Our new survey reveals a crack in business preparedness for the upcoming EU Artificial Intelligence (AI) Act. The survey exposes alarmingly low awareness among larger organisations, with only 2% of large companies reporting a full understanding of the Act.

While the EU AI Act is not yet formally passed (expected to come into force in 2025), it’s anticipated to significantly impact organisations operating in the EU. The Act aims to regulate the development, deployment, and use of AI to ensure it’s fair, safe, and trustworthy.

Non-compliance can lead to substantial penalties, reaching up to €35 million or 7% of global turnover, whichever is higher.

Continue reading

How to assess geographic risks of proliferation financing

Regulated entities are required by law to carry out proliferation financing (PF) risk assessments. But this relatively new compliance requirement can be hard to fully integrate into your risk assessment process. At first glance, proliferation financing risks are mainly concerned with activities carried out in North Korea and Iran. If your business doesn’t have a connection with either of these countries, then it might seem there is little more to do in a proliferation financing risk assessment.

But in reality, proliferation financing risks are connected to more countries than just North Korea and Iran, and firms should factor this into their risk assessment processes. However PF risks are constantly evolving. As global concerns on the proliferation of weapons of mass destruction (WMD) evolve, it is vital to broaden the risk assessment process to ensure your firm is not caught out.

Continue reading

A financial columnist fell victim to a group of con artists and ended up giving them her life savings. Can this happen to you?

Charlotte Cowles is not the kind of person to fall for a scam. She’s a financial writer, the financial advice columnist for New York Magazine and has worked for some of the top publications in the US. She lives in Manhattan, is married and has a child. 

And yet, as she writes in this story, she found herself one day on a street in New York City giving a stranger in a Mercedes a shoebox filled with $50,000 in cash, nearly all her savings.

Continue reading

All goods in the Common High Priority List are under trade sanction, meaning handling them is like handling stolen goods. Companies across the supply chain, from logistics to warehouses to shipping, could be breaking the law if they end up involved with these goods that later end up used by Russia, or in fact any sanctioned country.

There are a number of red flags to be aware of when dealing with sanctioned items, and where there is a risk of a sanctions breach. A single red flag is not necessarily indicative of illicit or suspicious activity. The surrounding facts and circumstances should be considered before determining next steps, like submitting a suspicious activity report to the NCA.

Continue reading

FCA warns firms to do better on risk assessments and training

The Financial Conduct Authority (FCA) has warned over 1,000 Annex 1 firms (lenders, money brokers and financial leasing companies), about serious money laundering failings at the most basic level.

The FCA has written to these firms, making it clear that firms should “complete a gap analysis against each of the common weaknesses we have outlined within six months.” The FCA’s letter also says that in future engagements with the FCA, they expect to be provided with the findings from the gap analysis, the gaps identified, and the progress towards effective policies, controls and procedures. Failing to do so could result in regulatory action. 

The FCA’s review of financial crime controls revealed widespread weaknesses across various areas. Firms were found to be inconsistent in reporting their activities to the FCA, failing to adapt their controls to accommodate business growth, and lacking proper risk assessments. Additionally, the FCA identified shortcomings in due diligence procedures, ongoing monitoring, and the documentation of financial crime-related decisions. The review also highlighted a lack of resources and inadequate training provided to staff, alongside insufficient oversight from senior management. 

Continue reading

Our recent poll reveals an alarming gap between concern and action regarding fraud. While nearly half (48%) of the 258 surveyed compliance professionals across the UK, Europe, North America, and other key regions consider fraud a high concern, 38% of their organisations haven’t planned any fraud prevention training.

Continue reading

Thanks to GDPR, DPIAs matter more than ever. Here’s why – and tips on how to do them

A data protection impact assessment (DPIA) is a process to help identify and minimise the data protection risks of a project. They always mattered but the General Data Protection Regulation (GDPR) made them matter much, much more.

As most Data Protection Officers (DPOs) and data processors are aware by now, GDPR added significant compliance burdens. Under GDPR, data breaches need to be reported to the authorities within 72 hours and each new data processing activity needs to be documented. GDPR also introduced a new obligation to do a DPIA before carrying out processing likely to result in high risk to individuals’ interests. If your DPIA identifies a high risk which you cannot mitigate, you must consult the Information Commissioner’s Office (ICO). The regulator can recommend changes to reduce the risk, give a formal warning not to carry out the processing or even ban the processing altogether. 

Continue reading

It’s been almost six years since Europe’s data protection landscape changed with GDPR. Are you prepared for SARs?

Since the General Data Protection Regulation (GDPR) was passed there has been almost constant change for companies, with new case law, rulings and court cases making compliance with GDPR an ongoing hot topic for organisations of all shapes and sizes.

With GDPR decisions from 27 different member states coming through on an almost daily basis, it can be a challenge to ensure compliance. One of the basic rights of GDPR is a subject access request (SAR). It provides people with the right to access and receive a copy of their personal data, and other supplementary information. SARs can be made verbally or in writing, including via social media.

People are entitled to find out what personal data is held about them by an organisation, why the organisation is holding it and who else knows the information. 

Continue reading

Australia is a global outlier in AML

Australia is one of only five countries to exempt lawyers, accountants and real estate from anti-money laundering rules. The Australian government has committed to change this, expanding AML/CTF obligations to an additional 100,000 ‘Tranche-2’ entities in Australia, while modernising the AML regime. The reforms are expected to be introduced to parliament in 2024, but have received push back from some affected industries.

Continue reading