This month's key compliance news includes the theft of Google's trade secrets, Copilot's snooping, fines for Wood Group and Louis Vuitton, and more.
Between May 2022 and April 2023, Linwei Ding stole "thousands of pages of confidential information containing Google's trade secrets related to artificial intelligence technology", the Department of Justice said. He used his privileged access to create pdf copies of Google's source files and then uploaded them to his personal Google Cloud account to avoid detection.
Whilst employed by Google, Ding affiliated himself with two People's Republic of China technology companies. By early 2023, he was in the process of setting up his own technology company and acting as its CEO. In statements, he promised potential investors that he could build an AI supercomputer by "copying and modifying Google's technology".
Ding resigned in December 2023. Google found the unauthorised uploads after searching his network activity and locked his work laptop remotely.
Ding faces up to 10 years in prison for each count of trade secrets theft and 15 years for each count of economic espionage. The court said that Google had "reasonable measures" in place to protect its proprietary information and required all employees to sign a contract and code of conduct, agreeing to protect confidential information and not to participate in business activity that related to Google's business interests.
A bug allowed Copilot to summarise emails marked confidential and bypass companies' data loss prevention policies, Microsoft has confirmed.
The bug was first detected on 21 January (and tracked under CW1226324) and affects the "work tab" chat feature. It resulted in the AI assistant reading and summarising emails in Sent and Draft folders, even when a confidential label was applied. Labels are supposed to restrict access to sensitive information by automated AI tools.
However, Microsoft documentation notes, "Although content with the configured sensitivity label will be excluded from Microsoft 365 Copilot in the named Office apps, the content remains available to Microsoft 365 Copilot for other scenarios. For example, in Teams, and in Microsoft 365 Copilot Chat."
The news will do little to allay concerns about the widespread adoption of AI tools. Last year, 72% of S&P 500 companies flagged AI as a material risk in regulatory disclosures.
In a statement, Microsoft said that the bug "did not provide anyone access to information they weren't already authorised to see" but "this behavior did not meet our intended Copilot experience, which is designed to exclude protected content from Copilot access. A configuration update has been deployed worldwide for enterprise customers."
The Financial Conduct Authority (FCA) has fined Wood Group, an oil and engineering company, for publishing inaccurate and misleading information in its financial results.
The regulator said false reports were repeatedly made between January 2023 and November 2024. The Aberdeen-based company did not have adequate systems, controls or procedures to ensure announcements about its results were not false or misleading.
The false statements were "inappropriately influenced by its desire to maintain previously stated financial results".
When the issues came to light in November 2024, Wood Group's share price fell 78% by April 2025.
Wood Group's chief financial officer, Arvind Balan, also resigned after it emerged that he had misstated his professional qualifications.
Wood Group, which carries out work on oil rigs, admitted that "cultural failings" and "inappropriate management pressure" to stick to previous reports had caused the information to be withheld from its auditors.
Wood Group has agreed a takeover by Dubai-based Sidara for £216m, which is much less than its original £1.58bn approach following the regulatory investigation.
"Investors rely on accurate information to make decisions. Wood Group failed to provide this and fell well short of the high standards we expect of listed companies."
- Steve Smart, FCA
Louis Vuitton has agreed to pay €500,000 to settle a money laundering case in the Netherlands.
Prosecutors accused the luxury goods brand of not following laws to combat money laundering and terrorist financing by its customers.
The case centres on a customer who used different names to spend over two millions euros in criminal proceeds "on luxury goods at retailers such as Louis Vuitton" over eighteen months.
The company failed to properly identify a customer who repeatedly spent large sums of cash over an extended period, prosecutors claimed. Luxury handbags were then sent on to China for resale to make the proceeds seem like legitimate trade.
A separate case is ongoing against the customer from Lelystad and two accomplices, including a former sales assistant at Louis Vuitton.
The sales assistant allegedly tipped off the woman when new bags came into stock and warned her if she exceeded the limits that require the fashion house to alert authorities about payments.
Since 1 January 2026, Dutch businesses or high-value dealers (HVDs) of luxury goods, art, cars, jewellery, yachts and other high-end goods must report suspicious transactions including cash payments of above €3,000. The threshold was recently reduced from €10,000.
The UK's Competition and Markets Authority has fined Euro Car Parts £473,000 for failing to respond to a notice to provide information.
It's the first penalty issued under the CMA's new fining powers granted under the Digital Markets, Competition and Consumers Act 2024 (DMCCA).
The watchdog issued an information notice to Euro Car Parks in July 2025. It subsequently tried to contact the company on seven different occasions, including sending mail by registered post and emails to company directors. But the company did not respond for three months, despite being legally required to do so.
It was only when the CMA said it would issue a fine that Euro Car Parks finally responded and provided the required information.
Euro Car Parks said it believed the emails to be fraudulent and part of a scam, so it had blocked them.
The CMA said this was not a reasonable excuse and issued the maximum fine in December 2025, due to the seriousness of its failure to respond. The watchdog also stressed that this did not mean that the company had breached competition law.
"We are an evidence-based authority, and information notices are essential tools that help us understand the facts and get to the bottom of potential infringements of the law. These powers enable the CMA to take decisive action when businesses fail to comply with legal requests for information, ensuring its work can proceed swiftly and effectively to protect consumers throughout the UK."
- Hayley Fletcher, Competition and Markets Authority
Seven 'finfluencers', including reality TV stars, have been fined for promoting a foreign exchange trading scheme on social media between 2018 and 2020 without being authorised by the FCA or qualified to do so.
Contracts For Difference (CFD) are high-risk derivatives, where the FCA has previously said that 80% of customers lose money and can end up losing more money than they invested.
To prevent significant harm to customers, the UK regulator has imposed restrictions on selling and marketing CFDs.
The seven influencers, including TOWIE's Lauren Goodger, Love Island's Rebecca Gormley and Geordie Shore's Scotty T, each admitted one charge of illegally promoting financial products on Instagram. They have a combined following of 4.5 million on their accounts.
The group was fined a total of £7,000 and ordered to pay over £14,000 in costs.
The sentences were considered surprisingly lenient by some commentators, given that anyone found guilty of the Financial Services and Markets Act 2000 (FSMA) can face up to two years' imprisonment, unlimited fines, or both.
"These influencers betrayed the trust of those who followed them. We'll continue to work with responsible influencers and go after those who put the financial wellbeing of their followers at risk."-Steve Smart, FCA
Fraudster Jose Alejandro Zamora Yrala of aircraft parts trader AOG Technics has been jailed for 4 years and 8 months for aircraft parts fraud.
An investigation by the Serious Fraud Office (SFO) found that Zamora sold engine parts to airlines and suppliers around the world in a £39.3 million fraud that he ran from his UK home.
Between January 2019 and July 2023, AOG Technics sold 60,000 aircraft engine parts worth £6.9 million, with forged Authorised Release Certificates (ARCs). ARCs are meant to guarantee airworthiness.
Most parts sold by AOG were for the CFM56 engine, the most widely used commercial aircraft engine, generating over £7.7million in revenue in four years.
Zamora doctored genuine ARCs on his home computer and created fake memos of shipments to imply that AOG had purchased the parts from the original manufacturers, such as Safran.
As part of his elaborate fraud, Zamora also invented fake employees so customers received emails and documents signed by fabricated sales and quality managers.
The illusion of a legitimate business was shattered when an airline contacted Safran to check the authenticity of an AOG part. Safran recognised the certificate as a fake and alerted authorities.
This resulted in planes being grounded across the world, losses of over £39.3 million for airlines, and safety alerts being issued for all AOG Technics parts.
"Zamora's operation risked public safety on a global scale in a way that defies belief."
-Emma Luxton, Serious Fraud Office
Bank of Ireland UK (BOIUK) has been fined over £3.7 million for failing to implement Confirmation of Payee (CoP) on time.
Bank of Ireland had until 31st October 2023 to implement a system to send and receive CoP checks. CoP lets people check that the account they're sending money to is the one they're expecting. It is an important measure to combat fraud and gives customers' reassurance when making online payments.
However, Bank of Ireland UK missed the deadline by 14 months and was the last Group 1 payment service provider to achieve compliance. This prevented the safeguard being applied to transactions involving of 1.14 million new payees, with payments totalling around £6.9 billion.
"Confirmation of Payee is a vital tool to combat fraud and misdirected payments, giving people confidence that their money is going exactly where they intend. Bank of Ireland UK had plenty of time to put the system in place, missing the deadline by more than a year put its customers at increased risk of fraud. Where we see firms failing to comply with the Confirmation of Payee requirements and leaving customers without this critical protection, we will use our powers to intervene to make sure this important direction is followed."
-David Geale, Payment Services Regulator
A former HSBC executive has pleaded guilty to fraud by misrepresentation after he admitted dodging railway fares.
London banker Joseph Molloy used a scam known as "doughnutting". He bought tickets between stations at the beginning and end of his train journey, but not for travelling along the route.
Molloy did this over 740 times in 11 months, saving £5,911 on Southeastern Railway fares, as he travelled from his £2m home in Orpington to his office in Canary Wharf.
The court heard that the scam was "sophisticated in planning and execution".
Molloy, who was previously head of passive equity at HSBC Global Asset Management, used fake names to buy smartcards and also applied a 50% discount from Jobcentre Plus. He admitted the scam when evidence was shared with him by the police.
The court heard that Molloy was a "man of some financial means" and was "in a financial position to pay the fares". But he was experiencing stress due to health problems and the death of his mother.
The judge said that "an offence of this sophistication warrants a custodial sentence". But "strong mitigation in this case means the sentence of imprisonment will be suspended".
Molloy was given a ten-month jail sentence and is banned from travelling on Southeastern Railway for 12 months. He was also ordered to carry out 80 hours of approved work and pay compensation of £5,000.
Asda has been served a £507,767 fine for repeated food safety offences at another of its UK stores.
The supermarket admitted five offences under the Food Safety Act after out-of-date food items were displayed at its store in Barnsley. The offences date back to 2024 when inspectors found products on sale two weeks after the expiry date.
The fine was imposed after the store failed to act following previous warnings.
While the store had made improvements to its date checking system and training, the Trading Standards team noted "the sizeable £100,000 fine per offence sends a clear message that non-compliance never pays".
During the inspection, the Trading Standards team identified 32 out-of-date food items on sale, consisting of 11 chilled products and totalling 581 days past their use-by date.
"We expect businesses of all sizes to only sell safe food, and this significant result sends a clear message that we will always put people's health and safety first, taking action where businesses fail to comply with legislation or respond to warnings."
- Cllr Wendy Cain, Barnsley Council
A spokesperson for Asda said that in November 2024, an updated process was put in place, with daily manual checks on all short-life products.
"This fell short of the standards our customers rightly expect and that we hold ourselves to. In the time since these products were found, we have introduced a new date code checking process in every Asda store to ensure the freshest products are always available for customers to buy."
-Asda spokesperson
This follows similar fines at its stores in Cardiff and Cornwall of £640k and £410k, respectively.
The Food Standards Agency is reminding shoppers to be vigilant. It is an offence for retailers to sell items past their use-by dates (but not best-before dates). Fresh produce, such as diary, fish and meat, can become unsafe to eat over a short time.
A factory worker has been awarded £60,747.53 after she experienced age discrimination and harassment at work.
Andrea Petroi had worked at The Soho Sandwich Company since 2008. She claimed that colleagues repeatedly made age-related comments towards her.
When she had a disagreement with Abu Sayed, another line leader, in April 2022, Petroi said that she was "bullied and humiliated" and became "unwell because of the stress".
During the investigation, a colleague said, "she is old, so she gets angry". In May 2022, Petroi emailed management to complain.
Upholding her claim, the judge said Petroi received "unwanted conduct related to her age". She had been demoted and was not supported in her job.
The case highlights the need for managers to understand their responsibilities and to follow the process carefully when investigating age-related complaints.
Our Essentials Library contains e-learning content designed to help organisations meet fundamental compliance requirements. If you’re looking for focused training, our training packages offer a complete solution for your compliance programme.