CLOSE

close

CLOSE

EN

October compliance news round-up

Recommended
October compliance news round-up

October compliance news round-up
The SRA releases its 2025 AML annual report. What does it mean for your firm?

The SRA releases its 2025 AML annual report. What does it mean for your firm?
FCA secures first-ever prosecution under the Data Protection Act: A warning shot for UK businesses?

FCA secures first-ever prosecution under the Data Protection Act: A warning shot for UK businesses?

What’s in this update?

  • AI browsers raise cyber security alarms as UK data breaches and fines surge.
  • OFSI issues new sanctions penalty while ESG ratings face FCA regulation from 2028.
  • Pregnancy dismissal protections and menopause action plans set to expand under the Employment Rights Bill.
  • Awaab’s Law introduces strict repair deadlines for landlords.
  • Australia’s Tranche 2 AML regime and global AML supervision changes reshape compliance.


UK regulatory update

Do not use AI browsers. That’s the warning from cyber security professionals concerned about the vulnerabilities in the wave of new AI-powered browsers like ChatGPT Atlas, Perplexity’s Comet, and Gemini-enabled Chrome.


Meanwhile major cyber incidentsmore than doubled in the UK last year, 89 to 204. Even more alarming, the subset labelled “highly significant” (i.e. those with severe national impact) rose from 12 to 18, nearly a 50% increase.


The ICO fined Capita £14 million for a 2023 data breach that compromised the information of around 6.6 million individuals. It all started when one employee downloaded a malicious file.


Another sanctions fine. The OFSI levied a £152,750 penalty on Colorcon Limited, a UK-based pharmaceutical coatings company, for making hundreds of payments to employees who held accounts at sanctioned Russian banks.


A new regulation affecting compliance requirements for housing associations came into force on 27 October. Known as Awaab’s Law, it introduces statutory deadlines for social (and soon to be private) landlords to investigate and repair serious hazards.


While the Employment Rights Bill remains in parliamentary ping-pong, the sexual harassment provisions are not in contention and will require employers to implement all reasonable steps. Our new FAQ explains what this means.


The government have launched a new consultation on pregnancy dismissals as part of new powers expected to come via the Employment Rights Bill. This will likely dramatically extend employment protections given to pregnant women and new mothers.


Another change as part of the Employment Rights Bill is on menopause. Organisations with over 250 employees will be expected to publish actions plans and evidence support for women experiencing menopause.


ESG ratings providers operating in the UK are about to become regulated by the FCA. From June 2028, ESG ratings providers will need to prove transparency and compliance with the new regulations.


The FCA has also secured a landmark prosecution for a data protection failure. A former Virgin Media employee was convicted for unlawfully obtaining and disclosing personal data used to fuel a £1.5 million investment scam.


EU regulatory update

Germany’s financial regulator BaFin issued a multimillion euro fine against a bank for severe AML deficiencies, including a lack of risk analysis and CDD, plus a company culture that treated AML compliance as a tick box exercise.


The EU’s Omnibus to slash ESG and sustainability regulations is making slow progress through the EU parliament. The final deal is not yet signed but SME’s will be largely exempt from reporting and even larger companies will find relief.


EU regulation in the cyber security and data protection space shows no sign of backsliding, though. From NIS2, DORA, the Cyber Resilience Act, Digital Resilience Act and more. What are the key cyber rules affecting your business?


US regulatory update

The US Treasury has delivered on its promise of sweeping AML changes with a serious reduction in SAR paperwork. A new FAQ from FinCEN on BSA compliance means US AML regulated firms can cut a lot of unnecessary SARs.


The legal market

The end of an SRA era is coming. AML supervision for law firms and accounting will move to the FCA… eventually. Primary legislation is required, meaning the timeline is several years. But the change will be monumentalfor every UK law firm.


The VinciWorks AML Core Group met and heard an MLRO’s perspective from Jonathan Grimes, partner at Kingsley, Napley as the guest speaker. The Core Group also discussed what the coming shift from the SRA to the FCAcould mean for their firms.


The FATF October 2025 plenary saw four countries removed from the Grey List: Burkina Faso, Mozambique, Nigeria and South Africa. No new countries were added. VinciWorks guide to high risk AML jurisdictions was immediately updated to reflect these changes.


Fake cases continue to be a scourge on the legal landscape. A UK law firm was ordered to pay wasted costs for citing two fake cases. The risk of unregulated use of AI in legal practice is not going away.


Another question plaguing law firms is who is at fault when machines get it wrong? If an AI makes a mistake… and the firm is fined, who holds liability? Different jurisdictions are taking some unique paths to answer this question.


Nevertheless, a VinciWorks surveyat LegalGeek showed cultural resistance and costs remain barriers to innovation and modern compliance technology. Some tools can actually help firms, rather than increase risk like AI.


A Northwich firmwas fined £17K by the SRA for failing to have any AML policies at all, and providing no evidence of AML training and no clear understanding among staff of their obligations.


Tax advisors are set for increasing regulation. From 1 April 2026, individuals and firms acting as tax advisers will be required to register with HMRC.


Around the world

What’s on the Australia and Asia-Pacificcompliance agenda for 2026? Our special webinar held live on 26 November will delve into key compliance challenges that should be on every businesses’ agenda for the year ahead.


In Australia, Tranche 2 is powering ahead, and the legal sector needs to get ready with just months to go when the regime takes effect in July 2026. AUSTRAC has also released its Tranche 2 guidance, and VinciWorks has released updated AML trainingcourses for Tranche 2 compliance.


Did you know?

Neurodiversity can be a driver of business innovation and performance. Employment tribunals are growing increasingly intolerant of workplaces that fail to harness the abilities of neurodivergent employees.


New guides

October 2025 update: Risky Business – A guide to high risk jurisdictions for money laundering

From the SRA to the FCA: What the single professional services supervisor means for your firm

Tranche 2 A practical companion to AUSTRAC guidance

Tranche 2 and Proliferation Financing

Preparing for Tranche 2: A practical checklist for compliance readiness

Tranche 2 and Terror Financing

Tranche 2: Australia’s AML/CTF reforms


Where can I find more?

Follow our daily blog. Check out our new guides. Subscribe to the podcast.