Financial Crime Risks for Finance Professionals: What Firms Need to Know in 2026

Financial Crime Risks for Finance Professionals: What Firms Need to Know in 2026

Financial crime is not a distant risk for accounting and finance professionals — it is an operational reality that touches almost every firm and finance function. Money laundering, fraud, bribery, insider dealing, and sanctions evasion all create direct legal exposure for finance professionals who fail to recognise, respond to, or report suspicious activity. Regulators in 2026 are taking an increasingly assertive approach to enforcement, with the FCA, the National Crime Agency (NCA), and professional bodies such as ACCA and ICAEW all raising the bar for what firms must demonstrate in terms of staff training and awareness.

This article covers the principal categories of financial crime that finance professionals encounter, the regulatory expectations for training, the specific role of finance teams in detection, and how to structure an effective financial crime training programme.

---

Typologies of Financial Crime Finance Professionals Encounter

1. Money Laundering

Money laundering — the process of concealing the origin of criminal proceeds — is the most pervasive financial crime risk for accountants and accounting firms. Under the Proceeds of Crime Act 2002 (POCA 2002) in the UK and the Criminal Justice (Money Laundering and Terrorist Financing) Act 2010 (CJA 2010) in Ireland, finance professionals who deal with the proceeds of crime — even unknowingly — can face criminal prosecution.

Common money laundering typologies encountered in accounting practice include:

• Clients using legitimate business structures to layer illicit funds through trade transactions
• Cash-intensive businesses with revenue patterns inconsistent with their operating model
• Complex corporate structures involving multiple jurisdictions with no clear commercial rationale
• Clients purchasing high-value assets (property, vehicles, art) with no clear source of funds
• Unexplained large cash deposits or unusual payment patterns through client accounts

2. Fraud

Finance professionals face fraud risk in two directions: external fraud against their employers or clients, and the risk of unwittingly facilitating fraud by others. Key fraud typologies include:

• Business email compromise (BEC): Fraudulent payment instructions targeting finance teams, often impersonating senior management or trusted suppliers. This is the highest-volume fraud type affecting UK businesses, UK Finance's Annual Fraud Report 2025 recorded total fraud losses to UK businesses of £1.17 billion in 2024, with BEC and authorised push payment fraud identified as primary vectors.
• Invoice fraud: Submission of fraudulent invoices for goods or services not rendered, or manipulation of legitimate invoices to redirect payment
• Payroll fraud: Addition of ghost employees, manipulation of salary or bonus calculations, or misuse of expense reimbursement processes
• Financial statement fraud: Misrepresentation of revenue, expenses, assets, or liabilities — which finance professionals may be asked to facilitate or conceal by management under commercial pressure

3. Bribery and Corruption

The Bribery Act 2010 (UK) and Prevention of Corruption Acts (Ireland) create specific obligations for finance professionals. The corporate offence under Section 7 of the Bribery Act — failure of a commercial organisation to prevent bribery — is merely a compliance caveat. Corporate organisations that fail to prevent bribery means that firms can be prosecuted even where the bribe was paid by a junior employee without senior management knowledge. Finance professionals who approve or process payments that constitute bribes — including facilitation payments — face personal criminal liability.

Red flags finance professionals should recognise include: payments to third-party intermediaries in high-corruption-risk jurisdictions, commission structures that are disproportionate or or unrelated to services rendered, and requests to make payments through unusual channels or in to private accounts.

4. Insider Dealing and Market Abuse

Finance professionals in listed companies or advising listed companies regularly access material non-public information (MNPI). Using such information to trade in securities, or passing it to someone who trades on it, constitutes insider dealing under the Criminal Justice Act 1993 (UK) and the Market Abuse Regulation (MAR), which applies in both the UK (UK MAR) and the EU (EU MAR).

Finance teams must understand:

• What constitutes inside information and MNPI
• The firm's information barriers and wall-crossing procedures
• Restrictions on personal account dealing
• The obligation to report suspected market abuse to compliance

5. Sanctions Evasion

The UK's sanctions regime — administered by the Office of Financial Sanctions Implementation (OFSI) within HM Treasury — prohibits dealings with designated persons and entities. Firms operating internationally must also comply with EU sanctions (post-Brexit, via the EU Regulation itself for EU-nexus transactions), US OFAC sanctions, and UN sanctions. Since 2022, the volume and complexity of sanctions — particularly those relating to Russia — has increased significantly, and OFSI enforcement has become more active.

Finance professionals who process payments, extend credit, or provide services to sanctioned parties — even inadvertently — risk civil or criminal liability. Firms must maintain up-to-date sanctions screening processes, and finance teams must understand how to flag and escalate suspected sanctions matches.

---

Regulatory Expectations for Staff Training and Awareness

The regulatory framework for financial crime training is demanding and multi-layered:

• FCA: The FCA's Financial Crime Guide (FCG) and associated sourcebook guidance make clear that FCA-regulated firms must train relevant staff to recognise and respond to financial crime risks. The FCA's 2024 Financial Crime Annual Report highlighted training deficiencies as a recurring weakness in supervised firms. Under the Senior Managers and Certification Regime (SM&CR), individuals in senior management functions have personal accountability for financial crime governance.
• NCA: The National Crime Agency issues annual typologies guidance and the Suspicious Activity Reports (SARs) regime annual report, which provide updated financial crime red flags. Firms should incorporate NCA guidance into annual training updates.
• ACCA guidance: ACCA's Practice Note on Money Laundering and the ACCA AML Guide set out member obligations, including the requirement for regular training, MLRO responsibilities, and SAR filing procedures. ACCA disciplinary records show that AML non-compliance — including failure to train — is a recurring ground for member sanctions.
• ICAEW: ICAEW publishes annual AML guidance for members and requires firms under its supervision to maintain training records. ICAEW's supervisory visits specifically assess training adequacy.

---

The Role of Finance Teams in Financial Crime Detection

Finance teams are uniquely positioned to detect financial crime because they sit at the intersection of money flows, client transactions, and financial records. Specific detection responsibilities include:

• Transaction monitoring: Reviewing payment patterns, unusual transactions, and discrepancies between reported and actual cash flows
• Client due diligence: Ensuring that CDD and enhanced CDD processes are followed for new and existing clients presenting elevated risk
• Reconciliation integrity: Identifying unexplained reconciling items, journal entries without proper authorisation, or accounts that are not behaving as expected
• Vendor and supplier scrutiny: Identifying unusual payment requests, new bank account details, or pressure to make urgent payments outside normal process
• Internal reporting: Making timely internal suspicious activity reports (SARs) to the MLRO when concerns arise — and understanding that the obligation to report applies even where the finance professional is uncertain whether the suspicion is well-founded

---

How to Structure a Financial Crime Training Programme

An effective financial crime training programme for finance teams should be structured around three layers:

Layer 1: Foundation Training (All Staff)

All finance team members should receive annual training covering: the legal framework (POCA 2002/CJA 2010, Bribery Act, MAR), the main financial crime typologies, how to recognise red flags, how to make an internal SAR, and the firm's financial crime policies and procedures.

Layer 2: Role-Specific Training

Staff with specific financial crime responsibilities should receive deeper training relevant to their role: MLROs on SAR assessment and external reporting; client-facing staff on CDD and enhanced due diligence; treasury and payments staff on sanctions screening and BEC prevention; senior finance professionals on insider dealing obligations and MAR compliance.

Layer 3: Annual Updates

Financial crime typologies evolve rapidly. Training programmes should include annual updates covering: new NCA or Europol typology guidance, changes to the sanctions regime, FCA or CBI regulatory findings relevant to the sector, and firm-specific lessons learned from internal incidents or near-misses.

---

Frequently Asked Questions

What financial crimes are most relevant to finance professionals?

The financial crimes most directly relevant to finance professionals are: money laundering (given the obligations under POCA 2002 and CJA 2010), fraud (including BEC, invoice fraud, and payroll fraud), bribery and corruption (under the Bribery Act 2010), insider dealing and market abuse (under UK MAR and EU MAR), and sanctions evasion (under OFSI and HM Treasury regulations). Finance professionals are both potential targets of these crimes and, under their professional obligations, potential reporters of suspicious activity.

What is a suspicious activity report (SAR) and when should a finance professional submit one?

A suspicious activity report (SAR) is a report made to the National Crime Agency (UK) or An Garda Síochána/Financial Intelligence Unit Ireland (Ireland) when a finance professional suspects that money laundering or terrorist financing is occurring. Under POCA 2002 (UK) and CJA 2010 (Ireland), there is a legal obligation to report — failing to do so when suspicion exists is a criminal offence (failure to disclose). The obligation applies where the individual "knows or suspects" that another person is engaged in money laundering — a low threshold that deliberately requires prompt internal reporting to the MLRO, who then assesses whether an external SAR is required.

Can a finance professional be personally liable for financial crime compliance failures?

Yes. Under POCA 2002, individual finance professionals can face criminal prosecution for money laundering offences (Section 328, 329) including for arranging or facilitating transactions they knew or suspected involved criminal property. Under the Bribery Act 2010, individuals can be prosecuted for offering or accepting bribes. Under UK MAR, insider dealing carries unlimited fines and up to seven years' imprisonment. Personal liability under these statutes is a reality — it is not confined to the firm as a corporate entity.

What is the FCA's approach to financial crime in 2026?

The FCA's approach in 2026 is assertive. The FCA has increased the number of financial crime enforcement actions, expanded its use of Section 166 skilled person reviews to assess financial crime frameworks, and highlighted training deficiencies as a recurring weakness in regulated firms. Under the Consumer Duty, firms must also demonstrate that they are not facilitating financial harm to clients, which intersects with financial crime prevention. FCA-regulated finance functions should treat financial crime training not as a compliance minimum but as a regulatory expectation.

How often should financial crime training be completed?

Annual financial crime training is the accepted standard for all relevant staff. This should cover the full range of financial crime typologies, updated red flags, and any changes to the firm's policies or any regulatory environment. For staff in high-risk roles (MLROs, client-facing professionals, treasury and payments staff), more frequent updates — including attendance at NCA or FCA financial crime briefings — are best practice. New staff should complete financial crime training at induction, before taking on client-facing responsibilities.

What is the corporate criminal offence under the Criminal Finances Act 2017?

The Criminal Finances Act 2017 created two corporate criminal offences in the UK: the failure to prevent the facilitation of UK tax evasion, and the failure to prevent the facilitation of foreign tax evasion. These are strict liability offences — a firm can be prosecuted even where no senior manager had knowledge of or involvement in the underlying conduct. The only defence is demonstrating that the firm had "reasonable prevention procedures" in place. Finance teams should be trained to recognise and report indicators of tax evasion facilitation, and firms must maintain documented prevention procedures.

---

Download the Financial Crime Risk whitepaper from Learnsignal — covering typologies, regulatory obligations, training frameworks, and practical guidance for finance and compliance teams. Access the whitepaper at learnsignal.com/resources/.