Embedded finance has evolved from an early fintech innovation into a mainstream commercial strategy reshaping how consumers and businesses access financial services. Whether it is buy-now-pay-later at checkout, insurance embedded into e‑commerce, or small and medium enterprises (SMEs) accessing credit through their accounting software, financial services increasingly appear at the point of need. This has improved customer experience, opened new revenue streams for brands, and contributed to economic growth. Yet behind the opportunity sits a complex set of financial crime risks that firms can no longer afford to underestimate.

The Opportunity

Research shows that embedded finance is expected to more than double in size by 2029, with almost half of large UK corporates viewing it as a strategic growth driver^[1]. Consumer expectations for instant payments, simplified credit and integrated insurance have set a new baseline for digital experiences.

The Euro Banking Association^[2] describes the growth potential as ‘immense’, recognising that significant market volume is shifting away from traditional distribution channels towards embedded models. This shift has meaningful implications for the wider economy. It is particularly important for SMEs, many of whom struggle to obtain affordable working capital^[3]. Embedded finance partnerships are helping to bridge this gap enabling faster access to funds and supporting small-business resilience. Consumers also benefit through smoother journeys, competitive pricing and friction-free access to financial services integrated into daily life, from retail and travel to mobility and healthcare.

But as embedded finance accelerates economic participation and consumer access, the regulatory and financial crime environment around it is becoming more complex.

The Intermediation Layer

Embedded finance operates through a multi‑layered value chain:

The customer belongs and interacts with the brand, often unaware of the regulated entity at the end of the chain.

The brand (retailer, marketplace, app) is responsible for the customer relationship, experience, journey, user interface, data capture and other touchpoints. Think of it as the first line of defence, the only difference is that it is often unregulated for financial services and money laundering obligations which can be a vulnerability.

The embedded finance platform is the technology enabler, it provides the technology, APIs, orchestration and onboarding flows. It may or may not be regulated.  

The regulated financial institution (FI) (Bank or electronic money institution (EMI)) provides the underlying financial product and carries full regulatory and anti-money laundering (AML) accountability.   

This structure means the customer belongs to the brand, but the risk belongs to the Bank.

Financial institutions (FI) are one or two steps removed from the underlying customer, onboarding and often blind to the full customer context.  They must rely on brands and platforms to perform key controls to mitigate risk. This introduces a form of “intermediated accountability” similar to correspondent banking, but with an added challenge: unlike respondent banks, brands in embedded finance are often outside the regulatory perimeter and do not necessarily have longstanding relationships with their customers.

Some describe this model as ‘renting a bank licence’. Regulators, whilst under pressure to promote the growth agenda, must consider what the consequences would be if one link in the chain fails, remembering that one FI can have multiple brands embedding its product.

Why Embedded Finance Heightens Financial Crime Risk

The 2025 National Risk Assessment (NRA) identifies fintech driven models, EMIs, and AI‑enabled onboarding as emerging high‑risk channels because innovation is outpacing supervision and governance frameworks needed to ensure safe growth. From a regulatory perspective, embedded finance amplifies risks and control gaps across several dimensions:

Speed Driven Customer Journeys	Rapid onboarding, embedded checkout and instant credit decisions increase the likelihood that identity anomalies or fraud indicators are missed. Criminals exploit real time approval pressure.
Fragmented & Distributed Data	Customer data passes through multiple layers: captured by the brand, processed by the platform and relied upon by the FI. Each handoff creates vulnerability if information is incomplete or inconsistent. This also creates challenges with evidencing end-to-end audit trails within timeframes acceptable to regulators.
Misaligned Incentives	Brands optimise for conversion, platforms optimise for speed and scalability whilst FIs bear the regulatory exposure. Criminals seek out misaligned pressure points and varying standards in information security and data privacy standards.
Outsourcing Chains	Where customer due diligence (CDD) or onboarding checks are outsourced or even sub‑outsourced, ownership is often unclear, oversight becomes difficult and critical controls can fall through gaps.
EMI & Virtual Account Structures	The NRA highlights the use of virtual IBANs and EMI‑issued accounts as known vulnerabilities due to weaker UBO verification. When these sit within embedded finance arrangements, they can facilitate layering and obfuscation of illicit funds.

Strengthening Resilience

Despite these risks, embedded finance offers FIs a unique advantage: the ability to develop a single view of a customer across all brands on a platform, enabling better detection of unusual patterns spanning multiple journeys.

To preserve the benefits of embedded finance and meet regulatory expectations, the industry must adopt a network‑defence mindset, recognising that AML risk is shared, but accountability is not.

For Regulated Financial Institutions

• Treat embedded finance oversight as equivalent to correspondent banking relationships due to the reliance placed on the (unregulated) brand.
• Conduct rigorous assessments of the brand and platform’s controls before onboarding and continuously thereafter for any lapses in standards or changes required as the regulatory requirements change.
• Monitor any sub‑outsourcing chains including CDD providers and onboarding vendors.

For Brands

• Understand the customer journey is a critical part of the regulated FI’s AML framework, not just a conversion pipeline.
• Align design choices to avoid inadvertently enabling criminal exploitation (e.g., step‑skipping, weak verification prompts).
• Invest in AML awareness training, even where the brand is unregulated.

For Embedded Finance Platforms

• Build control aligned architecture, including strong identity verification, secure data routing, and auditable onboarding logic.
• Provide FIs with better transparency into customer journeys and risk signals.
• Ensure consistent standards across all brands integrated through the platform.

Growth and Risk Managed in Parallel

Embedded finance is a powerful engine for economic growth, competition, and consumer benefit.

However, the model also introduces distributed operational structures, intermediated relationships, and complex accountability chains that criminals are already exploiting.

For embedded finance to deliver on its enormous potential, regulated FIs offering this product, must recognise that they are effectively becoming mini‑regulators within these ecosystems. Only by strengthening oversight, enhancing cooperation, and aligning incentives across the chain can the industry maintain trust while continuing to innovate.

How HKA can Help

HKA helps brands, embedded finance platforms and regulated FIs to collectively meet UK regulatory financial crime obligations and individually ensure they are meeting their contractual obligations.

• For FIs: we carry out independent assurance and build robust oversight programmes.
• For brands: we provide targeted coaching, training, assurance and framework development including for those that are less familiar with the regulatory and FI framework and expectations.
• For embedded finance platforms:  we assess and/or remediate the control framework to ensure the data received by the FI meets the right standards.

---

[1] ClearBank | The embedded economy

[2] navigating-the-path-to-embedded-finance-eba-2024-1.pdf

[3] SME Finance Survey

---

About the authors

Priya Giuliani is a specialist in financial crime investigations & compliance with nearly 30 years’ experience, including a decade as a Partner. She specialises in helping clients on a proactive basis to assess and manage the risk of financial crime including assessing governance, oversight, conduct, and training Senior Managers and Boards. Her investigative experience provides insight in to how various financial crime types (e.g. money laundering, terrorist and proliferation financing, sanctions and tax evasion, bribery, corruption and fraud) can occur, including through the use of professional enablers, and the controls required to manage these risks effectively. Priya has been appointed on many Skilled Person engagements. Widely regarded as a well-qualified and highly experienced expert in financial crime risk management and investigations. She understands risk well and works with clients to assess and develop proportionate and effective control frameworks.

---

Noémi Klein has over ten years’ experience in financial crime investigations and compliance. She advises organisations on anti‑money laundering, fraud prevention, and anti‑bribery and corruption, supporting senior leadership, boards, counsel, and regulators.

She has particular expertise in sanctions advisory, high‑risk client portfolio management, trade finance and supply chain risk, and regulatory‑driven remediation programmes, including work under the FCA’s Skilled Person framework. Noémi has held both consulting and senior in‑house roles at global banks across Europe, the Middle East, Asia, and Africa.