After a freezing start to 2025, we are back and all go for an interesting year ahead.

Compliance and risk remain challenging, with 2025 looking to be another year of pushing boundaries. Tensions include a looming global trade war, continuing geopolitical turmoil, heightened climate concerns, and increasingly sophisticated cyber attacks. 

January is the optimal time for businesses to review risk registers against management plans and goals for the next 12 months, noting the challenges but also identifying potential opportunities and where it is possible to get ahead of the compliance curve by proactively managing risk. There are a number of hot compliance and risk topics for 2025. Here, we seek to offer foresight and insight on what to expect and connect you across our team at Burness Paull who can provide a full range of support, including guidance on changes in the law, compliance advice, training, and resolving a dispute. Many of the topics are related. You can rely on us to collaborate to get you the right advice for any risk you may be facing.

1. Cyber risk

Businesses need to develop risk management strategies (including diversification across technology suppliers) to counter the risk of increasing concentration of service providers. With the rise of AI and automation, businesses using the technology need to have appropriate arrangements in place to manage the risks. In addition, organisations should proactively manage the risk of cyber attacks, recognising that the sophistication of these attacks is frequently now also enhanced by AI and state sponsorship. We have worked with many clients in the last 18 months who have sadly been affected by cyber attacks. The fast-paced change of technology means that cyber attack vectors, as well as the impact of any cyber attack, are dynamic and fundamentally different than they were even just 12 months ago. If this topic has not already been on your risk register and board agenda it should be on or near the top of your list. Always better to be prepared, so talk to our expert team now if you have not already engaged: we can help you assess risks and take preparatory steps including creating and testing an incident response plan, all of which amount to strong mitigation and lines of defence in the event of any breach trade control and sanctions.

2. Global trade

If a global trade war ensues, compliance around trade and international sanctions presents a real risk. The end of 2024 saw an announcement detailing an enhanced partnership between UK and US sanctions agencies and efforts to work together on regulation and enforcement, hinting at possible alignment between UK and US sanctions regimes. In the UK there have been significant changes to the reporting obligations: any firm with reporting obligations must now report any suspected regulatory breach of sanctions regulations to the UK’s Office of Financial Sanctions Implications (“OFSI”). Historically, only suspected criminal offences required to be reported to OFSI. On 14 May 2025, the expansion of reporting requirements will extend to insolvency practitioners and letting agencies. These changes, while not requiring an overhaul of sanctions compliance systems and controls, do represent a notable shift, potentially increasing risk exposure, so should be considered as part of ongoing assessment of compliance programmes. If you think you might be affected by the changes do get in touch.

3. Supply chain security

Any business with an international footprint (or dependent upon international suppliers) will be looking closely at the trade position, including risks of conflict. The security of any supply chain depends on knowledge and due diligence that is key to informing appropriate mitigation measures, whether that be having robust commercial terms, data management, tax relief, procurement, protecting your assets (including intellectual property), protecting your people or the environment. An increasingly tense geopolitical climate, and an increasing trend towards deglobalisation and resource nationalism, introduces or reinvigorates supply chain risk beyond traditional physical risks, including cost and inflationary pressures (and associated insolvency risks), currency fluctuations, data breaches and reputational attacks. All of these can create distinct risks for businesses, often creating the opportunity for internal risk, including corruption or other damaging behaviours. We have experts across all areas who can assist, mapping risk and identifying robust mitigation measures.

4. UK data protection law

Change is coming to the UK’s data protection legislative framework if a bill is enacted as proposed. The Data (Use and Access) Bill aims to foster data innovation and economic growth. If enacted, the changes would lead to considerable divergence between UK and EU data protection regulations regarding data subjects’ rights and automated decision making by AI systems. One to watch and our data experts are on hand to keep you updated.

5. New failure to prevent fraud offence

The offence comes into force on 1 September 2025. It was introduced by the Economic Crime and Corporate Transparency Act 2023 and was part of the UK’s efforts at tackling financial crime. It is an expansion of the corporate failure to prevent model that we are all familiar with now in relation to bribery and tax evasion but is significant. The Serious Fraud Office has been clear that businesses now have less than nine months to “get their house in order” or face criminal investigation. The UK Government guidance issued in November 2024 is essential reading for those whom the legislation applies, to understand what is required by way of compliance and providing a framework for relevant organisations to establish effective and proportionate fraud prevention measures. Our corporate crime team can help on compliance or with any internal investigation into suspicious activity that may be uncovered as part of compliance work.

For many of our clients the pace of risk is the biggest stressor. We can help you manage the risks and manage the stress. This blog does not detail every risk, other regulatory risks including ESG related risks and class actions remain. However, the only constant is change. While it may be uncomfortable, assessing and managing risks (including taking stock of emerging risks) is the only way to be best placed to seize any opportunities. 

Our disputes group brings together experts in contentious matters from the firm’s commercial litigation, health & safety, corporate crime, employment & immigration, construction & projects, public law & regulatory, planning & environment, and family law teams. Together with 30 partners and 90 fee earners, we have one of the largest disputes teams in Scotland that is here to support you with any risks you may face. We’re not just on hand to help when things go wrong, we can help you to prepare your organisation to deal with current and future risk, and ensure that your business is protected by helping to avoid and mitigate risks and improve its risk resilience. 

We're currently planning our spring risk conferences in Glasgow (Tuesday 25 March) and Edinburgh (Wednesday 26 March), please save the date and we will be in touch with further details shortly. 

Our key contacts are listed below. Please do get in touch on any of the topics. We would love to work with you in 2025.

Written by

Related News, Insights & Events