EBM EXPERT ANALYSIS- By Joe Norburn, CEO of TCC and Momenta
Financial crime is no longer just a compliance issue, it is a test of economic resilience, consumer trust and national security.
The scale and complexity of the threat continue to grow. The Office for National Statistics estimated around 4.2 million fraud incidents in the year ending March 2025, a 31% increase on the previous year. Fraud, money laundering, scams and crypto-enabled crime are increasingly interconnected, exposing weaknesses not just within individual firms but across the financial system as a whole.
Across recent speeches and strategic updates the FCA has consistently reinforced a central message: no single organisation can fight financial crime alone. The regulator has emphasised the need for collective action, public-private sector coordination and greater resilience.
Join The European Business Briefing
New subscribers this quarter are entered into a draw to win a Rolex Submariner. Join 40,000+ founders, investors and executives who read EBM every day.
SubscribeFCA Chief Executive Nikhil Rathi has framed financial crime as a challenge that extends far beyond individual firms. Fragmented, firm-by-firm responses are increasingly misaligned with the way modern financial crime operates.
Here Joe Norburn, CEO at TCC Group (TCC & Momenta) argues fragmentation is a financial crime risk – and one the industry has yet to fully address.
Fragmentation is now a financial crime risk
Financial crime has evolved into a system-wide problem. Criminals exploit the gaps between institutions, jurisdictions, technologies and internal teams, often faster and more effectively than firms can respond.
Yet many organisations continue to manage financial crime through fragmented operating models. Responsibility is spread across first-line operations, second-line oversight, fraud, cyber and technology, often with different priorities, data sets and measures of success. The risk is increased when there are gaps in cross-department communication and reporting.
That fragmentation creates areas of vulnerability. Risks identified in one area may lack context from another. Controls may fall short at the points where teams, systems or processes connect. Technology can add complexity if it is not aligned to operational risk priorities, while reporting often tracks activity rather than effectiveness.
The result is weaker outcomes. In that sense, fragmentation is not just an organisational issue – it is a financial crime risk in its own right.
Why financial crime cannot sit in silos
Without cross-departmental coordination and strong communication, the result is often disconnected risk views, inconsistent controls, duplicated effort and slower responses to emerging financial crime threats. Too many firms still treat financial crime as a set of separate compliance obligations rather than a connected operational challenge that runs across the business.
That model is becoming harder to defend as the threat grows. The National Economic Crime Centre, part of the National Crime Agency, says fraud made up 43% of all crime in the year ending December 2024, a reminder that financial crime is no longer a contained compliance issue, but a systemic risk.
Firms need a more integrated approach that connects governance, technology, operations and intelligence sharing through a coherent enterprise-wide risk model. The most resilient organisations will be those that can build joined-up visibility across the business, rather than managing financial crime through isolated functions.
Financial crime: now part of the Consumer Duty conversation
This shift is also being reinforced through the FCA’s broader regulatory agenda, particularly the FCA’s Consumer Duty. Historically, financial crime prevention was often viewed as a standalone compliance requirement focused on regulatory obligations, but today, it is increasingly tied to customer outcomes and public trust.
Under the Consumer Duty, firms are expected to identify and mitigate foreseeable harm, meaning failure to prevent scams, fraud or financial harm may be considered a failure to deliver fair customer outcomes. This is something that businesses can’t afford to overlook.
This changes how financial crime is assessed. Protecting consumers from financial crime is no longer simply about satisfying regulatory expectations after an incident occurs. It is about creating a proactive culture of protection that prioritises prevention, transparency and early intervention.
For firms, this means financial crime oversight cannot remain disconnected from customer experience, operational resilience or governance discussions. Now is a vital juncture for firms to bring fraud prevention, transaction monitoring, complaints and customer vulnerability into direct alignment and overarching scope.
As a result, financial crime is a board-level issue tied directly to trust, reputation and long-term competitiveness.
Proof, not promises
At the same time, the regulator is becoming less interested in policies on paper and more focused on demonstrable outcomes in practice.
Firms are expected to demonstrate that their controls are effective, monitored and deliver measurable results. That means moving beyond static frameworks toward operational models that can demonstrate prevention, rapid remediation, escalation pathways and continuous improvement.
The FCA’s recent emphasis on public-private sector collaboration reflects this outcome-driven mindset. Initiatives such as data-sharing partnerships with the National Crime Agency and the wider “data fusion” approach show how intelligence-sharing is becoming critical to improving detection and response capabilities across the sector.
However, meaningful collaboration externally is difficult to achieve if firms remain fragmented internally. Firms cannot contribute effectively to wider industry efforts if their own operational, compliance and technology teams work from disconnected data, inconsistent risk views or unclear ownership structures.
What effective oversight looks like
In practice, effective financial crime oversight is not about adding more standalone controls. It is about making sure the controls a firm already has operate as part of a coherent system. That starts with clear governance, defined accountability and a risk framework that connects exposure across products, channels, customer groups and operational functions.
Many firms already have the building blocks in place. The challenge is that they are often owned, assessed and evidenced separately. Customer due diligence (CDD), enhanced due diligence (EDD), anti-money laundering (AML) and know-your-customer (KYC) should not sit as isolated processes or regulatory checklists. They need to feed a broader enterprise-wide view of risk so firms can make better decisions, spot emerging issues earlier and respond with consistency.
That matters because financial crime rarely presents neatly within one team, one customer journey or one control set. Firms with the strongest compliance models are those that connect financial crime controls to how the business actually operates – through governance, oversight and monitoring. When those links are weak, controls can still appear robust while failing to deliver the visibility or responsiveness firms need in practice.
Technology also plays a central role. Monitoring, management information and analytics need to provide consistent visibility across the organisation, enabling firms to identify emerging threats, monitor effectiveness and evidence decision-making early and clearly. Increasingly, this requires firms to move away from siloed systems toward more connected and observable operating environments throughout the business.
A collective defence starts internally
In 2026 and beyond, financial crime is evolving too quickly for fragmented approaches to remain effective. Criminals already share tools, techniques and intelligence at speed, so the response from firms, regulators and industry bodies must become more coordinated.
External collaboration is rightly rising up the agenda, but it will only be effective if firms first address fragmentation inside their own organisations. The next phase of financial crime management will be defined less by individual controls or technologies, and more by how well firms operate as joined-up systems.
Collective defence starts internally. Financial crime is no longer just a function to manage, but a system-wide discipline that shapes resilience, trust and long-term competitiveness.
