The CFPB published its new Enforcement Principles on June 22, 2026 — a four-pillar framework that explicitly narrows when the Bureau will pursue formal action. The Bilt case, resolved without penalties the same week, is the first real-world example of what those principles look like applied.
Regulatory Compliance
NCUA 2026 Supervisory Priorities: What Credit Union Examiners Are Testing for AI, Lending, and BSA/AML Compliance
The NCUA released its 2026 supervisory priorities in January — six focus areas that will define every credit union exam this year. Here's what examiners are specifically testing: loan quality metrics, AI governance documentation, BSA risk-based tailoring, third-party vendor oversight, and fraud controls for payment systems.
Regulatory Compliance
Regulation E and P2P Payment Scam Liability: What the $175M Cash App Consent Order Tells Banks About Their Investigation Process
The CFPB's $175M consent order against Block/Cash App wasn't about the fraud — it was about the investigation process. Here's what financial institutions must document, how the 10-business-day clock works, and where authorized P2P scam liability actually lives.
Regulatory Compliance
Nacha ACH Fraud Monitoring Phase 2: The June 22 Compliance Deadline Every Financial Institution Is Treating as Optional (It Isn't)
Nacha's Phase 2 ACH fraud monitoring rules take effect June 19, 2026, eliminating the volume threshold and covering every non-consumer originator, TPSP, third-party sender, and RDFI. Here's who's covered, what's required, and the documentation checklist before the deadline.
Regulatory Compliance
NYDFS Part 500 Enforcement in 2025-2026: What $25 Million in Fines Reveals About What Regulators Actually Check
NYDFS has issued more than $25 million in Part 500 cybersecurity fines since January 2025 — against PayPal, eight auto insurers, Healthplex, and Delta Dental. The violation patterns are consistent. Here's what every covered entity needs to fix before they're next.
Regulatory Compliance
SEC's Final Judgment Against Black Hawk's Robert Newell: How a $37M Cannabis Fund Became a Ponzi Case Study
Robert Newell raised $37M for cannabis funds and used investor money to pay earlier investors. Here's the May 2026 SEC judgment and what private-fund advisers should learn from it.