- April 2, 2026
- Posted by: Rena Neville
- Category: Art Market, News
Earlier this month, HMRC hosted a webinar on AML record keeping. While the core rules have not changed, the discussion highlighted several areas where art market participants (AMPs) continue to fall short, particularly around how long records should be kept and what must be retained in practice.
As with many aspects of the UK Money Laundering Regulations (MLRs), the requirement itself is straightforward. The challenge lies in how it is applied.
The Five-Year Rule, Still Widely Misunderstood
HMRC reiterated that customer due diligence (CDD) records must be retained for a minimum of five years from either the close of the transaction or the end of the business relationship. For a business relationship, typically with a retainer client, it should be five years from the end of the relationship, but not more than ten years.
The relevant date is the end of the transaction or business relationship not from the end of the tax year, which remains a common misconception. Many art market participants keep records for six years in keeping with a broader document retention policy.
For AMPs, this distinction is critical. A long-standing client relationship may mean records are retained for significantly longer than anticipated, as the five-year period only begins once the relationship ends.
HMRC also confirmed that this is a minimum requirement, not a default retention period. Personal data must not be kept indefinitely and should be destroyed in line with data protection obligations unless there is a valid reason to retain it.
This aligns with the broader obligation to review and, where appropriate, destroy records once they are no longer required.
What Must You Actually Keep?
In practice, HMRC expects AMPs to retain more than just copies of passports and proof of address. It is clear that records include: documents, data and information learned.
Records should enable you to demonstrate:
- who your client was
- what checks were undertaken
- why you were satisfied with the outcome
This includes:
- Customer Due Diligence documents and verification records
- notes evidencing your risk-based decisions
- details of the services or transactions carried out
Even where accounting or due diligence third party service providers are used, for example, the responsibility to retain records and have access to them remains with the art market participant.
Common Problem Areas Identified by HMRC
The webinar highlighted several recurring weaknesses seen in supervisory visits:
Foreign language documents
It is important to apply a risk based approach to foreign language documents. If you are able to read and understand the foreign language, document this. If you are not able to do so, then translate it and depending on the risk level a certified translation may be necessary.
Over-reliance on systems
If access to a system ends (for example, when you switch accounting or due diligence provider), you must still retain access to your records independently.
Uncertainty around ongoing monitoring of retainer/ business relationship clients
There is no fixed rule on how often CDD should be refreshed. Instead, a risk-based approach should be applied, with higher-risk clients subject to more frequent review.
Failure to retain historic records
Outdated documents, such as expired passports, should not automatically be deleted. These may be necessary to demonstrate that CDD was properly completed at the relevant time.
Confusion between AML and tax requirements
AML record retention (minimum of five years) is separate from tax record requirements, which may be longer. Businesses should be clear which rules apply to which records.
Format, Storage and Accessibility
HMRC confirmed that records may be kept in paper or electronic format, provided they are accessible and can be produced promptly on request.
This is often overlooked. Record keeping is not simply about retention, it is about being able to respond quickly and clearly to regulatory or law enforcement enquiries.
Sensitive records, particularly Customer Due Diligence documents and Suspicious Activity Reports, should be securely stored and separated from general business records.
Final Thoughts
The message from HMRC was consistent: the rules themselves are not complex, but weak implementation remains a persistent issue.
For art market participants, record keeping is not an administrative exercise. It is a key part of your defence if your business is ever scrutinised.
As regulatory expectations continue to evolve, particularly with increasing focus on risk, judgement and auditability, now is a good time to review not only what you keep, but how and why you keep it. Get in contact here.
About this author
Rena Neville
Head of FCS Compliance Art Division
Rena is a qualified lawyer and art market AML specialist. She enjoyed a 30-year career at Sotheby’s becoming their first Global Compliance Director, having previously served as their European General Counsel and Global Head of Litigation. She benefits from a unique combination of art world and international legal experience. Leading the FCS Compliance Art Division, Rena assists many Art Market Practitioners providing them with the practical information and tools they need to ensure they and their firms are meeting the legal AML compliance obligations.
