Fraud is rising fast, and criminals are using AI at scale. UK banks must modernise to real-time, unified fraud and AML defences or risk regulatory, financial and trust failure.
By late 2025, fraud and financial crime will have stopped being background noise in UK traditional and neo banking; they will be the clearest test of whether an institution deserves to hold a licence. The FCA continues to monitor banks, resulting in fines for Monzo for years of weak anti-financial crime controls, and for Barclays for serious gaps in monitoring high-risk clients, while Revolut remained among the most complained-about firms for fraud and scams. Fraud now makes up close to 40% of all crime in England and Wales and drains an estimated £219 billion from the UK economy each year.
Recent data shows how deeply embedded the threat has become. The UK’s National Fraud Database records hundreds of thousands of cases annually, with identity fraud dominant, account takeover rising fast, and customer misuse of accounts and loopholes showing a sharp YOY increase of over 35%.
On the payments side, UK Finance reports that criminals stole more than £600 million in the first half of 2025 alone, mostly via digitally enabled scams. Taken together with public estimates of more than £200 billion in annual economic cost, it is hard to escape the conclusion that official figures are only the tip of the iceberg.
These are not purely technical failings; they are also down to underinvestment and cultural issues. Fraud and AML were treated as nice-to-haves rather than central to the licence to operate. We can say that the fines are the canary in the coal mine for any traditional bank still tempted to see fraud as just another line in the P&L.
How fraudsters really work in 2025
From the research ‘Anatomy of the new fraudster’, today’s criminals operate more like agile technology firms (offering Fraud as a Service) than opportunists, using generative AI to create convincing fake documents, synthetic identities and deepfake voices at negligible cost. Mule networks act as professional infrastructure, recruiting students and vulnerable consumers to move funds across institutions and borders, while attack paths run seamlessly from social media and messaging to spoofed call centres, banking apps and wallets.
The same gaps in data and monitoring that enable APP and card fraud also underpin major AML failures, which is why incremental fixes will not reverse the trend; industrial-scale defences are required.
What traditional banks must do differently
1) Move to real-time, omnichannel fraud management
Fraud on instant payment rails cannot be controlled with overnight batch files and separate rule engines for cards, accounts and channels. Banks need a single Enterprise fraud and risk intelligence layer across card issuing and acquiring, digital and mobile banking, open-banking and instant payments, onboarding and KYC, with decisions taken before funds leave the account.
That means one platform applying behavioural analytics, device intelligence, transaction history and external data in milliseconds, spotting abnormal journeys across the customer’s footprint and learning from every interaction.
We already see this model in practice. In Europe and the UK, banks such as DSK have unified card and merchant fraud controls on a single, omnichannel platform, sharpening detection and saving several million euros while supporting higher volumes and new payment types. Across the rest of the world, institutions are catching up fast: in Latin America, Banco Finandina has coupled integrated fraud management with strong customer authentication based on 3DS2, securing e-commerce and digital lending flows without a parallel rise in write-offs; in Asia, CPB in Malaysia has deployed a real-time, analytics-driven fraud engine with centralised case management to protect internet and mobile banking users, using a 360-degree view of customer behaviour and machine-learning models to keep pace with rapid digital adoption.
These banks treat fraud prevention as core infrastructure, not a patchwork of bolt-ons. They design products, data and technology around real-time risk. Increasingly, traditional banks in the UK and Europe are also recognising that the legacy stacks they have been operating are themselves a red flag – brittle, siloed and too slow for instant payments – and are actively searching for a way out. That salvation lies in modern, cloud-ready platforms that can absorb new data sources, scale analytics, and support continuous change without years of custom coding. A DIY approach may look attractive on paper. Still, it cannot deliver the speed regulators customers now expect, and it risks creating yet another bespoke, unmaintainable legacy trap a few years down the line. Despite what is said, the UK is still in danger of losing momentum; fraudsters notice where controls are fragmented and slow, and if we do not modernise quickly, there will soon be far less left to save.
2) Make mule disruption a strategic priority
Tens of thousands of UK accounts exhibit mule-like behaviour every year. Traditional controls that focus on single transactions and single-bank views are no longer sufficient; banks need network analytics to identify mule hubs, link devices, beneficiaries and merchants, and act quickly with peers and law enforcement to freeze funds and close accounts before money disappears.
3) Fuse fraud and AML into one financial-crime framework
Recent fines have highlighted the risk of treating fraud and AML as separate silos. Traditional banks should converge data, analytics and case management, creating a shared view of customer risk, coherent alert handling and unified reporting. This is no longer a technology preference; it is becoming a regulatory expectation.
4) Put people and governance on the same footing as tools
A rising insider-threat profile and recurring control failures show that no amount of analytics can compensate for weak governance. Boards need clear visibility of fraud and AML trends, realistic staffing and skills in investigation teams, and decision-making frameworks that link technology, operations and accountability.
What comes in 2026?
The UK remains a global leader in financial innovation, but 2026 will be a stress test of whether that leadership can be sustained amid mounting fraud and financial crime. Fraud already accounts for a large share of reported crime; in 2026, incremental change will simply not be enough. Fraud and AML resilience must be treated as core infrastructure, with real-time, cross-channel defences and much smarter intelligence sharing becoming the norm, not the exception. Institutions that modernise their fraud architecture, unify data and analytics, and work with the right technology partners will be able to cut losses, protect customers and maintain the confidence of increasingly demanding supervisors.
So 2026 will be the year UK banks either modernise fraud prevention and control or lose the battle. If banks do not act with real urgency in 2026, how many more fraud reports, headlines and fines will it take before trust in the UK finance system suffers customer loyalty damage that cannot be repaired?
