New research reveals that UK regulated firms are losing ground in the battle against AI-powered fraud - not because they lack awareness, but because they're still fighting it by hand. Nine in ten firms (91%) acknowledge emerging technologies as a high risk to their compliance programmes, with a third (33%) naming AI-driven decision-making tools as their single biggest technological threat.
The consequences of getting it wrong are stark: 87% would walk away from a business relationship following a confirmed instance of money laundering, fraud or a non-compliance breach. Yet, for over half of firms (54%), the first line of defence against this is a manual identity check.
SmartSearch’s 2026 Compliance Report, based on a Censuswide survey of 1,000 senior decision-makers across UK finance, property, legal and accounting firms, finds that the tools available to financial criminals are evolving faster than the processes designed to stop them.
Synthetic identity fraud involves criminals combining real and fabricated personal data to construct entirely fictitious individuals that pass standard verification checks. Unlike traditional identity theft, there is no single victim to raise the alarm. AI has made this significantly more scalable, enabling fraudsters to generate thousands of convincing false identities, probe verification systems for weaknesses, and automate the process of embedding those identities into legitimate business relationships.
A one-sided arms race
Fewer than half of regulated firms (40%) use or plan to use AI for enhanced transaction monitoring, the technology that spots unusual patterns of activity and flags potential fraud before it escalates, or for keeping a live picture of how much risk each client represents. Only 43% are applying AI to Know Your Customer and Customer Due Diligence checks.
Most striking of all, just 30% use or plan to use AI to resolve the alerts generated when a customer matches a list of politically exposed persons or sanctioned individuals, screening that identifies whether a client holds public office, has links to a high-risk regime, or is subject to international sanctions. These are among the highest-stakes checks a regulated firm carries out, and the volume of alerts they generate has grown sharply as AI systems become more sensitive. For most UK compliance teams, AI it is moving faster than they are.
Over half of identity verification checks (54%) are still carried out manually - meaning that for the majority of UK regulated firms, the first line of defence against AI-generated fraud is a human being. Despite this, 87% of firms acknowledge that up to half of their manual, repetitive compliance tasks could already be automated by existing technologies. Of these, finance and property firms are most reliant on manual checks at 55%, with legal (54%) and accountancy (52%) close behind.
Phil Cotter, CEO at SmartSearch, said: "Trying to catch AI-generated fraud with a manual checklist is like sending a fax to stop a cyberattack. The criminals targeting UK firms are deploying AI to build synthetic identities and exploit gaps at a speed and scale that human review simply cannot match. The threat has moved on. For too many firms, the tools haven't and that presents a corporate risk that is growing and evolving by the day.”
The regulatory net is tightening
The pressure on firms to act is not only operational. Pending Royal Asset, the Financial Conduct Authority will become the single AML supervisor for the professional services by 2027, bringing accountancy and legal firms under the same regulatory scrutiny as financial services for the first time. Later this year, amendments to Money Laundering Regulations are expected to introduce stricter requirements around beneficial ownership - making it harder for criminals to hide behind complex corporate structures by requiring firms to identify and verify the individuals who ultimately own or control the entities they do business with. ECCTA Phase IV enforcement continues to tighten the rules around overseas entities operating in the UK, closing the loopholes that have historically allowed foreign ownership to obscure the true source of funds.
The stakes escalate further next year. The Failure to Prevent Fraud offence comes into force, introducing corporate criminal liability for organisations that cannot demonstrate they have reasonable fraud prevention procedures in place. Where fraud is committed by an employee or agent for the organisation's benefit, the organisation itself faces criminal prosecution and senior individuals risk personal liability. For firms that have not yet modernised their verification capabilities, it is no longer a compliance burden - it will be an enforced legal obligation.
Cotter added, "Directors will soon face personal criminal liability for fraud that filters through compliance cracks. At that point, 'we had a process' is not enough. Firms need to prove it worked. Automated, electronic verification can conduct individual checks in seconds and business checks in minutes, cross-referencing data at a scale and speed no manual process can match. That is the only way to demonstrate, with confidence, that reasonable steps were taken to prevent fraud from getting through."
About SmartSearch’s 2026 Compliance Report:
The 2026 Compliance Report examines how regulated firms across financial services, property, legal and accounting are responding to a period of significant change in AML compliance and identity verification. Drawing on research based on the insights of 1,000 UK-based decision-makers, the report assesses firms' understanding of the current regulatory environment, their preparedness for upcoming change, existing compliance processes, financial crime risks, and the role of technology and automation. It identifies which sectors are most exposed to regulatory risk, where investment is falling short, and what the consequences of inaction look like as regulatory pressure intensifies.
Download the full report, including further data and research insights outlined in the press release, here.
