The Isle of Man’s 2026 National Risk Assessment (NRA) of money laundering provides an updated view of the jurisdiction’s exposure to financial crime between 2020 and 2025. It builds on the 2015 and 2020 assessments and is more detailed, with greater use of data, supervisory insight and industry input.
The overall money laundering risk remains rated Medium High, unchanged from 2020. The assessment makes clear that this reflects a balance between improved controls and a more complex threat environment.
Main changes in the 2026 assessment
The 2026 NRA is more comprehensive than previous versions. It draws on a wider dataset, including supervisory returns, financial flow data, SAR intelligence, law enforcement casework and structured engagement with industry.
There is also a stronger emphasis on integration across the financial crime framework. The NRA is designed to feed directly into Business Risk Assessments, Customer Risk Assessments and Technology Risk Assessments across firms.
From a structural perspective, there has been a clear increase in supervisory and enforcement capability since 2020. This includes expansion within the Financial Services Authority, improvements in FIU analytical capacity, and the creation of multi-agency investigation and coordination functions.
The assessment also reflects a more developed understanding of sectoral risk, supported by separate risk assessments covering areas such as virtual assets, non-profits and legal structures.
Main AML risk areas
The NRA confirms that the Isle of Man’s risk profile is primarily shaped by its role as an international finance centre. Cross-border exposure remains the central risk driver. Financial flows are heavily concentrated around the UK, US and Germany, with growing exposure to regions including Asia and South America.
Non-resident customers, complex corporate structures and layered ownership arrangements continue to increase the risk of money laundering.
Foreign predicate offending is the dominant source of risk. Cyber-enabled fraud, investment scams and large-scale international fraud schemes are identified as the main drivers of laundering activity.
Transnational organised crime has become more prominent, particularly in areas such as online gambling, immigration systems and virtual assets. Domestic threats are assessed as lower, though drug trafficking and associated cash laundering remain relevant.
The assessment also highlights the growing impact of technology. Virtual assets, alternative payment methods and AI-enabled identity manipulation are increasingly used to facilitate layering and obscure beneficial ownership.
Highest-risk sectors
The sectors with the highest residual money laundering risk remain:
- Banking
- Online gambling
- Trust and corporate service providers (TCSPs)
These sectors combine high transaction volumes, international exposure and complex ownership structures.
Banking remains central due to the scale of cross-border flows and the use of complex corporate arrangements.
Online gambling presents specific risks linked to global customer bases, rapid payment flows and exposure to organised crime groups, particularly in Asia.
TCSPs remain high risk due to their role in forming and managing legal structures that can obscure beneficial ownership.
Other sectors, including life insurance, MVTS, professional services and virtual asset service providers, present more targeted or emerging risks, often linked to cross-border activity or specific typologies.
Main findings of the Manx NRA
The key finding is that the threat environment has intensified while controls have improved. The Isle of Man has strengthened its AML/CFT framework since 2020 through enhanced supervision, improved intelligence capabilities and greater multi-agency coordination.
At the same time, the nature of money laundering has evolved. Criminal activity is more international, more technology-enabled and more reliant on complex financial structures.
The national vulnerability rating remains Medium. This reflects strong controls in areas such as beneficial ownership, supervision and enforcement, alongside ongoing weaknesses.
Key vulnerabilities include gaps in data outside the banking sector, particularly in non-bank financial flows, and limited visibility over certain emerging typologies. There are also risks linked to immigration systems, cross-border movement within the Common Travel Area and the increasing use of alternative payment channels.
Changes from the 2020 NRA
The overall risk rating has not changed, though the underlying picture has. There has been a clear increase in supervisory capability, intelligence capacity and enforcement coordination. The system is more structured and more data-driven than in 2020.
Beneficial ownership controls have been strengthened, with greater emphasis on verification and data integrity. Border controls, immigration oversight and financial crime investigation capacity have also been expanded.
At the same time, the threat landscape has shifted towards more complex, global and technology-enabled activity. This includes increased use of virtual assets, AI-driven fraud techniques and cross-border fraud schemes. The result is a broadly stable risk rating, despite a more challenging operating environment.
What this means for AML compliance teams
The NRA is intended to be operational. Firms are expected to reflect its findings in their risk frameworks and controls. Business Risk Assessments should account for cross-border exposure, customer base composition and sector-specific risks in a more detailed way.
Customer due diligence processes need to address complex ownership structures, higher-risk jurisdictions and the use of intermediaries.
Transaction monitoring should be aligned with current typologies, particularly those involving fraud proceeds, rapid fund movement and alternative payment methods.
There is also a clear expectation that firms address technology-related risks, including the impact of virtual assets and AI-enabled identity manipulation.
Data quality is a recurring theme. Firms are expected to improve the completeness and usability of customer and transaction data, particularly where this affects risk assessment and monitoring.
The NRA reinforces the importance of aligning firm-level controls with national risk priorities. Regulators are likely to expect clear evidence that the findings of the NRA are understood and applied in practice.
