Dealers, Galleries, Advisors Adam Jomeen Dealers, Galleries, Advisors Adam Jomeen

AML in the UK: Two Years On

“Art Market Participants” have faced stringent anti-money laundering rules in the UK and Europe since 10 January 2020. Ahead of their second anniversary, we consider the changes, who they apply to and what they mean in practice.

Alfred Stieglitz, Spiritual America  (1923).  Courtesy of the Getty’s Open Content Program.

Harnessing the art market? Alfred Stieglitz, Spiritual America (1923). Courtesy of the Getty’s Open Content Program.

“Art Market Participants” were brought within the UK's regulated sector for anti-money laundering (AML) purposes in January 2020. Two years on, we look at the UK's robust AML regime and what it means in practice for the art market

Primary Money Laundering Offences

By global standards, the UK has one of the most stringent anti-money laundering (AML) regimes. Primary money laundering offences are contained in the Proceeds of Crime Act 2002 (POCA) and can be committed by anyone - inside or outside the art market - including you and me. They are:

  1. Concealing, disguising, converting or transferring criminal property, or removing criminal property from the UK

  2. Entering into, or becoming concerned in an arrangement, in which the person knows or suspects the acquisition, retention, use or control of criminal property; and 

  3. Acquiring, using or possessing criminal property.

Each of the principal money laundering offences requires a knowledge or suspicion of money laundering

Made you look: we apply UK rules to the forged paintings sold by Knoedler & Co

‘Criminal property’

POCA came into force on 24 February 2003.   Its wide definitions of “criminal conduct” and “criminal property” capture the benefits of a broad range of criminal offences committed anywhere in the world where the accused knows or suspects that the relevant property constitutes or represents such a benefit. Under POCA, it is immaterial who carried out the conduct, who benefited from it, and whether the conduct occurred before or after the passing of POCA.

To be caught by POCA, overseas conduct must be a criminal offence in both the relevant country at the relevant time (the “Spanish bullfighter” exception); and under UK law punishable by more than 12 months in prison.  Relevant criminal conduct would include tax evasion, drug trafficking, corruption, modern slavery, theft and forgery.  POCA has no limitation periods or minimum values – meaning the benefit of most crimes, however small, committed anywhere in the world can qualify as ‘criminal property’ under UK law today.  This could include art acquired with the proceeds of crime in whole or in part, directly or indirectly. Where a person knows or suspects that property may be ‘criminal’ and they deal with it in any way, they risk committing a principal money laundering offence under POCA which carries a maximum penalty of fourteen years in prison. 

‘Knowledge or suspicion’

 Suspicion is not defined in legislation. The UK’s Court of Appeal has however defined suspicion of money laundering as a possibility, which is more than fanciful, that a person was or had been engaged in, or benefited from criminal conduct and that the suspicion formed was of a settled nature. There does not need to be anything amounting to evidence of the suspected money laundering. A Defence Against Money Laundering (DAML) can be requested from the UK’s National Crime Agency (NCA) where a reporter suspects that property they intend to deal with is in some way tainted, and that by dealing with it they risk committing one of the principal money laundering offences under POCA. A person does not commit one of those offences if they have received ‘appropriate consent’ (aka a “DAML”) from the NCA which is empowered to provide these criminal defences in law.

Failure to disclose potential money laundering

Those operating in a ‘regulated sector’ (including banks, accountants, solicitors, estate agents, and now, as further discussed below, ‘art market participants’) are obliged under sections 330 to 332 of POCA to report any knowledge or suspicion that another person is engaged in money laundering, and failure to do so is a criminal offence. A disclosure under section 330 is required when a person knows or suspects, or has reasonable grounds for knowing or suspecting, that another person is involved in money laundering, when such knowledge or suspicion comes to them in the course of a business in the regulated sector.  This would, extend, for example, to a dealer’s suspicion that an artwork is forged or stolen and applies regardless of whether they proceed with the transaction.  Such disclosures are made by submitting a Suspicious Activity Report (SAR) to the NCA and following a pre-determined timeline.


Harnessing the art market

The European Union (EU) issued five Directives between 1991 and 2018 requiring those at the gateway to the financial system to build anti-money laundering (and, since 2005, terrorist financing) measures into their day-to-day business activities.  Whilst the UK’s “regulated sector” has included banks, accountants, tax advisors and certain law firms for some time, the art market remained largely outside this regulatory net until 10 January 2020 when the UK implemented the EU’s 5th Money Laundering Directive (MLD5).  

In line with MLD5, “Art Market Participants” were brought into the UK’s regulated sector from 10 January 2020. To achieve this, the UK passed the Money Laundering and Terrorist Financing (Amendment) Regulations 2019 to amend the Money Laundering Terrorist Financing and Transfer of Funds (Information on the Payer) Regulations 2017. We refer to the UK’s amended Regulations as the “AML Regulations” for the remainder of this briefing. 

Who is an “Art Market Participant”?

Under the AML Regulations, an “Art Market Participant” (“AMP”) is a firm or sole practitioner who:

  1. by way of business trades in, or acts as an intermediary in the sale or purchase of, works of art and the value of the transaction, or a series of linked transactions, amounts to 10,000 euros or more; or

  2. is the operator of a freeport when it, or any other firm or sole practitioner, by way of business stores works of art in the freeport and the value of the works of art so stored for a person, or a series of linked persons, amounts to 10,000 euros or more.

The broad definition catches many operating in the commercial art market including dealers, gallerists, auction houses, agents and intermediaries (HMRC recently noted that interior designers can be intermediaries). Artists were arguably caught too, but HMRC clarified in May 2021 that artists selling their own work for the first time are not AMPs. The €10,000 threshold (currently around £8,400) is low considering it includes all taxes, commissions, Artist Resale Right (ARR) and ancillary costs such as shipping and framing.

A “linked transaction” would occur when:

  1. A transaction over €10,000 is broken down into several smaller payments so there are multiple payments against a single invoice (e.g. instalments); or

  2. Several works each valued below €10,000 are sold to the same customer at the same time. For example, a gallery sells three works priced at £6,000 each to the same customer: the total price of£18,000 is above the threshold and thus subject to AML Regulations.

A “work of art” is defined in section 21 of the VAT Act 1994: this includes “traditional” mediums such as original painting, sculpture and drawing but, for the time being, excludes “non-traditional” mediums such as NFTs and much vintage photography.

Important guidance for AMPs was published by the British Art Market Federation (BAMF) in February 2020 and approved by HMRC as the AMP regulatory supervisor. It is essential reading for AMPs and available here. It states that overseas dealers coming to the UK to sell works of art are AMPs and, as such, required to register with HMRC. HMRC’s latest list of regulated entities suggests that no overseas dealers have registered as AMPs to date.

AMP obligations: in context

The UK’s third National Risk Assessment (NRA) on money laundering and terrorist financing risk was published in December 2020 and is available here. It considered the UK art market to be at low risk of terrorist financing but a high risk of money laundering because criminals can conceal the ultimate beneficial owner of art, as well as the source of funds used to purchase art:

This can be achieved by using complex layers of UK and offshore companies and trusts, agents or intermediaries, with agents and intermediaries commonly used in the market. Also, the value of art varies greatly, making it attractive to varying levels of criminals, as well as providing options to launder money through a small number of high value purchases or a large number of low value purchases. Furthermore, the international nature of parts of the market likely makes art an attractive commodity for money launderers seeking to move illicit finance into or out of the UK.”

The NRA noted that it was too early to assess the effectiveness of the new obligations on AMPs and acknowledged that there is limited evidence of abuse in the sector to date. Whether further evidence emerges in the face of increased scrutiny remains to be seen.

Customer Due Diligence

An AMP’s central obligation is to cut through complex corporate structures and chains of intermediaries to identify the individuals they are trading with. In other words: Who are you really dealing with and where is the money coming from? This is known as customer due diligence (CDD).  Once identified, the individuals and entities must then verify their identity to the AMP’s satisfaction by way of independent (e.g. government issued) identity or corporate documents, or electronically. 

AMPs must conduct CDD on their “customers” and this may include both the buyer and the seller in a given transaction, together with their verified agents.  A dealer selling an artist’s work on the primary market and earning a sales commission must conduct CDD on both the artist and the buyer; whilst an art advisor engaged by a collector would need to conduct CDD on their (buying) collector and any other party from whom they receive a payment (for example, the source of the target artwork).  Advisors should tread carefully and ensure all payments are fully disclosed to and authorised in writing by the underlying collector to avoid claims for breach of fiduciary duty. Pages 56-60 of the BAMF guidance helpfully set out who the “customers” would be in a number of art transactions.

Supporting the requirement to conduct CDD is a regulatory framework: AMPs must conduct a risk assessment, design and implement anti-money laundering (AML) procedures, nominate a person within the business to be responsible for AML compliance, train staff, report suspicions, keep records and register with HMRC.

Risk Assessment

Conducting a written business-wide risk assessment to identify the risks of money laundering and terrorist financing across the AMP’s business is the cornerstone of the UK’s “risk-based” approach. Rather than impose a “checklist” for all regulated transactions regardless of risk, AMPs have the freedom (and responsibility) to focus AML resources on the particular risks in their business. Every risk assessment will be different: an international auction house operating online and offline across multiple jurisdictions is likely to identify more risks than a UK-based dealer placing the paintings of UK-based artists with UK-based collectors with whom they have longstanding in-person relationships.

Policies, controls and procedures

AMPs must design and implement written policies, controls and procedures (PCPs) which mitigate and manage the risks of money laundering identified in the risk assessment.  These must be proportionate to the size and nature of the AMP’s business and approved by senior management. Like the risk assessment itself, every set of PCPs will be different.

Customer due diligence

Customer due diligence (CDD) is a key requirement under the AML Regulations and must be completed to the AMP’s satisfaction before regulated transactions are completed (i.e. before artwork is released). In practice, AMPs should avoid receiving funds before CDD is complete to avoid the unwitting receipt of criminal property (which could not be returned without the NCA’s approval). AMPs will need systems to ensure they are not dealing with sanctioned individuals (which is strictly prohibited) and to identify when a customer or beneficial owner is a “Politically Exposed Person” (PEP) or a family member/known close associate.    

The AML Regulations permit AMPs to rely on the CDD undertaken by a third party which is also subject to the AML Regulations (such as another registered AMP).  Relying AMPs are unable to delegate responsibility for conducting CDD on their customers, however, and would commit an offence under the AML Regulations (and potentially POCA) if the CDD on which they rely falls short.  As such, AMPs will need to think very carefully about whether they are prepared to rely at all and, where they are so prepared, which third parties subject to the AML Regulations they have sufficient trust and confidence in.  

Reliance may be useful in a chain where an agent has conducted CDD on its principal and wishes to protect the principal from multiple requests for the same information.  Reliance is not, however, an opportunity for the agent to withhold the principle’s identity since the relying AMP must:

  1. know the identity of the customer or beneficial owner whose identity is being verified;

  2. confirm the level of CDD that has been carried out;

  3. carry out its own customer risk assessment; and

  4. ensure copies of the verification data will be available on request.

Agents and intermediaries with concerns about disclosing the identity of their principals may seek additional assurances from recipient AMPs.

Red flags require Enhanced Due Diligence

Where “red flags” present themselves during the CDD process (for example: the customer is evasive, from a high-risk jurisdiction or a PEP), enhanced due diligence (EDD) must be undertaken. EDD may include enquiries on a customer’s source of funds and source of wealth.  Transactions can proceed where EDD allays an AMP’s concerns but must not proceed if knowledge/suspicion of money laundering is confirmed (a SAR to the NCA may also be required). 

Appointing a Nominated Officer

The Nominated Officer (NOMAD) has overall responsibility for an AMP’s compliance with the AML Regulations (risk assessment, PCPs and ongoing CDD/EDD) and decides whether or not to report suspicious activities to the NCA.  NOMADs should have full access and sufficient gravitas to resist commercial pressures where knowledge/suspicion of money laundering arises. Sole traders will be the NOMAD automatically.

Training relevant staff

A careful risk assessment and tailored PCPs will be little use if front line staff requesting and reviewing AML documentation are not trained on the law and how to recognise transactions and situations which may be related to money laundering or terrorist financing.  Staff must know how to report suspicions to the NOMAD and understand the criminal offence of “tipping-off” (which exposes them personally to up to 2 years’ imprisonment should they disclose that a SAR has been filed and such disclosure is likely to prejudice an investigation).  

Maintaining records

Records of customer and transaction due diligence must be kept for at least 5 years. Where “red flags” or internal suspicion reports arose but no SAR was made, records AMPs should document the further enquiries made and basis for proceeding.  Failure to make and keep records of pertinent enquiries on a transaction which the authorities subsequently investigate could suggest that the AMP held a suspicion and chose to close their eyes to the risk.

Registering with HMRC

AMPs are required to register with HMRC and pay the appropriate fee (currently £300 per premises and £40 for each approved individual). The original registration deadline of 10 January 2021 was extended to 10 June 2021 in light of the COVID disruption. According to HMRC’s Supervised Business Register dated 15 December 2021, HMRC supervise around 27,000 businesses across nine sectors under the AML Regulations including just under 850 AMPs (AMPs with multiple premises are not double-counted). As seen below, more than half of these AMPs registered after June 2021.

A fake “Rothko” - and a red flag

Knoedler & Co: A Case Study

The Netflix documentary Made You Look told the story of the forged paintings which brought down one of New York’s most venerable art dealers, Knoedler & Co. Knoedler’s President, Ann Freedman, had acquired around 60 “master” works by the likes of Pollock and Rothko between 1994 and 2008 from Glafira Rosales who was unknown to the art world. Rosales claimed she had no paperwork for the works because her principal had sworn her to secrecy.

Had the Knoedler scenario played itself out in the UK after 10 January 2020, Knoedler would have been an AMP and obliged to conduct CDD. The lack of provenance, anonymous principal and discord between the high value of consigned artworks and apparently modest means of Rosales would have been “red flags” requiring EDD. EDD would not have allayed a responsible AMP’s concerns, meaning Knoedler/Freedman would have known or suspected – or had reasonable grounds to know or suspect – that Rosales was seeking to commit a money laundering offence (i.e. selling forged artworks, the proceeds of which would be criminal property).  Knoedler would have had to make a suspicious activity report to the NCA and not tip Rosales off that a disclosure had been made.  Failing to conduct CDD or to report suspicions are offences under the AML Regulations; and Knoedler/Freedman would have been exposed to primary money laundering offences under POCA which carry a maximum penalty of 14 years’ imprisonment.

Data Protection considerations

The EU’s General Data Protection Regulation (GDPR) and UK’s Data Protection Act 2018 (DPA) have governed data protection in the EU/UK since May 2018 (the GDPR was incorporated into UK law after Brexit). Data controllers falling short risk fines of up to € 20 million or 4% of total worldwide turnover for the preceding financial year (whichever is higher). AMPs will be obtaining more customer personal data under the AML Regulations than previously and this should be secured by “technical and organisational measures” which are appropriate to the risk and context.

Well-advised AMPs will already have Privacy Notices in place which are linked across their websites and email footers and drawn to the attention of anyone providing personal data to their business (such as customers signing-up to a gallery’s newsletter). In light of the AML Regulations, Privacy Notices should be updated to make customers aware that data provided for AML purposes may be passed to law enforcement. AMPs should also advise customers that data provided for CDD purposes will only be used to prevent money laundering or terrorist financing (and not for marketing or any other purpose without their consent).

The risks of non-compliance

AMPs breaching the AML Regulations risk potential fines, public censure, prohibitions on individual officers from managing the AMP’s business, and even imprisonment following a criminal prosecution for the most serious offences. AMPs found to be trading whilst unregistered may be prevented from trading until they have applied for and been approved by HMRC for AML supervision (which typically takes weeks if not months). In applying penalties, HMRC must take into account all relevant circumstances including the gravity and duration of the failure or contravention; the financial strength of the AMP; and the AMP’s level of co-operation with HMRC.

In addition to sanctions and associated reputational damage, HMRC’s first risk assessment from June 2021 highlighted the need for AMPs ‘to protect themselves, their families and their communities from the dangers of infiltration by criminals’. This may refer to the risk of AMPs becoming involved in criminal activity after unwittingly handling the proceeds of crime and being subsequently blackmailed by criminals.

HMRC interventions

HMRC began ‘interventions’ in late 2021 to audit registered AMPs and identify businesses trading whilst unregistered. Where a business is selected for intervention, HMRC may ask questions and request sight of compliance documentation including the business-wide risk assessment, PCPs and CDD records for individual transactions.

AMPs who have yet to register should do so as soon as possible and should in any event be complying with their obligations under the AML Regulations which have applied since 10 January 2020 (regardless of registered status).  Whilst late registrations may incur a penalty, HMRC have confirmed to us that failing to register altogether will incur stronger penalties.

Protecting your business and reputation

For advice and assistance navigating these issues, designing and implementing the necessary infrastructure and reviewing your wider legal compliance, please contact us.

This report and any information accessed through the links is for information only and does not constitute legal advice. Please contact us if you need advice on your particular circumstances.

Read More