Major laws we’re tracking:
- Enhancing Financial Services Bill: Announced in the King’s Speech and will reform SMCR for financial services.
- The Money Laundering and Terrorist Financing (Amendment) Regulations 2026 will come into force May / June, changing AML obligations.
- Cyber Security and Resilience Bill: Will mandate cyber security and training for more companies.
UK regulatory update
The King’s Speech on 13 May announced the current government’s legislative agenda for the next 18 months, assuming it survives that long. Notably there was no specific commitment to the SRA to FCA change for AML supervision and no race and disability pay gap reporting law.
A significant failure to prevent bribery case as the SFO secures a £15m DPA settlement with Ultra Electronics. The case was full of red flags involving overseas intermediaries linked to public officials in high risk jurisdictions.
Phishing emails remain both a cyber risk, and a regulatory one. South Staffordshire Water was fined £963,900 for failing basic security standards which allowed a phishing email to compromise over 600,000 customers’ data.
The next stage of the Data (Use and Access) Act is being rolled out, with a new requirement on UK businesses to have a data protection complaints procedure from 19 June 2026.
The FCA has reminded financial firms of the real risks of AI-enabled fraud, with nearly half a million cases in a year. AI tools are helping scammers become more organised and focused. Fraud is also increasingly linked to transnational organised crime.
Employers who have not yet complied with the For Women Scotland decision on single-sex spaces are facing an increasing risk of a tribunal or discrimination claim and should not delay taking action. We also answered key questions on the topic following our recent webinar.
The UK’s OFSI has fined Deutsche Bank for sanctions failings after it processed two payments to a Russian app developer. The bank failed to screen for ownership and control despite the obvious Russia-related risks.
What are the regulatory requirements around mental health at work? We’ve answered key questions from our latest webinar.
EU regulatory update
The EU’s back-and-forth on the AI Act continues, with the August deadline looming for implementation while an Omnibus deal has failed to materialise. However the EU has published its landmark guidance on what constitutes a high-risk AI system.
More Brussels confusion over the EU Deforestation Regulation. The EUDR is supposed to come online at the end of the year, but firms are still awaiting updated FAQs, new guidance, and the simplification report on what exactly the compliance requirements are.
US regulatory update
The DOJ has moved to seize a Beverly Hills mansion which was allegedly purchased and renovated with $30 million in proceeds from a scheme involving defence contracting, bribery, fraud and money laundering in Iraq.
One of the largest forced labour prosecutions in US history has highlighted the supply chain risks of modern slavery. If public information can connect forced labour to products reaching supermarket shelves, companies may find it harder to argue that they could not have known.
The legal market
Six in ten regulated firms are unprepared for the 2026 changes to the money laundering regulations. Expected to come into force around June, the changes will require policy and training updates and could expose firms to fines if they don’t take pro-active action.
The Crime and Policing Act has become law, and the expansion of senior manager criminal liability begins from the end of June. We take a look at what this means for law firms who tend to have more concentrated senior manager roles.
Monaco’s AML regulator has fined the bank UBS €6 million after identifying repeated failures in the bank’s anti-money laundering controls. Weaknesses were found across due diligence, beneficial ownership and PEP checks.
Law firm Dentons may have won part of its long-running AML case against the SRA, but the drama continues. The case has now been sent back to the Solicitors Disciplinary Tribunal to decide whether the AML breach crossed the professional misconduct threshold.
A new report has revealed roughly 10% of UK GDP. is from illicit money, at least £325 bn moves through the UK financial system. Such a massive scale demonstrates the significant exposure of criminal networks to regulated entities.
Around the world
Canadian privacy regulators concluded that OpenAI’s original training and deployment of ChatGPT violated Canadian privacy laws. The investigation found that the company collected and used personal information without sufficient transparency or meaningful consent.
Did you know?
Forget suitcases of cash, luxury goods maker Louis Vuitton was fined €500,000 for lax AML controls in the Netherlands that allowed a criminal network to launder cash through purchasing branded suitcases and purses themselves, then resold in China.
Upcoming webinars:
The 2026 webinar schedule is live!
New guides
- Compliance trends report: Understanding business risks for data protection, AML, ABC and supply chain
- The state of GDPR: What’s changed, what’s coming and how to stay compliant
- Bullying and Harassment training plan
- How to conduct ethnicity and disability pay gap reporting
- Compliance Office: Comprehensive support for law firms
- AML training plans for law firms
- Why smart organisations invest in health and safety
- Regulatory Intelligence
- Mental health and psychological safety
- The business case for action on mental health
Where can I find more?
Follow our daily blog. Check out our new guides. Subscribe to the podcast.
