Global Investigations Bulletin - October 2025

On 7 October 2025, the FCA published its highly anticipated consultation on a proposed motor finance redress scheme. This follows the Supreme Court finding in Johnson^[1] on 1 August 2025 of an unfair relationship within s140A of the Consumer Credit Act 1974 between a motor finance lender and its customer. The FCA sets out a detailed proposal in its consultation for an industry wide redress scheme intended to compensate motor finance customers who were treated unfairly. This expansive scheme will, on the FCA’s estimates, apply to 44% of all agreements made since 2007 and could cost the industry approximately £11bn, assuming 85% of eligible customers were to participate. The FCA is seeking comments on its redress scheme proposals by 18 November 2025. If the FCA decides to introduce the redress scheme, it expects to publish its policy statement and final rules by early 2026, with the scheme expected to launch at the same time and consumer compensation to begin later that year. Alongside the consultation, the FCA issued Dear CEO letters to all firms involved in motor finance lending and broking since 2017, and separately to claims management companies (CMCs) involved in motor finance commission claims. For further analysis of the proposed scheme and corresponding CEO letters see our client briefing – FCA Publishes Motor Finance Redress Scheme Consultation.

The FCA has fined Sigma Broking Ltd, £1,087,300 - for failing to submit complete and accurate transaction reports for five years. The FCA found that between December 2018 and December 2023, the transaction reports submitted by Sigma were either incomplete, inaccurate or both. The deficiencies impacted 924,584 transactions, close to 100% of reportable transactions undertaken by all of its trading desks during this period. The reporting failures were caused by incorrect system setup and persisted uncorrected due to weaknesses in the firm’s reporting processes. The deficiencies in reporting meant that Sigma breached Article 26 of the UK Markets in Financial Instruments Regulation (600/2014) and Principle 3 of the FCA’s Principles for Businesses, which requires firms to take reasonable care to organise and control their affairs responsibly and effectively. This is the second enforcement action against Sigma for inadequate transaction reports. The FCA previously fined the firm £531,600 in October 2022.

The FCA has issued Decision Notices banning Neil Woodford from holding senior manager roles and  managing retail funds, and imposing fines of £5.9 million on him and £40 million on Woodford Investment Management (WIM). The FCA found that they had mismanaged the Woodford Equity Income Fund (WEIF), which collapsed due to liquidity issues in 2019, and concluded that Woodford is not a fit and proper person for certain regulated activities. The FCA found that Woodford prioritised his investment strategy over timely action to address deteriorating liquidity, relied on flawed internal metrics, and failed to maintain a balanced portfolio of liquid assets. The regulator also rejected arguments that the authorised corporate director, Link, was primarily responsible for monitoring the fund’s liquidity, emphasising that under the investment management agreement, WIM had the ability and delegated responsibility to manage liquidity. Woodford and WIM are appealing the decision notices to the Upper Tribunal. The appeal is expected to involve detailed arguments about responsibility for liquidity management and oversight.

The FCA has published Final Notices issued to three bond traders after the Upper Tribunal upheld the FCA’s decision to fine and ban the individuals from working in financial services. Three bond traders were initially banned for market manipulation following decision notices issued by the FCA in December 2022. It deemed their trading behaviour relating to Italian Government Bond futures amounted to a form of market manipulation known as ‘spoofing’, where traders aim to trick the market by placing large orders which they do not intend to execute, to benefit their smaller, genuine orders. The Upper Tribunal agreed with the FCA that the traders’ manipulative behaviour was dishonest and lacked integrity.

Brothers, Matthew and Nikolas West have been sentenced to 15-months and six months respectively, for insider dealing following an FCA prosecution. Both were experienced traders with more than two decades in the industry and investment community contacts. The FCA’s market surveillance tools identified suspicious trading activity, prompting an investigation that revealed the brothers had acted within minutes of receiving confidential information - earning £44,164. The court ordered them to repay over £280,000, representing the total value of shares traded through their criminal conduct, rather than just the profit obtained.

The FCA has also secured convictions in two separate investment fraud cases, resulting in prison sentences for Daniel Pugh and John Burford. Daniel Pugh was sentenced to seven and a half years in prison for operating a £1 million Ponzi scheme through his fund, Imperial Investment. He defrauded 238 investors by promoting the scheme on social media and offering implausible returns of 1.4% per day or 350% a year. In a separate case, John Burford was sentenced to two years in prison for defrauding over 100 investors through his firm, Financial Trading Strategies Limited. Without FCA authorisation, Burford offered trade alerts and investment opportunities in self-branded funds, misleading investors about performance, concealing losses, and diverting client money for personal use. He promoted his schemes through self-published materials and online content, presenting himself as an expert trader. Both prosecutions highlight the FCA’s ongoing focus on tackling fraudulent investment activity and protecting consumers from unauthorised and misleading schemes.

In our July Bulletin, we reported on the Supreme Court’s decision to overturn the convictions of former traders Tom Hayes and Carlo Palombo in connection with LIBOR and EURIBOR manipulation, finding that the directions given to the jury in their trials were legally flawed. The original SFO investigation had resulted in multiple convictions of senior bankers for fraud. Following the Supreme Court ruling, the SFO has reviewed related cases and announced that similar issues with jury directions may render the convictions of five additional individuals—Jonathan Mathew, Jay Merchant, Alex Pabon, Philippe Moryoussef, and Colin Bermingham—potentially unsafe. Convictions for Peter Johnson and Christian Bittar, however, are considered secure. Affected individuals will now need to consider whether to pursue further review or appeal through the Criminal Cases Review Commission or the Court of Appeal.

The SFO has recovered £1.1 million from the sale of a Lake District property in its first case involving an Unexplained Wealth Order (UWO). The property was owned by Claire Schools, ex-wife of convicted fraudster Timothy Schools. Investigators found that the property was purchased using proceeds from Schools’ multi-million-pound investment fraud, which diverted investor funds from a “no win, no fee” law firm scheme for personal gain. The High Court granted the UWO in January 2025, and the property was sold in April.

HMRC has reportedly launched its first-ever corporate prosecution for the failure to prevent the facilitation of tax evasion offence - almost eight years after it was introduced under the Criminal Finances Act 2017.

Bennett Verby Ltd, a Stockport-based accountancy firm, has been charged in connection with an alleged R&D tax credit repayment fraud. Six individuals, including a former director, are also facing related charges. All appeared before Manchester Crown Court over the summer but did not enter pleas. The trial is provisionally listed to begin on 17 September 2027.

The case represents a significant milestone for HMRC, which has faced criticism for its apparent reluctance to use the legislation - prompting some to describe the offence as a “paper tiger.” The offence imposes strict liability on organisations where an associated person facilitates tax evasion and the organisation lacks reasonable prevention procedures. Crucially, there is no requirement to prove intent or knowledge by senior management, and conviction can result in unlimited fines.

While Bennett Verby is not the high-profile test case many anticipated, HMRC may be seeking to establish an early success before pursuing larger or more complex targets. Either way, the message is clear: the offence is active, and prosecution is a real risk.

Denmark’s tax authority, Skatteforvaltningen (Skat), has lost a £1.4 billion fraud claim in London’s High Court – in one of the largest civil fraud cases ever heard in the UK. The case centred on allegations that trader Sanjay Shah and his defunct hedge fund, Solo Capital Partners, orchestrated a scheme between 2012 and 2015 to obtain thousands of fraudulent dividend tax refunds through so-called ‘cum-ex’ trades. Skat claimed it had been tricked into paying more then 4,000 refund applications for taxes that had never been paid. In the judgment, Mr Justice Andrew Baker ruled that although some defendants acted dishonestly, Skat had not been legally misled. He described the Danish tax authorities’ controls for processing refund claims as “so flimsy as to be almost non-existent” and found that none of the 4,170 dividend refund claims reviewed as part of the trial, were valid under Danish tax law – all of them could have been rejected.

The ruling is a setback for the Danish authorities who have already secured Shah’s 12-year prison sentence in Denmark for related offences. In a statement, the Danish government said it’s tax authority “strongly disagrees” with the judgment and intends to appeal.

OFSI has already issued four monetary penalties and two disclosure orders in 2025 — a sharp rise from just one penalty in 2024 — reflecting an intensification of UK sanctions enforcement activity.

The latest monetary penalty, published on 30 September, involved Colorcon Limited, a UK pharmaceuticals provider, which was fined £152,750 for making funds available to designated Russian banks in breach of UK sanctions. In 2022, Colorcon’s Moscow office made 123 payments totalling £191,291 to employees and local service providers whose accounts were held at sanctioned Russian banks. While some payments were covered by an OFSI General Licence, OFSI identified 79 unauthorised payments made after the licence expired. The case was categorised as “serious”, with OFSI applying a 35% discount to the fine to reflect Colorcon’s cooperation — but noting that a four-month delay before self-reporting meant the disclosure was not considered “prompt”.

Earlier in the summer, OFSI imposed another fine, worth £300,000, on Markom Management Limited, this time for instructing a payment directly to a designated individual subject to an asset freeze. OFSI highlighted that the case underscores key lessons for firms of all sizes, including the need to:

• Understand and manage exposure to sanctions risks;
• Implement and comply with robust sanctions processes; and
• Promptly identify and report any suspected breaches to OFSI.

Notably, the underlying conduct in this case occurred in 2018 and was self-reported in the same year, demonstrating a seven-year lag before enforcement action was taken.

Separately, on 8 September, OFSI published a disclosure notice against Vanquis Bank Limited, a UK financial services provider regulated by the FCA, for breaches of the UK’s counter-terrorism sanctions regime. This marks only the third use of OFSI’s enforcement disclosure powers. The case concerned a delay by Vanquis in restricting the account of a UK-designated person, allowing the individual to withdraw funds and complete a transaction. OFSI assessed the breach as “moderately severe” and concluded that publication of an enforcement disclosure notice was the appropriate and proportionate response.

The Upper Tribunal has delivered its decision in The Information Commissioner v Clearview AI Inc [2025] UKUT 319 (AAC), providing important clarification on the territorial and material scope of the GDPR.

Clearview AI, a US-based technology company, operates a facial recognition search engine that collects publicly available images of individuals from the internet, converts them into facial vectors, and compiles them into a searchable database, which is made available to Clearview’s clients.

In 2022, the Information Commissioner issued Clearview with a Monetary Penalty Notice and an Enforcement Notice for alleged infringements of the GDPR.

Clearview appealed to the First-tier Tribunal (FTT), challenging both the ICO’s jurisdiction and the substantive basis for the Notices. The jurisdictional issue was determined as a preliminary matter. In October 2023, the FTT upheld Clearview’s appeal, finding that although its activities fell within the territorial scope of the GDPR (Article 3), they were outside its material scope (Article 2). On that basis, the FTT held that the ICO lacked jurisdiction to take enforcement action.

The Information Commissioner obtained permission to appeal to the Upper Tribunal in January 2025, and Privacy International was granted permission to intervene in April 2025. In its judgment, the Upper Tribunal allowed the Commissioner’s appeal and overturned the FTT’s decision. It held that Clearview’s processing activities did fall within the territorial of the GDPR, and that jurisdiction was not excluded by the material scope provisions in Article 2, confirming that the ICO did have jurisdiction to issue the Notices. The Tribunal remitted the matter to the FTT to consider Clearview’s remaining grounds of appeal relating to the substance of the Notices.

On 25 September 2025, the Competition and Markets Authority (CMA) announced that Ticketmaster has agreed to legally binding undertakings designed to improve transparency in its ticket sales processes. The undertakings follow from the CMA’s investigation into Ticketmaster’s sale of tickets for the ‘Oasis Live 25 Tour’, launched in response to consumer complaints about their purchasing experience. Ticketmaster’s voluntary commitments require it to:

• Provide fans with 24 hours’ notice when using a tiered pricing system;
• Display clearer price information during online queues to help fans anticipate costs;
• Ensure ticket labels are accurate and do not give the impression that some tickets are better than others when this is not the case.

Ticketmaster must implement the commitments within six weeks and will be subject to a two-year monitoring period. The commitments do not amount to an admission of any infringement by Ticketmaster.

The case was initiated under the previous consumer law regime, which limited the CMA to accepting voluntary undertakings or applying to court for enforcement. Following reforms introduced by the Digital Markets, Competition and Consumers Act 2024 (in force since April 2025), the CMA now has the power to issue infringement decisions for consumer law breaches and impose fines of up to 10% of a business’s global turnover.

For further analysis of this development, see our article on The Lens. 

On 3 October 2025, an updated guidance note was published on the information-sharing provisions in ECCTA. The guidance relates to the rules that came into force on 15 January 2024, designed to make it easier for anti-money laundering (AML) regulated firms to share customer information to prevent, detect, or investigate economic crime.

Previously, firms were often hesitant to share information due to concerns over breaching confidentiality or incurring civil liability. The updated framework clarifies that, under certain conditions, AML-regulated firms may share information directly with each other or indirectly via third-party intermediaries.

The revised guidance reflects developments from the Data (Use and Access) Act 2025 and provides practical guidance on meeting the requirements for both direct and indirect sharing. While it does not prescribe specific technical solutions, the guidance does recommend that firms adopt robust security measures, maintain transparent governance frameworks, and ensure UK GDPR compliance. Firms are also encouraged to pilot new technologies with external support before full implementation.

Additional sections cover - reporting to law enforcement agencies, data protection, and customer redress, and highlight the importance of:

• Avoiding breaches of tipping-off rules or actions that could prejudice ongoing investigations.
• Ensuring information sharing aligns with UK GDPR, including the new legitimate interest established under the Data (Use and Access) Act 2025 for detecting, investigating, or preventing crime and prosecuting offenders.
• Keeping a clear audit trail of all information exchanged, to support accountability and assist with possible complaints and redress.

Overall, the updated guidance is intended to give AML-regulated firms greater confidence and clarity in sharing information safely, while supporting broader efforts to combat economic crime.