Investigative Review of The Goldman Sachs Group, Inc.

The Regulatory Clampdown

Federal examiners identified fundamental weaknesses in how the TxB unit vetted and monitored its non-bank clients. The specific criticism focused on the “Platform Solutions” team, which provided banking infrastructure to fintech companies such as Stripe and Wise. Regulators found that the division failed to exercise sufficient due diligence when accepting these high-risk partners. The absence of rigorous oversight meant that Goldman Sachs rented its balance sheet and regulatory standing to third parties without adequate visibility into the funds flowing through its systems. This regulatory pressure forced the bank to halt new client acquisitions in the fintech segment. While the freeze did not affect the cash payment services provided to traditional corporate clients, it dismantled the growth trajectory of the banking-as-a-service (BaaS) model. The Federal Reserve’s warning was not a minor administrative notice; it was a direct challenge to the bank’s ability to manage the compliance risks inherent in serving volatile, tech-focused financial intermediaries.

Leadership Purge and Internal Discord

The strategic collapse coincided with a significant leadership shakeup. In September 2023, Goldman Sachs terminated Hari Moorthy, the global head of Transaction Banking, along with several other senior executives. The bank officially attributed these firings to violations of communication policy, specifically the use of unauthorized channels like WhatsApp for business purposes. Yet the timing of these departures, occurring almost simultaneously with the regulatory crackdown, raised questions about the internal culture of the TxB unit. Reports surfaced indicating that employees within the division had previously raised alarms about a tendency to minimize risk in of growth. These internal warnings appear to have been ignored until the Federal Reserve intervened. The removal of Moorthy, who had been a central figure in building the TxB business from its inception, signaled a complete repudiation of the division’s previous operating style. Philip Berlinski, the bank’s treasurer, assumed oversight, marking a shift from entrepreneurial expansion to conservative risk containment.

the Consumer and Fintech Ambitions

The halt on fintech onboarding served as the precursor to a broader retreat from consumer-facing financial services. The most visible casualty was GreenSky, the home improvement lender Goldman acquired for $1. 7 billion in 2021. By October 2023, the bank agreed to sell GreenSky to a consortium led by Sixth Street, absorbing a substantial financial loss. This sale was an admission that the integration of fintech lending into a traditional investment bank had failed to generate the promised synergies. Simultaneously, the bank began unwinding its high-profile partnership with Apple. The collaboration, which included the Apple Card and a high-yield savings account, had been plagued by profitability challenges and operational friction. By late 2023 and into 2024, Goldman Sachs was actively seeking to offload these programs, exiting the credit card issuance business for mass-market consumers. These moves shared signaled the end of the “Main Street” experiment, with the firm redirecting its capital and attention back to its core competencies in investment banking, trading, and asset management.

The Shift to Automated Compliance

By 2025, the bank’s strategy for its remaining transaction banking operations had shifted from aggressive client acquisition to operational remediation. Under a new initiative labeled “OneGS 3. 0,” the firm began deploying artificial intelligence to address the compliance failures that had drawn the Fed’s ire. The bank implemented generative AI tools specifically designed to handle client onboarding and regulatory reporting, aiming to replace the manual, error-prone processes that had failed during the fintech boom. This technological pivot serves two purposes., it attempts to satisfy regulatory demands for better monitoring without exploding headcount costs. Second, it allows the bank to service its existing, lower-risk corporate clients more. The “limited reduction in roles” announced in October 2025 reflects this new reality: a smaller, more automated back office focused on safety and efficiency rather than a sprawling sales force chasing high-growth, high-risk fintech partnerships.

Table: Timeline of the Fintech Strategy Reversal

The freeze on high-risk fintech onboarding was not a pause a permanent structural change. Goldman Sachs has conceded that the regulatory cost of serving the fintech sector outweighs the chance revenue. The bank’s retreat leaves a void in the banking-as-a-service market, forcing fintechs to seek partners with higher risk tolerance or more specialized compliance frameworks. For Goldman, the episode stands as a costly lesson in the dangers of prioritizing revenue growth over the unglamorous mechanics of risk management and regulatory adherence.

The Mechanics of Blind Onboarding

Federal regulators uncovered a widespread failure within Goldman Sachs’ Transaction Banking (TxB) division that exposed the U. S. financial system to unchecked illicit finance risks. The Federal Reserve determined that the bank had systematically neglected its obligation to vet non-bank clients before granting them access to federal payment rails. This failure was not a clerical error. It was a fundamental breakdown in the “Know Your Customer” (KYC) and “Know Your Business” (KYB) that serve as the primary firewall against money laundering. Goldman Sachs allowed high-risk fintech companies to open master accounts and process billions of dollars without subjecting them to the rigorous scrutiny required of a Global widespread Important Bank (GSIB).

The TxB unit operated under a mandate to diversify revenue streams away from volatile trading and investment banking. Executives prioritized the rapid acquisition of fintech partners to build a “banking-as-a-service” ecosystem. This strategy relied on a dangerous assumption. Goldman Sachs frequently deferred compliance responsibilities to the fintech clients themselves. The bank acted as a passive utility provider rather than an active gatekeeper. Fintech partners were frequently permitted to onboard their own end-users with minimal oversight from Goldman’s compliance officers. This created a regulatory blind spot where the bank processed transactions for entities it had never vetted and whose risk profiles remained unknown.

Federal examiners found that Goldman’s due diligence files for these corporate clients were frequently incomplete or entirely absent. The bank failed to verify the beneficial ownership of certain fintech partners. It did not adequately assess the anti-money laundering controls of the companies it serviced. In several instances the bank onboarded payment processors that specialized in high-risk sectors such as online gambling and cryptocurrency without conducting enhanced due diligence. These clients were granted direct access to the SWIFT network and the Automated Clearing House (ACH) system. The bank’s internal controls failed to flag the obvious between the rapid transaction volume growth and the minimal compliance infrastructure of these partners.

Internal Suppression of Risk Warnings

The collapse of compliance standards within TxB was not an accident of incompetence a byproduct of a culture that silenced dissent. Employees within the Transaction Banking unit repeatedly attempted to raise alarms about the reckless speed of client onboarding. Internal whistleblowers flagged specific high-risk clients that absence basic AML. These warnings were frequently ignored by senior management who were incentivized to hit aggressive revenue. The Federal Reserve’s investigation revealed that the pressure to expand the TxB client base created an environment where risk management was viewed as an obstacle to growth rather than a necessary safeguard.

One specific internal complaint triggered a deeper probe by the bank’s audit team. An employee detailed how sales teams were encouraged to bypass standard vetting procedures to secure contracts with promising fintech startups. The complaint described a “tick-the-box” exercise where compliance forms were filled out perfunctorily to satisfy paper requirements without any genuine investigation into the client’s business practices. Managers downplayed the risks associated with these clients. They argued that the fintechs were regulated entities themselves or that the transaction volumes were too small to pose a widespread threat. This rationale directly contradicted federal banking laws that hold the charter-holding bank responsible for all activity flowing through its accounts.

The suppression of these internal warnings allowed the compliance gaps to widen over a period of two years. During this time the TxB unit grew its deposit base to over $50 billion. of this growth came from the very sector the Fed later identified as high-risk. The disconnect between the bank’s public claims of “gold-standard” risk management and the reality of its internal operations was clear. While David Solomon touted the TxB unit as a modern digital platform the compliance infrastructure supporting it remained dangerously under-resourced and politically disempowered.

The Federal Reserve’s Intervention

The Federal Reserve issued a severe warning to Goldman Sachs in late 2023 regarding these deficiencies. This regulatory action came in the form of a Matter Requiring Attention (MRA). The MRA is a formal supervisory tool used to cite unsafe and unsound banking practices. The Fed explicitly “insufficient due diligence” and insufficient “monitoring processes” for high-risk non-bank clients. The regulators demanded an immediate overhaul of the TxB unit’s onboarding. They required the bank to conduct a retrospective review of its entire fintech client portfolio to identify and offload any entities that did not meet federal standards.

This intervention forced Goldman Sachs to halt the onboarding of new high-risk fintech clients. The bank had to freeze its sales pipeline for the TxB division. This stalled the growth engine that leadership had promised investors would stabilize the firm’s earnings. The remediation process required the bank to hire hundreds of additional compliance contractors to manually review thousands of client files. This operational pivot destroyed the unit’s profitability margins and exposed the fallacy of the “low-cost” digital banking model. The bank could no longer rely on automation and third-party attestations. It had to perform the expensive manual labor of verifying corporate identities and auditing transaction flows.

The Fed’s scrutiny extended beyond the initial onboarding phase. Regulators criticized the bank’s ongoing monitoring of client activity. Goldman’s systems failed to detect suspicious transaction patterns that should have triggered Suspicious Activity Reports (SARs). The bank’s transaction monitoring software was not calibrated to handle the specific risks posed by fintech aggregators. These aggregators bundle transactions from thousands of different sub-merchants into a single data stream. This bundling masks the origin of funds and makes it nearly impossible for a standard bank system to detect money laundering. Goldman Sachs had failed to demand the necessary data granularity from its partners to unmask these flows.

The High-Risk Client Profile

The clients that drew the ire of the Federal Reserve were not standard corporate treasuries. They were complex financial intermediaries. These entities sat between the banking system and the unregulated corners of the digital economy. were payment facilitators (PayFacs) that allowed sub-merchants to accept credit card payments. Others were cross-border remittance providers that moved funds into jurisdictions with weak AML enforcement. The risk profile of these clients is inherently higher because they act as nested banks. When Goldman Sachs onboarded one of these fintechs it was onboarding the fintech’s entire user base.

The bank failed to distinguish between a low-risk software company and a high-risk money transmitter. Sales teams categorized clients based on their chance revenue rather than their regulatory classification. A fintech startup promising to move $1 billion in annual volume was treated as a priority account regardless of its compliance maturity. The bank accepted the fintech’s own risk assessments at face value. If a client claimed they performed KYC on their users Goldman Sachs frequently did not verify this claim with an independent audit. This reliance on “trust don’t verify” created a direct pipeline for illicit actors to access the U. S. dollar clearing system.

The specific danger lay in the “pass-through” nature of these accounts. Money launderers frequently use fintech apps to illicit funds before moving them into the traditional banking system. By providing the master accounts to these apps Goldman Sachs became the entry point for this dirty money. The bank’s failure to perform due diligence meant it had no way of knowing if the funds in a TxB account belonged to a legitimate small business or a sanctioned entity. The Federal Reserve’s findings indicated that the bank had lost visibility into the true source of funds for of its fintech deposit base.

widespread of the Failure

The breakdown at Goldman Sachs signaled a wider emergency in the banking-as-a-service model. The industry had operated on the premise that technology could replace traditional banking compliance. Goldman’s failure proved that this premise was flawed. The bank attempted to its operations like a software company while ignoring the regulatory friction that defines banking. The result was a compliance program that was structurally incapable of keeping pace with the business it supported. The TxB unit’s revenue growth outstripped its risk management capabilities by a wide margin.

This episode forced a re-evaluation of the partner bank model across the entire sector. The Federal Reserve made it clear that banks could not outsource their regulatory obligations. Goldman Sachs was held liable for the failures of its clients. The bank had to absorb the cost of remediation and the reputational damage of the regulatory rebuke. The halt on new business signaled to the market that the bank’s expansion strategy had hit a regulatory wall. The pledge of high-margin low-touch transaction banking was broken by the reality of high-cost high-touch compliance requirements.

The failure also exposed the limitations of the bank’s technological capabilities. Goldman Sachs had marketed its TxB platform as a digital solution. The regulatory findings revealed that the underlying compliance systems were archaic and disjointed. The bank absence a unified view of its client risk. Data was siloed across different systems which prevented compliance officers from seeing the full picture of a client’s activity. The manual workarounds required to fix these data gaps further slowed the business and increased the error rate. The “tech-forward” bank was brought down by the same old-fashioned compliance failures that have plagued the industry for decades.

The “Growth at All Costs” Mandate: Revenue Over Risk

The internal collapse of compliance standards within Goldman Sachs’ Transaction Banking (TxB) unit was not an accident of negligence a calculated byproduct of aggressive expansion. Under the directive of CEO David Solomon, the firm set an explicit revenue target for TxB: $750 million by 2024. This mandate created a pressure cooker environment where the onboarding of high-risk fintech partners was prioritized over the rigorous due diligence required by federal law. Internal documents and employee testimony later revealed that the drive to meet these financial benchmarks systematically eroded the authority of risk officers. Staff members who raised concerns about the speed of onboarding or the opacity of fintech clients were frequently overruled by deal teams incentivized to close contracts.

The friction between the “revenue generators” and the “risk controllers” became the defining characteristic of the Platform Solutions division. As the bank sought to compete with agile fintech disruptors, it adopted a “move fast” philosophy incompatible with the regulatory obligations of a widespread Important Financial Institution (SIFI). The Federal Reserve’s subsequent investigation uncovered that this culture of risk minimization was not limited to rogue employees was in the unit’s operational strategy. The bank’s systems were calibrated to approve clients like Stripe and Wise rapidly, frequently bypassing the investigations necessary to detect money laundering vulnerabilities in the downstream user base of these platforms.

The Silencing of Dissent: The Hari Moorthy Termination

The tension within the division culminated in September 2023 with the abrupt termination of Hari Moorthy, the global head of Transaction Banking, along with three other senior executives. While Goldman Sachs publicly attributed these firings to “serious violations” of communication policies, specifically the use of unauthorized channels like WhatsApp, investigative scrutiny suggests this was a symptom of a deeper governance failure. The use of off-channel communications allowed executives to discuss sensitive business matters, including risk decisions, without leaving an audit trail for compliance teams or regulators. This shadow communication network nullified the bank’s internal monitoring systems, allowing the TxB leadership to operate with a degree of autonomy that shielded their decisions from the firm’s central risk oversight.

The timing of these departures was not coincidental. They occurred shortly after the Federal Reserve issued a formal warning regarding the unit’s inability to monitor high-risk non-bank clients. Employees in the division had previously flagged that the leadership demonstrated a “tendency to minimize risks” to maintain the velocity of business acquisition. These internal whistleblowers, whose warnings were initially ignored, found their concerns validated only after federal regulators intervened. The firing of the unit’s leadership served as a tacit admission that the division had become ungovernable, operating under a set of rules distinct from the rest of the bank.

Pattern of Retaliation: The Christopher Rollins Precedent

The suppression of internal dissent regarding compliance failures follows a historical pattern at the firm, exemplified by the case of former executive Christopher Rollins. Rollins sued the bank, alleging he was terminated in retaliation for blowing the whistle on anti-money laundering (AML) failures related to financier Lars Windhorst. His lawsuit detailed a culture where senior leaders, including Jim Esposito and Michael Daffey, allegedly pressured him to “confess” to compliance lapses to shield the firm’s hierarchy from scrutiny. Rollins claimed that when he attempted to enforce AML, he was marginalized, and his eventual firing was framed as a performance problem rather than a compliance dispute.

This precedent is serious for understanding the silence within the TxB unit during its rapid expansion. Junior staff and risk officers, aware of the firm’s history of retaliating against those who slowed down deal flow, were disincentivized from escalating their concerns. The “speak up” culture promoted in corporate handbooks was contradicted by the reality that raising red flags on high-value fintech partnerships could end a career. This environment of fear allowed the accumulation of high-risk clients to continue unchecked until the Federal Reserve’s examination forced a sudden and costly reversal of the strategy.

Regulatory Validation of Internal Warnings

The Federal Reserve’s findings in late 2023 served as a vindication for the silenced voices within Goldman Sachs. The regulators identified “insufficient due diligence” and insufficient monitoring processes, mirroring the exact problem raised by internal risk staff months prior. The Fed’s probe revealed that the bank had failed to verify the beneficial ownership of the end-users transacting through its fintech partners, a fundamental requirement of the Bank Secrecy Act. By the time the regulators stepped in, the TxB unit had already onboarded a portfolio of clients that the bank’s own compliance framework was ill-equipped to manage.

The aftermath of these forced Goldman Sachs to the growth engine it had built. The bank ceased signing on riskier fintech clients, abandoning the aggressive that had driven the compliance failures. This strategic reversal was not a reaction to external pressure a forced acknowledgment that the internal checks and balances had been systematically dismantled by a leadership team prioritizing revenue over regulatory safety. The episode stands as a clear case study in how a culture of risk minimization, when left unchecked by a board or senior management, invites federal intervention and reputational damage.

CFPB Scrutiny: widespread Failures in Apple Card Dispute Resolution

The Consumer Financial Protection Bureau (CFPB) delivered a punishing enforcement action against Goldman Sachs on October 23, 2024, exposing a catastrophic breakdown in the bank’s ability to manage its high-profile partnership with Apple. The regulator ordered the bank to pay over $64 million—comprising a $45 million civil penalty and $19. 8 million in consumer redress—for widespread failures that left tens of thousands of customers without recourse for disputed transactions. This action, combined with a $25 million fine levied against Apple, marked a definitive regulatory condemnation of the “move fast and break things” ethos applied to consumer banking. The investigation revealed that the compliance rot began before the product even reached the public. On August 16, 2019, just four days prior to the Apple Card’s launch, the Goldman Sachs board of directors received a direct warning that the dispute resolution system was “not fully ready” due to unresolved technological defects. Rather than delay the rollout to ensure federal compliance, the bank proceeded. This decision prioritized commercial timelines over legal obligations, setting the stage for a collapse in customer service operations that would for years. Once the card went live, the technical infrastructure failed immediately. The CFPB found that Apple, which designed the consumer-facing interface, failed to transmit tens of thousands of customer disputes to Goldman Sachs. These complaints into a digital void. Consumers who used the “Report an problem” feature in the Apple Wallet app believed they had initiated a formal dispute, yet the bank of record never received the data. Even when Goldman Sachs did receive disputes, the bank frequently failed to adhere to the Truth in Lending Act. Federal law mandates that banks acknowledge a billing dispute within 30 days and resolve it within 90 days. Goldman Sachs repeatedly missed these statutory deadlines, leaving customers in financial limbo. The consequences for consumers were severe. Because the bank did not process disputes correctly, it held cardholders liable for chance fraudulent charges. When customers refused to pay for transactions they had formally disputed, Goldman Sachs reported the unpaid amounts to credit bureaus as delinquent debt. This error damaged the credit scores of consumers who had followed the correct procedures to report fraud or billing errors. The regulator noted that the bank’s failure to conduct reasonable investigations meant that legitimate claims were simply ignored, forcing customers to pay for goods they never received or charges they did not authorize. Beyond the dispute resolution disaster, the CFPB uncovered deceptive practices regarding the “Apple Card Monthly Installments” (ACMI) plan. Marketing materials promised interest-free financing for Apple devices, a core selling point of the credit card. Yet, the investigation found that consumers were not automatically enrolled in this program when they made purchases. Instead, they were charged the standard annual percentage rate (APR). In a particularly egregious technical failure, the option to select the interest-free plan did not even appear for customers using certain web browsers, such as non-Safari browsers or Safari in privacy mode. These consumers, believing they were accessing the advertised benefit, were unknowingly funneled into high-interest debt. The breakdown extended to how refunds were applied. For more than 10, 000 cardholders, Goldman Sachs misapplied refunds in a manner that increased the interest load on the consumer. The complex interplay between the installment plan balance and the revolving credit balance confused the bank’s own systems, resulting in financial harm to the user. The CFPB these errors as evidence that Goldman Sachs absence the operational maturity to manage a consumer credit product of this. CFPB Director Rohit Chopra issued a stinging rebuke, stating that the companies “illegally sidestepped their legal obligations.” The enforcement action went beyond monetary penalties. In a rare move, the regulator imposed a ban on Goldman Sachs, prohibiting the bank from launching any new consumer credit card unless it can provide a credible plan to ensure compliance with federal law. This restriction freezes the bank’s expansion in the consumer credit sector, a significant blow to its strategy of diversifying revenue streams beyond investment banking. Goldman Sachs attempted to frame the violations as “inadvertent problem” related to “technological and operational challenges” that occurred post-launch. The bank asserted that it had worked diligently to address the problems. Yet, the timeline established by the CFPB—specifically the board-level warning prior to launch—contradicts the narrative of unforeseen glitches. The evidence suggests a calculated risk where the bank accepted the possibility of compliance failures to meet a launch deadline. This enforcement action serves as a case study in the dangers of the banking-as-a-service (BaaS) model when roles are not defined. While Apple controlled the user experience, Goldman Sachs bore the regulatory responsibility. The disconnect between the tech giant’s interface and the bank’s back-end systems created a compliance gap that harmed consumers. The failure to integrate these systems before scaling the product exposed a fundamental weakness in Goldman’s method to consumer finance: the assumption that banking regulations could be retrofitted onto a tech- product roadmap. The $89 million total penalty and the accompanying business restrictions the notion that Goldman Sachs had successfully transitioned into a consumer-friendly fintech player. Instead, the findings depict a traditional institution struggling to adapt its rigid risk management frameworks to the volume and velocity of a mass-market digital product. The dispute resolution failure was not a software bug; it was a widespread operational collapse that violated the most basic tenets of consumer protection law.

The “Interest-Free” Illusion

Central to the Apple Card’s was the pledge of the “Apple Card Monthly Installments” (ACMI) plan. Marketing materials explicitly stated that customers could purchase iPhones, Macs, and other devices without incurring interest. This feature served as a primary acquisition tool, driving users to apply for the card under the assumption that financing would be cost-neutral. The CFPB investigation exposed a disconnect between this pledge and the user interface reality. Customers purchasing devices via Apple’s website or retail channels frequently found themselves charged interest on the full purchase amount. The breakdown occurred during the checkout process. In instances, the option to enroll in the interest-free plan did not appear automatically. Users using non-Safari browsers, or even Safari in privacy mode, were frequently presented with a checkout flow that defaulted to the standard, interest-bearing revolving credit line. This interface design failure meant that a customer buying a $1, 200 iPhone expected to pay $50 a month for 24 months. Instead, they received a statement charging an Annual Percentage Rate (APR) ranging from 15% to over 30% on the entire balance. The regulator noted that this was not a fringe occurrence; thousands of consumers were funneled into high-interest debt while believing they had secured a 0% promotional rate. The failure to present the ACMI option , or at all, constituted a deceptive practice under the Consumer Financial Protection Act.

Refund Allocation Malpractice

Beyond the enrollment failures, the investigation uncovered a more insidious method regarding how refunds were processed. When a customer returns a product or receives a credit, industry standards and fairness dictate that the refund should reduce the balance accruing the highest interest or be applied in a way that benefits the consumer. Goldman Sachs executed the opposite. The CFPB found that for over 10, 000 account holders, the bank applied refunds to the *interest-free* ACMI balance rather than the *interest-bearing* revolving balance. Consider a customer with two balances on their Apple Card: 1. A $1, 000 interest-free installment plan for a laptop. 2. A $500 revolving balance for miscellaneous purchases, accruing 25% APR. If this customer returned a $200 item, Goldman’s systems applied that $200 credit to the $1, 000 interest-free debt. The $500 high-interest debt remained untouched, continuing to compound daily. This calculation method directly maximized the interest revenue collected by the bank at the expense of the consumer. The regulator identified this not as a random error as a widespread flaw in how the bank’s servicing platform handled dual-balance accounts. It forced consumers to pay interest they should not have owed, subsidizing the bank’s operational defects.

Operational Negligence and Executive Knowledge

The severity of these violations is magnified by evidence that executives proceeded with the product launch even with knowing the systems were defective. The CFPB order highlights that the Goldman Sachs board of directors was informed just four days prior to the August 2019 launch that the dispute resolution and servicing systems were “not fully ready.” Internal warnings flagged that the technology could not handle the expected volume of disputes or the complexity of split-balance accounts. Even with these red flags, the bank moved forward. The contract with Apple included a clause allowing the tech giant to fine Goldman $25 million for every 90-day delay. Faced with the choice between a financial penalty from a partner and the risk of consumer harm, the bank chose the latter. This decision led to a cascade of servicing failures. When customers noticed the unexpected interest charges and attempted to dispute them, they encountered a broken system. Apple failed to transmit tens of thousands of disputes to Goldman Sachs. When disputes did arrive, the bank frequently failed to investigate them within the legally required timeframe. The result was that consumers were left on the hook for interest charges they did not owe, with no functional avenue for recourse.

Regulatory Consequences and Redress

The October 2024 order imposed total financial penalties of $89 million. Goldman Sachs was ordered to pay a $45 million civil penalty and at least $19. 8 million in consumer redress to refund the wrongfully charged interest. Apple was fined $25 million for its role in the failures. More significant than the monetary fine was the operational handcuff placed on the bank. The CFPB invoked its authority to ban Goldman Sachs from launching any new consumer credit card products. This restriction remains in place until the bank can provide a credible plan demonstrating that its systems comply with federal law, a bar that requires a fundamental overhaul of its compliance infrastructure. CFPB Director Rohit Chopra summarized the action by stating that “Big Tech companies and big Wall Street firms should not behave as if they are exempt from federal law.” The enforcement action serves as a concrete example of the “move fast and break things” ethos colliding with banking regulations designed to prevent exactly this type of consumer financial injury.

Table: Breakdown of Apple Card Deceptive Practice Penalties

The failure of the Apple Card partnership to adhere to basic Truth in Lending Act (TILA) requirements exposes a deep capability gap within Goldman Sachs. The bank attempted to a complex consumer lending product on top of infrastructure that was not built to handle the nuances of retail compliance. The misapplication of refunds and the concealment of interest-free options were not poor customer service; they were illegal practices that extracted wealth from consumers under false pretenses. This episode remains a primary case study for regulators examining the risks inherent in banking-as-a-service models where the line between the tech interface and the regulated bank becomes dangerously blurred.

The $2. 5 Billion Miscalculation

Goldman Sachs’ entry into the automotive credit sector was marked not by cautious due diligence, by an aggressive, high-priced bidding war that ignored fundamental operational risks. In 2020, the firm acquired the General Motors (GM) credit card portfolio from Capital One for approximately $2. 5 billion, outbidding Barclays in a move intended to cement its status as a dominant consumer lender. This acquisition was the of a strategy to diversify revenue streams beyond volatile trading and investment banking. Yet, the partnership, which officially launched in 2022, immediately began to disintegrate under the weight of operational mismanagement and a misalignment of incentives between the Wall Street giant and the Detroit automaker.

The deal was predicated on the assumption that Goldman could direct integrate a legacy credit portfolio while simultaneously originating new high-quality accounts. This thesis collapsed almost instantly. Unlike the Apple Card, which benefited from a digital- user base, the GM partnership required deep integration with physical dealership networks, a “boots on the ground” operational reality for which Goldman was woefully unprepared. Internal reports indicate that Goldman executives were frustrated by what they perceived as a absence of promotion by GM dealers, while dealership staff found Goldman’s systems and support structures alien compared to the established processes of traditional retail lenders.

widespread Risk Failures and Lax Underwriting

The most damning evidence of operational fragility lay in Goldman’s underwriting mechanics. In a desperate bid to grow the portfolio and justify the premium paid for the acquisition, the bank turned to third-party lead generators such as Credit Karma to source new cardholders. This strategy bypassed the traditional, lower-risk channel of dealership customers purchasing vehicles and instead opened the floodgates to subprime borrowers. The consequences were catastrophic. Federal Reserve data and internal metrics revealed that charge-off rates for the accounts originated by Goldman, comprising roughly one-third of the total portfolio, surpassed 10 percent. This figure was more than double the industry average of 4. 5 percent for commercial banks during the same period.

This deviation from standard risk parameters drew immediate and intense scrutiny from the Federal Reserve. Regulators identified a pattern of “lax underwriting standards” that threatened the safety and soundness of the bank’s consumer division. The Fed’s probe, which began as a standard review in 2021, escalated into a full- investigation into whether the bank had adequate monitoring and control procedures in place as it expanded its lending footprint. The high charge-off rates were not a financial loss; they were a symptom of a compliance infrastructure that had failed to with the business, allowing high-risk credit to be extended without sufficient collateral or repayment assurance.

The Platform Solutions

The financial toll of these operational failures was concentrated within Goldman’s “Platform Solutions” unit, a division that became a sinkhole for capital. Between 2020 and 2022, the unit reported pre-tax losses method $3 billion, a figure that shocked investors and regulators alike. The GM partnership, rather than providing a stable stream of interest income, contributed significantly to these losses due to the need of building loan loss reserves to cover the surging defaults. By late 2023, the bank was forced to acknowledge that the unit was a drag on the firm’s in total return on equity, prompting a strategic reversal that would see the of its consumer ambitions.

The operational costs extended beyond credit losses. The technical maintenance of the card platform, combined with the servicing requirements of a customer base facing higher delinquency rates, resulted in quarterly operating losses estimated between $50 million and $60 million. These recurring costs even as the bank sought to exit the relationship, creating a “zombie” portfolio that consumed resources and management attention while generating negative value. The inability to turn a profit on a portfolio with $2 billion in outstanding balances highlighted a fundamental in Goldman’s consumer banking operating model.

The Fire Sale to Barclays

The dissolution of the partnership culminated in a humiliating financial retreat. In 2024, Goldman Sachs agreed to transfer the GM credit card program to Barclays, the very institution it had outbid four years prior. The terms of the exit were punitive. Reports confirmed that Barclays paid less than the face value of the outstanding balances, forcing Goldman to absorb a pre-tax hit of approximately $400 million. This discount reflected the toxic nature of the subprime accounts Goldman had originated; Barclays, a seasoned credit card issuer, had no interest in acquiring bad debt at par value.

This transaction was not a standard portfolio sale a distress signal. It underscored the market’s absence of confidence in Goldman’s origination quality. The sale process itself was protracted, with other chance buyers like U. S. Bancorp and Bread Financial walking away, likely deterred by the high credit loss rates and the operational complexities of untangling the portfolio from Goldman’s systems. The return to Barclays at a loss erased years of effort and capital investment, serving as a definitive indictment of Goldman’s ability to operate in the mass-market consumer credit space.

Regulatory Aftershocks

The Federal Reserve’s scrutiny of the GM partnership breakdown extended beyond the financial losses. Regulators viewed the episode as a case study in the risks of rapid expansion into unfamiliar business lines without commensurate risk management controls. The “learning moment” by industry analysts was viewed less charitably in Washington, where the focus remained on the widespread risks posed by such volatility within a Global widespread Important Bank (GSIB). The failure of the GM partnership reinforced the Fed’s resolve to impose stricter oversight on banking-as-a-service (BaaS) models and co-branded credit card arrangements, particularly those involving non-bank partners.

The operational fragility exposed by the GM deal, characterized by poor underwriting, failed partner integration, and insufficient compliance oversight, has had lasting. It accelerated the bank’s exit from other consumer lines, including the sale of the GreenSky lending platform and the eventual unwinding of the Apple Card partnership. For the Federal Reserve, the GM debacle provided concrete evidence that the “move fast and break things” ethos of fintech compatibility is fundamentally incompatible with the prudent risk management required of a federally chartered bank.

The GreenSky Valuation Collapse

The acquisition and subsequent fire sale of GreenSky represents one of the most severe destructions of shareholder value in the modern history of Goldman Sachs. In September 2021, the firm agreed to acquire the home improvement lender in an all-stock transaction valued at approximately $2. 24 billion. Executives framed the deal as a of their strategy to dominate Main Street banking. Yet less than two years later, Goldman Sachs sold the unit to a consortium led by Sixth Street for roughly $500 million. This transaction resulted in a recovery of approximately 20 cents on the dollar. The bank recorded a $504 million impairment charge in the second quarter of 2023 alone. This financial crater demonstrates a failure in valuation modeling and risk assessment.

Ignored Regulatory Red Flags

Investigative review of the timeline reveals that Goldman Sachs proceeded with the acquisition even with public warnings regarding GreenSky’s compliance controls. In July 2021, just two months before Goldman announced the deal, the Consumer Financial Protection Bureau (CFPB) penalized GreenSky. The regulator ordered the fintech to pay a $2. 5 million civil penalty and provide $9 million in restitution to consumers. The CFPB investigation found that GreenSky’s platform allowed merchants to take out loans in consumers’ names without their knowledge or consent. The bureau described these failures as “careless business and customer service practices.” Goldman Sachs dealmakers either underestimated the severity of these compliance gaps or prioritized expansion over risk management. This oversight exposed the bank to a platform with foundational weaknesses in fraud prevention and merchant oversight.

Interest Rate Blindness

The due diligence process failed to account for the sensitivity of GreenSky’s business model to a rising interest rate environment. GreenSky operated by originating unsecured loans for home improvement projects and selling them to bank partners. As the Federal Reserve began its aggressive rate hike pattern in 2022 to combat inflation, the economics of this model rapidly. Funding costs soared. The demand for renovation loans cooled as the housing market slowed. Goldman Sachs bought a cyclical asset at the absolute peak of the market. The bank’s risk models did not adequately stress-test the portfolio against the monetary tightening that occurred shortly after the deal closed. This analytical failure left the bank holding an asset that became a drag on earnings almost immediately upon integration.

Operational Friction and Cultural Mismatch

Internal reports indicate that the integration of GreenSky into the Goldman Sachs ecosystem faced immediate operational blocks. The bank attempted to migrate GreenSky’s point-of-sale technology into its own compliance-heavy banking infrastructure. This process created friction. GreenSky relied on a network of thousands of contractors and merchants to originate loans. Goldman Sachs struggled to apply its bank-grade Know Your Customer (KYC) and Anti-Money Laundering (AML) standards to this decentralized network without stifling business volume. The clash between a fast-moving fintech culture and a regulated bank hierarchy resulted in paralysis. Employees reported that decision-making slowed significantly. The technology migration lagged behind schedule. These operational failures eroded the value of the platform before the bank could realize any synergies.

The Distressed Sale to Sixth Street

By early 2023, the Federal Reserve had intensified its scrutiny of Goldman Sachs’ consumer banking division, known as Platform Solutions. Regulators expressed concern over the unit’s mounting losses and its absence of profitability. The central bank pressured the firm to improve its capital ratios. GreenSky became a liability. CEO David Solomon admitted the business was not a long-term strategic fit. The bank initiated a sale process that attracted low-ball bids from private equity firms. In October 2023, Goldman announced the agreement to sell GreenSky to a consortium led by Sixth Street. The group also included KKR, Bayview Asset Management, and CardWorks. The sale price confirmed the massive destruction of capital. The transaction closed in the quarter of 2024. It marked the definitive end of Goldman’s ambitions to operate a point-of-sale lending business.

for Risk Management

The GreenSky debacle serves as a case study in the dangers of “fear of missing out” (FOMO) in corporate M&A. Goldman Sachs chased a high-growth fintech asset during a valuation bubble without sufficient regard for the underlying credit risks or regulatory baggage. The $1. 7 billion write-down damaged the credibility of the firm’s leadership. It also invited further examination from the Federal Reserve regarding the bank’s ability to manage non-traditional banking risks. The loss absorbed capital that could have been deployed into the firm’s core trading and advisory businesses. This episode reinforced the regulatory view that Goldman Sachs absence the operational discipline required to run a mass-market consumer lending business safely.

widespread Evasion: The Off-Channel Communications Scandal

In September 2022, the Commodity Futures Trading Commission (CFTC) delivered a punishing verdict against The Goldman Sachs Group, Inc., ordering the bank to pay a $75 million civil monetary penalty. This action, coordinated with a parallel $125 million fine from the Securities and Exchange Commission (SEC), exposed a pervasive culture of noncompliance within the firm’s trading and sales divisions. The regulator found that for years, Goldman Sachs employees, including senior executives responsible for compliance oversight, routinely used unapproved communication methods such as WhatsApp, Signal, and personal text messages to conduct official business. This “shadow communication” blinded the bank’s internal surveillance systems, rendering them incapable of monitoring for market manipulation, insider trading, or breaches of client confidentiality. The CFTC’s order detailed how the bank failed to maintain thousands of records related to its business as a swap dealer and futures commission merchant. Under the Commodity Exchange Act (CEA) and CFTC regulations, financial institutions must preserve all written communications that lead to the execution of a transaction. By allowing bankers to move discussions to encrypted or ephemeral messaging apps, Goldman Sachs severed the audit trail required by federal law. The investigation revealed that this was not the result of rogue behavior a widespread practice in the firm’s daily operations. The use of off-channel communications even after the bank issued internal warnings, demonstrating a disconnect between stated policy and actual conduct. This failure struck at the core of the regulatory framework established after the 2008 financial emergency. Recordkeeping is not an administrative load; it is the primary method regulators use to reconstruct market events during periods of volatility or suspected fraud. When Goldman Sachs failed to capture these communications, it obstructed the CFTC’s ability to police the derivatives market. The $75 million penalty served as a clear rebuke, yet it was only the opening salvo in a series of enforcement actions targeting the bank’s inability to manage its data and surveillance infrastructure.

Recidivism and Technical Fragility: The Audio Recording Failures

Less than a year after the off-channel communications settlement, the CFTC returned with another enforcement action that raised serious questions about Goldman Sachs’ technical competence and vendor management. On August 29, 2023, the regulator ordered the bank to pay a $5. 5 million penalty for failing to record and retain audio of mobile device calls and trading turret communications. While the monetary figure was smaller than the 2022 settlement, the were perhaps more damaging: Goldman Sachs had violated a prior Cease and Desist order issued in November 2019. The 2019 order had already sanctioned the bank for similar recordkeeping failures that occurred in 2014. By repeating the offense, Goldman Sachs demonstrated a disturbing pattern of recidivism. The 2023 charges stemmed from failures that began in March 2020, coinciding with the onset of the COVID-19 pandemic. As traders moved to remote work environments, the bank relied on third-party vendors to replicate trading desk setups at home, known as “soft turrets”, and to record calls on mobile devices. These vendor systems failed catastrophically. The CFTC found that a software glitch in the mobile recording service meant that thousands of calls went unrecorded between March and September 2020. Simultaneously, the soft turret system experienced failures that until June 2022. For over two years, the bank operated with significant gaps in its audio surveillance, leaving it unable to verify what was said during trade negotiations. This breakdown highlights a serious vulnerability in the modern banking model: the reliance on external technology vendors. Just as Goldman’s fintech partnerships introduced third-party risks in the consumer banking division, its reliance on outside software providers for core compliance functions in the trading division created blind spots that regulators found unacceptable. Ian McGinley, the CFTC’s Director of Enforcement, issued a stern warning accompanying the order, stating that the commission would “continuously pursue swap dealers that fail to meet their recording obligations.” The fact that Goldman Sachs violated a standing Cease and Desist order indicated that the remedial measures promised in 2019 were insufficient. The bank’s inability to ensure the reliability of its recording hardware, even after being previously fined for the exact same problem, suggested a widespread weakness in its operational risk management.

The Swap Data Reporting Breakdown

The CFTC’s scrutiny extended beyond missing chats and audio files to the integrity of the trade data itself. In April 2023, the commission fined Goldman Sachs $15 million for violations related to the disclosure of “pre-trade mid-market marks” (PTMMM). These marks are serious transparency tools designed to protect clients by providing a fair estimate of a swap’s value before the transaction is executed. The CFTC found that Goldman Sachs failed to disclose these marks or provided inaccurate ones for nearly all “same-day” swaps executed in 2015 and 2016. The investigation revealed that the bank opportunistically solicited same-day swaps at times that were financially beneficial to the firm disadvantageous to clients, without providing the required transparency. This manipulation of data and disclosure requirements further eroded trust in the bank’s automated systems. The failure to provide accurate PTMMMs meant that clients were trading in the dark, unaware of the true economic value of the derivatives they were purchasing. This pattern of data failure continued into October 2023, when the CFTC ordered Goldman Sachs to pay an additional $30 million as part of a broader sweep of swap reporting violations. The regulator found that the bank had failed to properly report swap data for over a decade. The order deficiencies in the bank’s ability to report primary economic terms and continuation data, which are essential for the CFTC’s widespread risk monitoring. The persistence of these errors, dating back to 2013, painted a picture of a financial giant struggling to manage the sheer volume and complexity of its own data.

Vendor Risk and the “Black Box” Problem

The convergence of these enforcement actions, the $75 million for off-channel apps, the $5. 5 million for audio failures, and the $45 million combined for swap data violations, reveals a unified theme: Goldman Sachs lost control of its information architecture. In the context of the Federal Reserve’s scrutiny of fintech partnerships, these CFTC findings serve as a grim parallel. If the bank could not ensure that its own traders were recording their calls or that its own systems were reporting swap data correctly, its capacity to oversee the compliance of dozens of external fintech partners appears deeply suspect. The audio recording failure, specifically caused by a vendor’s software update, mirrors the risks inherent in Banking-as-a-Service (BaaS) models. In both cases, the bank delegates a serious function to a third party retains the regulatory liability. The CFTC’s enforcement actions demonstrate that regulators are no longer accepting “vendor error” as a valid defense. The bank is expected to test, monitor, and verify the performance of every system it uses, whether built in-house or purchased from a supplier. also, the “culture of noncompliance” by regulators in the off-channel communications case suggests that the rot extended to the human element. When senior supervisors use encrypted apps to bypass compliance, they send a message that rules are obstacles to be circumvented rather than standards to be upheld. This attitude, when exported to a partnership model with aggressive fintech startups, creates a dangerous environment where growth is prioritized over governance.

Regulatory Escalation and Future Consequences

The CFTC’s aggressive posture signals a shift in how regulators view recordkeeping. It is no longer a “foot fault” or a minor technicality; it is a proxy for the firm’s in total control environment. The repeated violations of Cease and Desist orders have placed Goldman Sachs in a precarious position. Future violations could lead to even higher penalties, the imposition of independent compliance monitors, or restrictions on trading activities. The inability to produce records also carries severe legal consequences in civil litigation. If a client sues the bank for mishandling a trade, and the bank cannot produce the relevant audio or text records, courts may draw an adverse inference, assuming the missing evidence would have been damaging to the bank. This legal risk, combined with the regulatory penalties, creates a significant liability overhang for shareholders. As the Federal Reserve examines the bank’s transaction banking and fintech operations, the CFTC’s findings provide a roadmap of where to look. The same deficiencies in data governance, vendor oversight, and compliance culture that plagued the swap dealer division are likely present in the consumer and transaction banking units. The “widespread failure” to maintain records is not just a technical IT problem; it is a symptom of an organization that expanded its complexity faster than its ability to control it.

SEC Sanctions: Institutional Gaps in ‘Blue Sheet’ Trading Data Reporting

In September 2023, the Securities and Exchange Commission (SEC) and the Financial Industry Regulatory Authority (FINRA) levied a combined $12 million in penalties against Goldman Sachs for a decade-long failure to provide accurate trading data. This enforcement action targeted the bank’s deficient production of “blue sheets”, electronic reports that regulators use to reconstruct market activity and investigate insider trading. The of the error was massive, affecting hundreds of millions of transactions and obstructing the primary method regulators use to police market manipulation.

The SEC charged Goldman Sachs with willfully violating recordkeeping and reporting provisions of federal securities laws. Between 2012 and 2022, the bank submitted more than 22, 000 deficient blue sheet reports to the SEC. These submissions contained at least 43 different types of errors and compromised data for approximately 163 million transactions. FINRA’s parallel investigation found similar negligence, citing nearly 25, 000 inaccurate submissions that misreported or failed to report at least 97 million transactions. The duration of these failures, spanning ten years, demonstrates a persistent absence of internal controls and validation method within the bank’s trading infrastructure.

Technical Negligence and Data Integrity Failures

The specific nature of the errors reveals a chaotic method to data management. Goldman Sachs repeatedly misreported fundamental trade details required for regulatory oversight. One serious error involved the reporting of trade execution times. The bank’s systems frequently recorded trades in U. S. Central Time rather than the required Eastern Time. In investigations where seconds matter, such as determining if a trade occurred before or after a market-moving news release, this timestamp gap rendered the data useless for detecting insider trading.

Further technical breakdowns included the misreporting of transaction type identifiers, exchange codes, and ticker symbols. The bank also failed to report cross trades and post-settlement cancellations accurately. In instances, the bank reported long sales as short sales, a that fundamentally alters the regulatory view of a trader’s position and intent. FINRA noted that Goldman also misreported Taxpayer Identification Numbers (TINs). Since regulators use TINs to identify specific individuals behind suspicious trades, this error directly impeded efforts to track bad actors across different accounts and brokerages.

The root cause of these deficiencies was not a single software bug an institutional failure to maintain compliance infrastructure. The SEC order detailed that Goldman Sachs relied on outdated reference tables for its electronic blue sheet reporting. also, the bank operated without a reasonable process to verify the accuracy of its submissions. For a decade, the firm transmitted vast quantities of unverified data to federal investigators, blinding regulators to the true nature of market activity flowing through its desks.

Regulatory Impact and Remediation

Thomas P. Smith Jr., Associate Regional Director in the SEC’s New York Regional Office, stated that blue sheet data is important for the Commission’s ability to protect investors and maintain market integrity. By submitting corrupted data, Goldman Sachs forced regulators to divert resources to verify basic facts rather than pursuing misconduct. The penalties, $6 million to the SEC and $6 million to FINRA, reflect the severity of impeding regulatory functions.

Under the settlement, Goldman Sachs admitted to the SEC’s findings. The bank initiated a full- review of its reporting program only after regulatory pressure mounted. This internal review led to the self-reporting of 29 of the 43 error types identified in the order. While the bank has since engaged in remedial efforts to correct its systems, the retrospective discovery of errors dating back to 2012 exposes a long-standing culture where back-office compliance systems were allowed to atrophy even as front-office trading volumes expanded.

This episode parallels the compliance failures observed in Goldman’s consumer banking and fintech partnerships. In both arenas, the bank prioritized operational speed and expansion over the rigorous maintenance of risk and reporting frameworks. The “blue sheet” sanctions serve as a documented example of how the bank’s internal controls failed to keep pace with its operational complexity, resulting in a widespread blind spot that for an entire decade.

FINRA Action: IPO Conflicts of Interest and Unregistered Staff Activity

Regulatory pressure on The Goldman Sachs Group, Inc. intensified in August 2025 when the Financial Industry Regulatory Authority (FINRA) censured and fined the firm for serious compliance lapses involving initial public offerings (IPOs) and the deployment of unregistered personnel in investment banking roles. While the monetary penalty of $250, 000 appeared nominal relative to the bank’s revenue, the enforcement action exposed a disturbing breakdown in the firm’s fundamental supervisory. These violations, occurring between 2021 and 2022, provided concrete evidence of the internal control weaknesses that Federal Reserve officials had as a primary driver for their crackdown on the bank’s fintech and banking-as-a-service (BaaS) expansions.

The core of FINRA’s disciplinary action centered on a July 2021 IPO where Goldman Sachs served as the lead underwriter. Federal investigators discovered that the bank had proceeded with the offering even with a clear conflict of interest. Approximately $96 million, roughly 13. 5 percent of the total IPO proceeds, was earmarked to repay a loan owed to a Goldman Sachs affiliate. Under FINRA Rule 5121, such a conflict the involvement of a Qualified Independent Underwriter (QIU) to ensure the pricing and due diligence processes remain objective and uncompromised by the underwriter’s self-interest.

Goldman Sachs technically named a QIU for the transaction, yet the regulator found this appointment was a sham. The independent underwriter did not participate in the preparation of the registration statement or the prospectus, nor did they conduct the required due diligence. By failing to engage the QIU in any substantive capacity, Goldman Sachs bypassed the safety method designed to protect investors from self-dealing. This procedural failure indicated that the bank’s compliance teams were prioritizing the optics of regulation over actual adherence to legal standards, a pattern that mirrored the deficiencies found in its Transaction Banking (TxB) division.

Simultaneously, FINRA investigators uncovered that Goldman Sachs had allowed unregistered staff to perform sensitive investment banking functions. From May 2021 through March 2022, four individuals engaged in investment banking activities, such as advising clients on capital raising and structuring deals, without the mandatory FINRA registration. These employees operated on deal teams for nearly a year, bypassing the qualification exams and background checks required to ensure industry integrity.

The failure was not due to a absence of data a absence of action. Goldman’s internal systems had correctly flagged these individuals as having “overdue” registrations. Weekly reports generated by the firm’s compliance software explicitly listed these employees as non-compliant. Yet, supervisors ignored these alerts. The firm’s written supervisory procedures absence a method to escalate these warnings or force the suspension of the unregistered staff. This bureaucratic inertia allowed the violations to for months, demonstrating a culture where compliance alerts were treated as administrative noise rather than calls to action.

This specific enforcement action arrived amidst a broader sequence of regulatory failures that eroded confidence in Goldman’s operational resilience. Just months earlier, in February 2024, FINRA had fined the bank $512, 500 for a surveillance failure spanning more than a decade. From 2009 to 2023, Goldman’s automated surveillance reports failed to include warrants, rights, units, and certain over-the-counter equity securities. This blind spot meant that for 14 years, the firm had no automated method to detect chance market manipulation in these asset classes. The error affected approximately 5, 000 surveillance alerts, leaving of trading activity unmonitored.

Further these problem, in February 2026, a Goldman Sachs subsidiary, Folio Investments Inc., faced a $1. 3 million fine for violating “best execution” rules. Regulators found that the brokerage routed client orders to a market maker affiliated with Goldman Sachs without verifying if better prices were available elsewhere. This practice of prioritizing affiliate revenue over client execution quality reinforced the narrative that the bank’s internal conflicts of interest were widespread rather than incidents.

For the Federal Reserve, these FINRA findings served as corroborating evidence. The central bank’s concerns regarding Goldman’s fintech partnerships were predicated on the belief that if the bank could not enforce basic compliance rules within its core investment banking division, such as registering staff and managing IPO conflicts, it was ill-equipped to oversee third-party fintechs operating outside its direct perimeter. The inability to act on its own internal compliance reports regarding unregistered bankers directly paralleled the “absence of challenge” the Fed observed in the risk management of the Apple Card and GreenSky partnerships.

The cumulative effect of these actions painted a picture of an institution struggling to its compliance infrastructure to match its operational complexity. While the individual fines were manageable, the frequency of the violations revealed a “control rot” that permeated multiple business lines. By August 2025, it was clear that the compliance failures were not limited to new, high-risk ventures like consumer lending were deeply entrenched in the bank’s legacy operations, justifying the regulators’ demand for a detailed overhaul of the firm’s risk management framework.

The 1MDB scandal serves as the historical anchor for understanding Goldman Sachs’ current regulatory predicament. It established a precedent of “paper compliance”—systems that appear functional in audits fail in practice when tested by determined dealmakers. The transition from the Malaysian bond fraud to the compliance gaps in the Apple Card and GreenSky partnerships illustrates a persistent challenge: the difficulty of embedding a risk-averse culture in an institution defined by its aggressive of alpha. The termination of the 1MDB consent order in late 2025 marks the end of one enforcement era, the widespread weaknesses it exposed appear to have migrated rather than.

The Strategic Mismatch: Ambition Versus Control

The creation of the Platform Solutions division in October 2022 represented the apex of CEO David Solomon’s ambition to transform Goldman Sachs into a digital banking conglomerate. This unit consolidated the firm’s consumer lending arms, including the Apple Card, GreenSky, and the Transaction Banking (TxB) business, into a single growth engine. Yet the strategy collapsed under the weight of regulatory non-compliance and executive miscalculation. Federal Reserve examiners exposed a fundamental disconnect between the firm’s aggressive growth and its established risk appetite. The central bank determined that Goldman Sachs executives had authorized a rapid expansion into high-risk fintech partnerships without building the necessary governance frameworks to monitor them.

Federal regulators focused their scrutiny on the specific failure of leadership to adhere to a prudent risk appetite statement. Banks are required to define the level of risk they are to accept in of strategic objectives. The Federal Reserve found that Goldman Sachs’ entry into banking-as-a-service (BaaS) violated these internal parameters. The Transaction Banking unit onboarded fintech clients that facilitated high volumes of payments for risky non-bank entities. Executives prioritized revenue generation over the implementation of Know Your Customer (KYC) and Anti-Money Laundering (AML) controls. This prioritization resulted in a “Matter Requiring Immediate Attention” (MRIA) from the Federal Reserve in August 2023. The regulator explicitly deficiencies in management oversight and forced the bank to halt the onboarding of new high-risk fintech clients.

Regulatory Rebuke of Senior Management

The issuance of an MRIA is a severe regulatory escalation that the decision-making processes of senior management. It signals that the problems are not technical glitches widespread failures of governance. The Federal Reserve’s investigation into the consumer business, known as Marcus, escalated from a standard review in 2021 to a full enforcement inquiry by 2022. Regulators questioned whether the bank had adequate monitoring and control procedures in place as it expanded its lending portfolio. The findings indicated that executives had allowed the business to grow too quickly. They failed to ensure that compliance infrastructure scaled at the same pace as customer acquisition.

This regulatory pressure had direct consequences for the leadership team responsible for the strategy. Stephanie Cohen served as the global head of Platform Solutions and was one of the most visible executives driving the consumer pivot. She was tasked with integrating the parts of the digital bank and achieving profitability. The mounting losses and regulatory heat made this untenable. The division reported pre-tax losses of approximately $3 billion over three years. Cohen took a leave of absence in June 2023 citing family reasons and officially departed the firm in March 2024. Her exit marked the end of the Platform Solutions experiment. The unit was subsequently dismantled. Its assets were either sold, as in the case of GreenSky, or placed into run-off.

Compensation and Internal Accountability

The financial and reputational damage incurred by the Platform Solutions strategy forced the Board of Directors to impose financial penalties on the firm’s top leadership. In January 2023, the board cut David Solomon’s annual compensation by approximately 29 percent to $25 million. The compensation committee explicitly linked this reduction to the firm’s performance and the significant losses in the consumer banking division. This pay cut followed a previous reduction in 2020 related to the 1MDB scandal. It established a pattern where executive compensation was directly eroded by compliance and strategic failures.

Internal dissent among the firm’s partnership played a serious role in forcing a reversal of the strategy. Senior partners expressed anger that their bonuses from the profitable investment banking and trading divisions were being used to subsidize losses in the consumer unit. These complaints intensified during town hall meetings and private strategy sessions. Partners argued that the of Main Street banking diluted the brand and introduced risks that the firm was ill-equipped to manage. The Federal Reserve’s intervention validated these internal concerns. It provided the use necessary for the board and the partnership to demand a retreat from the consumer sector.

The of Platform Solutions

The executive response to the regulatory and internal pressure was a complete strategic reversal. Goldman Sachs announced it would cease originating new personal loans under the Marcus brand. The firm initiated the sale of GreenSky at a steep loss just a year after acquiring it. The Transaction Banking unit was reorganized to focus on safer corporate clients rather than volatile fintech startups. This restructuring was an admission that the executive team had misjudged the regulatory environment. They had failed to appreciate that the compliance requirements for retail and transaction banking differ fundamentally from those of institutional trading.

The collapse of the Platform Solutions strategy serves as a case study in the failure of executive risk oversight. Leadership attempted to graft a high-growth technology model onto a widespread important financial institution without the requisite safeguards. The Federal Reserve’s actions clarified that accountability for third-party risks lies with the bank’s board and senior management. They cannot outsource compliance to fintech partners. The subsequent pivot back to Asset and Wealth Management indicates a return to the firm’s core competencies. It also represents a costly lesson in the limits of executive ambition when it conflicts with federal banking regulations.

The ” Activities” Pivot: From Innovation to Containment

The regulatory environment governing the intersection of traditional banking and financial technology underwent a structural inversion between 2023 and 2025. For years, the Federal Reserve maintained a stance of cautious observation regarding “Banking-as-a-Service” (BaaS) models. This period of relative permissiveness ended abruptly with the establishment of the Activities Supervision Program (NASP) on August 8, 2023. This initiative, codified in Supervision and Regulation (SR) letter 23-7, marked the moment federal examiners ceased viewing bank-fintech partnerships as experiments in efficiency and began treating them as vectors of widespread contagion. Goldman Sachs, having aggressively expanded its Transaction Banking (TxB) and Platform Solutions units, stood directly in the route of this supervisory realignment.

The Federal Reserve’s crackdown was not a reaction to failures a rejection of the fundamental BaaS premise: the decoupling of the banking charter from the customer relationship. In the traditional model, a bank owns the customer and the compliance risk. In the BaaS model used by Goldman Sachs and its peers, the bank rents its balance sheet and payment rails to a non-bank interface, theoretically delegating the “Know Your Customer” (KYC) load to the software partner. The NASP explicitly targeted this delegation. Regulators concluded that the “partner bank” model created a blind spot where illicit finance could fester by the chartered institution’s compliance officers. For a Global widespread Important Bank (G-SIB) like Goldman Sachs, this opacity was not just a compliance gap; it was an unacceptable threat to the stability of the US financial system.

SR 23-4 and the End of Delegated Trust

The regulatory method that dismantled Goldman’s fintech ambitions was the “Interagency Guidance on Third-Party Relationships: Risk Management,” released on June 6, 2023. This document, known as SR 23-4, harmonized the expectations of the Federal Reserve, the FDIC, and the OCC. It outlawed the “compliance-light” method that had made BaaS profitable. The guidance stipulated that a bank’s use of third parties does not diminish its responsibility to perform all activities in a safe and sound manner. In practical terms, this meant Goldman Sachs could no longer rely on Apple, General Motors, or GreenSky to vet customers. The bank had to re-underwrite every account, monitor every transaction, and hold the risk for every dispute.

This requirement destroyed the unit economics of the partnership model. The primary of fintech partnerships is the reduction of customer acquisition and servicing costs through automation. By forcing the bank to duplicate the compliance infrastructure of the fintech partner, SR 23-4 eliminated the efficiency gains. Goldman Sachs found itself in a position where it bore the heavy regulatory costs of a G-SIB while earning the thin margins of a white-label utility. The Federal Reserve’s enforcement of this guidance was immediate and severe. Examiners demanded evidence that Goldman possessed direct visibility into the end-users of its TxB platform, a level of data granularity the bank’s systems were not originally architected to maintain in real-time.

The “Nesting” Problem and Money Laundering Risks

A central focus of the Federal Reserve’s scrutiny was the phenomenon of “nesting,” a practice rampant in the BaaS sector and present within Goldman’s transaction banking ecosystem. Nesting occurs when a fintech partner of the bank provides services to *another* fintech, which then serves the end customer. This creates of separation between the chartered bank and the source of funds. During the 2023-2024 supervisory pattern, Fed examiners identified that such structures made it nearly impossible for Goldman Sachs to enforce Anti-Money Laundering (AML) laws. The bank could see the aggregate flow of funds from the primary partner absence the optical depth to identify suspicious activity at the tertiary level.

The risk was not theoretical. The collapse of middleware providers like Synapse in 2024 exposed the fragility of these ledgering arrangements, where the bank’s record of deposits did not match the fintech’s user balances. While Goldman Sachs was not the primary bank for Synapse, the regulatory recoil from that event hit the entire sector. The Fed viewed Goldman’s TxB unit, which processed billions in daily flows for tech-forward clients, as a high-value target for bad actors seeking to wash funds through the US financial system. The “warning” issued to Goldman regarding its TxB risk oversight was a direct application of this new doctrine: if not see the customer, not bank the customer.

Vice Chair Barr and the “Rent-a-Charter” Prohibition

Michael Barr, the Federal Reserve’s Vice Chair for Supervision, served as the architect of this restrictive era. In a series of speeches delivered throughout late 2023 and 2024, Barr articulated a view that “rent-a-charter” arrangements posed a safety and soundness risk that extended beyond individual institutions. He argued that the complexity of these partnerships frequently outpaced the bank’s risk management capabilities. For a community bank, a BaaS failure leads to a receivership. For Goldman Sachs, a massive compliance failure in its payments division could trigger a loss of confidence in the wholesale funding markets.

Barr’s philosophy manifested in the ” Activities” program by subjecting banks to enhanced monitoring standards that were intentionally onerous. The goal was to force institutions to prove they could manage the risk *before* scaling the product. Goldman Sachs, having already scaled its consumer and transaction banking products rapidly under CEO David Solomon, found itself retroactively failing these new standards. The regulatory friction became a soft cap on growth. The bank could not onboard new fintech partners or expand existing programs without remediating the “Matters Requiring Attention” (MRAs) piled up by examiners. This regulatory paralysis was a key driver behind the strategic retreat announced in 2024.

The Strategic Retreat: Japan and the Platform Solutions

The tangible impact of this widespread pressure was the of Goldman Sachs’ global transaction banking ambitions. In March 2024, the bank abruptly exited its transaction banking business in Japan, less than a year after its launch. The closure of the Tokyo branch dedicated to this function was not a market failure a regulatory capitulation. The compliance costs required to meet the Federal Reserve’s new global standards for cross-border fintech partnerships made the Japanese expansion commercially unviable. The bank could not justify the expense of building a “Fort Knox” level compliance regime for a satellite operation.

Domestically, the pressure forced the breakup of the “Platform Solutions” unit. This division, which housed the transaction banking and fintech partnership businesses, became a lightning rod for supervisory criticism. The Fed’s examiners viewed the unit as a silo of high-risk activity that absence integration with the broader bank’s control framework. By dissolving the unit and folding its remnants back into the core investment banking and asset management divisions, Goldman Sachs signaled its surrender. The bank admitted that the “platform” model, where the bank serves as the invisible plumbing for other brands, was incompatible with the regulatory status of a G-SIB.

The Sunset of NASP and the Institutionalization of Scrutiny

On August 15, 2025, the Federal Reserve announced the sunset of the Activities Supervision Program. The regulator stated that the program had achieved its goal: the risks associated with fintech partnerships were well-understood and would be integrated into the standard supervisory process. This announcement was not a reprieve; it was a declaration of victory. The heightened scrutiny that had been ” ” in 2023 had become the baseline standard by 2026. The specialized examination teams that had tormented Goldman’s compliance officers were part of the permanent supervisory architecture.

The sunsetting of the program coincided with a broader industry contraction. By 2026, the number of banks actively pursuing aggressive BaaS strategies had plummeted. Goldman Sachs had successfully excised the high-risk elements of its portfolio, selling off GreenSky, ending the GM partnership, and shrinking its TxB footprint. The Federal Reserve’s intervention had successfully contained the “widespread risk” by forcing the largest players to exit the field. The experiment of 2019-2023, where Goldman sought to become the “AWS of banking,” ended not because the technology failed, because the regulatory cost of trust proved too high to automate.

Conclusion: The Compliance Moat

The Federal Reserve’s scrutiny of Goldman Sachs serves as the definitive case study for the limits of financial innovation within a regulated depository institution. The crackdown demonstrated that the “compliance moat” protecting the banking charter is not a static barrier an active defense method that regulators can harden at. Goldman’s attempt to the gap between agile fintech development and heavy bank regulation resulted in a structural failure. The bank’s systems could move money at the speed of silicon, its compliance controls could only move at the speed of law. In the eyes of the Federal Reserve, the between those two speeds created a widespread risk that could only be resolved by stopping the machine.