Compliance News | April 2025

This month's key compliance news includes the resignation of Primark CEO over misconduct, Revolut's AML fine, new guidance on consumer protection published by the CMA, Block Inc.'s $40m settlement, and more.

Our pick of compliance stories this month

• Research shows companies are unprepared for European Accessibility Act
• MGM Resorts to pay a $8.5m AML fine
• CMA guidance on consumer protection now published
• Lloyd's broker charged with bribery
• Primark CEO resigns over misconduct
• Bank of Lithuania fines Revolut for AML shortcomings
• Block Inc. to pay $40m settlement to New York state

Research shows firms are unprepared for EAA

With just weeks to go until the European Accessibility Act (EAA) comes into force on 28 June, a new report has revealed that the majority of businesses are still unprepared -and risk facing significant penalties for non-compliance. Any UK company offering digital services to EU customers - whether through websites, mobile apps, e-commerce platforms, or online portals -will need to comply with WCAG 2.1 AA accessibility standards under this act.

Enterprise technology firm Storyblok surveyed 200 European organisations and found that only 25% are fully ready to meet the new accessibility requirements. Nearly one in five businesses (18.5%) admitted they were not even aware of the legislation.

The EAA will require websites and digital services to be accessible to people with a wide range of disabilities - not just those who are blind or partially sighted. This includes people with dyslexia, neurodivergent individuals, those with physical disabilities, and people with conditions such as epilepsy, who may be affected by flashing visuals or complex navigation.

Despite several years' notice, only 19.5% of surveyed businesses have begun working toward compliance. The findings raise concerns for compliance managers across Europe, as failing to meet the standards could result in fines and reputational damage.

The report reminds us that digital accessibility is no longer just a best practice - it is a legal obligation. With the deadline fast approaching, experts warn that businesses must act now to ensure their platforms are inclusive and compliant.

MGM Resorts to pay a $8.5m AML fine

MGM Resorts International has agreed to pay an $8.5 million fine to settle allegations from Nevada gaming regulators over anti-money laundering (AML) failures at two of its Las Vegas Strip properties.

According to a 10-count complaint filed by the Nevada Gaming Control Board (NGCB) on 17 April, the violations occurred between 2015 and 2018 at the MGM Grand and the Cosmopolitan. The complaint centres on MGM's failure to report suspicious gambling activity linked to two illegal bookmakers: Wayne Nix, a former minor league baseball player, and Mathew Bowyer, a known high-stakes bookmaker.

Both men have since pleaded guilty to operating illegal gambling rings and are awaiting sentencing in separate federal cases.

Regulators claim MGM staff - including then-president of MGM Grand, Scott Sibella - were aware that the pair were gambling with large amounts of illicit cash, often delivered in duffel bags or paper sacks containing high-denomination bills, but failed to take appropriate action.

The case highlights ongoing concerns about compliance and oversight in the casino industry, particularly around AML obligations and the handling of suspicious cash transactions.

Key takeaways:

• Always verify where customer funds come from, especially large cash transactions. Casinos and other regulated businesses must conduct proper due diligence to detect and prevent money laundering.
• Senior leaders must take responsibility for enforcing compliance rules. Leadership involvement is essential to create a culture of accountability and ensure policies are followed at all levels.
• Large or unusual cash payments should trigger immediate red flags. Transactions involving high volumes of cash, especially in bags or unusual containers, should be investigated immediately.
• AML policies must be actively followed, not just written down. Having procedures isn't enough—employees need to be trained and systems must ensure the rules are applied in practice.
• Regular audits and reporting help catch issues early. Ongoing monitoring and internal reviews help identify risks before they become major violations.

CMA's new guidance on consumer protection

A major shift in consumer protection came into force on 7 April 2025, as the UK'sCompetition and Markets Authority (CMA) began exercising new enforcement powers under the Digital Markets, Competition and Consumers Act 2024 (DMCCA). This legislation allows the CMA to directly enforce consumer law without going to court, enabling it to act faster and more decisively against companies that breach regulations.

Key changes include:

• CMA can now unilaterally determine breaches of consumer protection law and impose fines or consumer redress without litigation.
• Fines can reach up to 10% of global turnover for serious infringements.
• New bans are in place forpractices such as fake reviews and drip pricing (hidden fees revealed late in a transaction).
• CMA pledges to enforce rules based on four guiding principles: proportionality, predictability, process, and pace.

• Up to 10% of global turnover for serious consumer law breaches
• 5% for failure to comply with CMA commitments, plus daily fines
• 1% for failing to provide the required information, also with daily penalties

The CMA will also encourage industry collaboration, inviting firms to flag competitors' misconduct and offering clearer legal guidance where needed. This marks a new era of consumer protection, aiming to ensure fairer, more transparent markets and enhanced confidence for UK consumers.

Lloyd's market broker charged with bribery

The Serious Fraud Office (SFO) has brought criminal charges against United Insurance Brokers Ltd (UIB), a London-based Lloyd’s market broker, for allegedly failing to prevent bribery in its reinsurance dealings with Ecuadorian state insurers between 2013 and 2016.

According to the SFO, intermediaries paid by UIB offered bribes to an Ecuadorian official to secure contracts covering essential utilities such as electricity and water. UIB faces prosecution under the UK Bribery Act, with a preliminary hearing set for 7 May in London.

“British companies have a duty to prevent the harm caused by bribery when doing business at home and abroad. The SFO remains committed to stamping out international bribery wherever it may occur.”

This case forms part of a broader 2021 investigation into London insurance entities and marks the ninth prosecution under Ephgrave’s tenure.

Key takeaways:

• Implement "adequate procedures" under the UK Bribery Act. Ensure your anti-bribery framework meets the law’s requirements to prevent associated persons from engaging in corrupt practices.
• Conduct thorough due diligence on intermediaries. Vet and monitor agents, brokers, and third parties—especially in high-risk jurisdictions—to detect and deter bribery.
• Maintain clear oversight of international transactions. Apply your compliance controls consistently across all markets; overseas deals are not exempt from UK legal obligations.
• Embed a risk-based approach. Identify sectors, clients, and regions with heightened bribery risk (e.g., state-linked entities) and tailor controls accordingly.
• Ensure ongoing monitoring and audits. Regularly review and test your anti-bribery processes to catch gaps or failures before they lead to enforcement action.
• Provide targeted training and communication. Educate all employees and third-party partners on bribery risks, red flags, and reporting channels.
• Secure senior leadership commitment. Demonstrate tone-from-the-top by having executives visibly support and hold the organisation accountable for compliance.

Primark CEO resigns over misconduct

Paul Marchant has stepped down as CEO of Primark after an external investigation—commissioned by parent company ABF—upheld a complaint by an unnamed woman about his conduct in a social setting. Marchant cooperated fully, acknowledged his lapse in judgment, and issued a formal apology to the individual involved, the ABF Board, and his Primark colleagues.

ABF Chief Executive George Weston emphasised that "high standards of integrity are essential" and reaffirmed the company’s commitment to treating all colleagues with respect and dignity. To ensure continuity, Finance Director Eoin Tonge will take over as Primark's interim CEO, supported by the senior management team and Strategic Advisory Board. Meanwhile, Joana Edwards steps in as interim ABF Finance Director.

Key takeaways:

• Ensure a robust code of conduct. Clearly define acceptable behaviour—both in and out of the workplace—and communicate it regularly to all employees, including senior leaders.
• Maintain effective reporting channels. Provide safe, confidential mechanisms for individuals to raise concerns about misconduct without fear of retaliation.
• Act quickly and transparently. When allegations arise, launch an independent investigation promptly, keep stakeholders informed, and take decisive action based on the findings.
• Hold leaders to the same standards. Apply policies uniformly—no one is above the rules. Senior executives must be accountable for their behaviour just as any other employee would be.
• Engage external experts. Use independent consultants or legal advisors to investigate sensitive allegations, ensuring impartiality and credibility.
• Support complainants and witnesses. Offer clear support and protection to those who come forward, reinforcing a culture that values respect and dignity.
• Plan for leadership continuity. Have a clear succession strategy or interim leadership plan in place to maintain business stability when key roles become unexpectedly vacant.
• Reinforce ethical culture from the top.Leadership must model integrity and respect, demonstrating that ethical conduct is non-negotiable and foundational to long-term success.

Bank of Lithuania issues Revolut AML fine

The Bank of Lithuania has hit Revolut Bank UAB with a €3.5 million fine - the largest ever imposed by that regulator on a bank or electronic money institution - for shortcomings in its AML monitoring of customer relationships and transactions. While the penalty represents 1.73% of Revolut’s assets, several smaller Lithuanian banks have faced proportionally larger fines exceeding 7% of assets for similar breaches.

This action is the fourth regulatory sanction against Revolut Bank since 2022, bringing its total fines to €3.82 million (two AML-related and two Capital Requirements Regulation breaches).

Viewed alongside enforcement actions against other fast-growing digital banks - such as Starling, N26, bunq, and Wise Payments—it underscores a broader trend: as fintechs scale rapidly across the EU, they face ever-tighter scrutiny and must invest heavily in compliance infrastructure to avoid increasingly severe penalties.

Key takeaways:

• Strengthen AML monitoring systems: Robust transaction monitoring and relationship screening are essential to detect and report suspicious activity before regulators intervene.
• Prioritise ongoing risk assessments: Regularly review customer risk profiles and update controls as business models evolve and new products are launched.
• Allocate compliance resources proportionately: As your firm scales, invest in compliance infrastructure - staff, technology, and training - to keep pace with growth and regulatory expectations.
• Learn from peer benchmarks:Compare fine-to-asset ratios and enforcement outcomes across the sector to understand where your compliance program may lag or lead.
• Maintain a clean regulatory track record: Multiple breaches - and accumulating fines - signal systemic issues. Aim for sustained compliance to preserve credibility with regulators.
• Engage proactively with regulators: Open dialogue during inspections can help clarify expectations and demonstrate your commitment to remedial action.
• Embed compliance into corporate strategy: Make AML and regulatory adherence a board-level priority to ensure accountability and a culture of compliance throughout the organisation.

Block Inc. to pay $40m to New York state

Block Inc. has been ordered to pay a $ 40 million fine to the state of New York for what the state's regulator on Thursday called "significant failures in its Bank Secrecy Act/Anti-Money Laundering compliance programme, which violated New York Department of Financial Services' money transmitter and virtual currency regulations." The alleged violations occurred in connection with Block’s popular Cash App product.

The New York case represents the latest such agreement with state regulators, according to a Block spokesperson, who did not specify the states or the total amount of the fines. "We have now reached an agreement with the final remaining state money-transmission regulator," the spokesperson says by email.

She says the alleged violations in these cases concerned a prior compliance programme followed by Cash App, without laying out details. The state said an "independent monitor" will oversee Block's compliance going forward. "We are pleased to put this matter behind us," she adds.

In the New York case, Block did not "admit to any of the department’s findings," the spokesperson says, adding Cash App "has devoted significant financial and other resources to compliance remediation and enhancements."

The state alleged Block had failed to exercise customer due diligence and to enable "sufficient risk-based controls" aimed at stopping money laundering and other illegal activity. San Francisco-based Block had also failed to "effectively and timely monitor transactions," the state charged.

With respect to Bitcoin, Block was guilty of "lax treatment" of these "high-risk transactions," the state charged, which allowed "largely anonymous transactions to proceed without proper scrutiny."

Block's Cash App delivered $5.24 billion in gross profit last year, representing its most profitable product. According to a company presentation, by the fourth quarter of last year, the app had attracted 57 million active users, with 25 million using the product's related Cash App card.

The app, which enables users to perform multiple functions, including sending and receiving money and buying stocks and Bitcoin, was launched in 2013.

Looking for more compliance insights?

We have created a series of comprehensive roadmaps to help you navigate the compliance landscape, supported by e-learning in our Essentials Library.