Fraud: An Economic and National Security Threat

Regulatory Updates

June 25, 2026

Fraud: An Economic and National Security Threat

The Crime Survey for England and Wales (year ending December 2025) estimated 4.4 million fraud incidents. Out of the estimated 4.4 million incidents of fraud, around 3.2 million incidents involved a loss. Victims said that they were fully reimbursed in 2.4 million of these cases. Levels of fraud have increased by 30% since the earliest comparable year, the year ending March 2017.

Fraud is a rapidly growing global issue, becoming more sophisticated, cyber enabled and frequently crossing borders. Threats include authorised push payment, account takeover, romance scams, application fraud, chargeback fraud, payment card fraud, money mules and investment scams. Although these frauds look different at the point of loss, many rely on the same underlying infrastructure. For example, compromised credentials, mule accounts, synthetic identities, manipulated communications, weak onboarding controls, fragmented customer data and cross-border criminal networks.

The surge in fraud levels has placed significant pressure on governments to respond. In the UK, fraud has become a national priority, with the government launching its Economic Crime Plan to enable coordinated action across law enforcement and regulators.

Nikhil Rathi’s recent speech at the FCA's Financial Crime Conference held on May 14, 2026, focused on the increasing threat faced by consumers from organized crime and the risks of UK financial services firms being used to facilitate such activities; as such it is a matter of economic and national security. To combat this, a range of measures were outlined, including greater cooperation, increased focus on consumer education, sharing of information between firms and the use of technology. Much of this reflects our experience of working with firms, where actions have been taken to identify high-risk corridors, deploy technology rapidly and share information more effectively. We often see information being successfully shared by MLROs to thwart bad actors.

However, we continue to see firms where onboarding processes are not sufficiently robust, where both newly onboarded and legacy clients pose financial crime risk and fraud controls still need to be enhanced to combat the ever-increasing threat. The direction of travel suggests that firms will increasingly need to demonstrate how fraud risk is identified, measured, monitored, escalated and remediated. Firms cannot just assert that they have controls in place, but they need to demonstrate how those controls work in practice, where the data comes from, how alerts are prioritized and how decisions are recorded. In addition, professional services firms in scope of the Money Laundering Regulations will need to prepare for a different AML / CTF supervisory model from the FCA which is likely to be more assertive and data driven. Fraud is increasingly a convergence issue; it sits at the intersection of financial crime, cyber, data, technology, payments and investigations. A weak onboarding control may enable the creation of an account. A cyber compromise may provide the credentials. A mule network may move the funds. Poor data integration may prevent the pattern from being detected. An under-resourced investigation function may mean the issue is not escalated quickly enough. Effective fraud prevention therefore requires more than policy. It requires connected data, clear ownership of typologies, tested controls, rapid investigation capability and evidence that the firm can explain what happened when challenged. Modern fraud is not just a regulatory compliance issue. It is a connected financial crime, cyber, data and investigation issue.

AI and Cyber Resilience

The rapid deployment of AI by both firms and organized crime is a key focus. Deepfakes, synthetic identities, voice cloning, digital document forgeries, phishing attacks, mimicking transaction patterns and automated social engineering all pose significant risk. Criminals do not need perfect AI. They need cheap, scalable and convincing deception. The FCA has emphasized that it is essential that firms have effective protective, detective, threat containment and cyber response capabilities to address faster and more disruptive frontier AI-driven attacks.

Firms are developing at a pace a range of onboarding and monitoring tools to strengthen controls and create efficiencies. Key priorities include AI governance and strategy, identification of risk management vulnerabilities, managing risks from third parties, protection (including access management, network security and data protection) and response and recovery processes. However, we continue to see firms facing challenges, including a lack of clear AI governance and strategy, a disconnect between boards and those implementing AI tools and fragmented cyber controls. These issues need to be addressed to successfully combat frontier AI risks and deploy AI solutions to combat financial crime.

Failure to Prevent Fraud

The Failure to Prevent Fraud Offence is now a corporate criminal offence introduced under the Economic Crime and Corporate Transparency Act 2023.  It is part of the UK Government’s wider agenda to strengthen corporate accountability and combat economic crime. Despite the legislation coming into force on September 1, 2025, we continue to see firms that have not fully implemented reasonable fraud procedures and are still in the process of conducting a comprehensive internal risk assessment. Implementing reasonable fraud procedures should not be treated as a paper exercise. Firms need to demonstrate risk assessment, proportionate controls, senior ownership, training, third-party oversight, monitoring, investigation procedures, remediation and testing.

Firms are facing an ever-increasing risk from AI-driven external fraud, internal fraud and the new offence of failure to prevent fraud.  If you would like to discuss any of the above themes, please contact our experts listed below.

How Kroll Can Help

Kroll brings an integrated approach to tackling modern fraud across financial crime, cyber, data and investigations, helping firms meet increasing regulatory expectations. We support clients in identifying, managing and evidencing fraud risks, ensuring controls are connected, effective in practice and resilient against increasingly sophisticated, technology-enabled and AI-driven threats. 

We can support you by:

  • Conducting a fraud risk assessment to identify vulnerable processes across the business to identify exactly where and how fraud could occur.
  • Assessing your fraud controls against UK and international regulatory standards.
  • Assessing your cyber security controls, identifying vulnerabilities, designing defence architectures and ensuring regulatory compliance. 

Stay Ahead with Kroll

Financial Services Compliance and Regulation

In the ever-evolving financial services landscape, Kroll's award-winning team offers comprehensive regulatory and compliance services, guiding clients through registration, licensing, and compliance support to minimize risks and enhance efficiency globally.

Cyber and Data Resilience

Kroll merges elite security and data risk expertise with frontline intelligence from thousands of incident responses and regulatory compliance, financial crime and due diligence engagements to make our clients more cyber- resilient.