What the 2025 National Risk Assessment means for your firm

The UK’s National Risk Assessment (NRA) has been the benchmark for understanding financial crime threats since 2015. The 2025 edition, released in July, reflects the sharp rise in risks from both technology and geopolitics.

Weaknesses in major crypto-exchanges have shown how criminals exploit gaps in fast-moving sectors. At the same time, the war in Ukraine and sanctions against Russia have highlighted how UK professionals are used to move and disguise illicit wealth.

This NRA is not just a technical update. It signals where regulators believe your business is most vulnerable, and where expectations are rising. For accountancy, legal and property firms, the message is clear: your services remain in the spotlight, and the risks you face are evolving.

Key changes in the 2025 NRA

Fraud remains the biggest driver

Fraud continues to generate more illicit funds than any other crime type in the UK. Online scams, investment frauds and authorised push payment fraud are all flagged as key sources. For regulated professionals, the danger lies in being asked to legitimise fraudulent accounts, set up companies, or process property transactions connected to fraud proceeds.

“…for over 43% of crime in England and Wales, with an estimated 4.1 million fraud incidents in the year ending December 2024.” NRA 2025, Section 3.8

Sanctions evasion is on the rise

Since Russia’s invasion of Ukraine, sanctions evasion has become a central concern. The NRA highlights the role of professional enablers — including lawyers, accountants and property agents — in providing cover for sanctioned individuals and kleptocrats. Complex corporate structures, nominee arrangements and overseas intermediaries are all used to disguise ownership.

“The majority of suspected breach cases recorded by OFSI in 2023/24 related to the financial services sectors, followed by the legal sector.” NRA 2025, Section 3.11

Technology brings new threats

Criminals are turning to deepfakes, synthetic IDs and AI-driven fraud to outpace traditional checks. Cryptoassets and decentralised finance (DeFi) create new pathways to move illicit funds rapidly across borders. As the NRA warns, AI could make fraud easier to commit and illicit funds faster to move. Firms that rely solely on digital ID solutions without robust risk assessments are at particular risk.

“AI could enable criminals to commit predicate offences such as fraud with greater ease, and to transfer illicit funds more rapidly and across broader networks.” NRA 2025, Section 3.4

Property is still central to laundering

From super-prime London homes to modest buy-to-lets, property remains a favoured method of laundering criminal funds. Both residential and commercial property are attractive because of their high value and ability to absorb large sums. The NRA also highlights bridging finance, developers and letting agents as live areas of vulnerability.

“Criminals will seek to take advantage of weak or inadequate risk assessments, policies, controls and procedures and, although less likely, may seek to infiltrate or corrupt the employees of legitimate firms.” NRA 2025, Section 5. 5.208

Risk assessments remain weak

Despite years of guidance, many firms are still using generic risk assessments or templates not tailored to their business. This is singled out as a vulnerability: criminals will exploit weak policies, controls and procedures. Regulators expect your risk assessment to be specific, regularly updated and clearly linked to your client base and services.

“Whilst there have been some improvements since 2020, supervisors continue to report that inadequate due diligence and risk assessments remain the most common compliance failings.” NRA 2025, Section 5.242

What this means for accountants

Accountants are widely trusted, and that trust makes the profession a target. The NRA maintains the high-risk rating for accountancy, highlighting several specific exposures:

Fraud and tax evasion – Accountants may be unwittingly supporting false invoicing, payroll fraud or aggressive tax evasion. Criminals seek the legitimacy of professional advice to make fraudulent figures appear genuine. NRA 2025 Section 5.208

Sanctions evasion and high-risk jurisdictions – Cross-border work, especially tax planning or company structuring, can be abused to conceal sanctioned individuals or funds linked to risky jurisdictions. NRA 2025 Section 5.211

Trust and company service provision – Acting as a TCSP remains a key vulnerability. Shell companies and layered corporate structures are still among the most effective laundering tools available to criminals. 

The risk of terrorist financing for TCSPs has been increased from low to medium risk due to “an increased understanding of how the TCSP sector is exposed to organisational terrorist financing risks.” NRA 2025, Section 5.240

Cryptoassets and cyber-enabled crime – As more clients engage with digital assets, accountants may find themselves providing advice in areas where the laundering risks are poorly understood. NRA 2025, Section 5.213

Weak SAR reporting – Despite exposure to high-risk activities, accountants continue to file relatively few suspicious activity reports. This is a concern raised directly in the NRA. NRA 2025, Section 5.213

What this means for legal professionals

Lawyers remain attractive to criminals because of the legitimacy they confer. The NRA is explicit that while most firms invest in compliance, vulnerabilities persist and the sector remains high risk. Key areas flagged include:

Property transactions – Conveyancing is still the number one risk area. Large sums can be moved quickly, often under pressure to complete. The NRA warns of cases where criminals use multiple law firms to complicate checks. NRA 2025, Section 5.202-03

Sanctions evasion and kleptocracy – Law firms advising on trusts and corporate structures may be misused to shield sanctioned individuals or politically exposed persons. Russia and other high-risk jurisdictions are a focus. NRA 2025, Section 3.11

Client accounts – The use of client accounts to layer funds remains highly attractive. Criminals exploit the credibility of a law firm’s banking arrangements to move illicit money. NRA 2025, Section 5.205

TCSPs – The money laundering risk for TCSPs remains high, with the risk of terrorist financing for TCSPs increasing from low to medium risk. The key vulnerabilities are source of funds and verifying a client’s identity. NRA 2025, Section 5.241

What this means for property businesses

Property professionals have only been regulated for AML since 2020, but the sector is firmly rated as high risk. The NRA highlights a broad set of vulnerabilities:

High-value laundering – Super-prime residential and high-end commercial real estate continue to attract illicit funds, often held via opaque corporate structures. NRA 2025, Section 5.257

Mid-market and rentals – It isn’t just luxury homes. Modest properties and rental portfolios are also exploited. NRA 2025, Section 5.247

Sanctions evasion – Property remains a favoured way for sanctioned individuals to retain wealth in the UK. Complex ownership layers and nominee purchasers are red flags. NRA 2025, Section 5.250

It’s important to note that the risk of money laundering in lettings businesses has decreased to low. The change in score has largely been driven by the improved knowledge of both the supervisor and sector, who have now embedded requirements under the MLRs, rather than a decrease in risk. So AML activities are still pivotal to the integrity of your business. NRA 2025, Section 5.247

How AMLCC supports you

The AMLCC platform has already been updated to reflect the 2025 NRA. It helps regulated firms by:

• Business risk assessments tailored to your sector and services
• Client risk assessments with built-in checks for PEPs, sanctions and layered ownership
• AML PCPs builder with audit trails of changes
• Training and tests covering new risks such as AI-driven fraud and sanctions breaches
• Regulator-ready reporting for inspections

Final thoughts

The 2025 NRA confirms what many already suspected: accountancy, legal and property services remain core targets for money launderers. The risks are evolving, driven by sanctions evasion, emerging technologies and persistent weaknesses in risk assessments.

For regulated professionals, the key takeaway is not simply to know the risks but to show how your business addresses them. Tailored policies, regular training, robust risk assessments and thorough documentation are all essential.

Compliance is not a one-off exercise. It is a continual process of adapting to new threats and demonstrating that your firm takes its responsibilities seriously.