Event Recap: How can you avoid losing sales under AML Regulations.
In our latest online event we discussed how you can comply with regulations - avoiding fines and penalties - while ensuring minimal impact on your clients.
Below we explore some of the key themes covered during the event. If you wish to view the event recording, please click here.
Regulation and Friction
Being compliant while reducing friction is the desired scenario. Naturally, clients with have some of the following concerns.
1. What is happening to my information?
2. What is the minimum information you require?
3. Why do you need this information?
4. How are you going to store my information?
5. How do I know my information is secure?
6. How can I share my information securely?
7. Who within your gallery will be accessing this information?
8. Who are you going to share my information with
Under the themes 'Eduction and Expectations' and ‘Storage and Security’, here are some helpful tips to begin to address the above concerns and help develop and maintain a smooth interaction with your clients.
Tip 1: Mailing List Education and Communication
Consider composing an email and sending this to your mailing list - or individually - informing your clients of:
1. Your obligations under Anti-Money Laundering
2. Examples of the type of information you will require
3. Who will be required to provide information
4. When this information will be required
5. Details on how this information will be stored
6. To which businesses and where these laws will apply
In the case of auctions, or marketplaces, update any applicable customer forms or pages to reference AML requirements as and where this applies.
Tip 2: You and your sales team are on the right page
At its most simplistic, the act of customer due diligence introduces a new step.
It’s key therefore that sales (or those in your business dealing directly with the client) know what is expected and are in a position to guide their client through the process, with minimal friction.
That said, the information you will require - and therefore steps you and your client will be required to take - will be different depending upon the source from which funds used to pay you will originate.
In each case - and in general - some of the key questions you’ll want to address and ensure are clearly understood throughout the business include:
1. Is our Sales Team aware of AML and the legal requirements: Are they able to communicate this at the start of the sales process? Have they had sufficient training?
2. Who will be responsible for ensuring the right information is being requested depending on the nature of the transaction?
3. Is there an easy, simple framework and process for everyone to follow?
4. Who will be requesting this information from the client?
5. How will the client send their information to you securely?
Having these questions answered will reduce internal friction and ensure communication with the client is as clear as possible. Especially if information is missing, incomplete or is not reconciled internally. This introduces additional friction if the due diligence process is for a complex transaction.
Tip 3: Encrypted storage of all sensitive documents
Secure storage lies at the heart of most any question your client is likely to ask when you request information from them. These questions will include things like:
1. How are you going to store my information?
2. How do I know my information is secure?
3. Who within your gallery will be accessing this information?
When required - as you are under AML regulation - a minimum security protocol should be that documents are encrypted-at-rest.
That is to say, when the documents are not being accessed - in a ‘restful state’ - if these documents were accessed through a breach or attack, they are redundant and unusable.
While password protected folders on a computer offer a degree of encryption, it is very much one-dimensional, providing limited security. Providing adequate systems are in place, you should look to further restrict access to these documents using 2FA (Two Factor Authentication). This is a security protocol that is commonly used with online banking, where unique PIN codes are sent to your mobile device.
Who within your business has access to such sensitive information should also be closely monitored.
Access rights and permissions permitting or inhibiting access to reports, records, ID documents etc - should be in place.
It may be necessary in some art business that directors may also want to keep certain client records entirely private from anyone else in the team as per an important clients request.
Tip 4: Maintain Data Discipline when Sharing Information with other Art Businesses
In-line with your obligations under AML regulation, there will instances where you will be required to share information with the appropriate regulator in your country, or indeed - more frequently - with another regulated art business.
You are duty bound under GDPR to protect the information you have on your clients and ensure that the visibility and accessibility of this information is in line with the policies documented in your terms and conditions.
That is to say, your policy should dictate that any information provided will be used to satisfy specific regulatory requirements only.
Throughout the course of business, you will likely require Customer Due Diligence information from another art business, or conversely they will require information from you.
Many of you are - and continue to experience - questions from other businesses that see them asking for information on behalf of your client.
For reasons concerning time and complexity, we won’t go into detail as to why this is happening or how technology can be used to deal with these issues, however it is important that as and when you’re required to provide Customer Due Diligence information to another business, you adhere to the following:
1. Any information you share is controlled by you
2. Information is accessible only from a single location
3. What you share needs to be recorded with a clear audit trail in place
4. Have the facility to revoke, or remove access to your due diligence records at any time in line-with GDPR
5. Use notifications informing you when and who accesses your records once access has been granted
The full event can be accessed using the link below. You can also sign up to our mailing list for more helpful articles and news of upcoming events.