Fraud and forgeries have always been a major concern in the art market, along with attempts to launder dirty money. Sadly, this situation has been getting worse. So art dealers, galleries and auction houses have been given regulatory backing to combat money laundering from 10 January 2020. Here we explain what money laundering is, why it’s getting worse in the art market, as well as the anti-money laundering regime and the practical steps needed to comply.

What is money laundering?

Money laundering is a series of steps designed to make the proceeds of crime (“dirty money”) appear to come from a legitimate source (“clean”). It often involves three stages. Placement is where the proceeds of a crime are introduced into the financial system (cash from a drug sale is used to buy one or more art works). Layering disguises the ownership or origin of the asset to confuse the audit trail (the art work is sold to a ‘shell’ company that has no other assets, which then sells the work to a legitimate customer). Integration re-introduces the ‘laundered’ funds to the legitimate economy (the shell company uses the proceeds from the layering sale to buy more art). Structuring involves multiple transactions with different parties to evade reporting thresholds or other anti-money laundering restrictions.

Why is money laundering getting worse in the art market?

Recent allegations reveal that a complex web of people and international locations are often involved in art fraud. Not only does this type of fraud itself produce dirty money, but high prices, inconsistent record-keeping, subjective valuations, questionable authenticity and anonymity also create a fertile environment for laundering cash generated by other crimes. Digital technology and encrypted communications make it increasingly hard to detect and prove fraud and money laundering after the fact. Enforcement across national borders remains difficult.

While the rise of terrorism and global organised crime has led most countries to adopt consistent requirements to identify customers and detect and report suspicious activity, those measures have been focused mainly on financial services and gambling. This has driven criminals out of those sectors and into the art market.

The anti-money laundering regime

The UK’s anti-money laundering (“AML”) regime comprises four main instruments that act as a layer on the criminal justice system to deal with the proceeds of crime:

  • The Money Laundering, Terrorist Financing and Transfer of Funds (Information on the Payer) Regulations 2017 (“MLRs”)
  • Terrorism Act 2006 (“TA”)
  • Proceeds of Crime Act 2002 (“POCA”)
  • financial sanctions.1

The MLRs have been amended to apply to an “art market participant”, meaning a firm or sole practitioner who either:

  • by way of business trades in, or acts as an intermediary in the sale or purchase of, works of art and the value of the transaction, or a series of linked transactions, amounts to 10,000 euros or more; or
  • is the operator of a freeport when it, or any other firm or sole practitioner, by way of business stores works of art in the freeport and the value of the works of art so stored for a person, or a series of linked persons, amounts to 10,000 euros or more;

A “work of art” means anything which is a work of art for the purposes of section 21(5)(a) of the VAT Act.

A “freeport” means a warehouse or storage facility within an area designated by the Treasury as a special area for customs purposes.

What are the compliance requirements?

Broadly, if you fall within the scope of the MLRs, you will need to verify the identity of your customers and the ultimate owners of the money and assets those customers are dealing in, before doing business with them. You must also understand the nature of your customer’s business and its ownership and control structure. If you can’t complete that due diligence or enhanced due diligence where it is appropriate to make further checks, then you must cease dealing with the customer and file a suspicious activity report (SAR) with the National Crime Agency (NCA).

In addition, you will need to monitor transactions with your customers for suspicious activity, which must also be reported to the NCA.

The Proceeds of Crime Act makes all forms of money laundering a criminal offence and creates other offences such as failing to report a suspicion of money laundering and “tipping off” a suspected money launderer, which applies to staff and your nominated money laundering reporting officer (MLRO).

It’s also worth noting that the Fraud Act 2006 sets out fraud offences committed by false representation, failing to disclose information and abuse of position. The Data Protection Act 2018 and the EU General Data Protection Regulation require you to take appropriate security measures against the loss, destruction or damage of personal data. You also remain responsible when you pass data to a third party for processing or to countries that do not have adequate data protection regimes.

So firms within scope of the AML restrictions have to be careful about whom they represent, or with whom they communicate. But good anti-money laundering controls will also help minimise fraud and assist with personal data protection compliance.

What are the practical steps you need to take for AML compliance?

Guidance on how to satisfy the AML regime has been issued by the Joint Money Laundering Steering Group (approved by HM Treasury). While not legally binding, compliance with that guidance can provide a ‘safe harbour’ in the event of prosecution or enforcement action.

The MLRs require a risk-based approach to compliance. It’s not enough that you comply, because you must be able to demonstrate that you comply, if challenged. That means written policies and procedures; good records of obligations performed, training, compliance monitoring; and taking steps to remedy gaps or failings identified.

A ‘risk-based approach’ to AML compliance means developing and assessing the adequacy of your AML controls by reference to:

  • general risk factors (customer profile, geographical location of customers or activity);
  • factors that tend to increase the risk of money laundering (cash payments, multiple transactions for €999);
  • factors that reduce the risk of money laundering (your AML policy and procedures for complying with it); and
  • the risks specific to your business, the service it provides and to whom.

From a practical standpoint, you will also need to consider the optimal time to request customer due diligence information. That will depend on what identity data you need to verify, how long that takes and the context in which you might be asking. This may result in limits on the size of transactions that your customers can undertake (while being careful to recognise issues that require ‘enhanced due diligence’ or when they might be attempting to engage in ‘structuring’ to circumvent AML controls or other suspicious activity). Alternatively, you might collect and verify information earlier to avoid a more awkward customer experience at a crucial time (e.g. an important auction) or if you think a threshold will be reached quite quickly anyway.

This must be an ongoing process and take into account information you learn in the course of monitoring the transactions you’re involved in (e.g. attempts to pool funds from or channel them to different customers, purchases of work in batches below the AML threshold, different accounts used to pay and receive payments). You will also need to undertake AML risk assessments prior to the launch or use of new services, delivery procedures or other new business practices.

Your written AML policy should show that you and your staff:

  • understand what money laundering is;
  • understand the principles behind anti-money laundering and financial sanctions;
  • provide/receive mandatory training;
  • are fully aware of the requirements to verify the identity of customers and beneficial owners (including ‘politically exposed persons’), and monitor transactions – including when to apply standard, simplified or enhanced customer due diligence (where you’re on notice that inaccurate information has been provided or other higher risk factors);
  • will conduct sanctions checks and know what to do when you get a match;
  • know what suspicious transactions look like, and to whom and how to report any suspicions;
  • keep adequate records for the right length of time – including training records.

You should also have a set of detailed, written AML procedures that show exactly how you and your staff will satisfy the commitments in your AML policy.