When the Financial Action Task Force (FATF) comes to the UK: Turning financial crime data into an evaluation trail

FATF’s updated methodology, reinforced at the February 2026 plenary, appears to have shifted from “do you have the rules?” to “can you show they work.”

The new round of evaluations introduces time-bound roadmaps of key recommended actions and expects countries to evidence meaningful progress within three years, not over a decade-long cycle.

With mutual evaluation reports for countries like Austria, Italy, and Singapore adopted under this framework, the UK may reasonably anticipate it will be judged against a higher bar than in its last review.

This change matters because of the scale of financial crime threats in the UK. The National Crime Agency (NCA) in July 2025 estimated that more than £100 billion is laundered through or within the UK each year, driven by the illegal drug trade, fraud, human trafficking, and other organized crime.

When FATF examiners arrive in the UK, they may ask how much of that risk is really being reduced by the UK’s controls, intelligence, and enforcement, and how quickly.

HM Treasury’s 2024–25 anti‑money laundering (AML) and counter‑terrorist financing (CTF) supervision report highlights the scale and intensity of the UK’s supervisory framework. In 2024–25, supervisors spent approximately £57 million on AML/CTF activities, up from around £46 million the previous year, and employed nearly 700 full‑time staff dedicated to AML/CTF supervision across the main supervisory bodies. Around 8% of supervised firms underwent onsite or desk‑based reviews, while 925 applications for AML supervision were declined from almost 13,000 submissions, reflecting a more selective and risk‑based approach to market entry.

This approach is reinforced by the Financial Conduct Authority's 2025–2030 strategy, which places the prevention of financial crime at the center of its mandate and explicitly links AML effectiveness to the use of data and technology, and the maintenance of market integrity.

Looking ahead into 2026, enforcement patterns seem to indicate a shift towards fewer but more targeted supervisory and investigative actions, with a particular focus on systems and controls, market abuse, and fraud.

The joint NCA/FCA “system priorities”, published in July 2025, provide a clear view of the areas where UK financial crime risks are evolving most rapidly. The priorities highlight the following areas:

• Cash-based laundering and high-risk cash-intensive sectors
• Widespread exploitation of money mules and authorized push payment (APP) fraud
• Abuse of UK corporate structures and professional enablers
• Overseas-based fraud and organized crime groups targeting UK victims
• Terrorist financing, sanctions evasion, and crypto asset misuse

Underneath those headings lies a pattern of rapid transformation. Criminals can blend faster payments, online platforms, complex cross-border structures, and crypto assets to move funds.

Supervisors now classify around 9% of supervised firms as high-risk and a third as medium-risk, according to HM Treasury. To respond, they are making greater use of intelligence-led interventions, including targeted “days of action”, which are coordinated, time-limited supervisory operations in which regulators and law enforcement carry out focused visits and checks across higher risk sectors, such as money service businesses, to identify weaknesses, share intelligence and disrupt financial crime.

This dynamic threat environment is what FATF’s new, outcome-driven methodology is seemingly designed to probe: does the UK understand where risk is moving? And can it prove that its interventions are having an impact?

Against this backdrop of financial crime risk and risk management, the JMLSG guidance remains an important anchor for what proportionate, risk-based AML should look like in the UK.

Recent revisions to guidance, which were subject to consultation in late 2025 and finalized in early 2026, strengthened expectations around:

• Money Laundering Reporting Officer (MLRO) standing and escalation
• Monitoring the effectiveness of controls, not just their existence
• Data protection and information barriers around Suspicious Activity Reports (SARs)
• Governance of outsourcing and intragroup service models

At the same time, standards and publications from the FMSB are increasingly used as a reference point by firms operating in wholesale markets, particularly when managing model risk and deploying advanced surveillance, analytics and AI‑driven tools for financial crime detection.

Taken together, these developments point to a shared understanding of what appropriate market standards looks like; one that is significantly more data‑intensive, governance‑focused, and model‑aware than in previous FATF evaluation cycles.

Across sectors, the strategic message is clear: when FATF assesses the UK, firms will be expected to present a coherent risk narrative supported by data, outcomes and governance, not simply a set of policies.

1. Banks and large financial institutions (FIs)

• Risk assessment alignment: Enterprise‑wide risk assessments are increasingly examined for how clearly they map to the 2025 National Risk Assessment and NCA/FCA system priorities, including money mules, cash‑based laundering, overseas fraud, crypto‑enabled crime and sanctions evasion, and for how that mapping supports traceability into the control framework.
• Evidence of outcomes: Supervisory scrutiny is extending beyond process to outcomes, including the quality of SARs, the effectiveness of law‑enforcement feedback loops, improvements in monitoring hit rates, de‑risking decisions, and demonstrable contributions to asset recovery in the context of the UK’s estimated £100 billion annual money‑laundering risk.
• Governance and model‑risk oversight: Expectations are increasingly shaped by how firms approach MLRO seniority, clarity across the three lines of defence, outsourcing oversight, and surveillance and model governance, with reference to recent JMLSG guidance updates and FMSB standards.
   

2. Nonbank FIs (asset managers, insurers, brokers)

• Product and distribution risk: Supervisory attention is increasingly focused on how AML considerations are reflected in product design, distribution and servicing models, particularly for cross‑border and intermediated business, and how these align with JMLSG guidance and NCA system priorities.
• Surveillance convergence: There is growing emphasis on how firms bring together market‑abuse surveillance, conduct monitoring and financial‑crime analytics, including the use of FMSB model‑risk concepts to govern and structure increasingly complex surveillance tools.
• Board‑level visibility: Boards are expected to be able to articulate how their firm’s risk profile and control framework align with the UK’s highest‑risk areas as set out in national assessments, placing greater importance on clear governance, oversight and reporting.
   

3. FinTech and payments

• Mule and fraud risk exposure: Supervisory assessment increasingly focuses on how onboarding, KYC and transaction monitoring approaches reflect known mule and fraud typologies, including rapid account cycling, high-risk devices and corridors, in line with FATF identified priorities.
• Model governance and explainability: Greater emphasis is being placed on the extent to which firms maintain clear inventories, documentation and validation for risk-relevant models, supporting explainability and oversight in supervisory discussions.
• Information sharing: Participation in public–private partnerships and data sharing initiatives is increasingly viewed as relevant to the detection of cross institutional patterns, such as those associated with authorized push payment (APP) fraud and mule networks.
   

4. Crypto asset firms

• Aligning with FATF’s virtual asset and virtual asset service provider standards: The application of travel rule, sanctions, terrorist financing and high-risk-jurisdiction controls is increasingly assessed against both FATF expectations and UK priorities on crypto-enabled crime.
• Use of analytics: Blockchain analytics, address risk scoring and off chain KYC are increasingly assessed in terms of how effectively they work together to identify obfuscation and cross-chain layering, rather than simply generating alerts.
• Governance expectations: Arrangements around fitness and propriety, outsourcing, operational resilience, and MLRO authority are increasingly assessed against standards typically associated with mainstream financial institutions.
   

5. Hyperscalers and critical third parties

• Platform design and financial crime resilience: Supervisory and client scrutiny increasingly considers how platform architectures incorporate features such as logging, access controls, anomaly detection and data segregation, and how these support regulated clients’ AML and financial crime obligations under regulatory and FATF expectations.
• Transparency and assurance: Greater emphasis is being placed on the availability of standardized attestations, control mappings and audit ready evidence, reflecting the role of third-party providers in supporting regulated firms’ outsourcing and assurance obligations under JMLSG guidance.
• Engagement in standards development: Participation in industry and public private forums is increasingly relevant to the development of shared approaches for cloud-based transaction monitoring, analytics and cross firm data sharing.

*Disclaimer: This content is for informational purposes only and does not constitute legal, financial, compliance or other professional advice. Please consult with a qualified professional for specific legal, financial, compliance, or other professional advice. For more terms and conditions pertaining to Moody’s products and services, refer to the disclaimer on Moody’s website.