The 2025 National Risk Assessment (NRA) confirms that accountancy services remain exposed to high money laundering risk, consistent with previous assessments. The risk has not increased in absolute terms, but the environment in which accountants operate has grown more complex.

The rise of fintech and cryptoassets, the re-rating of casinos and TCSPs, the emergence of new typologies such as football, and the evolving lists of high-risk third countries all add layers of complexity to the picture.

This is the fourth comprehensive review of financial crime risks following previous publications in 2015, 2017 and 2020.

The NRA provides an updated national picture of how criminals attempt to exploit the financial system and where vulnerabilities persist across professional and financial sectors. For the accountancy profession, it remains an important reference point, shaping the risk-based approach required under the Money Laundering Regulations and informing both firm-level and client-level assessments.

The NRA is a wide-ranging piece of work drawing on intelligence from law enforcement, regulators, supervisors, and industry. It does not prescribe detailed operational rules but instead sets out the government’s assessment of risk, helping sectors understand where exposure is greatest and where vigilance must be concentrated.

The 2025 risk landscape

The latest assessment reaffirms that the UK continues to face a high overall risk of money laundering, reflecting its status as a global financial centre and the scale of international capital flowing through its markets. Terrorist financing risks are considered lower in comparison, but the report makes clear that opportunities for abuse remain and require continued vigilance.

As in previous assessments, several core sectors remain categorised as high risk for money laundering. Retail banking, wholesale banking, wealth management, legal services, accountancy, and trust and company service providers continue to present the greatest level of risk. The classification of accountancy services as high risk is unchanged from 2020, while the sector’s risk of terrorist financing remains low.

The relative weighting of risk across newer and non-traditional channels has shifted since the last assessment, however. Fintech firms, including electronic money institutions and payment service providers, are now rated as high risk, having previously been considered medium. The growth of these businesses, combined with a reliance in some cases on outsourced anti-money laundering functions, has created vulnerabilities.

Cryptoasset service providers, similarly, have also been upgraded to high risk from medium, reflecting both the expansion of the sector and its increasing exploitation by organised crime groups and cyber-enabled criminals. The gambling sector has also moved upwards; casinos have moved a medium risk rating as remote and online operations expand and introduce new opportunities for criminal funds to enter the system.

Trust and company service providers are assessed as a continuing high risk for money laundering, but their risk profile for terrorist financing has been upgraded from low to medium. This change reflects concerns about company structures and nominee arrangements that can obscure beneficial ownership and identity. This creates openings for terrorist networks to channel or disguise funds.

The report expands into areas not covered in detail in 2020, highlighting the football sector and player agents, who are susceptible to manipulation through opaque ownership, sponsorship deals and transfer arrangements.

These shifts demonstrate the evolution of the risk environment in response to market developments and changing criminal behaviour. For accountants, they underline the importance of looking beyond traditional areas of exposure and recognising how new business models and sectors may intersect with their client base.

High-risk third countries

Under the Money Laundering Regulations, firms must apply enhanced due diligence when dealing with clients established in, or transactions connected to, high-risk third countries. The definition of these jurisdictions is linked to the Financial Action Task Force (FATF) lists of “high-risk jurisdictions subject to a call for action” and “jurisdictions under increased monitoring”.

Since 2020, there have been a number of adjustments. In June 2025, FATF added Bolivia and the Virgin Islands (UK) to the increased monitoring list, while Croatia, Mali and Tanzania were removed.

The European Union has also updated its own list of high-risk third countries, which is relevant for firms operating cross-border. The EU additions include Algeria, Angola, Côte d’Ivoire, Kenya, Laos, Lebanon, Monaco, Namibia, Nepal and Venezuela. A number of jurisdictions, including Barbados, Gibraltar, Jamaica, Panama, the Philippines, Senegal, Uganda and the United Arab Emirates, have been removed.

For accountancy firms, client and transaction risk profiles may shift over time as countries are added to or removed from these lists. Firms need to ensure they are monitoring these developments and that their policies and procedures capture the most recent classifications. Enhanced due diligence obligations arise automatically when a client has links to a high-risk third country, meaning firms must allocate additional scrutiny and resources in such cases.

Accountancy sector vulnerabilities

The high money laundering risk attached to accountancy services arises from specific activities. Company formation and termination, bookkeeping, payroll, trust and company services and tax advisory work all provide potential avenues for criminals to disguise ownership, move funds or add layers of complexity that make tracing transactions more difficult.

The risks are not evenly distributed. Larger practices may be exposed through the complexity of their client base and the volume of cross-border transactions, while smaller firms may face challenges around resources, training or awareness of international risk factors. The report does not suggest that one group is inherently more vulnerable than another, but stresses the importance of proportionate, risk-based controls across the sector.

Firms are expected to align their internal risk assessments with the findings of the NRA. This does not mean treating every service line as equally risky, but considering how national priorities manifest in the firm’s own client base and workstreams. For example, a practice with significant involvement in company formation or trust services may need more detailed policies and monitoring processes in place than one focused primarily on local bookkeeping.

A more complex environment

Although the risk profile for accountancy services has not changed in headline terms, the broader environment in which firms operate has become more complex since 2020. New high-risk sectors such as fintech and cryptoassets increase the chances that accountants will encounter clients with exposure to these industries, requiring them to recognise and assess the associated risks.

Upgrading casinos and TCSPs also signals that criminals continue to adapt their methods, seeking out less regulated or scrutinised areas to channel illicit finance. In practice, this may mean accountants need to be more alert to clients whose activities intersect with these sectors, even if they are not directly regulated for anti-money laundering purposes.

Perhaps the most notable development is the more explicit focus on jurisdictional risk. High-risk third countries have always been part of the regulatory framework, but the 2025 assessment places clearer emphasis on the importance of monitoring changes to FATF and EU lists, integrating these into client risk assessments.

Practical implications

The 2025 NRA reinforces the continuing need for a rigorous, risk-based approach to anti-money laundering compliance. Client due diligence remains central, particularly in areas such as company formation, tax advisory services and trust structures, which are consistently identified as vulnerable. Firms must ensure that procedures for ongoing monitoring are robust and recognise that a client’s risk profile may change over time, especially where connections to high-risk third countries are concerned.

Staff at all levels should be aware of how risks may present themselves in practice, including through less traditional routes such as cryptoassets or sports-related business structures. Supervisory guidance from professional bodies and the Accountancy AML Supervisors’ Group remains important for translating the NRA’s findings into day-to-day processes.

Firms must interpret this through the lens of their own activities, client base and geographic reach. The NRA is not a regulatory formality; it is a practical tool for shaping proportionate and effective anti-money laundering controls.

Firms that engage with its findings, update their internal assessments accordingly and remain alert to ongoing changes in the global risk landscape will be best placed to meet supervisory expectations and contribute to the integrity of the financial system.