Elevate your Compliance and Security with Intelect.
Our monthly round up of news items which are of particular relevance to those businesses regulated for the purposes of Anti-Money Laundering.
‘We help you keep criminals and their money out of your business PLUS keep you on the right side of the regulators.
Cyber Security
SAS data leak exposes the high stakes of careless sharing
In a blunder that shattered assumptions about the safety of sensitive data, the British Army has launched a high-profile inquiry after the identities of elite SAS soldiers were exposed in a significant data breach spanning more than a decade.
Details of at least 20 Special Forces operatives, previously considered highly confidential, had been accessible online via regimental publications without the necessary safeguards, demonstrating how unchecked data sharing can have dramatic consequences even in the highest security settings.
The chain of mishaps included not just inadvertent postings by regimental associations but also previous breaches in which details of 18,700 Afghan allies alongside UK intelligence and Special Forces operatives were wrongly shared in an unprotected database. Some affected individuals have since received protection, but the implications are profound: information intended for a limited audience quietly drifted into the public domain, dramatically increasing the risk to national security and individual lives.
This incident underscores a critical lesson for any organisation, not just defence systems, and staff often underestimate where shared data may ultimately end up. The SAS breach makes clear that even well-meaning communication or routine information sharing can spiral out of control unless every link in the chain is conscious of the risks and ramifications. Data, once released, cannot be recalled, and the fallout can be lasting and severe.
Comment – Are you taking the appropriate level of care and security for sensitive data in your possession? Is it time for a cyber security risk assessment? We can help.
Organised Crime
Gucci-clad ‘Gangster Granny’ shows that no customer is truly low risk
In a case busting the myth that criminals “look the part,” Deborah Mason dubbed the ‘Gangster Granny’ led a nationwide, multi-million-pound cocaine ring while maintaining the image of an unremarkable pensioner.
Mason, 65, orchestrated one of the UK’s largest recent drug operations, using her family as couriers to move up to £80m worth of cocaine across the country, all while receiving over £50,000 in benefits and flaunting designer goods, even treating her cat to a £390 Gucci collar.
Mason’s operation exploited typical low-risk perceptions by blending into suburbia. She ran frequent, high-value deliveries using rental cars and supermarket bags, directed relatives via encrypted messaging apps, and coordinated shipments from ports to cities nationwide. Astonishingly, she travelled for holidays with her daughters and even her supplier, all while keeping the network’s activities largely invisible to their local communities.
This case drives home a crucial compliance message: outward appearances and “low-risk” customer profiles can be dangerously misleading. Mason’s family-led operation, fuelled purely by greed and glamour, highlights the need for vigilance and robust source of wealth checks, regardless of age, lifestyle, or apparent background. Organised crime does not always wear a hoodie, it can just as easily be a granny in Gucci.
Comment – Never assume that any customer is low risk, ensure you conduct relevant checks and risk assessments, and keep records, this is where Investigation Engine comes into its own.
Regulatory
Banks in the crosshairs, FCA and FINTRAC clamp down in July 2025
Sweeping regulatory penalties landed in July 2025 as three major financial players—Barclays, Monzo, and Canaccord Genuity Corp—were hit with multi-million pound and dollar sanctions for failings in anti-money laundering and financial crime controls.
Barclays received a headline £42m fine for lapses linked to dirty money risks, including relationships with clients involved in high-profile criminal probes.
Monzo was fined £21.1m for onboarding tens of thousands of high-risk customers despite explicit regulatory instructions to halt such activity.
Meanwhile, Canadian watchdog FINTRAC imposed a CA$544,500 fine on Canaccord Genuity for failing to report suspicious transactions and implement robust risk procedures.
Each case revealed systemic shortfalls:
Barclays
Failed to adequately assess and manage money-laundering threats, allowing suspect funds to flow through client accounts even after regulatory warnings about connected criminal activity. Significant voluntary ex gratia payments were also agreed to benefit victims.
Monzo
Its rapid growth outpaced its ability to vet risky new customers and maintain compliance, breaching formal restrictions and opening accounts with scant due diligence, sometimes accepting obviously implausible information.
Canaccord Genuity Corp
Censured for missing clear red flags on client transactions, overlooking suspicious patterns, and neglecting negative media reports in their due diligence reviews.
These fines are part of a marked trend UK and North American regulators are signalling heightened scrutiny across the financial services sector in 2025.
The focus is now clearly on operational resilience, robust compliance culture, and proactive detection of both consumer harm and financial crime.
Institutions, whether established banks or fintech challengers, face sustained pressure to innovate on controls or risk high-profile enforcement and reputational damage.
The inconvenient truth, vigilance is not optional in the eyes of today’s regulators.
This document tells you everything you need to know
Comment – Do you want an effective tool to help manage you due diligence and risk assessment responsibilities? Look no further than Investigation Engine.
