This month's key compliance news includes Temu's data breach fine, the EU and UK's security and defence partnership, a new legal duty for sanctions screening, the FCA's simplification of complaints reporting and more.
South Korea's data protection regulator has fined Chinese e-commerce giant Temu KRW 1.386 billion ($978,000) for violating the country's Personal Information Protection Act (PIPA). The fine follows an investigation by the Personal Information Protection Commission (PIPC) into the platform's handling of Korean user data.
The probe revealed that Temu failed to disclose the transfer of personal data to businesses in multiple countries—including China, Singapore, Japan, and South Korea—for product delivery and processing, in violation of PIPA requirements. The company also lacked a mandatory local representative in Korea and forced users through a burdensome seven-step process to delete their accounts.
The regulator highlighted concerns over Temu’s failure to inform users about data sharing in its privacy policy, and said these practices made it difficult for users to exercise their data rights. The company has since taken corrective actions, including updating its privacy disclosures and appointing a local agent.
Temu’s data processor, Whaleco Technology, was fined KRW 879 million ($630,000), while Elementary Innovation, which handles seller data, received a KRW 490 million ($350,000) penalty.
In a statement, Temu said it respects the PIPC’s decision, cooperated with the investigation, and has made changes to comply with Korean regulations.
The PIPC has also fined AliExpress - a Temu rival - KRW 1.978 billion ($1.4 million) in 2024 for similar violations. To help foreign businesses meet compliance standards, the regulator has released a Chinese-language version of its PIPA guidance.
UBS Group AG has agreed to pay $511 million to settle a long-running U.S. investigation into tax evasion schemes orchestrated by Credit Suisse, the Swiss bank it acquired in 2023. The probe revealed that Credit Suisse continued helping wealthy Americans hide money offshore even after a 2014 plea deal promising to stop such conduct.
A Credit Suisse unit pleaded guilty to conspiring with clients to conceal over $4 billion in assets from the Internal Revenue Service across at least 475 secret accounts, violating U.S. tax laws. The U.S. Justice Department also filed a criminal charge related to Credit Suisse accounts in Singapore, which it will dismiss if the bank fully cooperates.
Despite prior settlements, Credit Suisse maintained undeclared accounts for U.S. taxpayers — including a European billionaire who lived openly in the U.S. — and failed to report them. The Justice Department said the bank's actions violated its 2014 plea agreement.
The case also detailed Credit Suisse's role in tax evasion by Dan Horsky, a former U.S. business professor who hid over $200 million, and a U.S.-Colombian family that concealed nearly $100 million. Whistleblowers helped expose the misconduct, leading to criminal convictions.
UBS, which was not involved in the original misconduct, said it has zero tolerance for tax evasion and is cooperating with U.S. authorities. The settlement follows a 2023 Senate Finance Committee report that found major violations of Credit Suisse's past plea deal and highlighted undeclared accounts worth over $1.3 billion.
From 14 May 2025, all UK letting agents are legally required to check tenants, landlords, and other clients against the UK’s official financial sanctions list. This marks a major regulatory change, as sanctions screening becomes a standalone legal obligation for the entire sector - not just those registered under Anti-Money Laundering (AML) supervision.
Letting agents will now be classified as “relevant firms” under UK sanctions regulations, placing them under the same legal responsibilities as estate agents, law firms, and financial institutions. If an individual or company appears - or is even suspected to appear — on the sanctions list, agents must freeze any assets or property and report the case immediately to the Office of Financial Sanctions Implementation (OFSI). Failure to comply may result in civil penalties or criminal prosecution.
This move is part of the UK government's broader efforts to prevent individuals involved in money laundering, terrorism financing, organised crime, or human rights violations from conducting financial or legal transactions within the country. It also ensures that tenancy agreements and other property-related contracts are not misused for illicit activity.
Key steps for letting agents:
For more details, agents are advised to consult the government’s General Guidance to UK Sanctions.
Cambridgeshire County Council has been fined £6 million after pleading guilty to serious safety breaches on its Guided Busway network, following a decade marked by fatal accidents and injuries. The Health and Safety Executive (HSE) brought the prosecution after a prolonged investigation, which revealed that key safety measures were missing or delayed despite repeated incidents and regulatory warnings.
The busway, which opened in 2011, has been linked to three deaths and multiple injuries. Jennifer Taylor, 81, was killed at an unlit pedestrian crossing in 2015. In 2018, Steve Moir, 50, lost his life after falling from his bike into the path of a bus travelling at 56mph. Kathleen Pitts, 52, died in 2021, and just weeks later, a 16-year-old cyclist suffered life-changing injuries at a designated crossing. Despite these tragedies, the council failed to conduct its first risk assessment until 2016—five years after the busway began operating.
The HSE found a range of critical failings, including unlit crossings, the absence of appropriate speed restrictions, poor segregation between buses and other users such as cyclists and pedestrians, and inadequate warning signs. Following Mr Moir's death, the council reduced the speed limit in that section to 30mph, but the measure proved insufficient to prevent further tragedy.
The council pleaded guilty to two charges under section 3(1) of the Health and Safety at Work etc. Act 1974, for failing to ensure public safety both at crossing points and along the busway path. In addition to the £6 million fine, the council was ordered to pay £292,460.90 in legal costs.
Families of the victims expressed their grief and called for lasting safety improvements. Mrs Taylor’s family thanked the HSE for its persistence, while Mr Moir’s relatives described the devastating loss of a vibrant, community-minded man. The case has renewed scrutiny of public infrastructure safety and the consequences of delayed risk management.
"This is a truly tragic case where three people lost their lives and others suffered serious injuries in incidents that were completely preventable. Had Cambridgeshire County Council properly assessed and managed the risks on the Guided Busway from the outset, these deaths simply would not have happened. Even after the first fatality in 2015, the council failed to take adequate action to protect the public."
- Graham Tompkins, principle inspector, HSE
The Financial Conduct Authority (FCA) has announced plans to simplify its complaints data reporting process in a bid to reduce administrative burdens on firms and enhance regulatory efficiency.
As outlined in its consultation paper Improving the Complaints Reporting Process, the FCA proposes consolidating five existing reporting returns into a single form. This change will affect around 10,000 firms and is expected to make complaint submissions simpler and improve the quality of data collected.
FCA executive director Sarah Pritchard emphasised that the reforms are part of the regulator’s broader commitment to "smarter, more effective regulation." She noted that better-quality data will enable the FCA to identify consumer harm more quickly and respond proactively.
In addition to simplifying the format, the FCA plans to standardise the frequency of data return requests. This will make submission timelines more predictable for firms, allowing them to plan ahead and improve consistency in how the FCA processes the information. The move will also help the regulator use its resources more efficiently.
Industry experts have welcomed the move. Dom House, lead consultant at Simplify Consulting, described the changes as a "step forward" that will reduce reporting complexity and lower the risk of errors. He also noted that enhanced data quality will allow firms to benchmark their performance more accurately in the context of consumer duty.
The FCA is inviting feedback on the proposals until 24 July 2025.
HSBC has warned 24,000 employees across its commercial and retail banking divisions that failure to meet office attendance expectations could affect their pay. In a memo, the bank stated that employees who don’t meet the 60% in-office requirement - roughly three days per week - may see their performance ratings and variable compensation impacted. From September, the bank plans to give managers increased oversight and attendance data to enforce the policy more strictly.
Critics argue this approach conflates physical presence with productivity. Gemma Dale, a senior HR lecturer, noted that penalising workers for remote work could reduce engagement and worsen retention. Instead of rigid enforcement, she suggested employers should understand why staff aren’t coming in - whether it's a lack of purpose in the office or an environment not conducive to their work.
Debbie Mitchell, HR transformation manager at Lace Partners, urged senior HR leaders to guide executives toward more nuanced, data-informed decisions. She highlighted the potential to attract and retain talent through flexible work policies, especially amid ongoing skills shortages.
Supporting this, new research by King’s College London shows growing resistance to full-time office mandates. Only 42% of UK workers now support a five-day office week, down from 54% in 2022, while the percentage of those who would quit under such conditions has doubled to 10%.
Experts emphasise that companies should focus on making office attendance meaningful. Creating engaging spaces, fostering collaboration, and offering valuable in-person experiences may prove more effective than enforcing rigid return-to-office rules.
On 19 May 2025, the UK and EU signed a new Security and Defence Partnership, hailed by both sides as the beginning of a new era in cooperation. The agreement sets a formal structure for ongoing dialogue and collaboration across areas like cybersecurity, defence innovation, and military training. It includes regular policy discussions and participation in key security forums, like the Schuman Security and Defence Forum.
While this agreement marks a political reset in UK-EU defence relations, it stops short of providing the UK access to the EU’s €150 billion SAFE fund (Security Action for Europe). SAFE is part of the EU's broader ReARM initiative, aimed at strengthening defence investment across the continent through pooled procurement and infrastructure funding.
Despite being seen as a first step toward eventual UK participation in SAFE, no access or funding is guaranteed under the current deal. European Commission President, Ursula von der Leyen, described potential UK involvement as a "second step" - but provided no timeline or firm commitments.
Industry observers and commentators remain cautious. While the agreement introduces new diplomatic and strategic mechanisms, some argue it offers little in the way of concrete outcomes - especially for UK defence businesses hoping for meaningful access to EU funding and contracts.
For now, the Partnership lays the groundwork for future cooperation but falls short of unlocking the level of integration or financial support many had anticipated. The real test will be whether future negotiations lead to tangible UK participation in SAFE and broader EU defence initiatives.
We have created a series of comprehensive roadmaps to help you navigate the compliance landscape, supported by e-learning in our Essentials Library.