Skip to content
Back to blog

Compliance News | July 2026

10 minute read

Compliance News
Compliance News July 2026
Last updated: July 15, 2026

This month's key compliance news includes ABN Amro's AML fine, the FCA's review of how AI can be used in retail financial services, Character.AI owner's GDPR failures and more.

Our pick of compliance stories this month

ABN Amro fined €8.5m over AML failures

The Dutch central bank (DNB) has fined ABN AMRO €8.5 million after identifying serious shortcomings in the bank's anti-money laundering (AML) controls between September 2023 and September 2024. The regulator found that the bank failed to carry out adequate ongoing due diligence for some high-risk customers, increasing its exposure to potential financial crime.

DNB's investigation found that ABN AMRO did not sufficiently investigate warning signs such as large cash withdrawals, transactions involving high-risk countries, unusually large commission payments, potential links to dual-use goods, and indicators of possible sanctions evasion involving Russia. In several cases, the bank relied too heavily on customer explanations without independently verifying the information and closed investigations despite unresolved concerns.

According to DNB, these weaknesses reflected a structural lack of depth in the bank's customer due diligence process. Under Dutch anti-money laundering rules, banks are expected to apply enhanced scrutiny to higher-risk customers and act as gatekeepers to help prevent money laundering and terrorist financing.

The original fine of €10 million was reduced by 15% to €8.5 million after ABN AMRO agreed to a simplified settlement, accepted the regulator's findings, and committed to strengthening its AML framework. DNB also took into account the remediation measures already underway and the bank's cooperation during the investigation.

Key takeaways:

  • Conduct enhanced due diligence based on evidence. High-risk customers require thorough, ongoing reviews. Businesses should independently verify customer explanations rather than relying solely on information provided by the customer.
  • Investigate and escalate red flags. Indicators such as unusual cash transactions, dealings involving high-risk jurisdictions, complex payment structures, sanctions risks, or links to dual-use goods should trigger deeper investigation and, where appropriate, escalation.
  • Maintain robust ongoing monitoring. Customer due diligence is not a one-time exercise. Compliance teams should continuously monitor customer activity, document their assessments, and ensure investigations are only closed once identified risks have been satisfactorily resolved.
  • Invest in strong AML governance and controls. Effective anti-money laundering compliance requires clear policies, well-trained staff, quality assurance over investigations, and regular reviews of AML frameworks to identify and address weaknesses before they result in regulatory action.

See our Financial Crime Training Package

FCA set to shift how AI is used in financial support

The Financial Conduct Authority (FCA) has published a landmark review examining the long-term impact of artificial intelligence (AI) on retail financial services. The review explores how AI could transform the way financial firms operate, how consumers access and use financial products, and the opportunities and risks that may emerge as AI becomes more embedded across the sector.

The FCA’s review highlights the potential for AI to improve customer experiences, increase efficiency and support more personalised financial services. However, it also identifies key challenges, including consumer protection, accountability, data risks, fraud, cybersecurity and the need to ensure that AI-driven services continue to meet regulatory expectations.

The impact of AI on financial advice is a particular area of focus. Industry commentary has highlighted how AI tools could increasingly support consumers with financial decisions, while also raising questions about where the boundary lies between general guidance and regulated financial advice. This creates new considerations for advisers and firms as they assess how AI can be used responsibly.

As AI adoption accelerates, financial services firms will need to balance innovation with robust governance, ensuring that new technologies deliver value while maintaining consumer trust and regulatory compliance.

Key takeaways:

  • Establish clear AI governance and accountability. Organisations should ensure there is clear ownership, oversight and accountability for AI systems. The use of AI does not remove regulatory responsibility, and firms must be able to demonstrate appropriate governance, risk management and controls.
  • Prioritise consumer protection and fair outcomes. AI-enabled services must continue to meet existing regulatory expectations around treating customers fairly. Firms should manage risks such as inaccurate outputs, unsuitable recommendations, misleading information and over-reliance on AI-generated guidance.
  • Maintain transparency, data controls and human oversight. Organisations should understand how AI systems operate, ensure appropriate data governance and security measures are in place, and maintain suitable human review processes where AI could influence customer outcomes.
  • Manage third-party risks and prepare for regulatory change. Firms should assess the risks associated with external AI providers, including data handling and operational resilience, while continuing to monitor evolving regulatory expectations around AI use.

See our FCA Handbook Training Package

Revealed: Hidden compliance costs of building AML systems with AI

Building AI-powered AML systems internally may appear to offer greater control, flexibility, and cost savings, but organisations often underestimate the complexity involved. Effective AML solutions require more than an AI model; they need robust data management, regulatory expertise, explainability, audit trails, governance controls, workflow capabilities, and ongoing model oversight.

Many internal projects expand far beyond their original scope, becoming complex compliance platforms requiring significant investment in development, maintenance, regulatory updates, and operational support.

This is becoming a hot topic across many areas of compliance. As highlighted in a recent article on the hidden cost of building financial crime tools, the real challenge is not creating the technology itself, but sustaining a reliable, auditable, and regulator-ready compliance capability over time.

The long-term costs of maintaining in-house AML technology can include technical debt, specialist resource requirements, changing regulatory expectations, and the need for continuous validation. While internal builds provide customisation, specialist RegTech solutions may offer a more efficient alternative by embedding industry expertise, regulatory updates, and governance features into the platform.

The true cost of AI-driven AML is not the initial build. It is the ongoing investment required to keep the solution accurate, explainable, compliant, and audit-ready.

Key takeaways:

  • Treat AML technology as a control investment, not just an IT project. Before approving an in-house AML build, CCOs and Boards should require a clear business case that focuses on regulatory control requirements, governance, evidence generation, and long-term effectiveness, not only technology capabilities.
  • Ensure the system can withstand regulatory scrutiny. Internal audit should assess whether the proposed AML solution can produce regulator-ready evidence, support independent testing, demonstrate explainability, and maintain appropriate oversight and documentation.
  • Consider long-term resilience as risks evolve. Boards should evaluate whether the AML tool can adapt as the business grows, products change, and financial crime risks evolve. A system that cannot be effectively governed, tested, and updated may create greater compliance costs and risks over time.

See our Risk Management Training Package

Character.AI owner fined by Italy's Garante for GDPR failings

Italy’s data protection authority has fined Character Technologies, the company behind AI chatbot platform Character.AI, €158,000 for failing to meet key GDPR requirements and for weaknesses in protecting younger users.

The investigation found that Character.AI did not provide sufficient transparency about how users’ personal data was processed and had inadequate safeguards for minors using the service. Regulators raised concerns that the platform’s age-verification systems were not effective enough to prevent underage users from accessing the chatbot experience.

Italy’s privacy regulator also critisised the company for delays in completing a required Data Protection Impact Assessment (DPIA) and appointing an official representative within the European Union. These measures are intended to help companies identify and reduce privacy risks when handling large amounts of user data.

As part of the ruling, Character Technologies has been ordered to strengthen its age-checking systems, prevent blocked minors from quickly creating new accounts, and make younger users’ profiles private by default. The company must also report on the steps it has taken to address the regulator’s concerns.

The decision highlights growing pressure on AI companies to introduce stronger privacy controls and child-safety measures. European regulators are increasingly examining whether AI platforms designed for conversation and entertainment are adequately protecting vulnerable users.

See our Data Protection Training Package

HMRC escalates capital gains tax compliance activity to recover £266m

HMRC has stepped up its focus on Capital Gains Tax (CGT) compliance, recovering £266 million through investigations into unpaid tax liabilities.

The increase in compliance activity reflects HMRC’s continued efforts to identify undeclared gains, particularly those involving property transactions, higher-value taxpayers and complex asset disposals. Improved access to third-party information, including property and financial data, has strengthened HMRC’s ability to identify potential under-reporting.

Businesses and individuals should ensure that all taxable gains are accurately reported and that supporting records are maintained. Areas requiring particular attention include disposals of investment properties, shares, digital assets and other chargeable assets.

With HMRC continuing to invest in compliance activity, taxpayers need to review their CGT reporting processes and seek appropriate advice where there is uncertainty over tax treatment or reporting obligations. Failure to disclose gains correctly may result in additional tax liabilities, interest and penalties.

Browse Training Packages

UK online platforms to face tougher rules to block scam ads

Big technology platforms could be required to stop scam adverts appearing on their services under new UK proposals aimed at reducing online fraud.

Ofcom has outlined potential measures under the Online Safety Act that would force online platforms to do more to detect, prevent and remove fraudulent advertising. The plans target scams such as fake investment schemes, bogus celebrity endorsements, fraudulent shopping offers and adverts designed to steal personal or financial details.

The regulator said platforms may also need to reduce the risk of accounts being hijacked and then used to promote scams. This reflects a common tactic where fraudsters take over legitimate accounts to make fake offers or malicious links appear more trustworthy.

The proposals are part of Ofcom's wider role as the UK's online safety regulator. Under the Online Safety Act, large online services are expected to assess risks on their platforms and put systems in place to protect users from illegal harms, including fraud.

If adopted, the rules would increase pressure on major social media companies, search engines and other online services that carry advertising. Platforms could face enforcement action if they fail to meet their duties.

The move comes amid growing concern about the scale of online fraud in the UK, much of which is driven through social media posts, paid adverts and impersonation scams. Consumer groups and fraud-prevention campaigners have long argued that platforms should bear more responsibility for stopping scam content before it reaches users.

Ofcom's consultation will help shape the final rules. The regulator is expected to consider responses from technology companies, consumer groups, law enforcement and other interested parties before deciding what measures platforms must implement.

See our Fraud Prevention Training Package

Barclay's senior staff required in office four days a week

Barclays is requiring its managing directors and other senior leaders to spend at least four days a week in the office from October, reinforcing a broader shift across the banking sector towards increased workplace attendance.

The new policy, communicated to staff last week, is designed to strengthen collaboration, improve decision-making and increase leadership visibility. According to Barclays, office attendance expectations will continue to vary across different business areas, reflecting operational requirements, while employees with approved flexible working arrangements may still be eligible for exemptions.

The move has limited impact on many client-facing teams, including investment bankers, who already work from the office five days a week. Instead, the change formally increases attendance requirements for senior management.

Barclays joins a growing list of major international banks tightening remote working policies. HSBC, Société Générale and Santander have all recently introduced stricter office attendance rules, while US banking giants JPMorgan Chase and Goldman Sachs have already returned employees to full-time office working.

The trend comes as remote and hybrid opportunities within investment banking continue to decline in both the UK and the US, reflecting a wider industry preference for in-person collaboration.

However, stricter return-to-office mandates remain contentious. At JPMorgan, more than 2,000 employees signed a petition calling for the continuation of hybrid working, arguing that fully office-based policies fail to reflect the realities of globally distributed teams. Chief executive Jamie Dimon dismissed the campaign, urging staff not to spend time pursuing it.

Recruitment specialists say banks have become some of the strongest advocates for returning employees to the workplace, with many institutions viewing greater physical presence as essential for culture, leadership and productivity.

Key takeaways

  • Align workplace policies with business needs. Any changes to office attendance requirements should be supported by a clear business rationale, such as improving collaboration, governance or leadership oversight, and applied consistently across comparable roles.
  • Honour flexible working obligations. Employers introducing stricter return-to-office policies must continue to comply with flexible working legislation and existing contractual arrangements. Requests for exemptions should be considered fairly and documented to reduce legal and employee relations risks.
  • Ensure policies are communicated transparently. Changes to hybrid working expectations should be clearly communicated, including the reasons for the change, implementation timelines and any exceptions. Transparent communication can help maintain trust and minimise employee dissatisfaction.
  • Monitor culture and retention risks. While increased office attendance may strengthen collaboration and oversight, organisations should assess the potential impact on employee engagement, recruitment and retention. Regular feedback and monitoring can help identify issues early and support a balanced approach to workplace compliance.

See our DEI Training Package

Looking for more compliance insights?

Our Essentials Library contains e-learning content designed to help organisations meet fundamental compliance requirements. If you’re looking for focused training, our training packages offer a complete solution for your compliance programme.

Related articles

compliance-news-|-february-2026-|-skillcast
Compliance News

Compliance News | February 2026 | Skillcast

10 minute read

This month's key compliance news includes a new record for crypto crime, Bank of Scotland's sanctions fine, Amazon's confirmation of job cuts, and more.

Read the article
compliance-news-|-june-2026-|-skillcast
Compliance News

Compliance News | June 2026 | Skillcast

9 minute read

This month's key compliance news includes Wise share decline post AML investigation, IQVIA's €5m fine, Citron Research founder's fraud conviction and more.

Read the article
compliance-news-|-november-2025-|-skillcast
Compliance News

Compliance News | November 2025 | Skillcast

11 minute read

This month's key compliance news includes Cloudflare's global outage, NCSC's warning of a rise in cyber scams, Coinbase's AML fine and more.

Read the article