The opinions expressed here are those of the authors. They do not necessarily reflect the views or positions of UK Finance or its members. 

That call to action has never been more relevant for the financial services industry. The threats outlined in the NSS 2025 - from hostile state aggression and organised crime to cyber-enabled fraud and sanctions evasion - are converging into a complex, fast-moving risk environment. And at the heart of that convergence lies finance.

Money is the fuel for almost every hostile activity, whether it’s funding espionage, enabling terrorism, facilitating disinformation campaigns, or bypassing sanctions. This makes the financial sector a critical operational front line in the UK’s national security effort.

The convergence of threats

In my thirty years in national security and law enforcement, I’ve never seen such a blurring of lines between state and non-state actors. Hostile governments are recruiting or exploiting organised crime groups to launder money, move illicit assets, and obscure their origins. This year, for example, the UK sanctioned the Iran-backed Foxtrot Network and its leader, Rawa Majid - an organised crime gang based in Sweden but acting on Tehran’s behalf in violent attacks across Europe.

Our latest report – Anticipating the Unseen: A National Security Threat Assessment for 2025 and Beyond – builds on the priorities set out in the NSS 2025, combining our own research with operational insights from our subject matter experts. For the finance sector, three findings stand out:

• Economic crime as a strategic weapon – hostile states and organised crime groups are using the proceeds of ransomware, corruption, and large-scale fraud to fund operations that undermine UK security.
• The normalisation of crypto-enabled laundering – stablecoins, mixers, and complex offshore structures are now routine tools for moving illicit funds at speed and scale.
• The escalation of insider threats – from coercion and bribery to the deliberate placement of individuals inside organisations to bypass controls.

The consequences are not theoretical: in the NCA-led Operation Destabilise, UK and US agencies disrupted over £20 million in cash and crypto laundering that brought together organised crime groups, professional enablers, and even Russian intelligence - a stark reminder that hostile states exploit the same financial systems that underpin legitimate commerce, and why only a networked response can counter them.

What this means for financial services

The fusion of hostile state objectives and organised crime changes the nature of risk for our sector. Exposure now extends beyond conventional Anti-Money Laundering (AML) or fraud concerns, encompassing:

• Sanctions evasion via trade finance, shell companies, and cryptoassets.
• Cyber-enabled fraud that steals funds and compromises sensitive customer data.
• Third-party vulnerabilities in suppliers or technology providers that can be exploited as entry points.

Financial institutions cannot rely on siloed compliance functions alone - national security risk must be embedded into governance, cyber resilience, and operational planning.

Practical steps for resilience

Finance leaders can act now to strengthen defences and support the UK’s security objectives:

1. Expand risk mapping with a networked approach – assessing not just financial flows but exposure to espionage, insider threats, professional enablers, and wider geopolitical factors.
2. Harden systems – go beyond baseline IT hygiene by enforcing rapid patching, multi-factor authentication, and isolated backups, while also stress-testing resilience against ransomware, supply chain compromise, and hostile state actors who may target critical business services. Detect insider threats – combine behavioural monitoring, access reviews, and confidential reporting channels with proactive education, role-based risk assessments, and red-flag indicators to detect coercion, exploitation, or infiltration linked to hostile state or organised crime interests. Enhance intelligence sharing - focus on speed, granularity, and two-way feedback - strengthening collaboration with the NCA, JMLIT, and sector ISACs to ensure insights are actionable, timely, and relevant to frontline risk decisions.
3. Plan for complex scenarios - employ horizon scanning and wargaming - simulating not only cyberattacks during sanctions enforcement, but also wider geopolitical shocks, state-crime collaboration, and cascading threats that test organisational resilience. 

From compliance to contribution

The financial services sector has unique visibility into the movement of money – and with that comes a unique responsibility. Protecting the integrity of our systems is no longer only about meeting regulatory requirements; it is about safeguarding the economic and political stability of the UK itself.

Resilience today means acting early, sharing intelligence, and recognising that hostile activity targeting your organisation could be part of a wider campaign against the nation. The NSS 2025 makes it clear: security at home, strength abroad, and sovereign capabilities depend on all of us.

In finance, that is not just an opportunity to contribute – it is a national imperative. Learn more in Anticipating the Unseen: A National Security Threat Assessment for 2025 and Beyond.