• UK releases 2025 National Risk Assessment on ML and TF
• Fourth edition updates national threats, sector vulnerabilities and trends
• Intended to inform mandatory Business Wide Risk Assessments under MLRs
• Focus only on NRA sections relevant to your business model
• Align sector risk ratings to due diligence and monitoring posture
• Map risks to customers, products, channels and geographies
• Update scoring and narrative where national risk has increased
• Evidence changes and link controls directly to NRA findings
• Treat the BWRA as a living document with ongoing reviews
• Goal is resilience and proactive protection, not box-ticking

The UK government’s 2025 National Risk Assessment has set a sharper tone for firms tackling money laundering and terrorist financing, updating the country’s view of threats, sector vulnerabilities and emerging trends while signalling how regulated businesses should recalibrate their own risk work.

Now in its fourth edition, the assessment positions itself as a vital tool for understanding and disrupting criminals and terrorists who seek to move illicit funds through the financial system. 

It also measures progress since the 2020 iteration and highlights where risks have intensified or shifted.

According to Claire Rees, Financial Crime Regulatory Specialist at Jade ThirdEye the document’s most immediate relevance for compliance leaders lies in its connection to Section 18 of the Money Laundering Regulations, which requires a Business Wide Risk Assessment. 

Regulators expect firms to use the NRA to inform those assessments, ensuring the risk narrative, scoring and control design are grounded in current national intelligence rather than historic assumptions, Rees says.

The guidance for firms is pragmatic - start by focusing only on the parts of the NRA that apply to the business model. 

The assessment separates money laundering and terrorist financing threats, offers typologies and breaks risks down by sector, from retail banking to accountancy, legal services and crypto assets. 

Rees says relevance, not volume, should drive what makes it into the BWRA.

Next, she says, organisations should compare the NRA’s sector view with how the firm operates. If the sector is assessed as higher risk, the BWRA and control framework should reflect that in default due diligence posture and monitoring intensity. 

Where property exposure is material, for example, firms are urged to address vulnerabilities tied to mortgages and real-estate flows highlighted by the assessment.

A third step is mapping NRA risk factors to the firm’s specific footprint. That means aligning identified vulnerabilities and typologies to customers, products and services, delivery channels and geographic exposure, including links to higher-risk jurisdictions. 

The aim is to surface concrete exposure pathways rather than generic statements.

Where the NRA indicates rising national risk, firms are expected to update both scoring and narrative, showing how they will mitigate the change. Equally important is evidence. 

Rees warns that documentation should clearly link the BWRA to the NRA’s findings and explain how policies, processes and controls have been amended as a result.

The work does not end with publication. Risk leaders are encouraged to treat the BWRA as a living artefact, reviewed at least annually and revisited after significant updates, such as a new NRA, sectoral assessments from supervisors, fresh law-enforcement intelligence or material shifts in products, channels or customer profiles.

In essence, she says, the NRA offers a blueprint for the threats firms face. Used wisely and mapped faithfully to internal assessments, it helps meet regulatory obligations while strengthening defences against evolving financial crime.