Issue 3 Q3 2025
FEATURING
Compliance to competitive advantage
Regulatory trends and navigation strategies for multinational companies
Prev. article
Next article
Issue 2 Q2 2025
Introduction It is my pleasure to introduce the third edition of Risk Quarterly, a publication designed to provide clarity on today’s fast-evolving risk landscape and what it means for global business. This edition brings together insights from Clyde & Co lawyers around the world, alongside contributions from external voices, on the most pressing risks facing boards, general counsel, and senior business leaders today. Regulation remains a key challenge for multinational businesses navigating a complex and shifting global landscape. In our lead article, Lucille Dolor, a highly regarded ethics and compliance consultant, offers a compelling view on how strong governance, ethical leadership, and values-based decision-making can underpin sustainable growth, particularly in decentralised and high-risk environments. Building on this, she explores how organisations can manage increasingly divergent regulatory regimes while transforming compliance into a source of strategic advantage. From data and AI governance to economic crime, climate accountability, and operational resilience, she examines how embedding integrity at the core of business operations can drive success in a fragmented and demanding world. This edition also summarises the findings of our latest Corporate Risk Radar, based on insights from over 400 business leaders globally on the risks that are top of mind. We unpack a range of emerging threats, including the growing implications of water scarcity and the evolving liabilities linked to the use of lithium batteries. As AI continues to reshape business operations, we explore how it is transforming data centres, examine the risks posed by ‘silent AI’, and consider the legal implications of AI-washing. At Clyde & Co, we believe that risk—when handled strategically—can be a source of resilience and differentiation. Drawing on deep experience across jurisdictions and industries, we’re proud to share practical insights to support our clients in turning challenge into opportunity. We hope you find this edition thought-provoking and valuable. Our thanks go to everyone who contributed their time and insights. If there are risk areas you’d like us to explore in future issues, we welcome your ideas at riskquarterly@clydeco.com.
Sam Tate Partner and Global Head of Regulatory and Investigations, London
headshot 200x200px
Back to contents
Introduction It is my pleasure to introduce the second edition of Risk Quarterly, a publication designed to provide insights on the ever-changing risk landscape and its implications for business. Risk Quarterly draws insights from our annual Corporate risk radar report, featuring perspectives from Clyde & Co lawyers globally on the key risk areas that are top priorities for C-suite executives, in-house legal teams, and claims departments. With 71% of businesses using genAI in at least one business function, this edition reframes the AI conversation by exploring a less discussed but critical perspective: the risks of not adopting AI, using it as a cornerstone of any future-proofed strategy. We also explore the transformation of HR through AI. Also in this issue, we look at the insurance risks of green technologies, the latest developments in cyber risk, the rise and cost of obesity drug use and the global impact of shifting tariffs. At Clyde & Co, we believe that nobody handles risk like we do, bringing to life the legal expertise we have managing emerging risk and handling new commercial complexities borne out of nearly a century operating at the heart of global commerce. We hope you find real value in this edition. If there are topics or themes you would like to see covered in future editions, please let us know at riskquarterly@clydeco.com.
By Lucille Dolor
Global Directors’ and Officers’ survey report 2024/2025
Is buying land in Africa a high-stakes gamble?
Green technology Risks for 2025
Adjusting to major global market shifts as tariffs hit home
5 key steps employers should take when using AI in the workplace
The year in virtual assets 2024 recap, 2025 preview
Cyber risk rundown
The rise of obesity drugs
Analysing and planning for the unknown
Emerging risk
Corporate risk radar
Senior leaders’ perception and management of risk
In this issue...
Introduction Kevin Sutherland
Scroll down
The shifting power dynamic, conflicts, and uncertain economic outlook are influencing how governments and international bodies are designing and enforcing regulations. There are different views as to whether globalisation has ended but what is evident is that there is an increased imposition of trade tariffs, sanctions, and localisation mandates driven by the upsurge in protectionism. National interests are also shaping policy. India’s new personal data protection law mandates local data storage and processing in order to boost national security and domestic AI development2. Conversely, regions and countries keen to develop regional cooperation and growth and attract investment are seeking to streamline and harmonise regulation to provide a consistent and predictable environment. By way of example, the European Commission is aiming to simplify European Union (EU) rules on sustainability and investments which could deliver over EUR 6 billion in administrative relief3 and the UK Government published its agenda to reform the regulatory landscape to support growth and innovation4.
Geopolitical and economic landscape equals regulatory quagmire
What this results in is a global regulatory environment marked by divergence. Some regions are accelerating deregulation to fuel competitiveness, for example, data centre deregulation in Latin America or the US’s push to loosen AI oversight to retain technological dominance1. Elsewhere, rising concern over the societal costs of economic crime is prompting a tightening grip, though enforcement remains uneven across countries.
Compliance to competitve advantage
In some markets, we are seeing greater cohesion and harmonisation, while in others, increasing fragmentation and divergence. Since his re-election, Trump has delivered a seismic shift with a pro-business deregulatory agenda in areas such as food and drug administration, ESG and AI. But there is divergence between Federal, State, and local laws and between States, often shaped by political and social ideologies. These factors and varying approaches have converged to create a complex regulatory environment with overlapping and conflicting priorities, further complicated by the extra-jurisdictional reach of many laws.
The US, focused on national interests, is leaning towards deregulation, favouring market-driven progress over tight controls. The EU, by contrast, is charting a rights-first course: its AI Act puts human rights and privacy at the forefront, backed by strict enforcement — including fines of up to 7% of global turnover for serious breaches. The UK, still carving its post-Brexit identity, is considering a potential shift away from its 2024 AI Action Plan with the reintroduction of the AI Bill which, if passed in its current form, would impose AI-specific legal obligations, demonstrating the current policy debate in the balance of encouraging innovation and mitigating risk. Over in Asia, South Korea is blending light-touch rules with innovation incentives in its AI Framework Act, due to take effect in 2026. Japan, too, is prioritising research and growth, having passed its AI Bill in May. Meanwhile, several Latin American countries — including Brazil, Peru, and Chile — are aligning with the EU’s risk-based model, suggesting a global fault line is emerging between those who consider that risk management and innovation may work in tandem and those who view risk management as a stifler of innovation.
The big issues: AI, data protection, fraud, operational resilience
Data protection We continue in a data-driven era and laws are rapidly expanding across the globe to manage data-related risks. Whilst the initial focus of the legislators was on the protection of personal data, we are now seeing an increase in regulation to address risks associated with both personal data and non-personal data). The EU’s data protection landscape, shaped by GDPR, continues to evolve through regulatory guidance and enforcement and more recent data and digital laws including the Digital Services Act, the Data Act and the Data Governance Act. The UK’s Data (Use and Access) Act (DUAA) received royal assent in June 2025. With phased implementation underway, it introduces updates to existing UK data legislation designed to modernise UK data protection law, balancing innovation with privacy safeguards. It will make it easier for organisations to reuse personal data in specific circumstances such as scientific research and introduces the concept of recognised legitimate interests (RLIs).
AI regulatory divergence The lack of harmonisation and potential inoperability of national AI frameworks pose a challenge for MNCs. We will see the rise of “AI Havens,” with some businesses opting to operate in countries with less stringent regimes and lighter accountability.
AI governance committees AI governance frameworks are becoming crucial for companies using AI to drive growth. Some are forming AI committees to provide oversight; one such company has established a cross-functional team including legal, ethics, compliance, security, IT, marketing, sales, and product development etc. This organisation is also using the stringent risk classification standards of the EU AI Act to assess risks. It chose to adopt standards from the strictest regulatory regime because it aligns with its principles and values and will engender stakeholder trust.
Fraud The UK is taking a significant step forward in tackling “outward fraud” with the introduction of the new corporate offence of failure to prevent fraud effective from September. In short, this offence will hold companies criminally liable for failing to prevent fraud, unless they can demonstrate that they had reasonable fraud prevention measures in place. This law shifts focus from fraud committed against the organisation to fraudulent actions of its employees or agents that may benefit the company at the expense of shareholders, investors or customers. MNCs that fall within the scope of the legislation should already be conducting risk assessments and gap analysis to identify and gauge fraud risks and assessing existing fraud prevention procedures to leverage and/or adapt, as necessary. Conducting these and other compliance risk mitigations required by statutory guidance is the only defence to prosecution.
Operational resilience Recent events such as the pandemic, the 2023 collapse of Silicon Valley Bank, disruptions caused by the 2024 CrowdStrike IT outage, interruptions to UK banking services earlier this year, the closure of Heathrow Airport in March, and the Spain power outage underscore the urgent need for robust operational resilience.
In today’s world, cyberattacks are becoming increasingly common. Climate change and geopolitical events can also severely disrupt business operations and regulators are taking notice. There’s a growing wave of regulations aimed at ensuring businesses can withstand, respond to, and recover from operational disruptions, particularly in the financial and other critical sectors. The EU’s Digital Operations Resilience Act (DORA) is a key piece of legislation designed to ensure that financial entities and their critical third-party service providers can maintain operations during severe disruptions caused by cyberattacks and ICT issues. The UK’s operational resilience framework mandates that UK-regulated firms identify important business services, set impact tolerances, and conduct scenario testing. Meanwhile, regulators in the US, Canada, Mexico, South Africa, Hong Kong, and Saudi Arabia are all introducing their own frameworks. For firms operating across different jurisdictions, it’s crucial for them to analyse their ecosystems to identify and understand regulatory overlaps and gaps to achieve robust compliance.
Reference list
The White House. (2025, January 23). Removing barriers to American leadership in Artificial Intelligence Ahuja, K., Bhatt & Joshi Associates. (2024, August 6). The impact of data localization requirements on global trade: A case study of India’s data protection laws. European Commission. (2025, February 26). European Commission simplifies rules on sustainability and EU investments. UK Government. (2025, March 31). New approach to ensure regulators and regulation support growth. OECD.AI. (n.d.). OECD AI Policy Observatory. https://oecd.ai/en/ California Lawyers Association. (n.d.). Privacy Law Guide. https://calawyers.org/section/privacy-law/privacy-law-guide/ U.S. Securities and Exchange Commission. (2025, June). Cybersecurity Risk Management, Strategy, Governance, and Incident Disclosure. https://www.sec.gov/rules-regulations/2025/06/s7-17-22 Clyde & Co. (2025, June). Corporate Risk Radar: Operating in a web of complex risks. https://www.clydeco.com/en/reports/2025/06/crr-operating-in-a-web-of-complex-risks Hartwell, C. A., & Devinney, T. M. (2024, April). The demands of populism on business and the creation of “corporate political obligations”. International Business Review. https://www.sciencedirect.com/science/article/pii/S0969593122001032#:~:text=We%20term%20these%20demands%20on,and%20overt%20displays%20of%20nationalism Barlow, A. (2018). Profiting from Integrity: how to use the pro-integrity business model to deliver superior profitability. Big Innovation Centre (2016, June). The Purposeful Company Interim Report Byrne, E. S. (2025, March 13). The Five-Year Ethics Premium Shows How Integrity Pays Off. https://ethisphere.com/the-five-year-ethics-premium-shows-how-integrity-pays-off/#:~:text=Ethisphere%27s%20Five%2DYear%20Ethics%20Premium,January%202020%20to%20January%202025 Azmi, R. A. (2006, July). Business Ethics as Competitive Advantage for Companies In the Globalization Era. Azmi, R. A. (2006, July). Business Ethics as Competitive Advantage for Companies In the Globalization Era. https://papers.ssrn.com/sol3/papers.cfm?abstract_id=1010073 Clyde & Co. (2025, June). Corporate Risk Radar: Operating in a web of complex risks. https://www.clydeco.com/en/reports/2025/06/crr-operating-in-a-web-of-complex-riskslyde & Co. (2025, June). Corporate Risk Radar: Operating in a web of complex risks. https://www.clydeco.com/en/reports/2025/06/crr-operating-in-a-web-of-complex-risks
Business Ethics & Compliance Consultant
rom geopolitical fragmentation and economic volatility to breakthroughs in Artificial Intelligence (AI)
F
and data innovation, a powerful confluence of forces is reshaping the global regulatory landscape. Governments are responding, placing AI, data privacy, climate risk, and systemic resilience at the top of their agendas. At the same time, public expectations are evolving, and regulators are being pulled in opposing directions: the drive for innovation and growth on one side, and the imperative to combat economic crime, protect the environment, and safeguard privacy on the other.
The question to ask is, how can multinational companies (MNCs) not only keep pace with this evolution and divergence, but transform regulatory compliance into a driver of competitive advantage?
View Figure 1 here
Global regulatory landscape Diverging factors create tension and complexity
Super governance
Fragmentation
Simplification
Divergence
Interventionist
Deregulation
Cohesion
Harmonisation
Self-Regulation
Figure 1
Meanwhile, the pace of change is accelerating in regions like the Middle East and Asia-Pacific, with laws such as Indonesia’s Data Protection Law and India’s Digital Personal Data Protection Act coming into force in the near future. In Latin America and the Middle East, countries
are drafting new regulations inspired by the EU’s GDPR model, reflecting a broader global convergence toward more comprehensive data governance but with important differences which MNCs must address in their compliance models.
Data use and access - UK pivots away from EU context-based approach RLIs are a statutory list of pre-approved lawful public interest bases for which personal data may be disclosed. The exemptions afforded by RLIs will introduce a new layer of complexity for MNCs operating in the UK and EU. They will need to reconcile the RLI exemptions with the GDPR’s requirement for a case-by-case contextual balancing test.
Regulatory complexity is driving increasing divergence
AI: Over 60 countries and the European and African Unions have AI policies and strategies. These range from super prescriptive governance such as the EU AI Act to light regulation in pro-innovation regimes. See: OECD AI. Policy Observatory5.
US environmental, social and governance (ESG): The US ESG regulatory landscape is changing rapidly. At the Federal level, differing priorities and anti-ESG sentiment have led to the withdrawal of the US SEC’s Enhanced Climate Disclosure rules. See: US SEC Final Rule on ESG Enhanced Disclosures7.
At state level, California is implementing pro-ESG mandates, requiring large businesses to report on climate emissions and financial risk. Other states, such as Colorado, Maryland, Oregon, and Utah, are also implementing pro-ESG mandates. Conversely, some states are enacting anti-ESG investing laws, for example, targeting financial institutions that invest in state assets or contract with states.
Data privacy: The US has a patchwork of Federal, State, and local data privacy regulations. Sector-specific laws also exist at state and federal levels. California alone has in excess of 20 data privacy laws including the extensive Consumer Privacy Act. See: Privacy Law Guide - California Lawyers Association6. States have diverging consent standards. Definitions of what constitutes a “sale” of data also differs across states.
Data protection frameworks are being enacted in Asia ranging from heavy to moderate regulation. New privacy laws are also being passed in Latin America modelled around GDPR.
Corporate Risk Radar 2025 notes that an increasingly complex regulatory burden continues to challenge businesses, with rising regulatory and compliance obligations materially impacting their investment and growth plans8. Regulatory over-reach, speed of change and divergence plus the sheer scale of regulatory regimes have created a difficult environment for MNCs to navigate. These factors have the potential to stifle innovation and growth.
Challenges for MNCs
What’s on the horizon
In the medium term, we can expect geopolitical uncertainty, protectionism, supply chain threats, and the tough economic outlook to continue to drive regulatory complexity. Populist governments will push “Country-First” policies, imposing “Corporate Political Obligations9 “ on MNCs, including localisation mandates, and increased trade barriers. National security concerns will drive up state ownership in critical sectors. Technological advancements, data privacy concerns, climate change, and the notion of certain businesses being “too big or critical to fail” will influence regulatory developments in AI, data, operational resilience, cybersecurity, and climate change. However, the need to boost competitiveness and innovation will lead to some deregulation and simplification. We are already seeing this – for example, with the EU’s Omnibus Simplification Package on ESG.
Impact of populism - Localisation mandates Given the geopolitical and regulatory challenges, it is likely that some businesses will scale back their global operations and new market entry. For others, entry into selected and high opportunity markets will be part of their growth strategies. For the latter, the development of dynamic playbooks looking at political, investment, sector, country, regulatory risk, etc., will help them navigate with agility. A refresh of existing operating procedures for entering into strategic partnerships and joint ventures should be conducted to reflect the new risk environment. MNCs should review the makeup of their investment committees to ensure the right people are considering the gamut of risks.
Regulatory compliance to competitive advantage
We can expect regulatory complexity to persist in the near to medium term. Businesses must navigate this proactively and position themselves to leverage the current landscape. Companies need to embrace strategies like operating with high integrity, leveraging technology, and improving their ability to anticipate future trends. The following explores several of these strategies and highlights how building an ethical culture can deliver a lasting competitive advantage.
The business case for high integrity – Tangible and quantifiable
Adopting an ethics strategy as a competitive advantage is often promoted, from driving innovation to attracting and retaining talent. Alan Barlow, in his book Profiting from Integrity, shows through case studies that when CEOs lead with heightened integrity, superior financial performance follows10. In 2016, the Big Innovation Centre called for UK companies to be more purposeful, demonstrating how purposeful companies align business success with purpose and outlined measurable benefits of operating with purpose as set out in Figure 211. The case study company in Barlow’s book delivered against all the metrics.
Superior share price performance
Improved accounting and operational performance
Lower cost of capital
Improved recruitment, retention and motivation of employees
Less adversarial industrial relations
Larger firm size and decentralisation
Smaller regulatory fines
Greater resilience in the face of external shocks
Figure 2
Measurable business benefits from being a Purposeful Company
Source: The Purposeful Company, Big Innovation Centre 2016
View Figure 3 here
A purposeful company is one that exists not just to generate profit but to contribute positively to society. These businesses are better positioned to battle geopolitical and regulatory headwinds, crisis, and disruption. They are more resilient and sustainable. The Johnson & Johnson (J&J) Tylenol case powerfully demonstrated J&J’s commitment to purpose and values by prioritising public safety over profit, recalling Tylenol products from every outlet globally not just the state where the tampering occurred. Figure 3 highlights the impact of the Tylenol poisoning and the decisions taken by J&J leadership.
ETHICS PREMIUM
Earlier this year, Ethisphere published its annual list of the World’s Most Ethical Companies®. 2025 honourees outperformed comparable global companies by 7.8%, demonstrating the alignment between ethical practices and financial success. Ethisphere considers the 7.8% premium to be a respectable number: given wider signs of economic headwinds and uncertainty12. This correlation has been evident since Ethisphere began the calculation 19 years ago. There is a strong business case for a high integrity culture. It’s not just a “nice to have” – it can deliver growth and profitability.
CREATING COMPETITIVE ADVANTAGE THROUGH AN ETHICAL CULTURE
To leverage integrity or ethics as a competitive advantage, firms need to pivot from the “Ethics of Scandal” to the “Ethics of Strategy.13” At the moment, enforcement trends and activity is causing much consternation within the in-house regulatory legal and compliance community. But a fundamental shift in thinking and approach is required to navigate the new geopolitical and regulatory landscape. “It is increasingly important for companies to deal with ethics as a corporate strategy that, if uniquely implemented, could achieve competitive advantage for the company.14” The key point here is “uniquely implemented.” Best practice abounds, but businesses need to develop and embed an ethics strategy tailored to their own business strategy, ambitions, operating model, go to market strategies, territories, and markets. That uniqueness will be the “secret sauce.” That said, we share some strategies for businesses to consider.
The decision guide itself was and is not unique – many companies have them. What was distinctive was a sales leadership team that had embraced driving an ethical culture and understood its value in helping it achieve its commercial objectives.
the power and shadow of leadership
The writer has long argued that building an ethical culture is not solely the responsibility of the General Counsel (GC) or legal or compliance function, but all business leaders including the CEO. Evidence shows that leaders who model a company’s values and ethical standards inspire and motivate employees and foster discretionary effort. Beyond this, an ethics strategy calibrated around purpose and competitive advantage should, with time, create a culture where ethics and compliance considerations form part of decision-making as it relates to matters such as strategy, the business model, objective setting, new product development - even if the General Counsel or Chief Integrity Officer is absent from the room.
Sales team integrity leadership
An “Ethics Decision Making Guide” app was developed by a multinational corporation operating and selling its products in over 80 countries following the launch of a new Code of Ethics. This new Code sought to embed ethical culture as a competitive advantage.
The sales leadership team in one of the Group’s business units decided to pre-load the app onto the mobile phones of all new sales staff. During their induction, alongside discussions on sales strategies, targets, markets, and the customer landscape, the sales leadership presented the new recruits with their phones - introduced them to the app, emphasised the Group’s values, the importance of conducting business ethically, and provided guidance on making high-integrity business decisions.
Innovative thinking
Business leaders, GCs and Chief Compliance Officers are encouraged to be innovative in their thinking in leveraging an ethical culture, navigating the regulatory landscape, and achieving positive compliance outcomes. Companies must also break down silos and make integrity a commitment across the entire organisation. There should also be a deliberate alignment between the ethics and business strategies.
Purpose before profit: Johnson & Johnson, the Tylenol case
Figure 3
We believe our first responsibility is to the doctors, nurses, and patients, to mothers and fathers, and all others who use our products and services.
The J&J Credo
IMPACT of crisis
IMPACT of response
Tylenol accounted for 17% net income in 1981
Share of GBP 1.2 billion analgesics market plunged from 37% to 7%
USD 100 million spent on 1982 recall and product relaunch
Share price drop from 52 week high
Tough decisions created goodwill for J&J
Share price rebound within two months
Regained 30% share of market within a year
View Figure 4 here
Case study
Leveraging business strategy to deliver positive business and compliance outcomes
In one MNC, leaders used a change in the business strategy to deliver a critical compliance objective. Its business strategy had been updated to have a customer-centric value proposition. This meant a move from selling products (predominantly through intermediaries) to developing customer intimacy. Leaders were able to calibrate the imperative to reduce and mitigate intermediary risk around the new business strategy. In one of the Group’s larger business units, this resulted in a reduction in order values via “one-off intermediaries” from a historic 72% to 1% and an increase in order values via direct sales from 4% to 62% in a high risk but critical market.
In this case study, the ability to leverage the business strategy in this way reduced margin attrition for the business and improved its regulatory risk posture.
Interplay of regulatory compliance and high integrity
Upholding integrity and strong ethical standards is essential for long-term success. To translate these values into effective action, businesses need the right tools, foresight, and capabilities to navigate today’s complex geopolitical and regulatory environment.
Implementing a zero-tolerance bribery policy in markets with endemic facilitation payments
An Industrial MNC faced significant challenges with facilitation payments in an overseas market, including issues with product flow through customs. Instead of simply imposing a strict zero-tolerance policy, group and regional leadership showed care for the local team. They acknowledged the challenges and worked closely with the country manager to develop resistance strategies that protected employees and achieved positive compliance and business outcomes.
Horizon scanning
The following are additional strategies and enablers that can help companies embed ethical commitments into everyday decision-making and strategic planning.
Companies that operate globally will need to get sophisticated in their horizon scanning. This is a strategic tool for business leaders and legal professionals to anticipate risks, trends and opportunities that will impact their businesses.
Outside counsel
Effective and close working relationships with outside counsel, who have deep understanding and knowledge of your business and industry sector, can deliver valuable advice and input in understanding the regulatory landscape, helping companies zero in on the interconnectedness of risks and spot opportunities.
Intelligent management of risk
Businesses have and will prioritise compliance with regulations that are enforced15. That said, a more nuanced approach to compliance would be to look beyond enforcement to regulations that have the most potential to impact growth strategies and operations.
AI can help - Leveraging technology
Companies should use regulatory intelligence tools for existing or new markets – using powerful technologies and AI for information and data analysis. AI can help
Capability
Organisations should invest in and develop robust multi-disciplinary capabilities, beyond just legal and regulatory compliance, to proactively navigate risks and seize opportunities.
The geopolitical and regulatory landscape will remain dynamic and complex. We will continue to see this complexity in the form of divergence and fragmentation versus harmonisation, simplification and de-regulation, new corporate political obligations and increasing interconnectedness of risks. Businesses that will win will be those that operate with purpose and high integrity, are agile and have strategic flexibility.
Click photos to find out more
MEET THE AUTHOR
Lucille Dolor Business Ethics & Compliance Consultant
Five-Year Ethics Premium: 7.8%
Figure 4
*Selective GBS Global market all cap USD index TR
The listed 2025 World's Most Ethical Companies® Honorees outperformed a comparable index of global companies by 7.8% from January 2020 to January 2025
Lucille Dolor is a legally qualified Business Ethics & Compliance (E&C) Consultant who helps global businesses achieve ethical, sustainable growth while maintaining strong financial performance. Lucille works with boards and leadership teams to build integrity-led cultures and drive values-based decision-making, particularly across decentralised, cross-border environments. She is adept at aligning diverse teams around a common purpose and designing and developing robust governance and compliance frameworks that enable and protect the business. She positions ethics and regulatory compliance as a source of competitive advantage, integrated with strategy, culture, and commercial objectives. She has deep experience operating in high-risk, operationally complex markets and has led global compliance programmes across a number of regulatory areas. Prior to embarking on her consulting career, Lucille worked in a cross-sector of global businesses in senior governance, business ethics and compliance roles. A recognised voice in her field, Lucille champions business integrity and contributes to the wider E&C community through public speaking, thought leadership and cross-sector engagement.
businesses keep abreast of legal and regulatory changes across different operating territories. It can also deliver operational efficiency and aid monitoring, reporting, and risk mitigation. Organisations should ensure they understand the AI model they are using to ward against the risk of inaccurate reporting.
AI Governments and businesses are eager to harness AI’s growth potential. However, there’s a growing need to manage the legal, data privacy and usage, social, and environmental risks associated with it. Different countries are introducing frameworks based on their unique situations and interests.
B
The evolving risk landscape through the lens of leading decision-makers
Corporate Risk Radar
Taking decisive
MEET THE Authors
Ben Knowles Partner & Chair of the Global Arbitration Group, London
Jared Kangwana Managing Partner, Nairobi
Eva-Maria Barbosa Partner and Chair of the Global Corporate & Advisory Group, Munich
action as risks interlink
usiness risks are diverse and constantly changing in the modern world, but in the past few years, they have become more
For 8 years, we have charted the views of C-Suite decision-makers, board members, General Counsel and in-house legal teams around the nature of risks their organisations are facing and their readiness to meet those challenges in our Corporate Risk Radar report. This year’s edition reveals that operational risk, on which all other risks have a bearing, has jumped to the top of the risk rankings, up from 6th place last year. The findings also suggest that, although there is much uncertainty, particularly around how the geopolitical situation will play out, many business leaders around the world are clear-sighted about the critical challenges ahead, and for the most part, feel ready to tackle them.
interconnected, and the threat level has intensified. In 2025, the landscape has been rocked by sudden geopolitical shocks, alongside intense economic pressures, increasing regulatory complexity and radical technological change, all of which are having a major impact on how businesses operate, altering market dynamics and re-shaping legal frameworks. Businesses are having to take decisive action to adjust to these new realities.
View risk rankings tables here
Risk rankings (2025 vs 2024)
2025 RISK CATEGORIES BY HIGHEST IMPACT (% OF RESPONDENTS)
Growing geopolitical turmoil is putting the brakes on globalisation and prompting a re-drawing of the map in terms of how international trade is conducted and supply chains are configured. Fast-moving trade wars, escalating military conflicts, sanctions and the threat of logistical disruption loom large. Three in five board-level respondents to our survey (59%) identified geopolitics as a key concern, while a similar proportion (58%) of businesses said geopolitical issues increased their exposure to supply chain risks and litigation. Companies are responding by being as agile as possible and strengthening their resilience: almost half (46%) of businesses said they are now reconsidering, or actively making changes to, where they operate, as a direct result of tariffs and policy decisions. However, corporate strategy is being affected in other ways too, notably in businesses’ appetite for mergers and acquisitions (M&A). Respondents told us that many deals are having to be restructured, or purchase prices adjusted due to geopolitical friction, while deal volumes have taken a hit in many sectors.
Facing up to global instability
At the same time, geopolitical upheaval is increasing the range and complexity of regulatory requirements with which companies must comply. They are expected to adhere to a patchwork of (sometimes contradictory) rules across different jurisdictions, while regulatory reach continues to extend into new markets and sectors. As companies grapple with simultaneously fragmented, overlapping and changing rules, the cost of doing business rises, and so too does the potential for breaches, investigations and litigation. Almost two thirds of respondents (64%) reported that mounting compliance obligations are materially impacting their business’ investment and growth plans. Technology, data and privacy regulations were seen as posing the greatest risk to organisations, closely followed by bribery and corruption legislation. Against this backdrop, organisations are rethinking their approach to compliance, focusing primarily on those regulations that are being enforced.
Grappling with regulatory complexity
Environmental, social and governance (ESG) regulations are a particular area of concern, with 46% of respondents of the opinion that divergent rules in the US and Europe are negatively impacting their businesses. It’s also worth noting that, given the predominance of other risks, a significant minority (36%) said climate change is now a second order concern. That may not change until it has a significant, sustained and material impact on their operations, supply chains and customer bases.
Economic conditions are ripe for corporate conflict
Most business leaders (73%) said they feel well-prepared to deal with economic issues as they look ahead, such as rising labour costs, currency volatility, inflation and interest rates. However, in difficult economic times, the possibility of disputes arising is heightened, as counterparties may find it harder to perform their contractual obligations, and business performance comes under a harsher spotlight. Respondents are on their guard for an uptick in corporate conflicts.
Nearly half (48%) expect to see more contractual disputes arise as economic conditions lead to more renegotiation and termination of contracts. It’s often the case that, when parties have more at stake, they are prone to pore over issues like pricing, project scope and service delivery more closely. If they are unhappy, they tend to be less inclined to put up with delays or to try to compromise. Furthermore, 57% think investor scrutiny will increase this year, with shareholders more likely to seek assurance about how companies are being run, their financial stability and their returns prospects. Many respondents believe shareholder actions over perceived mismanagement or failure to meet expectations are already becoming more assertive.
Getting a grip on cybercrime
The threat of cyberattacks remains extremely high, with 67% of respondents calling cyber security breaches and data loss “high-impact” risks facing their organisations. Encouragingly though, more than three quarters (77%) said they feel more confident in their ability to defend against and respond to cyberattacks and breaches than they were five years ago. Business leaders are now acutely aware of the risks, as well as the regulatory obligations and reporting requirements expected, and have signed off heavy investments in cybersecurity measures, including staffing and training in addition to cyber defence technologies. Managing and monitoring online threats from bad actors has now become an integral part of businesses’ everyday operations, with many creating playbooks and undertaking simulations to ensure they are ready to prevent threats and deal effectively with attacks if they happen. However, the rapidly-evolving nature of cybercrime means companies cannot afford to let their guards down, and keeping up with the increasingly sophisticated tactics and techniques of cybercriminals remains a perpetual challenge.
Charting a path through interconnected risks
Today, a confluence of macro global developments is creating an intricate web of risks that reach into almost every facet of corporate operations. Unpredictability around the direction of trade policy, concerns over economic indicators like labour costs and currency volatility, and complexity over the plethora of rules imposed on companies look set to continue for some time. Meanwhile, businesses must watch out for the rising risk of corporate conflict and remain vigilant over the ever-present danger of cybercrime. While this year’s Corporate Risk Radar report highlights these issues in particular, the list of risks on business leaders’ minds is extensive and fast-changing, while new threats are emerging all the time.
Click here to learn more about our full 2025 findings and download the 2025 Corporate Risk Radar report.
Rebecca Kelly Partner & Chair of the Global Corporate & Advisory Group, Brisbane
Sam Tate Partner and Global Head of Regulatory & Investigations, London
Three in five board-level respondents to our survey (59%) identified geopolitics as a key concern
OF RESPONDENTS SAID THEY FEEL MORE CONFIDENT IN THEIR ABILITY TO DEFEND AGAINST AND RESPOND TO CYBERATTACKS AND BREACHES THAN THEY WERE FIVE YEARS AGO
77%
Latest report out now
A spotlight on the newly released Corporate Risk Radar
Robbie Pilcher Associate, Sydney
William Page Special Counsel, Sydney
Hannah Chua Legal Director, Singapore
Celeste Koh Trainee Solicitor, Singapore
Leon Alexander Partner, Singapore
1=
Water scarcity economic impact is expected to increase in the years to come, with industries such as energy, agriculture, and manufacturing among the more likely to be affected, and the insurance market is not the exception. Issues deriving from water scarcity could be of particular interest for the following insurers:
D&O: Certain industries are more prone to loss of investments due to water scarcity, which could lead to D&O liability. This is the case of the tech industry that highly relies on water supply for the production of semiconductors and the cooling of data centres.
The consequences of water scarcity are severe. Bodily injury and health risks arise from waterborne diseases and starvation due to food shortages. Environmental harm includes habitat loss, reduced biodiversity, and increased frequency of wildfires. Economic impacts are felt across agriculture, manufacturing, and energy sectors, with significant losses reported. For instance, the drought in 2012 in the United States impacted 80% of agricultural land and resulted in losses of nearly USD 14.5 billion1. Overall, it is forecasted that, due to high water stress, almost a third of global GDP (31%) could be exposed by 2050.2
Spain, on the other hand, faces an arid climate with decreasing rainfall and increasing temperatures, affecting water availability. The Pyrenees and Sierra Nevada snowpacks have reduced, impacting water supply during spring and summer. Climate change, overuse by agriculture, urban sprawl, and poor infrastructure are major contributors to water scarcity. Illegal wells and outdated irrigation systems exacerbate the problem.
Water scarcity impact on insurers
The energy renewables sector, particularly hydropower, is heavily reliant on water availability. Fluctuations in water levels affect the reliability and efficiency of power generation. The manufacturing sector, including semiconductors and textiles, faces challenges due to water scarcity. For example, Taiwan’s semiconductor sector, which accounts for 90% of the world’s production, experienced a 15% decrease in water consumption during 2021 due to dry conditions, nearly causing a supply chain collapse.4 The textile sector in China faced losses of around USD 7.6 billion due to drought conditions affecting the Poyang Lake.5 The impact of water scarcity in certain industries can lead to contractual or management-related insurance exposure.
The insurance market faces significant challenges due to water scarcity.
Insurance issues: Insurance gap and challenges
Water scarcity
Emerging risks and implications
The causes of water scarcity are multifaceted. Climate change is a significant driver, with global warming leading to the melting of glaciers, increased frequency of extreme weather events like El Niño, and rising sea levels, which impact freshwater availability. Agriculture is another major contributor, with inefficient irrigation systems, water-intensive crops, and over-extraction of groundwater exacerbating the problem. Population growth and increased demand for water in urban areas, as well as for industrial and energy needs, further strain water resources. Poor water management and pollution from nitrogen, pesticides, and industrial waste lead to water quality deterioration.
Impacts in specific sectors
Population growth and increased demand for water in urban areas, as well as for industrial and energy needs, further strain water resources
Latest insurance news and opinions to help you navigate the unknown
Emerging Risk
Construction: Water scarcity could lead to the stoppage or delay in completion of infrastructure projects, which would result in claims over loss of profit.
Property: Water scarcity could cause severe damage to buildings and infrastructure.
Energy: Claims arising from the effects of water scarcity on the production of energy from renewables could potentially trigger coverage disputes over these policies.
Casualty: Water scarcity can result in bodily injury and property damage claims arising from drought and water pollution.
Environmental Impairment Liability: One of the causes of water scarcity is pollution that could result in environmental damage.
Water scarcity is a pressing global issue with far-reaching implications across various sectors, including pharmaceuticals, renewables, manufacturing, agriculture, and the insurance market. The increasing demand for water, coupled with the effects of climate change, has heightened the relevance of water scarcity risks for stakeholders. These sectors rely heavily on water for production, cooling, irrigation, and maintaining hygiene standards, making them particularly vulnerable to water shortages. The insurance market must adapt to these emerging risks, which include property damage, business interruption, and liability claims.
Causes, effects, and case studies
MEET THE AUTHORS
David Ktshozyan Senior Counsel, Los Angeles
Laura Ranz Senior Associate, Madrid
Miguel Lozano-Salazar Associate, London
Neil Beresford Partner, London
Miguel is a Colombian qualified lawyer in our IFPD department in London. He works on complex and cross-jurisdictional disputes, including domestic and international arbitration across Latin America.
David Ktshozyan advises and represents insurers in disputes across construction, energy, professional and products liability, and specialty insurance. He has extensive experience in insurance coverage litigation, including cyber, EPL, D&O, and E&O claims. He regularly appears in state and federal courts across California. David also volunteers with the Alliance for Children’s Rights, supporting adoption and guardianship cases through his pro bono practice.
Laura joined Clyde & Co’s Madrid office in 2020, bringing experience from leading national firms. She specialises in litigation and dispute resolution, handling domestic and international claims. Her focus includes construction, fire-related matters, insurance coverage disputes, tort law, and professional indemnity. Laura advises clients through pre-litigation stages and out-of-court settlements, and collaborates with lawyers and experts globally to monitor cross-border claims.
Click here to watch the webinar Water scarcity: The risk of running dry
Click here to listen to Beyond the drought: Water scarcity and global risk
Risk of litigation Human rights arguments have already been used in several cases concerning climate change, such as the 2024 KlimaSeniorinnen v. Switzerland European Court of Human Rights ruling. The court found that the Swiss government had violated Article 8 of the European Convention due to insufficient efforts to reduce carbon emissions. It’s possible that the same reasoning could be applied to other environmental risks such as water scarcity. Climate change allegations are also being brought against companies, and corporate duty of care arguments like those used in Milieudefensie v. Shell could similarly translate across to water scarcity issues.
Evolving regulation Several new EU laws could impact insurance exposure, including:
The Representative Actions Directive, which enables non-governmental organisations (NGOs) and consumer bodies to file collective environmental claims;
The Corporate Sustainability Reporting Directive, which requires large companies to disclose sustainability risks, including water stress and water governance; and
The Corporate Sustainability Due Diligence Directive, which requires businesses to identify and mitigate environmental risks throughout their supply chains.
Therefore, companies would be well-advised to embrace sustainability and incorporate water availability and usage considerations into their risk assessments and policies. For insurers, the combination of litigation and regulatory risks means demand could well increase for coverage for environmental liability, including cover for legal costs, and D&O insurance for those involved in water management decisions.
Water scarcity is a critical issue that demands immediate attention from all stakeholders. The implications for property claims, business interruption, and potential legal liabilities are significant. Insurers must stay vigilant and adapt to these emerging risks to mitigate their impact effectively. The case studies of California and Spain highlight the urgent need for comprehensive strategies to address water scarcity and ensure sustainable water management for the future.
Reidmiller, D. R., Avery, C. W., Easterling, D. R., Kunkel, K. E., Lewis, K. L. M., Maycock, T. K., & Stewart, B. C. (Eds.). (2018). Impacts, risks, and adaptation in the United States: Fourth National Climate Assessment, Volume II. U.S. Global Change Research Program (USGCRP) Kuzma, S., Saccoccia, L., & Chertock, M. (2023). 25 countries, housing one-quarter of the population, face extremely high water stress. World Resources Institute. https://www.wri.org/insights/highest-water-stressed-countries Biswas, A., et al. (2025). Water scarcity: A global hindrance to sustainable development and agricultural production – A critical review of the impacts and adaptation strategies. Cambridge Prisms: Water, 1, 1–22 Li, L. (2023, March 29). Taiwan braced for further water shortages in its chipmaking hubs. Financial Times. Zhang, K. (2024, September 19). How water scarcity threatens Taiwan’s semiconductor industry. The Diplomat. https://thediplomat.com/2024/09/how-water-scarcity-threatens-taiwans-semiconductor-industry/ BBC Visual Journalism Team. (2022, August 24). What China’s worst drought on record looks like. BBC News. https://www.bbc.co.uk/news/world-asia-china-62644870 and Gora, A. (2024, March 22). Is fashion’s impact on water being overlooked? Global Fashion Agenda. https://globalfashionagenda.org/news-article/is-fashions-impact-on-water-being-overlooked/
Agriculture, which consumes 80% of water, is significantly affected, and economic losses due to droughts have been substantial.3 Spain has implemented emergency measures during droughts and long-term strategies like the River Basin Management Plan, which includes modernising irrigation, increasing desalination capacity, and promoting water reuse.
Two significant case studies could be mentioned: California and Spain. In California, the semi-arid climate and uneven water distribution exacerbate water scarcity. The state experiences periodic droughts, with most rainfall occurring in the northern regions while the south remains dry. Key factors contributing to water scarcity include climate change, over-extraction of groundwater, and mismanagement of water resources. Severe droughts have led to significant economic losses and groundwater depletion. Agriculture, which uses 80% of the state’s developed water, is heavily impacted, and the energy sector faces challenges due to reduced hydropower capacity. In response, California has implemented infrastructure improvements, water conservation measures, groundwater management laws, and is developing desalination and wastewater recycling systems.
Insurance gap There is a notable disparity in insurance coverage between the Global North and Global South. In Latin America, for example, the economic loss due to water scarcity is much higher than the insured loss, highlighting the need for better insurance solutions. Parametric policies, which provide payouts based on predefined triggers, can help bridge the insurance gap. These policies are particularly useful for sectors like renewables that are vulnerable to water scarcity.
Additionally, water scarcity can lead to increased litigation with potential claims against both public authorities and private companies. Recent legal developments in Europe and the US highlight the growing importance of addressing water risks in corporate policies.
Click here to listen to our podcast: PODCAST NAME HERE
Meredith White Associate, London
Steven Crocchi Senior Associate, Phoenix
Dave Dhillon Senior Counsel, Toronto
Dr Frake is an engineering physicist with extensive experience in technical consulting across product development, failure analysis, safety, and regulatory compliance. He has worked on technologies including batteries, medical devices, sensors, and metrology systems, and across sectors from healthcare to energy and consumer goods. His PhD focused on quantum semiconductor devices, developing expertise in precision measurement, cryogenics, and RF electronics. Before joining Exponent, Dr. Frake worked as a consultant at Sagentia Ltd., a science, technology and product development consultancy in Cambridge, UK.
There is evidence in some cases of a differential between claimed and real-world battery performance. Regulatory standards in respect of lithium batteries tend to focus only on safety. A battery’s performance specifications are defined by agreement between the vehicle manufacturer and its technology supplier. James Frake, Managing Consultant Scientist at Exponent, said: “OEMs [Original Equipment Manufacturers] need to come to an arrangement with their supplier to provide a battery that meets their needs for the end product while also meeting safety standards”.
The marketing of sustainable or environmentally conscious products is fraught with hazards. Although EVs are marketed as an environmentally friendly alternative to conventional vehicles, the calculation of their carbon footprint and total environmental impact is complex. Bold sustainability statements are often best avoided, and it is essential that any sustainability claims are supported by data. Generic words such as ‘clean’ are subjective and susceptible to interpretation: the eventual substantiation of those claims will depend upon factors such as how and where the vehicle is manufactured, the source of the energy used to charge the vehicle and the recycling technology available at the end of the vehicle’s life. EVs are also significantly heavier than petrol and diesel vehicles, and their weight has environmental consequences. An overall sustainability assessment is likely to include the carbon start-up cost of a battery, the sourcing of raw materials, the transparency of the supply chain, the processes required to manufacture the cells, the consequences of day-to-day use and eventual recycling.
Lithium batteries contain a variety of materials: heavy metals such as cobalt and nickel, organic solvents and other chemicals which, can be dangerous to human health and the environment. Risks may materialise at various stages of the product cycle, including toxic exposures during manufacturing and the escape of chemicals while the product is in use. There are reported examples of dangerous fumes being released, toxic chemicals persisting after lithium battery fires and harmful residues leaching into the soil or watercourses where batteries have not been properly disposed of.
“There is a risk of claims activity from exposure to the toxic chemicals contained in lithium batteries,” said Steven Crocchi, Associate at Clyde & Co in the US “We could see allegations related to toxic exposure from assembly workers, consumers and potentially those who are concerned by environmental damage.”
Material toxicity
One source of risk is through “off-gassing”, where lithium batteries swell or combust and release toxic fumes. There have been several instances in the US requiring evacuations of battery plants and the adjacent areas. Natural disasters may exacerbate the risk. During the 2025 California wildfires, firefighters contended with toxic fumes released by the batteries of an estimated 400,000 EVs in the area, which were carried over a large area by the wind. Battery fires are comparatively difficult to extinguish, requiring up to 40 times more water than a conventional fire. Escaping extinguishment waters can in turn lead to soil and watercourse contamination.
The recent trend of greenwashing claims is highly relevant in this context. Companies should be aware of the importance of regulatory and environmental compliance, as rules and penalties become increasingly stringent.
Lithium batteries and sources of emerging risks
lectric vehicles [EVs] are a progressive alternative to fossil-fuelled vehicles, but there is still
A battery’s real-world performance – and hence its ability to deliver on the manufacturer’s specifications – depends upon several factors. Climate is highly relevant: in cold weather, for instance, electric vehicles may lose around 40% of their range. Age is another, as batteries can lose 2-3% of their capacity per year. As Meredith White, Associate at Clyde & Co in London pointed out, “Manufacturer performance claims are a source of risk and should be carefully reviewed to ensure that they cannot be criticised as being misleading.” Claims activity has already begun, and claimant lawyers could conceivably look to build upon the ‘Dieselgate’ cases, which centre upon real-world compliance with manufacturer emissions claims.
ESG implications
Increasing demand for EVs could create pressures in the supply chain, causing consequences such as:
Sam Lawton, Senior Consultant Scientist at Exponent, made the point that meeting ambitious targets for electrification – not just of vehicles but of the entire energy grid – is likely to result in a significant increase in demand for critical materials. “The lack of access to these materials is one side of the problem. The other side is getting the expertise in the right places to ensure a consistent supply of the materials”, he said.
To learn more about this issue, watch our webinar here
Performance issues
Marketing a sustainable solution
Adverse environmental impacts of extracting raw materials on ecosystems, water availability and effective, responsible recycling.
The protection of human rights in the supply chain.
Corporate transparency and accountability, adherence to local laws and compliance with disclosure requirements.
“Complex questions are starting to arise around the expanding use of lithium battery technology,” concluded Dave Dhillon, Senior Counsel at Clyde & Co in Toronto. “In a changing landscape, it’s essential that companies stay up to date with new developments and regulations in this area”.
Parodi, A. (2025, January 14). Global electric vehicle sales up 25% to record in 2024. Reuters. https://www.reuters.com/business/autos-transportation/global-electric-vehicle-sales-up-25-record-2024-2025-01-14/
James Frake Ph.D., CPhys, MSaRS - Managing Scientist - Materials Science and Electrochemistry, Exponent
GUEST SPEAKERS
Sam Lawton Ph.D., CSci - Managing Scientist - Materials Science and Electrochemistry, Exponent
Dr Samuel Lawton specialises in energy storage devices, with expertise in lithium-ion and lithium-metal battery design, testing, and failure analysis. He has a strong background in polymer synthesis and materials characterisation for commercial and research applications. His PhD focused on semiconducting polymers for next-generation photovoltaics, with experience in thin film formation and surface analysis. Prior to joining Exponent, he researched Li-metal anode protection and solid-state battery materials.
Click here to listen to Beyond the flames: Lithium batteries
Complex questions are starting to arise around the expanding use of lithium battery technology
E
a great deal to be learned about the technology that powers them. In the second of our 2025 Emerging Risk webinar series, we look at performance, safety and sustainability issues surrounding lithium batteries and evaluate them as a source of risk. The review is timely as a record 17 million EVs were sold last year1.
To learn more about these issues and the other ECCTA measures being introduced, read our full, in-depth analysis here.
John Whittaker Partner, London
Judith Pastrana Knowledge Lawyer, London
Chris Hill Partner, London
Osama Al Jayousi Consultant, London
Anousheh Bromfield Partner, London
Osama is a consultant in Clyde & Co’s white collar and sanctions group. He is a compliance subject matter expert with significant experience in regulatory investigations, risk management, ESG, and governance. Osama was previously the Head of Compliance for a FTSE 100 company in the support services and construction sector and is regularly invited to speak at industry conferences for professionals.
Judith is a highly experienced knowledge lawyer specialising in regulatory and investigations, and marine and international trade. With a strong background in legal analysis and knowledge management, she supports legal teams by delivering strategic insights, maintaining up-to-date legal resources, and ensuring close monitoring of evolving regulatory frameworks. Judith plays a key role in shaping client-focused content and initiatives.
The UK’s fraud crackdown
What British businesses and multinationals need to know
raud is on the increase: last year in the UK, the number of cases reported to the National Fraud
Database fraud hit record levels.1 Not only is it a serious problem in itself, with major adverse impacts on consumers, businesses, and the public sector, but the fact that the proceeds are often used to fund further criminal activities amplifies the risks involved.
Importantly, securing a corporate conviction does not require evidence that directors or senior managers knew about the fraud, which means the bar for prosecution has been lowered considerably. Even if the fraudster’s primary motive was personal (e.g. to earn more commission), corporate liability may still apply if the organisation indirectly benefits. However, even if the company has not actually received any gain from the fraud, it can still be held accountable.
Multinationals with operations or personnel in the UK should take note. Government guidance states that, ‘If a UK-based employee commits fraud, the employing organisation could be prosecuted, wherever it is based. If an employee or associated person of an overseas-based organisation commits fraud in the UK, or targets victims in the UK, the organisation could be prosecuted.’ Multinationals should therefore consider implementing fraud prevention measures across their entire corporate structure.
The only defence to a FTPF prosecution is for a company to demonstrate that it had reasonable prevention measures in place at the time the fraud was committed. The government has published guidance on what these measures should look like, focusing on six high-level principles.
A one-size-fits-all or box-ticking approach will not be sufficient here. Detailed, comprehensive risk assessments should be undertaken to identify and evaluate fraud threats, controls must be tailored to individual company dynamics and the specific risks they face, and regular monitoring and updating of procedures is vital.
Companies should ensure their anti-fraud efforts have top-level commitment and appoint a senior person to oversee fraud risk management. Staff must be educated and trained on fraud risks, motivations to commit fraud need to be well understood, and a culture of integrity embedded internally.
What should fraud prevention measures look like?
crimes listed under ECCTA, such as fraud, money laundering and tax evasion. If the Bill is passed, it will be easier to prosecute organisations for an even greater range of offences committed by a potentially large range of employees.
The Act has widened the scope of the ‘identification principle’, which applies to small and medium-sized companies as well as large corporates (both UK and non-UK-based), in respect of economic crime offences and proposals have already been put forward to broaden the scope of its application.
The identification principle is a legal test designed to determine whether the actions and intentions of an individual can be attributed to an organisation, to make it easier to hold that organisation criminally liable for acts committed by certain individuals within it.
Cifas. (2025, April 3). Fraudscape 2025: Reported fraud hits record levels. Cifas. https://www.cifas.org.uk/newsroom/fraudscape-2025-record-fraud-levels
To crack down on fraud within organisations, important new measures are now being implemented under the Economic Crime and Corporate Transparency Act (ECCTA). The Act has implications for companies of all sizes, and even those from overseas could be impacted. Its reforms are extensive, but here we focus on two key aspects: the new failure to prevent offence and the amendments to the identification principle.
The ECCTA has created a new corporate criminal offence, known as the ‘Failure to Prevent Fraud’ (FTPF) offence, which will apply from 1st September 2025. This affects large organisations only (as defined under the Act), who could face charges for failing to proactively implement measures to prevent fraud from being perpetrated.
The new FTPF offence: lowering the bar for corporate prosecution
The FTPF offence is not concerned with fraud committed against the corporate itself, such as theft from the company or embezzlement. Instead, it relates to fraud perpetrated with the intent to benefit the company, its clients or customers, to the detriment of external parties such as other customers, clients, shareholders, competitors or regulators.
Large organisations could be found guilty if an ‘associated person’ (such as an employee, agent, subsidiary or partner) commits a specified fraud and reasonable fraud prevention procedures were not in place. Activities that may be deemed fraudulent under the FTPF offence include:
Misrepresenting the organisation’s products or services, such as making false claims about levels of expertise, mispricing or mislabelling products or exaggerating their ‘green’ credentials (i.e. greenwashing)
Deliberately selling customers products or services they don’t need
Defrauding suppliers, or misstating or withholding information in the procurement process
Misreporting information, such as misstating the organisations’ solvency position, or misleading regulators
Misstating timesheets on which fees are charged or expenses claims submitted to clients
Organisations should also be in a position to prove they have conducted thorough due diligence on third parties and associated persons. Consider also whether contractual provisions are required to support fraud prevention efforts.
The widening scope of the ‘identification principle’
In effect, an expanded pool of people may now be caught under this principle and so create criminal liability for their organisations. Since December 2023, it has included senior managers that commit a specified offence while acting within the scope of their authority – not just those deemed to be in charge of the company, such as company directors or the top layer of leadership. Fines for the most serious crimes are potentially unlimited.
A new approach
ECCTA represents a new approach to fraud, aimed at improving proactive prevention on the part of organisations, and making crimes easier to prosecute, in an area where securing criminal convictions has historically proved challenging. If they haven’t already done so, British and multinational businesses that could be affected should be getting ready for the new FTPT by developing and implementing adequate fraud prevention procedures to guard against fraudulent activity and to take the time to identify who their senior managers are to seek to avoid criminal corporate sanctions stemming from the actions of individuals.
Plans are now afoot under the Crime and Policing Bill to make any offence committed by a senior manager fall under this principle – not just the specified economic
Osama is a consultant in Clyde & Co’s white-collar and sanctions group. He is a compliance subject matter expert with significant experience in regulatory investigations, risk management, ESG, and governance. Osama was previously the Head of Compliance for a FTSE 100 company in the support services and construction sector and is regularly invited to speak at industry conferences for professionals.
Click here to listen to Episode 4: Government ransomware proposals part 2
Celest holds an LL.B from the National University of Singapore and a Diploma in Maritime Business (with Merit). Driven by a strong interest in international trade and shipping, she supports the EMNR team across a wide range of matters, spanning both contentious and non-contentious issues in the trade and maritime sectors.
The sanctions imposed on Russia highlight the challenging landscape that multinationals must navigate. Several states and groups including the US, UK and EU all levy their own autonomous sanctions regimes which are subject to sudden change. For example, the EU is currently pushing through its 18th package of sanctions and is additionally targeting ‘third countries’ outside the EU that trade with Russia. The UK recently announced 100 new sanctions designations.1 Meanwhile, Australia2 and Canada3 (which historically have tended not to impose autonomous sanctions regimes) have both just revealed that they will impose additional restrictions.
And that’s just one targeted jurisdiction. When the plethora of prohibitions affecting other states, including Iran, North Korea, Myanmar are taken into account, the extent to which multinational businesses are subject to multiple changeable and sometimes opaque sanctions regimes comes into sharp relief. All this affects how they do business with customers and suppliers around the world and impacts their staff in various locations.
New sanctions, as with any new law that comes into force, quickly are open to interpretation and grey areas will inevitably arise. Case law is being developed in some areas, however, it’s worth noting that while courts are likely to take a strict legal interpretation, regulators are typically inclined to take a more ‘purpose-driven’ approach, which assesses whether companies are complying with the aims behind the regulations. Businesses will need to bear both outlooks in mind.ke a more ‘purpose-driven’ approach, which judges whether companies are complying with the aims behind the regulations. Businesses will need to bear both outlooks in mind.
All this conflict and complexity may prompt some multinationals to take the decision to stay well away from doing business in regions where sanctions might be imposed or could (even tangentially) apply, given how hard it is for big businesses to be nimble in their response to events. Even when sanctions are finally lifted, they may not have the risk appetite to return to those markets, as was the case for many when sanctions against Iran were eased in 2016.
However, there are several steps companies can take to mitigate risk and build resilience into their operations, so that they can continue to conduct business and seize opportunities in at-risk regions.
Geopolitical shocks
sanction individuals and entities under that regime, many of whom may not necessarily be from Iran or Russia. Sanctions also affect different goods and services in different ways: for instance, plastics made in China with Russian oil may not attract trade sanctions, but products containing Russian steel will. Nor do they relate solely to goods: they also apply to many services provided to support trade in those goods, including banking, insurance and transportation. As such, they can affect a wide range of sectors involved in the supply chain. The role of financial services in facilitating conflicts as well as directly funding war efforts is under intense scrutiny.
Foreign, Commonwealth and Development Office. (2025, May 20). UK announces major sanctions in support of Ukraine. UK Government. https://www.gov.uk/government/news/uk-announces-major-sanctions-in-support-of-ukraine Minister for Foreign Affairs. (2025, June 18). Australia imposes sanctions on Russian shadow fleet vessels. Government of Australia. https://www.foreignminister.gov.au/minister/penny-wong/media-release/australia-imposes-sanctions-russian-shadow-fleet-vessels Global Affairs Canada. (2025, June 17). Minister Anand announces major additional sanctions in relation to Russia’s war of aggression against Ukraine. Government of Canada. https://www.canada.ca/en/global-affairs/news/2025/06/minister-anand-announces-major-additional-sanctions-in-relation-to-russias-war-of-aggression-against-ukraine.html
Responding rapidly to sudden sanctions
n a divided world, where geopolitical tensions are rising and military conflicts proliferating across many regions, the use of economic sanctions as a lever to apply pressure and achieve foreign policy goals could ramp up at any time. As well as the potential for new sanctions regimes to
I
target new state actors, existing regimes and their prohibitions may be extended and the number of countries imposing sanctions is increasing.
As this happens, businesses with global footprints face a heightened degree of risk and complexity around compliance. Knowing what will happen next and reacting quickly is not always easy but it’s essential to be as prepared as possible.
Complexity on the rise
(...) businesses with global footprints face a heightened degree of risk and complexity around compliance
Mitigating risk and building resilience
It’s important to understand and monitor where risk exists in customer bases, supply chains and strategic partnerships. By carrying out thorough due diligence, problems can be spotted ahead of time, e.g., if suppliers are controlled by sanctioned businesses or designated people, or if a counterparty subcontracts services to organisations that are sanctioned. Moreover, if someone you do business with is subsequently placed on a sanctions list, you will have a good understanding of your risk exposure.
Having the correct policies and procedures in place to protect against the risk of sanctions breaches is a must. If they are to be truly effective, they should not be generic but be tailored to the specifics of your organisation and dovetail with the risk management systems you use.
Including contractual protections, such as sanctions clauses, in agreements should ensure you can suspend your relationship with customers or suppliers or even void the contract, if doing so becomes necessary to comply with sanctions rules. Remember, though, that the effect and protections of such clauses may differ depending on which sanctions rules apply, and which country issued them. Be aware too that whilst sanctions clauses might afford a contractual right to suspend performance or exit a relationship, they will not necessarily protect you from financial loss if you are owed money when the clauses are triggered.
Beyond legal obligations: the impact of banking and insurance terms and conditions (T&Cs)
Government-imposed legal sanctions are not the only consideration, though. Just as critical for businesses are the restrictions that other parties, particularly banks and other financial institutions, may impose on their activities. Banks’ terms and conditions frequently prohibit borrowers (even in countries where no sanctions obligations exist) from doing business with sanctioned countries or using the proceeds of trade with sanctioned entities to repay loans.
Finding that contractual conditions in financing arrangements prevent a business from taking a particular course of action can come as a shock, potentially derailing strategic plans or operations. Worse, breaching these terms could have serious consequences: doing so could be an event of default, and cause the lender to pull their funding lines altogether. Insurance policies may also be voided if certain sanctions-related activities forbidden in their T&Cs are undertaken.
Sanctions are highly charged and fast-moving, fraught with legal, reputational and contractual risks, and they can cause businesses to have to rapidly rethink their operations and adapt to new scenarios almost overnight. Trying to stay ahead of what’s coming next can be challenging, but taking steps to ensure compliance and bolster resilience is not impossible even amid the uncertainty.
MEET THE AUTHORs
Patrick Murphy Partner, London
In addition, the way in which sanctions prohibitions work is nuanced. A sanctions regime may target a particular jurisdiction, such as Iran or Russia, but will
Lucy Nash Legal Director, Dubai
Vyasna Mahadevey Associate, Dubai
from healthcare and education to utilities, transport and governments themselves. Moves to stand up to ransomware demands are gaining traction. For example, the international Counter Ransomware Initiative (CRI), which comprises 68 countries, recently agreed that institutions that are government-authorised should not pay ransomware extortion demands,4 while Australia and the EU are now making incident reporting mandatory for certain entities.5
The UK government has put forward three key legislative proposals to increase visibility as well as control over the ransomware situation:
A ban on ransomware payments for all public sector bodies, including local government and operators of
What is the UK proposing and what could it mean?
Views are also being sought as to whether essential suppliers to these sectors should be included as well. If so, a very broad range of organisations are likely to fall within the scope of new rules, and there could be some grey areas around which suppliers are subject to a ban. Questions such as would cryptocurrency platforms be included under the finance banner, will digital service providers fall into the communications bracket, and could food suppliers even come within this regime, will need to be answered.
Adequate resourcing will therefore be vital to ensure that the entity that is to be responsible for reviewing these potential ransomware payments can meet demand.
Ransomware attacks are a significant threat to organisations everywhere. Last year recorded incidents were up 11% worldwide compared to the year before.1 The tactics and techniques used by criminal gangs are constantly evolving, with many offering their services for sale, and even as law enforcement activity shuts down groups such as LockBit and ALPHV/BlackCat, others emerge in their place.2 No wonder: with ransom payouts in 2024 averaging USD 2 million – five times higher than 12 months before - it’s a lucrative enterprise.3
Subscribe via:
The UK is proposing to go further, and the government has recently consulted on its plan for tackling ransomware attacks. What this involves and its potential implications was the focus of the third and fourth episodes of our Cyber Risk podcast series.
This goes beyond the existing prohibition on central government departments paying ransomware demands. 13 national infrastructure sectors are listed as being part of the UK’s CNI, including defence, energy, health, communications and finance. It remains to be seen whether the final draft of any legislation will contain room for manoeuvre in high-stakes situations, for instance if a public sector body or CNI provider finds its vital services are completely paralysed unless a payment is made.
“A lot of thought is going to have to go into the limits of the relevant definitions, and then it will be important to ensure that organisations are aware if they are affected by the proposals,” said Seaton Gordon, Partner in the cyber team.
In practice, this could create a significant administrative burden for the government if many organisations embark on this process. When a ransomware attack happens, time is often of the essence to minimise the operational downtime. Concerns over how long the approval or rejection process might take may prompt organisations to submit a notice of intention to make a payment sooner rather than later, even if they are not sure whether they will ultimately choose to pay up.
Cracking down on ransomware: plotting the way forward
A
s well as posing a major financial and business interruption risk for companies of all sizes, criminal gangs also use ransomware to disrupt the operation of critical national infrastructure,
1
critical national infrastructure (CNI).
This would require victims of ransomware attacks who are not covered by a ban to engage with the government before making a ransom payment. Officials will consider the position and confirm whether there is a reason to block a payment from being made, such as if doing so would breach sanctions or fall foul of terrorism finance
2
Ransomware payment prevention rules
Criminals are always looking for loopholes and workarounds that they can exploit. If (as it has indicated), the government defines ransomware as a type of malicious software, then there’s a possibility that attacks that don’t rely on software may not fall under these rules. For example, gangs may see growing advantage in deploying tactics such as phishing instead (where people are tricked into giving criminals access to systems or data), if it means their victims will not be subject to restrictions on making payments.
3
A mandatory reporting regime for ransomware incidents
“It will be interesting to know more about the rationale for the definition of ransomware as currently drafted, and to see if it changes in due course,” said Gordon. “The reality is that attackers will do what they can to try and work around any law in order to maintain their profitable business models.”
This sets out a two-stage ransomware attack reporting regime, whereby affected organisations will be required to submit an initial report within 72 hours of an incident, including information such as whether a ransom demand has been made and if a threat actor is identifiable. Then a full report must be submitted within 28 days, including further details about the attack such as whether resilience measures have been implemented. The duty to report would apply regardless of the victim’s intention to pay the ransom, but policy-makers are exploring whether this requirement should be universal or only apply to certain organisations.
Given that businesses are already expected to report cyberattacks and data breaches to other regulators, notably the Information Commissioner’s Office (ICO), this would add another layer to their existing compliance obligations. As the consultation document notes, government departments will need to work together to avoid creating conflicting reporting requirements during the development of any legislation.
A way around the rules?
Whatever form the final rules take, and whether existing laws will be updated or fresh legislation brought in, the UK government has made it clear that the nature and scale of the ransomware threat requires the development of new and targeted interventions. Will other countries follow suit?
legislation. In a sign of how seriously it is taking this issue, civil or even criminal penalties for non-compliance are being considered.
To find out more, tune into our podcast series.
MEET THE HOST
Seaton Gordon Partner, London
Bleih, A. (2025, January 13). Ransomware Annual Report 2024. Cyberint. https://cyberint.com/blog/research/ransomware-annual-report-2024 Poireault, K. (2024, December 27). The top 10 most active ransomware groups of 2024. Infosecurity Magazine. https://www.infosecurity-magazine.com/news-features/top-10-most-active-ransomware/ Sophos. (2024, April 30). Sophos ransomware payments increase 500% in the last year, Finds Sophos State of Ransomware Report. https://www.sophos.com/en-us/press/press-releases/2024/04/ransomware-payments-increase-500-last-year-finds-sophos-state CRI. (2024, January 30). International counter ransomware initiative members come together to strongly discourage ransomware payments. https://counter-ransomware.org/briefingroom/8ed7d1de-1a74-4a36-a2df-d5950624ebd8 Growley, K., Sinha, A., & Weeks, C. (2025, February 28). Targeted policy action against ransomware attacks emerging as a key global cybersecurity trend. Mondaq. https://www.mondaq.com/unitedstates/security/1591072/targeted-policy-action-against-ransomware-attacks-emerging-as-a-key-global-cybersecurity-trend
Chris Holme Partner, London
This digital representation enables fractional ownership, a critical innovation that breaks down high-value assets into more accessible units. Instead of needing to buy an entire commercial property or a rare painting, investors can purchase tokens representing fractions of those assets. The result? Broader participation and liquidity in markets that were once the preserve of the few.
Tokenisation’s potential touches every stakeholder in the financial ecosystem. For asset owners, it unlocks new capital and liquidity through more flexible funding models. Investors, meanwhile, benefit from lower entry points to previously inaccessible assets and the ability to invest from anywhere in the world.
For regulators, tokenisation offers enhanced transparency and auditability—important qualities as financial oversight becomes increasingly data-driven. And for markets overall, the shift from analogue to digital enables greater efficiency, inclusivity, and automation.
Why It matters: The benefits of tokenisation
Of course, with innovation comes complexity. Regulatory uncertainty remains one of the biggest hurdles, especially around token classification (are they securities, commodities, or something else entirely?) and secondary market rules. In many cases, tokenised assets are still restricted to private placements for accredited or institutional investors, primarily due to compliance concerns.
By enabling fractional ownership of rental and commercial properties, the project aims to democratise access to the emirate’s property market, positioning Dubai as both a virtual asset and real estate innovation leader.
Challenges to watch
Legal enforceability is another key issue. In some jurisdictions, property and ownership laws are being rewritten to recognise digital tokens as legitimate titles. Custody, too, presents a challenge—particularly when investors are expected to manage their own private keys, potentially leading to irrecoverable losses.
The UAE, and Dubai in particular, has emerged as a global hub for virtual asset innovation. A prime example is the Dubai Land Department’s Real Estate Tokenization Project, developed in collaboration with VARA, the Dubai Future Foundation, and the Central Bank. The initiative, aligned with the Dubai Economic Agenda D33, marks the first time a real estate registration authority in the Middle East is embracing blockchain-based tokenisation.
A new process for a new economy
Tokenising the real world
How blockchain is reimagining asset ownership
As blockchain technology moves from fringe to frontier, one concept capturing increasing attention is Real-World Asset (RWA) tokenisation. While the term may sound like the latest fintech jargon, it signals a transformative shift in how we conceive, distribute, and invest in value.
At its core, tokenisation involves converting ownership of tangible or intangible RWAs into digital tokens that exist on a blockchain. As explained through a relatable analogy: imagine a pizza representing an asset—tokenisation is the process of slicing that pizza into smaller, tradeable digital pieces. Each “slice” represents a share of the original asset and is secured through blockchain, making ownership transparent, traceable, and programmable.
Successfully tokenising real-world assets requires more than just technological prowess. It’s a multi-step process that blends legal structuring, regulatory compliance, smart contract development, and secure custody solutions.
It begins with identifying the asset and determining the most appropriate legal vehicle. From there, a rigorous review of local regulations is essential. In a region like the UAE, this means engaging with multiple regulators, each with its own perspective on tokenised assets.
Once the legal and regulatory framework is in place, attention turns to technology: selecting the blockchain, token standard, and smart contract platform. Custody arrangements also play a vital role. Whether investors hold their own tokens or a third-party custodian is engaged can significantly impact security and accessibility—particularly when high-value tokens are involved.
Indeed, tokenisation is already capturing the interest of traditional institutions—banks, asset managers, and real estate developers alike—who are confident that the future of finance will be decentralised yet firmly regulated.
Equally critical is the robustness of the technology underpinning tokenisation. Smart contracts—self-executing code deployed on the blockchain—need to be secure and thoroughly audited. They automate key processes such as token issuance, dividend distribution, and ownership transfers, effectively replacing traditional intermediaries with programmable logic.
The UAE’s leadership role
The road ahead
Tokenisation is already reshaping investment strategies and financial market infrastructure. It opens up access to previously illiquid markets, enables 24/7 trading, facilitates global diversification, and caters to the expectations of digitally native investors. In the short term, the greatest opportunities lie in fractionalising income-generating assets, especially in globally attractive real estate hubs like Dubai.
Jorge Carrasco Managing Director of Blockchain and Digital Assets at FTI Consulting
Jorge Carrasco is a blockchain and digital assets consultant based in Dubai, advising financial institutions, regulators, and enterprises on strategy, compliance, and innovation. With 15+ years of experience, he specialises in tokenisation, stablecoins, and Web3 adoption across the Middle East, delivering impactful solutions at the intersection of tech and finance.
GUEST SPEAKER
GUEST AUTHOR
Whilst lawyers are no experts on the technical needs and functions of a data centre, it seems clear that data centres built to accommodate the serious computing power needed for AI learning processes will come with much higher power demands, as well as larger capacity racks for the processors, improved network cabling, and a need for more efficient cooling solutions (direct-to-chip liquid cooling looking like the current direction of travel). That’s just the simplest nod to the highly complex design issues faced by data centre developers.
There was a lot of talk at the DCD>Connect conference1, which took place in April this year in Dubai, about the significant differences in design requirements that data centres which are built to handle AI functions have over the more “traditional” cloud storage data centres.
Alongside those technical challenges, the rapid pace of chip development is driving end users to ask for more flexibility and upgradability in their data centres and faster delivery to future-proof their position in the technology race. For developers, this can pose an additional challenge, with design changes and tight programmes trying to coexist with a limited supply chain and stretched talent pool.
If designs are going to shift towards plug and play modularity, there needs to be development on the manufacturing and supply side to support this. Without that, developers rely on a traditionally procured “stick build” approach, which doesn’t have as much flexibility to accommodate changes to specifications or output requirements at late stages. Suggestions were made at the conference that a hybrid approach could be the optimal solution to allow the deployment of some core modular components, such as power modules or compact cooling solutions, with the programme flexibility to re-sequence some parts of the works if there are delivery or quality issues that come up.
So what does that look like from a procurement perspective for a construction lawyer? We need to think about some of the extra risks and challenges that might be thrown up.
Then there is the design interface between different modules or between the modules and the shell. Typically, developers (and their lenders) like there to be a “single point” of responsibility for the whole project delivery. This means the main contractor has to take on the risk of the off-site suppliers and their kit, and the interface of design and connection when “zipping up” all the pieces together. We’ve touched on the practical matters that crop up, like the extra logistical, administrative, and programming considerations. But a main contractor required to take on full design responsibility for the project will need to be fully conversant with all the component modules, their specifications, and how they interface physically and technically. Similarly, if the developer is procuring modules directly, it will need to give careful consideration, supported by explicit drafting across all of its contracts, as to where design risks sit in the project to avoid any gaps in liability.
After that, we might need to consider geographical location and jurisdictional issues. With a globalised supply chain, these issues come to the fore, and parties procuring from overseas need to consider the effect of local law and the practicalities of enforcement (including the availability of other manufacturers in the region to step in if required). A particularly pertinent example of differences in local law is the application of the UK Construction Act. Whilst the Act won’t apply to contracts for off-site manufacture and delivery only, it will apply (on a UK scheme) if the contract also includes installation. Developers, contractors and suppliers need to bear that in mind when delivering UK schemes, as there may be different rules on payment and adjudication that apply to different parts of the supply chain. Of course, we’d be remiss not to mention the current tariff landscape – take a look at our Tariff Tracker2, as well as our recent article3 on the impact of tariffs in construction projects for more information on that.
So, as well as careful consideration of the commercial risks of the chosen procurement route, developers and contractors will need to work with their advisers to consider, and properly draft for, the associated legal risks. Speakers at the conference also observed that on a macro level, the industry should focus on holistic and proactive early planning, sourcing components as early as possible, identifying what can be sourced locally and what needs importing, and working with smaller suppliers to diversify and upskill the supply chain to make it stronger over.
Will AI change the way data centres are delivered?
A focus of a number of discussions at the conference was whether off-site modular production of “plug and play” components was the answer to this delivery pressure. Off-site construction certainly has some benefits, such as the speed of production, quality control and consistency, simple installation, and fewer site constraints on the work. But conversely, it can come with an increased insolvency exposure, design interface issues, storage and logistical challenges, and site sterilisation if large deliveries of modules are held up or are defective. All these risks are starkly amplified on a data centre project where supply chains are constrained, and lead times are already long, and there can be substantial adverse consequences upstream for late delivery.
Alongside those technical challenges, the rapid pace of chip development is driving end users to ask for more flexibility and upgradability in their data centres and faster delivery to futureproof their position in the technology race. For developers, this can pose an additional challenge, with design changes and tight programmes trying to coexist with a limited supply chain and stretched talent pool.
As mentioned already, off-site manufacture of high-value critical components brings with it a heightened supplier insolvency risk, as well as bigger risks of products being lost or damaged in transit. Typically, these are mitigated – financially at least – by the use of insurance, bonds and guarantees (performance bonds, as well as advance payment bonds where necessary), and vesting certificates to protect ownership of
modules which remain off-site. A further step might be taking security over the components which make up the modules. A combination of measures like this can help to de-risk the financial dangers, but consideration needs to be given to the availability of other suppliers or manufacturers to step into an insolvent supplier’s processes or their ability to make use of any secured components.
Tim Atwood Legal Director, London
Data Center Dynamics. (2025). DCD Connect Live MENA 2025. https://www.datacenterdynamics.com/en/dcdconnect-live/mena/2025/ Clyde & Co. Tariff Tracker Hub. https://www.clydeco.com/en/insights/tariff-tracker-hub Clyde & Co. (2025, April 7). Navigating the uncertainty: Impact of recent US tariffs. https://www.clydeco.com/en/insights/2025/04/navigating-the-uncertainty-impact-of-recent-us-tar
AI Live Testing is the latest initiative from the FCA AI Lab, which was created to facilitate the transition of AI solutions from proof of concept to live deployment to drive economic growth and create positive outcomes for UK consumers and markets.
The AI Live Testing initiative focuses on the end of this journey and is specifically designed to support the safe and responsible deployment of advanced AI models in the UK’s financial markets – particularly ones that are to be used as part of customer-facing activities such as product sales.
The FCA is inviting firms with suitable AI deployment use cases to join the initiative from the summer of 2025. It will initially run as a 12-month pilot, but, if successful, may become a permanent feature of the FCA’s innovation services.
Financial services regulators around the world, shocked by the speed of adoption of AI, continue to grapple with how to regulate the use of AI within financial services markets.
Whilst there is no singular approach being taken, there are many examples around the world of AI regulatory initiatives. Examples include, in the US, the National Institute of Standards and Technology’s AI risk management framework (AI RMF) which comprises a variety of profiles intended to represent different use cases and sector combinations; and, in Singapore, the AI governance testing framework and software toolkit being developed by the AI Verify Foundation that aims to provide a set of standardised technical tests for AI.
The FCA’s latest AI initiative, whilst different in scope and focus, forms part of these global efforts to develop methodologies for appropriate AI governance.
Global perspective
Although this initiative aims to give financial services firms the certainty and confidence to invest in AI systems, firms that are regulated by the FCA will ultimately be liable for the outputs of the AI systems they use. And yet, many of these AI systems are created by unregulated third-party providers that have no direct accountability to the FCA. A recent Bank of England and FCA survey on artificial intelligence and machine learning in UK financial services found that a third of AI use cases are implementations of third-party products, with the expectation that this third-party exposure will grow as AI model complexity rises and outsourcing costs fall.
In the FCA’s response to the UK Government’s pro-innovation strategy on AI, the FCA alluded to this elephant in the room by suggesting that key third-party AI providers could be designated as critical third parties to the financial sector for the purposes of operational resilience, therefore bringing them under the oversight of the FCA, the PRA and the Bank of England.
AI Live Testing is the latest in a range of FCA initiatives that show how UK regulators are looking to engage with and understand the impact of AI on the financial services sector. But it still does not address the fundamental issue of whether there needs to be a sea change in the regulatory framework to allow for better oversight of AI deployment and use within the sector.
The FCA’s current stance is that no change to the underlying framework is needed, but consistent feedback to the FCA, from regulated firms, third-party AI providers and Insurtechs alike, is that greater clarity around how the regulatory framework should apply to the use of AI in financial services is needed in order to speed up the adoption and roll-out of AI within the sector.
CONCLUSION
Hasith Balapatabendi Trainee Solicitor, London
Mark Williamson Partner, Guildford
The FCA’s new AI Live Testing initiative
Does it address the elephant in the room?
he FCA’s new Engagement Paper explores a fresh approach to safely and
responsibly adopting AI in the UK financial services sector. The recent Engagement Paper on AI Live Testing released by the UK’s Financial Conduct Authority (FCA) seeks to offer a new approach to fostering the safe and responsible adoption of AI within the UK financial services sector.
T
The Engagement Paper discusses the unique challenges financial services firms encounter during the deployment of advanced AI models and how the FCA wants to engage with firms to address those challenges. In particular, the FCA wants the initiative to address key questions, such as:
What input-output validation is needed to build confidence that AI-generated outcomes are likely to meet regulatory expectations
How consumer groups, including vulnerable consumers, are likely to be impacted by the new technology
What processes are in place to address poor/unintended AI model outcomes when they arise
Accountability of third-party AI providers
So, the question needs to be asked: are the FCA and other financial services regulators around the world regulating the right persons when it comes to the adoption and use of AI in financial services? Or should the third parties that produce and understand the AI models, who are not traditionally in scope of the financial services regulatory regime, also be subject to the remit of the regulators in order to create better and more responsible use of AI within the sector?
Whether proper regulatory oversight of, and engagement with, third-party AI providers is required to help ensure that the benefits of AI use within the sector are realised whilst managing the risks is just one of a number of key questions that still needs to be addressed as the march into a potential future dominated by AI continues.
Hasith Balapatabendi is a trainee solicitor at Clyde & Co, with experience in cyber, data, AI, and commercial law. His previous role as a Technology Strategy Consultant at Accenture provides a strong technical background in technology implementation, complementing his experience advising on cyber incidents, GDPR compliance, AI governance and technology-related matters.
The AI Live Testing initiative (...) is specifically designed to support the safe and responsible deployment of advanced AI models in the UK’s financial markets
Eve Richards GB Head of FINEX D&O, WTW
Mandip Singh Sagoo Partner, London
Chui, M., & Yee, L. (2023, July 7). AI could increase corporate profits by $4.4 trillion a year, according to new research. McKinsey & Co. https://www.mckinsey.com/mgi/overview/in-the-news/ai-could-increase-corporate-profits-by-4-trillion-a-year-according-to-new-research
Sukri, A. (2025, May 22).With Dealmaking Uncertain, Joint Ventures Offer CEOs an Edge. BCG. https://www.bcg.com/publications/2025/with-dealmaking-uncertain-alliances-hedge-uncertainty?utm_source=linkedin&utm_medium=social&utm_campaign=ceo-agenda&utm_description=paid&utm_topic=ma-pmi&utm_geo=global&utm_content=362025&li_fat_id=2c4e68bd-9f63-4766-9941-2a79ca7fdc17
AI is, on the surface, very user-friendly. It serves up what appears to be convincing answers to difficult questions, almost in real-time. As such, it is increasingly becoming an integral part of business workflows. Behind this, however, is a very complex set of machine learning models that hold the key to a proper understanding of the risks.
Behind the magic
Yet, like all transformative technological developments – flame-resistant asbestos building materials in the 1930s, digital and electronic communications in the 1990s, or low-cost cladding in the 2000s – its swift adoption ushers in new risks.
Tune in to silent AI risks
rtificial intelligence (AI) may still be in the adoption phase, but it is rapidly transforming the way
companies operate. With an analysis by McKinsey suggesting that up to USD 4.4 trillion in economic value could be generated across industries through the adoption of generative AI (GenAI) each year, the impetus to embrace AI is growing stronger every day.
As impressive and as compelling as AI’s capabilities are, it is important to recognise that there is nothing random nor anything original produced by AI. AI models are highly sophisticated pieces of machinery, which use data to alter and improve the accuracy of algorithms. The results that those algorithms then produce are served up, as engineered, to the user. There are risks inherent throughout the process, starting with the way in which the machine learning models are written, through to the accuracy and proper scaling of the data that they use, through to biases, overfitting, and inadequate or over-specific prompt engineering.
It’s important to note that when AI causes a loss, an array of liability issues arise. Some of those will impact directly on companies, while others may impact insurers as claims are made on traditional insurance policy wordings.
There is, perhaps, a tendency to think that if AI produces an incorrect result, it will not be possible to identify that error specifically, meaning that if AI is introduced into a workflow and there is an error in the workflow that leads to a loss, it will be treated as a general error or omission by the company. That is not necessarily the case. It is likely to be possible to specifically and forensically identify where the AI was incorrect, whether by reason of incorrectly scaled data or by reason of an error in the training.
Some of the issues
This leads to further issues. Is an error made by AI, once identified, enough to establish that the company is liable for any loss that flows from that error? If it is possible for another party to forensically establish that an error was made, then how can a company defend that claim? If the error is made by the AI within a professional workflow, does that form part of the ‘professional business’ of the company for the purposes of insurance, or is it a separate, mechanical workflow that is simply a failure on the part of the company’s infrastructure? Is an error in a machine learning model leading to a large product failure sufficiently ‘unexpected’ or ‘unintended’ to trigger a casualty or liability insurance policy? These are just some of the difficulties that are likely to be faced in the future as losses caused by AI become the new battleground.
There are, of course, many ways in which these risks can be managed. A high level of oversight is vital. For the board and C-suite, this could comprise comprehensive and regular audits, covering an understanding of what AI is being used, where it is being used, how it is being deployed into workflows, and whether the risks have been articulated and are adequately addressed within existing insurance programs.
For insurers, scrutiny is likely to turn to the controls that policyholders have in place to address the potential for AI to result in claims, and in particular claims arising from repetitive, incorrect results produced by AI, which could be very severe.
Then there is the regulatory and compliance piece. While regulations are still evolving in many parts of the world, this is a fast-moving area. So, while companies need to ensure they are adhering to current rules, they must also get ready for what’s coming down the line.
Managing silent AI risks
Silent AI remains largely unrecognised. Losses or claims caused by the use of AI are not yet prolific. But when the pace of adoption of AI is considered, all that is likely to change in the near future.
There is still enough time to turn the potential threat of silent AI into an opportunity. While some risks are difficult to predict or are difficult to identify as they come down the line, that is not the case with AI risks. Those risks are becoming clearer by the day.
Chui, M., Yee, L. (2023, July 7). AI could increase corporate profits by $4.4 trillion a year, according to new research. McKinsey & Co. https://www.mckinsey.com/mgi/overview/in-the-news/ai-could-increase-corporate-profits-by-4-trillion-a-year-according-to-new-research
These new risks include the use and security of data, regulatory and compliance issues, and IP issues. In more recent times, GenAI and large language models have been integrated within workflows, which has led to the prospect of higher-impact risks where the AI makes repetitive and costly mistakes, leading to large liability exposures. As the use of AI within workflows becomes more routine, the potential for mistakes within those workflows, and the potential for liability to be attributed to the company or passed on to its insurers, also increases.
The difficulty facing both companies and insurers at this point in time is that liability for claims where the loss is caused by AI may fall through the cracks of existing risk mitigation frameworks and existing insurance programs – both for companies, because there is no clear and articulated risk mitigation framework nor any clear insurance cover, and for insurers, who may ultimately find that they are providing insurance cover for these risks under traditional insurance policies.
This is silent AI.
A proper understanding of these mechanical aspects of AI is critical to the overall management of AI risks. The difficulty is that AI has developed as such a pace that many companies that actively use AI might not be able to find anyone within their organisation who can adequately explain how its AI works, and therefore how the AI produces the answer that is being served up and used. If the AI is using the wrong data or there are mistakes in the answers, the company may find it difficult to adequately identify those issues, and the potential for losses begins to emerge.
Where to from here?
There are some parallels to the development of cyber risks, which means that companies and insurers have a starting point. If cyber is a good roadmap, then the companies that identify the risks and address them early and comprehensively are likely to be the least affected. Insurers that are attuned to the prospect of silent AI insurance cover within existing insurance policies may be able to properly articulate and price those risks, and indeed develop new products to cater for it, while companies who are managing those risks well are likely to be rewarded with less liability exposure and better insurance terms.
Darryl Smith Partner, Melbourne
Helen Bourne Partner, London
Article 3 (1) AI Act defines an ‘AI system’ as a “machine-based system that is designed to operate with varying levels of autonomy and that may exhibit adaptiveness after deployment, and that, for explicit or implicit objectives, infers, from the input it receives, how to generate outputs such as predictions, content, recommendations, or decisions that can influence physical or virtual environments”. The definition is based on an earlier The Organisation for Economic Co-operation and Development (OECD) definition. The legal definition itself is quite broad and not necessarily specific to AI, as many traditional software systems also process inputs to generate outputs. However, recital 12 AI Act further specifies characteristics of the term, in particular those that serve to distinguish it from “simpler traditional software systems or programming approaches”. The EU Commission published further guidelines on the definition to address any uncertainties. These are, however, not yet formally adopted.
The definition of AI in the AI Act
The first obligations of the European AI Act (Regulation (EU) 2024/1689) apply since 2 February 2025, and the second case concerning the AI Act is already pending before the CJEU2. However, this case from Poland, in particular, is subject of heated debate as to whether the AI Act applies at all. The case concerns software used in the judiciary to distribute incoming cases. It is questionable whether this software actually constitutes an AI system in terms of the AI Act and whether the AI Act applies. If even the courts are unsure whether the products in question are AI, this naturally leads to further uncertainty in practice – which is exploited, sometimes unintentionally but also intentionally, in the form of so-called AI washing.
The fine print of AI hype
The legal risks of AI washing
ith the first obligations under the European AI Act1 now applicable, legal uncertainties are emerging -
W
particularly concerning the scope of the definition of Artificial Intelligence (AI). A pending case before the Court of Justice of the European Union (CJEU) underscores these uncertainties and highlights the emerging phenomenon of ‘AI washing’, where companies embellish claims about their use of AI. As the prominence of AI increases, so does the scrutiny of its accurate representation.
Although the AI Act’s definition of AI merely identifies which applications fall under its regulation, establishing a consistent understanding could have an impact in other areas. While a clearer definition of AI should help reduce confusion, it also increases the risk of heightened regulatory scrutiny. As public awareness grows, so does the potential for more frequent allegations of fraud.
In this context, the term ‘AI washing’ is becoming increasingly common. AI washing describes the embellishment of AI-related facts. This can be the case, for example, with statements about the existence of AI, the handling of AI or the use of AI by companies.
Experts have different theories about the roots of this new phenomenon. On the one hand, it is attributed to the lack of a precise definition of AI (or AI system when using the differentiation in the AI Act), which makes AI washing possible in the first place. In addition, some experts see the problem in the lack of technical understanding at senior management level and the pressure to constantly innovate. There is a fear of missing out on the AI hype in many companies.
AI washing is the new greenwashing
On the other hand, it is believed that many are eager to jump on the bandwagon and exploit the advertising factor associated with the buzzword AI. This can even lead to deliberate misrepresentation. For example, the capabilities of AI are exaggerated, or the term ‘intelligence’ is used in a misleading way. This is the case, for example, if the software does not use any learning algorithms and makes decisions without having been explicitly trained to do so.
The AI Act, while aimed at regulating AI use, is not explicitly crafted to address AI washing. Rather, it may represent a positive step toward promoting greater transparency in how companies utilise AI.
Transparency obligations If the software in question is indeed an AI system within the meaning of the AI Act, provider and deployer are subject to transparency obligations under Article 50 AI Act, depending on the type of AI used. In the case of a high-risk AI system, the transparency obligation under Article 26 (11) AI Act also applies, pursuant to which deployers of high-risk AI systems shall inform the natural persons that they are subject to the use of the high-risk AI system. Any violation of these obligations may result in deterrent fines in accordance with Article 99 (4)(e) and (g) AI Act.
In addition to the transparency requirements of the AI Act, there are also disclosure requirements under unfair competition law. Unfair competition law covers any commercial practice intended to promote the sale or purchase of goods or services and therefore also applies to the advertising of AI products.
Legal pitfalls of AI washing
Additionally, directors may be personally liable to the company for false statements in annual reports and may face administrative sanctions under the German Securities Trading Act (Gesetz über den Wertpapierhandel), the German Investment Code, the Capital Investment Act and various EU regulations. Possible criminal liability In addition to the above-mentioned liability risks, criminal prosecution cannot be completely ruled out either. In addition to administrative offences and criminal provisions under unfair competition law, criminal liability for fraud or capital investment fraud may also be considered under certain circumstances. Although there is no case law on this yet, it should be kept in mind.
Liability of companies and directors However, if a company falsely claims that it deploys or develops AI and thus engages in AI washing, it faces liability risks. For one, the company might be liable to its investors. The company’s liability to investors arises mainly from incorrect or incomplete information in prospectuses under the German Securities Prospectus Act (Wertpapierprospektgesetz) and related laws, allowing investors to claim damages. The German Investment Code (Kapitalanlagegesetzbuch) and the German Capital Investment Act (Vermögensanlagengesetz) also regulate liability for misleading information in investment documents. Under corporate law, misrepresentation in annual reports, especially regarding AI applications, can lead to liability under the German Commercial Code (HGB) and the German Stock Corporation Act (Aktiengesetz).
Tort liability may arise under the German Civil Code (BGB) if incorrect information is disseminated to a wide audience, with particularly serious cases falling under sec. 826 German Civil Code (BGB) for offending common decency. The company may also face liability to third parties for false public advertising under the Unfair Competition Act (UWG) and under contract law principles like culpa in contrahendo.
As illustrated above, there are significant legal risks associated with AI washing. These include, of course, the possibility of fines being imposed by the authorities.
This is already happening in the United States, for example. Last year, the US Security and Exchange Commission (SEC) took action against two investment advisors for making “false and misleading statements about their purported use of artificial intelligence.” Both firms agreed to settle the SEC’s charges and pay a total of USD 400,000 in civil penalties. The SEC found that the respective companies “marketed to their clients and prospective clients that they were using AI in certain ways when, in fact, they were not”.
Investors are also getting involved and taking action against false claims about AI. In February and March of this year, investors filed a securities class action lawsuit against two companies for alleged AI washing in the US. The complaint alleges, among other things, that the company in which the investment was made misrepresented its position and ability to capitalise on AI. The complaint alleges that the company’s statements omitted material facts and caused investors to purchase the company’s securities at “artificially inflated prices.”
AI washing gives rise to legal claims
To avoid any claims because of AI washing, companies should fact-check any statements made on their behalf. Statements made by companies about AI should be consistent across the company’s communications, including investor presentations and other marketing activities. This applies not only to consumer advertising but in general. Otherwise, there is a risk of legal action from investors and customers.
When a company purchases software, it should thoroughly check the software for the presence of AI. This is not only to get to the bottom of any false claims about the existence or capability of AI, but also to be able to assess any possible responsibilities and obligations under the AI Act. When developing software independently, all statements should also always be checked for accuracy to avoid false claims.
Practical guidance for companies and insurers
Frauke Tepe, LL.M. Associate, Düsseldorf
Jan Spittka Partner, Düsseldorf
European Union. (2024, June 12). Regulation (EU) 2024/1689 of the European Parliament and of the Council. EUR-Lex. https://eur-lex.europa.eu/legal-content/EN/TXT/?uri=OJ%3AL_202401689 Court of Justice of the European Union. (2025, February 26). Judgment Document (DocID: 298104). Europa. https://curia.europa.eu/juris/showPdf.jsf?docid=298104&doclang=EN
Alan Wood Partner, Riyadh
Richard Elks Partner, London
Joint venturing provides an opportunity to accelerate innovation and project delivery through collaboration. For larger, capital-intensive projects, such as energy or construction projects, multinationals can access the resources they require at scale in a faster time than building everything themselves. And by sharing in-depth knowledge, expertise, talent or intellectual property (IP) they can deploy in new markets, or develop new ideas, products, technologies or processes and shorten the research and development (R&D) cycle.
Cross-border joint ventures
Why strategic partnerships make sense in turbulent times
Moreover, challenges that may seem daunting to a foreign company may not faze a local collaborator that is used to the business political, social or cultural climate in their country. Plus, by acting as a national or regional sponsor, local partners can also help to smooth over any resistance to multinational involvement in a particular market.
Of course, partnering with one or more companies in a different jurisdiction is not without its challenges, and there are several important considerations to bear in mind before entering into a JV. These include:
Alignment of the parties’ objectives: Businesses need to ensure that the commercial goals of the JV are clearly articulated and agreed upon, with key performance indicators (KPIs), deliverables and milestones set out in advance, so everyone is pulling in the same direction, and each partner is clear on how they benefit. This can be more challenging in countries where foreign companies are in effect required by law to JV with a local enterprise (due to foreign ownership restrictions) to be able to do business. In such cases, the local partners’ motivations, goals and contribution may differ from JVs where such legal obligations do not exist and where each party has a clearer role in the success of the venture.
How to maximise success
Understanding what each party will bring to the venture: Valuing the upfront and future contribution of each partner is critical, not just in terms of finance and assets, but also expertise, skills, goodwill and market relationships. This ensures each partner is playing their part and will be appropriately rewarded.
Due diligence: Whether they are created for a particular project or as open-ended collaborations, JVs create a relationship between the partners and so it is essential that each conducts proper diligence on the other to identify legal, financial or reputational risk issues and ensure an alignment in terms of management style, and commitment to regulatory compliance.
Structuring: A variety of factors will impact the appropriate structure for each particular joint venture. These may include tax, local ownership requirements, foreign exchange restrictions and exit strategies. It is important that all these factors are identified at the outset and reflected to the structuring of the particular joint venture.
Ensuring clarity on financing requirements: As well as having clarity over how much initial capex will be required, it is essential to consider how ongoing capex, working capital financing needs, and contingency costs will be met. This will avoid surprises and potential disputes and help ensure that objectives can be achieved.
Considering the ‘what-ifs’: There will be many unknowns ahead, but it is still possible to identify and prepare for potential changes that are reasonably foreseeable. The parties need to plan for eventualities such as macroeconomic or geopolitical events which might make the continuation of the JV impossible or no longer viable —for example, a major change in government policy, the imposition of sanctions or import/export bans, or, as happened in 2020, a pandemic.
Agreeing the JV’s lifetime and exit options: Some JVs are designed to deliver a specific project, others may have a set timeframe, or they can be open-ended. It is crucial to establish at the outset what outcomes the parties want to achieve and when, and align on exit scenarios.
Working together to instil good governance: Due to their size and global footprint, multinational businesses are often held to a higher standard of governance and regulatory compliance than privately held local partners, even where that partner is itself a multi-billion business. Therefore, the JV may need to adhere to listing constraints or regulatory requirements that local partners are unfamiliar with. Education and training may be needed, and governance policies and procedures established for decision-making and oversight.
Sukri, A. (2025, May 22). With Dealmaking Uncertain, Joint Ventures Offer CEOs an Edge. BCG. https://www.bcg.com/publications/2025/with-dealmaking-uncertain-alliances-hedge-uncertainty
or businesses looking to expand their capabilities or move into new or less familiar markets, forming a joint venture (JV) with another company—rather than entering the market through an acquisition or
building new operations themselves from scratch—has long been an attractive option. Today, as multinational companies seek growth opportunities in an extremely volatile economic and geopolitical environment, the benefits JVs can offer become even clearer.
Against a backdrop of escalating trade wars and regional conflicts, forging a strategic alliance with a local partner in a particular country or in respect of a particular project can help multinationals mitigate the impact of tariffs, create resilience in supply chains, navigate challenges as they access unfamiliar markets and manage their capital expenditure. Here, we look at some of the key advantages and risks JVs pose, and what businesses looking to joint venture need to think about to ensure success and create long term value.
Why are JVs so attractive?
Joint ventures have proved popular during periods of economic turmoil before. According to BCG, during the post-Covid recession in 2020, JV activity increased by 6%, while M&A deal volumes saw an 8-10% fall. The dynamics of 2025 may be different, with the threat of tariffs and geopolitical turbulence as major drivers, as companies seek ways to minimise export and import duties, shorten or strengthen supply chains or overcome other trade barriers by leveraging local operations. However, the underlying rationale remains the same: their adaptable and capital-efficient nature and ability to share risk and expertise enables companies to pursue growth with reduced risk.
In a global context, undertaking a JV can provide multinationals looking to move into markets where they do not have their own presence with the essentials they lack, pooling financial resources with their JV partner. They can leverage their partner’s local experience and market intelligence, access to customer bases or pre-existing operational capabilities and infrastructure on the ground. Meanwhile, the partner benefits from the multinational’s global reach, brand value, financial firepower, broad skills base and expertise.
Flexibility is another major benefit. JVs can be tailored to suit specific requirements in terms of timeframes, locations or goals, and can evolve and change as the relevant economic, market or project conditions change. JVs can take many forms, from creating a new legal entity with shared ownership to contractual or licensing agreements. Likewise, JVs can be used in various situations, from project or time specific to open ended.
Having the difficult conversations: The establishment of JVs tend to be more friendly, collaborative and relationship-driven than acquisitions, but the JV partners still need to have suitable assurances and contractual protections in place, especially as personnel and circumstances will change over time. Agreements can be more flexible, less complicated and ‘lighter touch’ than in an M&A deal, but they must be robust, nonetheless.
Anticipate change: The JV documentation should be regularly reviewed and refreshed to ensure it remains appropriate for today’s fast-changing macro landscape as well as any internal developments. To cope with any major new political diktats or regulatory duties, mechanisms should be created so it is possible to work through any issues and determine what will happen if an agreement cannot be reached between the parties or the JV needs to be terminated early.
Review and adapt: Joint ventures are like living things — no two are exactly alike, and they will inevitably evolve over their lifespan. This agility is among their biggest plus points, especially during periods of uncertainty and upheaval, enabling partners to share financial risk in a way that makes sense for both partners and benefit from each other’s complementary capabilities and attributes. However, careful structuring and management is required to unlock the value they offer and ensure they deliver as expected for all partners, in any conditions.
yber threats are one of the fastest-evolving risks companies face, so staying ahead of regulatory compliance and being prepared for whatever malicious actors may have in store next is vital and challenging in equal measure.
Our podcast series is designed to enhance organisations’ visibility over key developments, upcoming issues and emerging threats, providing critical insights and analysis to help mitigate risk and improve preparedness, should a data breach or cyber attack occur.
C
Rosehana Amin Partner
Authors
Copy Normal 18/22 or 18/24 -10 -20 -30
H1 20 BOLD ALL CAPS
AI is often described as a “force multiplier”3 – meaning that early adopters can make progress faster and faster as AI augments their capabilities, leaving the rest falling further behind. This applies to every industry, not just ‘high-tech’ sectors. For example:
Bullet 1
Bullet 2
Bullet 3
H2 18 semi-bold
Intro Semi Bold 20/30 -20
of respondents saying their organisations now use it in at least one business function, up from 33% IN 2023.
71%
A global AI survey by McKinsey found that genAI usage jumped sharply last year, with
H3 18 Teal. Body Normal 18/22 18/24
5 key steps
employers should take when using AI in the workplace
Title
By XX
Partner
Organisations without AI capabilities may struggle to meet evolving legal expectations, risking fines, sanctions, or reputational harm
QUOTE
Singla, A., Sukharevsky, A., Yee, L., Chui, M., & Hall, B. (2025, March 12). The state of AI: How organizations are rewiring to capture value. McKinsey. https://www.mckinsey.com/capabilities/quantumblack/our-insights/the-state-of-ai (2023, June 1). Generative AI to become a $1.3 trillion market by 2032, research finds. Bloomberg Intelligence. https://www.bloomberg.com/company/press/generative-ai-to-become-a-1-3-trillion-market-by-2032-research-finds/ Ringdahl, K. (2025, April 14). Generative AI is the greatest force multiplier in agile history. Forbes. https://www.forbes.com/councils/forbestechcouncil/2025/04/14/generative-ai-is-the-greatest-force-multiplier-in-agile-history/
Isabel Simpson Partner, London
Lamisse Bajunaid Partner, Jeddah
Contributors
Article 1
Article 2
Article 3
Article 4
Article 5
Contents
