Top stories this month
- The British prime minister Sir Keir Starmer announced his resignation just two years after winning a landslide election. Andy Burnham, the Health Secretary under Gordon Brown, is expected to become PM in July. This could have major implications for future compliance regulation, which we explore in our latest briefing.
- The Crime and Policing Act 2026 is in force from 29 June, widening corporate liability for senior manager conduct to encompass all crimes, such as H&S breaches.
- New rules in force from 19 June under the Data (Use and Access) Act require companies to have a data protection complaints procedure in place.
UK regulatory update
The Employment Rights Act is not just adding more compliance overhead, but it could make an employment tribunal more expensive—and more likely.
The FCA has used its powers to shut down a payments firm after identifying serious issues in financial crime compliance and governance issues.
Neurodiversity tribunal claims are still increasing, and getting more expensive. Meanwhile VinciWorks research shows a third of managers lack confidence in supporting reasonable adjustments for neurodiverse conditions.
A major UK sanctions enforcement case has seen a travel company fined a million pounds for breaching Russia sanctions by receiving a payment from a sanctioned airline. Meanwhile the UK and US have issued unprecedented joint guidance on sanctions enforcement.
A collapsed bribery prosecution from the SFO has exposed the risk of cases that get thrown out as firms and senior leaders can still be named and suffer reputational damage, even without a conviction.
The former CEO of the Scottish National Party Peter Murrell, ex-husband of party leader Nicola Sturgeon, was imprisoned for five years for embezzlement. But did Scotland’s ruling party also fail to prevent fraud?
EU regulatory update
GDPR is eight years old already! We’ve ‘celebrated’ the milestone with a three-part series on what data protection compliance looks like today, nearly a decade after the landmark law. Meanwhile new VinciWorks research shows over half of firms are not confident about their GDPR compliance.
Germany’s corporate regulatory laws are set for an overhaul. The changes could see a quadrupling of fines alongside new statutory criteria that could make German companies more likely to receive a monetary penalty for misconduct.
The EU AI Act is both here and confusing. We break down what it means with our new, 40+ question FAQ.
US regulatory update
The US Supreme Court has expanded the interpretation of the Helms-Burton Act, meaning companies potentially breaching US sanctions on Cuba could face increased penalties and confiscated assets.
The legal market
HM Treasury has outlined its plans for the FCA to become the single professional services regulator for AML, taking over the role from the SRA. But will a change of prime minister throw the scheme—and the timeline—into doubt?
The SRA is moving ahead with reforms aimed at improving protections around client money and accountability in law firms, despite Law Society opposition to the plans.
AI hallucinations are hitting the police as well, with concerns over fabricated witness statements and standards of evidence being presented in court. Several police forces have been told to stop using AI altogether.
Over the last 6 months, the SRA has fined 59 law firms a combined £600,000 for failing to comply with some of the most basic AML obligations. Repeated breaches include the absence of firm-wide risk assessments and inadequate AML controls.
While the World Cup is being marked across North America, a quarter of jurisdictions playing in the competition should be flagged as high risk for money laundering. With the 2026 MLRs now in force, firms should be thinking more broadly about jurisdictional risk.
Around the world
Canada has proposed a forced labour import ban which would introduce an import control regime and move far beyond annual compliance statements. Canada is also looking to overhaul its privacy regime with a new digital super-regulator including new consent and deletion rules.
India’s anti-sexual harassment law POSH has some important 2026 updates including new government portals and including of the 2025 board report disclosures. Some recent case law has also strengthened how POSH should be treated in workplaces.
Did you know?
We’ve brought out our crystal ball and imagined what compliance might look like in 2030 and beyond.
New guides
- Mitigating Tribunal Risk: A Compliance-Focused Guide
- Building a neuro-inclusive workplace: A guide for employers
- A practical 10-step guide to getting started in data protection
- Assignments: Training that lives where your courses live
- AI Enhanced Editing: AI-powered course customisation
- Insights: Training intelligence for compliance-led organisations
Where can I find more?
Follow our daily blog. Check out our new guides. Subscribe to the podcast.
