Working together against financial crime

Speech by Nikhil Rathi, FCA chief executive at the FCA's financial crime conference.

On this page

• A new threat landscape
• Whack-a-mole
• System-wide effort
• Changing approach for a changing threat
• Prioritisation as security discipline
• Conclusion: shared responsibility for shared security

Speaker: Nikhil Rathi, chief executive
Event: FCA financial crime conference
Delivered: 14 May 2026
Note: This is a drafted speech and may differ from the delivered version

Highlights

• Financial crime is more organised, technologically advanced and interconnected than ever, making it a threat to national security and economic stability.
• The response to financial crime must be system-wide. This includes better information sharing, smarter use of technology and deeper collaboration across firms, regulators, government and law enforcement.
• The scale and speed of financial crime mean we cannot defend against every threat equally, and must prioritise where we focus our collective effort.

A new threat landscape

Financial crime is changing - fast.

It's more technologically enabled. More organised than ever before. And moving at speed.

Which is why the fight against financial crime sits at the heart of our 5-year strategy.

But it's not just the volume that's changed; it's who is behind it.

Organised criminal groups running professional networks that operate across borders.

Take investment fraud.

A personal tragedy, and one many of us here today have seen touch friends or family.

Leaving them grappling with an average loss of over £25,000 - a life-changing amount of money, that they've likely spent decades saving.

But they're losing more than money: confidence, security and, too often, their sense of self.

However, zoom out and you'll find something even more troubling.

Farms of people, thousands of miles away, working to target as many people as possible.

And proceeds that flow back into criminal enterprises funding more heinous crimes. The kind with a human cost, both here and abroad.

These groups are blending fraud, money laundering, sanctions evasion and cyber-enabled crime.

Putting at risk trust in the whole financial system, even economic growth. Funds that could be productively invested, diverted instead into criminal coffers.

Our response has to be just as broad and adaptable.

Because the reality is that our financial system is part of that supply chain - exploited by criminals moving dirty money through complex layers designed to stay hidden.

And, increasingly, there are links with actors connected to some states who are deliberately weakening trust in our institutions and exploiting openness in our systems.

Using their ill-gotten gains to fund other illegal and destabilising activity - whether on the streets of Khartoum or Carlisle - while staying below the radar.

The damage reverberates far beyond a single victim.

It destabilises our society - eroding trust in our institutions, financial system and each other.

That's the scale of what we're dealing with.

I've said before that separating financial services from national security is outdated and dangerous.

This is a question of fundamental economic and national security.

No single organisation can see that threat clearly - or disrupt it effectively - alone.

That's why we're all here today.

Financial services. Technology and infrastructure providers. Regulators. Government. Law enforcement. Consumer groups.

As a collective, we have a question to face honestly:

Are the ways we've traditionally tackled financial crime still fit for the environment we are now operating in?

Whack-a-mole

For many of us, the answer will be no.

How many of us have felt, at times, that fighting financial crime is like whack-a-mole?

One threat disappears. Another pops up somewhere else.

We respond quickly - and, I would argue, often effectively - but not necessarily at scale or in full coordination.

Why is that?

Historically, we've organised our responses around institutional boundaries. Each firm or authority focused on its own remit and responsibilities.

That may have made sense when threats were slower and easier to contain.

But criminals today don't see our org charts. They see seams.

Gaps to exploit in the hand-off between one system and another. In the place where information isn't shared, or responsibility is a grey area.

Against this kind of networked threat, we will always be outgunned if we act alone.

So we need to update our thinking - fast.

System-wide effort

How can effort be better directed across the system?

I'll start.

I've suggested that layering coordination onto existing approaches will not be enough against a highly agile, networked threat.

It requires a radically different operating model.

One designed for the reality we face - faster, more connected, and more focused on outcomes.

That starts with widening the lens.

When we talk about fighting financial crime, we often start with industry.

But consumers are the first true line of defence.

By checking before they invest, questioning what seems too good to be true.

But they need proper tools to protect themselves.

Which is why we've launched campaigns like Firm Checker and InvestSmart.

Still, the system they operate in has to be trustworthy.

And that means having the right firms in it, which is why the authorisations gateway matters.

It's where we stop harm before it starts.

And why we believe the new, post-EU regulatory payments regime should follow the same model as the rest of financial services - across authorisation, supervision and enforcement.

But firms aren't the whole picture.

Everyone in this room shapes how criminal networks move money, hide activity and keep out of sight.

It's been encouraging to see firms leaning into the information-sharing powers that the Economic Crime and Corporate Transparency Act provides.

Done well, private-to-private sharing is one of our most powerful tools.

Because something else we should be clear on: this is not regulators versus industry versus consumer.

We are on the same side, with the same adversary.

The criminal.

A system-wide response means leaning into those interdependencies.

Changing approach for a changing threat

In practical terms, that means 3 shifts.

First, greater openness.

Earlier, more effective and responsible sharing of information, insight and signals.

So risks are understood before they crystallise into harm.

This is the thinking behind data fusion, a public-private initiative led by the National Crime Agency (NCA) and National Economic Crime Centre.

Already, we're finding more cases of serious organised crime abusing FCA-registered firms.

The same principle is driving our work with the NCA to develop a secure data pipeline.

And by June, we'll begin wider sharing of our intelligence data with law enforcement agencies - starting with over 5,000 records via the Police National Database.

Second, embracing technology.

Criminals are adopting new technology at pace, and we have to keep up.

At the FCA we're investing heavily in data, technology, surveillance and detection tools.

For example, our financial crime detection capabilities programme brings together advanced network analytics, curated data and secure intelligence handling.

So we can identify threats earlier and intervene more effectively.

Testing in the payments sector showed that our new analytics identified firms with potential money laundering risks earlier than previous rule-based approaches.

Innovation has to be a key part of our security toolkit, but capability can only go so far without collaboration.

A rigorous gateway takes time, and robust anti-money laundering (AML) requirements come with a price tag.

These are real tensions which deserve open engagement, not just better coordination.

Bringing me to the final - and perhaps most important - shift: deeper joint working.

With the NCA, we've published 9 economic crime priorities, focusing our effort where the threat is greatest: money laundering, fraud, jurisdictions of risk. The list goes on.

You'll hear more later today - but selected banks are now piloting action plans and already generating law enforcement outcomes.

The new AML regime also creates real opportunities to deepen our work with professional body supervisors in the legal and accountancy sectors.

On the international level, our recent finfluencer week of action proved what's possible.

17 regulators from 14 countries, working together on one coordinated push that resulted in:

• A guilty plea for illegal social media promotions.
• Nearly 40 warnings.
• Over 100 account takedown requests.

And we are looking forward to the appointment of a UK president of the Financial Action Task Force from July, as further opportunities to build momentum.

Because when the threat doesn't stop at our borders, neither can our response.

Which is why we're deepening our use of IOSCO to coordinate action and close the gaps they depend on.

From participating in I-SCAN, a live global database of alerts on unauthorised firms.

To hosting a joint TechSprint with our AI Lab, building tools to help investors spot scams in the age of AI.

And sending a clear message to big tech: you cannot sit on the sidelines as online investment fraud continues to rise.

The international picture is kaleidoscopic, with other jurisdictions' priorities on financial crime changing amid political and geopolitical shifts.

That presents us with new choices and pressures.

But that is not a reason to lower our standards. If anything, it's a reason to be smarter about where we focus.

Prioritisation as security discipline

There is another pressing reality we have to confront:

Technology, including AI, is accelerating the pace on both sides.

The Australian Securities and Investments Commission recently warned that AI could expose cyber security vulnerabilities at a speed and scale the likes of which we've never seen.

The threat isn't coming - it's here.

The FCA's own intelligence infrastructure has now processed over 52 million intelligence records.

At these levels, it is simply not possible to chase every single lead.

To pretend otherwise would spread our effort too thin and leave us permanently reacting to activity that has already moved on.

So we need to be candid that we won't be able to defend everything equally.

We have to prioritise.

We won't always get it right. But that's a risk we have to accept to fight financial crime more effectively.

We know that across the system, our partner organisations are under the same pressures: more complexity, volume and velocity, without more resource.

And a threat that is becoming harder to read.

So these aren't just our choices. They're choices for the system.

And they need the Government to be clear about where financial crime sits in relation to growth, innovation and risk appetite.

That's a policy question. Not a regulatory one.

As the trade-offs become visible, judgement and discipline are more important than ever.

Conclusion: shared responsibility for shared security

If we get this right, the payoff is significant.

Strong defences strengthen trust.

Trust that encourages financial participation, inclusion and resilience.

And trust that underpins the growth, competitiveness and security of our financial services system and country.

None of this is easy.

It requires all of us to work differently.

If the threat is adaptive, our defences have to be, too.

And teamwork and a partnership that spans sectors and borders is our strongest weapon against financial crime.