Financial Crime Isn’t Just a Financial Services Problem

When it comes to fighting financial crime, there’s a world of difference between the financial services sector and industries like real estate and legal services. Between stringent regulations—from the Bank Secrecy Act to KYC due diligence requirements—and steep penalties for non-compliance, it’s no surprise that financial services organizations tend to be more advanced when it comes to financial crime preparedness.

But as governments continue to extend anti-money laundering (AML) and other requirements beyond the banking sphere, other regulated industries that were previously subject to lower levels of scrutiny are now finding themselves in the spotlight. Efforts to close what some see as critical loopholes—for example, criminals who launder money by paying cash for residential real estate—demonstrate the urgency for non-financial services organizations to ramp up compliance programs and expertise.

That urgency will only deepen with the next round of evaluations of countries by the Financial Action Task Force (FATF), a global intergovernmental body that sets anti-money-laundering law standards. FATF is set to focus more on non-financial services entities, including the above industries as well as accountancy, dealers in precious metals and stones, casinos, and trust and company service providers.

Our research indicates some industries have ample work ahead, from preparedness and technology investments to sanctions compliance. For example, real estate respondents were the most concerned of all surveyed sectors about what might be on the regulatory horizon. They also had the lowest degree of confidence in their organization’s governance infrastructure for overseeing financial crime: 58%, compared to 79% of accountancy respondents and 76% of those in financial services and insurance.

The legal services industry has its own set of challenges, with 1 in 4 respondents suggesting that their firm was not meaningfully committed to a culture of integrity and only 63% saying their financial crime compliance program had sufficient technology and investment.

Please indicate your agreement with the following statements (industry level). [“Strongly agree” and “Agree” responses shown]

Please indicate your agreement with the following statements.

The maturity gap could expose some players to significant risk. Regulators are finding increased rates of non-compliance with AML and other financial crime rules—and levying penalties accordingly. In Hong Kong, the city’s Insurance Authority recently imposed a record USD 2.9 million fine on a major Asia-based insurance company over technical issues with its AML oversight system. And the UK’s HM Revenue & Customs fined estate agents more than GBP 1.6M over AML registration failures between 2023 and 2024.

In what follows, we’ll delve into the challenges facing industries with less experience in financial crime compliance—and how they stack up against the financial services sector.

Close Watch on Insurance and Accounting

In November 2024, a U.S. insurance mogul pleaded guilty to criminal money laundering and conspiracy charges spawned by an alleged USD 2 billion scheme to defraud policyholders—a headline-grabbing example of financial crime in an industry where the FBI estimates insurance fraud costs more than USD 40 billion per year.

Given those numbers, it’s no wonder that insurance is a regulated financial activity, though it faces different compliance requirements and vulnerabilities than financial services organizations—the risk for insurers tends to be on the asset side, where money is invested on behalf of policyholders. But insurers are accustomed to a considerable degree of supervision and demonstrate substantial confidence in their ability to fight financial crime. Eighty-eight percent of insurance respondents say their compliance program has sufficient technology and investment to address the challenges they face.

Similarly, large accounting firms are likely more familiar with AML and KYC requirements than, say, a real estate brokerage focusing on high-end residential properties. The majority of accountancy respondents (97%) report high levels of preparedness for conducting effective customer due diligence.

But it can be challenging even for sophisticated auditors to screen for and identify financial crime— in contrast to banks, where much of the liability is focused on customer deposits. Shortened audit windows compound the difficulty, as does the rapid evolution of clients’ business models in a digital economy. The accounting scandal that brought down a prominent German electronic-payments company, for example, demonstrated the hurdles of auditing fintech and technology clients. And over the years, India has witnessed a series of corporate frauds where the role of accounting firms has been questioned.

Accounting firms are also under increased pressure to use a forensic lens while auditing, with many jurisdictions now obligating them to report fraud to authorities. In markets like Japan and India, auditors are expected to closely examine related-party transactions. Indian regulators also plan to overhaul the country’s auditing standards, a move aimed in part at addressing financial crime. Existing rules—the Indian Companies Act 2013, the Companies (Auditor’s Report) Order (CARO) and the Standards on Auditing (SAs)—already place reporting obligations on auditors to report fraud and suspected fraud to India’s Central Government and its Board/Audit Committee.

Meanwhile, in the U.S., the Trump administration has said it won’t enforce beneficial ownership disclosure requirements under the Corporate Transparency Act, a major law intended to tamp down on the use of shell companies by bad actors that imposes liabilities on accountants and other “gatekeepers”. The shifting landscape may explain why accountancy respondents are the least sure of financial crime-related changes in the coming year when it comes to both corporate transparency requirements (49%) and financial crimes enforcement action (43%).

Please indicate the extent to which you believe the following may change over the next 12 months.

Spotlight on Legal Services and Real Estate

Financial crime prevention regimes are broadening. In addition to the new regulations noted above, real estate agents, art dealers and professional football clubs are among the entities in the EU now facing enhanced AML reporting obligations. In the U.S., proposed financial crime rules would require some investment advisors and real estate professionals to report suspicious activity. And Australia recently updated its AML law to obligate lawyers, accountants and others to undertake robust customer due diligence and report suspicious transactions.

Such expansions may present something of a shock to the system for industries like legal services and real estate. Big law firms routinely represent clients in economic crime cases and investigations, but they may not have the in-house expertise needed to safeguard their own organizations.

In the UK, the Solicitors Regulation Authority has fined law firms of varying sizes over AML failings. While some prominent cases have been dismissed, the reputational and financial risk is real, and it’s clear that enforcement is on the upswing. Law firms in China and India may have fewer protections around client privilege than their U.S. counterparts, based on select instances of law firm premises being searched. However, information gathered in such a manner is unlikely to be used as evidence in a court of law.

Real estate may face the biggest hurdles among the non-financial services industries we surveyed. In addition to having little exposure to the types of client activities that put industries like banking or fund managers at risk, real estate indirectly benefits from financial crime by attracting funds generated by illicit activity. Our research found that at the industry level, real estate is the least prepared to take key preventive measures in addressing financial crime, from conducting effective customer due diligence to identifying and reporting unusual or suspicious behavior.

How prepared is your organization to do the following.

Which of the following represent the most significant challenges in sanctions compliance?

Real estate and legal services also show differences from the other industries surveyed when it comes to navigating sanctions. Both are significantly more concerned about privacy protections as they relate to sanctions compliance (60% and 58%, respectively). This may be tied to the fact that more than half (54%) of legal services respondents and 47% of those in real estate conduct sanctions screenings entirely in-house—the highest share among industries we surveyed.

Technology Investments

From risk analytics software to AI, technology can provide a critical compliance backstop for detecting financial crime. Our research shows the financial services sector is further ahead on some measures—though other industries are looking to catch up. More than half (55%) of financial services firms plan to invest in AI solutions in the coming year to tackle the expected increase in financial crime, followed by 52% in accounting and 45% in insurance. By contrast, only one-third of legal services respondents say the same—and just 26% of those in real estate.

Financial services is also in the lead when it comes to using AI and machine learning solutions to fight financial crime. Thirty-six percent say AI is an established part of their compliance program—15 percentage points higher than those in accounting and insurance, which had the next-highest levels of established implementation. Legal services and real estate report significantly lower penetration: Fewer than 10% in either industry say AI is an established part of their compliance program.

As technology tools proliferate and financial crime scrutiny expands, legal services and real estate respondents appear to be in catch-up mode, with 44% and 45%, respectively, considering AI implementation—the two highest shares by industry.

Compliance Checklist

• Education is key. Industries playing catch-up with more highly regulated entities as scrutiny intensifies must engage in upskilling to ensure that staffers in a range of roles understand financial crime risks and best practices.
• Targeted training. Whether it’s KYC standards or general training on AML measures, it’s important for industries to understand the methods, tools and best practices for evaluating risk.
• Consider outsourcing. It takes time to build up internal expertise and muscle for spotting and fighting financial crime. Partnering with outside entities can help bridge the gap as organizations adjust to new requirements.
• Avoid “off-the-shelf” solutions. Programs should be tailored not just to your industry, but to your organization’s specific activities and requirements. Avoid generic policies or applications that “check the box” but don’t address root causes or require robust monitoring and engagement.

Bracing for Risk Ahead

As industries move to implement compliance and meet new requirements, it’s worth nothing that some of the biggest players in highly regulated industries still can miss the mark, as illustrated by the record fine and enforcement action last year on a major North American bank. Weak AML controls and due diligence at another big U.S. bank that was pushing to expand its wealth-management business, for example, demonstrate how even the largest banks can fall short of regulatory standards.

The industry’s familiarity with both the impacts of illicit economic activity and the consequences for non-compliance may explain why financial services respondents lead in expectations of increased financial crime risk, with 74% forecasting an uptick in the coming year. Insurance (73%) and accountancy (71%) respondents were close behind, while the lowest expectations came from those in real estate (62%) and legal services (61%).

Meanwhile, other designated non-financial businesses such as gaming are facing increasing regulatory scrutiny, as illustrated by the monitorships imposed on some of the largest casino operators in Australia for AML/CFT failures.

How do you expect financial crime risks to change, if at all, over the next 12 months?

In an era of expanding financial crime regulations, industries facing new levels of scrutiny must adapt swiftly to meet rising compliance expectations. By prioritizing technological investments and leveraging best practices employed by the financial services sector, non-financial organizations can equip themselves to navigate the evolving regulatory landscape and fight financial crime.