Anti-money laundering and GDPR

The fifth EU Anti-money laundering (AML) Directive came into force on January 10, 2020, updating much of the fourth AML Directive.

The fifth Anti-money laundering Directive (5AMLD) expands the scope current legislation and significantly ‘calls out’ high value works of art, requiring AML checks for transactions involving art which amount to €10,000 or more.

Large penalties have been put in place for art businesses who do not observe the new legislation.

The ‘sting in the tail’ comes from the interaction between your requirements as a data controller under GDPR and your requirements as an 'art market participant’ with HMRC.

It’s all  about securing the data

You must know your customer (KYC) and carry out due diligence to ensure your customer is who they say they are. Identification and verification of customers must be based on documents, data, or information from a reliable and independent source.

This means you are going to be handling far more sensitive documents, with significant GDPR consequences if this personal data is mishandled.

Protecting this sensitive, high-risk data will require careful attention to your information security organisational and technical measures.

Collecting the data, storing it, sharing it, deleting it all have GDPR and (conflicting) AML requirements.

To get simple, jargon-fee advice and guidance on technical solutions (Secure file/form handling) get in touch today.