https://www.zyphe.com/resources/aml-enforcement-tracker A continuously updated feed of major AML, KYC, and sanctions enforcement actions and identity-data breaches. Free to cite, with attribution to Zyphe. en Wed, 10 Jun 2026 15:28:25 GMT https://www.zyphe.com/resources/blog/pra-enforcement-action-2026-bank-of-london-fine enforcement-bank-of-london-group Thu, 01 Jan 2026 00:00:00 GMT Integrity/governance Regulator: PRA — Jurisdiction: UK — Integrity/governance — The PRA fined Bank of London Group £2 million for integrity failings and inadequate cooperation over misrepresenting its capital position. https://www.zyphe.com/resources/blog/gdpr-transparency-enforcement-2026-edpb-sweep enforcement-eu-gdpr-transparency-sweep-edpb Thu, 01 Jan 2026 00:00:00 GMT GDPR enforcement Regulator: EDPB / 25 EU DPAs — Jurisdiction: EU — GDPR enforcement — 25 EU regulators launched a coordinated GDPR transparency enforcement sweep affecting how KYC flows present data processing. https://www.zyphe.com/resources/blog/idmerit-data-breach-centralized-identity-verification-risk enforcement-idmerit Thu, 01 Jan 2026 00:00:00 GMT Data breach Regulator: — — Jurisdiction: US — Data breach — IDMerit left roughly one billion identity records (203M tied to US residents) in a database with no authentication, access control or encryption — downloadable by anyone with the URL. https://www.zyphe.com/resources/blog/aml-compliance-legal-sector-2026-sra-enforcement enforcement-ranson-houghton-llp Thu, 01 Jan 2026 00:00:00 GMT AML/BSA fine Regulator: SRA — Jurisdiction: UK — AML/BSA fine — The SRA fined Ranson Houghton LLP for AML failures, signalling AML enforcement expanding beyond banks into legal services. https://www.zyphe.com/resources/blog/sumsub-security-breach-kyc-provider-lessons enforcement-sumsub Thu, 01 Jan 2026 00:00:00 GMT Data breach Regulator: — — Jurisdiction: Global — Data breach — A breach via a malicious attachment on a third-party support platform went undetected for 18 months (Jul 2024–Jan 2026). https://www.zyphe.com/resources/blog/coinbase-data-breach-2025 enforcement-coinbase Wed, 01 Jan 2025 00:00:00 GMT Data breach Regulator: — — Jurisdiction: US — Data breach — Overseas support agents (contracted via TaskUs) were bribed to abuse privileged access, exfiltrating data on ~70,000 users (~1% of customers), including masked SSNs, government IDs and balances. https://www.zyphe.com/resources/aml-enforcement-tracker#td-bank enforcement-td-bank Tue, 01 Oct 2024 00:00:00 GMT AML/BSA fine Regulator: DOJ, FinCEN, OCC, Federal Reserve — Jurisdiction: US — AML/BSA fine — TD Bank pleaded guilty and paid about $3 billion for Bank Secrecy Act and money-laundering failures — the largest bank ever to plead guilty to conspiracy to commit money laundering. ~$1.8B DOJ, $1.3B FinCEN, $450M OCC, $123.5M Federal Reserve. https://www.zyphe.com/resources/aml-enforcement-tracker#binance enforcement-binance Wed, 01 Nov 2023 00:00:00 GMT AML/BSA fine Regulator: DOJ, FinCEN, OFAC, CFTC — Jurisdiction: Global/US — AML/BSA fine — Binance agreed to pay more than $4.3 billion to US authorities; founder CZ pleaded guilty, paid a $50M personal fine and stepped down. FinCEN $3.4B civil penalty + 5-year monitorship; OFAC $968M.