The UK’s financial crime landscape has entered a new phase defined by the industrialisation of criminal activity through AI, social media platforms and global digital networks.
At the centre of this shift is a stark warning from the FCA. Speaking at its Financial Crime Conference in London on 14 May, FCA Chief Executive Nikhil Rathi made clear that financial crime is no longer just a compliance issue. It is now a matter of economic and national security.
The numbers explain why.
The UK recorded approximately 444,000 fraud cases in a single year, with AI-enabled scams helping criminals operate faster, at greater scale and across multiple jurisdictions simultaneously. Fraudsters are no longer isolated bad actors. They are organised, technologically sophisticated networks blending investment fraud, money laundering, sanctions evasion and cybercrime into highly coordinated operations.
“The threat isn’t coming, it’s here,” Rathi warned.
For UK financial institutions, particularly those operating in banking, payments, fintech and wealth management, the implications are big. But the most consequential message was directed at Big Tech.
The FCA’s message to tech platforms
For years, social media platforms and technology companies have occupied an ambiguous position in the financial crime ecosystem. They have provided the infrastructure through which scams spread thanks to online advertising systems, messaging services, influencer ecosystems and algorithmic recommendation engines, while avoiding many of the AML obligations imposed on regulated financial firms.
That regulatory imbalance may not survive much longer. Rathi’s remarks indicated that UK regulators are preparing for a more aggressive stance toward tech platforms facilitating financial fraud.
“And sending a clear message to big tech: you cannot sit on the sidelines as online investment fraud continues to rise,” he said.
This kind of regulatory language rarely appears in isolation. The UK’s Online Safety Act 2023 has already established a precedent for platform accountability in relation to harmful online activity. Extending elements of AML responsibility to large tech platforms increasingly appears to be a question of timing, not only possibility.
For compliance professionals, this creates an entirely new category of regulatory exposure.
Financial institutions may soon find themselves dealing with tech firms not only as vendors or advertising channels, but as potential “obliged entities” within the UK’s financial crime framework. That would shift expectations around due diligence, correspondent relationships, data sharing, suspicious activity reporting and third-party risk management.
In practical terms, firms should already be considering whether their existing controls are designed for a world in which major platforms carry direct financial crime obligations.
“Criminals don’t see our org charts. They see seams.”
One of the most salient observations in Rathi’s speech was his recognition that financial crime exploits fragmentation. Historically, banks, regulators, law enforcement agencies and tech firms have operated within clearly defined institutional boundaries. Criminal networks, however, do not respect those divisions.
“Criminals don’t see our org charts. They see seams,” Rathi said.
That statement captures the FCA’s broader regulatory pivot. The regulator increasingly views financial crime not as a series of isolated compliance failures, but as a network problem requiring system-wide coordination.
This shift has major implications for UK firms.
Traditional compliance models, often built around siloed monitoring systems, static rules and institution-specific reporting obligations, are proving ineffective against adaptive, AI-enabled threats. The FCA appears to be moving toward what might be described as “adaptive regulation,” in which a framework is built on intelligence sharing, cross-sector collaboration and continuous technological evolution.
The regulator is already investing heavily in advanced analytics, surveillance capabilities and AI-driven detection systems. According to Rathi, testing in the payments sector showed that new analytics tools identified potential money laundering risks earlier than traditional rule-based approaches.
At the same time, the FCA is dramatically increasing intelligence sharing with law enforcement. From June, more than 5,000 intelligence records will begin flowing through the Police National Database as part of broader public-private collaboration efforts.
The regulator’s internal systems have now processed more than 52 million intelligence records linked to financial crime activity.
That scale illustrates both the opportunity and the challenge facing the sector. The issue is no longer access to data. It is the ability to prioritise, interpret and act on it quickly enough to disrupt criminal activity.
AI is transforming both sides of the fight
One of the most uncomfortable realities emerging from the FCA’s warning is that AI is benefiting both defenders and attackers simultaneously.
Financial institutions are rapidly deploying AI-powered systems across customer service, payments, fraud detection and advisory functions. Many firms are already experimenting with AI-enabled customer assistants and automated financial workflows.
At the same time, regulators and central banks are increasingly warning that advanced AI systems may introduce entirely new categories of systemic risk.
The concern is not that criminals are using AI to create more convincing scams. It is that AI compresses the speed at which attacks can evolve, scale and adapt. Fraud campaigns that once required weeks of manual coordination can now be deployed globally in minutes.
Rathi referenced warnings from international regulators that AI could expose cyber vulnerabilities “at a speed and scale the likes of which we’ve never seen”.
UK financial firms are under competitive pressure to accelerate AI adoption while simultaneously being expected to strengthen governance, resilience and cyber controls around those same technologies. This tension is likely to shape UK financial regulation for years to come.
What should UK businesses do now?
UK businesses, especially those in financial services, need to prepare. The FCA is signalling that the future of financial crime compliance will be more collaborative, more technology-driven and far less tolerant of organisational silos. Firms that continue relying solely on static monitoring systems and conventional AML frameworks risk falling behind both regulators and criminal networks.
Firms need to reassess third-party and platform risk exposure. Social media platforms, digital advertising ecosystems and technology intermediaries can no longer be treated as peripheral compliance considerations. If future AML obligations extend into the tech sector, firms will need stronger governance over relationships involving those platforms.
Institutions should also evaluate whether their existing surveillance and monitoring capabilities are capable of identifying networked and AI-enabled threats. Traditional rule-based systems may no longer be sufficient in an environment where criminal methodologies evolve continuously.
Information sharing is also becoming a regulatory expectation rather than simply a best practice. The FCA repeatedly emphasised the importance of public-private collaboration and private-to-private intelligence sharing. Firms that fail to participate meaningfully in those ecosystems may increasingly attract supervisory scrutiny.
Finally, boards and senior management teams need to recognise that regulators are reframing financial crime as a resilience and national security issue. That elevates AML, fraud prevention and cyber governance from operational compliance matters to strategic business priorities.
A new era of accountability
The FCA’s warning is an indication how UK regulators now view the relationship between finance, technology and crime. The concept of banks carrying the bulk of compliance responsibility while technology platforms operate mostly outside the AML perimeter, is becoming less acceptable. But the regulator also acknowledges that neither firms nor regulators can stop every threat.
And that’s important. Because the future of financial crime prevention will not depend on completely eliminating risk. It will depend on building adaptive systems capable of identifying the most serious threats earlier, coordinating responses faster and closing the places that criminals exploit.
