July compliance news round-up

What’s in this update?

  • Key laws incoming: Some DUAA changes begin 20 Aug; Failure to Prevent Fraud starts 1 Sept 2025.
  • FCA & AML fines: New anti-harassment training for 37,000 firms; Monzo, Barclays, and others fined over major AML failings.
  • Sanctions & cyber risks: UK strengthens sanctions enforcement, launches foreign influence register, and faces severe cyber/data breaches.
  • EU & US trends: EU flags terrorist financing blind spots; US cracks down on AML failures and cartel-linked banks.
  • Legal Sector & Training: Law firms face new reporting rules, compliance audits, and must move beyond PDF policies. 
  • VinciWorks’ Conversational Learning is driving a sea-change in corporate L&D with effective, in-flow training.

 

What’s big in compliance this month?

What will compliance look like in 2030? We’ve been looking ahead to the key trends shaping the future of compliance functions.

 

A new compliance requirement is affecting UK listed companies. From 1 January 2026, they will need to include a formal board declaration about the effectiveness of their material internal controls – i.e. a compliance health check. Omnitrack is exploring a solution.

 

The Data (Use and Access) Act is beginning its implementation journey, with a schedule of changes coming over the next year. 20 August is the next big date for new rules.

 

Failure to Prevent Fraud goes live on 1 September 2025, and there are key questions every firm must answer. Local authorities too must think through their responsibilities. 

 

UK regulatory update

 

Headline news from the FCA. A new training requirement on non-financial misconduct (bullying and harassment) will be extended to 37,000 UK firms from 1 September 2026. Courses are building eLearning.

 

FCA regulation is in line for a shake up. A Treasury consultation proposes scrapping key parts of SM&CR. Meanwhile the FCA has released new guidance on working with PEPs (politically exposed persons) for AML compliance.

 

Monzo Bank was fined £21m for systemic AML failings, while Barclays was fined £42m for ignoring due diligence requirements and an Isle of Man gambling company was hit with a £4m fine for onboarding without applying AML rules. 

 

The UK’s Foreign Influence Registration Scheme went live on 1 July. This requires companies working on behalf of foreign governments to register with a government scheme or face serious sanctions, including prison.

 

UK sanctions are in for a shake up, with proposed changes to financial penalties that could lead to much more costly judgements and public naming and shaming of sanctions breaches.

 

A string of cyber cases have hit the UK. A 158-year-old company was taken down by a single weak password. A super-injunction hid a data breach of Afghan nationals working for the UK that ended up costing £6bn

 

A tax evasion crackdown is on the cards. British Overseas Territories are under increasing scrutiny about their lack of corporate transparency, and Parliament may act soon.

 

The Employment Rights Bill hasn’t yet passed Parliament, and won’t until after the summer at least. But lessons from Wilko’s costly collapse shine a light on new collective consultation rights included in the Bill.

 

An interesting corporate bribery case from Scotland saw a number of executives of a relatively small company sentenced to eight years in prison for bribing NHS officials.

 

Also in Scotland a GDPR case highlights some important differences between Scots and English law when it comes to enforcing data protection rules under the new Data (Use and Access) Act.

 

An employment tribunal awarded a woman nearly £30,000 for disability discrimination due to menopause. And another two tribunal decisions show how ADHD and autism must be considered as a disability by employers and reasonable adjustments provided.


A UN judge was convicted by a UK court of modern slavery offences and sentenced to six years. The forthcoming Crime and Policing Bill could make these kinds of modern slavery prosecutions more likely.

 

EU regulatory update

The European Banking Authority released an important opinion on terrorist financing risks which are being overlooked in the financial sector. From treating crypto as high risk to separating terrorist financing from money laundering risk assessments, firms must pay attention to terrorism.

 

A GDPR fine against McDonald’s in Poland highlights the dangers of a lack of security for personal data in the controller-processor relationship.

 

Germany is moving to block Deep Seek due to the Chinese AI tool’s ongoing GDPR breaches, and has asked Apple and Google to remove the app in Germany.

 

US regulatory update

Congress is considering a number of important financial sector bills that could affect fintechs and retrospective rules. We consider the top six laws, and their chances of being signed into law.

 

A US subsidiary of fintech Wise paid a multi-million dollar settlement with several state regulators due to ongoing AML compliance failures.

 

A ponzi scheme run by Biscayne Capital exposed serious corruption and a fatal lack of a compliance function that resulted in a major fraud, and several convictions.

 

For the first time, US regulator FinCEN has blocked three Mexican banks for their links to cartels and drug trafficking. This shows the Trump Administration is serious about cracking down on fentanyl risks.

 

The legal market

A major shift for law firms. From April 2027 they will be required to submit full profit and loss accounts with Companies House.

 

The Privy Council has agreed with the High Court and struck down the century-old Shareholder Rule in English law, meaning companies can now assert legal privilege against their shareholders.

 

A law firm missed the fact a beneficial owner was a foreign PEP, failed to undertake EDD, and the firm was fined £173,000, down from £250,000.

 

Law firms are not secure if they keep their policies in word documents, and simply create a PDF when requested by an SRA inspection. Only Omnitrack can ensure a full audit trail for policies.

 

VinciWorks and Compliance Office also hosted our quarterly AML core group meeting, where law firms discussed multi year training plans and practical steps to verify source of wealth.

 

Around the world

A number of African countries are moving ahead with significant changes to their data protection laws, and these can carry considerable regulatory weight for international firms operating without sufficient regard to local laws.

 

A cryptocurrency exodus from Iran has put pressure on international compliance, as the sanctioned individuals seek safe harbours to launder their crypto cash.

 

Conversational Learning

How is Conversational Learning transforming learning and development at work? We’ve taken a deep dive into how VinciWorks game-changing AI-enabled courses are transforming L&D.

 

  • Supporting communities of practice in a workplace, encouraging on-the-job training that makes learning stick
  • Can help close the skills gap, which is vital when new skills have a half life of less than five years
  • Means training can be done in the flow of work, which is what 94% of employees prefer
  • Delivers micro-learning and just-in-time training, so staff can access courses when they need
  • It’s the evolution of scenario-based learning, which L&D experts know is the best way to ensure training is effective

 

Did you know?

Could your meeting bot deliver the next legal headache? AI transcriptions are discoverable in litigation in the US and can be disclosed in UK civil cases. That means whatever staff say that’s recorded can end up in court.

 

Where can I find more?

Follow our daily blog. Check out our new guides. Subscribe to the podcast.