What’s in this update?
- Conversational Learning Day: Join us live on 11 June
- GDPR reform: Big changes for SMEs
- Bribery & AML fines hit Metro, Glencore, Spreadex
- Employment Rights Bill: H&S and harassment overhaul
- HE/FE: E6 and free speech rules live 1 August
- SRA Diversity Survey due 4 July
What’s big in compliance this month?
Conversational Learning LinkedIn Live launch! To celebrate this revolution in eLearning, we’ll be live all day on Wednesday 11 June, 10am-4pm UK time for a conversation about learning. Tune in and share on LinkedIn!
Cyber attacks! Major UK retailers including M&S were swamped by cyber attacks in recent weeks, costing millions. As criminals weaponise AI, companies must keep up with the arms race with our Conversational Learning-style phishing simulator. The vast majority of cyber attacks start with human error.
GDPR’s seven-year itch. The EU’s flagship data protection law looks set for radical transformation, with SME’s set to benefit from significant changes to compliance rules.
UK regulatory update
The Employment Rights Bill is going to have a massive effect on health and safety, sexual harassment and employee rights. Check out our latest FAQ from the recent webinar with IOSH.
Metro Bank was hit with a £16.7m fine for a litany of AML errors, failing to monitor over 60 million transactions, with concerns reported by staff routinely ignored.
As deadline day for the HE/FE sector roles around to implement E6 and the Higher Education (Free Speech) Act, VinciWorks has launched our new E6 compliance training ahead of 1 August implementation day.
The UK Gambling Industry continues its run of bad luck. Spreadex was fined £2m for AML failings around high risk customers and weak AML controls. The company failed to adopt a risk-based approach as legally required, and neglected risk assessments.
The cost of workplace discrimination claims is rising. Disability discrimination is the most expensive, with each lost case paying out £45,000 on average, and that’s before an employer’s legal fees, HR time and PR fallout. Diversity & inclusion training isn’t just nice to have, it’s risk management.
Failure to prevent fraud is coming up, with large organisations required to take active steps by 1 September 2025, including risk assessments and staff training to prevent fraud. If not, a company could be found criminally liable for failing to prevent fraud.
Anti-bribery risk assessments can be complex, and even large companies can get them wrong. Lessons from Glencore’s staggering bribery fine shine a new light on getting risk assessments right.
AI continues to change the world of compliance. In a recent webinar we picked the brain of an AI expert and created a must-read FAQ on the future of AI.
EU regulatory update
A vastly-watered down EU Deforestation Directive is set to come into force at the end of the year. While barely a handful of countries highlighted as high risk, the compliance obligations on companies are still significant.
Despite proposals to amend GDPR, EU authorities are still planning to ramp up enforcement, particularly with greater cross-border cooperation in investigations and fines.
Italy is taking action against Google, accusing the tech giant of a series of antitrust violations that could cost the company billions.
TikTok was slapped with a half-billion euro fine from Ireland’s data protection authority for violating data transfer rules, sending EU data to China without proper safeguards that GDPR requires.
US regulatory update
The US Department of Justice has outlined new enforcement priorities which will strongly focus on self-disclosure of corporate wrongdoing by companies, and target fraud against Americans, tariff violations, immigration offences and financial crimes linked to terrorist financing or sanction evasion.
The risk of a sanctions breach has grown with OFAC’s doubling of the statute of limitations and record-keeping requirement from 5 to 10 years. Meaning companies must prove their sanctions checks for a decade.
The legal market
The SRA Diversity Survey 2025 deadline is 4 July, when firms must submit their data. Firms cannot use the same questions as 2023, in light of the For Women Scotland Supreme Court case. VinciWorks has a free, up-to-date solution available for all law firms.
The SRA have also announced their annual AML data collection exercise. The questionnaire is detailed and firms must submit significant data on sanctions compliance, staff training, enhanced due diligence and PEPs.
A law firm was fined £120,000 for a series of AML failures over 15 years, including failing to implement a firm-wide risk assessment. Although no actual instances of money laundering were reported, it highlights the need for procedural compliance in the legal sector.
The government has published a significant review of sanctions enforcement, and is planning reforms including a new civil penalty and a new settlement mechanism for sanctions breaches, along with new whistleblower protections.
A man dubbed ‘the TikTok lawyer’ was charged by the NCA for money laundering offences and failing to apply customer due diligence. It demonstrates the importance of maintaining strict CDD policies and records.
The trend of fake court cases hallucinated by ChatGPT continues, with a High Court judge furious that five fake cases had been cited. The case has been referred to the Bar Standards Board and the SRA, with the barrister likely to face professional misconduct.
Did you know?
When Leo XIV was elected Pope, he inherited not just the leadership of the Catholic Church, but also a powerful financial crime-fighting institution that has radically improved since financial scandals of recent years. As both a global financial institution and national regulator, the Vatican holds some fascinating lessons for modern compliance.
Where can I find more?
Follow our daily blog. Check out our new guides. Subscribe to the podcast.