Last December, amid ongoing conflicts in Ukraine and the Middle East—as well as potential turbulence stemming from the threat of higher U.S. tariffs and a deviation from U.S.-led free trade—the European Central Bank (ECB) made a timely announcement: In 2025, it would focus its supervisory work on geopolitical risks.
“Adverse geopolitical events are often not priced in by financial markets, which can lead to an abrupt repricing of risks if such events materialize,” said Claudia Buch, the ECB’s top supervisor.
Geopolitical events create economic risk at the macro and micro levels. Less well reported, however, are the ways in which increased financial crime risk goes hand in hand with geopolitical tensions. The underrepresentation of such risk was reflected in our survey findings: Only a third of respondents said their financial crime compliance program was very prepared to address geopolitical issues in the year ahead, even as geopolitical risk and political instability were among the factors deemed most responsible for the anticipated spike in financial crime.
Overall, how prepared is your financial compliance program to address geopolitical issues in the next 12 months?
To manage geopolitically driven financial crime, businesses need to step up their compliance capabilities and increase cooperation with regulators around the world. Here’s an overview of where companies currently stand and what they need to know moving forward.
Emerging Geopolitical Risks and Organizational Readiness
Unsurprisingly, cybercrime is the top geopolitical threat to organizations’ financial crime programs, selected by 59% of those who are less than “very confident” in their program’s ability to scan and access such threats. Examples are everywhere—from Iran-based ransomware attacks on U.S. organizations and Israeli banks to Russian-backed distributed denial-of-service attacks related to the war in Ukraine. Such incursions are only amplified by artificial intelligence tools that have made sophisticated attacks more accessible to cybercriminals .
Which of the following pose the greatest geopolitical challenges to your program over the next 12 months?
The risks here are far-reaching, as cyberattacks are specifically designed to disrupt and damage civilian infrastructure and the ways in which our societies function.
Economic and financial sanctions are also on executives’ minds, selected by 45% of those respondents as the greatest geopolitical challenge. Overall, fewer than 4 in 10 respondents are very confident in their program’s sanction screening capabilities, with only 35% from Western Europe expressing high confidence. The two biggest impediments in sanctions compliance: keeping up to date with changing regulations (49%, compared to 33% in 2023) and privacy protections (44%, up from 38% in 2023).
These blind spots could leave organizations vulnerable to financial crime. Where sanctions have been applied, organized crime groups and professional service providers will attempt to establish structures to move assets through the financial system and across borders—bypassing anti-financial-crime controls and processes as they do so.
What is your current level of confidence in your own program’s sanction screening capabilities?
The increasingly interconnected nature of the global economy also creates opportunities for financial crime. States with limited access to regulated pools of capital can take advantage of less transparent jurisdictions to channel that money illicitly—even as these regions are bolstering their defenses against financial crime. In fragile and conflict states, meanwhile, the illegal trade of precious metals and stones enables regime continuity and fuels ongoing conflicts.
Other instruments are facilitating financial crime as well: Nearly 8 in 10 (77%) respondents, for instance, say cryptocurrency-related financial crime poses a concern for their organization in 2025.
Despite these obstacles, our survey reveals that only 38% of respondents are very confident in their financial crime compliance program’s ability to scan and assess the geopolitical landscape for emerging threats. APAC (India, Japan, Australia) respondents are particularly concerned, with 17% saying they are not confident at all—perhaps due to uncertainties around the potential for an escalation of tensions between the U.S. and China and Taiwan’s role in the South China Sea.
What is your current confidence level in the ability of your financial crime compliance program’s ability to scan and assess the geopolitical landscape for emerging threats?
Automation, AI and other technology investments can help—and governments increasingly expect organizations to use these tools more effectively to prevent attacks. Nearly half of respondents say they are investing in AI solutions (49%) and other technologies (47%), as well as increasing their cybersecurity budgets (47%), to tackle the likely increase in financial crime.
In an Increasingly Fragmented Geopolitical Landscape, Cooperation Is Needed
Those hoping to prevent, detect and respond to financial crime today are in something of a quandary. On the one hand, illicit economic activity is ever more global and digital. On the other, fragmentation and a breakdown of established norms in international affairs—coupled with the increasingly nationalistic stance of many governments—inhibits the cooperation necessary to combat this activity, hampering regulators and businesses alike.
For instance, data from the intergovernmental Financial Action Task Force illustrates low levels of effectiveness of AML systems around the world. Only about half of countries recently surveyed by the International Monetary Fund (IMF)—particularly in emerging markets and developing economies—had a national, financial-sector-focused cybersecurity strategy or dedicated cybersecurity regulations.
With that said, cooperative global initiatives are still advancing, including the IMF’s AML/CFT (anti-money laundering/combating the financing of terrorism) Thematic Fund, which aims to strengthen countries’ frameworks for fighting money laundering and terrorism financing, and the EU’s recent agreement on a new regulation establishing a single AML and CFT rulebook.
Our survey reflects a mixed view on such efforts, however, with 62% saying cooperation between regulators and financial institutions will increase in 2025 and 30% saying there will be no change (30%) or that cooperation will decrease (9%). Only 52% of respondents from Western Europe believe it will increase, perhaps hinting at some skepticism toward recent initiatives.
Please indicate the extent to which you believe the following may change over the next 12 months. [“Increase” responses shown]
Best Practices
What can organizations do to improve their ability to detect and prevent geopolitically related financial crime? Here are three high-level best practices to get started:
- Access Diverse Sources of Intelligence and Information
To respond to geopolitical risks as they develop. Innovative approaches to monitoring policy direction in markets of interest and assessing civil society sentiment—in tandem with internally available information—better prepare firms as geopolitical events unfold. Effectively triaging risk triggers as they are identified allows organizations to stay on top of changing dynamics and remain flexible in navigating this complex terrain. - Implement Effective Supply Chain Management
Supply chains can expose organizations to geopolitical threats they may not otherwise encounter. Diversification is important to avoid the vulnerabilities that come with a concentration of suppliers in one geographic area. - Focus on Cyber Resilience
Organizations don’t have to be sitting ducks for bad actors. Strengthening cyber resilience can help. Conduct periodic assessments of the cybersecurity landscape, improve controls and processes, and encourage data reporting and sharing.
Uncertainties Abound
When it comes to the intersection of geopolitical risk and financial crime around the world, much remains unknown. How will the conflicts in Ukraine and the Middle East play out? What impact will a second Trump presidency have on current tensions? In which ways will the continued adoption of AI bolster organizations’ and cybercriminals’ capabilities? And how will regulators respond?
For now, executives have little choice but to embrace uncertainty. But that doesn’t mean they can’t lay the groundwork to develop stronger geopolitical and sanctions screening capabilities—plus heightened cyber resilience—in the year ahead.
