Off-channel communications: The compliance risks of WhatsApp

The use of encrypted messaging apps such as WhatsApp, Signal, Telegram and WeChat has become routine in financial services. For client-facing staff, traders and senior executives, these platforms provide speed and ease of communication. But for regulators, they represent one of the most significant blind spots in compliance today. Conversations that take place outside official […]

TerraCom’s $7.5 million penalty: Bribery risks, whistleblower protections, and compliance red flags

The Federal Court of Australia has handed down a landmark decision against TerraCom Limited, imposing a A$7.5 million penalty and A$1 million in costs after the coal miner admitted to breaching Australia’s strengthened whistleblower protections. This case underscores how quickly whistleblowing issues can escalate from internal HR matters to multi-million dollar penalties and reputational crises. […]

Transatlantic corporate crime: How the UK and US will investigate and prosecute cases together

For corporates trading across the Atlantic, the risk of prosecution for economic crimes is now sharper than ever. With the UK’s Economic Crime and Corporate Transparency Act 2023 (ECCTA) expanding attribution rules and introducing the failure to prevent fraud offence, and with the US maintaining an aggressive approach to tax and trade enforcement, companies operating […]

Farley v Paymaster: Court of Appeal strengthens data breach victims’ rights

On 22 August 2025, the Court of Appeal handed down a landmark judgment in Farley & Ors v Paymaster (1836) Limited (trading as Equiniti). The case concerned a large-scale data breach in which over 750 annual pension benefit statements of Sussex Police officers were mistakenly sent to outdated addresses. More than 450 officers brought claims […]

The immediate legal risks of the Data (Use and Access) Act 2025

The Data (Use and Access) Act 2025 (DUAA) is more than a technical amendment to UK data law. It is a structural shift in how businesses handle, share, and reuse information. While framed as a driver of innovation and competition, DUAA introduces sharper compliance demands, fresh litigation risks, and expanded enforcement powers for the Information […]

Key provisions of the Data (Use and Access) Act coming into force today – 20 August 2025

Today, 20 August 2025, several important parts of the Data (Use and Access) Act 2025 (DUAA) officially come into effect. These changes mark the start of the law’s gradual implementation, following its passage in June. For compliance teams, data privacy professionals, and legal advisers, today’s updates require immediate attention and some practical adjustments.   Although […]

Human rights, geopolitics and corporate risk: Lessons from the Chapman Taylor case

Chapman Taylor, a UK-based global architecture firm, has been reported to the UK National Contact Point (NCP) for alleged breaches of the OECD Guidelines for Multinational Enterprises due to a construction project in Azerbaijan. This little known rule opens the door to a potential litany of human rights complaints against UK businesses, with wide-ranging consequences […]

What’s New in Astute LXP – August 2025 Update (v3.4.2)

We’re excited to roll out Astute LXP v3.4.2 on August 14, 2025. This month’s release brings a fresh wave of usability improvements, template refinements, and behind-the-scenes optimisations to help you manage learners and compliance more efficiently than ever. Key Enhancements New Pending Enrolments ReportEasily track learners who are queued for enrolment with a dedicated “Pending […]

When regulators come for the compliance officer: CCO survival guide

For many chief compliance officers (CCOs), the greatest fear isn’t just a regulatory fine against their firm, it’s finding themselves in the regulator’s crosshairs. In recent years, the SEC has shown a willingness to pursue CCOs personally, holding them accountable not only for their own misconduct but for the firm’s operational failures, ignored warning signs, […]