Not giving up on this one!
The problem seems to be that the account is used NTLM authentication, so it is not surviving the "double hop", hence the failure for [NT AUTHORITY\ANONYMOUS LOGON].
I've registered an SPN on the target server:-
setspn.exe -A MSSQLSvc/FQDN:1433 DOMAIN\ACCOUNT
But still the problem remains. Going to try some more options and come back with the answer (not that anyone cares, I know, but for my own sanity).
Andrew