“How Transaction Lookbacks Can Guide Fintech Companies,” Law360 

Financial regulatory enforcement continues to be active this year, with approximately 18 anti-money laundering actions against financial institutions across federal regulators including the Financial Crimes Enforcement Network, the Federal Deposit Insurance Corp., the Federal Reserve Board, the Office of the Comptroller of the Currency, and the New York State Department of Financial Services, one of the most aggressive state regulators.

With these actions, regulators are looking closely at customer diligence, transaction monitoring and suspicious activity reporting. Accordingly, transaction lookbacks — designed to determine whether an entity has previously failed to identify suspicious activity it should have caught — are a key focus of regulators.

Roughly half of the anti-money laundering enforcement actions this year — excluding actions against individuals — have included regulator-ordered lookbacks.

A transaction lookback can be proactive when it is initiated by the financial institution itself to aid in self-identification and disclosure of a problem, but it can also be mandated by a regulator that is not satisfied by the financial institution's own efforts, or some combination of the two.

Although transaction lookbacks have been a routine part of regulatory engagement and enforcement for traditional financial institutions for some time, fintech companies — that may have only a handful of years of transactions under their belts — may be facing the issue for the very first time.

Strategic planning around whether, how and when to conduct a transaction lookback can be difficult, and it is almost always cost and labor-intensive.

In this discussion, we will address some of the more difficult questions in developing that strategic lookback plan. Specifically, how to consider the risk that a lookback may highlight problematic issues to a regulator and trigger enforcement, and how to navigate this issue when already in the midst of a regulatory investigation or examination.

Ultimately, if performed properly, a lookback can help a financial institution prevent regulatory scrutiny or criticism and avoid burdensome external requirements. In the right circumstances, it can result in a narrower scope and significantly lower expenses, as well as the ability to establish credibility with regulators.

As traditional financial institutions know by now, a lookback strategy is a key part of maintaining a defensible compliance program.

What Is a Lookback?

A transaction lookback is an exercise that financial institutions use to review a defined population of historical transactions to determine the root cause of compliance gaps or issues that have either been self-identified or flagged by a regulator or a third party.

They may be conducted by an in-house team or an independent third party, and often involve a review of thousands or hundreds of thousands of transactions to determine whether a transaction monitoring program has failed to identify suspicious transactions.

A lookback typically results in additional suspicious activity report filings and the results of the lookback are often shared with regulators in some form, along with a root cause determination and remediation plan.

Potential Benefits of a Proactive Lookback

A regulator's requirement to hire an independent third party to conduct a lookback is a familiar part of financial compliance enforcement resolutions. This is a worst-case scenario, however, because it will likely be the most expensive and time-consuming lookback.

On the other hand, there are times when it makes sense for a financial institution to take the initiative to conduct a proactive lookback, with or without notice to its regulator(s.

Advantages of proactive lookbacks may include:

  • The ability to identify and remedy issues before involvement of the regulator: A self-initiated lookback may allow time to determine the scope of the problem, the root causes and the necessary remediation before the regulator is engaged.
  • Possibly preventing a regulator-imposed lookback: A voluntary lookback may allow the financial institution to be in control of major decisions about the review, such as its scoping, methodology and who conducts it. It may also allow the institution to tailor the review to its available resources. For example, in River Bank & Trust's March consent order, the Federal Deposit Insurance Corp.'s lookback order required the bank to engage an independent consultant and develop a methodology, both of which were subject to the FDIC's approval. It also mandated the scope and timing of the review, and required all associated documents to be made available for review and inspection. Similar mandates were imposed on Customers Bancorp Inc. in its recent enforcement.[1]
  • Providing the basis to advocate for no-penalty action and/or cooperation credit: A voluntary lookback allows the financial institution to control the messaging of its findings and the timing of disclosures. For example, self-disclosures can be coupled with a robust remediation plan that aims to put the regulator at ease with the institution's compliance program. It can also provide strong arguments for a nonpenalty or minimal penalty action based on cooperation and self-disclosure.

Key Elements of a Successful Lookback

A successful lookback may be one that is as narrowly scoped as possible, quickly identifies root causes for any historical compliance gaps, identifies key remedial steps and establishes credibility with regulators to demonstrate that the financial institution knows what it's doing and can be trusted to keep its own house clean.

Important considerations include:

  • Who conducts the lookback review: Financial institutions can either perform the review in-house, if sufficient and properly trained resources are available, or engage a third-party consulting firm. In either case, the team conducting the review should be both independent, i.e., without a conflict of interest, and should have sufficient expertise to develop the methodology and perform the actual nuanced analysis. Most often, circumstances demand the expertise and resources of an outside consulting firm.
  • Scoping of the lookback: Sampling methodology, including the sample's size, selection and time frame, must be based on a well-designed and defensible process that would be acceptable to a regulator under the circumstances.
  • Timeline that serves the strategic goals: While voluntary lookbacks provide some timing flexibility, they may still be driven by time-sensitive self-disclosure or other factors. When a voluntary lookback has been disclosed to a regulator, a prolonged timeline may raise concerns or questions about the financial institution's ability to manage the effort independently.
  • Addressing privilege treatment: Lookbacks are often conducted at the direction of outside counsel, which allows for privileged discussions about difficult topics. Nonetheless, it is critical to plan for a nonprivileged work stream to allow for helpful or required disclosures to regulators.
  • Planning for self-disclosures: Lookbacks often result in necessary self-disclosures, raising questions about materiality of the findings, timing of a disclosure and which government agencies should receive the self-disclosure.[2] In fact, a lookback generally identifies the need to file additional suspicious activity reports, which, in themselves, may alert regulators if the financial institution does not do so first.

Making a Lookback Work For You

Whether a lookback is mandated or undertaken voluntarily, it is an opportunity for improvement and building trust with regulators. There may be strong imperatives to keep the scope and cost as narrow as possible, but the lookback should provide a compliance road map and an opportunity to demonstrate to regulators a sophisticated compliance capability.

Particularly when a lookback has been undertaken proactively, and is paired with a clear root cause analysis and remediation plan, the cost of a lookback should provide significant value, even if the plan's steps will take some time to complete.

Related Locations

© 2026 Jenner & Block LLP. Attorney Advertising. Jenner & Block LLP is an Illinois Limited Liability Partnership including professional corporations. This publication, presentation, or event is not intended to provide legal advice but to provide information on legal matters and/or firm news of interest to our clients and colleagues. Readers or attendees should seek specific legal advice before taking any action with respect to matters mentioned in this publication or at this event. The attorney responsible for this communication is Brent E. Kidwell, Jenner & Block LLP, 353 N. Clark Street, Chicago, IL 60654-3456. Prior results do not guarantee a similar outcome. Jenner & Block London LLP, an affiliate of Jenner & Block LLP, is a limited liability partnership established under the laws of the State of Delaware, USA and is authorised and regulated by the Solicitors Regulation Authority with SRA number 615729. Information regarding the data we collect and the rights you have over your data can be found in our Privacy Notice. For further inquiries, please contact dataprotection@jenner.com.

“How Transaction Lookbacks Can Guide Fintech Companies,” Law360 

Financial regulatory enforcement continues to be active this year, with approximately 18 anti-money laundering actions against financial institutions across federal regulators including the Financial Crimes Enforcement Network, the Federal Deposit Insurance Corp., the Federal Reserve Board, the Office of the Comptroller of the Currency, and the New York State Department of Financial Services, one of the most aggressive state regulators.

With these actions, regulators are looking closely at customer diligence, transaction monitoring and suspicious activity reporting. Accordingly, transaction lookbacks — designed to determine whether an entity has previously failed to identify suspicious activity it should have caught — are a key focus of regulators.

Roughly half of the anti-money laundering enforcement actions this year — excluding actions against individuals — have included regulator-ordered lookbacks.

A transaction lookback can be proactive when it is initiated by the financial institution itself to aid in self-identification and disclosure of a problem, but it can also be mandated by a regulator that is not satisfied by the financial institution's own efforts, or some combination of the two.

Although transaction lookbacks have been a routine part of regulatory engagement and enforcement for traditional financial institutions for some time, fintech companies — that may have only a handful of years of transactions under their belts — may be facing the issue for the very first time.

Strategic planning around whether, how and when to conduct a transaction lookback can be difficult, and it is almost always cost and labor-intensive.

In this discussion, we will address some of the more difficult questions in developing that strategic lookback plan. Specifically, how to consider the risk that a lookback may highlight problematic issues to a regulator and trigger enforcement, and how to navigate this issue when already in the midst of a regulatory investigation or examination.

Ultimately, if performed properly, a lookback can help a financial institution prevent regulatory scrutiny or criticism and avoid burdensome external requirements. In the right circumstances, it can result in a narrower scope and significantly lower expenses, as well as the ability to establish credibility with regulators.

As traditional financial institutions know by now, a lookback strategy is a key part of maintaining a defensible compliance program.

What Is a Lookback?

A transaction lookback is an exercise that financial institutions use to review a defined population of historical transactions to determine the root cause of compliance gaps or issues that have either been self-identified or flagged by a regulator or a third party.

They may be conducted by an in-house team or an independent third party, and often involve a review of thousands or hundreds of thousands of transactions to determine whether a transaction monitoring program has failed to identify suspicious transactions.

A lookback typically results in additional suspicious activity report filings and the results of the lookback are often shared with regulators in some form, along with a root cause determination and remediation plan.

Potential Benefits of a Proactive Lookback

A regulator's requirement to hire an independent third party to conduct a lookback is a familiar part of financial compliance enforcement resolutions. This is a worst-case scenario, however, because it will likely be the most expensive and time-consuming lookback.

On the other hand, there are times when it makes sense for a financial institution to take the initiative to conduct a proactive lookback, with or without notice to its regulator(s.

Advantages of proactive lookbacks may include:

  • The ability to identify and remedy issues before involvement of the regulator: A self-initiated lookback may allow time to determine the scope of the problem, the root causes and the necessary remediation before the regulator is engaged.
  • Possibly preventing a regulator-imposed lookback: A voluntary lookback may allow the financial institution to be in control of major decisions about the review, such as its scoping, methodology and who conducts it. It may also allow the institution to tailor the review to its available resources. For example, in River Bank & Trust's March consent order, the Federal Deposit Insurance Corp.'s lookback order required the bank to engage an independent consultant and develop a methodology, both of which were subject to the FDIC's approval. It also mandated the scope and timing of the review, and required all associated documents to be made available for review and inspection. Similar mandates were imposed on Customers Bancorp Inc. in its recent enforcement.[1]
  • Providing the basis to advocate for no-penalty action and/or cooperation credit: A voluntary lookback allows the financial institution to control the messaging of its findings and the timing of disclosures. For example, self-disclosures can be coupled with a robust remediation plan that aims to put the regulator at ease with the institution's compliance program. It can also provide strong arguments for a nonpenalty or minimal penalty action based on cooperation and self-disclosure.

Key Elements of a Successful Lookback

A successful lookback may be one that is as narrowly scoped as possible, quickly identifies root causes for any historical compliance gaps, identifies key remedial steps and establishes credibility with regulators to demonstrate that the financial institution knows what it's doing and can be trusted to keep its own house clean.

Important considerations include:

  • Who conducts the lookback review: Financial institutions can either perform the review in-house, if sufficient and properly trained resources are available, or engage a third-party consulting firm. In either case, the team conducting the review should be both independent, i.e., without a conflict of interest, and should have sufficient expertise to develop the methodology and perform the actual nuanced analysis. Most often, circumstances demand the expertise and resources of an outside consulting firm.
  • Scoping of the lookback: Sampling methodology, including the sample's size, selection and time frame, must be based on a well-designed and defensible process that would be acceptable to a regulator under the circumstances.
  • Timeline that serves the strategic goals: While voluntary lookbacks provide some timing flexibility, they may still be driven by time-sensitive self-disclosure or other factors. When a voluntary lookback has been disclosed to a regulator, a prolonged timeline may raise concerns or questions about the financial institution's ability to manage the effort independently.
  • Addressing privilege treatment: Lookbacks are often conducted at the direction of outside counsel, which allows for privileged discussions about difficult topics. Nonetheless, it is critical to plan for a nonprivileged work stream to allow for helpful or required disclosures to regulators.
  • Planning for self-disclosures: Lookbacks often result in necessary self-disclosures, raising questions about materiality of the findings, timing of a disclosure and which government agencies should receive the self-disclosure.[2] In fact, a lookback generally identifies the need to file additional suspicious activity reports, which, in themselves, may alert regulators if the financial institution does not do so first.

Making a Lookback Work For You

Whether a lookback is mandated or undertaken voluntarily, it is an opportunity for improvement and building trust with regulators. There may be strong imperatives to keep the scope and cost as narrow as possible, but the lookback should provide a compliance road map and an opportunity to demonstrate to regulators a sophisticated compliance capability.

Particularly when a lookback has been undertaken proactively, and is paired with a clear root cause analysis and remediation plan, the cost of a lookback should provide significant value, even if the plan's steps will take some time to complete.

Related Locations

© 2026 Jenner & Block LLP. Attorney Advertising. Jenner & Block LLP is an Illinois Limited Liability Partnership including professional corporations. This publication, presentation, or event is not intended to provide legal advice but to provide information on legal matters and/or firm news of interest to our clients and colleagues. Readers or attendees should seek specific legal advice before taking any action with respect to matters mentioned in this publication or at this event. The attorney responsible for this communication is Brent E. Kidwell, Jenner & Block LLP, 353 N. Clark Street, Chicago, IL 60654-3456. Prior results do not guarantee a similar outcome. Jenner & Block London LLP, an affiliate of Jenner & Block LLP, is a limited liability partnership established under the laws of the State of Delaware, USA and is authorised and regulated by the Solicitors Regulation Authority with SRA number 615729. Information regarding the data we collect and the rights you have over your data can be found in our Privacy Notice. For further inquiries, please contact dataprotection@jenner.com.

News and Insights

Event

Partner Michael Vernick to Speak at NACUA's 2026 Annual Conference

On July 1, Partner Michael Vernick will speak on a panel at the National Association of College and University Attorneys (NACUA) 2026 Annual Conference in Nashville.

July 1, 2026

Publications

In Employee Relations Law Journal: What Happens When ERISA Disability Deadlines Slip

Partner Joseph Torres along with Associates Emma O'Connor and Christopher LeWarne, authored an article for the Employee Relations Law Journal analyzing a significant Fourth Circuit decision with substantial consequences for ERISA disability plan administrators.

June 23, 2026

Publications

In Law360, Partner Samuel Feder Analyzes the Supreme Court's Ruling in FCC v. AT&T

Partner Sam Feder authored an article in Law360 examining the Supreme Court's June 4 decision in Federal Communications Commission v. AT&T Inc., which rejected AT&T's and Verizon's argument that the FCC's forfeiture process violates the Seventh Amendment right to a jury trial.

June 16, 2026