The Cost of Non-Compliance: Lessons from Recent Fines

Billions in fines. Evolving enforcement. Here’s what every compliance leader should take away from recent SEC and FINRA crackdowns.

The Record Keeping Reckoning

Since 2021, the SEC and FINRA have intensified their focus on off-channel communications. That means texts, WhatsApps, and other informal messages between employees and clients—when they go unmonitored and unarchived, regulators step in.

And the penalties have been anything but symbolic.

    • More than 100 firms have been fined over $2.2 billion since the off-channel initiative began (IQ-EQ).
    • FY 2024 alone saw over $600 million in fines against more than 70 firms (BCLP).
    • In January 2025, 12 more firms settled for a combined $63 million (Kirkland & Ellis).

One of the clearest takeaways: compliance gaps aren’t just risky—they’re expensive.

What the Fines Reveal

A few clear themes have emerged in enforcement actions:

1. Self-reporting matters. Firms that proactively disclosed violations were fined as little as $600K. Others paid up to $12M for the same misconduct.

2. The rules are evolving. Earlier settlements required external consultants. More recent ones have allowed internal audits instead, suggesting expectations are shifting—but not relaxing.

3. There’s no such thing as retroactive fairness. Firms hoping to renegotiate past settlements based on newer, more lenient terms were firmly rejected.

4. The scope is widening. Municipal advisors and financial institutions are now in the crosshairs alongside broker-dealers and investment advisers.

What Regulators Expect in 2025

The FINRA 2025 Oversight Report and Regulatory Notice 25-07 have made one thing clear: there is no such thing as an informal business conversation.

Firms are now expected to:

    • Tailor supervision to each platform. iMessage, WhatsApp, Slack—each tool carries unique risks that require purpose-built compliance strategies.
    • Vet all third-party tools. If a feature can’t be captured and archived, it must be disabled.
    • Monitor AI-generated content. Firms need systems in place to review and store GenAI-created communications.
    • Detect off-channel behavior. Advanced tools like keyword monitoring and behavioral analytics are now table stakes.

Where Enforcement Is Headed Next

Compliance teams shouldn’t expect a slowdown. Instead, expect:

More tailored penalties. We may see a shift from flat fines to risk-based assessments—with firm size, cooperation, and tech investment all factored in.

AI in enforcement. Just as firms are using behavioral analytics for compliance, regulators are adopting it for detection and accountability.

Greater pressure to self-report. Cooperation is the clearest path to reduced penalties.

Global coordination. Expect more joint actions from the SEC, FINRA, and CFTC—plus overseas regulators.

Your Compliance Checklist

To avoid being the next headline, firms should:

    • Conduct regular gap analyses across departments.
    • Invest in AI-driven surveillance tools that span all messaging platforms.
    • Prioritize training and culture-building around compliant communications.
    • Maintain thorough documentation of every tool, policy, and remediation step.

The Bottom Line

Off-channel communications enforcement isn’t a trend. It’s the new norm. Firms that fail to evolve their compliance posture will pay for it—literally. But those that embrace advanced monitoring, proactive disclosure, and culture-wide accountability will turn compliance from a liability into a competitive advantage.