Resources

The UK's 2025 National Risk Assessment: AI, predicate offences and the future of ML/TF risk

08 September, 2025

Summary

Fraud is now driving record levels of illicit funds, with 4.1 million incidents reported in 2024. Yet despite this pressure, the UK’s 2025 National Risk Assessment (NRA) shows that most sectors’ ML and TF risks remain unchanged since 2020.

Instead the story is one of shifting dynamics: digitalisation and opacity continue to shape vulnerabilities, and AI has already entered the picture through phishing, fake accounts and mule recruitment. The assessment looks ahead to likely next steps such as AI-enhanced identity theft, targeted mule grooming and attempts to evade automated defences, with a longer horizon that includes large-scale deception, automation and adversarial attacks.


 

The UK’s 2025 National Risk Assessment of Money Laundering and Terrorist Financing (NRA) offers a forward look at how illicit finance is evolving.

For MLROs, the document is both reassuring and challenging: reassuring because most sectors’ money laundering (ML) and terrorist financing (TF) risks have not increased since 2020; challenging because the trends it highlights – predicate offences, sector vulnerabilities and the emerging role of AI – suggest that criminals are preparing for a step change in sophistication.

Predicate offences: what drives the market

  • Fraud dominates. In the year ending December 2024 there were an estimated 4.1 million fraud incidents in England and Wales, a 33% increase on 2023. Fraud now makes up over 43% of recorded crime. High harm types include investment fraud, romance fraud, courier scams and payment diversion fraud.
  • Sanctions evasion has spiked since Russia’s invasion of Ukraine, with UK financial sanctions covering over 3,600 individuals and 990 entities.
  • Drugs, acquisitive crime, modern slavery, human trafficking and environmental crime all continue to feed the laundering pipeline.

The takeaway is clear: criminal proceeds are growing, diversifying and becoming more international.

MLROs may want to view the increase in illicit flows through this lens when considering how exposure presents itself in their own sectors and specific organisations.

Sector forward looks: digitalisation and opacity

Most sectors retained their 2020 risk ratings. But the NRA’s Forward look sections highlight evolving risks:

Execution-only platforms

Online apps in wealth and retail investing “may make ML activity more difficult to identify”.

Family offices

At least 1,000 UK family offices manage over £700bn, many outside regulation. Privacy and legitimacy remain attractive to criminals.

High-value markets

Art, property and luxury goods sales are shifting online, making provenance and beneficial ownership harder to verify.

NPOs

Charities operating in conflict zones face TF diversion, often facilitated by weak oversight and digital fundraising platforms.

Professional enablers

Lawyers, accountants, and Trust and Corporate Service Providers (TCSPs) continue to struggle with consistent CDD, and are targeted by criminals for their ability to layer and legitimise funds.

The pattern is clear: digitalisation increases accessibility and anonymity while opacity in ownership and structures sustains vulnerability.

AI's current use and logical next steps

The NRA dedicates a new section to AI, acknowledging both its promise and its threat. It states: "Current use of AI for money laundering is not fully understood but is not currently believed to be widespread.”

What's happening now? 
  • Synthetic bank account creation
  • Fraud and impersonation
  • Phishing
  • On-boarding of money mules

These are not hypothetical, they are happening. But the NRA also projects forward.

What's expected next
  • AI-enhanced mule recruitment - automated scanning of social media for vulnerable targets, followed by chatbot-driven grooming.
  • AI-driven identity theft – higher quality synthetic IDs that defeat onboarding checks.
  • Use of AI to evade money laundering defences – adapting existing laundering techniques to bypass automated controls.
What could follow in future NRAs

It doesn't take much to think ahead to the next NRA and consider how AI could be used then:

  • AI for deception at scale – phishing, fake documents, synthetic IDs.
  • AI for automation – smurfing, layering, donor manipulation.
  • AI for adversarial attacks – poisoning compliance AI, high quality deepfakes, training counter-models.

The NRA's AI risks map closely onto the sectoral weaknesses set out in the document

  • Execution-only platforms with AI synthetic IDs lead to easier onboarding of illicit actors.
  • Family offices with AI narrative generation lead to more polished source of wealth justifications.
  • High-value art or property with AI provenance forgery lead to convincing fake certificates.
  • NPOs with AI donor botnets lead to thousands of micro donations simulating grassroots legitimacy.
  • Professional enablers with AI coaching lead to complicit staff trained to survive audits.

The balance of risk: what has not worsened

While AI deserves focus, perspective matters. The NRA stresses that most sectors’ inherent ML/TF risk ratings remain unchanged from 2020.

  • Supervisory capacity has improved (for example more FCA focus on wealth management)
  • Law enforcement engagement has strengthened.
  • The overall environment has not deteriorated, but there are specific shifts at the margins:
    • Predicate offences generating more proceeds.
    • Digitalisation creating new blind spots.
    • AI amplifying both.

Looking ahead

The NRA offers MLROs three clear observations:

1. Predicate offences matter most. Fraud is the biggest generator of illicit funds and sanctions evasion is rising. Screening, monitoring and SAR narratives that reference these drivers are likely to remain central.

2. Digitalisation alters risk. From property lettings to art auctions to online trading apps, criminals are moving quickly to exploit lower touch channels.

3. AI is the accelerant. Current use is mostly limited to phishing, fake accounts and mule recruitment. The logical next step is AI that evades defences, not just pressures them.

“Whilst criminals will continue to use proven methods they also seek to adapt to new opportunities.”

– NRA 2025

The 2025 NRA is not a document of panic but of preparedness. The baseline risk has not spiked, but the vectors of change are clear: more fraud, more sanctions evasion, more digitalisation, more AI.

The forward look is a reminder: criminals’ tools are catching up with compliance tools. The opportunity is for firms to harness AI’s potential faster and more effectively than their adversaries.

 

NRA 2025 points to watch

Training and awareness
  • Build fraud and sanctions evasion typologies into case studies for staff — 4.1m fraud incidents in 2024 show how relevant this is to frontline roles.
  • Include examples of AI-driven phishing and impersonation in refresher training so staff can recognise them in real time.
CDD and onboarding
  • Tighten checks for execution-only platforms, online auctions and lettings — areas where low-touch onboarding makes ML harder to spot.
  • Review beneficial ownership procedures for family offices and complex cross-border structures.
  • Consider how to verify synthetic IDs and challenge suspicious source-of-wealth narratives that may be AI-generated.
Ongoing monitoring
  • Test monitoring rules against sanctions lists, now covering 3,600+ individuals and 990 entities.
  • Consider adapting transaction monitoring to flag micro-donations, smurfing or other automated patterns that AI could generate.
  • Scenario-test how your systems would respond to emerging threats such as mule recruitment or defence evasion.
Escalation and reporting
  • Update SAR guidance to highlight high harm fraud types and sanctions evasion patterns.
  • Encourage staff to escalate uncertainty — especially where documents or behaviour appear “too polished” or inconsistent.
Strategic oversight
  • Keep longer horizon AI threats (deepfakes, data poisoning, large-scale layering) on the radar for policy and board-level discussion.
  • Balance resources — sector risk ratings have not increased since 2020, so focus on strengthening edges rather than wholesale change.

About First AML

First AML comes from the perspective of both a technology provider, but also as compliance professionals. Prior to releasing, First AML’s all-in-one AML workflow platform, we processed over 2,000,000 AML cases ourselves. Understanding the acute problem that faces firms these days as they try to scale their own AML, is in our DNA.

That's why First AML now powers thousands of compliance experts around the globe to reduce the time and cost burden of complex and international entity KYC. Source stands out as a leading solution for organisations with complex or international onboarding needs. It provides streamlined collaboration and ensures uniformity in all AML practices.

Keen to find out more? Book a demo today!

Related