This thing still on?

In all seriousness, hope you all have been doing well! If you’ve noticed, I kind of…sort of…took a hiatus from our little thing here, including the broader fintech community. For the last 6 months, I made a conscious decision to step away entirely from all of this. Even LinkedIn. No fancy announcement, just a necessary, intentional disconnection for a variety of personal reasons, ranging from family matters to a massive marathon training block.

While the Chronicles went quiet, my focus on the industry’s moving parts did not. Stepping back from the daily ‘feed’ allowed me to prioritize health and recalibrate my perspective without the constant noise of the platform. So I’m returning with a much more disciplined cadence and a tighter focus on the stories that actually matter. As we turn the page on 2025, we take one final look at the 10 biggest stories in the fintech compliance world while we were away for the last 6 months; not just here in the US at the federal level, but in states and even around the globe. In tried and true tradition with some of our past editions, this is yet another series. This week we’ll focus on #10 and #9, with more coming over the next few weeks. Let’s dive in:

10. A £1 Million+ Data Integrity Screw-Up (that the FCA notices)

In the UK, the Financial Conduct Authority (FCA) - essentially the UK’s equivalent of the Securities & Exchange Commission (SEC) in the US - demonstrated that it has lost patience with firms that cannot manage their data. On July 29, the FCA fined Sigma Broking Limited £1,087,300 for transaction reporting failures. Interestingly, this story didn’t get a lot of play in the news beyond more technical legal publications, but this is a bigger indicator of where regulatory scrutiny is going (at least for British fintech) and we thought we’d start off by highlighting it.

Who is Sigma? Most of you tech savvy folks may have heard of Sigma Computing, which is a company that specializes in analytics and visualization. (Don’t worry, this isn’t a third/fourth party service provider horror story). This is actually a different company altogether - Sigma Broking is best described as a broker’s broker. Think of them as the plumbing that moves millions of dollars for the world’s biggest players, including investment banks, hedge funds, and massive portfolio managers. Sigma helps these giants move government bonds, oil and stock indices.

So what went wrong? The origin story for this screw-up comes back to MiFID II, an massive EU reg that became law in 2018 and among many things, requires institutions to deliver strict reporting on financial trades. While some may hear the phrase “regulatory reporting” and think “necessary evil,” to the regulator (in this case the FCA) it is a critical tool in their fight against market manipulation. And coming to Sigma, in this case - right from the jump of their MiFID reporting in 2018 - they transposed “Buyer” and “Seller” fields for what they were sending to the FCA to the tune of 924,584 transactions. In terms of what the reporting looked like to to the FCA, they were seeing the client as the seller and Sigma as the buyer - for all of their transactions. Meaning that Sigma looked like it was just the buyer on trades constantly, when in reality they are an intermediary and do both. To make matters worse, this lasted for 5 years and was never caught, all while they actually got an earlier action levied against them (in 2022) by the very same FCA on a related but different matter that was significant enough to lead the FCA to ban the CEO from senior management, essentially forcing his exit.

You would think that would alert them to beef up the internal controls, but no - it was the FCA that ultimately found the issue, and as is the case with many regulators they do not take it easy on what they consider “repeat offenders.” The FCA is pretty transparent about its methodology, and in this case they decided to double the base fine and apply a 40% aggravation increase due to the repeat nature of the offense, along with failure to self-report and not doing anything about the previously identified issue.

And speaking of the fine, one might be tempted to see £1 million and think “okay that’s bad, but how bad is it really?” For a private firm like Sigma Broking, a £1.08 million fine is a seismic event, not a line item. While a global bank might lose that much in a rounding error, this penalty represents roughly 3.5% of Sigma’s total net assets (£31.2M).

To put that in perspective: for an individual earning £100,000, this is the financial equivalent of a sudden, non-negotiable £3,500 bill. It’s enough to wipe out annual bonuses, freeze hiring, and force a complete audit of every internal system.

Sigma would have probably argued that they were on top of it after 2022, it just took them a while. But to the FCA, they saw a company that took 7 months to acknowledge the error, then over a year to remediate it, bringing in a third party to help them, and still couldn’t get things right. On top of this, a few months before the 2025 issue was publicly announced, Sigma announced they were putting themselves up for sale, while the new CEO resigned. What a mess.

To me, the biggest lesson here is that you can’t just fix a problem and expect that issues will be resolved. In fintech/banking/financial services compliance, it is critical that you not only solve a problem, but then put controls in place to make sure you can catch similar issues in the future should they occur. Had Sigma built an internal control environment, performed more internal audits, and reviewed their system logic, they would have probably avoided this mess.

9. The Multi-State Regulatory Surge

These pages have been very focused on the CFPB, in 2023 and 2024. Obviously, 2025 has been a different story. With the agency on the verge of shutdown (which - spoiler alert - is one of the 10 stories we’re covering), attention has shifted to state regulators. And no name loomed larger than the NYDFS, which historically has been seen as proposing NY-based rules that are precursors to activity later undertaken at the federal level (something that was apparent as early as 2014).

The new wrinkle is that this era has seen the rise in significance of the multi-state approach. Although this approach started showing up in 2020 for state regulatory exams (yours truly is a proud participant of a few of these in the past), the stakes are higher in the wake of federal pullbacks. The NYDFS is the example we use, and specifically their action against Wise for $4.2 million in July along with Massachusetts, Texas, California, Minnesota and Nebraska.

As a reminder, Wise used to be known as TransferWise, and historically has been a significant player in the overseas money transfer game (along with its biggest rival, MoneyGram) having been around since 2011. In the last five years, they decided to drop the “Transfer” while on the cusp of going public, and since then have wildly diversified their offerings, getting into everything from business cards to QuickBooks functionality while also expanding their global footprint.

But where there’s smoke there’s trouble. Leading up to this fine, there has been a flurry of activity suggesting all may not be well. Right as the company was going public, one of the co-founders stepped down as chair and a year later, the other (who was the CEO) was busted for tax evasion by our friends at the FCA. And in 2024, they got caught up in the mess with Evolve Bank, announcing their customers may have been impacted by a data breach.

The specifics of the action focus on failure to file SARs timely, inaccurate/incomplete data feeding their transaction monitoring, and failure to perform independent reviews of the AML program frequently enough. These are pretty basic failures, and suggest a story of a company that has had leadership issues while trying to expand its focus, and forgetting to do the simple things (SARS and transaction monitoring are about as core as it comes in AML governance).

As for the fine itself and the multi-state approach? Fine-wise, the amount is not much as $4.2 million is a drop in the bucket for a company with net assets of over £1 billion. But the multi-state nature of this is the more interesting aspect. The action was coordinated by the Conference of State Bank Supervisors (CSBS) (which has been around since 1902 and is best known for running the National Multistate Licensing System and the State Examination System) in conjunction with the Money Transmitter Regulators Association (MTRA) which started more recently in 1989 and focuses specifically on money transmitters and payments.

Both of these orgs have been around for a long time conducting multi-state exams, but what has been interesting is their recent proclamation - after testing it for a few years, the CSBS formally launched their “One Company, One Exam” framework this year of which there was a component called “Networked Supervision” - essentially, it allows states to pool resources and conduct a single, massive exam on a company rather than 50 individual ones. And the other bit to note here, it wasn’t just a bunch of states under the CSBS doing an exam on banking requirements, those same states were able to cover money transmitter license (MTL) requirements as well. Double-edged sword for the company - less exams, but way more hinging on a big one (and essentially the equivalent of a large federal exam).

The CSBS and MTRA continue to work closely beyond exams as well, having collaborated in the past on a report calling out bank de-risking practices that result in them terminating accounts for licensed fintechs without valid justification. I would say best to buckle in and watch the state regulatory space closely in the coming year. The Wise action tells us that multi-state exams are not just going to be administrative check the box exercises, but could very well be poised to replace the rigor of what CFPB exams used to bring pre-2025.

Next Time and In Closing

Join us next week as we bring you the #8 and #7 Fintech Compliance stories of 2H 2025. I’ll give you a hint with a word and picture. The word? “Mini-CFPB”. The picture?

Now, in closing and some housekeeping. To the 2,000+ of you who stayed subscribed, the small batch of people on Substack who decided to subscribe even though I didn’t produce anything for half a year, and the dozens who reached out about the podcast or pings - thank you. I’m currently triaging a mountain of messages. If I haven’t replied, it’s not for a lack of interest, but a commitment to moving forward with intentionality.

Finally, a note on the ‘Year-End Recap’ season. LinkedIn is currently a sea of ‘humbled and honored’ victory laps. But I know that for many of you, 2025 was a year of layoffs, personal loss, and quiet struggles that don’t make it into a highlight reel. If you’re just happy to have made it to December 31st, you’re in good company. Let’s make 2026 about the humans behind the compliance tech.

See you next week and happy new year!

~~

Further reading:

1. 2025 fines | https://www.fca.org.uk/news/news-stories/2025-fines

2. FCA fines Sigma Broking Limited for transaction reporting failures https://www.fca.org.uk/news/press-releases/fca-fines-sigma-broking-limited-transaction-reporting-failures

3. Final Notice 2025: Sigma Broking Limited - FCA https://www.fca.org.uk/publication/final-notices/sigma-broking-limited-2025.pdf

4. Notice in a nutshell: Broker fined for MiFIR transaction reporting failures https://connections.nortonrosefulbright.com/post/102l10p/notice-in-a-nutshell-broker-fined-for-mifir-transaction-reporting-failures

5. Sigma Brokings Compliance Collapse - A Case Study in Reporting Failures https://vinciworks.com/blog/sigma-brokings-compliance-collapse-a-case-study-in-reporting-failures/

6. Bank and Financial Services Orders | Mortgage Enforcement Actions - DFS https://www.dfs.ny.gov/industry_guidance/enforcement_actions

7. NYDFS and Other State Regulators Impose $4.2 Million Penalty on Money Transmitter

   https://www.consumerfinanceandfintechblog.com/2025/07/nydfs-and-other-state-regulators-impose-4-2-million-penalty-on-money-transmitter/

8. One Company, One Exam - Driving Forward Change - CSBS
   https://www.csbs.org/one-company-one-exam-driving-forward-change