Article

Event Recap: The biggest mistakes art businesses make when dealing with AML

Published
October 18, 2021

Unsurprisingly, our most recent online event, ‘The biggest mistakes art businesses make’ was the most viewed event we’ve held to date.

As a platform helping over 150 art businesses in the UK, EU, US and Switzerland get this right, our aim is to share common misconceptions and mistakes with the goal of helping businesses fail to do what is required to meet the regulations.

Here in the UK, supervising body HMRC authored a very useful article in the Antiques Trade Gazette explaining what they are looking for. Using this as a framework against what we are exposed to as a large community of art businesses all dealing with the same challenges deduced the following common mistakes are see art businesses making. 

To view this event in full, click here or select from the available resources at the bottom of this article.

Mistake 1

Not receiving and storing sensitive client information in-line with GDPR

Result: Breach of GDPR & Data Security and Cybercrime risks.



Mistake 2

Asking for ID and Proof of Address and doing nothing else

Result: Contravenes Customer Due Diligence obligations, penalties and risk of fines



Mistake 3

Not collecting - or sharing - the correct information when acting as - or dealing with - an Agent or Intermediary and accepting or sharing ‘Letters of Reliance’

Result: Disclosure of sensitive information, breach of regulations, risk of sanctions and fines.



Mistake 4

Not performing Customer Due Diligence correctly

Result: No formal process or reporting, contravenes CDD and Enhanced Customer Due Diligence requirements, risk of penalties and fines.



Mistake 5

No record-keeping process and no reports of Customer Due Diligence

Result: Contravenes Section 7. Reporting and Record-Keeping requirements, no audit trail.



Mistake 6

No written reporting demonstrating decision-making

Mistake: Contravenes Section 7. Reporting and Record-Keeping requirements.



Mistake 7

No CDD framework and process in place creates a disconnect between Operations and Sales

Result: Delays to sales, duplication of effort, frustrating the client.



Mistake 8

Using ‘questionnaires’ and other attachments as a means to collect information from clients over email.

Result: Data Security and GDPR risks, increased internal admin, creating work for the client, delays to sales



Mistake 9

Carrying out Due Diligence on Companies manually.

Result: Risks of regulatory failures, increased workload for teams, data security risks



Mistake 10

No secure way to share your own information with other members of the art market

Result: Data security and GDPR risks, increased admin.



Mistake 11

Delegating decision making responsibility to staff lacking the appropriate tools and formal training

Result: Contravenes the regulations, non-compliance risks.


Mistakes 12

Confusing long-standing, personal relationships with Customer Due Diligence

Result: No evidence of, reports and records of Customer Due Diligence, risk of fines, penalties, sanctions, reputational damage