The UK's 2025 National Risk Assessment: AI, predicate offences and the future of ML/TF risk

Summary

Fraud is now driving record levels of illicit funds, with 4.1 million incidents reported in 2024. Yet despite this pressure, the UK’s 2025 National Risk Assessment (NRA) shows that most sectors’ ML and TF risks remain unchanged since 2020.

Instead the story is one of shifting dynamics: digitalisation and opacity continue to shape vulnerabilities, and AI has already entered the picture through phishing, fake accounts and mule recruitment. The assessment looks ahead to likely next steps such as AI-enhanced identity theft, targeted mule grooming and attempts to evade automated defences, with a longer horizon that includes large-scale deception, automation and adversarial attacks.

The UK’s 2025 National Risk Assessment of Money Laundering and Terrorist Financing (NRA) offers a forward look at how illicit finance is evolving.

For MLROs, the document is both reassuring and challenging: reassuring because most sectors’ money laundering (ML) and terrorist financing (TF) risks have not increased since 2020; challenging because the trends it highlights – predicate offences, sector vulnerabilities and the emerging role of AI – suggest that criminals are preparing for a step change in sophistication.

Predicate offences: what drives the market

• Fraud dominates. In the year ending December 2024 there were an estimated 4.1 million fraud incidents in England and Wales, a 33% increase on 2023. Fraud now makes up over 43% of recorded crime. High harm types include investment fraud, romance fraud, courier scams and payment diversion fraud.
• Sanctions evasion has spiked since Russia’s invasion of Ukraine, with UK financial sanctions covering over 3,600 individuals and 990 entities.
• Drugs, acquisitive crime, modern slavery, human trafficking and environmental crime all continue to feed the laundering pipeline.

The takeaway is clear: criminal proceeds are growing, diversifying and becoming more international.

MLROs may want to view the increase in illicit flows through this lens when considering how exposure presents itself in their own sectors and specific organisations.

Sector forward looks: digitalisation and opacity

Most sectors retained their 2020 risk ratings. But the NRA’s Forward look sections highlight evolving risks:

Execution-only platforms

Online apps in wealth and retail investing “may make ML activity more difficult to identify”.

Family offices

At least 1,000 UK family offices manage over £700bn, many outside regulation. Privacy and legitimacy remain attractive to criminals.

High-value markets

Art, property and luxury goods sales are shifting online, making provenance and beneficial ownership harder to verify.

NPOs

Charities operating in conflict zones face TF diversion, often facilitated by weak oversight and digital fundraising platforms.

Professional enablers

Lawyers, accountants, and Trust and Corporate Service Providers (TCSPs) continue to struggle with consistent CDD, and are targeted by criminals for their ability to layer and legitimise funds.

The pattern is clear: digitalisation increases accessibility and anonymity while opacity in ownership and structures sustains vulnerability.

AI's current use and logical next steps

The NRA dedicates a new section to AI, acknowledging both its promise and its threat. It states: "Current use of AI for money laundering is not fully understood but is not currently believed to be widespread.”

What's happening now? 

• Synthetic bank account creation
• Fraud and impersonation
• Phishing
• On-boarding of money mules

These are not hypothetical, they are happening. But the NRA also projects forward.

What's expected next

• AI-enhanced mule recruitment - automated scanning of social media for vulnerable targets, followed by chatbot-driven grooming.
• AI-driven identity theft – higher quality synthetic IDs that defeat onboarding checks.
• Use of AI to evade money laundering defences – adapting existing laundering techniques to bypass automated controls.

What could follow in future NRAs

It doesn't take much to think ahead to the next NRA and consider how AI could be used then:

• AI for deception at scale – phishing, fake documents, synthetic IDs.
• AI for automation – smurfing, layering, donor manipulation.
• AI for adversarial attacks – poisoning compliance AI, high quality deepfakes, training counter-models.

The NRA's AI risks map closely onto the sectoral weaknesses set out in the document

• Execution-only platforms with AI synthetic IDs lead to easier onboarding of illicit actors.
• Family offices with AI narrative generation lead to more polished source of wealth justifications.
• High-value art or property with AI provenance forgery lead to convincing fake certificates.
• NPOs with AI donor botnets lead to thousands of micro donations simulating grassroots legitimacy.
• Professional enablers with AI coaching lead to complicit staff trained to survive audits.

The balance of risk: what has not worsened

While AI deserves focus, perspective matters. The NRA stresses that most sectors’ inherent ML/TF risk ratings remain unchanged from 2020.

• Supervisory capacity has improved (for example more FCA focus on wealth management)
• Law enforcement engagement has strengthened.
• The overall environment has not deteriorated, but there are specific shifts at the margins:
  • Predicate offences generating more proceeds.
  • Digitalisation creating new blind spots.
  • AI amplifying both.

Looking ahead

The NRA offers MLROs three clear observations:

1. Predicate offences matter most. Fraud is the biggest generator of illicit funds and sanctions evasion is rising. Screening, monitoring and SAR narratives that reference these drivers are likely to remain central.

2. Digitalisation alters risk. From property lettings to art auctions to online trading apps, criminals are moving quickly to exploit lower touch channels.

3. AI is the accelerant. Current use is mostly limited to phishing, fake accounts and mule recruitment. The logical next step is AI that evades defences, not just pressures them.

“Whilst criminals will continue to use proven methods they also seek to adapt to new opportunities.”

– NRA 2025

The 2025 NRA is not a document of panic but of preparedness. The baseline risk has not spiked, but the vectors of change are clear: more fraud, more sanctions evasion, more digitalisation, more AI.

The forward look is a reminder: criminals’ tools are catching up with compliance tools. The opportunity is for firms to harness AI’s potential faster and more effectively than their adversaries.