By Rory Doyle, Principal Regulatory Specialist, Fenergo
The Disconnect Between Compliance Budgets and Rising Fines
In an era where financial crime evolves by the day, financial institutions are investing significant amounts to stay one step ahead. According to Fenergo’s research, financial institutions in the US have earmarked 32% of their 2025 operations budget to client and investor lifecycle management. However, Fenergo’s analysis of publicly available data reveals that in the first half of 2025, North American regulators imposed $1.06 billion in fines – a striking 565% increase compared to the same period in 2024.
This sharp increase in fines suggests that solid operations budgets and business as usual is not enough to safeguard financial institutions from sizeable penalties. Financial institutions are operating among geopolitical tensions and global markets that are growing ever more intricate. Globally, regulatory scrutiny is increasing for sanctions compliance, fines issued in this area went from $3.7m in H1 of 2024 to $228.8m in the same period this year. Financial institutions from both buy-side and sell-side organisations, require new ways to pro-actively stay ahead of market and regulatory shifts. Introducing audit-ready AI allows organizations to anticipate compliance challenges rather than simply respond to them.
A Broader and Deeper Regulatory Net
The surge in penalties isn’t a reaction to sudden misconduct; it reflects years of regulatory inquiry and data-driven supervision. Enforcement cycles that began years ago are now maturing, producing a high number of penalties and setting new requirements for accountability.
Amid today’s geopolitical climate, governments are using sanctions as foreign policy and national security tools, which put financial institutions under heightened regulatory scrutiny. Firms that fail to update their sanction controls with speed and precision are exposing themselves to heightened penalties and reputational risk.
A growing wave of enforcement penalties highlights how regulatory expectations for technology and governance are evolving. Regulators now want more than just documentation of systems and policies, they expect tangible proof that these measures are effective. Outdated manual workflows, fragmented data, and reactive compliance approaches are increasingly viewed as critical vulnerabilities.
What This Means for Trading Firms and Investment Managers
For the sell side, exposure often originates in high-volume client onboarding, correspondent relationships, and cross-border trading activity. Fragmented systems or legacy onboarding processes can create blind spots that invite regulatory risk.
For buy side organisations, challenges are concentrated in fund distribution networks, beneficial ownership transparency, and due diligence on counterparties and intermediaries. With a growing regulatory focus on sanctions, and investor suitability, buy-side compliance functions need to be increasingly vigilant, as even indirect exposure to sanctioned individuals or organisations can lead to breaches with the regulators.
Both sides share a common pressure point: the need for real-time, data-driven visibility across the client lifecycle. Without that visibility, firms risk failing to identify high-risk exposures at multiple stages throughout the client lifecycle.
The Added Costs of Poor Compliance Operations
For firms with fragmented compliance operations, exposure to regulatory fines is not the only risks they face. Poorly orchestrated compliance operations also impact the bottom line. Research from Fenergo found that seventy percent of financial institutions worldwide lost clients in the past year due to slow onboarding. Clients now demand a streamlined and seamless onboarding experience, and they are willing to go elsewhere if their first impressions don’t reflect that expectation.
Slow onboarding isn’t simply due to a lack of adequate investment by financial institutions. Annual costs on AML/KYC operations for US firms now stand at an average of $72.2m. Firms are investing significant amounts to try to balance the need for regulatory requirements with client expectations. Yet, the sheer cost of operations coupled with record client abandonment rates show that old approaches are no longer sustainable.
Practical Strategies Exist to Stay Ahead of Scrutiny
Financial institutions can rise to the challenge by rethinking their operating models to proactively seek out compliance risks. Rather than relying on standardized, one-size-fits-all frameworks, institutions must conduct enterprise-wide risk assessments that consider specific business lines, customer segments, and geographic exposures through the lens of today’s regulatory environment. Enhanced due diligence should be applied proportionally to higher-risk relationships, avoiding blanket de-risking that can push away legitimate clients.
Equally critical is the modernization of sanctions compliance. Institutions need dynamic systems that incorporate real-time updates, escalation frameworks, and strong governance structures. Beneficial ownership transparency is also rising on the agenda. Regulators expect firms to capture, validate, and regularly update ownership data, supported by clear audit trails and board-level oversight.
Regulators are increasingly looking for firms to leverage modern compliance solutions to stay ahead of financial crime. AI powered tools can enable real-time transaction monitoring that reduces false positives and can even surface hidden risks. Agentic AI also offers promising results for perpetual KYC (pKYC). Today’s AI tools can deliver continuous reviews and can trigger new checks when risks change. By adopting agentic AI, institutions can transform compliance from a labor-intensive, reactive process into a proactive, scalable, and regulator-ready capability. Crucially, when paired with strong governance and human oversight, agentic AI offers not only efficiency but also a greater level of resilience and responsiveness compared to traditional systems.
Finally, institutions must cultivate a strong compliance culture. Compliance cannot be viewed as the responsibility of a single function. Both buy-side and sell-side professionals can take ownership, when they are supported by clear accountability, adequate resources, and visible leadership commitment. For digital finance institutions who are new to regulatory oversight, the importance of good communication and transparency with the regulators cannot be overstated. To master this roadmap, the industry can partner with technology firms who have experience of working with regulators and traditional financial institutions.
Planning and a Proactive Response is Key
H1 2025 has made one thing undeniable: US regulators are turning guidance into action, and enforcement is reaching record highs. For risk leaders, the choice is to respond defensively and risk falling behind, or embrace innovation, data integrity, and agentic AI to stay ahead. The institutions that will thrive are those that:
· Adopt data-driven compliance frameworks aligned with real-time market operations
· Utilize AI intelligently to streamline onboarding, scale periodic reviews and ensure data is regulatory-ready
· Integrate compliance and business strategy, turning regulatory readiness into competitive differentiation
Proactivity is the new protection. Firms that act now by modernizing controls, unifying data, and demonstrating governance strength will not only avoid penalties but also earn investor and regulatory trust.
