Global Investigations Bulletin - December 2025

On 2 December, the FCA issued its first enforcement action against a professional body supervisor, formally censuring the Institute of Certified Bookkeepers (ICB) for serious deficiencies in its anti-money laundering (AML) supervision. As the AML supervisor for over 3,000 bookkeepers, ICB failed to implement an adequate risk-based supervisory framework and suspended all member inspections for nine months. The FCA found that these shortcomings weakened its oversight and increased money-laundering risks within the sector.

The FCA has also intensified its action against market manipulation and insider dealing, in recent months. On 23 October, Neil Sedgwick Dwane was fined £100,281 and banned from working in UK financial services for insider dealing while advising ITM Power Plc. Mr Dwane sold shares ahead of a confidential market announcement and then repurchased them after a share price drop, generating a profit of £26,575.

Further action against market manipulation was taken on 28 November, when the FCA commenced criminal proceedings against Bobosher Sharipov, a former Jefferies International Limited employee, and his associate Bekzod Avazov. The pair are alleged to have engaged in insider dealing connected to the 2021 takeover of GCP Student Living Plc, with Mr Avazov profiting nearly £70,000 using confidential information supplied by Mr Sharipov. The case has been sent to Southwark Crown Court, with neither defendant entering a plea.

Separately, on 20 October, the FCA secured its first data protection conviction. Luke Coleman, a former Virgin Media O2 employee, pleaded guilty to unlawfully obtaining and disclosing customer data for use in a boiler room fraud. Coleman, suspended by his employer during the investigation, was fined £384, with a £38 surcharge and £500 in costs.

On 15 October, the FCA announced that it is investigating entities within the Moneda Capital Group, along with several individuals connected to those entities. The FCA has urged any investors in the Group’s companies to come forward and contact the regulator. According to Moneda Capital’s website, the FCA investigation is ongoing and an asset restraint order was imposed on 2 September 2025. This marks the third public enforcement investigation announcement naming the company since the FCA introduced its revised Enforcement Guide in June 2025.

On 20 October 2025, the FCA published the results of its survey into financial crime controls at corporate finance firms (CFFs), forming part of its wider strategy to strengthen financial crime oversight across the sector. The survey covered 303 firms not required to submit regular financial crime data, with an 89% response rate, and included follow-up interviews with senior staff at selected firms. The FCA found that around two-thirds of respondents may be non-compliant with the Money Laundering Regulations in one or more areas, highlighting weaknesses such as the absence of business-wide risk assessments, failures to retain customer due diligence records, and inadequate oversight of appointed representatives. The FCA also identified instances of good practice, including firms regularly updating risk assessments and employing detailed management information to support their controls.

The FCA expects firms to review the findings and address any deficiencies in their anti-financial crime frameworks, and it has begun writing to firms that fall below regulatory expectations to set out required remedial actions. The regulator will follow up with selected firms to assess progress and has indicated that the survey results will be used to inform its supervisory approach to the corporate finance portfolio, including potential interventions where firms fail to meet required standards.

On 26 November, the Serious Fraud Office (SFO) published updated Guidance on Evaluating Corporate Compliance Programmes, part of a broader series of recent publications reflecting the agency’s “refreshed” approach to corporate engagement.

The Guidance outlines the key scenarios in which the SFO may assess a company’s compliance programme, including when determining whether prosecution is in the public interest, whether to invite a company to negotiate a Deferred Prosecution Agreement (DPA), and whether an organisation can rely on a defence of adequate or reasonable procedures for the failure to prevent bribery or fraud offences.

Notably, the Guidance signals a renewed focus on compliance programmes and a commitment to consider them earlier in the investigative process. This provides organisations with an opportunity to present evidence of well-designed, effective programmes at an earlier stage, potentially supporting more favourable outcomes.

The Guidance also stresses practical effectiveness over written policies, emphasising that programmes must be genuinely embedded, regularly updated, and capable of preventing misconduct. It also clarifies that isolated compliance failures do not automatically render a programme ineffective and encourages organisations to provide evidence of operational effectiveness when engaging with the SFO. For a detailed analysis and practical implications, see our fuller client briefing.

Alongside its policy work, the SFO has advanced a number of significant investigations. On 1 December, the agency secured a conviction against Jose Alejandro Zamora Yrala, director of AOG Technics, following a guilty plea to operating the company for a fraudulent purpose. The case concerns the supply of aircraft parts with falsified documentation misrepresenting origin and certification - some of which were installed on Boeing and Airbus aircraft. The investigation, opened in October 2023 with support from Portuguese authorities.

The agency has also moved into new territory. On 20 November, it launched its first major cryptocurrency investigation, targeting suspected fraud linked to the collapse of a $28 million scheme known as Basis Markets. Coordinated raids in West Yorkshire and London resulted in two arrests. Basis Markets is reported to have raised funds through NFT sales and a purported “crypto hedge fund,” before informing investors that the project would not proceed as planned.

Legacy cases also continue to progress. On 10 November, the SFO charged six former Glencore employees with bribery offences relating to oil contracts in Cameroon, Nigeria and the Ivory Coast; several face additional charges of falsifying accounting documents. A trial is scheduled for October 2027. These prosecutions follow Glencore’s corporate guilty plea in 2022.

Separately in October 2025, the SFO expanded its investigation into a suspected fraudulent timeshare scheme – first launched in December 2024 – by identifying five further UK-based companies as subjects of enquiry and issuing a public appeal for information.

Finally, on 18 November, the dispute between the SFO and Güralp Systems returned to the High Court. Güralp, which entered into a five-year DPA in 2019 to resolve bribery allegations, is accused of breaching the DPA by failing to pay its financial penalty by October 2024. The company argues the SFO failed to notify the court of the alleged breach before the DPA term expired, and that the agreement therefore lapsed. Judgment is pending. This is the first time a UK court has been asked to rule on an alleged DPA breach since the regime was introduced in 2014.

The CPS has reported a series of convictions and sentences across financial crime, reflecting sustained enforcement activity for the prosecutor.

In October, 20 individuals - including company directors - were sentenced for their roles in a large-scale VAT fraud perpetrated through Winnington Networks Ltd (WNL). The group received combined custodial sentences exceeding 70 years. HMRC’s investigation established that WNL operated an “off-set” VAT scheme in which fictitious VOIP transactions were used to disguise VAT liabilities arising from genuine trades in electrical goods and metals. The fraud was facilitated through false documentation, contrived supply chains and sham offshore banking platforms.

Also in October, the CPS secured convictions against 14 defendants involved in a £28 million investment fraud affecting more than 3,500 victims. The scheme operated a classic “bait-and-switch” model targeting timeshare owners who were promised assistance in disposing of their timeshares but were instead sold worthless investment products marketed as “Monster Credits”.

More recently, on 12 November, two defendants were sentenced in connection with money-laundering offences linked to a £600 million Chinese cryptocurrency investment fraud. Himin Qian received a sentence of 11 years and eight months after pleading guilty to possessing criminal cryptocurrency and associated laundering offences, while Senghok Ling received four years and 11 months for possession of criminal cryptocurrency. The case represents the largest cryptocurrency seizure in the UK to date, involving more than 60,000 Bitcoin and other digital assets valued at £4.8 billion, which remain subject to confiscation proceedings.

On 2 December, the Deputy Prime Minister announced major proposed reforms to the criminal courts, centred on expanding judge-only trials to reduce delays and improve the Crown Court backlog - projected to reach 100,000 cases by 2028. Key measures include:

• Establishing “Swift Courts” for cases likely to attract sentences of three years or less, to be heard by a judge alone.
• Allowing courts greater discretion over where cases are heard.
• Retaining jury trials for the most serious and almost all indictable offences, including rape, murder, aggravated burglary etc.
• Introducing judge-only trials for complex, technical, and lengthy fraud and financial crime cases.
• Extending magistrates’ sentencing powers to 18 months to shift more cases away from the Crown Court.

Implementation details - including how the three-year threshold for the “Swift Courts” will be assessed - are still to be determined.

The proposals have sparked criticism, particularly regarding the removal of juries in complex fraud cases. Supporters of jury trials argue that juries enhance fairness through random selection, are capable of determining facts, and ensure public accessibility by requiring cases to be presented clearly. Critics counter that fraud cases often demand specialist commercial knowledge and may overwhelm lay jurors.

Private prosecutions have grown sharply in recent years, increasing the risk of defendants being drawn into unfounded or poorly prepared criminal proceedings. A recent High Court ruling has strengthened the protections available to such defendants. In R (Bates) v Highbury Corner Magistrates’ Court, the court overturned previous authority and held that a private prosecutor may be liable not only for a defendant’s costs of a successful judicial review challenging the decision to allow the prosecution to proceed, but also for the costs of the underlying criminal case.

The judgment arose from a private prosecution found to be “misconceived, vexatious and abusive,” in which the prosecutor failed to meet essential duties of candour and objectivity, including by omitting key information about related proceedings.

The Court confirmed that civil costs principles apply to judicial review proceedings even where the underlying matter is criminal, thereby removing the previous presumption that defendants could not recover their costs. This clarification increases the financial consequences for private prosecutors who pursue ill-founded cases and underscores the requirement to approach their quasi-public role with fairness and the standards expected of government prosecutors.

As announced in the UK Budget on 26 November, HM Revenue & Customs (HMRC) will increase rewards for whistleblowers who provide “high-value information” on unpaid tax. Modelled on the US IRS scheme, rewards could reach up to 30% of recovered tax exceeding $1.5 million.

HMRC has long held the discretion to pay whistleblowers, but previous payouts were modest, and the scheme was not widely publicised. The updated approach aims to target large-scale tax avoidance or evasion, often involving wealthy individuals, corporations, or offshore arrangements. Payments remain discretionary, are not guaranteed, and anonymous whistleblowers are excluded.

The agency’s powers to reward whistleblowers date back to its establishment in 2005. While use of the scheme has fluctuated this update signals a renewed focus on incentivising actionable tip-offs. In the UK, only the Competition and Markets Authority currently has similar authority, however the government has committed in its recent Anti-Corruption Strategy Paper to exploring the introduction of incentives for whistleblowers more broadly.

On 8 December, the UK Government published its 2025 Anti-Corruption Strategy, outlining its approach to combating corruption both domestically and internationally. The paper sets out 123 cross-government commitments designed to disrupt corrupt actors and their finances, address systemic vulnerabilities, and strengthen global resilience against corruption.

Among the measures announced is a comprehensive review of asset ownership frameworks across the UK, aimed at identifying weaknesses in the current system and formulating recommendations for reform. The Government also commits to exploring potential changes to the UK whistleblowing regime, including the introduction of incentives for whistleblowers - an initiative long advocated by SFO Director Nick Ephgrave.

The strategy further highlights the potential for artificial intelligence to accelerate SFO investigations, signalling a focus on modernising enforcement capabilities. Looking ahead, the UK will host the Illicit Finance Summit in 2026, convening governments, civil society organisations, and private-sector stakeholders, including major financial institutions, to coordinate global efforts against illicit finance.

Domestically, the Government has pledged £15 million in additional funding to expand the City of London Police’s Domestic Corruption Unit, enhancing its capacity to detect and disrupt bribery and money-laundering networks. The strategy also promises a renewed examination of the framework governing strategic lawsuits against public participation (SLAPPs) and announces plans to establish a new Ethics and Integrity Commission to strengthen standards in public life.

The Office of Financial Sanctions Implementation (OFSI) published its Annual Review for 2024-25, titled Effective Sanctions, on 15 October 2025. The report summarises its work over the past financial year across communications, licensing, designations, international outreach, and enforcement. Highlights include:

Communications and Guidance
In the period, OFSI expanded its engagement with industry and the public, publishing 145 FAQs covering a broad range of topics. It also delivered guidance and webinars for new sectors and launched the OFSI/FCDO/OTSI e-alert service, providing real-time sanctions updates to industry.

Designations and Reporting
The Consolidated List grew to 4,733 entries, including 191 additions related to Russia. The Annual Frozen Asset Review showed a substantial rise in frozen assets, from £24.4 billion in 2023-24 to £37 billion in 2024-25, with £22.5 billion linked to the Russia regime.

Licensing Activity
OFSI issued 19 general licences and processed 904 specific licence applications, down from 1,401 the previous year. Of the 904 decisions:

• 471 were granted
• 35 were refused
• 361 were withdrawn
• 4 lacked sufficient information

Most of the granted licences related to the Russia regime (279), followed by Libya (109), Counter-Terrorism (19), and Global Anti-Corruption (43).

International Engagement
OFSI also claims to have strengthened its international cooperation, participating in over 210 engagements across 44 jurisdictions and signing its first Memorandum of Understanding with the US Treasury, enhancing information sharing and coordinated enforcement.

Enforcement
As of April 2025, OFSI managed 240 active enforcement cases, of which 151 were identified through non-self-reported sources.

In 2024-25, 57 enforcement actions were taken, including monetary penalties, warning letters, disclosures, and referrals, with the financial services and legal sectors most impacted.

Looking Ahead: 2025-26
OFSI has already issued four monetary penalties and two disclosure orders since the start of the year, up from just one monetary penalty in 2024, signalling a modest intensification of UK sanctions enforcement, though overall activity remains moderate compared to international enforcers.

The Office of Trade Sanctions Implementation (OTSI) published its one-year operational update on 4 December, marking the first full year since its launch. Based within the Department for Business and Trade, OTSI is responsible for investigating suspected civil breaches of UK trade sanctions involving the transfer of prohibited or restricted goods and technologies to sanctioned persons, entities or jurisdictions. Criminal breaches fall under the remit of HMRC, which also oversees civil violations of the UK’s export control regime relating to the unauthorised transfer of military or dual-use items.

According to the update, OTSI’s compliance and enforcement unit has received 146 reports or referrals of potential trade sanctions breaches. While the agency has not yet imposed any civil penalties, it confirmed that several investigations are underway and that a significant number of cases have been referred to HMRC. Also in October, OTSI published a “compliance clarity” blog outlining lessons from an unnamed bank’s voluntary disclosure of a potential sanctions breach, which the agency ultimately concluded did not constitute a violation.

In October, the Information Commissioner’s Office (ICO) imposed a £14 million fine on Capita plc and Capita Pensions Solutions Limited for breaches of the UK GDPR, following a cyber security incident that exposed the personal data of over six million individuals. The breach resulted in hackers accessing information, including pension records, staff data, and sensitive financial and criminal information.

The ICO found that Capita had failed to ensure the secure processing of personal data, leaving its systems vulnerable and without adequate technical and organisational measures to prevent or respond to such an attack. The investigation identified several shortcomings, including the lack of a tiered administrative account model, delayed responses to security alerts, and insufficient penetration testing and risk assessments.

In October 2025, Ofcom imposed a £20,000 fine on the internet forum 4chan, marking the first enforcement under the UK’s Online Safety Act 2023 (OSA). Although 4chan is based outside the UK, it fell within the Act’s reach due to its sufficient connection to UK users.

The OSA places wide-ranging duties on online service providers to protect users - particularly children - from harmful content. This includes obligations for platforms such as community forums, social networks, and other user-to-user services to ensure safety on their sites.

This first regulatory action is notable for several reasons. It demonstrates Ofcom’s willingness to exercise its extensive powers under the OSA and highlights the extraterritorial scope of the legislation.

On 18 November, the Competition and Markets Authority (CMA) launched its first enforcement actions under the Digital Markets, Competition and Consumers Act 2024 (DMCCA), unveiling a major crackdown on unfair online pricing practices.

The CMA has opened investigations into eight companies suspected of using tactics such as drip pricing, default opt-ins and misleading time-limited offers. These are the first cases to deploy the CMA’s new direct enforcement powers, which allow it to impose fines of up to 10% of global turnover and require companies to compensate affected consumers.

Alongside these investigations, the CMA has adopted a broader compliance push: it has issued advisory letters to 100 businesses across 14 sectors highlighting concerns about additional fees and online sales practices and published new guidance to support compliance with price transparency rules.

On 2 December, the EU reached a provisional agreement on its first directive harmonising criminal law rules on corruption. The directive establishes EU-wide definitions for offences such as bribery, misappropriation of funds and obstruction of justice, and sets common prison sentences - while allowing member states to apply stricter penalties. It also requires each country to publish a national anti-corruption strategy and mandates the annual publication of EU-wide corruption data to enhance transparency and support evidence-based policymaking.

The framework is designed to prevent offenders from exploiting differences between national systems and to strengthen cooperation between national authorities and EU bodies, including OLAF, the European Public Prosecutor’s Office, Europol and Eurojust.

First proposed in 2023, the directive has progressed slowly and must now be formally approved by both the European Parliament and the Council.

On 12 November, the US Department of Justice (DOJ) entered into its first Foreign Corrupt Practices Act (FCPA) deferred prosecution agreement (DPA) since President Trump paused FCPA enforcement earlier this year. Although enforcement was formally suspended by Trump in February, the DOJ’s updated Guidelines issued in June effectively lifted the pause and set out a renewed, more targeted agenda -prioritising action against cartels and transnational criminal organisations, placing greater emphasis on individual accountability, and reinforcing protections for US commercial interests.

Comunicaciones Celulares S.A. (Comcel), a Guatemalan telecommunications provider, agreed to the DPA to resolve a multiyear bribery scheme involving Guatemalan officials. Comcel admitted the misconduct and agreed to pay a $60 million criminal penalty and forfeit $58.2 million in profits. According to the Statement of Facts, the scheme relied on falsified contracts, shell companies and, at times, cash delivered by helicopter. The DOJ also found that certain bribe payments were funded with proceeds from drug-trafficking.

The Comcel resolution highlights the DOJ’s sharpened focus on corruption schemes with links to cartels, drug-trafficking and other transnational criminal organisations - consistent with the June Guidelines requiring the FCPA unit to prioritise such cases. At the same time, the outcome confirms that core FCPA enforcement principles, including voluntary self-disclosure, cooperation and remediation, remain central to the DOJ’s approach.