What’s in this update?
- Conversational Learning launched — VinciWorks’ new AI-powered courses go live.
- Data (Use and Access) Act passed — major UK data protection changes now law, retraining needed.
- Cyber Security and Resilience Bill coming — will make cyber a core compliance duty.
- Failure to prevent fraud — 1 Sept deadline nears, whistleblowing weaknesses exposed by HS2 case.
- EU AI Act under threat — political leaders calling for a pause or overhaul.
- US VCs face AML rules — from Jan 2026, full CDD and KYC requirements apply.
What’s big in compliance this month?
Conversational Learning launch! VinciWorks has changed the eLearning game with the release of multiple courses in our AI-powered learning format.
The UK’s data protection changes have finally become law with the passage of the Data (Use and Access) Act. With changes to automated decision making and legitimate interest, staff should be retrained.
Following the FATF plenary, new countries have been added and others removed from the grey list of high risk money laundering jurisdictions. VinciWorks has updated our comprehensive guide.
UK regulatory update
The government is preparing to vastly increase cyber security regulation with the forthcoming Cyber Security and Resilience Bill. Expected to be published after the summer, it will shift cyber to a core compliance competence, not just an IT issue. Meanwhile a third party data processor was fined £3m after a data breach following a ransomware attack.
The UK Supreme Court has allowed a Malaysian forced labour case against manufacturer Dyson to proceed in the English courts. Meanwhile another case found oil giant Shell legally responsible for legacy pollution in Nigeria. These cases put UK companies with global supply chains squarely at risk for overseas compliance failures.
A British businessman has been charged with bribing officials for defence contracts—in Malawi. A stark reminder that the UK Bribery Act applies globally, and that gifts and hospitality is a key driver of corporate corruption.
Freedom of speech and protected belief in the workplace has been given a more definitive definition after a Court of Appeal case. Higgs v Farmor’s School clarifies the rights of employees to hold and express personal views at work. Download our guide to what this means.
As the 1 September deadline for failure to prevent fraud comes closer, a tribunal involving an HS2 whistleblower shows the risk companies face if they don’t have strong enough internal whistleblowing procedures.
A new Private Members’ Bill in parliament seeks to reform whistleblowing rules in the UK. But with so many failed attempts, will this latest try gain any traction?
Is prison for a compliance breach becoming more likely? The forthcoming Crime and Policing Bill could see senior managers jailed for corporate failures, extending personal liability to any crime.
EU regulatory update
The EU’s groundbreaking AI Act looks set for the chop with political leaders across the bloc calling for a pause, if not a wholesale review of the new compliance regulation. The EU’s ongoing review of GDPR will also complicate how the AI Act operates, if indeed it does come into force.
Meanwhile dating app Bumble was hit with a GDPR complaint for subjecting users to ChatGPT introductions without consent.
Facial recognition at work continues to be a major compliance headache, with a half-million euro fine by the Irish data protection authorities.
US regulatory update
From 1 January 2026, American VCs and investors will fall under the money laundering obligations in the Bank Secrecy Act. This means CDD, KYC, risk assessments and training for the entire industry.
Meanwhile a sanctions case in Silicon Valley shows the need for good onboarding and monitoring. Venture capital firm GVA was hit with a $215m fine for dealing with a sanctioned Russian oligarch.
Another firm, White Deer, managed to avoid a sanctions prosecution through timely self-reporting to the authorities. Another reason to invest in good sanctions monitoring and detection systems.
Four months after being paused, FCPA enforcement is back on the DOJ’s agenda. Kind of. FCPA cases can be prosecuted, but the focus will be on cartels and terror networks.
Bribery risks continue to be present, even in the public sector with a USAID employee receiving $1m in illicit payments for manipulating the procurement process.
The first retailer in California has been fined for Consumer Privacy Act violations. A string of failings, including relying on third party vendors, landed the retailer with a $345,000 fine.
The legal market
AML reforms are coming, and soon, according to the government’s Industrial Strategy. No details have yet been published, but we can speculate on some of the red-tape cutting measures that will make AML compliance a little easier.
There’s an AI crisis happening in the legal industry, and the courts are furious. Several solicitors have narrowly avoided being struck off for submitting made-up citations. If your law firm doesn’t have strong AI policies and training, it’s at serious risk.
The FATF is putting proliferation financing back in the spotlight. New methods of laundering to support WMD production in rogue states mean regulated entities—in particular law firms—must understand and mitigate their PF risks.
Sanctions on Syria are disappearing following the collapse of the Assad regime. But any firm doing business in Syria, and their professional services such as law firms, risk serious money laundering and terrorist financing exposure from the country. It’s still a big risk.
COLPs are facing a crisis with growing requirements and shrinking resources. Fines for administrative breaches are ramping up, and law firms must invest more in their compliance teams.
Crypto laundering is the fashionable, hi-tech way to launder money these days, and criminals are getting very good at it. Law firms and professional services are at serious risk if they don’t have strong anti-crypto procedures in place.
Who gets to call themselves a solicitor or lawyer? The business secretary got off scot-free after falsely claiming to be a solicitor, meanwhile Scotland has criminalised the fraudulent use of the amorphous term ‘lawyer.’ Will England follow suit?
Did you know?
The art market has a serious terrorist financing problem. A TV antique’s show presenter was convicted of laundering money for Hezbollah, and art dealers—alongside the accountants, lawyers and bankers that support them—risk being the money men for Tehran’s terrorism.
Where can I find more?
Follow our daily blog. Check out our new guides. Subscribe to the podcast.
