Regulatory Roundup: The Compliance Gap: Unmonitored Tools and Unintended Consequences

Analysis

As machines get smarter, humans get more complacent. This complacency leads us to implement technology but not the proper controls, processes or human effort required for that technology to do its job.

Technology alone does not ensure compliance. When tools are deployed without adequate tuning, staffing or oversight, they can generate regulatory risk as serious as the misconduct they’re meant to detect. For this month’s analysis, we’ll cover a firm that fell into this trap.

Case Overview: $1M Fine Against Velocity Clearing

In October 2025, the Financial Industry Regulatory Authority (FINRA) and several U.S. equities exchanges jointly fined Velocity Clearing roughly $1 million for “failing to establish, maintain, and enforce a supervisory system, including written supervisory procedures (WSPs), reasonably designed to achieve compliance with rules prohibiting manipulative trading activity by its customers.” Velocity Clearing is a mid-sized firm that provides retail brokerage, lending and market making services and engages in proprietary trading. Let’s have a look at the timeline of events.

Timeline of Failures: Surveillance Alerts Ignored at Scale

2019-2023: Velocity relied on an automated surveillance system to detect potentially manipulative trading. Over that four-year period, the system generated roughly 150,000 alerts for potential manipulative trading, of which about 100,000 were for cross-trades and spoofing. Regulators found that 147,000 of these alerts were closed without any investigation. Approximately one-third were closed the same day they were opened, and staff often closed thousands of alerts in a single day.
 

Regulators also found that the firm dedicated insufficient resources to reviewing alerts. For part of this period, this task was handled by a single part-time employee. Although the team was later expanded to five people, it remained inadequate for the volume of alerts. This was compounded by a lack of training and guidance on how to assess surveillance alerts, and the team’s output was not reviewed.

December 2022: Between 2019 and 2022, the firm received multiple inquiries from other broker-dealers regarding potential prearranged trading. It turned out that Velocity had not enabled its prearranged trading alert. When the alert was finally activated in December 2022, it generated 10,000 alerts in just 3 months—none of which were reviewed.

July 2023: Velocity replaced its surveillance platform with a new automated surveillance system from an external vendor. Between then and early 2025, the new system generated roughly 15.2 million alerts. That’s over 100 times what the old system generated in 2.5 years. These alerts flagged behaviors such as layering, spoofing and wash trading. Almost all were closed without investigation or follow-up. Despite this lax approach, 5.2 million alerts remained open as of early 2025.

There’s a lot to unpack here, but the firm’s failings can be grouped into three categories: technology, processes and culture.

Technology: How Velocity’s Surveillance System Missed the Mark

It’s clear the system was poorly calibrated. Calibration involves adjusting alert parameters to reflect a firm’s specific risks and trading activity. In this case, the system produced alerts that were both too numerous and unhelpful. Rather than addressing the issue, the firm ignored it. A new system was implemented, but that new system then generated 15 million alerts, a factor larger than the previous system. I don’t want to make any assumptions, but I think it's safe to assume that a firm of this type didn’t have anywhere close to 15 million cases or market manipulation, or even potential manipulation. That a system was deployed so clearly untuned, reinforces the likely calibration issue.

The prearranged trading situation also shows the lack of feedback between what was happening on the ground and the behavior of the system. 40 potential cases of prearranged trading were brought to the firm by other brokers. That it took so long to then turn on their own prearranged trading alert, and then that the large number of generated alerts were not reviewed, shows the disconnect between the reality on the ground and the output of the system.

Process Breakdown: Inadequate WSPs and Understaffed Teams

Regulators found that the firm’s WSPs were both inadequate and unenforced. Simply writing WSPs isn’t enough, as they must be well-defined, comprehensive and actively followed. They also require sufficient staffing. The extreme understaffing of the compliance team directly contributed to the firm’s failings. Any cost savings from reduced staffing proved to be a false economy, ultimately costing the firm much more in the long run.

Cultural Gaps: Compliance in Name, Not in Practice

Beneath these issues lies a deeper cultural problem. While the firm had a surveillance system, WSPs and a compliance team, it failed to ensure these elements worked in harmony. There was no effort to review the system output, properly staff and train the team or take proactive steps when issues become apparent. The cumulative effect was that the firm’s compliance function could not demonstrate any effective control over potentially manipulative trading by its clients.

Automation Without Oversight Is a Compliance Risk

The Velocity Clearing case underscores a growing problem. Firms invest in complex systems believing automation equals compliance, only to discover that poorly tuned algorithms and unmonitored tools can create as much exposure as having no system at all.

October 2025 Capital Markets Regulatory Updates

31 October 2025: The U.S. Securities and Exchange Commission (SEC) issued an order granting temporary exemptive relief from certain compliance dates under Regulation NMS, extending deadlines to facilitate orderly market functions amid recent judicial review and operational challenges.

23 October 2025: The Financial Industry Regulatory Authority (FINRA) reviewed broker-dealer practices as part of a pump-and-dump probe, focusing on small-cap offerings and requesting detailed compliance documentation from firms involved in multiple offerings.

21 October 2025: The U.K. government consolidated AML supervision under the Financial Conduct Authority (FCA), reducing the role of the Solicitors Regulation Authority to address vulnerabilities identified by FATF and improve consistency in professional services oversight.

19 October 2025: Japan’s Financial Services Agency (FSA) signaled potential reforms to its crypto framework, including considering oversight under the Financial Instruments and Exchange Act (FIEA) and measures addressing market‑abuse risks.

16 October 2025: The European Securities and Markets Authority (ESMA) published its second consolidated report on sanctions, revealing over 970 administrative measures and fines exceeding 100 million euros in 2024, with most sanctions imposed under the Market Abuse Regulation. 

15 October 2025: The Securities Industry and Financial Markets Association (SIFMA) called on the SEC to relax recordkeeping rules for advisors and brokers, arguing that current regulations are outdated and create excessive compliance costs, especially as digital communications proliferate. 

15 October 2025: The German Federal Financial Supervisory Authority (BaFin) announced new restrictions on the marketing, distribution, and sale of turbo certificates (also known as Callable Bull/Bear Contracts or knock-out warrants) to retail investors, following a market investigation that revealed 74% of retail traders suffered losses totaling €3.4 billion.

14 October 2025: The FCA published a consultation paper outlining plans to support tokenization in asset management, including guidance for operating tokenized fund registers, a streamlined direct dealing model, and a roadmap to address regulatory barriers.

13 October 2025: ESMA published recommendations for significant amendments to regulatory settlement standards, including auto-collateralization, new trade allocation deadlines and machine-readable formats, to prepare the industry for the transition to T+1 settlement by October 2027 and enhance settlement efficiency across the EU.

8 October 2025: The Australian Securities and Investments Commission (ASIC) released its annual report, which revealed a 50% increase in investigations and strong growth in enforcement actions, including major inquiries into ASX governance, AI reviews and the takedown of thousands of scam websites.

6 October 2025: The New Zealand Financial Markets Authority (FMA) warned investors about deepfake pump-and-dump scams using impersonated business leaders and coordinated social media ads, urging caution and coordination with overseas regulators.

3 October 2025: ESMA published its 2026 Annual Work Program, focusing on streamlining rules, enhancing risk-based supervision and supporting the Saving and Investments Union (SIU) Strategy.

30 September 2025: The U.K. FCA released Market Watch 84, reviewing the implementation of the U.K. EMIR Refit and providing observations on change management, vendor oversight and error notifications. Firms are advised to align their derivatives reporting processes with updated standards to ensure compliance and transparency.

29 September 2025: The SEC and CFTC held a joint roundtable to discuss regulatory harmonization in the cryptocurrency sector, clarifying there are no plans for a merger and emphasizing a new era of collaboration to reduce duplication and regulatory uncertainty.  

Latest Fines and Enforcement Actions

• The FINRA fined Velocity Clearing $1 million for failing to establish and enforce a supervisory system capable of detecting manipulative trading activity, including spoofing and layering. The firm closed thousands of alerts without investigation, highlighting significant compliance and staffing deficiencies.
• The FINRA fined EFG Capital $650,000 for AML-related rule violations, citing failures in monitoring suspicious wire transfers and deficiencies in automated surveillance tools.
• The FINRA fined Ally Invest $850,000 for recordkeeping failures, including loss of millions of electronic communications and inadequate supervisory procedures.
• The FCA fined and banned an advisor for ITM Power Plc (ITM) for insider dealing in ITM Power Plc shares, citing abuse of position and failure to obtain permission before trading.
• The SEBI imposed penalties on 13 individuals for front-running trades, barring them from the market and imposing fines for unlawful gains made by trading ahead of large client orders.
• The SEBI impounded approximately $20.78 million USD and barred eight entities for insider trading linked to the IEX market-coupling leak, following a probe into trades made using confidential regulatory notifications.
• The Swedish Finansinspektionen (FI) launched an investigation into SEB’s handling of insider information during four major block trades in EQT shares.
• The SEBI settled front-running cases with multiple entities, imposing settlement charges and voluntary debarments for misuse of non-public information in trades linked to Societe Generale and Marcellus group.
• An Australian man was sentenced to 11 months imprisonment and fined $225,447 AUD for insider trading in Cann Group shares, exploiting non-public information about a share placement to profit and avoid losses.
• The Monetary Authority of Singapore (MAS) imposed a civil penalty of $50,000 SGD on the former Head of Margin at RHB Securities, for insider trading in Tee International and Tee Land shares, after he used non-public information to execute trades before a major sale announcement.
• The Hong Kong Securities and Futures Commission (SFC) submitted an application to freeze $394 million HKD in assets related to a ramp-and-dump scheme involving Grand Talents Group Holdings, aiming to secure compensation for victims and prevent further dissipation of funds. 

Related Content

2025 Nasdaq Global Compliance Survey 

Now in its 10th year, Nasdaq’s Global Compliance Survey captures insights from compliance leaders, providing a clear snapshot of an industry in rapid evolution. Discover how teams are leveraging emerging technology like AI while navigating regulatory complexity.

2025 Nasdaq Global Compliance Survey: Data Quality and Surveillance Effectiveness are the Top Priorities

Learn the key insights from Nasdaq's 2025 Global Compliance Survey, highlighting how firms are prioritizing data quality, surveillance effectiveness and AI.

When One Trade Isn't the Whole Story: Uncovering Cross-Product Manipulation

Market abuse increasingly spans multiple instruments, markets and regions—making it harder to detect with traditional surveillance methods. Download Nasdaq’s latest whitepaper, “When One Trade Isn’t the Whole Story: Uncovering Cross-Product Manipulation” to learn more.