Embedded Files
4th July – 6th July 2025
Sanctions
OFAC Fines Key Holding $608K for Cuba Sanctions Violations by Colombian Subsidiary
On 2nd July 2025, the US Treasury’s Office of Foreign Assets Control (‘OFAC’) announced a $608,825 settlement with Key Holding, LLC. The fine addresses 36 apparent violations of US sanctions on Cuba linked to a Colombian subsidiary which managed logistics for freight shipments to the island nation. OFAC classified the case as non-egregious, with the violations being voluntarily self-disclosed, factors which significantly influenced the settlement outcome.
US Treasury Targets Global Oil Smuggling Networks Aiding Iran’s IRGC-QF
The US Department of the Treasury’s Office of Foreign Assets Control (‘OFAC’) on 3rd July 2025 imposed sanctions on a complex web of entities and individuals involved in smuggling billions of dollars’ worth of Iranian oil. These covert operations, many benefiting Iran’s Islamic Revolutionary Guard Corps-Qods Force (‘IRGC-QF’), span across Iraq, the UAE, Singapore, the Seychelles, and the British Virgin Islands. At the core of the network is Iraqi-British businessman Salim Ahmed Said, who orchestrated an elaborate scheme of blending Iranian oil with Iraqi oil to mask its origins. By bribing Iraqi officials and using forged documents, Said’s companies—most notably VS Tankers, VS Oil Terminal, Rhine Shipping, and others—facilitated the illicit trade, funnelling oil into global markets under false pretences.
The Treasury’s action also intensifies scrutiny of Iran’s “shadow fleet,” a constellation of vessels used to conduct ship-to-ship transfers, conceal cargo origins, and transport petroleum to buyers across Asia. Vessels such as VIZURI, FOTIS, THEMIS, and BIANCA JOYSEL are accused of delivering millions of barrels of Iranian oil using deceptive shipping practices. Singapore-based Trans Arctic Global Marine Services, among others, is cited for supporting these operations by coordinating logistics for sanctioned Iranian ships navigating key chokepoints like the Strait of Malacca.
Further highlighting IRGC-QF’s involvement, the US identified the Al-Qatirji Company and its associated fleet—including the ELIZABET, ATILA, and GAS MARYAM—as pivotal in laundering oil revenues. These ships often disguised Iranian oil as Malaysian, moving it through regions like Southeast Asia with assistance from sympathetic actors. The designations fall under various Executive Orders addressing Iran’s petroleum trade and counterterrorism financing, effectively cutting sanctioned parties off from the US financial system and exposing others to potential secondary sanctions for facilitating illicit transactions.
UK Red Alert Exposes ‘Shadow Fleet’ Sanctions Evasion Network Fuelling Russia’s Oil Exports
The UK’s National Crime Agency (‘NCA’), Office of Financial Sanctions Implementation (‘OFSI’), and Foreign Commonwealth & Development Office (‘FCDO’) have issued a joint Red Alert to financial institutions, warning of a sprawling and resilient sanctions evasion network which continues to profit from Russian oil exports. The alert targets a dual-structured “Shadow Fleet” system exploiting gaps in regulation and global trade oversight.
At the heart of this scheme is a split between “red” and “blue” entities. The “red” side—primarily front companies with obscure ownership—handles direct Russian oil transactions, leveraging close ties with sanctioned executives like ROSNEFT’s CEO, Igor Sechin. The “blue” side, with links to legitimate Western financial services, disguises the oil’s origin and brings it to market through banks, insurers, and commodity platforms. These interactions blur the line between illicit and legitimate trade, creating a sanctions-resistant ecosystem.
Key players named include the UK-sanctioned Azeris Etibar Eyyub and Tahir Garayev, whose companies—2RIVERS DMCC and 2RIVERS PTE—served as linchpins for the “blue” network. These firms, along with others like NORD AXIS, rely heavily on over 100 ageing tankers in the so-called Shadow Fleet, employing deceptive practices such as ship-to-ship oil transfers, GPS signal tampering, and frequent flag changes to mask Russian connections.
The alert outlines red flags for the financial sector, including companies with rapid oil trading volume despite limited history, opaque ownership structures, registration in high-risk jurisdictions, and minimal online presence. It urges firms to remain vigilant, submit Suspicious Activity Reports (‘SAR’s), and support ongoing disruption efforts as the UK and its allies tighten enforcement.
UK Refines Arms Embargo on Armenia and Azerbaijan, Tightening Focus on Border Conflict Risks
On 1st July 2025, the UK government announced a refinement to its longstanding interpretation of the OSCE arms embargo on Armenia and Azerbaijan. Originally based on broad restrictions dating back to 2nd July 2014, the UK’s updated position narrows the embargo to focus specifically on weapons, ammunition, and munitions, rather than all items on the UK Military List. This adjustment removes previous language referencing potential use of such items in the Nagorno-Karabakh region.
The revised embargo now targets arms which could be used along the land border between Armenia and Azerbaijan by either state’s military, police, or security forces. The change signals a shift toward more precise export control measures, aimed at mitigating conflict escalation while allowing greater flexibility for non-lethal and dual-use items which fall outside the embargo’s new scope.
OFSI Updates Sanctions Guidance: New Clarifications on Economic Resources, Licensing Jurisdiction, and Securities Reporting
On 3rd July, the UK Office of Financial Sanctions Implementation (‘OFSI’) released four new FAQs and withdrew two from its published guidance. These updates offer greater clarity for those navigating UK financial sanctions.
FAQ 149 introduces a clearer definition of “economic resources,” helping to resolve ambiguities around assets which may not be directly usable for obtaining funds, goods, or services, but could still support sanctioned entities. FAQs 150 and 151 address an important compliance question: whether a licence is required from both OFSI and the relevant Crown Dependencies or Overseas Territories for the same activity. These additions aim to prevent duplicative licensing efforts and ensure better jurisdictional coordination.
FAQ 152 provides much-needed direction on how to report securities held at designated local Russian registrars, a topic increasingly relevant in the context of evolving Russia-related sanctions. Meanwhile, FAQs 123 and 124 have been withdrawn.
Money Laundering
ECB and AMLA Forge Closer Ties with Cooperation Agreement to Bolster Anti-Money Laundering Oversight
The European Central Bank (‘ECB’) and the European Anti-Money Laundering Authority (‘AMLA’) have entered into a Memorandum of Understanding to facilitate cooperation in the supervision of financial institutions. The agreement, announced on 3rd July 2025, aims to strengthen coordination between prudential oversight and anti-money laundering/countering the financing of terrorism (‘AML/CFT’) efforts across the European Union.
This collaboration sets the foundation for structured information exchange, alignment of supervisory standards, and joint efforts in policy development. It focuses particularly on financial institutions which face high cross-border money laundering risks—including payment firms, crypto-asset service providers, and select banks regulated by the ECB.
Both institutions will cooperate on supervisory actions such as sanctions, governance evaluations, and the potential restriction or withdrawal of licences in cases of serious AML/CFT breaches. The agreement also formalises observer participation in each other’s board meetings and fulfils legal obligations under Article 92(3) of the AMLA Regulation, as part of the broader EU anti-money laundering reform package.
The partnership represents a step forward in building a consistent and robust AML/CFT framework within the European financial system, especially ahead of AMLA’s planned direct supervisory role from January 2028. The EBA press release is here.
UK Updates Parliament on Beneficial Ownership Registers Across Overseas Territories
On 3rd July 2025, UK Minister of State, Stephen Doughty, delivered a statement to Parliament detailing progress on implementing beneficial ownership registers across the UK’s overseas territories—a central pillar in the government's crackdown on illicit finance and corruption. The initiative is part of a broader transparency campaign launched in November 2024, aimed at eroding safe havens for dirty money and increasing corporate transparency.
Several territories have already launched public or semi-public registers. St Helena went live with a fully public register on 30th June 2025, following Gibraltar and Montserrat's earlier launches. The Falkland Islands reaffirmed their commitment and plan to implement their register by July 2026, citing capacity issues. Meanwhile, the Cayman Islands and the Turks and Caicos Islands have launched registers with “legitimate interest” access, allowing vetted individuals such as journalists to view ownership data. Other jurisdictions like Anguilla and Bermuda are progressing toward implementation, though timelines vary.
However, concerns persist—particularly around the British Virgin Islands’ (‘BVI’) system, which faces delays until April 2026 and limits proactive investigation. The UK expressed disappointment at this lag, especially after the BVI was placed under increased monitoring by the Financial Action Task Force (‘FATF’).
To address gaps, the UK will host an illicit finance dialogue with leaders of the overseas territories later this month. This meeting will assess progress, agree on corrective actions, and reaffirm the commitment to transparency, with Baroness Hodge, the Prime Minister’s anti-corruption champion, joining the discussions.
Bribery and Corruption
Uzbekistan’s Future Lawyers Trained to Lead Anti-Corruption Reforms
More than 25 law students and young professionals from leading Uzbek universities participated in a three-day Summer School on integrity and legal reform. The event, held in Tashkent Region from 24–26 June 2025, was jointly organised by the Anti-Corruption Agency of Uzbekistan and UNDP, with EU financial support. Participants explored ethics, open data, youth participation in governance, and simulated real-world corruption cases from multiple legal perspectives.
Sessions emphasised legal education’s role in anti-corruption efforts, with students engaging in practical exercises, designing advocacy campaigns, and developing community-level projects. They also created personal action plans and explored further training opportunities via the Virtual Anti-Corruption Academy. The event forms part of a broader initiative to strengthen Uzbekistan’s national anti-corruption ecosystem and empower the next generation of legal professionals.
Senior Australian Official Abused Public Office in Nepotism Scandal, Watchdog Finds
A senior official in Australia’s Department of Home Affairs has been found by the National Anti-Corruption Commission (‘NACC’) to have abused her position to secure a job for her future brother-in-law, marking the commission’s first publicly completed investigation. Known by the pseudonym Joanne Simeson, the acting assistant secretary misused her authority by forging documents, concealing family ties, and fast-tracking recruitment for her sister’s partner—whom she misleadingly described as a “friend of a friend.” She also coached her sister to help cover up the relationship and shared confidential interview details.
Colleagues raised suspicions during the recruitment process, and internal messages revealed attempts to fabricate a narrative to avoid detection. The official resigned before disciplinary action could be taken. The NACC deemed the misconduct serious due to her seniority and broader concerns about cronyism and undeclared conflicts of interest in public sector hiring.
Separately, another former Home Affairs staffer was sentenced for abusing her position to approve a visa application for her own brother-in-law, further underscoring systemic risks.
Australia’s NACC at Two: Progress on Integrity, but Public Trust Lags
The National Anti-Corruption Commission (‘NACC’) marks its second anniversary with a mixed report card. Launched with sweeping powers and high hopes, it has faced early reputational setbacks—most notably, its initial refusal to investigate officials implicated in the Robodebt scandal. Though that decision was later reversed, it dented public confidence. The Commission’s visibility remains low, with only 12% of surveyed Australians familiar with its work—contrasting sharply with the more widely known NSW ICAC.
Operationally, the NACC has been busy: it has assessed 4,500 complaints since July 2023 and launched over 40 investigations, several involving senior officials and federal politicians. Noteworthy outcomes include jail time for a former tax officer and a corruption plea in a $5 million bribery case at Western Sydney Airport. Yet, no public hearings have been held, due to restrictive “exceptional circumstances” requirements.
With growing capacity, broad investigative powers, and the potential for public inquiries into systemic risks, the NACC is increasingly positioned to shape national integrity reform. Its future success will depend not just on enforcement, but on earning public trust and demonstrating impact where it matters most: in power, transparency, and accountability.
Transparency International UK Calls for Ethics-Centred Approach to AI in Anti-Corruption Compliance
Transparency International UK highlights both the promise and the peril of artificial intelligence in corporate anti-corruption efforts. As AI becomes increasingly central to business operations—from finance to logistics and healthcare—the organisation urges companies to adopt the technology ethically and responsibly, particularly in managing anti-bribery and corruption compliance.
The article outlines how AI tools can detect suspicious transactions, analyse large datasets, and identify fraud patterns more effectively than traditional methods. However, it warns of risks like algorithmic bias, over-reliance on automated systems, and potential misuse by bad actors. To mitigate these threats, companies are encouraged to prioritise AI literacy, foster a culture of ethical questioning, and ensure human oversight remains paramount.
Best practices include early integration of ethical considerations, forming cross-functional teams with expertise in ethics and data science, and continuous monitoring of AI tools to avoid performance drift or unintended bias. The piece reinforces that accountability must stay with people—not machines.
EU Anti-Corruption Directive Stalls Amid Political Resistance as Denmark Takes Council Presidency
Talks on the EU Anti-Corruption Directive have stalled following a breakdown in final trilogue negotiations between the European Parliament and member states, just as Denmark assumes the rotating EU Council Presidency. The directive was intended to harmonise corruption offences and penalties across the Union, but resistance from key member states—most notably Italy and Germany—has jeopardised progress.
Italy is demanding the removal of abuse of office from the directive’s scope, a move which runs counter to commitments under the UN Convention Against Corruption. Germany, meanwhile, has objected to several foundational elements, including the requirement for national anti-corruption strategies and robust data collection on enforcement, potentially weakening the directive’s long-term effectiveness.
Transparency International has strongly criticised the political deadlock, warning it undermines public trust and EU credibility. With the legislative window closing and Denmark now at the helm—ranked first in Transparency’s Corruption Perceptions Index—the spotlight is on its ability to broker a meaningful agreement and champion integrity reforms across the bloc.
Fraud
UK Government Issues Guidance to Combat Fraud in Education Sector
The Department for Education has published new guidance to help schools, colleges, and independent training providers reduce the risk of fraud, respond effectively when it occurs, and report incidents. Released on 30th June 2025, the document outlines common types of fraud in the education sector, including theft, invoice falsification, and credit card misuse, as well as rising threats from cybercrime.
The guidance encourages institutions to develop comprehensive fraud risk management strategies. These include assessing vulnerabilities, reinforcing internal controls, identifying fraud red flags, and fostering an anti-fraud culture through awareness training, staff morale, and ethical leadership.
Organisations are urged to implement a tailored fraud response plan, outlining clear reporting routes, whistleblowing procedures, and investigative protocols. The guidance also stresses the role of internal audit functions and continuous evaluation to strengthen safeguards and reduce risk over time.
No Half Measures: UK Parliament Urges Bold, Systemic Action Against APP Fraud
The All-Party Parliamentary Group (‘APPG’) on Fair Banking has released a major cross-party report titled “No Half Measures – a Blueprint to Beat APP Fraud”, calling for a comprehensive and coordinated approach to tackle the UK’s growing Authorised Push Payment (‘APP’) fraud crisis. The report critiques the limitations of the current Mandatory Reimbursement Requirement (‘MRR’), warning that without broader ecosystem-wide reforms, it could shift burdens unfairly while leaving fraud networks intact.
The blueprint lays out nine recommendations to embed into the UK’s updated Fraud Strategy. These include expanding fraud safeguards to crypto firms, increasing protections for businesses, and introducing a “tech levy” on social media and telecoms providers—backed by legislation—to ensure tech platforms play a direct role in prevention. It also calls for robust cross-sector data sharing under clear GDPR guidance, and proposes the establishment of an Economic Crime Fighting Fund alongside ring-fenced policing resources to enable high-impact disruption.
Other recommendations urge reforms to the justice system, including updated sentencing and the expansion of dedicated Economic Crime Courts. International collaboration also features, with proposals to work with fraud source countries—particularly China—and to advocate for a global anti-fraud body modelled after the FATF. Domestically, the report emphasises ending the UK’s status as a conduit for laundering illicit proceeds and promoting fraud education and victim support to build long-term resilience.
David Burton-Sampson MP, Co-Chair of the APPG, underscores the urgency: “We have a fight on our hands... but to win it requires ambitious, collective and coordinated action.” The report positions itself as a unified parliamentary call for decisive leadership in stamping out digital financial crime.
Market Abuse
BaFin: No Evidence of Insider Trading from Pre-Close Calls—but Transparency Urged
Germany’s financial regulator BaFin has found no systematic link between pre-close calls and unusual market movements, following an in-depth review prompted by suspicions of insider trading. The review, conducted in 2024, analysed the practices of DAX and MDAX companies and concluded that while some isolated price fluctuations occurred, there was no indication that these were caused by unlawful disclosure of inside information.
Pre-close calls—discussions between issuers and analysts prior to financial quiet periods—are common among large firms, especially those in the DAX index. BaFin’s findings showed that 63% of surveyed companies use them, often at analysts’ request to improve forecast accuracy. Most calls are held as one-on-one meetings.
While the regulator found no wrongdoing, it echoed the European Securities and Markets Authority (‘ESMA’) in encouraging companies to enhance transparency. Suggestions include group calls open to a broader audience and publicly announced schedules. BaFin stressed that if inside information is unintentionally disclosed, it must be made public immediately to maintain equal access and prevent potential insider dealing.
Other Financial Crime News
UK Joins ASEAN Anti-Crime Talks with Vietnam to Tackle Trafficking and Scams
The United Kingdom has participated, for the first time, in the ASEAN Senior Officials Meeting on Transnational Crime (‘SOMTC’). Partnering with Vietnam, the UK presented a joint proposal targeting human trafficking and scam centres—issues which continue to inflict widespread harm and destabilise security across the region. This proposal was warmly welcomed by ASEAN members and signalled deepening collaboration on regional security.
The UK’s involvement builds on prior cooperation with ASEAN, including its National Crime Agency’s formal ties with ASEANAPOL and work to establish an ASEAN Money Laundering Working Group with Malaysia and the UN Office on Drugs and Crime. As the Country Coordinator for ASEAN–UK Dialogue Relations (2024–2027), Vietnam emphasised that the partnership is founded on mutual trust and commitment to regional peace.
Malaysia, ASEAN’s 2025 Chair, praised the UK’s entry as a sign of collective resolve to dismantle transnational criminal networks and bolster financial integrity. Looking forward, the UK will support the 2026 UNODC–INTERPOL Global Fraud Summit and host its own Illicit Finance Summit to advance international standards and cross-sector cooperation.
The UK’s engagement underscores its broader commitment to ASEAN centrality, rules-based order, and enhancing joint responses to shared global threats.
UK and US Reaffirm United Front Against Financial Crime
The heads of the UK Serious Fraud Office (‘SFO’) and the US Department of Justice (‘DOJ’) Criminal Division met this week to reinforce their long-standing partnership in tackling white-collar crime. Their discussions centred on boosting corporate voluntary self-disclosure, streamlining complex investigations, and sharing strategies to deliver faster, more effective justice.
The meeting follows the DOJ’s recent release of a refreshed white-collar crime enforcement plan and signals renewed energy in transatlantic cooperation. SFO Director Nick Ephgrave and DOJ Criminal Division Head Matthew Galeotti underscored their shared resolve to protect economies and restore market integrity by rooting out fraud, bribery, and corruption. Both leaders expressed commitment to using innovative tools and joint strategies to pursue offenders and support victims.
This engagement marks a key step in global efforts to align enforcement priorities and close the gaps exploited by financial criminals.
Companies House Crackdown Yields Tangible Results in UK’s Fight Against Economic Crime
Companies House in the UK has published a new progress report detailing the impact of its expanded enforcement powers under the Economic Crime and Corporate Transparency Act 2023. The reforms have transformed the agency from a passive registrar into an active gatekeeper, enhancing its role in combating economic crime.
The report highlights key successes, including the removal or correction of misleading data affecting over 100,000 companies and the rejection of more than 10,000 suspicious incorporation attempts linked to potential money laundering. In collaboration with the Insolvency Service and law enforcement, Companies House helped identify around £50 million in UK property suspected of being owned by organised crime networks.
Additionally, the agency has delivered approximately 850 intelligence reports to law enforcement, contributed to international asset recovery efforts, and strengthened internal risk-based enforcement strategies. Officials say these efforts support economic growth by enhancing corporate transparency and making the UK less hospitable to fraudsters.
Queensland Ombudsman Reinforces Zero-Tolerance Policy on Fraud and Corruption
The Energy and Water Ombudsman Queensland (‘EWOQ’) has reaffirmed its commitment to ethical business practices and a strong anti-fraud culture. The organisation emphasises a zero-tolerance stance on fraud and corruption, outlining its preventative strategy in line with the ten key elements from the Crime and Corruption Commission’s best practice guide.
EWOQ delivers ethics and fraud awareness training to all staff to ensure clarity on responsibilities and obligations. It also encourages transparent reporting by providing multiple channels—online, via phone, or mail—for lodging complaints, including allegations involving the Ombudsman. The strategy reflects a broader effort to embed integrity and proactive risk management into everyday operations.
UK Urged to Enforce Financial Transparency in Overseas Territories as Compliance Deadlines Lapse
The UK Government is facing mounting pressure after several Overseas Territories—most notably the British Virgin Islands (‘BVI’)—missed a final deadline to introduce publicly accessible registers of beneficial ownership. These registers are intended to reveal the true owners of offshore companies, a key measure in combating money laundering and tax abuse.
A joint statement by the UK Anti-Corruption Coalition and its partners warned that this failure undermines the UK’s credibility in fighting financial crime, damages national security, and perpetuates global inequality. The BVI’s proposed corporate register reforms were criticised for offering little transparency while putting civil society actors at risk. The territory was recently added to the Financial Action Task Force’s grey list due to deficiencies in its anti-money laundering regime. Other jurisdictions, including Bermuda, Anguilla, and the Turks and Caicos Islands, also appear to have missed the deadline.
As the UK prepares to host a summit on illicit finance, anti-corruption advocates are calling for decisive action—including possible constitutional interventions—to ensure compliance. They urge the UK Government to guarantee meaningful access to beneficial ownership information, safeguard those who use the data in the public interest, and advance global norms on financial transparency.
Five Legal Loopholes Fuel ‘Dark Money’ Threat in UK Politics, Says Transparency International
Transparency International UK warns that the UK’s political finance system is vulnerable to covert influence due to key weaknesses in disclosure laws and oversight. In its latest analysis, the watchdog identifies five major loopholes which allow opaque or potentially illicit funding—commonly known as “dark money”—to enter the political system.
The report criticises vague definitions around corporate donations, particularly the weak standard of companies merely “carrying on business” in the UK, which has enabled firms with no clear commercial footprint to contribute nearly £11 million to political causes. It also raises concerns about unincorporated associations, many of which function as donation conduits with little transparency; 96% of such funding sources remain unidentified.
Further issues include inflated reporting thresholds which have widened a transparency gap of over £30 million, the absence of disclosure rules for pre-candidacy campaign donations, and ambiguous treatment of financial contributions to individual politicians—such as the lack of transparency around Lord Brownlow’s support for Boris Johnson’s flat refurbishment.
The organisation calls for reforms to tighten permissibility checks, align thresholds with ethical standards, and clarify legal definitions to ensure transparency and protect democratic integrity.
MPs Urge Reforms to Empower Whistleblowers in the Fight Against Economic Crime
In the 2nd July 2025 Westminster Hall debate, Members of Parliament emphasised the critical role whistleblowers play in uncovering economic crime and called for urgent reform of the UK’s whistleblower protections. Phil Brickell MP underscored that economic crime costs the UK approximately £350 billion annually and argued that leveraging whistleblower insights is a cost-effective and vital enforcement strategy. He cited US data showing whistleblowers helped recover over $50 billion in fraud-related cases, advocating for similar reward-based frameworks in the UK to motivate disclosures.
MPs raised concerns about systemic shortcomings, noting that current UK law does not require companies to investigate whistleblower disclosures or protect individuals who suffer professional retaliation. Calls for reform included mandatory investigation of whistleblower reports, independent oversight of corporate responses, and the creation of a centralised whistleblower authority. There was also support for implementing incentive-based schemes, such as those in the US, to better support insiders in exposing financial misconduct.
The Serious Fraud Office’s recent commitment to whistleblower incentivisation reform was welcomed as a positive step, reflecting a growing institutional shift toward empowering whistleblowers in the fight against fraud, bribery, and corporate malfeasance. MPs concluded that these measures are necessary to transform whistleblowers from sidelined figures into core partners in safeguarding the integrity of the UK’s financial systems.
FCA Ramps Up Innovation Drive: AI at the Heart of 2025 Strategy
In a forward-looking speech at City Week 2025, Jessica Rusu, the FCA’s Chief Data, Information, and Intelligence Officer, detailed how the regulator is embedding artificial intelligence and digital innovation across its five-year strategy. With AI seen as a catalyst for smarter regulation, market integrity, and growth, the FCA is adopting a “tech-positive” stance to cement the UK’s status as a global fintech and AI leader.
Key announcements included the launch of a Supercharged Sandbox—a testing environment co-developed with Nvidia—offering enhanced computing power, access to rich datasets, and advanced tools. Firms are already applying with proposals targeting financial inclusion, fraud reduction, and customer experience. Complementing this is the new AI Live Testing service, launching in September, which helps firms trial AI services in the market while working within existing regulations.
Rusu emphasised that no new rules are needed at present, with current frameworks like the Senior Managers Regime and Consumer Duty deemed sufficient to oversee AI use. Feedback from industry has been broadly supportive, with firms calling for more synthetic data access, collaboration opportunities, and transparency.
Behind the scenes, the FCA is applying AI internally—from voice bots in consumer helplines to large language models supporting faster supervisory decisions. It also launched an AI Lab in 2024 to crowdsource insights and highlight responsible innovation across the sector.
Cyber Crime
Cyber Threats Soar: UK Businesses Urged to Wake Up to Digital Risk Crisis
Last week, a report from BT disclosed the scale of the cyber threat facing UK business, and this week a new report from the Royal Institution of Chartered Surveyors (‘RICS’) explores the theme again. The report on Digital Risks in Buildings reveals that 27% of UK businesses experienced cyber-attacks in the past year—up sharply from 16% the year before. The data, drawn from a survey of over 8,000 facilities managers and business leaders, points to a growing concern that many firms are “sleepwalking” into digital disruption without taking adequate cybersecurity measures.
The threat is particularly acute in the built environment. As buildings increasingly rely on digital systems—like heating, ventilation, security networks, and IoT devices—their vulnerabilities multiply. Some structures may still be running outdated systems like Windows 7, which has lacked security updates for over five years. RICS highlights the danger of such neglected infrastructure and notes the rising sophistication of cybercriminals, amplified by rapid AI developments and technological change.
Recent incidents underscore the risks: Marks & Spencer was hit by an attack which disabled online orders for nearly seven weeks, leading to a significant drop in sales and market share loss to rivals. The report urges businesses to proactively upgrade digital defences, warning that failure to do so could lead to increasingly damaging attacks as cyber threats evolve alongside digital infrastructure.
UK Confirms Cyberattack Contributed to Patient’s Death in London Hospital
A cyberattack on British diagnostic services provider Synnovis in June 2024 has been officially linked to the death of a patient at King’s College Hospital in London, marking one of the UK’s first acknowledged fatalities tied to hacking activity. The hospital’s managing body stated that delays in blood test results caused by the incident were a contributing factor in the patient’s death, although other factors were also involved. The family has been informed, though no additional details were released.
The ransomware attack, attributed to the Qilin gang, disrupted operations across the London healthcare network. Media reports suggest that attackers demanded a $50 million ransom, which Synnovis refused to pay. Consequently, the stolen data was published on the dark web, further escalating the consequences of the breach.
Synnovis later revealed that the attack cost the organisation over £32 million (approximately $43 million), highlighting the immense financial burden of such cyber incidents. While hospitals and medical providers are often targeted in ransomware campaigns due to the critical nature of their services, deaths linked to these attacks remain rare and causation can be complex. Similar cases have previously surfaced in Germany and the US, but confirmations from official channels are limited.
Page updated
Report abuse