Promotional material

Estate agency discussion notes: 'Closing costs'

Published 16 April 2026

© Crown copyright 2026

This publication is licensed under the terms of the Open Government Licence v3.0 except where otherwise stated. To view this licence, visit nationalarchives.gov.uk/doc/open-government-licence/version/3 or write to the Information Policy Team, The National Archives, Kew, London TW9 4DU, or email: psi@nationalarchives.gov.uk.

Where we have identified any third party copyright information you will need to obtain permission from the copyright holders concerned.

This publication is available at https://www.gov.uk/government/publications/anti-money-laundering-communication-resources/estate-agency-discussion-notes-closing-costs

1. Money laundering

‘Closing Costs’, our film on GOV.UK, shows how an estate agency business can find itself involved in money laundering, if it doesn’t take proper measures to protect itself.

Money laundering means passing illegally obtained money through legitimate businesses or financial systems, to make it appear lawful. Money laundering has a huge impact on local communities, as that money originally comes from other forms of crime, such as drug sales, human trafficking, and modern-day slavery.

Suspicious Activity Reports help the National Crime Agency, and other law enforcement agencies, to find and dismantle criminal networks that try to launder the proceeds of their crime through businesses like yours.

Customer Due Diligence is one of the best ways you can spot suspicious activity. It involves checking who the customer is, considering what they’re doing with the transaction, and how they’re doing it.  The aim isn’t to stop customers from being able to buy property; it’s to prevent criminal finance, for example from laundering drug money, being used to buy property that the criminals can then sell on or enjoy.

Under the Money Laundering Regulations, estate agency businesses have to train their staff about what to do when they spot something suspicious. This training guide, alongside the film on GOV.UK will help you to do that.

If you’re a sole trader

Watch the film and think about the questions below. Then check the potential answers to see if you’ve missed anything.

Not all the questions will be relevant to you, if you don’t employ anyone, but you should come back to them if you change your business model.

If you’re an employer

We recommend you use this material to run a training session. We expect it will take around 2 hours, although this will vary based on the size of your teams, and how much time you allow for discussion.

Watch the film as a group or have everyone watch the film before the session. Then put the questions to the group to prompt discussion. You can split your staff into smaller discussion groups if you like.

Discussing your answers at the end of each question can be a good way to share understanding. The potential answers are just some of the things that your teams might say, and you can use them to prompt further discussions.

The discussion questions are split into groups by subject, so you can focus your session on the areas you think are most relevant to your staff. This will also make it easy for you to break up the learning into more than one session, if you need to.

After the session

There’s information after each question that may help you with future training and updating your compliance work. You’ll also find links to relevant guidance and legislation.

2. Glossary

Abbreviation Term Description
AML Anti-Money Laundering Anti-Money Laundering means the laws, regulations, and procedures that prevent criminals from disguising illegal funds as legitimate income.
CDD Customer Due Diligence The process of verifying a customer’s identity, assessing their risk level, and monitoring their transactions to prevent and detect money laundering and terrorist financing.
DAML Defence Against Money Laundering A request made to the UK’s NCA within a SAR when a person suspects that property involved in a transaction is criminal and seeks consent to proceed in order to avoid committing a money laundering offence under POCA.
EAB Estate Agency Business Under MLR 2017, an estate agency business is defined as a firm or sole practitioner carrying out ‘estate agency work’ (as per section 1 of the Estate Agents Act 1979), and is therefore subject to AML obligations such as registration, risk assessments, and customer due diligence.
EDD Enhanced Due Diligence The process of conducting deeper scrutiny and ongoing monitoring of high-risk customers to better understand their activities, verify the legitimacy of their funds, and mitigate potential money laundering or terrorist financing risks.
MLR 2017 The Money Laundering, Terrorist Financing and Transfer of Funds (Information on the Payer) Regulations 2017 Refers to The Money Laundering, Terrorist Financing and Transfer of Funds (Information on the Payer) Regulations 2017, which set out the UK’s anti-money laundering framework.
NCA National Crime Agency A UK law enforcement agency responsible for tackling serious and organised crime, including economic crime.
PCPs Policies, Controls and Procedures Internal measures implemented by organisations to mitigate financial crime, money laundering and terrorist financing risks and ensure regulatory compliance.
POCA Proceeds of Crime Act 2002 Refers to the Proceeds of Crime Act 2002, legislation that provides the legal framework for recovering criminal assets and sets out money laundering offences.
RA Risk Assessment A systematic process for identifying and evaluating risks associated with financial crime, used to inform mitigation strategies.
SAR Suspicious Activity Report A report submitted to the authorities (the NCA) when suspicious financial activity is detected, as required under POCA.
TACT Terrorism Act 2000 Refers to the Terrorism Act 2000, UK legislation that sets out terrorism-related offences, including the financing of terrorism.

3. Estate agency businesses

Discussion questions:

  1. Why might EABs and the property sector be attractive targets for money launderers?

Answers might include:

  • Estate Agency Business (EAB) may be attractive to a money launderer for several reasons, including:
    • high-value transactions: Property deals often involve large sums of money. This makes it easier to move significant amounts of illicit funds in a single transaction
    • potential for profit: Property values can increase over time. This allows criminals to clean their money and potentially make a profit in the process
    • complex ownership structures: Use of shell companies, trusts, or nominees can hide the true identity of the buyer. This makes it harder to trace the source of funds
    • cross-border transactions: International property purchases can help move money across jurisdictions. This makes it more difficult to track and verify the origin of funds

Detail

Estate agency businesses can be easy targets for criminals wanting to launder illicit funds through property transactions. Key risks include:

  • use of property to clean criminal proceeds: Criminals may buy property to disguise the origin of illegal funds
  • false identities and documents: Criminals may use fraudulent or stolen identities to conceal the true buyer
  • suspicious transaction patterns: Unusual behaviour, such as cash purchases, rapid sales, or disinterest in the property may signal laundering
  • regulatory breaches: If agencies fail to meet AML obligations, they can be fined, sanctioned, or prosecuted
  • reputational harm: Association with criminal activity, even unknowingly, can damage professional credibility
  • weak controls exploited: Agencies with poor compliance systems or limited staff training are at greater risk

Vigilance, robust CDD, and prompt reporting of suspicious activity are essential to protect your business and uphold legal obligations.

You can find more detail in HMRC’s EAB Guidance.

4. Risk assessments and Policies, controls and procedures

Discussion questions

  1. What was Riaz’s overall attitude to compliance with MLR 2017 and SARs? How did this impact Riaz’s judgement in this scenario?

Answers might include

  • Riaz understood the need to comply with MLR 2017:
    • he recognised important updates from an HMRC email and added these to planned training
    • he had a staff training log and kept it up to date
    • he made sure the PCPs and RA were updated to reflect recent changes
    • the PCPs, RA, and training log were deemed to be suitable during the supervisory visit
    • he made sure the updated PCPs and RA were included in the training
  • Riaz focused on demonstrating compliance. Although he made sure the business had RA and PCPs, he did not check that the staff were actually applying them in practice (maintained within Regulation 19)
  • if Riaz had considered the risks to the business and local community, such as criminal exploitation, the business being used for money laundering or terrorist financing, and the criminality that leads to illicit money, he would have made sure the PCPs were being applied
  • in this scenario, the property was bought by a criminal gang who were involved in facilitating illegal working and potentially people trafficking. This exploits vulnerable people, undermines social cohesion, and strains public services, which creates hidden economies that erode trust, safety, and fairness in wider society
  • if Riaz had regularly checked his staff were following the PCPs, he would have spotted Sam’s activity much earlier. Sam may not have even taken risks if he knew his work would be checked
  • having well-written RA, PCPs and training does not alone eliminate risk. HMRC decided, during its supervisory visit, that while the training log, RA and PCPs were of good quality, they weren’t followed by staff in their day-to-day business, so the business had breached MLR 2017
  • a business must make sure its staff follow PCPs, to protect the business and their customers

Detail

Under MLR 2017 the need to maintain PCPs and RA is clearly set out in two key regulations:

Regulation 18: Risk assessment

With Regulation 18, you must identify and assess the risks of money laundering and terrorist financing to which your business is subject. You must:

  • take into account the customer, geographic, product, transaction, and delivery channel risk factors
  • keep an up-to-date written record of all steps you take
  • provide this RA to your supervisory authority when asked

Regulation 19: Policies, controls and procedures

With Regulation 19, You must establish, maintain, and regularly review AML PCPs to effectively mitigate and manage the risks identified in your Regulation 18 RA. These must include:

  • risk management practices
  • internal controls
  • customer due diligence
  • record keeping
  • monitoring and compliance
  • staff training

PCPs must be:

  • proportionate to the size and nature of the business
  • approved by senior management
  • reviewed and updated regularly
  • including specific measures such as:
    • risk management practices
    • internal controls
    • customer due diligence
    • record keeping
  • monitoring and management of compliance

You must keep written records of these policies and any updates and communicate them internally.

5. Red flags and suspicion

Discussion questions

  1. In the scenario, several aspects of the buyer’s behaviour should have raised red flags. What were these indicators?
  2. Did Elle flag the customers suspicious behaviour at the appropriate time?

Answers might include

  • the potential buyer’s activity raised several red flags including:
    • the buyer did not view the property or other properties in the area. 
    • reluctance to provide CDD documents
    • the buyer wasn’t interested in the location or area of the property nor the amenities, things that a buyer would normally ask about
    • cash purchase of £350,000. The buyer was a cash buyer without a plausible commercial reason for the purchase
    • the buyer advised they did not have access to readily available technology like a laptop or smart phone
    • the buyer terminated the call quickly when challenged
  • while none of these signs alone confirm suspicious activity, together they form a pattern that warrants closer scrutiny
  • Elle could have made an internal report as soon as the call was terminated
  • it should be considered if it was reasonable for Elle to delay slightly, as she may have wanted to check something else, and she spoke to a colleague to confirm her concerns
  • under POCA, Elle was legally required to make a disclosure to the Nominated Officer as soon as practical once she knew, suspected, or had reasonable grounds to know or suspect, money laundering was occurring. If Elle was found to have delayed reporting without acceptable reason, she may still be guilty of failing to disclose
  • Elle sent the internal SAR to Sam to review; therefore, she followed the business’s processes

Detail

HMRC provides guidance on GOV.UK about recognising the risks associated with estate agency work. There is also guidance for the other sectors HMRC supervises.

You can also read more about risks associated with estate agency work in the National Risk Assessment 2025, Section 5. There are other chapters which include risks about HMRCs other supervised sectors.

It is important to remember that all disclosures, and SARs, must be made as soon as possible, and any delay can be explained. If a business has an unreasonable delay in making a SAR this would also be an offence under POCA.

HMRC would review a business’s PCPs and the circumstances of the transaction to see if suspicion were reported as soon as practical.

The threshold for suspicion in the UK is set in R versus Da Silva [2006] EWCA Crim 1654. The Court of Appeal held that suspicion means ‘A possibility, which is more than fanciful, that the relevant facts exist.’ This means you don’t need proof, but you do need some objective basis for concern.

In summary, suspicion in AML reporting must be:

  • more than a gut feeling
  • less than certainty
  • grounded in facts or patterns that suggest a possibility of criminal property

You can find more guidance on suspicion, in HMRC’s Economic Crime Supervision Handbook.

6. Customer Due Diligence

Discussion questions

  1. What law requires a regulated business to have PCPs and effective CDD?
  2. What are the benefits of effective AML controls to an EAB?
  3. Why is effective CDD more than just a regulatory requirement, what real value does it bring to your day-to-day work as an EAB?
  4. What good points of AML compliance did the business in this scenario display, and why weren’t these enough to protect the business?
  5. In this scenario, the business had documented PCPs and RA in place. Yet, a suspicious transaction still went ahead. What could the business have done to better manage the risk and prevent this outcome?

Answers might include

  • MLR 2017 requires a supervised business to have PCPs and effective CDD
  • the benefits of effective AML controls include:
    • legal compliance: If you adhere to MLR 2017 and other UK legislation, you’ll avoid fines, criminal charges, and loss of registration
    • business protection: Shields the EAB from being used by criminals for money laundering, safeguarding its reputation and reducing the risk of losing client trust and future business
    • client confidence: A commitment to security, ethics, and legal standards, encouraging clients to trust the agency with high-value transactions
    • financial risk reduction: Early identification of suspicious activity helps prevent wasted resources and potential financial penalties
    • audit readiness: Clear PCPs and well-maintained records simplify supervisory visits and audits, making it easier to show compliance
    • staff competence: Regular training and clear PCPs enhance staff’s awareness, confidence, and ability to manage AML risks effectively
  • effective CDD is important for a number of reasons:
    • it protects you and your business from being exploited for money laundering, terrorist financing and financial crime
    • it helps you understand your customer, know who you’re dealing with, and better understand transactions and the risk they present to your business
    • it helps you detect and prevent any financial crime in your business
    • it can protect the good reputation your business has earned
    • it helps make sure you’re compliant with required regulations and laws
    • it helps build a profile of your customer, to identify suspicious behaviour/activity out of character for the type of transaction being undertaken
  • the business had RAs and PCPs in place to meet its legal obligations. However, it failed to make sure these procedures were applied in its day-to-day operations
  • Riaz should have had more oversight and made sure these controls were applied, to identify the suspicious nature of the transaction and recognise that Sam wasn’t doing effective CDD. This may also have prevented Sam from taking risks when completing transactions
  • not effectively applying the PCPs, particularly around CDD, led to the transaction being completed without the associated risks being identified. It’s vital to not only having documented procedures but embed them in your daily business practices

Detail

Under MLR 2017, EABs must have effective controls in place to manage money laundering and terrorist financing risks. This requirement is primarily found in:

Regulation 19: Policies, controls and procedures

Regulation 19 states that all relevant persons, including EABs, must:

  • establish and maintain PCPs to prevent and manage the risks identified in their RA
  • ensure these controls are:
    • proportionate to the size and nature of the business
    • approved by senior management
    • reviewed and updated regularly
    • including specific measures such as:
      • risk management practices
      • internal controls
      • CDD
      • record keeping
      • monitoring and management of compliance

HMRC’s Economic Crime Supervision Handbook reinforces that EABs must:

  • properly risk assess each area of their business activity
  • use tailored PCPs, not generic templates
  • show how these PCPs are used to manage and prevent risks
  • keep records that show ongoing monitoring and compliance with their own PCPs

Effective CDD has benefits not only to your business but also the wider community. It helps your business identify and manage financial crime risks, protect its reputation, and remain compliant with regulations. It also supports wider society by preventing money laundering, safeguarding the financial system, and promoting trust and transparency.

You can find guidance on CDD requirements in Regulation 28 and HMRC guidance.

Key requirements of CDD as per Regulation 28 are:

  • identification and verification:
    • firms must identify and verify the identity of customers and beneficial owners using reliable, independent sources
    • for corporate customers, firms must obtain and verify details such as name, registration number, registered office, and principal place of business
  • understanding ownership and control:
    • firms must take reasonable steps to understand the ownership and control structure of legal entities, trusts, companies, and similar arrangements
  • beneficial ownership:
    • if a customer is beneficially owned by another person, firms must identify and verify the beneficial owner and understand their control structure
  • ongoing monitoring:
    • firms must monitor the business relationship continuously, including transaction scrutiny and updating CDD information
  • risk-based approach:
    • the extent of CDD measures must reflect the firm’s risk assessment and the specific risk level of each case
  • electronic identification:
    • Regulation 28 allows for the use of electronic identification processes, provided they are secure and independent
  • record keeping:
    • firms must maintain written records of all actions taken to identify and verify customers and beneficial owners, especially where difficulties are encountered

In the scenario, the business had several strong AML controls in place, such as:

  • clear AML PCPs and RA
  • regularly updated staff training and a maintained training log
  • a defined process for reporting suspicious activity with clear points of contact

Despite these, the business still failed to protect itself from being exploited by a criminal gang. The business failed to make sure its AML controls were applied and upheld during its day-to-day practices. PCPs and RAs are only truly effective when they’re consistently integrated into everyday business practices.

You can find more guidance on PCPs at Regulation 19 and HMRC’s EAB guidance.

You can find more guidance on RA at Regulation 18 and HMRC’s EAB guidance.

Regulation 19 says you must establish and maintain PCPs to prevent and manage the risks of money laundering and terrorist financing identified in the RA done by the business under regulation 18(1) MLR 2017. Maintain means to keep it up to date, as well as applying them in practice.

Regulation 27 says you must take CDD measures when either:

  • establishing a business relationship
  • carrying out an occasional transaction
  • suspecting money laundering or terrorist financing
  • doubting the veracity or adequacy of identification documents, data or information used

Regulation 28 sets out that as part of its CDD measures, the business must identify the customer, verify their identity, and assess the risks.

Regulation 33 sets out EDD measures.

HMRC’s Economic Crime Supervision Handbook reinforces that EABs must:

  • properly risk assess each area of their business activity
  • use tailored PCPs, not generic templates
  • show these PCPs are used to manage and prevent risks
  • keep records that show ongoing monitoring and compliance with their own PCPs

7. Enhanced Due Diligence

Discussion questions

  1. What is the difference between CDD and EDD?

Answers might include

  • CDD: The standard level of due diligence for low or medium-risk transactions. It involves verifying the identity of the buyer and seller and understanding the business relationship or transaction
  • EDD: Use EDD when there’s a higher risk of money laundering or financial crime. It includes all elements of CDD, plus additional checks tailored to the specific risk. These may include deeper verification of identity, source of funds, and the purpose of the transaction
  • documents that could be asked for to complete EDD include:
    • for individuals:
      • valid photo ID — passport, driver’s licence, national ID
      • proof of address — such as recent utility bill, bank statement
      • proof of ownership or authority to act
      • commercial rationale for the transaction
      • evidence of source of funds, such as bank statements or inheritance documents
    • for legal entities:
      • certificate of incorporation
      • memorandum and articles of association
      • register of directors/shareholders
      • proof of business address
      • identification of beneficial owners
      • authority of the representative acting on behalf of the entity
    • for trusts:
      • trust deed or agreement
      • identification of settlor, trustees, and beneficiaries

Detail

There’s more guidance on CDD at Regulation 27, Regulation 28 and HMRC guidance.

Regulation 33(5) MLR 2017 sets out the measures for conducting EDD in any case where there is a high risk of money laundering or terrorist financing, including:

  • seeking additional independent, reliable sources to verify information provided or made available to you
  • taking additional measures to better understand the background, ownership and financial situation of the customer, and other parties to the transaction
  • taking further steps to be satisfied that the transaction is consistent with the purpose and intended nature of the business relationship
  • increasing the monitoring of the business relationship, including greater scrutiny of transactions

More guidance on EDD can be found at the HMRC guidance.

8. Suspicious Activity Reports

Discussion questions

  1. What legislation requires you to make a SAR?
  2. During their premises visit, the HMRC Officer asks to see details of the SARs submitted by the business, what legislation allows supervisors to do so? 
  3. In the film, Riaz asked Sam to review the SARs for him. Can Riaz, as the Nominated Officer, delegate the responsibility of looking at SARs? 
  4. What was Sam’s attitude towards reviewing SARs? 
  5. What would you include in a SAR for the scenario in the film? 
  6. If Riaz had come across this transaction on his own after the transaction was completed, would making a ‘late’ SAR protect him or his business?

Answers might include

  • in the UK, the legislation governing SARs is POCA and TACT
  • POCA and TACT require businesses in the regulated sector to report knowledge or suspicion of money laundering or terrorist financing to the NCA, via the SARs regime
  • under the MLR 2017, AML Supervisors are empowered to request information from businesses regarding SARs that have been submitted, specifically in:
    • Regulation 66(1A) MLR 2017. Reg66(1A) gives authorities the right to request copies of suspicions reported to the NCA
    • Regulation 60(3) MLR 2017, with reference to Regulation 59(1)(e)(i)(cc). MLR 2017 allows HMRC, as the regulating authority, the right to suspend or cancel registrations, if they suspect, on reasonable grounds, that the applicant (business) will fail to comply with its obligations under Parts 7 and 8 of POCA
  • Riaz only delegated initial review of SARs to Sam as he advised this ‘saved him a step.’ Riaz, as the Nominated Officer, cannot delegate authority for receiving or assessing SARs, but could however delegate some administrative tasks, including preliminary checks, to Sam
  • Riaz should have personally assessed the internal SARs and decided whether to submit a SAR to the NCA
  • Sam was complacent and dismissive about reviewing SARs and making referrals to the Nominated Officer for submission
  • Sam saw SARs as an administrative burden and a barrier to sales, rather than a way to protect the business and himself from exploitation by money launderers and criminals
  • we can see indicators of this in the video:
    • he is clearly not paying attention at the staff training session
    • Sam is complacent as the contact point for SARs reviews
    • Sam is interested in the suspicious enquiry about purchasing a property, looking to make a big sale
    • Sam has a general disregard for rules
    • Sam’s response of ‘yeah, yeah I got it’ about a SARs referral
    • Sam focuses on making a sale easy for the buyer rather than adhering to regulatory requirements which he refers to as ‘barriers’
  • Sam did not take the need to review SARs seriously, nor did he treat them with the appropriate level of care and consideration
  • the value of SARs is wide reaching. SARs can play a critical role in alerting law enforcement to potential instances of money laundering and terrorist financing
  • SARs assist with the disruption of criminality and help law enforcement by revealing new subjects of interest and emerging methodologies. They are a vital source of intelligence, not only on economic crime but on a wide range of criminal activity
  • submitting SARs can help to protect your local community, as they can give important intelligence to law enforcement, allowing them to tackle the criminal activity that generates illicit finance. That criminal activity can include modern day slavery, human trafficking, and drug sales, which cause significant damage to the community
  • in this scenario, detail to include in the SAR includes:
    • buyer’s name, date of birth, address, contact phone number, email address and any other subject identifiers the business obtained or held
    • explain your suspicion of money laundering, including:
      • buyer’s hesitation at providing CDD documents
      • sudden termination of the transaction enquiry
      • buyer wishing to purchase a property they have not seen
      • buyer wishing to purchase a property without genuine interest in condition, location, or local amenities
      • buyer’s failure to provide an effective commercial rationale for the transaction
    • details of the property enquired about including what type of property it is, location and value
    • describe the timeline of events, setting out whether this is the first contact. 
    • the Nominated Officers details
    • elevant glossary codes, including XXPROPXX. XXPROPXX relates to ‘Purchases and rentals of real estate property.’ Use this when suspected illicit funds are used to buy or lease property. The NCA has published training material on why glossary codes are important
  • a late SAR may reduce the risk to your business, but it does not guarantee protection from prosecution if you have committed or facilitated a criminal offence
  • in this scenario if Riaz did make a SAR after spotting this during an internal review it may be considered if he made the SAR as soon as possible
  • all disclosures, and SARs, must be made as soon as possible, and any delay must be explained
  • if a business has an unreasonable delay in making a SAR this would also be an offence under POCA

Detail

MLR 2017 Regulation 21 (3) means that your business must have a Nominated Officer. The Nominated Officer can delegate activity such as gathering information, maintaining SARs logs or preliminary checks, but the Nominated Officer must make all decisions on whether to submit a SAR to the NCA.

POCA S331 requires the Nominated Officer to make a SAR if they know, suspect, or have reasonable grounds for knowing or suspecting that someone is engaged in money laundering.

POCA S333 A-E states that it is a criminal offence for anyone to say, disclose or do anything that may prejudice an investigation or ‘tip off’ another person that a suspicion has been raised (this does not include disclosure to a supervisor as detailed above), therefore you must make sure that the nominated officer understands their responsibilities.

If you wish to retain a copy of your SAR submission for audit or AML supervision purposes, use the Print SAR option on the SAR Portal before you submit the SAR. You will not be able to view or print the SAR once it has been submitted.

The value of SARs is wide reaching. SARs can play a critical role in alerting law enforcement to potential instances of money laundering and terrorist financing. SARs assist with the disruption of criminality and help law enforcement by revealing new subjects of interest and emerging methodologies. They are a vital source of intelligence, not only on economic crime but on a wide range of criminal activity.

Submitting SARs can help to protect your local community, as they can give important intelligence to law enforcement, allowing them to tackle the criminal activity that generates illicit finance. That criminal activity can include modern day slavery, human trafficking, and drug sales, which cause significant damage to the community.

Under POCA 331, as Nominated Officer Riaz was legally required to make a SAR as soon as practical once he knew, suspected, or had reasonable grounds to know or suspect money laundering was occurring. If he was found to have delayed reporting without acceptable reason, he may still be guilty of failing to report.

A late SAR may reduce the risk to your business, but it does not guarantee protections from prosecution if you have committed or facilitated a criminal offence. The offence is about what you knew or suspected at the time.

If at the time you knew, suspected, or had reasonable grounds to suspect money laundering and you received that information in the course of your work, but you did not report it, you are guilty of the offence of failing to report.

The obligation to make a SAR is preventative not reactive. The test is not if money laundering took place, but if you had grounds to suspect it might be taking place and you failed to report it.

9. Submitting a SAR

Discussion questions

  1. If Riaz had reviewed the internal suspicious activity report made by Elle and felt uneasy, would it be grounds for him to make a SAR
  2. Do you think that Riaz should have submitted a SAR
  3. What information do you need to include in a SAR
  4. What would you include in a SAR for the scenario in the film? 
  5. Should Elle or Riaz consider a second suspicious activity report in this case?
  6. Do you know your legal obligations if you reach the requirement of suspicion? 
  7. How does making a SAR change Riaz’s work? Can he continue to make the sale?
  8. If the transaction had proven to be innocent in nature, would Riaz and the business have committed an offence by failing to make a SAR?

Answers might include

  • Riaz did not have grounds to make a SAR, he needed to know or suspect that money laundering was taking place, or that the property was criminal
  • however, Riaz should have looked further into the transaction so he could decide whether it was suspicious
  • if Riaz felt unease or had a vague gut feeling, he should have continued to monitor the transaction as this may progress into suspicion given more time or information
  • Riaz should consider the detail provided in the internal report from Elle as this might have been enough to make a SAR, even if she didn’t have all the information
  • you should always try to provide as much relevant information as possible in a SAR, this includes:
    • the name of the reporter
    • the date of the report
    • the name of the subject and all information that may help identify them. As many details as possible should be provided to the NCA to assist with the identification of the subject
    • details of any associated subjects, and how they are associated to the main subject
    • why you’re suspicious. The facts regarding what has led to the reporter’s suspicion, this should be clear and concise, providing a chronology of events if necessary
    • the UKFIU glossary code (where known)
    • whether you are seeking a Defence Against Money Laundering SAR (DAML)
    • what is the criminal property (such as cash, residential property), including (where known) the estimated value and location of the criminal property
  • if you are seeking a defence to a principal money laundering offence, you should articulate clearly what your future specified activity is
  • the limited information held by the estate agency might fit into a much larger picture of a known organised crime group (OCG). The estate agency in this scenario knew:
    • the buyers name, even if this is not correct, the same name may have been used in attempts to contact other Estate Agencies in the area, which could link multiple SARs when reported
    • the buyers contact details, even if this is an unregistered (‘burner’) phone the same number may have been used in attempts to contact other reporters in the regulated sector, which could link multiple SARs when reported
    • the property they attempted to buy, this may be an indicator of the geographical area through which the OCG operates
    • they know the buyer was a cash buyer with £350,000, if used with the above detail this may be able to link to a specific criminal activity which could identify proceeds of crime being laundered
    • they can articulate why the buyer’s behaviour was suspicious, this may give valuable detail on how an OCG is operating
  • Elle should file a second internal SAR when she realises or has concerns Sam has completed the transaction and has not done the CDD. She should send this directly to Riaz
  • Riaz should send an additional SAR to the NCA, with the additional information if this is not included in his original submission. He should make sure this includes reference to the SAR reference number (NCA URN) of the previous SAR in the relevant field
  • within the regulated sector:
    • staff must make an internal report to the Nominated Officer as soon as they know, suspect, or have reasonable grounds to suspect money laundering or criminal property. (POCA 330)
    • if the Nominated Officer submits a DAML, do not proceed with the transaction or activity until consent is received
    • the NCA has 7 working days to consider a DAML request. If you do not hear anything from the NCA after 7 working days have passed, you have ‘deemed consent’ to proceed. Please note, the day a DAML is received by the NCA is day 0
    • if the DAML request is refused, the day of refusal marks the start of a 31-calendar day moratorium (suspension) period. During this moratorium period, law enforcement will work to take positive action against the criminal property. The moratorium period can be extended beyond the initial 31-days by the court
    • you cannot proceed with the transaction until the NCA provide consent
    • you also need to be aware of ‘tipping off’ and ensure this does not occur. Tipping off is the disclosure to a customer that a SAR has been made, and the disclosure is likely to prejudice any future investigation. Tipping off is an offence under POCA 333A-E
  • Riaz should make a DAML. If the NCA say he can proceed, it’s up to him and whether he thinks it is too risky
  • for suspicious activity reports known as DAML SARs, where consent is requested from the NCA to proceed with a transaction, no transaction should take place until consent is received
  • the answer is yes, the business and Riaz can still be prosecuted for failing to make a SAR, under POCA, even if no money laundering took place. An individual or business may be prosecuted under MLR 2017 for failing to comply with statutory obligations, such as failing to carry out CDD or report suspicion, because these are criminal offences in themselves, even if no actual money laundering has taken place

Detail

Feeling uneasy is not normally enough to justify making a SAR under POCA. You are required to have knowledge or suspicion or reasonable grounds to suspect the person is involved in money laundering or that the property is criminal property.

The threshold for forming a suspicion is very low but must be based on facts or context. You do not need to know all the details around the suspicion, nor do you need proof, but you must be able to explain why you are suspicious.

When you consider making a SAR, you should not ignore gut feelings or feelings of unease, instead explore them further to either resolve the feeling or to establish suspicion.

You can find further details within NCA guidance on what should be included in a SAR and how to submit a quality SAR.

You should submit as many details as possible about the subject, as this will help to identify them. Aim to be clear and concise, as the NCA receives a lot of SARs. Some of the things you can do to make it easy to read include:

  • structure your SAR logically, including all the relevant information
  • briefly summarise your suspicion
  • what is the criminal property (such as cash, residential property), what is the estimated value of the criminal property and where is the criminal property
  • the relevant UKFIU glossary code (if applicable)
  • if you are seeking a defence to a principal money laundering offence, you should articulate clearly what your future specified activity is
  • provide a chronological sequence of events
  • keep it clear, concise, and simple
  • avoid acronyms and jargon. If you are describing a service or technical aspect of your work, explain it
  • break up information into paragraphs
  • where you don’t know the answer, you should write ‘UNKNOWN’

You may need to report the matter via another route if there are other risks, such as someone threatening your staff, or there is a vulnerable person at risk of immediate harm. If you do, include the Crime Reference Number when you submit your SAR.

Times when you should make a second SAR include:

  • new details emerge
  • follow up action occurs
  • corrections or clarification is needed
  • ongoing monitoring reveals more detail about suspected crime

In this scenario Elle has new detail. She learned that Sam has completed the transaction but is concerned that appropriate CDD has not been completed. Elle should have made a second internal SAR for Riaz to review. The business could easily verify at that stage that CDD had been undertaken and resolve the risk or escalate through a SAR to the NCA.

If Elle had made a second internal SAR the business could have been alert to the suspicious nature of the transaction and made a SAR to the NCA as required, rather than the risky transaction being identified by HMRC.

Appendices 1 and 2 illustrate sample Suspicious Activity Reports (SARs) relevant to this scenario.

10. What Can Happen?

Discussion questions

  1. What are the potential consequences of a suspicious transaction being discovered by HMRC (as an AML supervisor)?
  2. What could happen if HMRC finds the suspicious transaction was not reported?
  3. In this scenario, has Riaz committed a crime by failing to make a SAR?

Answers might include

  • the business may have faced the following consequences:
    • HMRC might issue a financial penalty
    • increased regulatory scrutiny. HMRC may consider the business’ PCPs weak and deem the business is now at higher risk of being exploited for money laundering. HMRC may decide the business required a higher level of supervision if it is allowed to continue to operate
    • HMRC might suspend or cancel the registration of the business, preventing them from trading as an estate agent
    • if HMRC took one of those actions, it would also publish the details, on GOV.UK. Potential and long-standing customers may choose to take their business elsewhere
    • the person who should have reported it could be prosecuted. They could face an unlimited fine and up to 5 years in prison
  • in addition, the business may face:
    • reputational damage: Supervisors have the authority to publish details of non-compliant firms or individuals. As this information is publicly accessible, it can significantly damage the business’s reputation
    • loss of revenue: A damaged reputation may lead to the loss of both existing and prospective clients, who may be unwilling to engage with a business that’s failed to meet regulatory standards
  • Riaz has committed an offence if having reviewed the internal SAR he should have known or suspected that the customer was trying to launder money, but he fails to make a SAR to the NCA as soon as possible

Detail

HMRC has a number of powers available under the MLR 2017 to sanction non-compliance. You can read about it in our Economic Crime Supervision Handbook. It can:

  • issue financial penalties, either to the business or to an individual who was knowingly concerned. Knowingly concerned means they knew and were actively involved in the breach
  • prohibit an individual from managing a business that must be supervised. This prohibition can be temporary or permanent
  • temporarily suspend or permanently cancel the registration of a business, preventing it from trading
  • publish a statement on GOV.UK, censuring the business publicly
  • issue an injunction, requiring the business or person to stop doing something, or make them do something
  • prosecute under POCA or the MLR 2017

HMRC may take the following actions depending on how severe the non-compliance is:

  • warning letters
  • civil penalties
  • criminal prosecution 
  • publication of non-compliant businesses
  • penalty administration charges (£2,000 for compliance failures)

If HMRC issues a penalty, prohibits an individual from managing, suspends or cancels the registration, or publishes a statement, it must also publish the details of it on GOV.UK for 5 years.

MLR 2017 gives several consequences for non-compliance, which can affect both businesses and individual officers. These are detailed across multiple regulations and HMRC’s guidance documents:

Failing to make a SAR can be a criminal offence, depending on your role and what you knew or suspected. If you work in the regulated sector, under POCA 330 to 332, it is an offence:

  • if you know, suspect, or have reasonable grounds to suspect that someone is engaged in money laundering, and you fail to make an internal report to the Nominated Officer 
  • as Nominated Officer fail to submit a SAR as soon as possible

This could result in 5 years in prison, a fine, or both.

DAML is a SAR made to the NCA where a business suspects that property, including money and all forms of real or personal property (see section POCA 84), they intend to deal with may be criminal property, and by dealing with it they risk committing a money laundering offence. More information on DAMLs can be found at the NCA guidance Understanding DAMLs and DATFs.

A person does not commit an offence if they have received ‘appropriate consent’ (via a DAML) from the NCA. Failure to report a suspicious transaction before proceeding with that transaction (and receiving a DAML) can result in criminal liability if the transaction is proven to involve criminal property. A criminal offence would be committed if the business had reasonable grounds to suspect money laundering earlier in the transaction and failed to submit a DAML. As the business has completed the transaction without Riaz reviewing the internal report, completing, and obtaining a DAML he could find himself criminally liable.

Non-compliance may also lead to prosecution under:

11. Contact HMRC

You should contact HMRC if your business is covered by the Money Laundering Regulations and you have any questions about money laundering, this training material or you want to make a money laundering disclosure.

Details on how to contact HMRC can be found on GOV.UK.

The Money Laundering, Terrorist Financing and Transfer of Funds (Information on the Payer) Regulations 2017
The Proceeds of Crime Act 2002
Terrorism Act
Estate and letting agency business guidance for money laundering supervision
Economic Crime Supervision Handbook
Sanctions for Non-Compliance
National Risk Assessment 2025, Section 5
NCA SARs Reporter Booklet July 2025
Understanding DAMLs and DATFs
SARS Registration Portal
NCA SARs Portal
Understanding risks and taking action for estate agency businesses - GOV.UK

Appendix 1: Internal SAR (email)

Subject: Concern regarding enquiry on Delta Street property

Hi Riaz,

I received a call this morning (21 July 2025) from an individual expressing interest in the Delta Street property we had listed at £350,000. He identified himself as Gareth Smith but declined to provide any further personal details. I was, however, able to obtain a contact number: 07111 111 111.

Mr Smith stated that he was unable to attend in person to verify his ID or documentation and also mentioned he could not use our online service due to lack of access to a computer or smartphone. He claimed to be a cash buyer with no mortgage but became defensive when I asked about the source of his funds.

Additionally, he showed no interest in viewing the property or discussing local amenities— something that stood out, as these are typically key considerations for prospective buyers.

The nature of the enquiry, combined with Mr Smith’s evasive and defensive attitude during the call, raised concerns. Based on the interaction, I believe his behaviour may indicate suspicious activity and warrants further consideration.

Please let me know how you’d like to proceed.

Best regards, 

Elle

Appendix 2: Internal SAR (template)

Part 1: Submitters details

Name Elle Richards
Date and time of submission 22 July 2025, 2pm.
Contact number 0115 111 1111
Contact email elle.richards@smithestates.com

Part 2: Details of the suspicious party

Name Gareth Smith
Address None given
Contact details 07111 111 111, no email
Additional details Caller spoke with a London accent.

Part 3: Reason for suspicion

On 21 July 2025 at approximately 10:15 AM, I received a telephone enquiry from an individual identifying himself as Gareth Smith. He expressed interest in purchasing a property listed at £350,000 on Delta Street.


Mr Smith stated that he was unable to attend in person to verify his identity or provide documentation. He also claimed he could not use our online verification service due to lack of access to a computer or smartphone. He described himself as a cash buyer with no mortgage but became defensive when asked about the source of his funds.

Furthermore, Mr Smith showed no interest in viewing the property or discussing local amenities — both of which are typically important considerations for genuine buyers. He did not wish to view the house.

His behaviour and responses during the call raised concerns and appeared inconsistent with standard buyer conduct.

Part 4: Supporting documents

[Attachment 1: Copy of the property advertisement for Delta Street]

Back to top