Remember, Remember the 5th of November
Remember, remember, the 5th of November, Gunpowder, treason and plot; I see no reason why gunpowder treason should ever be forgot
In the world of AML, risk rarely wears a disguise you recognise at first glance. It arrives wearing a warm introduction, a familiar name, and the quiet confidence of someone who already belongs. It moves through networks of trust. It relies on the professional instinct to assume rather than to ask. And it depends, above all, on the compliance failure that is so easy to make and so expensive to defend: the failure of professional scepticism.
The Gunpowder Plot of 1605 is not simply a fireworks story. It is a masterclass in how trusted networks, social proximity and comfortable familiarity can shield the most serious of intentions, and what it takes for one act of disclosure to bring it all undone. Four hundred and twenty years later, the patterns are identical. The names have changed. The instruments have changed. The law has been written to address them. But the human dynamics, the warm introduction, the legitimate-looking front, the network that self-reinforces against scrutiny, are as recognisable today as they were in the vaults beneath the House of Lords.
The Money Laundering Regulations 2017 (MLR 2017) as amended, the LSAG Anti-Money Laundering Guidance for the Legal Sector 2025 (LSAG 2025, approved by HM Treasury and in force from 23 April 2025), and the Proceeds of Crime Act 2002 (POCA 2002) exist precisely because these patterns are timeless. Every law firm has its cast of characters. Here is yours, as seen through the candlelight of November 1605, and measured against the standards of the compliance framework your firm must meet today.
Robert Catesby — The Charismatic Introducer
Red Flag:
Third-party introduction accepted without independent verification · Familiarity substituted for due diligence · Social standing treated as a risk exemption
Robert Catesby was not a stranger. He was educated, well-connected, landed, and personally trusted by everyone he brought into the conspiracy. He was the son of Sir William Catesby, whose family had suffered under the Elizabethan religious settlement.
He had the standing, the network, and the manner of a man whose word was his bond. He did not recruit through threat or inducement, he recruited through relationship. His name opened doors. His presence put people at ease. No one thought to ask too many questions because Catesby's presence was itself the answer.
History gave Guy Fawkes the notoriety, but it was Catesby who assembled the network, made the introductions, kept thirteen conspirators moving quietly in the same direction, and managed the extraordinary administrative challenge of concealing 36 barrels of gunpowder in the capital without arousing suspicion.
He was the ringleader. He was also the person who made every subsequent red flag look entirely unremarkable. He was charming. He was trusted. He was the risk no one assessed.
A Warm Referral Is Not a Risk Assessment
Under Regulation 27 of the MLR 2017, firms must apply Customer Due Diligence at the outset of every business relationship and before undertaking occasional transactions. That obligation applies regardless of how the client arrives, including through a trusted referral from a long-standing introducer, a professional colleague, or a family friend. Familiarity is not a compliance control. The length of the relationship between the introducer and the partner is not a risk exemption. The social standing of the person making the introduction is not a substitute for independent CDD.
The LSAG 2025 guidance addresses this directly. Chapter 4 is explicit that where a third party introduces a client, the firm must still apply its own CDD to the client's identity, beneficial ownership, and the nature and purpose of the retainer. The only permissible reliance on a third party's CDD is under the specific and documented reliance arrangement set out in Regulation 39 of the MLR 2017,which requires the third party to be a regulated person, to have agreed to make their CDD documentation available on request, and to be identified in the firm's own records. A casual assurance that "I've known them for years" does not constitute a Regulation 39 reliance arrangement.
The section of LSAG 2025 that most MLROs underestimate in this context is Chapter 5, specifically sections 5.9 to 5.12 on client and matter risk assessments. The client risk assessment is not a one-time onboarding form. Where a new matter arises from an existing client,however long-standing that client, a matter risk assessment must be conducted. The same client may carry a very different risk profile on a different type of instruction. Catesby's prior relationships with the landlord of his various properties, his legal representatives, and his financial connections were unremarkable. It was the specific matter, the cellar, the funding, the access, that was not.
The April 2025 guidance update strengthened the guidance on third-party source of funds contributions at section 6.17.2.1. Where a third party contributes to funds for a transaction, the firm must seek to understand and obtain evidence of the third party's underlying source of funds, not merely where the money arrived from. A warm introduction combined with unexplained third-party funding is now an explicitly identified risk combination.
Regulation 27 MLR 2017 · Regulation 39 MLR 2017 · LSAG 2025 Chapters 4 and 5 · LSAG 2025 sections 5.9–5.12
Guy Fawkes — "John Johnson"
Red Flag:
False identity presented · Nominee arrangement in place · Presence and role unexplained · Instructions inconsistent with stated profile
Guy Fawkes arrived in London as "John Johnson," presenting himself as a servant employed by Thomas Percy.
His real name, his real background, and his real purpose were entirely concealed. He had been recruited precisely because he was unknown in London, his anonymity was a professional asset. His years of military experience in the Spanish Netherlands had given him the skills to manage the logistics of the operation. But his real value was that no one could place him. He had no London history. He had no traceable connections. He was, to the naked eye, an entirely unremarkable servant.
He was put in charge of the cellar beneath the House of Lords. He was found there on the night of 4 November 1605, surrounded by 36 barrels of gunpowder concealed beneath coal and firewood. Even then, even in the cellar, with the evidence around him, he maintained his alias.
It was only under prolonged interrogation, and eventually torture, that his real identity emerged.
Beneficial Ownership: Who Are You, Really?
Beneficial ownership obligations exist to answer the question that Guy Fawkes was never asked: who are you, really? Under Regulation 28(3) and (4) of the MLR 2017, firms must identify and verify the identity of the client and, where the client is a legal person, trust or other entity, the beneficial owner, the natural person who ultimately owns or controls the entity, or on whose behalf a transaction is conducted. The verification must be based on documents or information from a reliable, independent source.
The April 2025 LSAG guidance update made a material change to this area at section 6.14.10. The updated guidance makes clear that "reasonable measures" to understand ownership and control is a wider concept than simply identifying beneficial owners. It requires the firm to understand the overall ownership and control structure of the entity, including identifying individuals with control and directing power, not merely ownership percentages. A beneficial owner form that records a name and a percentage shareholding without documenting how the entity is directed and controlled does not meet the current standard.
Where the person giving instructions does not appear to be acting on their own behalf, where there is a "John Johnson" in the transaction, the firm must look further. LSAG 2025 specifically identifies corporate structures that are unusual or excessively complex given the nature of the business as a specific risk factor requiring Enhanced Due Diligence under Regulation 33. Nominee arrangements, layered structures, and instructions given through intermediaries who cannot explain their role are not modern inventions. They are as old as the vaults beneath Parliament. The law has been written to address them.
Failure to identify the true beneficial owner and proceeding with a transaction despite having reasonable grounds to know or suspect that the arrangement involves criminal property risks criminal liability under Section 328 of POCA 2002, the offence of becoming concerned in an arrangement which the firm knows or suspects facilitates the acquisition, retention, use or control of criminal property by another person.
The April 2025 guidance changed the beneficial owner threshold from "25% or more" to "more than 25%" in both sections 4.2.2 and 6.16.2. This is a precision change with a specific practical consequence, an ownership share of exactly 25% no longer automatically triggers beneficial owner status. Firms must update their FWRA, PCPs and CDD forms accordingly. The old wording in any documentation is a documentary gap an auditor will identify.
Regulation 28(3)–(4) MLR 2017 · LSAG 2025 section 6.14.10 · Section 328 POCA 2002 · LSAG 2025 section 4.2.2 (beneficial owner threshold: "more than 25%")
Thomas Percy — The Legitimate Front
Red Flag:
Political connection present and unexplored · Property transaction providing unusual access · Prestige used as a substitute for scrutiny
Thomas Percy was a gentleman of genuine standing. He had been appointed to the Band of Gentlemen Pensioners, the personal bodyguard of King James I. His position gave him legitimate and unremarkable access to the Palace of Westminster. He used that standing to rent the cellar beneath the House of Lords, apparently without suspicion and in his own name. No questions were raised. No suspicious activity noted. Just a man of status making what appeared to be an entirely unremarkable property arrangement.
His legitimacy was his camouflage. His political connection was not a risk that anyone considered. Prestige was the opposite of a red flag, it was a comfort. The assumption that proximity to power meant trustworthiness was the assumption that the plotters relied upon, entirely correctly, for the better part of a year. The cellars were accessed. The gunpowder was moved in. The State Opening of Parliament approached.
Proximity to Power Is a Risk Factor - Not a Comfort
Under Regulation 33(1) of the MLR 2017, Enhanced Due Diligence is mandatory where a client is a Politically Exposed Person (PEP), or a family member or known close associate of a PEP. A PEP is defined as an individual who is, or who has been, entrusted with a prominent public function, including members of parliament, members of governing bodies of political parties, government ministers, senior judicial officers, senior military officers, senior executives of state-owned enterprises, and members of the boards of central banks, among others. The definition extends to their family members and known close associates.
The LSAG 2025 guidance updated its PEP sections (6.19.3.1–6.19.3.4) to reflect the FCA's revised guidance on domestic PEPs. The key change is a greater emphasis on proportionality for domestic PEPs, the level of EDD applied should reflect the actual risk presented by the specific client and matter. But proportionality does not mean inaction. The assessment must still be made, it must still be documented, and where risk is present it must still be addressed through the enhanced measures set out in Regulation 33.
The most common PEP failure in small law firms is not the application of excessive EDD to a clearly lower-risk domestic politician. It is the failure to screen for PEP status at all. The presence of a political connection, past or present, must be identified, considered and documented. Percy's political standing was not a reason to be comfortable. It was a reason to look harder. The question is never whether someone has legitimate connections. The question is whether those connections are being used as a shield.
LSAG 2025 section 6.14.10 is also relevant here, the requirement to understand control and directing power, not merely ownership percentages, applies equally to arrangements where a PEP appears to be acting through an intermediary or using a nominee structure to access a transaction.
Regulation 33(1) MLR 2017 · LSAG 2025 sections 6.19.3.1–6.19.3.4 · FCA Guidance on PEPs (2023, updated) · LSAG 2025 section 6.14.10
The Thirteen Conspirators — The Trusted Network
Red Flag:
Long-standing relationships substituted for ongoing monitoring · Source of funds undocumented · Risk assessment never updated as instructions evolved
Almost all thirteen conspirators were connected through overlapping networks of family, faith, and long personal friendship. Robert Wintour, Thomas Wintour and John Grant were related by marriage to Catesby. Francis Tresham was his cousin. Ambrose Rookwood and Everard Digby were younger men brought in through personal admiration for the ringleader. The group grew quietly, without formal records, without independent scrutiny, through the most persistent weakness in professional services: the comfortable assumption that people we know and like are who they say they are.
No one scrutinised the source of the funds that financed the operation, money drawn from the personal resources of several conspirators and pooled without documentation. No one challenged the warm assurance that the arrangement was legitimate. The longer the relationships ran, the deeper the assumptions embedded themselves. And the deeper the assumptions, the wider the blind spots became. The network was self-sealing. Familiarity had become the compliance framework.
The Red Flags the Plotters Relied Upon You Missing
The LSAG 2025 guidance and the MLR 2017 set out a risk-based approach to identifying suspicious activity. These are the warning signs that financial crime — then and now — depends upon going unnoticed.
Source of Funds Unexplained or Vague
Funds described in general terms, "family money," "business proceeds," "savings," without supporting evidence of how those funds arose. Under LSAG 2025 section 6.17.2.1, source of funds must be evidenced, not assumed. A client's description of their own source of funds is not evidence of it.
LSAG 2025 section 6.17.2.1 · Regulation 33 MLR 2017
Third-Party Introduction — No Independent Verification
A matter arrives through a trusted referral and CDD is softened as a result. Regulation 27 MLR 2017 requires CDD regardless of the source of the introduction. Regulation 39 sets out the only conditions under which reliance on another firm's CDD is permissible, and they are specific and documented requirements, not a casual arrangement.
Regulation 27 MLR 2017 · Regulation 39 MLR 2017
Instructions Inconsistent With Known Client Profile
A long-standing client begins instructing on matters materially different from the original retainer, without an updated risk assessment. A client known for residential conveyancing instructions now presenting a complex corporate structure. The same client; a very different matter. Regulation 28(11) requires ongoing monitoring, and client risk assessments must be updated when instructions change.
Regulation 28(11) MLR 2017 · LSAG 2025 sections 5.9–5.12
Nominee or Layered Structure - No Commercial Rationale
The person giving instructions does not appear to be acting on their own behalf. Corporate structures that are unusual or excessively complex given the nature of the business are a specific risk factor under LSAG 2025 section 6.14.10 and may require Enhanced Due Diligence. The absence of an obvious commercial rationale for the structure is itself a finding.
LSAG 2025 section 6.14.10 · Regulation 33 MLR 2017 · Section 328 POCA 2002
Pressure to Proceed Quickly
Urgency used to compress or bypass normal due diligence steps. Haste is one of the most consistent behavioural red flags in financial crime. In 1605, the plotters worked to Parliament's timetable. In a modern property transaction, it is the completion deadline. Neither constitutes a basis for inadequate CDD.
LSAG 2025 Chapter 5 · Regulation 28 MLR 2017
PEP Connection Unacknowledged or Unscreened
A client's connection to public office, public function or political standing is not disclosed, not screened for, or not explored once identified. Under Regulation 33(1) MLR 2017, EDD is mandatory where a PEP connection is present. Under LSAG 2025, domestic PEPs require a proportionate but documented assessment — not an assumption that domestic status means low risk.
Regulation 33(1) MLR 2017 · LSAG 2025 sections 6.19.3.1–6.19.3.4
Third-Party Funds Without Underlying Enquiry
A gift or contribution from a third party is noted on the file but not investigated. The updated LSAG 2025 section 6.17.2.1 requires the firm to seek evidence of the third party's underlying source of funds in the same way as it would for the client. Noting a gift contribution is not the same as understanding where the money came from.
LSAG 2025 section 6.17.2.1 · Regulation 33(6)(b)(iv) MLR 2017
High-Risk Third Country Connection - No Updated Review
A client or transaction has a connection to a country on either FATF list — Jurisdictions under Increased Monitoring (grey list) or High-Risk Jurisdictions subject to a Call for Action (black list). The FATF lists change three times a year. Under LSAG 2025 section 5.6.2.1, firms must diarise FATF plenary dates and review affected client files following each change. A firm that reviewed its HRTC clients once and never revisited has not discharged this obligation.
LSAG 2025 section 5.6.2.1 · Regulation 33 MLR 2017 · FATF plenary calendar (Feb, June, Oct)
Unusual Transaction Structure
A transaction that is structured in a way that has no clear commercial rationale. Multiple steps where one would do. Entities interposed between the client and the asset without explanation. A transaction that achieves an outcome the client could reach more simply, but does not. In 1605 the plotters rented a cellar through a chain of introductions and intermediaries rather than through any direct arrangement. The structure was the concealment. LSAG 2025 section 6.14.10 specifically identifies corporate structures that are unusual or excessively complex given the nature of the company's business as a risk factor requiring Enhanced Due Diligence. The question is always: why is this structured this way, and does the answer make commercial sense?
LSAG 2025 section 6.14.10 · Regulation 33(6)(a)(vi) MLR 2017 · Section 328 POCA 2002
Reluctance to Provide Information
A client who resists, delays, or provides incomplete responses to reasonable CDD inquiries. Reluctance can take many forms: questions deflected rather than answered, documents promised but never provided, explanations that satisfy on the surface but leave the underlying question unanswered. Guy Fawkes maintained his alias through the search of the cellar and into custody. The plotters relied on the assumption that no one would press beyond the first satisfactory-sounding answer. Under LSAG 2025 section 6.9, where a firm cannot complete CDD, it must not proceed with the transaction and must consider whether to submit a SAR. Reluctance to provide information is not an inconvenience to manage around. It is a compliance event that must be documented and assessed.
LSAG 2025 section 6.9 · Regulation 28 MLR 2017 · Section 330 POCA 2002
Over-Complex Payment Routes
Funds arriving through a chain of transfers that adds no apparent commercial value but does add opacity. Multiple intermediate accounts, multiple currencies, transfers through jurisdictions with no obvious connection to the client or the transaction. The plotters' funds moved through personal networks with no documentation, no clear origin, and no single traceable source. The modern equivalent is the completion monies that arrive from an account in a different name, via an overseas institution, following a chain of transfers that the client cannot fully explain. Under LSAG 2025 section 6.17, source of funds requires understanding the underlying economic origin. A complex payment route is not a neutral fact. It is a route that was chosen, and the question of why it was chosen must be asked and documented.
LSAG 2025 section 6.17 · Regulation 33(6)(b) MLR 2017 · LSAG 2025 section 5.6.3.2
11 Red Flags Mentioned
Let's do a Tutor Exam Day
Under Section 330 of POCA 2002, failure to disclose known or suspected money laundering in the regulated sector is a criminal offence carrying a maximum penalty of five years' imprisonment. The threshold for suspicion is deliberately low: a possibility more than fanciful that the relevant facts exist. Red flags are not proof of wrongdoing. They are the trigger for professional scepticism, not the suppression of it.
Lord Monteagle The Suspicious Activity Report
On 26 October 1605, an anonymous letter was delivered to William Parker, 4th Baron Monteagle a Catholic peer, Member of Parliament, and brother-in-law to Francis Tresham, one of the plotters. The letter was written in a disguised hand. It had no date. It had no signature. It warned Monteagle not to attend the State Opening of Parliament, and it asked him to burn the letter once it had been read.
He did not burn it. Instead, he took it directly to Robert Cecil, 1st Earl of Salisbury the King's chief minister and the most powerful intelligence operator in Jacobean England. Cecil presented it to King James. A search was ordered. On the night of 4 November 1605, Sir Thomas Knyvet and his men searched the cellar beneath the House of Lords and found Guy Fawkes "John Johnson" standing among 36 barrels of gunpowder, concealed beneath piles of coal and firewood. The operation was undone by a single disclosure.
The author of the letter was almost certainly Francis Tresham himself a conspirator, Monteagle's own brother-in-law, and the man who had recruited several of the network's later members. Someone on the inside. Someone who knew. Someone who, despite being part of the trusted circle, could not sustain the decision to remain silent when he understood what the consequences would be.
The Monteagle Letter Is the Suspicious Activity Report of 1605
Under Part 7 of POCA 2002, any person in the regulated sector who knows or suspects or has reasonable grounds to know or suspect that a person is engaged in money laundering has a legal obligation to disclose that suspicion to the National Crime Agency (NCA). That disclosure is made through a Suspicious Activity Report (SAR), submitted via the NCA's UK Financial Intelligence Unit (UKFIU) through the SAR Online system. The obligation is not discretionary. It is a criminal offence under Section 330 of POCA 2002 to fail to make that disclosure, an offence carrying a maximum sentence of five years' imprisonment.
The internal reporting chain that precedes the external SAR is equally important. Under Section 330, any employee in the regulated sector who has reason to know or suspect money laundering must report that suspicion to the firm's nominated officer (MLRO) as soon as practicable. The MLRO then considers the internal report alongside all available CDD information and determines whether reasonable grounds exist to submit an external SAR. If the MLRO fails to pass on a reportable disclosure they have received internally, they may commit a further offence under Section 331 of POCA 2002.
Where a firm needs to proceed with a transaction that might otherwise constitute a principal offence under Sections 327–329 of POCA acquiring, retaining, using, concealing or converting criminal property, or entering into arrangements to do so the appropriate route is a Defence Against Money Laundering (DAML) SAR. The NCA has a moratorium period in which it may refuse consent. If no refusal is received within that period, the firm has a defence for proceeding. Timing is critical. So is the quality of the SAR itself.
The tipping-off prohibition is a separate and equally serious obligation. Once a SAR has been submitted or once the firm knows or suspects that a money laundering investigation is underway it is a criminal offence under Section 333A of POCA 2002 to disclose this to the client, to a third party, or to anyone else in a way that is likely to prejudice any investigation. Managing the client relationship following a SAR submission requires careful thought. Do not signal that anything has changed. Seek legal advice if the situation is complex.
NCA Quality Concern On the Record
The NCA has publicly expressed concern about both the volume and quality of SARs submitted by law firms. A well-written SAR with specific and articulable reasons for suspicion, clear identification of the transaction and parties involved, and factual rather than speculative language is significantly more useful to law enforcement than a vague or formulaic submission.
Sections 327–331 POCA 2002 · Section 333A POCA 2002 · NCA UKFIU SAR Guidance · Regulation 21 MLR 2017 · LSAG 2025 Chapters 11–12
The Compliance Journey Five Obligations That Never End
The cellar beneath the House of Lords was hidden in plain sight. So, sometimes, is financial risk. These are the five obligations that the regulations require applied consistently, documented carefully, and reviewed whenever circumstances change.
Know Your Client
Identify and verify. Establish beneficial ownership who is actually behind the instruction, not just who is in the room. Understand the nature and purpose of the retainer. Apply the current section 6.14.10 standard for non-natural persons: document the overall ownership and control structure, not just the percentage shareholding.
Regulations 27–28 MLR 2017 · LSAG 2025 sections 6.14–6.16
Assess the Risk at Firm, Client and Matter Level
The firmwide risk assessment sets the framework. The client risk assessment applies it to who the client is. The matter risk assessment applies it to what this instruction involves. All three must be current, specific to this firm and this client, and updated when anything material changes. The FWRA must now address proliferation financing and supply chain risk (LSAG 2025, April 2025 update).
Regulation 18 MLR 2017 · LSAG 2025 Chapter 5 · R19A (proliferation financing)
Apply Enhanced Due Diligence Where It Is Due
PEPs, HRTC connections, complex structures, third-party source of funds, and other risk factors identified in the FWRA all trigger EDD. EDD is not more paperwork it is a genuinely enhanced process producing additional measures appropriate to the risk. Document what you did and why. Obtain senior management approval for high-risk business relationships.
Regulation 33 MLR 2017 · LSAG 2025 sections 6.18–6.19
Monitor Continuously Throughout the Relationship
AML is not a one-time check at onboarding. Regulation 28(11) requires scrutiny of transactions throughout the business relationship. Keep CDD documentation current. Review client risk profiles when instructions change. Diarise FATF plenary dates (February, June, October) and review affected clients when the HRTC lists change.
Regulation 28(11) MLR 2017 · LSAG 2025 section 5.6.2.1
Report. Do Not Tip Off. Do Not Delay.
Where suspicion arises, the MLRO considers whether to file a SAR with the NCA. Failure to report in the regulated sector is a criminal offence. Tipping off is also a criminal offence. Both obligations are absolute. Neither admits of comfortable ambiguity. The culture of the firm must make it safe and expected for fee earners to raise concerns not a source of anxiety or embarrassment.
Sections 330–331 POCA 2002 · Section 333A POCA 2002
Audit Your Framework Before Someone Else Does
Regulation 21(1)(c) of the MLR 2017 requires firms to take appropriate steps to assess the adequacy of their PCPs which includes commissioning an independent audit. A Regulation 21 audit examines whether your framework is adequate and effective. An auditor who finds the gap before the SRA does is an enormous advantage. One who finds it after is a formal finding requiring documented remediation.
Regulation 21(1)(c) MLR 2017 · LSAG 2025 Chapter 4.8
"Remember, remember the questions you forgot to ask."
The conspirators believed their network was impenetrable. The familiarity, the shared history, the mutual reassurance it all felt watertight. Right up until it was not. One disclosure. One letter not burned. One act of professional scepticism from someone who, despite being on the inside of the trusted circle, could not remain silent when he understood what the consequences would be.
Real compliance is not the appearance of safety. It is the culture, the systems, the documented assessments, and the honest professional scepticism that sit behind the introduction. The vaults of Westminster were hidden in plain sight. So, sometimes, is financial risk. The question is whether your framework is good enough to find it before it finds you and whether your team knows that asking is expected, not exceptional.
A note on what is changing: The Money Laundering and Terrorist Financing (Amendment) Regulations 2026 were laid before Parliament on 25 March 2026. Subject to approval by both Houses, the majority of provisions are expected to come into force in late June or early July 2026. Key changes for law firms include the narrowing of mandatory EDD under regulation 33(1)(b) to FATF "call for action" countries only (currently Iran, North Korea and Myanmar) with grey list countries moving to a risk factor rather than an automatic EDD trigger. The current MLR 2017 obligations apply in full until commencement. The FCA transition to single professional services AML supervision was announced in October 2025 and remains subject to enabling legislation.
How Alexander Christian Can Help
We offer AML support - Book a Consultation.
Based in North Harrow and working with law firms across London.
Source:
Primary Legislation
Proceeds of Crime Act 2002 (POCA 2002) -- Part 7 (money laundering offences), Sections 327, 328, 329 (principal offences), Section 330 (failure to disclose in the regulated sector), Section 331 (nominated officer failure to disclose), Section 333A (tipping off), Section 333C (legal professional privilege exception)
Money Laundering, Terrorist Financing and Transfer of Funds (Information on the Payer) Regulations 2017 (MLR 2017) -- Regulation 21 (nominated officer / MLRO), Regulation 27 (obligation to apply CDD), Regulation 28 (CDD measures including Regulation 28(11) ongoing monitoring), Regulation 33 (enhanced due diligence, including Regulation 33(1) PEPs, Regulation 33(6)(a)(vi) unusual structures, Regulation 33(6)(b)(iv) third-party source of funds), Regulation 39 (reliance)
Regulatory Guidance
Legal Sector Affinity Group Anti-Money Laundering Guidance for the Legal Sector 2025 (LSAG 2025) -- approved by HM Treasury, in force 23 April 2025. Specific sections cited: 4.2.2 (beneficial owner threshold), 4.3.3 (MLRO reporting), 5.1.1 (supply chain risk), 5.6.2.1 (high-risk third countries / FATF lists), 5.9-5.15 (client and matter risk assessments), 6.9 (inability to complete CDD), 6.14.9 (persons acting on behalf of the client), 6.14.10 (non-natural persons and ownership structure), 6.17 (source of funds and source of wealth), 6.17.2.1 (third-party source of funds contributions), 6.19.3.1-6.19.3.4 (PEPs including domestic PEPs), pages 221-228 (schedule of amendments)
Money Laundering and Terrorist Financing (Amendment) Regulations 2026 -- laid before Parliament 25 March 2026. Regulation 19 (amendment of Regulation 33 MLR 2017: EDD trigger narrowed to FATF call for action countries, unusually complex transactions). Referenced for context on incoming changes; current MLR 2017 obligations noted as applying in full until commencement.
Financial Action Task Force (FATF) -- High-Risk Jurisdictions subject to a Call for Action list and Jurisdictions under Increased Monitoring list. FATF plenary session dates (February, June, October each year).
FCA Guidance on Politically Exposed Persons (2023, updated) -- referenced in context of domestic PEP proportionality, reflected in LSAG 2025 sections 6.19.3.1-6.19.3.4.
Enforcement Data
SRA MLR penalty data: 86 penalties totalling £1,498,983, April 2024 to April 2025.
National Risk Assessment 2025 -- legal sector classified as high risk.
NCA UKFIU SAR quality concerns -- publicly stated concern about volume and quality of SARs from law firms.
Historical Sources (Gunpowder Plot)
The Gunpowder Plot 1605 -- Robert Catesby as ringleader, Guy Fawkes as "John Johnson," Thomas Percy, the thirteen conspirators, the Monteagle Letter of 26 October 1605, the search of 4 November 1605. Historical record.
Who we serve
We serve small law firms in the London area. We are based in Harrow.
