Financial crime prevention: Why risk assessments matter

02 Jun 2026

Our compliance partner, UKGI Group, takes a look at financial crime and the FCA’s expectations of brokers in helping prevent it with adequate risk assessments.

Financial crime is evolving rapidly across financial services and insurance brokers are increasingly expected to play an active role in preventing it. Often seen as the first line of defence when it comes to spotting suspicious activity, brokers are an important link in helping manage financial crime risks across the insurance chain.

Staying ahead of financial crime is essential, and adopting a risk-based approach is key. Fighting financial crime is a priority in the FCA’s current five-year strategy, with a sectoral review of financial crime systems and controls scheduled for a sample of insurers in 2026. The findings from this review will be shared with the wider industry, reinforcing the expectation that brokers and insurers alike must remain vigilant.

The Economic Crime and Corporate Transparency Act 2023 (ECCTA) has introduced a new corporate offence of failure to prevent fraud, which applies to incorporated bodies and partnerships who meet at least two of the following criteria:

more than 250 employees
more than £36 million turnover
more than £18 million in total assets

This puts insurers and large broking firms who are in scope of the offence under pressure to tighten controls with their suppliers and agents, SME Brokers can therefore expect to see more thorough checks on their financial crime policies during due diligence or insurer audits.

As expectations rise and the regulatory landscape evolves, it’s clear that brokers are not only gatekeepers but also key partners in the ongoing battle against financial crime. By maintaining vigilance, embracing a risk-based approach, and evidencing effective controls, brokers can help safeguard both their firms and the industry at large.

At the centre of this strategy is a robust financial crime risk assessment, understanding your firm’s exposure to financial crime and documenting how those risks are managed. This is no longer simply best practice, the FCA’s evolving expectations mean that robust risk assessments are vital for ongoing compliance and protection.

The Scale of Risk Exposure

Although the general insurance sector is considered low risk from a money laundering perspective, the threat is not negligible. Insurance remains vulnerable to exploitation by criminals, and brokers must play their part in ensuring proper application of financial crime controls, including the UK financial sanctions regime. Broking business models do however expose firms to a higher risk of financial crimes such as bribery and especially fraud, which according to the National Economic Crime Centre (NECC) (Annual Report 2024-2025) now accounts for over 40%¹ of all crimes reported in the UK.

Annual fraud detection data published by the Association of British Insurers, in November 2025, is sobering, fraudulent general insurance claims totalled £1.16 billion in 2024, with over 98,000 cases identified² and application fraud and identify-related scams are also on the rise. Although fraud is often most visible at the claims stage, brokers play a crucial role at the outset of the customer relationship, where many risks first emerge.

There are many social and economic factors which are driving both the motive and opportunity for fraud with society experiencing rising levels of vulnerability and technological advances making it easier for cyber criminals to operate. Cybercrime has become one of the most prominent threats facing the insurance sector. Phishing attacks, ransomware, and identity theft can compromise sensitive client data and disrupt business operations. Brokers must ensure that their systems are resilient, with robust cyber security controls and incident response plans in place.

Proportionate Approach

Whilst insurers may have dedicated compliance teams and sophisticated systems, many SME broking firms operate with more limited resources. Controls must remain proportionate to the nature, scale, and complexity of the business. A ‘one size fits all’ approach is neither practical nor effective, for example brokers dealing primarily with low-risk personal lines business may require simpler controls than those operating internationally or handling complex commercial risks.

Adopting a risk-based framework allows firms to align resources with exposure and tailor controls according to risk, which may include due diligence processes, segregation of duties and sign off procedures, transactional monitoring, regular staff training and internal suspicious activity alert and escalation procedures, amongst other things.

Advancements in Artificial Intelligence (AI) and Machine Learning (ML) are making automated controls in relation to financial crime detection and analytics more accessible and cost effective for SME firms. Technology can play a crucial role in streamlining due diligence processes and automated systems can help identify anomalies and potential risks. However, technology must be complemented by human oversight, judgement, and ongoing education.

Effective financial crime management doesn’t always necessitate investment in complex technology however, and a risk-based approach, tailored to the scale and nature of the firm and the risks that it is exposed to, allows brokers to deploy a range of proportionate and practical prevention measures.

Key Areas to Consider in Your Risk Assessment

A Business Wide Risk Assessment (BWRA) offers a holistic perspective, allowing firms to consider a full spectrum of risks rather than focusing narrowly on one area. It also allows you to acknowledge how various controls often overlap, for example, by carrying out appropriate due diligence you can address multiple financial crime risks simultaneously.

The most effective risk assessments start by identifying inherent exposure to a range of risk factors, then mapping the effectiveness of the control environment against these to determine the residual risk position. It’s a good idea to incorporate risk rating methodology to achieve a consistent approach with clear rating scales and definitions.

Risk Assessments should also anticipate further regulatory developments. As new threats emerge, the FCA and other bodies may introduce additional requirements, making compliance a moving target. Staying well-informed of regulatory updates and participating in industry forums can help brokers remain proactive.

Your risk assessment should broadly consider the risks arising from your business model relating to:

Customer Risk: Profile your clients and their activities. Watch for indicators such as complex ownership structures, cross-border operations, overseas connections, high-risk industries, or clients identified as Politically Exposed Persons (PEPs)
Product Risk: Insurance products with high premiums or large insured values may be more attractive for fraud or financial crime. Products enabling frequent or expedited transactions can also pose higher risks
Transaction Risk: Be alert to unusual payment methods particularly cash payments, third-party payments, or sudden requests to change payment details - these could signal criminal activity
Geographical: Overseas business, or contracts that expose you to cross border implications including jurisdictions with weak anti-money laundering controls, high corruption levels, political instability or where sanctions are considered higher risk
Distribution Risk: If your firm works with introducers, sub-brokers, or online channels, evaluate whether these relationships increase risk, especially as they may distance your firm from direct customer contact

A structured risk assessment enables you to deploy resource and apply suitable controls where risks are most acute.

Conclusion

The FCA’s view of strong practice goes well beyond minimum compliance - it reflects the need for firms to actively use risk assessments as decision making tools with clear outcomes. It is vital for you to evidence senior management engagement and clear accountability and oversight of risk methodologies and outcomes.

Your approach should be dynamic not static; risk assessment is a continual process updated using internal data and external intelligence and you should consider what metrics you include in your regular management information review to achieve this.

Brokers who can clearly evidence their efforts to understand and mitigate financial crime risks on a continual basis will be better positioned to navigate regulatory scrutiny successfully. The bottom line is that if your risk assessment doesn’t drive how your firm manages financial crime risk, the FCA is likely to view it as inadequate.

Beyond compliance, these efforts help build trust and credibility with customers and insurers alike, giving firms a competitive edge and supporting the integrity of the UK financial sector as a whole.