The exposure of weaknesses in crypto-exchanges like Binance, one of the world’s largest, has shown just how vulnerable this developing industry is. In 2024, Binance’s founder and former CEO Changpeng Zhao was sentenced to four months in prison, after pleading guilty to violating US laws against money laundering. Binance is now under investigation by French authorities over allegations that it allowed money laundering and tax fraud by failing to properly verify its users.
The war in Ukraine and sanctions against Russia have also exposed the extent to which UK accountancy professionals have been used – knowingly or not – to move and hide illicit wealth.
The 2025 NRA reflects this reality. It’s not just a technical update.
Key changes that affect you
This is the UK’s fourth National Risk Assessment of money laundering and terrorist financing, jointly produced by HM Treasury and the Home Office. It replaces the 2020 version and reflects how criminals are adapting their methods.
The new assessment draws from intelligence, regulatory data and industry input across all high-risk sectors. It highlights where threats are intensifying, where defences are weakest, and which businesses are being exploited.
1. You’re still high risk
The accountancy sector remains in the high-risk category for money laundering. The use of UK accountancy professionals to facilitate complex structures, hide beneficial ownership or move criminal funds has been flagged as a continued priority:
“The money laundering risk for accountancy service providers remains high. Accountancy service providers can be used to provide the appearance of legitimacy to transactions that feature criminal funds, for example, through the use of accountant’s certificates of confirmation to support the falsification of documents such as accounts and invoices.” [Section 5. 5.208]
2. International risks are more prominent
The new NRA increases its focus on cross-border flows, especially from high-risk jurisdictions, sanctions evasion, and politically exposed persons (PEPs).
These exposures are particularly relevant to accountants handling international tax, trusts or company formation, or who have involvement in property purchases or cross-border transactions.
“Where supply chains involve intermediaries or end users outside the UK, the risk is further increased; this combines the risk of the service being provided overseas or to high-risk third countries.” [Section 5. 5.211-5.212]
3. Emerging threats include tech and deception
The 2025 NRA highlights new risks including:
- Deepfakes and synthetic IDs used to pass identity checks,
- Cryptoassets and decentralised finance (DeFi) as tools for layering,
- AI-powered document forgery and social engineering, and
- Abuse of legal privilege or client accounts to hide illicit activity
“AI could enable criminals to commit predicate offences such as fraud with greater ease, and to transfer illicit funds more rapidly and across broader networks.” [Section 3. 3.4]
4. The problem of patchy risk assessments
A consistent theme in the NRA is that many businesses still rely on generic, out-of-date, or incomplete business-wide risk assessments (BWRAs). Without proper tailoring, these don’t reflect the true risks facing your firm or your clients.
“Criminals will seek to take advantage of weak or inadequate risk assessments, policies, controls and procedures and, although less likely, may seek to infiltrate or corrupt the employees of legitimate firms.” [Section 5. 5.208]
5. Your AML supervisor’s expectations
Your regulator will be using the new NRA to shape inspections, guidance and expectations. That means:
- You need to review your business risk assessment in light of the 2025 NRA.
- You must update your AML policies, controls and procedures (PCPs) to reflect the updated risk picture.
- You should document these changes and demonstrate that your team understands the implications.
- Risk assessments must be more than just templates. They should show critical thinking about your actual client base and services.
How AMLCC can help
The AMLCC platform is already updated to reflect the 2025 NRA findings. Here’s how we support you to respond.
Business risk assessments: Risks tailored to your sector and services, helping you capture the specific risks flagged in the new NRA.
Client risk assessment profiles: Prepare draft risk assessments for clients with a similar risk profile – load profiles in seconds for new clients or annual reviews speeding up your onboarding process and improving audit-readiness.
AML PCPs builder: Use AMLCC’s PCPs’ up-to-date content and make revisions in minutes. The audit trail captures and logs updates.
Training and test tracking: Cover new risks such as AI-generated documents, sanctions breaches and misuse of client accounts. Training videos and tests are logged for every staff member.
Regulator-ready reporting: Grant read-only access to your AMLCC dashboard to simplify inspections. Time-stamped logs, document trails and client assessments are all in one place.
Your action plan
1. Read the 2025 NRA. Focus on the sections most relevant to your work.
2. Update your business risk assessments. Log in to AMLCC, review each section and adjust your responses as you deem appropriate.
3. Refresh your policies and controls. Even small changes in threats should be documented in your PCPs.
4. Tailor client risk assessments. Don’t rely on generic forms – build profiles that reflect the services you’re providing and the risks they carry.
5. Train your staff on the new risks. The AMLCC training videos include specific, up-to-date risks.
The 2025 NRA makes it clear: the risks are real, your sector is a target and doing the bare minimum isn’t enough. The 2025 NRA raises expectations across the board. Regulators will have even higher expectations of your AML. The good news? With the right tools, staying compliant doesn’t have to be complicated.
Richard Simms, Managing Director of AMLCC, is in the rare situation of having become a leading authority on anti-money laundering compliance, risk management and education while working as a hands-on regulated professional himself.
Since 2007 when AML regulation for accountants was introduced in the UK, as both a chartered accountant and an insolvency practitioner, Richard has seen first-hand the challenges of implementing effective AML processes.
Working with regulatory supervisors, Richard used his unique professional insights to create AMLCC (Anti-Money Laundering Compliance Company Limited) in 2008 to make AML easier for regulated businesses worldwide.
