Legal News

Home Office plans to prohibit public-sector organisations from paying ransoms, and to require other entities to consult with the authorities before contemplating any transfer to their attackers, are designed to undercut the prevailing ransomware business model by making the UK a far less lucrative destination. Yet lawyers also warn the measures, set out in a wide‑ranging government consultation, may underestimate their opponents. Julian Hayes, a partner at BCL Solicitors LLP, described the idea as “deceptively simple and unquestionably well‑intentioned”, but said it verges on the naive. He added that, even if it succeeded, it would simply divert ransomware operators towards softer targets. According to the Home Office, ransomware drew in more than £1bn from victims worldwide in 2023. It has become a profitable stream of cash for cybercriminals and state‑sponsored actors able to penetrate businesses and public agencies and seize control of their...

In this issue: Practice Compliance forecast Financial sanctions Other practice Compliance updates this week Daily and weekly news alerts New and updated content Practice Compliance forecast New Practice Compliance forecast as at 20 May 2025 The latest Practice Compliance forecast, dated 20 May 2025, has been published. This edition covers: (1) HM Treasury’s proposed suite of amendments to the Money Laundering Regulations; (2) OPBAS’s planned targeted appraisal of SARs; (3) movement in the Crime and Policing Bill that widens corporate criminal liability; and (4) the SRA’s draft business plan and budget consultation for 2025–26. See News Analysis: New Practice Compliance forecast as at 20 May 2025. Financial sanctions FCDO announces West Bank sanctions and pauses Israel trade talks The Foreign, Commonwealth & Development Office ( FCDO), via Hamish Falconer MP and the Rt Hon David Lammy MP, unveiled sanctions on three...

As at 20 May 2025, our Practice Compliance forecast maps forthcoming regulatory changes relevant to law firm compliance, helping you plan for developments that may affect your organisation. Please review it carefully; key matters to keep on your radar are highlighted below. New items we’re tracking this month HMT Consultation on Improving the Effectiveness of the Money Laundering Regulations — the Regulatory Initiatives Forum has released a fresh edition of the Regulatory Initiatives Grid, setting out HMT’s package of reforms to the Money Laundering Regulations, slated for implementation between October and December 2025, following the 2024 consultation to enhance effectiveness under the Economic Crime Plan 2023-26. See: AML, CTF and counter-proliferation financing. OPBAS SAR Project: Phase 1 findings, action taken and next steps — following phased assessments of suspicious activity reports, OPBAS has called on Professional Body Supervisors to improve both the volume and standard of SAR...

On 13 May 2025, the watchdog gave reassurance to the profession — and to Big Law in particular — that it will keep domestic turnover as the basis for penalties in the most serious breaches of its rules. Specialists in legal ethics expressed immediate public relief at the reversal. Julie Norris, a partner at Kingsley Napley LLP in London, said the proposal was 'ill-thought through' because it failed to account for the realities of different law firm ownership models and ways of sharing costs and profits. She added: ' Its potential impact was huge. At a macro level, it would have served to undermine England and Wales’ position in the global legal services market'. The solicitors’ watchdog had to overhaul its approach to financial penalties after it obtained new powers in March 2024 to issue unlimited fines for economic crime offences. In June 2024 it...

The solicitors’ watchdog confirmed that, at its 29 April 2025 board meeting, it resolved to use UK rather than global turnover when calculating financial penalties for all kinds of breaches in future. The board also determined, in line with consultation feedback, that solicitors should no longer be fined for drink-driving convictions, with warnings or a rebuke to be issued instead. However, individuals will be referred to the Solicitors Disciplinary Tribunal where offences are serious or repeated. The SRA noted respondents’ views that the criminal courts are already addressing the matter. ‘ If you continue to break the law in a serious way, then we think you need to consider whether or not you should still be allowed to practise’, said Paul Philip, the watchdog’s chief executive......

In this issue: Financial sanctions AML, CTF & counter-proliferation financing Data protection Cybersecurity Other Practice Compliance updates this week Daily and weekly news alerts Trackers New and updated content Financial sanctions OFSI amends General Licence INT/2022/1678476 OFSI has revised General Licence INT/2022/1678476, covering Amsterdam Trade Bank N. V’s winding down, basic needs and insolvency-related payments. The Licence now runs from 23:59 on 12 May 2025 through to 23:59 on 12 May 2030. It also permits Bankruptcy Trustees and other insolvency practitioners to make, receive or process payments, exercise all rights, or take any actions in connection with (i) any Insolvency Proceedings relating to ATB and/or (ii) the fulfilment of the Bankruptcy Trustees’ statutory functions. See: LNB News 12/05/2025 33. OFSI issues penalty notice to Svarog for Russia sanctions breach OFSI has imposed a £5,000 penalty on Svarog Shipping & Trading Company Limited ( Svarog) for contravening Regulation 74(1)(a) of the Russia ( Sanctions) ( EU Exit)...

Aged 52, Oghenochuko Ojiri admitted offences of terrorist financing, which prosecutors said were connected to eight sales, in all, of artistic works, together worth a total sum of £140,000, made to an alleged Hezbollah financier, Nazem Ahmad. Prosecution counsel Lyndon Harris of 6KBW College Hill told Westminster Magistrates' Court in London that Ojiri was aware at the time of the sales that Ahmad had been sanctioned by the US government......

Dyson’s bid to contest a Court of Appeal ruling “does not raise a point of law of general public importance”, states an order dated 1 May 2025 and approved by the UK Supreme Court on 6 May 2025. On 13 December 2024, the Court of Appeal determined that England was plainly the proper forum to hear the claim brought by 24 migrant labourers. That decision reversed the High Court’s view, where a judge had found the dispute bore strong connections to Malaysia and ought to proceed there. The workers, originating from Nepal and Bangladesh, allege they were trafficked from their homelands. They report having endured exploitative and abusive working and living conditions while engaged by a third‑party supplier providing products and components to the Dyson Group, most widely recognised for its vacuum cleaners. The succinct Supreme Court order records that...

Why is defining performance metrics and customer requirements more challenging for AI systems? AI’s intricacy and dependence on extensive datasets make it tougher to pin down clear success measures than in traditional IT projects. Key reasons include: non-deterministic behaviour. Numerous AI models, especially those built on machine learning or deep learning, may return different answers to the same inputs at different times. Whereas conventional software tends to be consistent, shifting model parameters blur simple pass/fail judgements. One test run can vary in outcome, so it’s wiser to define performance thresholds than fixed, single-shot checks. dynamic training data. Many AI solutions continue learning after deployment, risking ‘model drift’. As data or the surrounding context changes, accuracy and reliability can move unexpectedly. Contracts should recognise this and call for periodic evaluations or ‘recalibration’ to remedy any slide in...

A substantial penalty, imposed on Tik Tok on 2 May 2025 by Ireland’s privacy regulator, has sparked serious and widespread doubts over whether any firm exporting personal data to China can do so lawfully under EU data‑protection rules. Byte Dance, Tik Tok’s parent, was hit with a €530m (around $600m) fine after the Irish Data Protection Commission ( DPC) found it had failed to ‘verify, guarantee and demonstrate’ that EU users’ data—remotely accessed by staff in China—enjoyed safeguards ‘essentially equivalent to that guaranteed within the EU’. Concern over data flows to China has further intensified. The US government has now explicitly barred the movement of bulk sensitive personal data or government-related information between US persons and ‘countries of concern’—notably China. ‘ The screw is turning on restricting the flow of data to China, under the banner of privacy, national security and...

Fraud Track 2025 BDO Global’s Fraud Track 2025 reports that £337m is recorded as having been laundered between December 2023 and November 2024, though the real total is probably higher. Money laundering from criminal proceeds made up 61% of the overall reported value of fraud and economic crime. Non-corporate fraud, covering phishing scams and identity theft, followed next, contributing around 20%. The study also notes that the value of reported fraud and economic crime in the UK remains on a long-term downward trajectory, dropping 76% to £550m over the previous twelve months, down from £2.3bn in 2023. BDO attributed this reduction to a decrease in instances of high-value fraud. Stephen Peters, a partner at BDO and its head of investigations, said in a statement that the data indicates fraud continues to evolve......

In this issue: Financial sanctions Other financial crime Other Practice Compliance updates this week Daily and weekly news alerts Trackers New and updated content Financial sanctions Navigating the complexities of sanctions compliance in law firms— OFSI’s Legal Services Threat Assessment In April 2025, the Office of Financial Sanctions Implementation ( OFSI) published its inaugural Legal Services Threat Assessment, as part of a series examining sanctions risks in particular sectors. The report supplies valuable perspective on OFSI’s view of the compliance threats and risks confronting the legal services sector, shining a light on the intricate hurdles the UK profession faces in adhering to financial sanctions. By taking forward OFSI’s recommendations, law firms can strengthen their processes and lessen exposure to sanctions breaches. In a period defined by geopolitical unpredictability and ever more complex sanction regimes, firms must stay alert and act...

Enhance When unveiling the Review, OFSI led with the headline, ‘ UK sanctions freeze £25bn of Russian assets’, adding that ‘over £25 billion of Russian assets [has been] reported frozen since Russia’s illegal invasion of Ukraine’. That total derives from OFSI’s Russian Frozen Assets In‑ Year Reporting, which records the most recent known value of frozen assets said to be held at the moment of designation, as reported to the authority by those required to make such notifications. By December 2024, £25bn in assets linked to the Russia regime had been notified to OFSI as frozen since February 2022. In 2023, frozen funds reported to OFSI across every sanctions regime came to £24.5bn, with £10bn attributable to the Russia regime. The updated number appears in OFSI’s latest Annual Frozen Asset Review, which obliges anyone holding or controlling assets frozen under UK financial...

EU AI Act timeline for GPAI Code of Practice Under the EU AI Act, the Code of Practice must be finalised by 2 May 2025 at the latest, and the European Commission’s AI Office is obliged to take the ‘necessary steps’ so the Code is recognised as an official compliance instrument. Yet, earlier this week the EU AI Office informed participants in the drafting work that ‘the final GPAI Code of Practice and the Commission guidelines on GPAI [are] expected to be published ahead of August 2025’. Its communication further notes: ‘ This extension of the deadline comes as a result of prioritising extended feedback cycles (as requested by all stakeholders), and to give stakeholders four weeks to respond to the consultation on guidelines’. According to the Commission’s updated website, the definitive Code will be presented at the closing plenary session and issued by August 2025,...

In this issue: Sanctions AML, CTF & counter-proliferation financing Other financial crime Data protection Cybersecurity Other Practice Compliance updates this week Daily and weekly news alerts Trackers New and updated content Sanctions Russia ( Sanctions) ( EU Exit) ( Amendment) Regulations 2025 SI 2025/504: This instrument revises UK secondary legislation on sanctions. It brings in additional trade curbs, centring on new export and import bans and restrictions on technology and software transfers, and offers further clarity on the enforcement of trade sanctions. It is made using powers under the Sanctions and Anti- Money Laundering Act 2018 ( SAMLA 2018) in relation to assimilated law. It took effect on 24 April 2025. See: LNB News 24/04/2025 8. OFSI General Licences The Office of Financial Sanctions Implementation ( OFSI) has extended General Licence...

On 14 March 2025, delegates from EU Member States examined the interaction between the two regimes, aiming to pinpoint compliance hurdles for both supervised organisations and supervisory authorities. Following this exchange of views, Poland, the current chair of the EU diplomatic discussions, collated the contributions and prepared a synopsis — obtained by MLex — setting out principal takeaways on the core issues identified. The resulting summary will be tabled for debate at a meeting of national representatives. Differing regulatory approaches Most European governments underlined how the two laws diverge in regulatory design. The EU GDPR safeguards personal data through a fundamental‑rights lens, while the AI Act functions as product‑safety legislation, imposing targeted obligations calibrated to the level of risk. For a number of Member States, this divergence in underlying logic could produce contradictory regulatory outcomes, whereby an AI system is judged compliant with the AI Act but not...

The white-collar watchdog’s revised stance, allowing firms to sidestep charges save in ‘exceptional’ cases when they flag suspected economic wrongdoing, could nudge boardrooms towards deferred prosecution agreements ( DPAs) rather than gambling at trial. ‘ This guidance could usher in a fresh phase of corporate self-reporting and DPAs,’ said Louise Hodges, head of criminal litigation at Kingsley Napley LLP. Previously, the SFO’s approach offered no assurance that businesses would escape prosecution if they owned up. But SFO director Nick Ephgrave told white-collar defence practitioners in a 24 April 2025 speech that, for the first time, companies would know exactly what they are entering into: no ifs, no buts, no maybes; as close to a cast-iron promise as possible—work with us and we will work with you. Eye-catching as the pledge is, the real shift is the office’s vow to reply to...

The SFO has charged United Insurance Brokers with failing to prevent its associates from paying bribes in Ecuador—the first time the agency is preparing to go to trial over the adequacy of a company's compliance programmes. Experts say the case also signals—amid debate over the SFO’s priorities and doubts about the near‑term trajectory of international corruption inquiries—that the agency remains firmly engaged in tackling bribery at home and abroad today. Jonah Anderson, a partner at White & Case LLP, noted that although there now appear to be fewer bribery prosecutions than five or ten years ago and the global environment is shifting, the SFO continues to act as a vigorous corporate bribery enforcer. The UK’s anti‑bribery regime renders companies criminally responsible if they fail to stop employees or associated persons from making illicit payments to secure business in the UK or anywhere in the world. Since its...

The task force brings together: The UK Serious Fraud Office ( SFO) France's National Financial Prosecutor's Office, Parquet National Financier ( PNF) The Swiss Office of the Attorney General of Switzerland ( OAG) Its founding declaration unequivocally affirmed the trio's unwavering resolve to combat bribery and corruption under domestic and international legal regimes. Businesses within the reach of these authorities' jurisdictions—including US companies operating in Europe—should continue to uphold rigorous, well-embedded anti-corruption programmes. Purpose of the task force Its creation crowns more than ten years of close operational partnership among the three nations, spanning tightly coordinated cross-border enquiries, systematic intelligence collection, and law-enforcement information sharing and co-operation. Among other outcomes, the task force will deliver: a leaders' group dedicated to the regular and routine exchange of insight and strategy a working group tasked with developing proposals for case...

The ICO penalised DPP Law Solicitors LLP for inadequate protection of personal data after identifying, confidential and legally privileged material on its network was stolen in a cyber attack and subsequently posted on the dark web. Intruders also obtained entry via a seldom-used admin account linked to a legacy case management platform during a June 2022 “brute force” assault—where credentials are guessed through repeated trial and error, over and over again. Using this account, they exfiltrated 32 gigabytes of data from the firm’s network, and, according to the ICO, the administrator account lacked multi-factor authentication at the time. The haul comprised court bundles, documents, photographs and video relating to the firm’s clients and experts instructed to give evidence in......