Infographic: The Highest Compliance Fines History

Contact Us

Contact Us

[contact-form-7 404 "Not Found"]

Monetary fines are the most widely used administrative punishment, especially for compliance offenses in heavily regulated industries such as Finance, Healthcare, and Public Sector. They are considered as the “necessary evil” across these industries as they emphasize what organizations must do rather than what they want to do. And for most companies, doing what is right isn’t always fun and easy.

However, regulatory fines are more than just a tool for deterring companies from committing violations. They also serve as powerful mechanisms that should encourage these organizations to apply the best practices – including the capture and retention of business text messages – that would be beneficial both for them and most importantly to their clients in the long run.

However, despite the hefty monetary fines that regulators such as FINRA, SEC, HIPAA, EU and FCA can impose for non-compliance, many organizations had persistently breached regulations that have led to enormous fines.    Let’s take a look at biggest compliance fines to companies charged for violations against various industry regulations, and the often-ridiculous reasons that they happened.

The Highest Compliance Fines History

1. New York-Presbyterian Hospital and Columbia University – $4.8 Million

First in the list is The New York Presbyterian Hospital and Columbia University, which has agreed to settle a Health Insurance Portability Act (HIPAA) case for a whopping $4.8 million in 2014.

The payment settles problems that arose in 2010 when the health records of 6,800 patients ended up online and entirely searchable. Leaked records included patients’ status, vital signs, medications, and laboratory results, types of data which are closely guarded by privacy provision of the HIPAA.

2. Advocate Health Care (AHC) – $5.5 Million

 Next in the list is the Advocate Health Care (AHC), one of the largest health systems in the US, which has agreed to pay $5.55 million in fines – making the case the largest-ever settlement for alleged violations of HIPAA.

Apparently, AHC misplaced data of almost 4 million patients in 2013 after one of the employees left an unencrypted laptop in an unlocked vehicle overnight. The company also failed to conduct a risk assessment of its system and implement necessary safety protocols for electronic records safety which could have prevented the mishap from taking place.

3. Rio Tinto – £27 million ($35.6 million)

In 2017, UK’s Financial Conduct Authority (FCA) charged mining giant Rio Tinto with a £27 million ($35.6 million) for failing to write down the value of its Mozambique mines which has led to the violation of disclosure and transparency rules.

It is the largest fine ever imposed by the FCA for breach of rules, according to Mark Steward, FCA executive director of enforcement. “[It] demonstrates how critically important high standards of disclosure and transparency are to ensuring our markets function fairly and effectively.” Steward adds.

4. Deutsche Bank – £163 million charge ($203.83 Million)

In January 2017, the FCA levied £163 million  ($203.83 million) in fines against the German lender Deutsche Bank – the most significant penalty the FCA has ever applied. This is after the British regulator found that the firm exposed the U.K.’s financial system to the risks of financial crime by failing to properly oversee the formation of new customer relationships and the booking of global business in the U.K.

This lack of customer due diligence, along with other deficiencies, precluded Deutsche Bank from obtaining sufficient information about its customers which is crucial in their risk assessment process. Ultimately, these oversight inadequacies led the bank to be abused by unidentified customers who transferred approximately $10 billion from Russia to offshore bank accounts in a way that is highly suggestive of financial crime.

5. Citigroup – $285 Million

In October 2011, Securities and Exchange Commission (SEC) charged the Citigroup’s principal U.S. broker-dealer subsidiary with defrauding investors of about a $1 billion collateralized debt obligation (CDO) tied to the U.S.  housing market in which Citigroup bet against investors as the housing market showed signs of distress.

Citigroup agreed to settle the SEC’s charges by paying a total of $285 million, some of which was returned to harmed investors.

6. Goldman Sachs – $550 Million

In April 2010, SEC assessed the largest-ever penalty to Goldman Sachs, levying the Wall Street firm for a record of $550 million in fines. According to SEC, Goldman Sachs misled investors in a subprime mortgage product just as the U.S. housing market was starting to collapse.

According to Robert Khuzami, Director of the SEC’s Division of Enforcement, this largest penalty ever assessed against a financial service by SEC is a “…stark lesson to Wall Street firms that no product is too complex, and no investor too sophisticated, to avoid a heavy price if a firm violates the fundamental principles of honest treatment and fair dealing.”

7. Google – $2.7 Billion

Capping off this list is Google, which was charged with a record-breaking $2.7 billion in fine in 2017 for manipulation of search results – making it the largest fine in the EU history. The punishment followed a seven-year investigation into Google and required the company to change its practices within 90 days or face more monetary penalties.

According to Margrethe Vestager, the EU’s leading competition official, what Google committed is “illegal under EU antitrust rules.” “It denied other companies the chance to compete on the merits and to innovate. And most importantly, it denied European consumers a genuine choice of services and the full benefits of innovation.” Vestager adds.

Overall, these cases only prove that non-compliance can subject an organization to a great deal of legal, operational, and financial liabilities. One of the ways to avoid the hefty fines that come with non-compliance is through effective monitoring, archiving, and management of business related communications including text, chats, emails, and IMs.

Learn more about our secure mobile messaging and enterprise text message archiving platform by visiting our website at

Skip to content