This month's key compliance news includes ABN Amro's AML fine, the FCA's review of how AI can be used in retail financial services, Character.AI owner's GDPR failures and more.
The Dutch central bank (DNB) has fined ABN AMRO €8.5 million after identifying serious shortcomings in the bank's anti-money laundering (AML) controls between September 2023 and September 2024. The regulator found that the bank failed to carry out adequate ongoing due diligence for some high-risk customers, increasing its exposure to potential financial crime.
DNB's investigation found that ABN AMRO did not sufficiently investigate warning signs such as large cash withdrawals, transactions involving high-risk countries, unusually large commission payments, potential links to dual-use goods, and indicators of possible sanctions evasion involving Russia. In several cases, the bank relied too heavily on customer explanations without independently verifying the information and closed investigations despite unresolved concerns.
According to DNB, these weaknesses reflected a structural lack of depth in the bank's customer due diligence process. Under Dutch anti-money laundering rules, banks are expected to apply enhanced scrutiny to higher-risk customers and act as gatekeepers to help prevent money laundering and terrorist financing.
The original fine of €10 million was reduced by 15% to €8.5 million after ABN AMRO agreed to a simplified settlement, accepted the regulator's findings, and committed to strengthening its AML framework. DNB also took into account the remediation measures already underway and the bank's cooperation during the investigation.
The Financial Conduct Authority (FCA) has published a landmark review examining the long-term impact of artificial intelligence (AI) on retail financial services. The review explores how AI could transform the way financial firms operate, how consumers access and use financial products, and the opportunities and risks that may emerge as AI becomes more embedded across the sector.
The FCA’s review highlights the potential for AI to improve customer experiences, increase efficiency and support more personalised financial services. However, it also identifies key challenges, including consumer protection, accountability, data risks, fraud, cybersecurity and the need to ensure that AI-driven services continue to meet regulatory expectations.
The impact of AI on financial advice is a particular area of focus. Industry commentary has highlighted how AI tools could increasingly support consumers with financial decisions, while also raising questions about where the boundary lies between general guidance and regulated financial advice. This creates new considerations for advisers and firms as they assess how AI can be used responsibly.
As AI adoption accelerates, financial services firms will need to balance innovation with robust governance, ensuring that new technologies deliver value while maintaining consumer trust and regulatory compliance.
Building AI-powered AML systems internally may appear to offer greater control, flexibility, and cost savings, but organisations often underestimate the complexity involved. Effective AML solutions require more than an AI model; they need robust data management, regulatory expertise, explainability, audit trails, governance controls, workflow capabilities, and ongoing model oversight.
Many internal projects expand far beyond their original scope, becoming complex compliance platforms requiring significant investment in development, maintenance, regulatory updates, and operational support.
This is becoming a hot topic across many areas of compliance. As highlighted in a recent article on the hidden cost of building financial crime tools, the real challenge is not creating the technology itself, but sustaining a reliable, auditable, and regulator-ready compliance capability over time.
The long-term costs of maintaining in-house AML technology can include technical debt, specialist resource requirements, changing regulatory expectations, and the need for continuous validation. While internal builds provide customisation, specialist RegTech solutions may offer a more efficient alternative by embedding industry expertise, regulatory updates, and governance features into the platform.
The true cost of AI-driven AML is not the initial build. It is the ongoing investment required to keep the solution accurate, explainable, compliant, and audit-ready.
Italy’s data protection authority has fined Character Technologies, the company behind AI chatbot platform Character.AI, €158,000 for failing to meet key GDPR requirements and for weaknesses in protecting younger users.
The investigation found that Character.AI did not provide sufficient transparency about how users’ personal data was processed and had inadequate safeguards for minors using the service. Regulators raised concerns that the platform’s age-verification systems were not effective enough to prevent underage users from accessing the chatbot experience.
Italy’s privacy regulator also critisised the company for delays in completing a required Data Protection Impact Assessment (DPIA) and appointing an official representative within the European Union. These measures are intended to help companies identify and reduce privacy risks when handling large amounts of user data.
As part of the ruling, Character Technologies has been ordered to strengthen its age-checking systems, prevent blocked minors from quickly creating new accounts, and make younger users’ profiles private by default. The company must also report on the steps it has taken to address the regulator’s concerns.
The decision highlights growing pressure on AI companies to introduce stronger privacy controls and child-safety measures. European regulators are increasingly examining whether AI platforms designed for conversation and entertainment are adequately protecting vulnerable users.
HMRC has stepped up its focus on Capital Gains Tax (CGT) compliance, recovering £266 million through investigations into unpaid tax liabilities.
The increase in compliance activity reflects HMRC’s continued efforts to identify undeclared gains, particularly those involving property transactions, higher-value taxpayers and complex asset disposals. Improved access to third-party information, including property and financial data, has strengthened HMRC’s ability to identify potential under-reporting.
Businesses and individuals should ensure that all taxable gains are accurately reported and that supporting records are maintained. Areas requiring particular attention include disposals of investment properties, shares, digital assets and other chargeable assets.
With HMRC continuing to invest in compliance activity, taxpayers need to review their CGT reporting processes and seek appropriate advice where there is uncertainty over tax treatment or reporting obligations. Failure to disclose gains correctly may result in additional tax liabilities, interest and penalties.
Big technology platforms could be required to stop scam adverts appearing on their services under new UK proposals aimed at reducing online fraud.
Ofcom has outlined potential measures under the Online Safety Act that would force online platforms to do more to detect, prevent and remove fraudulent advertising. The plans target scams such as fake investment schemes, bogus celebrity endorsements, fraudulent shopping offers and adverts designed to steal personal or financial details.
The regulator said platforms may also need to reduce the risk of accounts being hijacked and then used to promote scams. This reflects a common tactic where fraudsters take over legitimate accounts to make fake offers or malicious links appear more trustworthy.
The proposals are part of Ofcom's wider role as the UK's online safety regulator. Under the Online Safety Act, large online services are expected to assess risks on their platforms and put systems in place to protect users from illegal harms, including fraud.
If adopted, the rules would increase pressure on major social media companies, search engines and other online services that carry advertising. Platforms could face enforcement action if they fail to meet their duties.
The move comes amid growing concern about the scale of online fraud in the UK, much of which is driven through social media posts, paid adverts and impersonation scams. Consumer groups and fraud-prevention campaigners have long argued that platforms should bear more responsibility for stopping scam content before it reaches users.
Ofcom's consultation will help shape the final rules. The regulator is expected to consider responses from technology companies, consumer groups, law enforcement and other interested parties before deciding what measures platforms must implement.
Barclays is requiring its managing directors and other senior leaders to spend at least four days a week in the office from October, reinforcing a broader shift across the banking sector towards increased workplace attendance.
The new policy, communicated to staff last week, is designed to strengthen collaboration, improve decision-making and increase leadership visibility. According to Barclays, office attendance expectations will continue to vary across different business areas, reflecting operational requirements, while employees with approved flexible working arrangements may still be eligible for exemptions.
The move has limited impact on many client-facing teams, including investment bankers, who already work from the office five days a week. Instead, the change formally increases attendance requirements for senior management.
Barclays joins a growing list of major international banks tightening remote working policies. HSBC, Société Générale and Santander have all recently introduced stricter office attendance rules, while US banking giants JPMorgan Chase and Goldman Sachs have already returned employees to full-time office working.
The trend comes as remote and hybrid opportunities within investment banking continue to decline in both the UK and the US, reflecting a wider industry preference for in-person collaboration.
However, stricter return-to-office mandates remain contentious. At JPMorgan, more than 2,000 employees signed a petition calling for the continuation of hybrid working, arguing that fully office-based policies fail to reflect the realities of globally distributed teams. Chief executive Jamie Dimon dismissed the campaign, urging staff not to spend time pursuing it.
Recruitment specialists say banks have become some of the strongest advocates for returning employees to the workplace, with many institutions viewing greater physical presence as essential for culture, leadership and productivity.
Our Essentials Library contains e-learning content designed to help organisations meet fundamental compliance requirements. If you’re looking for focused training, our training packages offer a complete solution for your compliance programme.