What to expect if your art business has an AML intervention with HMRC

March 22, 2023
by ArtAML™ Team

Interventions are now taking place of art businesses regulated for AML in the UK. This overview has been put together to help set your expectations of what might be covered.

Keep reading to discover key areas to be covered, starting with a bullet pointed list and followed by detail on each.

Possible meeting agenda points, based on interventions to date:

  • Introductions and purpose of visit
  • Basic information including business background and history
  • Relevant activity (Sales and Purchases)
  • Risk assessment:
    • Customers;
    • Countries or geographic areas of operation;
    • Products and services;
    • Transactions; and
    • Delivery channels.
  • Policies, controls and procedures (“PCPs”):
    • Internal controls;
    • Customer Due Diligence (“CDD”) and Enhanced Due Diligence (“EDD”);
      • “Simplified Due Diligence” (SDD) might also come up in relation to artists
    • Reliance agreement (not as relevant since the BAMF Guidance June 2022 update); and
    • Ongoing monitoring (only applicable for ongoing business relationships).
  • Training;
  • Record keeping;
  • Suspicious Activity Reports (“SARs”);
  • Testing of real-life transactions that you’ve conducted and what CDD was conducted; and
  • Conclusion / next steps.

Basic information including business information

Help the regulator understand your size of business and risk faced of being targeted by money laundering activities. The extent to which a regulated business conducts due diligence is to be proportional to the business size. What a large auction house with a dedicated compliance team is expected to have in place for compliance measures will be different to a micro art business. While a small business has a legal requirement to comply with requirements, the reality is that such a business lacks resources to have a fully dedicated department, for example.

When asked about basic business information, help the HMRC officers by telling them about the number of people in the business, number of qualifying transactions (‘relevant activity’), value of those transactions, if you’re dealing in the primary and/or secondary markets, if ‘relevant activity’ all falls under ‘occasional activity’ (as ongoing ‘business relationships’ are not necessarily applicable in the sector) and the like. This will enable HMRC to conduct an intervention that is in alignment with your business size and the risk faced of being the target of money laundering activities.

Top tip: When they ask you about turnover and transactions, be sure to clarify that they mean that for relevant activity (as opposed to all business activity).

Do note that while the National Risk Assessment 2020 (UK) – which you’re expected to have read, concluded that the art market is at high risk of being the target of money laundering activities, this does not mean that your business nor the art that you sell is high-risk.

You’ll also want to address registrations that you have in place, for example: AML Supervision with HMRC; SAR reporting with the NCA; and Data protection with the Information Commissioner’s Office (ICO).

Top tip: When they ask if you have “passed the approvals test”, they’re referring to being approved as an AMP for supervision with HMRC. The word “test” is understandably perplexing, as the AMP sector does not actually take a test.

Relevant activity looks in both directions for transactions

The regulator is keen to establish if art businesses are now conducting CDD not only for buyers but also sellers, whether that’s another AMP business or directly from an artist’s studio. This change took effect 30th June 2022, so transactions prior to this date might have only looked in the direction of buyers – however, take note that the Proceeds of Crime Act 2002 was in force and notably relevant for the provenance of secondary market acquisitions.

Top tip: When they ask about your suppliers, this will mean living artists for many art businesses. The officers often haven’t come across the close-knit artist-gallerist relationship, and nor are they often familiar with consignments of art, so be prepared to educate them on these points.

See our blog post for more information on the update to the meaning of ‘customer’ from June 2022’s BAMF Guidance: https://artaml.com/what-all-uk-art-market-participants-need-to-know-about-the-updated-bamf-guidance-2022/


Five factors to be considered when conducting your business’s risk assessment

HMRC has determined five factors to consider in your business’s risk assessment that is to be refreshed at minimum annually and as soon as a risk changes. The expectation is that each area is to be assigned a risk rating, with an overall outcome indicating the business as low, medium or high risk.

Top tip: Be ready to be asked about what these are, and to explain the assessment outcomes for your business —


  • Customers
    • Who are what they are, i.e., an individual, legal entity, charity or trust – and at some point during the intervention, you’re likely to be asked about how you check if a customer (private individual or company) has been sanctioned, in which case the transaction would not, under any circumstances, proceed.
  • Geography
    • Where you trade (incl. IRL and/or online) and notably any high-risk jurisdictions or those without AML regulations in the sector.
    • What are some examples of high-risk jurisdictions? Be ready with some examples. – Top tip!
  • Products or services that you offer
    • ‘Works of art’, other objects and any services.
  • Transactions
    • Differing payment methods.
  • Delivery channels
    • How customers come to your business, such as your gallery, art fairs and transactional marketplaces.

Addressing the business’s AML Policy (incl. PCPs)

It’s important that this document is available to all team members in the business. Even if someone is not directly involved with AML procedures, they might end up in a situation that prompts them to check what to do if suspicious activity is potentially present.

In addition to risks that arose for your business in the Risk Assessment, the Policy will outline other areas of risk (i.e., potential red flags), both for the sector and under the ML Regulations (“MLRs”). Many of these will have been highlighted in HMRC’s risk guidance issued in June 2021 (“Money laundering: Understanding risks and taking action for art market participants”). Your policy will outline how the business is mitigating risks that have specifically been identified, and general steps that would be taken for red flags, in addition to steps deemed appropriate at the time.

Key facets of your PCPs will be how the business evaluates and records risk presented by customers and transactions, conducts due diligence that is in alignment with that risk evaluation (for example, how a customer is identified and verified if met in real life or not) and what steps are taken if the business determines there to be suspicious activity.


AML Training

There is a requirement for ‘relevant’ staff (per the BAMF Guidance updated February 2023) to receive AML Training, which is to be kept up to date. Whether you’ve taken certified AML Training with the likes of ArtAML™ and have a Certificate to show, have received internal training or watched HMRC webinars on the subject, having documented training records for the business that show when and what was done is vital.

Top tip: They’re likely to ask for details about any certified training taken, for example how many questions were asked in quizzes and what you scored.

Read more about AML Training obligations: https://artaml.com/aml-training-a-legal-requirement-for-art-market-participants/



Alongside obligations under the ML Regulations, the business must also adhere to UK General Data Protection Regulation (GDPR). Therefore, personal data collected for AML purposes is to be processed and stored in a GDPR-compliant manner (noting that this is of course the case for ArtAML™ users – see our Platform and Security Compliance Policy for more information on how data is backed up and more). Moreover, the intervention team might be interested in establishing if you have let your customers know that information collected and stored specifically to meet your AML obligations will only be used for that purpose. This is outlined in Regulation 41 of the MLRs.

While on the note of record-keeping, here are several types of documents likely to be requested during the intervention:

  • Sales invoices related to relevant activity;
  • Shipping invoices and transportation documents;
  • Provenance paperwork (if applicable);
  • Any other records related to CDD that has been conducted for transactions that are ‘tested’ (see below); and
  • Your business’s bank statements.



Suspicious Activity Reports (SARs)

What will you do if you ever deem suspicious activity to be present? The regulator will want to understand your process.

Importantly, as a regulated business, any potentially suspicious activity, regardless of the type of object / service or the transaction value, triggers the need to conduct of Customer Due Diligence. If the outcome is that there is suspicious activity, immediate action per your legal obligations is required, by submitting a SAR to the National Crime Agency. You have the option of submitting a DAML-SAR, though regardless of being afforded a ‘Defense Against Money Laundering’ you would likely not proceed with the transaction regardless. It’s also important to remember to not tip-off any customer / prospective customer about submitting an SAR, which in itself would be committing of a criminal offense.

Top tip: They’ll specifically ask you to walk through what will happen if any potentially suspicious activity is detected. Noting your registration with the NCA will be helpful! 



After talking through the above areas, the HMRC officer conducting the intervention will want to ‘test’ your CDD process by going through real-life examples from your business.

You’ll be able to walk them through the AML that you conducted via your ‘Completed’ dashboard. For example, you might show “KYC” on a company, incorporating the identification and verification of both the company and its UBOs, followed by “AML” conducted for that transaction.

Expanding upon the list of documents in ‘record-keeping’ above, a note on shipping / transportation documents. These are important for establishing the ultimate destination of art. You might not have them if you were selling to an art advisor or interior designer, so be prepared to explain how you address the Luxury Goods Ban in this case – for instance, by establishing jurisdiction where art is going, recorded in ‘AML’ (the Transaction module) in ArtAML™.

HMRC will likely request copies of what they review. For CDD that was conducted in ArtAML™, you will firstly need to download completed ‘KYC’, ‘AML’ and other modules that were completed. Those downloads will then need to be uploaded into a secure 24-hour Dropbox folder provided by HMRC. Once files have been transferred, be sure to delete them from your local computer, for the security of your customers’ personal data.

Intervention conclusion

To close out the intervention, you will likely be asked for anything that you would like to add.

The HMRC officer will confirm next steps, likely in the form of providing detailed notes of the meeting, for which they’ll give your business 7 days to provide input. That will be followed by confirmation of outcome, be that an advice letter, warning letter or a penalty.

Not sure that you have everything in place? Keen to receive support?

ArtAML™ customers with an active CDD subscription receive a complimentary half-hour 1:1 session to help you get ready. Moreover, we have intervention support services for both the lead up to the intervention and the follow-up – both of which are important for outcome and long-term records on file about your business’s AML compliance. To find out more, get in touch via our contact form or [email protected].

How can we help?

Get in touch with our team for support and advice