UK National Risk Assessment 2025

The UK government's 2025 National Risk Assessment (NRA) has arrived, offering critical updates on money laundering and terrorist financing risks since the last assessment in 2020. 

This is the first NRA in five years, and the changes are significant. For MLROs, compliance officers, and risk leaders this is more than a document - it’s a blueprint for where financial crime threats are evolving and where regulators will expect them to focus next. 

Read the full report available here. 

Setting the Scene: What It means for Financial Crime Compliance Professionals 

Money laundering perspective 

The 2025 NRA highlights a more complex and adaptive money laundering threat environment, shaped by technological innovation, geopolitical instability, and increased criminal sophistication. Criminals continue to exploit vulnerabilities across both traditional financial institutions and emerging platforms such as cryptoasset firms, payment services, and electronic money institutions. A key concern is the misuse of professional services - particularly legal, accountancy, and company formation services - to obscure the origins of illicit funds through complex ownership structures and cross-border arrangements. The growing integration of cryptoassets into laundering methodologies, often layered through decentralised finance (DeFi) or poorly regulated exchange platforms, presents a rapidly evolving risk. Sectors handling high-value goods such as art, luxury assets, and jewellery remain attractive to money launderers due to the ease of concealment and weak transparency requirements. Crucially, the assessment underscores how layering techniques, sanctions evasion, and the use of front companies continue to challenge even well-resourced compliance programmes. The takeaway for firms is clear: money laundering risks are increasingly dynamic, and a static compliance posture is no longer sufficient. 

Terrorist financing perspective  

The 2025 NRA highlights that while the overall risk of terrorist financing to the UK remains significant, the nature of this threat is becoming increasingly diverse and fragmented. The threat landscape continues to be shaped by both Islamist extremist and extreme right-wing actors, with growing concerns around self-radicalised individuals who rely on small-scale, low-cost methods of attack, making detection more difficult. Funding streams remain varied, including personal donations, abuse of charities, and legitimate income, with a noted increase in the use of digital fundraising platforms and virtual assets to transfer or obscure funds. Crowdfunding, cryptocurrency transactions, and online payment systems are increasingly exploited, often with a cross-border element that makes tracing funds more complex. There is also a persistent risk of abuse within regulated sectors such as banking and money service businesses (MSBs), particularly when controls are inconsistent or insufficiently risk based. The NRA reinforces the need for firms to be alert not only to suspicious transactions, but also to behavioural indicators and activity patterns that suggest ideological or extremist motivation. For firms, this means ensuring that terrorist financing typologies are fully integrated into monitoring systems and staff are trained to detect both financial and non-financial warning signs. 

Money laundering typologies 

Money laundering networks employ both simple and complex methods to disguise the origins of illicit funds, ranging from basic cash transactions to sophisticated international schemes. These activities can involve moving criminal proceeds within the UK, transferring them abroad, or bringing illicit funds into the UK. 

This year’s NRA gives unprecedented attention to virtual IBANs (vIBANs) and agent-led models. Criminals are increasingly exploiting electronic money institutions (EMIs) and Payment Service Providers (PSPs) using vIBAN structures to split transactions across multiple sub-accounts, often through layered, opaque “umbrella companies”. The use of onboarding agents, sometimes without meaningful customer due diligence, has enabled large-scale laundering. Firms must assess agent relationships and revalidate controls around account structuring and vIBAN issuance. 

More generally, EMIs and PSPs are highlighted as posing an elevated risk, as they facilitate fast, cross-border payments often involving multiple currencies and jurisdictions. The increasing reliance on digital payments, combined with the rapid onboarding of customers through remote channels, presents significant challenges for effective customer due diligence and ongoing transaction monitoring. 

Key change: The misuse of vIBANs is now directly linked to major laundering schemes, something not seen in the 2020 NRA. 

Cash remains a core laundering method, particularly through MSBs and informal value transfer systems. While digital payment methods expand, cash still plays a central role in placement and layering. The NRA highlights the continued abuse of currency exchange services, often through fragmented, small-scale retail agents, many of which operate with limited oversight.  MSBs’ vulnerability arises from handling large volumes of low-value transactions, which can mask illicit funds’ layering and integration. MSBs also frequently interface with informal value transfer systems, increasing the complexity of tracking suspicious activity. 

Key change: The NRA reinforces that despite a focus on digital risks, cash-based laundering has not diminished and remains highly relevant. 

The cryptoasset sector now carries a “high” money laundering risk rating. The NRA points to the increasing sophistication of criminals using crypto exchanges, DeFi platforms, mixers, and custodial wallets to move and obscure illicit funds. Particularly concerning is the widespread failure of firms to meet the Financial Conduct Authority’s AML standards and the risk posed by unregistered or offshore platforms. Challenges include the pseudonymous nature of transactions, the use of privacy-enhancing technologies, and regulatory fragmentation, all of which complicate enforcement and compliance efforts.   

Key change: Crypto laundering is no longer ‘emerging’ – it’s systemic, cross-border, and fast-moving. 

A growing concern is the role of professionals, particularly in the legal and accountancy sectors, who knowingly or unknowingly enable the misuse of corporate structures and offshore entities. This includes trusts, nominee arrangements, and shell companies used to distance illicit actors from beneficial ownership. The 2025 NRA also links these mechanisms more explicitly to sanctions evasion and kleptocratic wealth concealment. 

Key change: The risk level for certain trust or company service providers and professional enablers is increasing, especially where services are offered across borders. 

Jurisdictions of concern 

The NRA highlights several high-risk jurisdictions that pose elevated threats for both money laundering and terrorist financing. 

For money laundering, countries like Russia, the UAE, China, Turkey, Nigeria, and offshore jurisdictions such as the British Virgin Islands and Cayman Islands are flagged due to risks involving sanctions evasion, fraud proceeds, and complex offshore structures. These regions are often linked to high-end laundering, corporate secrecy, and professional enablers. 

On the terrorist financing front, jurisdictions such as Syria, Afghanistan, Somalia, Iran, and parts of West Africa are identified for their associations with terrorist groups, informal value transfer systems (e.g. hawala), and weak financial oversight. 

Firms are advised to enhance due diligence and risk scoring where exposure to these countries exists, aligning internal controls with the NRA's evolving risk picture. 

The UK’s evolving financial and regulatory landscape makes numerous sectors particularly vulnerable to money laundering and terrorist financing risks. These sectors face heightened scrutiny due to their business models, customer bases, and the complexity of transactions they process. 

 
What actions should firms take?  

We recommend using the NRA as a strategic anchor for strengthening your financial crime framework, including:  

• Refreshing your Business-Wide Risk Assessment (BWRA) 
• Revising assessments of sectoral and customer risk scores, especially if dealing with crypto, legal services, or professional intermediaries 
• Updating EDD measures for higher-risk clients, structures, and geographies 
• Enhancing training and governance, particularly considering new sanctions evasion typologies 
• Reviewing third-party and cross-border risk, including correspondent banking and trade finance links 
• Testing the adequacy of transaction monitoring and onboarding controls in response to digital risk channels 

Summary 

The 2025 NRA makes one thing clear: a generic approach will no longer cut it.  As threats grow more complex - from crypto anonymity to sanctions circumvention - firms must demonstrate mature, data-driven risk management tailored to their exposure.   

Whether you're reviewing your controls or planning a strategic risk refresh, this is the time to align with UK government insights and pre-empt regulatory pressure.  

How we can help