Cross-Border Distribution: Examples of Penalties for Non-Compliance

In this article, we look at some interesting examples and trends regarding enforcement for breach of financial services marketing rules, as well as enforcement attitudes relating to crypto assets.

Enforcement in financial services regulation

A range of enforcement trends have caught our eye at aosphere lately. We are seeing regulators becoming increasingly open about their approaches to enforcement and areas of focus, with many regulators now publishing a newsletter or examples of their enforcement work (for example, the UK FCA’s new Enforcement Watch newsletter). Regulators are particularly focusing on online activities and risk-based enforcement, targeting their enforcement activities where the impact, and the risk of consumer harm, is greatest. Examples of public enforcement actions remain relatively rare, but it is worth noting that regulators may take action on a private basis. Firms should also remember that there is always a risk that an investor may seek rescission if it can show that marketing/promotion activities have been undertaken in breach of the regulatory framework.

A summary of some interesting examples/trends is set out below.

A spotlight on reverse inquiry

We are continuing to see regulators flag reliance on reverse enquiry as an area of focus, but reports of public enforcement in this area remain low. In its guidelines published in December 2024, ESMA announced a stricter approach to reverse enquiry in the application of the Markets in Crypto Assets Regulation (MiCA) to third country firms. We have been waiting to see if a similar tightening of approach will be seen beyond the scope of MiCA and note that, in May 2025, in France, the AMF indicated its view that the MiCA guidelines are also relevant to the interpretation of reverse solicitation for financial instruments. We have yet to see any other regulators make a similar interpretation, but continue to monitor this important area closely. See our articles on Reliance on reverse enquiry in the EU and Crypto reverse solicitation in the EU under MiCA for further analysis.

A case from France in 2021 also offers important insights into the types of issues regulators might focus on. In that case, the AMF enforcement committee sanctioned a firm and an individual for activities in relation to a reverse enquiry. The enforcement committee noted that reverse solicitation, by nature unpredictable and at the sole initiative of a client, is incompatible with the use of a standard pre-drafted document provided in advance by a promoter to substantiate a reverse solicitation.

We do ask counsel to consider this specific point at aosphere, i.e. whether standard form confirmations are recommended for use in reverse enquiry situations in their jurisdiction, or whether they should be avoided.

Insights regarding the priorities/approaches of regulators

• in the UK, the FCA approach to enforcement has been an area of focus recently, after initial proposals to ‘name and shame’ regulated firms under investigation were met with industry pushback. Although the FCA has now dropped these proposals, it has retained the “exceptional circumstances” test for announcing investigations, and has received its first judicial support for this approach in R (CIT) v FCA [2025] EWHC 2614 (Admin). The court found that the FCA’s decision to publicise the name of the firm under investigation was lawful and reasonable, despite being prejudicial to the firm, because an anonymised announcement would not adequately achieve the key aim of protecting consumers by informing the firm’s customers of the position

• the FCA has also identified three additional situations where broad support exists for increased transparency:

  1. where it is investigating suspected unauthorised financial services, or suspected offences relating to unregulated activity, and naming the firm is desirable to warn consumers or investors or help the investigation

  2. where the fact of the investigation has been made public by the subject, an affiliated company or a regulatory body, government or public body

  3. anonymised announcements, where it would be helpful to educate people on the types of misconduct the FCA is investigating

• in the EU, ESMA continues to focus on supervisory and enforcement convergence across the Member States, with the ultimate aim of developing an effective common EU enforcement culture. In its second consolidated report on sanctions and measures published in June 2025 (the ESMA Sanctions Report), which provides an overview of enforcement actions in the Member States in 2024 in respect of several key EU legislative measures (including AIFMD, the UCITS Directive, MiFID II and MiCA), ESMA notes that there is room for greater convergence between the National Competent Authorities (NCAs) and that sanctioning powers are not being used equally by them. It encourages the NCAs to use the full supervisory and enforcement toolkit provided to them under EU law. The ESMA Sanctions Report also provides granular detail of which sanctions have been imposed under which statutes. For example, in 2024, 209 sanctions were issued under AIFMD across 18 Member States, with Poland and France issuing the highest aggregate number of administrative fines (EUR 2,116,229 and EUR 1,910,000 respectively). In 2024, 47 administrative sanctions were issued under the UCITS Directive across 13 Member States, with France issuing the highest aggregate number of administrative fines (EUR 2,090,000). In general, however, the majority of sanctions were imposed for operational and reporting failures, not marketing breaches

• in the US, the SEC has just updated its enforcement manual for the first time since 2017 with the aim of making enforcement procedures fairer, more transparent and more efficient. The enforcement manual is expected to undergo yearly reviews going forwards. Most significant are the changes to the pre-enforcement engagement process (or Wells process), where the SEC notifies a firm that it is considering an enforcement action against it and invites the firm to respond. The SEC hopes to encourage more open, informed dialogue between its staff and the firm under investigation to produce better outcomes, following industry criticism that the process is too opaque. Under the updated manual, the time for a firm to respond to a Wells notice has been extended from two to four weeks and a senior SEC staff member is now required to attend any meetings. The updated manual also includes new guidance to help firms improve the quality of a Wells submission and encourages SEC staff to be forthcoming about the content of the investigative file (although privileged information will not be shared). Moreover, the former practice of allowing a settling party to request simultaneous consideration of a settlement offer and waiver of potential penalties (e.g. automatic disqualifications) has been reinstated, which may encourage prompt settlement

• in the ADGM, the FSRA indicated in its 2025-2026 Business Plan that it will continue to prioritise investigations and enforcement actions in high risk areas of non-compliance, particularly financial crime, including unauthorised regulated activities in the ADGM and fraudulent or misleading conduct towards investors and customers. The FSRA says it will look to impose proportionate and dissuasive penalties and sanctions for breaches and is particularly looking to enhance its systems for detecting unlicensed activity and fraudulent online activities falsely purporting to be connected to the ADGM. It will also continue to collaborate with the UAE and international regulators on enforcement-related matters

• in Indonesia, while the scope of the enforcement/supervisory duty of OJK is typically limited to Indonesian legal entities, local counsel advise that the OJK and its investment alert task force have been increasingly active in asking overseas firms about their business activities in Indonesia

• activities by financial influencers - or finfluencers - remains a significant area of focus for regulators. We are seeing a number of enforcement actions, although in many cases these are primarily domestically focused. See our articles Focus on Finfluencers – Global Week of Action and IOSCO Targets Finfluencers, Online Imitative Trading & Digital Engagement which highlight actions taken by regulators worldwide. In the UK, according to an FCA press release on 7 February 2026, seven individuals were recently sentenced by the UK courts for promoting an unauthorised foreign exchange trading scheme, and fined between approximately GBP 600 to 5780 plus costs. Not only are the actions of the individuals themselves under scrutiny, but also the actions of the firms whose products/services are mentioned. The FCA has published finalised guidance on financial promotions on social media to clarify expectations for when firms and influencers use social media to communicate financial promotions, and to address emerging consumer harm that they have seen arising from use of social media

Recent enforcement actions and other enforcement measures

We are also seeing regulators taking a range of enforcement actions and imposing a variety of penalties, ranging from warnings, fines, barring of firms or individuals from acting and criminal sanctions to the blocking of websites, as set out below.

• in Japan, in April 2025, the Securities and Exchange Surveillance Commission filed a petition in the Tokyo District Court for an order prohibiting the activities of a Seychelles company and its representatives. The firm was allegedly undertaking the private placement of fund interests and other investment advisory and management services without the required registration. The case remains ongoing

• in Singapore, in June 2025, MAS, acting in conjunction with the Singapore Police Force, blocked access to the websites of two unlicensed trading platforms from internet service providers in Singapore. The trading platforms were offering unlicensed trading services in leveraged FX, commodities and equities. Although the firms operating the trading platforms were based overseas (in the Union of Comoros, Mauritius and Belize), MAS states that the Singapore law prohibition still applies to them if they target their products or services at Singapore persons, or if a substantial number of Singaporeans use their products or services

• in the US, in September 2024, the SEC barred an unregistered Bahamian broker-dealer from associating with any broker or dealer and from participating in any offering of a penny stock. The firm was alleged to have operated as an unregistered broker-dealer in the US, selling more than US$100 million of low-priced microcap securities to US customers, including US$11 million in unregistered penny stock shares

• in the UK, the FCA has recently taken an enforcement action against an overseas firm illegally marketing its products to UK consumers. The proceedings, commenced in October 2025, are against a crypto company incorporated in Panama, together with persons unknown, (being the owners, controllers and/or the persons currently in control, of all or part of the exchange website and/or its associated mobile applications). The proceedings follow repeated FCA warnings that the exchange’s behaviour was unauthorised and illegal. The FCA has also asked social media companies to block related social media accounts to UK-based consumers and requested the removal of related applications from the Google Play and Apple stores in the UK. This case will be an interesting test of the FCA’s extra-territorial reach against firms who promote products and services to UK investors in breach of the financial promotion restriction

• in the DIFC, in May 2024, the DFSA imposed a fine of US$100,000 on an overseas firm for contravening the DFSA rules on financial promotions and the general prohibition against misconduct

• in the ADGM, in 2025, the FSRA issued a US$ 1.5 million penalty on a Cayman Islands entity for conducting unauthorised regulated activities in the ADGM, including providing money services and arranging deals in investments, while falsely claiming to be authorised and misrepresenting its regulatory status in client agreements and marketing

• in Sweden, there are legislative proposals afoot to criminalise the conducting of financial activities without a licence. Under proposals which are imminently expected to become law, the undertaking of any activity which requires SFSA authorisation or registration without a licence could result in criminal liabilities for those responsible for ensuring that such licences or registrations are in place. Proposed penalties include up to two years’ imprisonment for a standard offence or a term of between 6 months and 6 years’ imprisonment for a serious offence. Care will be needed, as cross-border activities into Sweden may be affected and the consequences of inadvertent breach are potentially severe

• in Kazakhstan, the provision of unlicensed entrepreneurial activity already carries a potential maximum penalty of five years’ imprisonment, but in 2025 this has been extended to the provision of banking and microfinance

• in Norway, the most typical measure carried out by the NFSA is to issue a "warning". A warning would state that the entity is operating in Norway in breach of the relevant law and warn the general public against doing business with such firm, thereby giving rise to reputational damage. Far from all warnings are public. Public warnings are listed on the regulator’s website and are typically directed at less sophisticated institutions and/or fraudsters

• the Isle of Man has recently acted against a number of bogus websites of firms claiming to be regulated in the Isle of Man and has published guidance raising awareness of the need to be licensed in order to carry out regulated financial services activities

Crypto Assets - moving towards regulation

Regulators have been active in the rapidly developing area of crypto assets, trying to strike the right balance between providing adequate investor protection and allowing the development of new technologies and flexibility as regulatory frameworks develop, and regulatory attitudes have continued to evolve.

• in the US, under the previous administration, multiple enforcement actions were taken against crypto asset firms by various agencies, resulting in significant penalties and cease and desist orders being imposed. However, the number of actions has now significantly decreased, with the focus shifting to the development of a federal regulatory framework for digital assets. We have seen the SEC pause, settle or reduce the scope of outstanding court cases against several firms. In one case, the SEC originally brought an action for unlawful unregistered offer and sale of securities and misrepresentation against a firm selling investment contracts that “mined” or received distributions of digital assets. The SEC subsequently limited its action to misrepresentation and dismissed its other claims, stating that its decision “rests on its judgment that the dismissal will facilitate its ongoing efforts to reform and renew its regulatory approach to the crypto industry”

• other agencies in the US have also reduced their enforcement activity, pending implementation of the new legal framework. In April 2025, the US Department of Justice (DoJ) issued an internal memorandum to its employees outlining its new digital asset enforcement priorities, including that it will no longer pursue litigation or enforcement actions that have the effect of superimposing regulatory frameworks on digital assets and will no longer target virtual currency exchanges, mixing and tumbling services and offline wallets for the acts of end users or unwitting violations of regulations. Instead, the DoJ will prioritise enforcement where investors have been victimised or crimes committed, and review ongoing cases for consistency with the new policy. The CFTC also instructed staff to adhere to the DoJ’s approach and not to charge regulatory violations in digital asset cases without evidence of wilfulness

• in the UK, the FCA has been active in issuing warnings and, as at Q3 2024, the FCA had issued 1,702 consumer alerts about illegal crypto asset advertisements, taken down over 900 crypto asset scam websites and removed 56 apps that were illegally promoting crypto asset investments. In 2025, the FCA also issued proceedings against a crypto firm for breach of the financial promotion restriction, as discussed above

• in the EU, whilst there have been a number of actions taken by Member States, such as the issuing of warnings and the blocking of websites (particularly in Italy, France and Germany) and fines issued in the Netherlands for pre-MiCA failures to register as crypto asset service providers, according to the ESMA Sanctions Report, no actual sanctions were imposed under MiCA in 2024. ESMA suggests this may be due to a time lag between the adoption of a text and the establishment of supervisory and enforcement practice

• in Australia, ASIC continues to be active in the crypto enforcement space, pending establishment of a legislative framework expected this year. In its Key Issues Outlook Paper 2026 ASIC emphasizes that digital assets are a “regulatory perimeter” issue and that its priority for 2026 is maintaining clear licensing boundaries and strengthening oversight at the regulatory perimeter

• in the Middle East, there appears to be a higher level of enforcement risk under the VARA regime in Dubai to that traditionally seen in mainland UAE, with VARA having previously imposed 16 financial penalties on 19 firms for undertaking unlicensed virtual asset activities and for breaching VARA's marketing regulations

See our recent article Global Digital Assets Enforcement is Heating Up: Recent Actions for further discussion and for an overview of some recent crypto enforcement actions.

Context

At aosphere, we include sections in our memoranda for Marketing Restrictions, Marketing Restrictions – Asset Management and Cross-Border Lending where we ask counsel to set out the possible legal consequences of a breach of laws or regulations. In addition to asking what the official potential sanctions could be, we ask counsel to provide any recent examples of enforcement actions taken by the regulators or courts in their jurisdiction, commentary on the attitude of the regulators and any accepted or tolerated market practices that might apply.

In each of our Crypto Asset full country surveys we include a section on enforcement actions and maintain a global tracker of recent enforcement actions, including penalties/sanctions imposed.