The EDPB report and what regulators want from you now

As the GDPR celebrates its 7th birthday, the latest report from the European Data Protection Board (EDPB) makes one thing clear: Data privacy compliance has become a lot more than just having a policy.    Data privacy compliance is now about showing you’re actively managing risk, you’re embedding data protection into your business decisions and […]

What we can learn from Metro Bank’s £51b AML oversight

Compliance failures are rarely caused by a single oversight. They are often the consequence of breakdowns in systems and in cultures. The recent enforcement action against Metro Bank by the Financial Conduct Authority (FCA) depicts how these breakdowns can accumulate over time to create serious vulnerabilities, both for the institution and the broader financial system. […]

High stakes: Gambling giant Spreadex fined for regulatory breaches, again

The UK Gambling Commission took decisive enforcement action with its levying of a £2 million fine against Spreadex Limited. The fine underscores the huge gambling firm’s ongoing and repeated failures to comply with essential anti-money laundering (AML) and social responsibility obligations.  This marks the second time in just three years that Spreadex has been penalised. […]

GDPR, 7 years in: The latest changes and what they mean for your business

In 2018, the General Data Protection Regulation (GDPR) was created and quickly set the standard for regulating data privacy. For businesses across Europe and beyond, it was the beginning of a new era in which transparency and data ethics moved from interesting concepts that were footnoted in compliance reports to occupying center stage. Seven years […]

When AI makes it up or the dangers of trusting ChatGPT without question

There’s no doubt that AI tools like ChatGPT are changing how everyone works. But some cautionary tales from inside courtrooms on both sides of the Atlantic should make legal and other professionals pause before relying on AI-generated outputs without due diligence. These cases and our recent webinar on AI practices make it clear: If you […]

New LSAG guidance raises the bar for AML compliance in legal services

In a move that underscores the UK legal sector’s evolving role in the fight against financial crime, the Legal Sector Affinity Group (LSAG) has released its latest update to the HM Treasury-approved Anti-Money Laundering (AML) guidance, effective April 2025. These changes are not just tweaks. They reflect a deeper recalibration of how firms must approach […]

Is a risk-based approach a necessity for sanctions compliance now?

In a word, yes.    In the ever-evolving world of sanctions regulation, the message from the enforcers is becoming increasingly clear: Organisations need a well-designed, risk-based sanctions compliance programme. While the Office of Financial Sanctions Implementation (OFSI) doesn’t mandate a specific compliance framework, its recent enforcement notices strongly underscore the need for firms to develop […]

What does OFSI’s legal services threat assessment mean for the legal sector?

In a first-of-its-kind move, the UK’s Office of Financial Sanctions Implementation (OFSI) has issued a Legal Services General Threat Assessment, shining a light on a sector that is often assumed to be a step removed from the core of sanctions enforcement. But according to the Assessment, legal service providers are actually on the front lines […]

How ignoring AML red flags landed HSBC in hot water 

When it comes to AML compliance, red flags aren’t just warnings. They are flashing neon signs that need immediate attention. And yet, for over a decade, HSBC chose to look the other way. A growing storm of allegations now surrounds the global banking giant, with mounting evidence that it failed to flag hundreds of millions […]