Our monthly round up of news items which are of particular relevance to those businesses regulated for the purposes of AML.
Criminals lose, AML compliance wins, the smarter way to safeguard your business.
Cyber Security
The human costs of Cybercrime. From hospitals to hostage videos
A new analysis of 2025 incidents lays bare how cyberattacks have moved beyond balance sheets to directly threaten lives, livelihoods, and physical safety. Ransomware, data leaks, and crypto-extortion are increasingly linked to death, violence, and deep emotional trauma for ordinary people, not just corporate victims.
Human harms, not just computer downtime
Confirmed cases now tie ransomware operations to loss of life, such as the Synnovis pathology attack’s impact on NHS services, while other incidents show children’s data and images weaponised in extortion campaigns against families.
Major industrial attacks like the Jaguar Land Rover incident triggered multi‑billion‑pound losses, government intervention, and widespread fear among workers and suppliers, highlighting how operational disruption quickly becomes a social and economic crisis.
Violence, extortion and AI abuse
Violence as a service has surged alongside crypto‑theft, with documented kidnappings, home invasions and even amputations used to force access to digital assets, while ransomware crews increasingly threaten physical harm to executives and their families.
Law enforcement and security researchers also report growth in AI‑enabled “virtual kidnappings,” using deepfakes and emergency scams to extort families, as well as attacks on emergency alert systems that could delay critical warnings to communities.
Comment – Is it time to for firms to consider better protecting customers and staff by integrating cyber‑threat intelligence, open‑source research on violent crypto thefts, and typologies of ransomware/extortion schemes into their financial crime frameworks and client risk assessments? We can help.
Organised Crime
From estate to empire: How the ‘Canny Farm Cartel’ built a global drug business
The Coggins brothers’ “Huyton Firm” grew from a Liverpool housing estate into a cartel-level operation with direct South American supply lines and a national UK distribution network. Their story offers a practical blueprint of how a modern organised crime group scales, professionalises, and ultimately gets taken down.
How the gang grew
Two brothers from the Canny Farm/Cantril Farm estate quietly filled the vacuum left by earlier kingpins, building a long-running cocaine and heroin pipeline from South America into Europe and then the UK, often operating from Spain and the Netherlands.
They invested their profits into property and apparently legitimate businesses, used trusted enforcers, and kept a low public profile, enabling them to control an estimated ton of Class A drugs a year worth at least £16m wholesale while avoiding serious convictions for decades.
How they operated
At the top, Francis Coggins focused on international supply, brokering with continental and South American groups and exploiting logistics routes including the Port of Liverpool and parcel networks like UPS, sometimes masking loads with legitimate corporate account numbers.
His brother Vincent meanwhile ran the UK distribution side, supplying wholesale gangs and street‑level dealers from Scotland to the South West, using port insiders, intimidation, and a network of violent associates to protect territory, recover debts, and retaliate when rivals stole product.
Tech and tradecraft
The group embraced encrypted EncroChat phones to coordinate large shipments, manage cash, and even source grenades and firearms, believing the platform made them invisible while discussing both high‑level deals and mundane personal details.
International Law enforcement’s compromise of EncroChat gave investigators an eight‑week window into the full supply chain, culminating in coordinated arrests and long jail terms for the brothers and at least a dozen associates, demonstrating how dependence on “secure” comms can become a critical vulnerability.
Comment -For compliance and due diligence teams, this case shows how an OCG can present as a cluster of “clean” individuals with limited records, front businesses, property portfolios, and trade‑linked activity that superficially resembles legitimate logistics and import/export.
Leveraging platforms like www.investigationengine.com and tailored investigative training can help practitioners better detect hidden ownership, track illicit activity, and ensure greater protection against globalised networks.
Regulatory
FCA takes the reins: UK law firms face a tougher AML era
Regulatory shift
The government has confirmed that the FCA will become the single AML and counter-terrorist financing supervisor for law firms and other professional services, replacing the patchwork of 20+ professional body supervisors.
This consolidation is designed to simplify oversight, close supervisory gaps, and leverage the FCA’s data-driven, risk-based model to target higher-risk firms and facilitators of illicit finance more aggressively.
What this means for law firms
Law firms should expect a different enforcement culture: FCA investigations are typically more assertive, carry greater reputational risk, and can result in larger fines and more intrusive sanctions than under the SRA regime.
The FCA will bring tools such as proactive inspections, skilled person reviews, and potential use of FSMA powers (including prohibition orders), increasing personal exposure for MLROs, partners, and senior managers.
Why this matters for AML & due diligence
For AML and EDD teams, the shift signals a higher bar on risk assessment, client onboarding, source-of-wealth checks, and ongoing monitoring, particularly around high-risk clients, complex structures, and cross-border work.
Firms that rely on “tick-box” approaches or inconsistent file quality are likely to be challenged early in the new regime, making independent reviews, enhanced training, and better use of investigative tools increasingly critical.
Comment – This transition is a timely moment for firms to benchmark their frameworks against FCA expectations in financial services: governance of financial crime risk, clear MI, robust SAR processes, and documented, risk-based EDD decisions.
External investigative and training support and leveraging such as Investigation Engine can help law firms evidence a credible uplift in AML culture and demonstrate readiness to the new supervisor.
Do you want an effective tool to help manage you due diligence and risk assessment responsibilities? Look no further than Investigation Engine.
