Welcome to the November Enforcement Actions Roundup — our monthly look at the enforcement activity from the past month, what went wrong, and what financial institutions (FIs) can learn from it.
This roundup features two key resources:
- Enforcement Actions Tracker: A running tally of actions by agency, category, and topic — making it easy to spot enforcement trends and emerging hot spots.
- Enforcement Deep Dive: A closer look at each action, including what happened, key takeaways, and the controls your FI should revisit to avoid similar missteps.
Let's get started.
Related: Bookmark the Ncontracts Enforcement Action Tracker to search the latest enforcement actions by date, category, and regulator.
2025 Enforcement Action Tracker
| Fair Lending | Advertising | AML/CFT | Underwriting | UDAAP | Electronic Funds Transfers | Insider Activities | Flood Insurance | Financial Risk | Concentration | Military Lending | |
| CFPB | 1 | 2 | 4 | 1 | 1 | ||||||
| OCC | 3 | 1 | 8 | 3 | |||||||
| FRB | 1 | 1 | 1 | ||||||||
| FDIC | 5 | 3 | 1 | 1 | 1 | 10 | 5 | ||||
| NCUA |
Enforcement Actions Deep Dive: October 2025
CFPB Enforcement Actions
There were no institutional enforcement actions issued by the CFPB in October 2025.
OCC Enforcement Actions
OCC Issues Enforcement Action Against Bank for BSA/AML/CFT Violations
- Category: Governance, Risk, and Compliance
- Topic: AML/CFT
- Date: September 18, 2025; Released October 16, 2025
- Regulation: 31 CFR 1010; 31 CFR 1020; 12 CFR 21
- Enforcement Action
- Related Guidance: FFIEC BSA/AML Manual
The OCC issued an enforcement action against a bank for unsafe or unsound practices and failures related to Bank Secrecy Act/Anti-Money Laundering/Countering the Financing of Terrorism (BSA/AML/CFT) compliance.
The bank failed to maintain a qualified BSA/AML/CFT Officer and properly train personnel to support the BSA/AML/CFT program. Consequently, the bank did not file timely and accurate Suspicious Activity Reports (SARs) and lacked effective procedures for investigating and responding to high-risk transactions.
The OCC also found that the Customer Due Diligence (CDD) program was deficient in collecting and analyzing customer information, resulting in inaccurate risk profiles. Additionally, the institution’s internal controls failed to monitor money laundering and terrorist financing risks adequately. It was also unable to conduct independent validation of its monitoring systems.
Takeaways
FinCEN recently issued Frequently Asked Questions Regarding Suspicious Activity Reporting Requirements. While the FAQs seem to relieve some of the burdens around suspicious activity reporting, this enforcement action signals that it remains a top priority for current agency leadership. The key now is to avoid changing processes and procedures in response to deregulation to an unsafe degree.
To prevent similar violations, institutions must prioritize maintaining a strong BSA/AML/CFT program. Equally important is the commitment to staffing and governance. Banks must appoint a qualified BSA/AML/CFT Officer with sufficient authority and resources, supported by a team with appropriate expertise and training. The board should conduct annual reviews of BSA/AML staffing adequacy and ensure that roles, responsibilities, and escalation protocols are clearly defined.
SAR procedures should be standardized and regularly reviewed to ensure timely and accurate filings. Further, institutions must have risk-based CDD programs that consider product and service offerings, customer behavior, geography, and transaction patterns to maintain accurate risk ratings. Lastly, independent testing is crucial to ensure monitoring systems are effective and capture all relevant information.
Controls to Evaluate
- Assigned Compliance Officer: The BSA/AML/CFT compliance officer, appointed by the board of directors, is responsible for coordinating and monitoring day-to-day BSA/AML/CFT compliance, and for managing all aspects of the BSA/AML/CFT compliance program and regulatory requirements. The individual(s) responsible for the overall program are qualified and have access to suitable resources.
- Comprehensive Training: Specialized comprehensive training for designated BSA/AML/CFT compliance officers and other compliance officers on BSA/AML/CFT regulatory requirements is in place. The training includes program management responsibilities, ML/TF risk assessment methodologies, compliance monitoring techniques, independence maintenance, and leadership skills, with ongoing education requirements and competency assessments.
- AML/CFT Compliance Program: A comprehensive AML and CFT Compliance Program is in place. The program includes robust policies, procedures, and internal controls to detect, prevent, and report money laundering and terrorist financing activities. Key components of the program are a risk-based Customer Due Diligence (CDD) process, including a Customer Identification Program (CIP) and ongoing monitoring of customer transactions. The program also includes mechanisms for suspicious activity monitoring and reporting, ensuring timely identification, review, and filing of Suspicious Activity Reports (SARs) with the appropriate authorities, and a sanctions compliance framework to prevent dealings with sanctioned individuals, entities, and countries. All aspects of the AML/CFT Program are well-documented, regularly reviewed, and updated to address emerging risks and regulatory changes.
- BSA/AML/CFT Systems: BSA/AML/CFT systems are in place that support CDD requirements including automated customer risk rating algorithms, beneficial ownership identification tools, high-risk customer flagging capabilities, enhanced due diligence workflow management, ongoing monitoring automation, and transaction monitoring systems that detect unusual patterns, structured transactions, rapid movement of funds, transactions inconsistent with customer profiles, geographic risk indicators, and suspicious relationship activities to ensure effective customer risk assessment and ongoing oversight.
- SAR Procedures: Comprehensive SAR procedures are in place requiring systematic suspicious activity identification and reporting including properly structured monitoring systems with risk-based filtering criteria, complete SAR process management from detection through filing within required timeframes, thorough narrative documentation standards, currency structuring detection across multiple dimensions, repeat SAR filing for ongoing suspicious activity, SAR confidentiality protection, record retention compliance, board reporting requirements for SAR filings, and law enforcement cooperation protocols to ensure effective suspicious activity reporting and prevent regulatory violations and money laundering facilitation.
Related Ncontracts Content in Your Platform
- Ncomply Sample Policies: BSA/AML/ CFT Policy
- Nrisk Risk Assessments: BSA/AML CFT Risk Assessment
- Nverify Audits: BSA/AML/OFAC Compliance Review; BSA/AML/OFAC Audit
FRB Enforcement Actions
There were no institutional enforcement actions issued by the FRB in October 2025.
FDIC Enforcement Actions
There were no institutional enforcement actions issued by the FDIC in October 2025.
NCUA Enforcement Actions
There were no institutional enforcement actions issued by the NCUA in October 2025.
Compliance doesn’t have to be complicated. Ncomply unifies your compliance efforts in a single platform — streamlining oversight, connecting teams, and helping you stay proactive amid regulatory change.
See how it works in a quick product tour.
Subscribe to the Nsight Blog
.png)
Enforcement Actions Roundup: May 2025
.png)
Enforcement Actions Roundup: February 2025
-1.png)