What’s in this update?
Key laws incoming: Failure to Prevent Fraud offence live from 1 Sept; new DUAA rules began 20 Aug.
FCA & misconduct: Non-financial misconduct training set for 37,000 firms; fresh compliance rules for payment firms; million-pound fine for inaccurate data reporting.
Data & privacy: Court of Appeal expands rights for data subjects — even minor mishandling can spark collective claims.
Employment & inclusion: Tribunal cases linked to disability and mental health up 40%; risks from unsupervised staff networks highlighted.
Legal sector: AML rule changes coming; crypto tax evasion risks flagged; AI hallucinations plague law firms; landmark cases test failure to prevent fraud.
UK regulatory update
As failure to prevent fraud comes into force 1 September 2025, the UK’s Serious Fraud Office and Crown Prosecution Service have published a joint Corporate Prosecutions Guidance, detailing how failure to prevent offences will be dealt with.
Non-financial misconduct continues to be a headline issue for FCA-regulated firms with new training requirements hitting at least 37,000 firms from 1 September 2026. The FCA is also shaking up compliance regulations on payment firms, and a million-pound fine was levied against a company for inaccurate data reporting.
Data subjects got a major boost to take companies to court if their data is mishandled. Even a minor error like sending data to the wrong address could result in a collective action court case.
Meanwhile 20 August saw the first chunk of new data protection rules under the Data (Use and Access) Act come into force, with a number of immediate legal risks organisations should be cognizant of. Google searches for DUAA training have jumped 16,000% according to our own research.
The first ever corporate prosecution for failure to prevent tax evasion under the Criminal Finances Act 2017 has made it to court, and should sound alarm bells in compliance teams about this often neglected law.
Product safety, measurements and consumer protection received an update with the implementation of the Product Regulation and Metrology Act 2025 (PRMA), with more regulations in this area to come.
How good is the equipment your company gives out? A woman was awarded £149,000 after the phone supplied by her employer blew up and caused a fire. A reminder that health and safety failures are costly.
As the new parliamentary term kicks off in September, we are likely to see renewed action on businesses tackling modern slavery now ten years have passed since the original legislation was implemented.
Companies who ignore disability and neurodiversity support are facing a staggering reality with a 40% rise in disability-related tribunal cases, many of which are related to mental health.
Is your staff network or employee resource group an HR headache waiting to happen? While these initiatives are designed to promote inclusion, several cases have found them guilty of the opposite when left unsupervised.
EU regulatory update
The EU is moving ahead with new payment rules. PSD3 and the new Payment Services Regulation is now being negotiated and new regulations will affect payment firms, fintechs, and even non-EU firms providing cross-border services.
US regulatory update
Corporate crime is often transatlantic, and there’s a double risk for international firms as the Trump Administration cracks down on tariff evasion. This could also lead to a tax or fraud investigation in the UK, and both countries might launch an investigation or prosecution into a company.
The SEC is increasingly coming after compliance officers themselves, holding them individually accountable for failures in their business. We’ve produced a CCO survival guide on how to protect oneself in a risky world.
After the back and forth on the FCPA pause, the first declination (a decision not to prosecute) of this administration has been announced, showing firms how the Trump DOJ views corporate bribery. Meanwhile we published an in-depth interview with Andrew McBride, a former CCO who negotiated the biggest FCPA fine discount ever.
Are firms too afraid of cannabis? The industry is expected to reach $100bn value by 2030, and despite its federal illegality, there are risk-conscious ways to safely invest and support this high-growth industry.
The legal market
Law firms and the wider regulated sector had better buckle up for a wide range of changes to AML rules coming later this year. Both the National Risk Assessment and the government’s response to the consultation on changing the MLRs signal a new wave of rules.
Any firm handling crypto had better understand the risk of tax evasion, as law firms in particular could be vulnerable to a failure to prevent investigation if they don’t ensure crypto clients have fully paid their tax.
Failure to prevent fraud is also presenting a risk in some interesting ways. A divorce case that reached the Court of Appeal might have put the law firm representing the client in legal hot water over their possible cover up of a fraud.
AI hallucinations continue to haunt the legal sector with over 50 cases in July alone citing made-up cases dreamed into existence by an AI. Law firms must have serious and strong AI-protection policies.
A solicitor involved in the Azerbaijani laundromat has been fined and barred from compliance roles for his involvement in money laundering and failing to report some obvious red flags.
Around the world
The Brazilian money laundering scandal known as Operation Car Was reached the shores of Singapore, with a $110m Deferred Prosecution Agreement against marine engineering firm Seatrium for their involvement in Brazilian bribery.
The UK has joined forces with Canada and a range of AI academics and tech firms to better understand the risks and opportunities of AI, and tackle issues such as AI hallucinations.
While Donald Trump delivered some good news to the war-torn regions of Azerbaijan and Armenia, negotiating a historical peace and trade deal between the two countries, this has landed a British architecture firm with a serious investigation by the UK government. Geopolitical risk should be on every company’s register.
An Australian mining company which defamed and attacked a whistleblower (who was right about bribery allegations), has been fined by a federal court. Publicly attacking whistleblowers is unlikely to end well.
Did you know?
Discussing work with your colleagues on WhatsApp could land you, and your company, in some serious trouble. At least $2bn in fines have been handed out already for off-channel communications.
Where can I find more?
Follow our daily blog. Check out our new guides. Subscribe to the podcast.
