Blog & News

53MB of Persona government dashboard code sat unprotected on a FedRAMP server. What the incident reveals about centralised identity verification and why your users data may not be where you think.

For years, financial institutions operated under a comfortable paradigm: if a customer was defrauded, the loss was theirs to bear, and compliance meant little more than following a checklist. That era is over.

In the first half of 2025, financial regulators issued 139 fines totaling $1.23 billion for AML, KYC, and sanctions violations, a 417% increase in value compared to the same period in 2024. Crypto exchanges drove a significant share of that total: OKX paid $504 million to the US Department of Justice in February 2025, and Binance settled a $4.3 billion criminal resolution with DOJ, FinCEN, and OFAC in November 2023, the largest corporate criminal penalty in crypto history. These were not small operators with no compliance teams. They were major global exchanges with compliance programmes that failed to hold up under scrutiny.