What’s in this update?
- Could GDPR go the way of ESG?
- Law firms under attack by the White House
- 10 years of modern slavery compliance sees new guidance
- Major HE/FE fine for a transgender policy that restricted free speech
- Tax evasion crackdown announced by Chancellor – law firms in the crosshairs
What’s big in compliance this month?
Just weeks after axing huge swathes of sustainability legislation, the EU is now gunning for GDPR. While the details are still sketchy, the ominous GDPR Omnibus could see the compliance burden reduced for 90% of companies, but fines increased to one hundred million euros or 10% of global annual turnover.
The UK Modern Slavery Act is 10 years old this year, and the UK has updated its statutory guidance for compliance, and is also investigating if the law should be strengthened.
Meanwhile the Trump Administration has now turned its attention to transatlantic law firms, attacking a number of international firms over their DEI work.
UK regulatory update
Tax evasion compliance has shot to the top of the regulatory agenda with the Chancellor’s Spring Statement. New laws will crackdown on law firms and accountants which facilitate tax evasion schemes (DOTAS), along with personal liability for directors and senior tax advisers.
Sanctions evasion is the target of increased enforcement from the OFSI, including against charities and law firms. Meanwhile, letting agents face stronger sanctions compliance from 14 May 2025.
Along with the new statutory guidance on modern slavery from the Home Office, the House of Commons is investigating an expansion of the decade-old Modern Slavery Act, and could require more due diligence from companies and the public sector.
A stunning HE/FE decision from the Office for Students which fined the University of Sussex half a million pounds for restricting free speech. Their trans and non-binary policy statement was at fault, a decision which applies to most companies as well given the recent Higgs v Farmor’s School decision.
Gambling scams are facing scrutiny for defrauding their customers. Action was taken against Visa and Mastercard, who may expect greater regulation of gambling sites, particularly given the failure to prevent fraud offence coming online this September. Meanwhile a bookmakers was fined over £600,000 for AML failings.
The Data (Use and Access) Bill is moving forward, and will fundamentally alter data protection rules for most businesses in the UK. Companies should consider retraining their workforce when UK GDPR changes in the coming months.
EU regulatory update
A new EU directive on sanctions breaches requires implementation into national laws by May this year. The rules require 5 years prison for sanctions breaches, and fines up to 5% of a company’s worldwide turnover or €40 million.
The EU is also going after crypto providers for doing business with Russia. Garantex, a Russian crypto exchange, was sanctioned by the EU. The crypto industry should be cautious about dealing with Russian entities or individuals.
The EU is stepping up its AML capacity with the launch of a new anti-money laundering authority. AMLA will be like a financial FBI for the EU, going after shell companies and requiring stricter beneficial ownership rules.
US regulatory update
Trump’s bonfire of the regulations continues with the Corporate Transparency Act (CTA). This required beneficial ownership information to be reported (a standard procedure in the rest of the world), and compliance is paused for domestic entities. Only foreign entities will need to comply with the CTA.
At the same time, AML reporting for entities around the border with Mexico has dropped to $200 from $10,000. Changing FinCEN regulations are shaking up the AML sector in the US.
The SEC is investigating AI-washing, where companies make exaggerated or artificial claims about their AI capabilities. Several investment firms have already been fined.
The legal market
The Law Society conference this month heard talk of technology that could transform the way client money is handled. A consultation is currently open. Meanwhile the SRA is reminding firms they require a sanctions risk assessment.
The conference also heard that source of funds and wealth checks are a major frustration, a finding backed up by VinciWorks’ recent AML core group on the subject.
Did you know?
A crypto exchange hack by North Korea saw $1.5 billion stolen, and likely used for proliferation financing.
Where can I find more?
Follow our daily blog. Check out our new guides. Subscribe to the podcast.