The largest anti-money laundering penalty ever imposed on a broker-dealer has been issued, and regulators are making clear it is not just about one firm.

On March 8, 2026, the U.S. Treasury’s Financial Crimes Enforcement Network (FinCEN) issued an $80 million civil penalty against a U.S. broker-dealer for willful violations of the Bank Secrecy Act. The enforcement action was coordinated across FinCEN, the SEC, and FINRA, making it a multi-regulator settlement with broad implications for the industry.

What Went Wrong

The consent order outlines a compliance program that failed across several interconnected areas over multiple years. The firm’s AML deficiencies were most pronounced in its handling of microcap and over-the-counter securities trading, a segment that carries elevated financial crime risk and demands heightened compliance attention.

At least 160 suspicious activity reports were not filed, connected to thousands of transactions across dozens of OTC securities that showed clear indicators of potentially manipulative or suspicious activity. Regulators emphasized that these gaps directly deprived law enforcement of intelligence critical to identifying potential market abuse, a point that carries weight beyond this single case.

The order also found that AML surveillance infrastructure was not scaled to match the firm’s trading volume. Compliance staff reviewing alerts were overwhelmed and undertrained, leaving the program structurally unable to keep pace with the risks running through the platform. Customer due diligence procedures compounded the problem, with higher-risk accounts permitted to transact in U.S. markets without adequate scrutiny.

The Regulatory Message

FinCEN Director Andrea Gacki called the action a “wake-up call to broker-dealers that willfully fail to comply with their obligations to safeguard the financial system from illicit actors.” The coordinated involvement of the SEC and FINRA alongside FinCEN signals that regulators are aligned in their expectations, and their willingness to act.

The firm has since overhauled its compliance leadership, expanded AML staffing, and enhanced its surveillance and monitoring systems. But regulators made clear that those corrections came too late to avoid consequences.

What This Means for Compliance Teams

The enforcement action sends a clear signal that regulators expect AML programs to keep pace with both trading volume and emerging market risks. The enforcement order points to patterns compliance teams can and should audit against internally. A few places to start:

SAR filing processes: Are your current procedures keeping pace with trading volume? Gaps in suspicious activity reporting, particularly in higher-risk product areas like OTC and microcap securities, are a clear regulatory red flag.

Staffing and training: Compliance staff buried in alerts without adequate training or resources can’t effectively assess risk. Evaluate whether your team has what it needs to do the job, not just whether the job is technically getting done.

Customer due diligence: Higher-risk accounts require heightened scrutiny before and during their activity on your platform. Review whether you’re onboarding and ongoing monitoring procedures reflect the actual risk profile of your client base.

AML programs that look sufficient on paper but can’t function at scale are exactly what regulators are targeting. This case makes that expectation explicit, and the record-setting penalty makes the stakes clear.