Skip to content

No silver bullet to AML compliance

Although the EU art market has been a regulated sector for money laundering (“ML”) compliance since January 2020, developing a successful AML programme remains a challenge for many art market participants[1] seeking a single silver bullet solution.

The challenge is to be expected  given that even financial institutions, which have been regulated for much longer than the art market, continue to struggle and fare poorly in applying ML regulatory obligations. If global financial institutions struggle, in spite of  large, sophisticated compliance departments and cutting-edge technology, how much more difficult must it be for the art market? The idea of a single silver bullet solution to solve AML compliance remains an illusion. However, one may need just two silver bullets to deliver a successful AML programme: “Human” AML Skills and “Tech” AML Tools.

Human AML Skills are those skills honed by the people in the business routinely facing the risks- specifically: the leadership, the Money Laundering Reporting Officer (MLRO) and the staff. Each of these groups has the challenge of recognising if/ when their AML obligations kick in, and if so, knowing how to apply them. It is only after the AML obligations are triggered that  “Tech AML Tools” come into play. The Tech AML Tools are the technology instruments used to assist in satisfying the Know Your Client, Customer Due Diligence, source of funds and document retention obligations. In combination, the Human AML Skills and the Tech AML Tools constitute the yin and yang of a complete AML Programme.     

Unfortunately, one of the most common and dangerous misunderstandings among ML-regulated entities, e.g., financial institutions and art market participants, is the enduring belief that “buying” a Tech AML Tool is the solution to fulfil all of one’s AML obligations. Indeed, the 10th Basel AML Index[2] identified poor application and understanding of ML programmes and risks (in other words, weak Human AML Skills) as one of the top four ML risk trends for 2021[3]. The Basel Index especially highlighted that “designated non-financial businesses and professions”, known in AML circles as “DNFBPs”, are seemingly unaware of the ML risks they face, and hence of the implied duties of proper AML procedures, thereby exposing themselves to ML risks. 

Year on year, the Basel ML Index reported no improvement for DFNBPs in AML effectiveness scores, particularly when it came to “adequately applying” their AML programmes[4].  The utter lack of improvement is worrying given the criminal penalties for failure to comply. As art market participants (AMPs) are one of the newest members of the DNFBP category, understanding the need for both Human AML Skills and Tech AML Tools is fundamental to avoid the criminal exposure inherent in a weak AML programme.  

To have Human AML Skills one needs, well, people, i.e., staff who are, firstly, aware of the ML risks presented by the clients, objects or transactions with which they work, and secondly, who understand how to apply a risk-based approach on a client by client, transaction by transaction basis. Most AMPs are generally familiar with the basic AML programme requirements of: needing to Know Your Client, conducting Customer Due Diligence and understanding the client’s source of funds.  

When fulfilling these requirements, one may uncover Red Flags, or ML risk factors. Certain Red Flags, known as Human Red Flags, are those that are only uncovered from personal interaction with a client, whether virtually, in writing or in person. Examples of Human Red Flags include: 

  • clients who request third party payments; 
  • clients who request a name other than the buyer as the invoice name, or an address other than the buyer as the shipping destination for a work of art;
  • clients who are evasive, unwilling or unable to provide  information about a consignment; or
  • clients who seem concerned about providing identity or residence information or verification.

Unless staff are sufficiently fluent with the identification of Red Flags, it goes without saying, they will unknowingly disregard them. This has a knock-on effect, as staff are not only responsible for noticing a Red Flag but more importantly for reporting Red Flags to the MLRO. 

The MLRO is the person within an organisation who ideally has the most finely developed Human AML Skill set.  Among the MLRO’s many responsibilities, one of the most important is the ability to apply a risk-based approach when responding to Red Flags. A risk-based approach requires the MLRO to decide for example what further identity information or documents may be requested to fulfil the Know Your Client AML step.  The MLRO also has authority to decide, with management, if necessary, whether to proceed with the transaction and/or to file a suspicious activity report.  The closest thing to a “human silver bullet” is having a well-trained MLRO with sufficiently developed Human AML Skills, capable of properly applying a risk-based approach.

As Human Red Flags are often first seen, heard or observed by the sales or finance teams, the next vital link in a strong AML chain is appropriately trained staff.  Properly trained staff must be adept at applying the “Do’s and Don’ts” of any AML programme.  Do notify the MLRO as soon as possible of any ML concern or suspicion about Red Flags.  Do not inform a client about those concerns or suspicions.  Both activities, i.e., failing to report a suspicion or tipping-off a client regarding suspicions, may expose the art market participant to liability for a criminal offense. 

Whereas it is the MLRO’s responsibility to ensure all staff understand and apply the AML programme, the MLRO does not stand alone.  In the UK in particular, it is ultimately senior management who are responsible for ensuring that the MLRO him/herself is supported, has adequate resources, is independent and has access to all information required to fulfil the function. Human AML Skills very much start at the top with senior management and roll down the hierarchy in a snowball effect. Hence, having well-informed and trained senior management is the next essential element of a healthy AML programme. 

As important as Human AML Skill is, it is only the yin of a strong AML programme. The yang is having adequate Tech AML Tools. A Tech AML Tool is essential to uncover “Tech Red Flags”, or those Red Flags that are most easily uncovered by the use of sophisticated technology that searches international databases for troubling facts. These include exposing facts such as potential clients who: are politically exposed persons; reside or work in or near “high risk” jurisdictions[5]; are on an international sanction list; are party to a criminal investigation or prosecution;  or are someone who associates with such people, etc. 

Discovering these data points without the help of Tech AML Tools is theoretically possible but extraordinarily challenging.  Without a doubt, manually conducting such searches greatly increases the risk of overlooking a very bright Red Flag, such as being the subject of an active fraud or money  laundering investigation. Some Tech Red Flags, such as being listed on the UN Security Council’s sanction list, may be an automatic deal breaker, whereas others, such as being a politically exposed person, may not be. Ultimately, it is up to the MLRO to decide if it is possible to resolve a Tech or Human Red Flag. Thus, even where Tech Red Flags are concerned, Human AML Skill set may still come into play when  applying the risk-based approach.  

Tech AML Tools have additional benefits.  They may  offer ways to verify quickly and remotely client identity and proof of residence, and to assist with establishing the client’s source of funds. Tech AML Tools may also assist with document retention requirements. Fortunately, there are bespoke Tech AML Tools focused exclusively on the unique aspects of the art market, and the technology is constantly improving and evolving. 

One thing is certain: AML compliance is not a box-ticking exercise. Securing access to a bona fide Tech AML Tool may well be a “box that should be ticked”, but the use of tech tools alone is insufficient. Tech AML Tools without Human AML Skills, and vice versa, expose regulated art market participants to unnecessary risk. These avoidable risks range from failing a government audit of one’s AML programme to the real and more serious risk of exposing the business and staff to criminal prosecution, including fines and prison.

Rena Neville & Paula Trommel
Corinth Consulting

[1] Under the EU’s 5th Money Laundering Directive, “art market participants” include any person or entity who trades in relevant objects in excess of €10,000 covered by their local  ML regulations, such as art advisors, auction houses, galleries and intermediaries.

[2] Basel Institute on Governance, 2021. Basel AML Index 2021: 10th Public Edition – Ranking money laundering and terrorist financing risks around the world. Available at:

[3] Each of the other three risk trends involved governmental responsibilities and are  poor government: responses to virtual assets; implementation of beneficial ownership registries;  and failure to implement effective preventative ML  measures.

[4] The Basel AML Index relies in part on data created by the Financial Action Task Force (FATF). One of FATF’s key effectiveness measures is whether regulated entities, “adequately apply” preventative measures.  FATF Effectiveness Measure Immediate Outcome 4.

[5] High risk jurisdictions typically refer to those countries designated as high risk or worthy of monitoring for monitoring or terrorist financing by a government or governmental watch dog, such as the EU, the US, the UN, or the Financial Action Task Force, etc.