KYC and AML Document Collection for UK Art Dealers

The UK art trade sits squarely inside the country’s anti-money laundering regime. If you run a gallery, deal privately, or act as an agent on sales, you may be what the rules call an art market participant, and that status carries specific legal duties under HMRC’s money laundering supervision rules.

According to HMRC’s guidance for art market participants, an art market participant is a firm or sole practitioner who, by way of business, trades in, or acts as an intermediary in, the buying or selling of works of art where the transaction value (or a series of linked transactions) is 10,000 euros or more. It also covers the operator of a freeport storing works of art valued at 10,000 euros or more for a person, or for a series of linked persons.

Art market participants do not have a dedicated professional regulator the way solicitors or accountants do. Instead, HMRC is the default anti-money laundering supervisor for art market participants, and businesses that meet the definition must register with HMRC for AML supervision before they can lawfully continue trading at that level.

Registration is only the start. The same HMRC guidance makes clear that registered participants must meet their wider obligations, including customer due diligence, record keeping, and reporting suspicious activity. The underlying law is the Money Laundering, Terrorist Financing and Transfer of Funds (Information on the Payer) Regulations 2017, the principal UK statutory instrument from which registration, due diligence and reporting duties flow.

Customer due diligence, often shortened to CDD, is the heart of the regime. Regulation 28 of the 2017 Regulations requires relevant persons to identify the customer and verify their identity on the basis of documents or information obtained from a reliable source which is independent of the person whose identity is being verified.

That independence point matters. A photocopy a client hands you, with nothing to corroborate it, is weaker than evidence drawn from a source the client does not control. Regulation 28 also requires you to identify and verify beneficial owners, and to understand the ownership and control structure where the customer is a company or a trust. A buyer purchasing through a corporate vehicle or family structure therefore triggers a deeper layer of checks than a straightforward individual sale.

HMRC’s detailed risk guidance, Understanding money laundering risks and taking action for art market participants, sets out these CDD obligations by reference to regulations including 17, 18, 18A and 47. In other words, the obligation is not a single box-tick; it scales with the risk profile of the customer and the transaction.

Translating Regulation 28 into a practical checklist, the documents an art market participant typically needs to gather fall into three groups.

Identity

• A current passport or photocard driving licence to verify the individual
• For companies, incorporation details and the identity of beneficial owners
• For trusts, the structure and the identity of those who control it

Address

• A recent utility bill, bank statement or council tax letter confirming the residential address
• Documents dated within a sensible recency window

Source of Funds

• Evidence of where the money for a high-value purchase originated, where the risk requires it
• This can include bank statements, sale proceeds, or documentation of an inheritance or investment

Every one of these documents is sensitive personal data. A passport scan, a bank statement, and a source-of-funds letter together give a fraudster almost everything they need to impersonate your client, which is precisely why how you collect them matters as much as what you collect.

Many galleries still gather these files over ordinary email, asking a client to attach a passport photo and a bank statement to a message. That is the weakest possible channel. Email is rarely end-to-end encrypted, copies linger in sent folders and inboxes indefinitely, and a single misdirected message can expose a client’s entire identity to the wrong recipient.

A purpose-built secure collection link solves this without adding friction for the client. With FileSeal, you send a one-time upload link; the client’s documents are encrypted on their own device with AES-GCM-256 before anything is transmitted, so the contents are never readable in transit or on the server. Files are deleted automatically after you collect them, which supports the data minimisation expected under data protection law, and you keep a clean record of when the documents were provided.

The same approach extends naturally to the other paperwork around a sale. If you also handle condition reports, invoices or provenance, you can read more in our guide to sharing art provenance documents securely, and our GDPR document collection compliance guide covers the data protection side in detail.

A growing share of the art trade happens online or at a distance, where you never meet the buyer in person. The regulator anticipates this. For online or remote sales, HMRC recommends conducting a video call to verify the person is genuine and is the person shown in the identity documents.

A sensible remote workflow therefore pairs two things: a video call to confirm the buyer matches their identity document, and a secure, encrypted channel to receive the documents themselves. Together they give you a defensible CDD process for clients you will never meet face to face, whether they are an overseas collector or a UK buyer purchasing through an agent. For dealers serving wealthy and international clients, this slots neatly into a wider onboarding process; our notes on secure document sharing for family offices cover the same secure-handling principles for high-value relationships.

Does my art gallery need to register for AML supervision with HMRC?

If you trade in, or act as an intermediary in, the buying or selling of works of art by way of business where the transaction value (or a series of linked transactions) is 10,000 euros or more, you are an art market participant and must register with HMRC for anti-money laundering supervision. HMRC is the default AML supervisor for art market participants.

What documents do art dealers need to collect for customer due diligence?

Customer due diligence requires you to identify the customer and verify their identity from documents or information obtained from a reliable, independent source. In practice that means collecting photographic identity documents, proof of address, and, where the risk requires it, source-of-funds evidence. For corporate customers and trusts you must also identify and verify the beneficial owners and understand the ownership and control structure.

How should art dealers collect AML documents from remote clients?

For online or remote sales, HMRC recommends conducting a video call to verify that the person is genuine and is the person shown in the identity documents. The documents themselves should be collected over an encrypted channel rather than ordinary email, so identity and financial records are protected in transit and the dealer can evidence how the data was handled.