Platinum cards, paper-thin compliance?

Retail platforms are going upscale, but their compliance frameworks aren’t.

A new generation of retail trading platforms is moving upmarket. Built around app-based investing for the mass market, firms like Robinhood and eToro are now pitching concierge services, premium cards, private banking tiers and trust-structure support to High Net Worth (HNW) clients in Singapore and Hong Kong. The commercial logic is clear as HNW clients generate larger fee incomes compared to retail commissions, and these platforms already have brand recognition and a digital-native customer base to convert as their wealth accumulates.

The irony is that Singapore and Hong Kong are two of the most highly-scrutinised wealth markets in the region, and these retail trading platforms were originally built for low-friction onboarding and high-volume, low-complexity flows.

HNW clients also come with a fundamentally different risk profile. Whilst retail clients generally have lower risk profiles because their main source-of-wealth (SOW) is employment income, the SOW for HNW clients are less straightforward, so the question worth asking is: Are these platforms scaling compliance at the same pace as their products?

Early signs highlight the gap
Early this year, the Financial Industry Regulatory Authority (FINRA) fined Robinhood US$26m ($33m) for a decade of anti-money laundering (AML) programme failures. Two months earlier, the firm had paid US$13.5m ($17.2m) to the Securities and Exchange Commission for failures in reporting suspicious activity. Days after the FINRA settlement announcement, Robinhood unveiled a private banking service for its premium client tier, and an artificial intelligence (AI)-powered wealth management arm.

Within the same quarter, a platform paying tens of millions in AML penalties for retail-era failures was pitching itself to the high-net-worth segment.

We have seen this happen before
There are lessons to be learned from the outcomes of crypto exchanges handling institutional-sized flows before their financial crime controls are ready.  In 2025, crypto exchange OKX paid more than US$504m ($645m) to the US Department of Justice for failing to maintain an effective AML programme, and BitMEX, a crypto derivatives exchange, paid US$100 ($128m) for similar failings.

History may not repeat itself, but there are often echoes. Rapid growth from a retail base, leadership focused on product rather than compliance, a business model built for scale and frictionless onboarding –- these are all common factors. Eventually, retail platforms will realise that in handling other people's money at scale, regulators will expect compliance to be institutional grade.

The difference this time is that regulators in this region have lived through the digital-asset cycle and are not starting from zero. In 2025, the Monetary Authority of Singapore (MAS) levied $27.45m in penalties against nine financial institutions whose policies existed on paper but failed in execution and issued personal prohibition orders against senior execs for failing to ensure controls kept pace with growth. MAS has since tightened SOW corroboration requirements and formally incorporated proliferation financing into mandatory risk assessments.

The Hong Kong Monetary Authority (HKMA) and Securities and Futures Commission (SFC) have moved in parallel. The SFC's Code of Conduct now requires annual AML training for all staff at licensed corporations, and new conduct requirements for stablecoin issuers came into effect last year.

In other words, the floor for serving this client segment, in both markets, is already significantly higher than the one these platforms are entering from.

Why HNW changes the risk equation
Mass-affluent clients typically open accounts in their own name, fund them from a domestic salary account and trade in modest sizes. Their footprint is traceable and the monitoring rules built around that footprint such as geographic flags, and transaction-size triggers are calibrated to what ‘normal’ looks like for that segment.

A HNW client has assets that may sit in trusts, holding companies, family investment vehicles, or variable capital companies. Beneficial ownership might run through several jurisdictions and funding flows could arrive from offshore accounts, sales of private company stakes or inheritance distributions. Outflows could go to schools in one country, property in another, and concierge services billed in a third.

This is precisely where layering risk concentrates. Layering depends on complexity: Shell companies, multi-jurisdictional transfers and securities trading used to blur the paper trail, with intermediaries acting as nominees. A monitoring system trained on retail patterns will struggle to pick up these complex structures.

What MAS enforcement reveals about institutional failure
MAS’ enforcement record is precise about where the breakdowns occurred.

The first breakdown was in customer risk assessment. Five of the nine institutions penalised failed to implement adequate processes for rating the money laundering risks presented by their customers, resulting in systematic misrating.

In practice, this typically reflects a client lifecycle management issue, such as risk ratings assigned at onboarding that have not been updated as client circumstances evolve. There could have been changes in beneficial ownership or shifts in wealth profiles not reflected as there is no continuous review process.

The 2025 penalties make it clear that MAS expects onboarding to be extended to a continuous compliance relationship and not treated as a one-time event.

The second was in SOW corroboration. All nine institutions failed to detect or adequately follow up on significant discrepancies and red flags in SOW documentation. In several cases, there was no corroboration of the material aspects of a customer’s purported SOW at all. The distinction MAS is drawing is between collecting SOW information and actually establishing it with a verified and coherent picture of how a client’s wealth was built.

The third was in transaction monitoring and post-alert follow-ups. Eight institutions failed to adequately review transactions that their own systems had flagged; transactions that were unusually large, with unusual patterns or inconsistent with client profiles. Some institutions filed suspicious transaction reports but failed to take sufficient risk-mitigation measures in response.

In practical terms, this reflects an information problem rather than a system problem. The alert existed, but the analyst investigating it may have been working from a partial view of a client’s portfolio, indicating that this context was available elsewhere but did not reach the monitoring function. MAS has now explicitly stated that they expect a connected view of client risk, and that assessments cannot be conducted in siloes.

Considered as a whole, the 2025 findings describe institutions that had policies, systems and data, but their compliance infrastructures were decoupled from the reality of the client book. At the client volumes retail platforms are targeting, the infrastructure and operational processes need to be built correctly from the outset.

There is real value but infrastructure needs to match the service
The value these platforms bring to the market is genuine, and the access they create for clients who were previously priced out of personalised wealth services, can make a true impact. But whilst the cards may be platinum, the compliance cannot be paper-thin.