The FCA’s recent information request on Terrorist Financing (TF) and Proliferation Financing (PF) marks a significant shift in its financial crime strategy, one that demands more than routine AML compliance. 

TF/PF risks are not just AML by another name. The request signals a shift in expectations: firms must treat TF and PF as distinct risk categories, not simply as extensions of their AML frameworks. This means developing targeted assessments, controls, and governance structures that reflect the unique nature of these threats. 

fscom’s 2025 Fincrime Compliance Report found that nearly one in five firms failed to include a PF risk assessment, despite this being a legal requirement since 2022. While their controls may be sound, the absence of documented analysis makes it difficult to evidence effectiveness. And that’s precisely what the FCA is now asking firms to do. 

Understanding the FCA’s intent

The structure of the FCA’s three-phase assessment, starting with a 10-question survey and potentially escalating to interviews and system walkthroughs, suggests a clear objective: to segment firms based on risk exposure and control maturity. 

This segmentation will likely inform: 

  • future thematic reviews; 
  • targeted supervisory interventions; and 
  • benchmarking across the sector. 

The regulator is not just collecting data. It’s building a picture of how well firms understand and manage TF/PF risks and how seriously they take their obligations under the money laundering regulations. 

Global and national context: why the FCA’s focus is timely and targeted

The FCA’s recent information request aligns with growing international and domestic concern about the evolving nature of terrorist financing (TF) and proliferation financing (PF) risks. 

The FATF’s 2025 TF report highlights: 

  • structural deficiencies in 69% of jurisdictions’ ability to detect and prosecute TF cases; and 
  • a call for firms to assess PF risks beyond sanctions screening, including tactics like network evasion, front companies, and dual-use goods. 


This global pressure is reflected in the FCA’s push for UK firms to demonstrate risk-based, intelligence-led approaches to TF/PF. Crucially, this means firms must go beyond simply bundling TF and PF into their existing AML frameworks. Instead, they must identify and assess these risks as distinct categories, with tailored controls and oversight. TF/PF risks are not just AML by another name 

The UK’s 2025 NRA adds critical nuance to this picture, identifying real-world TF threats that firms must consider in their risk assessments. 

  • Legitimate income sources (e.g. salaries, loans, benefits) are increasingly used to fund terrorism, often via cryptoassets, prepaid cards, and MSBs. 
  • Low-value, high-risk transfers, such as crowdfunding donations or small crypto payments, are harder to detect but still pose significant threats. 
  • Serious organised crime – terrorism links are increasingly blurred, especially in Northern Ireland and among diaspora-linked groups like the Kurdistan Workers’ Party, where fundraising overlaps with organised crime, illegal migration, and drug trafficking. 

The FCA is clearly responding to these global concerns, pushing UK firms to demonstrate risk-based, intelligence-led approaches to TF/PF. 

Why your response matters

Your Phase 1 submission is more than a compliance exercise. It’s a signal to the regulator about: 

  • your awareness of TF/PF risks; 
  • the maturity of your control environment; and 
  • your firm’s readiness for deeper scrutiny. 

Incomplete or misaligned responses could result in escalation to Phase 2 or 3, or even trigger broader supervisory attention. 

Practical readiness: what good looks like

  • Risk assessment: Ensure TF and PF risks are clearly and specifically addressed in your business-wide risk assessment, based on actual exposure (products, geographies, customer types), not just control mechanisms. 
  • Governance and oversight: Show how senior management and the board are kept informed and actively engaged in reviewing and challenging TF/PF risks and controls. 
  • Policies and procedures: Update AML/CTF policies to explicitly cover TF and PF, with practical examples of how these risks are identified and mitigated. 
  • Customer due diligence: Tailor CDD and EDD processes to detect TF/PF risks, including relevant red flags and escalation protocols. 
  • Ongoing monitoring: Demonstrate how monitoring systems are calibrated to detect TF/PF typologies, supported by examples of alerts and investigations. 
  • Assurance and testing: Provide evidence of independent testing, such as internal audits or external reviews, that validate the effectiveness of TF/PF controls. 
  • Benchmarking: use fscom’s 2025 Fincrime Compliance Report to review how you are performing in comparison to your peers in industry and how you can proactively address gaps in PF and sanctions controls. 

Final thoughts

The FCA’s request is not just about compliance, it’s about proving effectiveness. Firms that respond thoughtfully and thoroughly will not only reduce the risk of escalation but also demonstrate leadership in financial crime risk management. 

If your firm has received the questionnaire, now is the time to act. For others, this is a valuable opportunity to proactively review and strengthen your TF/PF framework, before regulatory attention intensifies. Please reach out if you would like to discuss further. 

 This post contains a general summary of advice and is not a complete or definitive statement of the law. Specific advice should be obtained where appropriate.