What the UK’s 2025 National Risk Assessment Means for Financial Crime Compliance

The UK’s 2025 National Risk Assessment of Money Laundering and Terrorist Financing has landed, and for regulated firms, this one’s hard to ignore.

More than just a refresh of previous assessments, this NRA signals a shift in how firms are expected to assess and respond to financial crime risk. With a sharper focus on sector-specific threats, emerging typologies like crypto laundering and AI misuse, and the introduction of System Prioritisation, the direction of travel is clear: firms must take a more dynamic, threat-informed approach to risk management.

At FINTRAIL, we’ve reviewed the assessment in full. Below, we’ve broken down the key changes, the sectors most affected, and what this all means for your financial crime compliance framework.

Whether you’re updating your firm-wide risk assessment or refining controls across specific products and services, this post is designed to help you get ahead of the curve — and stay there.


What Are the Key Financial Crime Threats in the 2025 NRA?


Money laundering threats

The UK continues to face a high level of money laundering (ML) risk, with the 2025 National Risk Assessment highlighting how ongoing geopolitical developments are influencing the threat landscape.

While traditional risks such as cash-based money laundering and the misuse of UK-incorporated companies remain prevalent, the rapid adoption of new financial technologies has introduced additional vulnerabilities. These include increased ML risks linked to Electronic Money Institutions (EMIs), Payment Service Providers (PSPs), cryptoassets, and the emerging use of Artificial Intelligence (AI) in financial services.

In the wake of Russia’s invasion of Ukraine, the NRA notes a growing convergence between money laundering, kleptocracy, and sanctions evasion.

All regions of the UK remain exposed to ML threats, with urban areas (particularly those with higher levels of organised criminal activity) more likely to experience elevated risk levels.


Terrorist financing threats

The 2025 National Risk Assessment highlights that terrorist financing (TF) is not always linked directly to attack planning. In many cases, some or all stages of terrorist financing may occur outside the UK, while still posing a threat to the UK.

The NRA breaks down TF-related financial flows into four key stages: generating, moving, storing, and spending funds. It identifies which regulated sectors are most likely to be exposed at each stage and provides examples of common methods used. These flows often vary depending on the type of terrorist organisation, particularly in relation to its size and whether its activities are domestic or international.

When funds are raised within the UK, they are most commonly sourced through legitimate means, such as salaries or personal loans, rather than criminal activities like fraud or drug trafficking. These funds may be used within the UK or transferred abroad to individuals, accounts, or wallets associated with a specific “cause” or organisation.


How Criminals Launder Money: Typologies and System Prioritisation

The 2025 National Risk Assessment outlines the most common money laundering (ML) techniques currently observed in the UK. Where possible, these typologies are linked to specific predicate offences and the regulated sectors most likely to be exposed.

  • Cash – While the use of cash in legitimate transactions continues to decline, the number and total value of banknotes in circulation has increased. Cash remains a widely used tool for criminals. It is often pooled into larger sums before being introduced into the financial system via deposits into retail banks, the Post Office, gambling services, or the purchase of high-value goods.

  • Informal Value Transfer Systems (IVTS) – Systems such as hawala and Chinese Underground Banking are frequently used for both money laundering and terrorist financing. Criminals perceive these systems to have weaker controls, and their structure — allowing access to value stores across multiple jurisdictions — makes them particularly useful for international laundering networks.

  • Cryptoassets – The use of cryptoassets to launder proceeds of crime is rising. These assets are not only used to move illicit funds but are increasingly acquired through criminal means such as cybercrime, ransomware attacks, and crypto thefts. However, there is currently limited evidence that crypto use has displaced more traditional laundering methods.

  • Trade-Based Money Laundering (TBML) – The UK’s position as a global trade hub exposes it to significant TBML risk. Criminals exploit international trade transactions to disguise the movement of illicit value, using false invoicing, misrepresentation of goods, or shell trading to legitimise the origin of funds.

  • Property – Property remains an attractive method of laundering due to the large sums that can be moved and the perceived stability of the asset class. Criminals often use property as a final integration step, following other laundering stages, in order to distance illicit funds from their source and provide a sense of legitimacy.

  • Companies and Trusts – The misuse of lawful corporate structures, including trusts, continues to be widespread. These vehicles may be directly controlled by criminals or involve third-party nominees and professional service providers to obscure beneficial ownership and facilitate complex layering.

  • Professional Enablers – Criminals can exploit the skills and credibility of professionals to support laundering activity. This typically involves sectors such as legal services, accountancy, and trust and company service providers (TCSPs), where specialised knowledge can help conceal illicit wealth.

One of the most significant changes introduced alongside the NRA is its alignment with the UK’s Economic Crime Plan 2 (2023–2026) through the concept of System Prioritisation. This mechanism allows participating segments of the regulated sector to better allocate their internal resources on a cost-neutral basis, while still meeting their regulatory obligations.


Which Sectors Face Higher Risk in 2025?

Whilst ML/TF risk levels for different sectors regulated under the MLRs remain mostly unchanged, there are a couple of notable exceptions, particularly in relation to EMI/PSPs and crypto firms.

  • Retail banking – The ML/TF risks for retail banking remain high. The sector continues to be persistently targeted by criminals, as integrating illicit funds into the legitimate financial system is often necessary to spend, store, and use criminal proceeds. The characteristics that make retail banking attractive to legitimate users — accessibility, ubiquity, and speed — also increase its vulnerability to exploitation for terrorist financing.

  • EMI/PSPs – The ML/TF risks in the regulated EMI and PSP sector have increased from medium to high. Rapid scaling since 2020, increased complexity (e.g. virtual IBANs), and a diversification of services have contributed to the sector’s attractiveness for criminals, providing more options to manage and launder funds across borders.

  • Crypto – The risk of money laundering through cryptoassets has increased from medium to high. This change is driven by both the rising criminal use of cryptoassets and the broader increase in licit public adoption, coupled with the speed at which funds can be moved. While the risk of registered cryptoasset firms being used to finance terrorism has increased, it remains rated as medium.

  • MSBs – The ML/TF risks associated with Money Service Businesses (MSBs) remain high. Cash continues to be widely used by criminals, who exploit features of the MSB sector to move or convert illicit funds. The low cost of transferring funds and the ability to reach a wide range of high-risk jurisdictions continue to make MSBs an attractive and accessible means for terrorists to move small amounts of money quickly in and out of the UK.

  • Other regulated sectors – Among other regulated sectors, the ML risk for casinos has increased from low to medium. In contrast, the ML risk for Art Market Participants and Letting Agency Businesses has decreased — from low to medium and medium to low, respectively. The TF risk for Wealth Management and Trust or Company Service Providers has risen from low to medium.


How to Use the 2025 NRA to Strengthen Your Risk-Based Approach

The 2025 National Risk Assessment offers valuable insights that can help regulated firms refine their risk assessments and control frameworks. Use the following prompts to evaluate your current approach:

  • Is your regulated sector named in any ML typologies outlined by the NRA?
    Consider how these typologies could manifest within your firm and whether your existing controls are equipped to mitigate them.

  • Is your regulated sector named in any TF mechanisms outlined by the NRA?
    Reflect on how your products or services could be involved in the generation, movement, storage, or spending of funds linked to terrorist financing.

  • What is your firm’s exposure to high-risk jurisdictions?
    Review your cross-border activities in light of the jurisdictions flagged in the NRA as particularly relevant to ML and TF risks — both those faced by the UK and those it poses externally.

  • Are you aligned with the UK’s System Priorities?
    The government has now published the first set of System Priorities, outlining the financial crime threats that regulated sectors should focus on. These priorities aim to support a more strategic, coordinated approach to financial crime prevention. Firms should review how their current frameworks align with these national priorities and be prepared to operationalise them as part of their ongoing risk-based approach.


Conclusion

The 2025 National Risk Assessment is a welcome step forward. For the first time, there is a sense that the UK is starting to take a genuinely threat- and risk-based approach to tackling financial crime. As our CEO, Robert Evans, put it:

“If we are honest with ourselves, to date the UK (and international) framework has been inherently ineffective and inefficient... So it is fantastic to see that this latest iteration is going to be complemented by annual typology and threat updates... This should mean that sectors covered by the MLRs can start to shift to a much more threat-informed approach to financial crime prevention in the UK.”

That shift won’t happen overnight. But with System Prioritisation, more granular typologies, and sector-specific risk guidance, firms now have a clearer direction of travel — and a stronger foundation to recalibrate their risk-based approach.

If you’re reviewing your firm-wide risk assessment in light of the new NRA or want support interpreting its implications for your business model, FINTRAIL can help. We work with fintechs, payments firms, and financial institutions to build risk assessments that are practical, defensible, and aligned with evolving regulatory expectations.

Get in touch if you'd like to have a conversation.

Free resources

Access free resources designed to help strengthen your anti-financial crime controls.

Partner with us

We love to support projects that combat financial crime -
get in touch to find out more.