Lessons from high-profile compliance failures (and how to avoid them)

Decision focus team
September 24, 2025

It’s never long before another high-profile and highly consequential compliance failure hits the headlines. Though the industries and circumstances in which they arise may differ, the themes running through them and their impacts are often remarkably consistent. From governance lapses and ignored warnings, to toxic working cultures… invariably, omissions and malpractices result in eroded trust, plus costly (and sadly, in some cases, tragic) consequences.

For GRC professionals, high-profile compliance failures throw up invaluable lessons. These prominent UK, Danish and U.S. compliance scandals are just a handful of examples – no sector is invulnerable and high-profile compliance failures can happen across all geographies and jurisdictions.

Lessons from high-profile compliance failures in the UK

One example is Santander UK’s failure to act on Anti Money Laundering (AML) red flags across hundreds of thousands of business accounts was a high-profile compliance event. One translation business expected to handle £5,000 monthly instead moved millions, but corrective action was delayed by 18 months. In 2022 the Financial Conduct Authority (FCA) fined the bank £107.7 million for suspicious activity persisting unchecked and weaknesses in its controls. The issue here wasn’t purely lack of failsafe rules but lack of urgency in acting on them.

Failings in AML controls highlighted that dynamic monitoring is critical. Systems must scale with an organisation’s risk footprint, and compliance teams must have the resources to act on red flags.

In the recent Post Office Horizon scandal, over 900 sub-postmasters were wrongfully prosecuted for financial shortfalls due to defects in the Horizon IT system.  By early 2025, convictions were being quashed and compensation exceeding £1 billion promised. But the real compliance failure here wasn’t technical, it was cultural. Leaders refused to challenge the software, even as evidence mounted and the human fallout – in terms of lives ruined and even lost - mounted.

What can we take away from this terrible compliance failure? Robust validation, independent audit and a culture that questions system outputs are critical. Never assume that a system is infallible - especially when evidence is being used in criminal proceedings.

Another tragic example is the 2017 Grenfell Tower disaster, which claimed 72 lives and was traced back to decades of systemic neglect, including unsafe cladding, misleading product marketing and regulators ignoring warnings.

Risk warnings must not be suppressed. Compliance must be embedded - from boardrooms to technical staff - with clear accountability across stakeholders. Public safety must be prioritised over cost cutting via loose regulatory oversight.  These are but a few off many lessons hard-learned from the Grenfell tragedy.

Lessons from high-profile compliance failures in Denmark

Denmark, which enjoys a reputation for integrity and transparency, also offers instructive cases for GRC professionals.

The Danske Bank AML scandal was one of Europe’s largest money-laundering cases, with €200 billion in suspicious non-resident transactions flowing through its Estonian branch. The branch operated with its own systems and minimal integration into Danske’s risk and control frameworks. Internal alerts, including those from a mid-level executive in 2014, were disregarded. Automated transaction monitoring was absent, sanctions screening was poor, and executive leadership did little to act.

In the aftermath, Danske pled guilty in U.S. court, paying over $2 billion in fines, and faced a domestic order to pay 4.7 billion DKK (~$670 million). Leadership changes ensued, including the CEO’s resignation. Compliance staffing was significantly enhanced: from 200 in 2018 to 500 by end of 2020, with recruitment of high-profile compliance experts.

From this we learn that siloed operations, weak oversight and failure to act on internal warnings can be catastrophic. AML/transaction monitoring systems must be integrated, effective and backed by empowered compliance staff aligned across geographies.

A more recent case, April 2025, is that of the Council of Europe’s Group of States against Corruption (GRECO) flagging Denmark for failing to implement most anti-corruption recommendations from both its Fourth and Fifth evaluation rounds. Only a small fraction of suggestions had been acted upon, pressuring tighter integrity frameworks in parliament and law enforcement.

This example serves to highlight that long-term non-compliance in institutional governance erodes trust. Real commitment, not rhetoric or lip service, is required to embed codes of conduct, enforce transparency and manage conflicts of interest among public officials.

Lessons from high-profile compliance failures in the US

Stateside, some of the most  high-profile compliance failures serve as stark reminders of the severe consequences of ignoring governance, transparency  and risk management - ranging from catastrophic loss of life to legal ruin and irreparable reputational damage.

One instance, the Boeing 737 MAX safety scandal – resulting in two fatal plane crashes in 2018 and 2019 respectively - involved a flawed automated flight control system (Manoeuvring Characteristics Augmentation System, MCAS) caused by a single faulty sensor and a lack of transparency from Boeing about this system to regulators and pilots.

The 737 aircraft was grounded worldwide for nearly two years and intense scrutiny over safety and compliance ensued. In 2021, Boeing agreed a settlement to resolve a criminal charge of conspiracy to defraud the Federal Aviation Authority (FAA) agreeing to pay a $2.51 billion fine to avoid prosecution. That fine included a $243.6 million criminal penalty, a $500 million fund for the victims’ family members and $1.77 billion for its airline customers.

What can we take away from this? Never compromise safety for speed or cost. Ensure transparency with regulators and oversight bodies. And implement resilient safety and compliance infrastructures that prioritise human life and secondly long-term reputation.

Another US compliance failure example is that of Wells Fargo employees, under pressure to attain unrealistic targets, creating millions of unauthorised checking and savings accounts plus credit cards, in the names of existing customers.

This fraud came to light in September 2016 when Wells Fargo was fined $185 million by regulators, including the Consumer Financial Protection Bureau (CFPB) and the City and County of Los Angeles.

It serves as a stark reminder of the potential consequences of lax oversight, a problematic corporate culture, and the absence of robust checks and balances within large financial institutions – where ethical business must take priority over short term gains; internal controls can prevent unethical behaviour from escalating out of control; and regular audits should safeguard stakeholders’ interests.

How to avoid high-profile compliance failures

Serving as cautionary tales, compliance failures share several common themes, some of which are listed below, together with the preventative actions that can drive best practice and help your organisation do better:

Risk awareness needs to be pervasive

Adopt a ‘tone from the top’ that models ethical compliance and empowers all levels to question and escalate.

Safety and governance failures

Build strong governance structures, especially when human life or public interest is involved.

Systems can't stagnate

Ensure AML/IT systems grow with your business. Conduct regular audits and revisions, even for legacy tools.

Know the systems you trust

Validate IT systems independently, especially those with legal or sensitive outcomes (e.g. Horizon.)

Poor AML infrastructure

Invest in unified, automated transaction monitoring and KYC (Know Your Customer) systems.

Siloed operations

Integrate control frameworks and reporting across all branches and geographies.

Human oversight matters

Automate wisely but don't rely solely on technology. Skilled staff must interpret anomalies and ensure timely action is taken.

Under-resourced compliance departments

Recruit and retain skilled staff and ensure compliance teams have influence and visibility. Drive a culture that enables escalation without fear.

Transparency lapses

Champion transparency and comply with reporting obligations immediately.

Regulatory engagement is non-negotiable

Your risk and governance frameworks must meet, if not exceed, regulatory expectations.

Cultural change is foundational

Foster a culture where compliance is seen not as a hurdle, but as an enabler of trust and resilience.

Invest in a GRC system that safeguards your compliance

Decision Focus’ dynamic compliance solution provides regulatory compliance frameworks covering Financial Services and IT compliance through to SOX compliance and data privacy.

Download our factsheet ‘An Integrated Approach to Compliance Management’ or book a demo for a solution walk-through.

Related articles
21 July 2023
Take 5 steps forward in regulatory reporting
Read more
Line-Arrow-Right
11 June 2025
Decision Focus secures two prestigious InsuranceERM Americas Awards 2025
Read more
Line-Arrow-Right
28 February 2023
Decision Focus wins second InsuranceERM Award: Operational Risk Solution of the Year 2023
Read more
Line-Arrow-Right
31 October 2024
Decision Focus acquires LinkGRC – forming a combined GRC powerhouse
Read more
Line-Arrow-Right
Any questions?
Or just curious to see a demo
The Decision Focus team are here to answer your questions.
Book a demo
Contact us
Solutions
ERMOP ResTPRMISMSDORAECESOXAuditAIGRC Software
Platform
OverviewSecurityNo-codeIntegrations
Resources
ArticlesWhitepaperWebinarsEventsCase StudiesBrochuresGDPR
Contact
United Kingdom
Office CC3.19
Kennington Park, 1-3 Brixton Road
London, SW9 6DE
0204 578 2107
Denmark
Banevænget 13
3460 Birkerød
Enquires
[email protected]
© 2025 Decision Focus
United Kingdom