Cross-border distribution: Examples of penalties for non-compliance

In this article, we look at some interesting examples and trends regarding enforcement for breaching financial services marketing rules, as well as enforcement actions relating to crypto assets. 

Enforcement in financial services regulation

A range of enforcement trends have caught our eye at aosphere lately. We are seeing regulators becoming increasingly open about their approaches to enforcement and areas of focus, although examples of public enforcement actions remain relatively rare. Even where examples of public cases are rare, it is worth noting that many regulators may take action on a private basis. Firms also need to bear in mind that there is always a risk that an investor may seek rescission if they can point to marketing/promotion activities having been undertaken in breach of the regulatory framework. 

A summary of some interesting examples/trends is set out below. 

A spotlight on reverse enquiry

We are continuing to see regulators flag reliance on reverse enquiry as an area of focus, but reports of public enforcement in this area remain low. In its guidelines published in December 2024, ESMA announced a stricter approach to reverse enquiry in the application of the Markets in Crypto Assets Regulation (MiCA) to third country firms, but it remains to be seen if a similar tightening of approach will be seen beyond the scope of MiCA - see our article on Reliance on reverse enquiry in the EU for discussion. 

However, note that in France, in April 2021, the AMF enforcement committee sanctioned a firm and an individual for activities in relation to a reverse enquiry. The enforcement committee noted that reverse solicitation, by nature unpredictable and at the sole initiative of a client, is not compatible with the use of a standard pre-drafted document provided in advance by a promoter to substantiate a reverse solicitation.

We do ask counsel to consider this specific point at aosphere, as to whether standard form confirmations are recommended for use in reverse enquiry situations in their jurisdiction or whether this is something to be avoided.

Insights regarding the priorities/approaches of regulators

• In the UK, the FCA had previously announced that it intended to publicise information about ongoing enforcement investigations, including “naming and shaming” persons under investigation, where it judged it to be in the public interest to do so. These proposals  were subject to widespread industry criticism and, in March 2025, the FCA confirmed that it would drop the name and shame proposal and would instead use the existing exceptional circumstances test to determine if it should publicise investigations. The FCA stated that it plans to continue with the following, less controversial, aspects of its proposals:
• reactively confirming investigations officially announced by others, typically market announcements or disclosures made by firms themselves or announcements by a partner regulator;
• public notifications which focus on the potentially unlawful activities of unregulated firms and regulated firms operating outside the regulatory perimeter, where doing so protects consumers or furthers the investigation; and
• publishing greater detail of issues under investigation on an anonymous basis, via a regular bulletin, to quickly highlight significant areas of concern and areas for improvement. 
• In the ADGM, the FSRA indicated in its 2025-2026 Business Plan that it will continue to prioritise investigations and enforcement actions towards high risk areas of non-compliance, particularly financial crime, including unauthorised regulated activities in the ADGM and fraudulent or misleading conduct towards investors and customers. The FSRA says it will look to impose proportionate and dissuasive penalties and sanctions for breaches and is particularly looking to enhance its systems for detecting unlicensed activity and fraudulent online activities falsely purporting to be connected to the ADGM. It will also continue to collaborate with UAE and international regulators on enforcement-related matters.
• In Indonesia, while the scope of the enforcement/supervisory duty of OJK is typically limited to Indonesian legal entities, local counsel advise that the OJK and its investment alert task force have been increasingly active in asking overseas firms about their business activities in Indonesia. 
• In Norway, the most typical measure to be carried out by the NFSA is to issue a "warning". A warning would state that the entity is operating in Norway in breach of the relevant law and warn the general public against doing business with such firm, thereby giving rise to reputational damage. Far from all warnings are public. Public warnings are listed on the regulator’s website and are typically directed against less sophisticated institutions and/or fraudsters. 
• Regulatory focus on activities by financial influencers - or ‘finfluencers’ - also continues and we are seeing a number of enforcement actions, although in many cases these are primarily domestically focused. See our article Regulators home in on finfluencers which highlights actions in the United States and the UK. It is not only the individuals themselves whose actions are under scrutiny but also the firms whose products/services are the subject of the communications. In Hong Kong SAR, the SFC recently suspended a finfluencer from regulated activities for 16 months following his criminal conviction for providing investment advice on a subscription-based chat group in a personal capacity without a licence. The individual was fined HKD10,000 and ordered to pay the SFC’s investigation costs. 

Other enforcement actions

We are also seeing regulators taking a range of other enforcement actions and imposing a variety of penalties, as set out below. 

• In Argentina, the CNV recently imposed a fine of approximately USD4,285 on a firm providing investment advice on securities through its website without being registered with the CNV. The site offered “automatic” financial advice, requesting only customers' ID and email addresses. While the website did not specifically target Argentina or Argentine investors and the firm did not make any other public offerings in Argentina, the website did not explicitly exclude Argentine residents from the firm’s services. 
• In Brazil, the CVM continues to be active, ordering several unregistered overseas firms to suspend their marketing of unregistered securities to Brazilian residents, including through internet pages, applications and social networks. Each unregistered firm has been required to suspend its activities or face daily fines of R$1,000 per day. 
• In the DIFC, in May 2024, the DFSA imposed a fine of USD100,000 on an overseas firm for contravening the DFSA rules on financial promotions and the general prohibition against misconduct.

Crypto Assets - moving towards regulation

Regulators have been active in the rapidly developing area of crypto assets, trying to strike the right balance between providing adequate investor protection and allowing the development of new technologies and flexibility as regulatory frameworks develop. Below are a few recent examples of the different jurisdictional approaches being taken with respect to crypto asset enforcement.

An end to regulation via enforcement - new regulations for crypto assets in the United States

• Under the previous US administration, various agencies took multiple enforcement actions against crypto asset firms, resulting in the imposition of significant penalties and cease and desist orders. However, the number of actions now looks set to decrease. The new US administration has swiftly turned its attention to developing a federal regulatory framework for digital assets and a new SEC crypto task force has been established to provide technical assistance for this. The crypto task force has indicated that, prior to the establishment of the new legal framework, it welcomes requests for no-action letters (statements which give guidance on the SEC’s likely enforcement approach) and that it is considering temporary prospective and retroactive relief for coin or token offerings. 
• We are also seeing the SEC pause, settle or reduce the scope of outstanding court cases against several firms. In one case, the SEC originally brought an action for unlawful unregistered offer and sale of securities and misrepresentation against a firm selling investment contracts that “mined” or received distributions of digital assets. The SEC has subsequently limited its action to misrepresentation and dismissed its other claims, stating that its decision “rests on its judgment that the dismissal will facilitate its ongoing efforts to reform and renew its regulatory approach to the crypto industry”.
• Other agencies are also reducing their enforcement activity pending the implementation of the new legal framework for digital assets. The US Department of Justice recently issued an internal memorandum to its employees outlining its new digital asset enforcement priorities, including that it will no longer pursue litigation or enforcement actions that have the effect of superimposing regulatory frameworks on digital assets and will no longer target virtual currency exchanges, mixing and tumbling services and offline wallets for the acts of end users or unwitting violations of regulations. Instead, the DoJ will prioritise enforcement where investors have been victimised or crimes committed, close ongoing investigations that are inconsistent with the above priorities and review ongoing cases for consistency with the new policy.
• The Acting Chairman of the CFTC has directed CFTC staff to adhere to the DoJ’s new approach, telling staff that they should not charge regulatory violations in cases involving digital assets unless there is evidence that the defendant acted wilfully.

Crypto asset enforcement actions in other jurisdictions

• Several regulators have recently taken actions against operators of illegal crypto ATMs. In the UK, in September 2024, the FCA charged an individual with running multiple crypto ATMs which processed £2.6 million in crypto transactions without FCA registration. In France, in December 2024, the AMF acted against several unregistered crypto asset ATMs, emphasising that such activity is illegal and perpetrators face a penalty of up to two years' imprisonment and a fine of EUR 30,000.
• In the Netherlands, the DNB has been active, recently imposing administrative fines of EUR 3.3 million and EUR 2.25 million on crypto asset service providers who had not registered with the DNB and a fine of EUR1.6 million on an online crypto exchange for violating the ban on inducements.
• In Australia, ASIC continues to be active in the crypto space, pending a legislative framework expected this year, bringing several enforcement actions against crypto asset businesses to clarify what a regulated product is and when a licence is required. To date, penalties have included fines, stop orders and injunctions and criminal sanctions. However, in April 2025, ASIC also lost a case against a firm on appeal, with the full federal court finding the digital asset in question was not a financial product, so a financial services licence was not required to offer it.  
• There have also been various examples of enforcement actions relating to breach of AML requirements, with Australia’s AML regulator AUSTRAC announcing, in February 2025, 13 recent actions against remittance or digital currency providers, 7 of which were either convicted, prosecuted or charged with a serious offence or were the subject of legal proceedings in relation to management of an entity which reflected adversely on their honesty or integrity. In India, the Enforcement Directorate seized nearly USD190 million in crypto currency linked to a crypto currency fraud under the provisions of the Indian Prevention of Money Laundering Act.

Public warnings

• In the UK, as at Q3 2024, the FCA has issued 1,702 consumer alerts about illegal crypto asset advertisements, taken down over 900 crypto asset scam websites and removed 56 apps that were illegally promoting crypto asset investments. The FCA has also been engaging with market participants. In August 2024, the FCA gave an example of where it engaged with a large crypto asset non-custodial wallet firm based overseas over concerns that the firm was illegally promoting crypto asset investment activities, including the buying/selling of crypto assets to UK consumers through its website, apps and social media accounts. Following engagement, the firm implemented interim measures such as allowing UK consumers to buy crypto assets from FCA-registered firms and removing certain promotional content from communications. 
• In Germany, in Q1 2025, BaFiN issued warnings against two websites whose operators were offering financial and investment services and crypto assets without permission, as well as a firm purporting to be authorised by an authority who was not in fact authorised to approve its activities. 
• In Japan, in December 2024, the FSA issued a warning to five overseas crypto exchanges for operating crypto exchange services targeting Japanese residents without proper registration. According to the FSA, all five firms conducted crypto exchange operations on the internet targeting Japanese residents in breach of Japanese law. 
• In Dubai, in October 2024, VARA issued a public warning stating that it had issued cease and desist orders and fines to 7 entities for operating without the required licence and for breaching marketing regulations. 

Blocking access

• In Italy, in Q1 2025, Consob has announced the blocking of numerous websites, including some through which services were being provided without the required MiCA authorisation and another on which a token was being offered to the public for which the information document had not been duly notified.
• In France, in April 2024, the AMF Board decided to withdraw the approval it had issued for Envviron's public offering of DevvE tokens and ordered the cessation of all communications concerning the offering. The AMF Board noted that the public offering no longer complied with the information contained in the information document approved by the AMF. The AMF and the ACPR also regularly issue warnings to the public against the activities of entities offering investments in crypto-assets and digital asset services in France without being authorised to do so. The AMF publishes a blacklist specifically dedicated to unauthorised websites operating in the crypto asset segment. 

Context

At aosphere, we include sections in our memoranda for Marketing Restrictions and Marketing Restrictions – Asset Management, as well as in our newly launched service, Cross-Border Lending, where we ask counsel to set out the possible legal consequences of a breach of laws or regulations. In addition to asking what the official potential sanctions could be, we ask counsel to provide any recent examples of enforcement actions taken by the regulators or courts in their jurisdiction, as well as asking for commentary on the attitude of the regulators and any accepted or tolerated market practices that might apply.

In each of our Crypto Asset full country surveys we include a section on enforcement actions and maintain a global tracker of recent enforcement actions, including penalties/sanctions imposed.

Learn more about Rulefinder Marketing Restrictions (relevant to the sell-side), Rulefinder Marketing Restrictions – Asset Management (relevant to the buy-side), Rulefinder Crypto Assets and Rulefinder Cross-Border Lending and request a free trial.