Regulatory Roundup - April 2025: Model Risk, AML Failures, and Global Sanctions Developments
- Steve Marshall
- Apr 18
- 4 min read
This month, we spotlight key regulatory developments that signal heightened scrutiny and enforcement across the financial landscape. From the $255 million fallout at Two Sigma over model risk and supervisory lapses, to FINRA’s nearly $30 million penalty against Robinhood for AML program failures, the cost of compliance gaps is more evident than ever. We also break down the latest on US stablecoin legislation, FinCEN’s interim BOI rule, and global sanctions updates from OFAC and the UK’s OFSI—including new recordkeeping requirements and designations with significant implications for cross-border compliance.
SPECIAL ANALYSIS: MODEL RISK MANAGEMENT & THE COST OF WEAKNESSES
What is model risk and what causes it?
Model risk is the potential for adverse consequences arising from decisions based on incorrect or misused model outputs and reports. The model may have errors that produce inaccurate outputs when compared to its design objectives and intended business uses. Even a sound model producing accurate outputs can exhibit high model risk if misapplied or used outside its intended environment.
The story of Two Sigma: a costly compliance breakdown
The SEC charged Two Sigma Investments, LP and Two Sigma Advisers, LP with multiple compliance failures, including neglecting to address known material vulnerabilities, maintaining deficient written compliance policies, and failing to properly supervise an employee, resulting in a $90 million penalty and a $165 million voluntary restitution payout. In addition to the financial penalties, the firms were issued a cease-and-desist order and formally censured. The case underscores the high stakes of compliance lapses—even at sophisticated, tech-driven investment firms.
A quick analysis of Two Sigma’s failures includes the following:
Reasonable Care: Failure to correct previously identified vulnerabilities. Unfettered read and write access to model parameters. Potential for changes to models without review and approval with potential material impact.
Policies and Procedures: Deficiencies in prevention of violations. Failure to adopt and implement written policies and procedures designed to prevent violations of [Investment] Advisors Act.
Supervision: Failure to supervise employees. One employee who actually made unauthorized changes with material impact.
ANTI-MONEY LAUNDERING
FINRA fines Robinhood nearly $30M for AML failures
FINRA ordered Robinhood to pay a $26 million penalty and $3.75 million in restitution to settle numerous rule violations, including failing to properly establish a reasonable AML program to prevent manipulative trading, suspicious money movements, and hacking. The firm also failed to establish an adequate customer ID program which allowed unverified accounts on the platform.
US Congress moves forward on stablecoin legislation
On March 13, 2025, the US Senate Banking Committee passed the Guiding and Establishing National Innovation for US Stablecoins Act of 2025 or “GENIUS Act,” out of committee by a vote of 18-6. The legislation would establish for the first time a comprehensive regulatory framework for the issuance and regulation of payment stablecoins in the United States. Watch this space!
FinCEN issues interim final rule on beneficial owner reporting
Domestic companies and their beneficial owners are now exempt from the requirement to file beneficial ownership information (BOI) reports, or to update or correct previously filed BOI reports. Foreign reporting companies that do not qualify for an exemption must report BOI by April 25, 2025, but need not report their US beneficial owners. FinCEN is soliciting public comments on the interim final rule and intends to issue a final rule later this year.
SANCTIONS & EXPORT CONTROL UPDATES
OFAC issues final rule extending recordkeeping requirements
OFAC’s final rule extends certain recordkeeping requirements from five years to 10 years, which may cause tension between EU requirements to delete records of transactions after five years. OFAC stated that it is mindful of the potential tension and has accounted for potential conflicts of laws issues in assessing apparent violations in General Factor K of OFAC’s Enforcement Guidelines.
OFAC designates international cartels as foreign terrorist organizations
OFAC issued an alert, “International Cartels Designated as Foreign Terrorist Organizations and Specially Designated Global Terrorists,” raising awareness of recent terrorist designations of international cartels, and the increased sanctions and criminal liability risks for US and foreign financial institutions.
UK’s OFSI updates guidance on high-value dealers & art market participants
Section 2.1 of OFSI’s Guidance on High Value Dealers & Art Market Participants, issued in November 2024, has been updated with the addition of a Fact Sheet.
OFSI issues penalty on HSF-Moscow
OFSI’s £465,000 penalty on UK-registered Herbet Smith Freehills CIS LLP Moscow (HSF-Moscow) related to six payments totaling £3,932,392 to designated persons. The penalty was imposed on the belief that HSF-Moscow knew or had reason to know funds would be made available to designated persons. OFSI also found inadequate due diligence and sanctions screening, and errors caused by the hasty closure of the HSF-Moscow office.
OFSI publishes report concerning breach of financial sanctions regulations
OFSI issued the report against three charities for their failure to respond to an RFI to monitor compliance with the regulations, despite several communication attempts.
Stay ahead of compliance—with confidence
Regulations never stand still—and neither should you. Our Advisory Services can help you cut through the complexity with expert guidance on model risk, data governance, sanctions, and beyond. From tightening policies to tuning AI models, we’ll help you strengthen your compliance posture and stay future-ready. Let’s talk!
