The Fifth Anti-Money Laundering Directive or 5AMLD came into effect on January 2020 and reinforces the European Union’s Anti-Money Laundering/Combating the Financing of Terrorism or AML/CFT regime by enhancing transparency in financial transactions. The AML/CFT already implements money laundering regulations, which are robust and comprehensive requirements aimed at preventing businesses from being used by organized crime groups to launder money or to finance terrorist activities within EU member states.
Now, the 5AMLD extends the scope of the controls enforced by AML/CFT to digital currencies and digital currency providers. Its goal is to eliminate anonymous transactions involving cryptocurrencies to prevent fraud. And 5AMLD aims to achieve this by requiring that centralized data registries be put in place so that authorities will be able to quickly identify cryptocurrency account holders and controllers.
But how exactly do companies, especially galleries, art dealers, and auction businesses, stay compliant?
First Things First: How Do Money Laundering Regulations Affect AMPs?
Art Market Participants (AMPs), which include galleries, art dealers, and auction businesses, are vulnerable to the dangers of financial exploitation. Transactions with AMPs may be used for criminal or terrorist financing or as a means of laundering money to fund serious organised crime like drug importation and human trafficking. Enabling money laundering to take place as a mere result of a lack of due diligence and controls in the part of an AMP can result in sanctions, reputational damage, or even criminal conviction.
As such, money laundering regulations (MLRs), which are strict and specific, are put in place to protect AMPs from becoming unwitting victims to organized criminal activities.
Here are five important guidelines from the HMRC regarding this directive, especially with the June 10, 2021 deadline for Art Market Participants (AMPs) to register for money laundering supervision nearing.
1. Risk Assessment
Compliance with money laundering regulations is built on the foundation of risk assessment. You are legally obliged to assess the risks of your business based on your business model and to accommodate business changes and developments as they come. These changes and developments will affect money laundering and terrorist financing risks, too.
2. Policies, Controls, and Procedures
After compiling a comprehensive and robust risk assessment, you need to put in place or implement an equally comprehensive plan on how to manage these risks. A risk-based approach includes appropriate policies, controls and procedures (PCPs) designed to effectively mitigate the risks that you have earlier identified. These PCPs also need to be reviewed and updated regularly.
These PCPs naturally need to be adapted to reflect whatever changes to your picture of business risk. They should detail how these risks will be addressed and how it will keep doing so as your business evolves and the risks change along with it.
HMRC Regulations 28 and 29 actually outline how a risk-based approach can be achieved, but it has to be applied according to the individual business’ model and requirements.
3. Customer Due Diligence
Money laundering regulations also specify when to apply customer due diligence. Regulation 27, more particularly, details both the general and specific customer due diligence requirements for AMPs. And once you have decided on when to apply this due diligence, Regulation 28 details how you should go about it. It is imperative for you to know the identity of your clients, so it follows that one of the cornerstones of MLRs is customer due diligence.
HMRC requires that know-your-client or KYC checks should be undertaken on a client’s transacting with your business above the threshold of 10,000 euros, whether it is a single transaction or multiple linked transactions.
Most of the post-inspection penalties imposed by the HMRC on AMPs contain a sanction that is related to their failure to properly comply with requirements for customer due diligence.
4. Timing of Verification and Record Keeping
The MLRs have outlined rather specific requirements regarding when to perform customer due diligence verifications. You need to create audit trails to demonstrate that you have complied with the regulations. As a business, you also need to understand the record-keeping requirements in order to easily comply with them.
AMPs must securely record and store customer data relating to “Know Your Customer” requirements, including IDs, date of birth, and full address. Be sure, however, that you comply with GDPR when collecting personal data. Auction houses are required to appoint a Data Protection Officer in accordance with UK GDPR.
You also need to keep customer data in your record for five or 10 years after your business relationship with a customer has ended.
5. Enhanced Due Diligence
It is essential for AMPs to know when to apply enhanced due diligence (EDD). You need to make a connection between your risk assessment, and your policies, controls and procedures, as well as to the resulting EDD requirements.
While most people expect to apply EDD when doing a highly unusual transaction or transacting in more obvious circumstances, like when it involves a politically exposed person, the MLRs are specific on the full range of requirements for EDD. For instance, how do you know if you are dealing with a politically exposed individual, with their family member, or with a known associate? Are you expecting to maintain a business relationship with a customer who is established in a high-risk third country?
High-risk countries are those countries that present no or deficient anti-money laundering and terrorism regimes. The 5AMLD wants to make sure that businesses in EU states dealing with these high-risk third countries apply systematic enhanced controls. In fact, the 5AMLD encourages sectors in member states to limit their relationship with these high-risk countries.
Artisio: Supporting Compliance and Delivering 5AMLD Solutions
Making these anti-money laundering requirements an intrinsic part of your business operations is the key to compliance. For AMPs, the overall legal responsibility for compliance rests in the hands of the business and cannot be outsourced to a third-party.
Artisio’s impressive auction management software (AMS) is designed to support AMPs by offering a module which facilitates AML/KYC checks to be carried out on all clients via any of the major third-party compliance providers in the marketplace. This unique module will integrate via an API link and ensure a seamless and secure 2-way process of capturing, recording and safely storing client’s data in accordance with GDPR regulations.