DUAA Enters Its Next Phase. What do UK businesses need to know?
The UK’s data protection landscape has shifted. The next phase of the Data (Use and Access) Act 2025 (DUAA) is now in force, bringing with it the most substantial reforms to UK data protection since the introduction of the UK GDPR. While the Act received Royal Assent back in June 2025, many organisations have been […]
The Digital Omnibus isn’t a way to just buy time. Is Parliament rewriting the AI Act’s rules?
For months, the European Commission’s Digital Omnibus proposal was framed as a pragmatic reset. It is a way to give businesses breathing room while standards, guidance and enforcement structures caught up with the ambition of the EU AI Act. That framing is now looking very different. The European Parliament’s Committee on Legal Affairs (JURI) has […]
From client account to compliance failure: lessons from the SRA’s £68K fine
The SRA’s £68K fine against Scott-Moncrieff & Associates (ScoMo) is not just another AML enforcement headline. It is a clear reminder of how regulators are now assessing risk, intent and follow-through and of how little tolerance there is for firms that fail to adapt after being warned. That the firm was founded and run by […]
Operational reality under GDPR: Insights from January 2026’s largest fines
The first month of 2026 has already delivered a stark reminder to organisations across Europe: GDPR enforcement is serious, and the stakes are high. Several headline-grabbing fines this January underscore that regulators are no longer hesitating to penalise both large telecom operators and other companies for lapses in security, governance, and transparency. Free Mobile and […]
Crypto has become a global money laundering machine
Cryptocurrency has long been promoted as a technological innovation that would democratise finance, reduce friction and increase transparency. The reality appears to be far less optimistic. Recent data indicates that crypto has become a highly efficient, industrial-scale money laundering infrastructure and one that is growing faster than regulators can effectively manage. According to new findings […]
AML compliance in 2026: What UK law firms are asking now
At our recent VinciWorks AML Core Group meeting, a clear picture emerged of how the AML landscape is shifting for UK law firms. The discussion moved beyond technical compliance and focused on how firms are responding in practice to regulatory transition, increased supervisory scrutiny, and growing operational complexity. The questions below reflect the real issues […]
From policy to practice: Insights from the AML Core Group
In this quarter’s VinciWorks AML Core Group meeting, the discussion kept returning to the same point: AML compliance is no longer business as usual for law firms. It’s now at the top of the regulatory agenda. The AML Core Group sessions bring together UK legal professionals and compliance experts to discuss the latest developments in […]
When GDPR doesn’t apply: What a train announcement can (and can’t) teach us about data protection
GDPR is often treated as a catch-all mechanism for resolving any dispute that feels “data-related”. But a recent judgment from the Austrian Federal Administrative Court (BVwG), read alongside developments in Poland, is a useful reminder of something privacy professionals sometimes forget. GDPR has limits. It does not regulate everything, and it is not designed to […]
How Ruja Ignatova built a $4b fraud and why it matters for crypto and AML
In 2014, a new cryptocurrency emerged with the idea that it would revolutionise the financial world. It was called OneCoin. Its founder, Dr Ruja Ignatova, a Bulgaria-born German citizen, positioned herself as a visionary leader in the digital currency space. She was charismatic, articulate, and media-savvy and she quickly gained global attention, even earning the […]