Event Recap: The biggest mistakes art businesses make when dealing with AML
Unsurprisingly, our most recent online event, ‘The biggest mistakes art businesses make’ was the most viewed event we’ve held to date.
As a platform helping over 150 art businesses in the UK, EU, US and Switzerland get this right, our aim is to share common misconceptions and mistakes with the goal of helping businesses fail to do what is required to meet the regulations.
Here in the UK, supervising body HMRC authored a very useful article in the Antiques Trade Gazette explaining what they are looking for. Using this as a framework against what we are exposed to as a large community of art businesses all dealing with the same challenges deduced the following common mistakes are see art businesses making.
To view this event in full, click here or select from the available resources at the bottom of this article.
Not receiving and storing sensitive client information in-line with GDPR
Result: Breach of GDPR & Data Security and Cybercrime risks.
Asking for ID and Proof of Address and doing nothing else
Result: Contravenes Customer Due Diligence obligations, penalties and risk of fines
Not collecting - or sharing - the correct information when acting as - or dealing with - an Agent or Intermediary and accepting or sharing ‘Letters of Reliance’
Result: Disclosure of sensitive information, breach of regulations, risk of sanctions and fines.
Not performing Customer Due Diligence correctly
Result: No formal process or reporting, contravenes CDD and Enhanced Customer Due Diligence requirements, risk of penalties and fines.
No record-keeping process and no reports of Customer Due Diligence
Result: Contravenes Section 7. Reporting and Record-Keeping requirements, no audit trail.
No written reporting demonstrating decision-making
Mistake: Contravenes Section 7. Reporting and Record-Keeping requirements.
No CDD framework and process in place creates a disconnect between Operations and Sales
Result: Delays to sales, duplication of effort, frustrating the client.
Using ‘questionnaires’ and other attachments as a means to collect information from clients over email.
Result: Data Security and GDPR risks, increased internal admin, creating work for the client, delays to sales
Carrying out Due Diligence on Companies manually.
Result: Risks of regulatory failures, increased workload for teams, data security risks
No secure way to share your own information with other members of the art market
Result: Data security and GDPR risks, increased admin.
Delegating decision making responsibility to staff lacking the appropriate tools and formal training
Result: Contravenes the regulations, non-compliance risks.
Confusing long-standing, personal relationships with Customer Due Diligence
Result: No evidence of, reports and records of Customer Due Diligence, risk of fines, penalties, sanctions, reputational damage