A recent article by RUSI, the defence and security think tank, argued forcefully that the global anti-financial crime system is broken. The authors pointed to deep flaws in detection, weak enforcement, and an overall failure to deter criminals. They even questioned whether financial crime compliance today is more about sustaining itself as a system than about preventing crime.
The FCA, by contrast, usually strikes a more balanced tone. In speeches like Steve Smart’s 'Showing Financial Crime the Red Card', the regulator has recognised serious gaps, but placed more emphasis on innovation, industry collaboration, and steady progress.
So which view is closer to reality?
In the conversation that follows, Matt Beattie, Partner and co-founder of BeyondFS, and Roger Tudor, a Director at BeyondFS, explore that tension. Without landing on one extreme or the other, they talk candidly about what’s really holding the industry back, and what banks and other financial institutions can do to make meaningful progress.
-1.png)
In the conversation that follows, Matt Beattie, Partner and co-founder of BeyondFS, and Roger Tudor, a Director at BeyondFS, explore that tension. Without landing on one extreme or the other, they talk candidly about what’s really holding the industry back, and what banks and other financial institutions can do to make meaningful progress.
Matt: Let’s start with the contrast. RUSI’s position is uncompromising: financial crime prevention, as it stands, isn’t working. The FCA’s view is more measured - they acknowledge failings but emphasise partnership and steady improvement. Both are valid perspectives. A think tank can afford to say, “tear it all up.” A regulator has to keep the system functioning while nudging it forward.
But if you ask me whether the “good guys” are winning, the honest answer is no. The uncomfortable reality is that we’re still stopping only a tiny fraction of criminal money – a single digit percentage at best - despite two decades of effort and billions spent.
The big question is why progress feels so slow. Looking at the banks and payment firms we work with, the problem often comes down to structure. Financial crime is still treated as a compliance problem, rather than as a critical system that should be designed and run with the same discipline as core infrastructure.
Firms throw in people and point tech solutions at it, and that creates activity and the appearance of progress. But because the foundations - data, operating model, control design - are shaky, results are poor. Strategies and initiatives that look convincing collapse once they meet the complexity of day-to-day operations.
Roger: That’s spot on, but I’d add incentives to the mix. When a programme costing tens of millions is compared to the likely size of fines, it’s easy for senior leaders to decide they can “manage” the risk rather than fix it. That isn’t cynicism - it’s how cost–benefit works inside big organisations.
And unlike, say, fraud, where banks face direct losses and customer reimbursement costs, the financial hit from money laundering is indirect. The harm is borne by wider society, not the bank’s balance sheet. That mismatch creates a subtle but powerful drag on urgency.
Matt: Another misconception is that industry-wide fixes are quick wins. Everyone says data sharing is essential - and I agree. But making it work in practice is another story. The Dutch TMNL project is often cited as a positive step, but even there, five domestic banks hit hurdles around taxonomy, counterparty data, legacy integration, and privacy rules.
If that’s the reality within one country, scaling the model internationally - with multiple regulators, legal frameworks and technical standards - is far harder. Big calls to “think the unthinkable” are useful, but the execution gap is where most initiatives die.
Roger: Which brings us to the FCA. Compared to many regulators, they are genuinely open to new ideas. Things like the sandbox, bilateral pilots, and intelligence-sharing schemes show they want firms to experiment safely. They can’t overhaul the system overnight - they need to keep it stable. But what they do is carve out safer ways for innovation to be tested.
This is where public-private partnerships come in. The FCA can create the space for innovation, but it still requires the private sector - banks and fintechs - to come to the table with new models and solutions. Collaboration is the only way to shift from incremental pilots to real change.
Matt: Still, the imbalance between cost and outcome is stark. The numbers speak for themselves. In the U.S., banks spend around $80 billion a year on financial crime compliance. In the UK, the figure is around £38 billion, up 30% since 2021 - meaning the UK is now spending more per head than the U.S. Put together, that’s well over £100 billion a year in these two jurisdictions alone.
And yet, what do we have to show for it? Very little, if we judge by the amount of criminal money actually seized or the number of successful prosecutions.
A big reason is that too much effort goes into proving compliance - producing evidence packs, remediation exercises, reports - rather than actually controlling financial crime. Necessary, perhaps, but divorced from the ultimate purpose. That’s why the system feels so inefficient.
Roger: That distinction between evidence and control is fundamental. If you start by treating financial crime reduction as a goal in its own right, rather than just a compliance exercise, your priorities change.
You can begin by mapping your business flows, understanding the data that underpins them, and designing an operating model that doesn’t rely so heavily on manual effort. Only then do tools like automation or AI really add value. Without that groundwork, technology is just a sticking plaster.
There’s also confusion over roles. Banks are asked to prevent, detect and report crime - and in practice, they often end up doing parts of the investigation too. But prosecution is the job of law enforcement. The weaknesses show up most clearly in the SAR regime: vast volumes, mixed quality, limited investigative capacity, and little feedback to help banks improve or focus on what really matters. Without stronger links and better resourcing between banks, supervisors and law enforcement, the system will continue to leak.
Matt: So what can banks actually do?
From what we’ve seen, the institutions that make progress take three disciplined steps.
First, they accept this is a multi-year journey. There are no quick fixes. Second, they sequence change so they deliver early wins - reducing pressure and building confidence - while keeping the long-term target design in mind. Third, they close the execution gap: less effort on box-ticking, more focus on changes that actually work day to day.
In practice, that means starting with a diagnostic you can trust: your business model, risks, data flows, existing controls. Use that to decide where you need to strengthen or rebuild. Automate where you can - onboarding checks, screening, case workflows - and improve the quality of data at source so staff spend time investigating, not cleaning up. Then, and only then, does technology become a multiplier rather than a distraction.
Roger: Leadership is also key. Leaders need to commit to a clear design and stick with it. That means resisting “shiny pilots” that can never scale, and the idea that a single technology will solve everything. Experiment, yes - but tie every pilot to a slot in your future architecture.
And we do need more collaboration in areas where there’s no competitive edge - data standards, typologies, shared signals. Where this has been done well in other jurisdictions, industry groups have made an impact - for example, the Dutch TMNL initiative, the global Wolfsberg Group of banks, or Sweden’s SAMLIT.
On the regulatory side, I’d argue supervisors should expect firms to be able to present a joined-up picture of their financial crime framework. Not just documents, but an actual map showing how controls fit together, where escalation happens, and how data supports decisions. Even if regulators don’t demand it yet, firms should set that bar internally.
Matt: To me, the big message is that high-performing programmes are built, not wished into existence. That means diagnosing what’s broken, fixing it, and staying with it until the programme can run on its own. It’s about building a function that can operate day to day, adapt when needed, and withstand scrutiny.
Roger: And that’s where, for me, the RUSI vs FCA lens lands. RUSI’s provocation is valuable – it jolts us out of complacency. The FCA’s pragmatism is valuable too – it keeps the system running while reform happens. For leaders in financial institutions, the task is to acknowledge the scale of the problem without losing confidence. After that comes the practical engineering work of turning ideas into results as part of a future-state initiative, working hand-in-hand with compliance and client-facing teams.
Matt: So here’s the takeaway for financial crime leaders in the UK and Europe: accept we’re not yet winning. Treat financial crime prevention as infrastructure, not an afterthought. Design your future state with strong data and controls. Deliver early wins to build momentum. Close the execution gap with delivery that works in practice. Collaborate where you can. And set higher expectations - inside your organisation and with regulators - for what genuine control looks like.
That’s how you shift from pouring money into compliance to making a real difference. And that’s how you build a programme that lasts.
Want to close the execution gap at your organisation? Talk to us about building a financial crime programme that actually delivers.
-1.png)