©2024. Published in Landslide, Vol. 16, No. 2, December/January 2024, by the American Bar Association. Reproduced with permission. All rights reserved. This information or any portion thereof may not be copied or disseminated in any form or by any means or stored in an electronic database or retrieval system without the express written consent of the American Bar Association or the copyright holder.
The past few years have shown an immense increase of online transactions in the art world, particularly for auction houses. In 2021, there was a 1,056% jump in sales conductedIn 2022, although the spike in online art sales was not as substantial, they continued to surpass pre-2020 levels in the leading auction Similarly, mid-tier and smaller businesses “noted the continued importance of [online sales] in terms of operating efficiencies, cost reductions, and geographical
Traditional fine art transactions tend to be opaque due to the prevalence of private sales, the ease of transporting artworks across borders, the transfer of ownership while works are stored in freeports, the subjectivity of the value of a work of art, and issues with provenance verification. These factors have led to an uptick in intellectual property-related issues, including copyright and trademark infringement involving counterfeitBut what many intellectual property practitioners are not so aware of is that these factors have also been identified as key indicators of a market ripe for attempting money laundering, particularly as fine art is an asset class that may be used as collateral to secure
The lack of transparency in art market transactions has been further exacerbated by the rise in popularity of digital art, non-fungible tokens (NFTs), art investment platforms such as Masterworks, and the increased use of cryptocurrencies for purchasing works of art. With such increases in fine art transactions being conducted remotely, in conjunction with the international scope of the art market, regulations surrounding anti-money laundering (AML) have been and will continue to be increasingly prevalent for all art market participants (AMPs), which include but are not limited to auction houses, galleries, dealers, art consultants and other intermediaries, freeports, and cultural institutions that deal in art and antiquities.
The current leaders in the international art market include the United States, with 45% of the total shares of sales by value; the United Kingdom, having 18%; China, at 17%; France, at 7%; and Germany and Switzerland, tied atIn the United Kingdom and European Union, there are affirmative AML due diligence obligations that AMPs are required to undertake prior to closing on deals in the art market. In the United States, money laundering charges associated with art industry transactions have become more common, and AML regulations are on the horizon.
Overview of International AML Requirements
In the United States, United Kingdom, and European Union, conducting transactions with proceeds of crime and money laundering generally have been illegal for quite some time. In 2018, the European Union, which included the United Kingdom at the time, passed the Fifth Anti-Money Laundering Directive, which began requiring AMPs to conduct customer due diligence (CDD) prior to the completion of any artwork transaction greater than 7 The key components of CDD include establishing a risk assessment policy, verifying each party with a financial interest in the transaction, conducting a provenance check on the artwork, and reporting any “suspicious activity” to the appropriate regulatory authorities.
With the passing of the Sixth Anti-Money Laundering Directive in 2021, European Union member states were charged with imposing stricter standards and amending their own policies to include potential criminal penalties along with monetary fines. The most recent AML legislation in the European Union created the Anti-Money Laundering Authority (AMLA), a centralized enforcement agency established at the beginning of 2023 and expected to be fully funded by 2025. The AMLA is tasked with supporting, coordinating, and monitoring the application of AML regulations across the European Economic Area. The ultimate responsibility for preventing money laundering, however, remains with each of the European Union member states.
Despite exiting the European Union, the United Kingdom continued its efforts to monitor and regulate the art market’s implementation of CDD and AML programs. The United Kingdom amended its Money Laundering, Terrorist Financing and Transfer of Funds Regulations to incorporate provisions from the European Union regulations applicable to the art
The United States, notwithstanding a legislative effort to extend the definition of a financial institution in the Bank Secrecy Act to include AMPs, has yet to implement regulations that directly require AMPs to conduct know-your-client (KYC) CDD-equivalent screenings prior to finalizing a
Overall, the goal of each country, either through enforcement of money laundering charges or through AML regulations, is to gain a greater understanding of the parties and funds involved in the transaction. This includes confirmation of the parties’ identity and source of funds and a determination of whether there is risk that the funds being used in the transaction are the proceeds of crime. When intermediaries and companies are used to purchase art, the goal is to establish who is the actual owner of the work being sold and who will be the ultimate beneficial owner upon completion of the transaction.
United Kingdom and European Union
The European Union and United Kingdom regulations extend to foreign AMPs—including dealers in the United States—who are involved in any art sale with parties located in or who are citizens of the European Union or UnitedThis includes overseas dealers who physically enter the United Kingdom or European Union to sell works of art and online galleries and auction websites, wherever located, that receive a commission in relation to the purchase or sale of works of art through their When an overseas dealer or online platform is acting as an intermediary for its customers located in the United Kingdom or European Union, it is considered to be an AMP and is required to conduct CDD prior to finalizing the relevant Both the United Kingdom and the European Union require CDD when a transaction is over €10,000. Although there are some similarities and the purpose and goals of all the regulations are the same, there are differences in the specific requirements that AMPs have to follow in the United Kingdom and each individual member state of the European Union.
A primary difference between the United Kingdom and some members of the European Union, such as Germany, is the process for verifying digitally submitted documents. In the United Kingdom, when using electronic evidence as a part of their CDD, AMPs are required to demonstrate that they were able to verify that the customer actually exists and that the information provided satisfies the AMP’s risk assessment policy, discussedFurther, any third-party service used to verify identity must be included on the Department for Digital, Culture, Media, and Sport list and be registered with the Information Commissioner’s Office, ensuring its compliance with applicable data privacy Comparatively, Germany requires that a customer’s identity be verified via video call, unless the customer has a German ID card issued by the state, submits a qualifying signature, and transfers the funds from a qualifying institution from an account owned by the
Another difference is the requirement for AMPs to register in the jurisdiction in which they plan to transact. There is no preregistration requirement across the European Union, but each member state has different requirements. For example, the Netherlands requires an AMP to register prior to submitting a suspicious activity report. Conversely, in the United Kingdom, Her Majesty’s Revenue and Customs requires AMPs to register prior to, or shortly after, conducting a qualifying transaction.
In 2021 and 2022, United States legislators attempted to amend the definition of “financial institution” in the Bank Secrecy Act to include industry professionals who were deemed to be at risk for unknowingly or knowingly facilitating moneyThe ENABLERS Act, which ultimately was excluded from the end-of-year legislation passed in December 2022, would have brought AMPs, lawyers, accountants, payment processors, and other similar professionals under the Bank Secrecy Despite the failure of the ENABLERS Act to pass, under U.S. Code title 22, AMPs are nonetheless obligated to avoid entering into transactions with the ever-evolving list of sanctioned individuals, entities, industries, and countries and to avoid knowing assistance in money
Affirmative Obligations and Customer Due Diligence
Under United Kingdom and European Union regulations, AMPs are required to develop a risk assessment policy, create KYC records by conducting CDD, establish the provenance of the artwork being sold, and report any suspicious activity to the applicable authorities. These obligations are similar to those imposed on financial institutions by the Bank Secrecy Act and should be considered best practices for United States AMPs. The potential risk of not implementing KYC, even in the United States, can lead to criminal charges, exemplified as recently as May 2023 when Palm Beach gallery owner Daniel Bouaziz was sentenced to 27 months in prison for laundering money derived from his successful scheme to sell counterfeit
Risk Assessment Policy
AML regulations typically require covered businesses to create and maintain a written risk assessment policy. Overall, a risk assessment policy should be based on the size and nature of the business, how often it engages in regulated activities, where it does business geographically, who its clients are, what sale channels are being used by the business (e.g., public auction, gallery consignment, in-person, online, or private sales), and the value of artworks generally offered. Risk assessment policies should be documented and reviewed annually, following any significant changes in the AMP’s business, changes in circumstances, and any amendment to AML regulations.
Practically, the creation of a risk assessment policy can be broken into two steps. The first step in complying with AML regulations is to conduct an internal risk assessment focused on the business’s potential exposure to money laundering and set forth best practices meant to protect the business from being unknowingly used to launder illicit funds. When looking internally at an AMP’s business and the potential exposure, there are three main components to consider. The first is establishing client profiles detailing (i) where clients are located; (ii) how well the AMP knows the clients prior to transacting; (iii) how many clients may be, or may be associated with, a politically exposed person; (iv) whether clients are individuals or entities; (v) how many clients use an intermediary; and (vi) clients’ source of funds. The second is the transaction itself, including (i) the average number of transactions over €10,000, (ii) payment processing procedures, and (iii) the structure of payment remittance and collection (i.e., whether the funds are directly transferred to and from the beneficial owners). Finally, the AMP should consider how provenance of the artworks is established and the reliability of provenance documentation provided.
The second step in complying with AML regulations is to establish the AMP’s internal business procedures. This includes (i) naming the compliance officer charged with ensuring that due diligence protocols are in place and complied with, (ii) determining how the business will collect and store client data, (iii) outlining how CDD will be conducted, (iv) establishing criteria for when enhanced due diligence will be required, (v) specifying how decisions will be evidenced, and (vi) detailing how staff will be educated and trained in AML best practices. This document will act as a guide for creating KYC records, establishing provenance, approving transactions, and reporting suspicious activity.
Know Your Client and Customer Due Diligence
Once the written risk assessment policy is created, the implementation of KYC recording must begin. When creating a record for a specific transaction, the business must begin with CDD. Customer due diligence entails (i) collecting documentation regarding personal identifying information, (ii) verifying the documentation provided, and (iii) researching and establishing any potential risks associated with the individual (commonly referred to as “red flags,” discussed below). Once CDD is completed, the AMP should determine whether enhanced due diligence is required. This may include establishing the buyer’s source of funds, relationship to a politically exposed person, or relationship with a high-risk jurisdiction.
“Red flags” are information that is uncovered through the CDD process that may increase the likelihood of money laundering. Common red flags include a record of financial crimes, such as embezzlement or fraud; the customer being or being associated with a “politically exposed person” (e.g., a politician, a celebrity, or a Fortune 500 company executive); an unusually structured transfer of funds; and use of a shell entity to obscure beneficial ownership.
Another aspect of the KYC record, specifically relevant for AMPs and those who deal in antiquities, is establishing provenance of the work being sold. This is particularly important as in each country, transacting with the proceeds of crime is illegal.
Finally, based on the KYC record, the business must make the decision of whether to proceed with the transaction and document its decision-making process.
Suspicious Activity Reporting
In the event that the KYC report raises sufficient red flags, AMPs are required to file suspicious activity reports (SARs) with the applicable jurisdiction. Each jurisdiction has a different process and threshold for when SARs are required to be filed. For example, in the United Kingdom, a SAR must be submitted to the National Crime Agency where the compliance officer knows, suspects, or has a reasonable basis for knowing or suspecting that a person is engaged in or attempting to launder money, even if the company decides not to proceed with theIn the United States, although AMPs are not currently required to conduct KYC, should an AMP uncover suspicious conduct when complying with other jurisdictional regulations or implementing KYC as a matter of best practice, a SAR must be submitted if potential money laundering or violations of the Bank Secrecy Act are uncovered during the KYC
In France, AMPs are obligated to submit a SAR when the business knows, suspects, or has good reason to suspect that funds involved with a transaction have been derived from a crime punishable by imprisonment greater than one year (which includes money laundering) or tax fraud or are linked to terroristIn Germany, the obligation to file a SAR arises when the business discovers facts indicating that it could facilitate money laundering or terrorist
With the marked increase of online sales beginning in 2020 and stabilization in subsequent years, the art market is open to those who seek to take advantage of the opaque nature of fine art transactions. The European Union and the United Kingdom have already passed regulations requiring AMPs to conduct CDD and maintain KYC records. The United States has been considering similar regulations for quite some time, with the most recent attempt failing in December 2022; however, the United States has been increasingly prosecuting money launderers, those who facilitate money laundering, and those who transact with sanctioned
The consequences—including imprisonment, fines, and confiscation of the artwork and any illicit funds associated with the transaction—may be reason enough for some United States-based AMPs to immediately begin creating their risk assessment policies and implementing due diligence. While some AMPs are required to participate in AML due diligence based on their international presence, for those who may not be affirmatively required to do so, taking action now can be analogized to an insurance policy against facing charges, losing the proceeds from a transaction, and credibility in the industry as the regulations continue to evolve and expand in scope. Lawyers advising AMPs should ensure that their clients are implementing risk management protocols to bring them into compliance with global AML regulations, prepare them for imminent regulation and enforcement in the United States, and minimize the risk that they become unwitting participants in money laundering schemes.