Database
Browse enforcement actions and breaches
Search by entity, regulator, or keyword. Filter by action type, jurisdiction, and year. Sort any column to compare penalties and dates.
Showing 8 of 8 actions
| Jurisdiction | Analysis | |||||
|---|---|---|---|---|---|---|
Bank of London Group The PRA fined Bank of London Group £2 million for integrity failings and inadequate cooperation over misrepresenting its capital position. | PRA | UK | £2M | Integrity/governance | Read analysis about Bank of London Group | |
EU GDPR Transparency Sweep (EDPB) 25 EU regulators launched a coordinated GDPR transparency enforcement sweep affecting how KYC flows present data processing. | EDPB / 25 EU DPAs | EU | — | GDPR enforcement | Read analysis about EU GDPR Transparency Sweep (EDPB) | |
IDMerit IDMerit left roughly one billion identity records (203M tied to US residents) in a database with no authentication, access control or encryption — downloadable by anyone with the URL. | — | US | — | Data breach | Read analysis about IDMerit | |
Ranson Houghton LLP The SRA fined Ranson Houghton LLP for AML failures, signalling AML enforcement expanding beyond banks into legal services. | SRA | UK | — | AML/BSA fine | Read analysis about Ranson Houghton LLP | |
Sumsub A breach via a malicious attachment on a third-party support platform went undetected for 18 months (Jul 2024–Jan 2026). | — | Global | — | Data breach | Read analysis about Sumsub | |
Coinbase Overseas support agents (contracted via TaskUs) were bribed to abuse privileged access, exfiltrating data on ~70,000 users (~1% of customers), including masked SSNs, government IDs and balances. | — | US | ~$400M est. impact | Data breach | Read analysis about Coinbase | |
TD Bank TD Bank pleaded guilty and paid about $3 billion for Bank Secrecy Act and money-laundering failures — the largest bank ever to plead guilty to conspiracy to commit money laundering. ~$1.8B DOJ, $1.3B FinCEN, $450M OCC, $123.5M Federal Reserve. | DOJ, FinCEN, OCC, Federal Reserve | US | $3B | AML/BSA fine | — | |
Binance Binance agreed to pay more than $4.3 billion to US authorities; founder CZ pleaded guilty, paid a $50M personal fine and stepped down. FinCEN $3.4B civil penalty + 5-year monitorship; OFAC $968M. | DOJ, FinCEN, OFAC, CFTC | Global/US | $4.3B | AML/BSA fine | — |
Bank of London Group
£2MIntegrity/governanceUKPRA
The PRA fined Bank of London Group £2 million for integrity failings and inadequate cooperation over misrepresenting its capital position.
Takeaway: Regulators want the data trail behind the numbers: source, calculation, sign-off, validation date.
Read analysis about Bank of London GroupEU GDPR Transparency Sweep (EDPB)
—GDPR enforcementEUEDPB / 25 EU DPAs
25 EU regulators launched a coordinated GDPR transparency enforcement sweep affecting how KYC flows present data processing.
Takeaway: KYC data-collection transparency is now a coordinated enforcement priority.
Read analysis about EU GDPR Transparency Sweep (EDPB)IDMerit
—Data breachUS—
IDMerit left roughly one billion identity records (203M tied to US residents) in a database with no authentication, access control or encryption — downloadable by anyone with the URL.
Takeaway: Centralised identity databases are honeypots; the breach needed no sophistication.
Read analysis about IDMeritRanson Houghton LLP
—AML/BSA fineUKSRA
The SRA fined Ranson Houghton LLP for AML failures, signalling AML enforcement expanding beyond banks into legal services.
Takeaway: AML obligations now bite professional-services firms, not just financial institutions.
Read analysis about Ranson Houghton LLPSumsub
—Data breachGlobal—
A breach via a malicious attachment on a third-party support platform went undetected for 18 months (Jul 2024–Jan 2026).
Takeaway: A centralised KYC provider is only as secure as its weakest integration; 18-month dwell time is a monitoring failure.
Read analysis about SumsubCoinbase
~$400M est. impactData breachUS—
Overseas support agents (contracted via TaskUs) were bribed to abuse privileged access, exfiltrating data on ~70,000 users (~1% of customers), including masked SSNs, government IDs and balances.
Takeaway: An insider/controls failure, not a hack. Privileged access to a central PII store is the attack surface.
Read analysis about CoinbaseTD Bank
$3BAML/BSA fineUSDOJ, FinCEN, OCC, Federal Reserve
TD Bank pleaded guilty and paid about $3 billion for Bank Secrecy Act and money-laundering failures — the largest bank ever to plead guilty to conspiracy to commit money laundering. ~$1.8B DOJ, $1.3B FinCEN, $450M OCC, $123.5M Federal Reserve.
Takeaway: More than 90% of transaction volume was never fed into automated monitoring — a coverage gap, not a tuning problem.
Binance
$4.3BAML/BSA fineGlobal/USDOJ, FinCEN, OFAC, CFTC
Binance agreed to pay more than $4.3 billion to US authorities; founder CZ pleaded guilty, paid a $50M personal fine and stepped down. FinCEN $3.4B civil penalty + 5-year monitorship; OFAC $968M.
Takeaway: Compliance-light by design is now treated as a federal crime, not a growth tactic.
Methodology
How this tracker is sourced
Accuracy first — every entry is built to be cited.
Entries are compiled from public regulator announcements and primary reporting — including the US Department of Justice, FinCEN, OCC, Federal Reserve, OFAC and CFTC; the UK PRA and SRA; and the EDPB together with national EU data-protection authorities. Figures reflect the headline penalties as announced.
Penalty amounts are shown in their originally announced currency; a single USD value is used internally for numeric sorting. A dash (“—”) indicates a breach or action with no associated monetary penalty. Data-breach entries record the disclosed scope rather than a fine.
This is a living dataset, updated as new actions are announced. Spotted an error or have a correction or source to add? Email hello@zyphe.com.
Book a demo
Eliminate risk and work smarter with Zyphe AI
Book a demo with our team. See agents triage L1 alerts, complete EDD cases, and run KYB reviews against your real workflows.