What’s the UK’s National Risk Assessment?

The UK’s National Risk Assessment, usually referred to as the NRA, is the government’s official assessment of money laundering, terrorist financing and proliferation financing risk across the UK.

It’s produced by HM Treasury and updated periodically. The current version, published in 2025, sets out how the UK identifies, evaluates and understands the threats and vulnerabilities within its financial and professional services system.

At its core, the NRA answers one question: where does the UK believe the greatest money laundering (ML), terrorist financing (TF) and proliferation financing (PF) risks sit, and why?

For regulated professionals, it forms part of the framework that underpins the UK’s risk-based AML regime.

What the National Risk Assessment does

The NRA is a national-level strategic risk assessment. It is not legislation. It does not create new offences or additional regulatory obligations. Instead, it:

• assesses the scale and nature of ML, TF and PF risk in the UK;
• identifies sectors, services and products that are vulnerable to abuse;
• evaluates how criminals and terrorist financiers operate;
• explains systemic weaknesses or exposure points;
• supports the UK’s compliance with international FATF standards.

The assessment draws on intelligence, law enforcement data, supervisory insight and sector engagement. It provides a consolidated national view of ML, TF and PF risk, rather than a sector-specific rulebook.

Why the UK is required to publish it

Under the Financial Action Task Force framework, countries must identify and understand their national risks. This requirement sits at the heart of the global risk-based approach.

The NRA is how the UK demonstrates that it has assessed those risks and is responding proportionately. It also informs:

• government policy development;
• legislative reform;
• supervisory priorities;
• sector guidance.

In that sense, it shapes the direction of the UK’s AML framework, even though it does not itself impose legal duties.

How the NRA fits into your regulatory obligations

If you are supervised under the UK’s Money Laundering Regulations 2017 (as amended) (MLRs), you are required to adopt a risk-based approach. Regulation 18 requires you to carry out a documented business-wide risk assessment. That assessment must consider risk factors relating to your:

• customers;
• services;
• transactions;
• delivery channels;
• geographic exposure.

The NRA analyses and rates these risks. 

You are not expected to reproduce the NRA in your documentation. You are expected to show that you understand how national risk themes may affect your own firm.

Supervisors frequently look for evidence that firms are aware of the latest NRA and have considered its conclusions when reviewing their business-wide risk assessment.

How it influences supervision

Supervisory bodies draw on the NRA when setting inspection priorities and thematic reviews.

If the NRA identifies higher inherent risk in particular areas, supervisors may:

• focus reviews on those areas;
• expect deeper documentation of risk decisions;
• test how firms apply enhanced due diligence;
• examine business-wide risk assessments more closely.

In that sense, the NRA helps to shape the tone of supervision. Understanding it helps you anticipate the regulatory lens through which your firm may be viewed.

Why it matters beyond compliance

The NRA also provides insight into how criminal methodologies evolve. It explains:

• how funds are typically moved and integrated;
• how corporate vehicles may be misused;
• how professional services can be exploited;
• how international exposure increases complexity;
• how proliferation financing intersects with sanctions.

For firms operating in accountancy, TCSP, legal, property and high-value dealer sectors, this context supports informed questioning during onboarding and ongoing monitoring.

It provides the broader rationale behind enhanced due diligence, beneficial ownership verification and source of funds scrutiny.

The link to the risk-based approach

The UK’s AML regime is built on proportionality. Not every client carries the same risk, and not every service requires the same level of scrutiny.

The NRA sits at the top of that structure. It establishes the national understanding of risk. Your business-wide assessment translates that national view into a business-specific one. Client and matter risk assessments then apply it at file level.

When those three layers align, your risk-based approach becomes coherent and defensible.

Final thoughts

The UK’s National Risk Assessment is the government’s formal view of where money laundering, terrorist financing and proliferation financing risks sit across the country.

It does not create new duties. It provides the strategic context that underpins the UK’s risk-based AML framework.

For regulated professionals, its importance lies in awareness and alignment. When your business-wide risk assessment reflects the national risk landscape and your documentation shows how you have considered it, your approach sits firmly within the structure the Regulations are built on.

In practical terms, the NRA answers national questions about ML, TF and PF risk. Your responsibility is to answer the business-level questions: how does that risk picture apply to us?