FCA shuts down payments firm over financial crime concerns

In a remarkable move, the FCA has effectively shut down a payments firm after identifying what it described as serious weaknesses in its financial crime controls, safeguarding arrangements, and governance. On 4 June, the regulator ordered Euro Exchange Securities UK Limited (EES) to stop carrying out any regulated electronic money or payment services. At the […]
New UK data protection complaints law takes effect in two weeks

A significant change to UK data protection law is now just weeks away. From 19 June 2026, every organisation that processes personal data will be legally required to have a formal process for handling data protection complaints under the Data (Use and Access) Act 2025 (DUAA). While much of the discussion around DUAA has focused […]
Police told to hit pause on AI-generated court statements amid fears of legal contamination

The rapid adoption of AI across the justice system has hit a speed bump after several UK police forces were instructed to stop using AI tools to prepare court statements and undertake other criminal justice tasks. The intervention, led by Alex Murray, head of the newly established Police.AI centre, reflects growing concerns that inaccurate or […]
How to make your GDPR programme regulator-ready

This is the third in a three-part series on GDPR now. It is based on a webinar that we aired on May 27, 2026. A recording of the webinar can be found here. In the first blog in this series, we looked at how GDPR has matured from a one-off compliance project into a live […]
GDPR, AI and the end of siloed compliance

This is the second in a three-part series on GDPR now. It is based on a webinar that we aired on May 27, 2026. A recording of the webinar can be found here. In the first blog in this three-part series, we looked at why GDPR can no longer be treated as a static compliance […]
SRA’s £600,000 AML crackdown exposes a deeper problem: compliance neglect in the legal sector

Over the past six months, the SRA has fined 59 law firms a combined £600,000 for failing to comply with some of the most basic AML obligations required under the Money Laundering Regulations 2017. The enforcement action reveals a pattern of compliance neglect across the legal sector, with many firms failing to implement even the […]
GDPR eight years on: why compliance can no longer sit in a policy folder

This is the first in a three-part series on GDPR now. It is based on a webinar that we aired on May 27, 2026. A recording of the webinar can be found here. When GDPR came into force in 2018, many organisations treated it as a major compliance project. Privacy notices were rewritten, data maps […]
EU publishes landmark high-risk AI guidance as compliance clock resets under Digital Omnibus

The European Commission has finally published its long-awaited draft guidance on how AI systems should be classified as “high-risk” under the EU AI Act, giving businesses their clearest indication yet of how regulators are likely to interpret one of the most important parts of the legislation. For organisations developing, deploying, customising or purchasing AI systems, […]
When a phishing email becomes a GDPR crisis

For nearly two years, cyber criminals quietly moved through the systems of a UK water company without being detected. The breach only came to light after IT performance issues triggered an internal investigation, which was then followed by the discovery of a ransom note that hackers had unsuccessfully attempted to distribute to staff members. Significantly, […]