AML for Auction Houses: 2026 Global Compliance Guide (EU/UK/US/APAC)
An operator-oriented guide to anti-money-laundering compliance for auction houses across the EU, UK, US, and APAC.
法規參考··約 15 分鐘閱讀
翻譯進行中——目前顯示英文版本。
約 15 分鐘閱讀
Anti-money-laundering (AML) compliance for auction houses in 2026 means meeting customer-due-diligence, record-keeping, and suspicious-activity reporting obligations under whichever regime touches the sale — most commonly EU 5AMLD for art transactions of €10,000 or more, the UK MLR 2017 for art market participants, the proposed US Art Market Integrity Act (AMIA), and a patchwork of APAC rules from MAS, AUSTRAC, JFSA, and Hong Kong's AMLO.
Why AML now matters for auction houses
Auction houses sit squarely inside what the Financial Action Task Force (FATF) calls the designated non-financial business and profession (DNFBP) category — the same regulatory bucket as casinos, dealers in precious metals, and high-value real estate. Two structural features of the art and collectibles trade make it conspicuous to financial-crime regulators: assets are highly portable and easy to undervalue, and price discovery is opaque enough that a single hammer can move a piece's "fair value" by 20% with little objective challenge. FATF's 2023 update to its DNFBP guidance singled out art-market participants for elevated risk and recommended that supervisors apply a risk-based approach with the same teeth used for financial institutions.
The result, in 2024–2026, is a tightening lattice of rules. The EU brought art transactions inside its AML perimeter via 5AMLD in 2020, the UK followed with HMRC-supervised registration for art market participants the same year, and the United States — historically a permissive jurisdiction for the art trade — is now considering the Art Market Integrity Act, introduced in the Senate in July 2025. APAC regulators have moved more quietly but deliberately, with Hong Kong's AMLO already covering high-value goods, Singapore's MAS and ACRA pushing extended due-diligence obligations on PSPs and art-related advisors, AUSTRAC repeatedly flagging the auction sector in typology reports, and Japan's JFSA layering FATF Recommendation 22 obligations onto designated trades.
For a working auction house, the operational implication is unambiguous: regardless of where you are domiciled, if any part of your buyer or consignor pipeline touches the EU, UK, US, or a major APAC jurisdiction, you are inside someone's AML perimeter for at least some of your transactions. A defensible programme is no longer optional.
EU 5AMLD: art transactions ≥ €10,000
The EU's Fifth Anti-Money Laundering Directive (Directive (EU) 2018/843), commonly called 5AMLD, came into force across member states in January 2020 and brought "persons trading or acting as intermediaries in the trade of works of art" into scope. The trigger threshold is €10,000 — applied per transaction or per linked series of transactions — and it covers the value of the work, not just the commission earned. Practically, this means that an auction house running a sale where any single lot hammers for €10,000 or more (inclusive of premium in most member-state implementations) becomes an "obliged entity" for that transaction.
Obliged-entity status carries a defined set of duties: customer due diligence (CDD) on both buyer and seller, identification of beneficial owners where the counterparty is a corporate entity, ongoing monitoring of the business relationship, and reporting of suspicious activity to the national Financial Intelligence Unit (FIU). 5AMLD also requires obliged entities to register with their national supervisor where required, retain CDD records for at least five years after the relationship ends, and apply enhanced due diligence (EDD) where customers are politically exposed persons (PEPs) or are connected to higher-risk third countries identified by the European Commission.
5AMLD has since been supplemented and partly superseded by 6AMLD (criminal-liability harmonisation) and the 2024 EU AML package, which establishes a new EU-level Anti-Money Laundering Authority (AMLA) and introduces a directly applicable AML regulation. The €10,000 art threshold has carried through, but the supervisory architecture is in transition: programmes designed against the 5AMLD framework should be reviewed against the new EU AML regulation as it phases in through 2026–2027.
UK MLR 2017: HMRC registration for art market participants
The UK's Money Laundering, Terrorist Financing and Transfer of Funds (Information on the Payer) Regulations 2017 — usually shorthanded as "MLR 2017" — were amended in January 2020 to bring "art market participants" (AMPs) into scope. An AMP is any firm or sole trader that trades in, or acts as an intermediary in, sales or purchases of works of art where the value of the transaction (or linked series of transactions) is €10,000 or more. The threshold is denominated in euros for cross-border consistency with 5AMLD.
UK AMPs must register with HMRC, which acts as their AML supervisor — a separate registration from the Financial Conduct Authority's regime for financial institutions. Registration triggers the standard MLR 2017 stack: a written firm-wide risk assessment, written policies and controls, a nominated officer (the Money Laundering Reporting Officer or MLRO), customer due diligence at the trigger threshold, ongoing monitoring, sanction-screening, training of relevant staff, and record-keeping for five years. Failure to register is a criminal offence; HMRC has issued fines and public censures against unregistered participants since 2021, and enforcement has steadily increased.
UK auction houses operate under a layered framework: the conditions of sale, the auctioneer's professional indemnity, the standard contract law on agency — and on top of all that, the MLR 2017 obligations. For house operators, the practical question is usually not "do we comply?" but "where in our existing onboarding flow does the MLR check sit?" — paddle registration, post-hammer settlement, or first contact with a consignor.
United States: the proposed Art Market Integrity Act (status pending)
The US has historically been the most permissive major jurisdiction for the art trade. The Bank Secrecy Act extended explicitly to antiquities dealers via the Anti-Money Laundering Act of 2020, but the broader art market — auction houses, galleries, advisors — was left out, pending a Treasury study that FinCEN published in February 2022. That study identified meaningful illicit-finance vulnerabilities in the high-value art market but stopped short of recommending immediate regulation.
The Art Market Integrity Act (AMIA) was introduced in the US Senate in July 2025 and would extend BSA AML obligations to the broader art market, including auction houses, dealers, and advisors transacting at or above a defined threshold. As of the date of this guide, AMIA is proposed legislation that has not been enacted; status is pending and final scope, thresholds, and effective date may change materially before any version becomes law. Nothing in this guide should be read as advising operators to act as if AMIA is already in force.
What US operators can sensibly do in 2026 is run their AML programme as if AMIA-style obligations are coming, because they probably are, and because the cost of building CDD, beneficial-ownership screening, sanctions checks, and SAR-equivalent escalation is dwarfed by the cost of retrofitting them under enforcement pressure. Antiquities dealers already live under BSA obligations; firms with both an antiquities and a broader art practice should already have a programme in place that AMIA would simply extend.
APAC: Hong Kong, Singapore, Australia, Japan
Hong Kong (AMLO)
Hong Kong's Anti-Money Laundering and Counter-Terrorist Financing Ordinance (AMLO) governs financial institutions and designated non-financial businesses and professions. Dealers in precious metals and stones are explicitly inside the regime, with a transaction threshold of HK$120,000. Auction houses dealing in fine art and collectibles are not categorically named as DNFBPs in AMLO itself, but the Customs and Excise Department supervises high-value-goods dealers, and the broader Companies Ordinance and beneficial-ownership rules apply. The Hong Kong Monetary Authority and the Securities and Futures Commission have issued repeated guidance reminding regulated entities that art-secured lending and high-value collectibles transactions are areas of elevated AML risk. Hong Kong houses serving cross-border buyers also face de facto compliance pressure from EU and UK counterparties whose own AML regimes require them to apply CDD on Hong Kong sellers and buyers.
Singapore (MAS / ACRA)
Singapore's Monetary Authority of Singapore (MAS) supervises financial institutions; the Accounting and Corporate Regulatory Authority (ACRA) and the Ministry of Law cover designated trades, including precious stones and metals dealers under the PSPM Act 2019. Singapore has explicitly extended FATF DNFBP-style obligations to high-value-goods dealers, with a threshold of S$20,000 per cash transaction (lower than the FATF baseline). Auction houses operating in or through Singapore — especially those with a freeport presence — should expect MAS and ACRA to treat the art trade in line with FATF's tightening DNFBP guidance, and the 2024–2025 AML reform package has nudged the perimeter further in that direction.
Australia (AUSTRAC)
AUSTRAC, Australia's AML/CTF supervisor, regulates financial institutions, gambling operators, and bullion dealers under the AML/CTF Act 2006. The Tranche 2 reforms — bringing real estate agents, lawyers, accountants, and dealers in precious metals and stones inside the regime — were passed in late 2024 and begin phased implementation through 2026. Art market participants are not (as of writing) directly inside Tranche 2, but AUSTRAC has flagged the high-value collectibles sector in successive typology reports as a money-laundering vehicle, and Australian operators should expect either direct extension or strong indirect pressure via banking-relationship CDD over the medium term.
Japan (JFSA)
Japan's Financial Services Agency (JFSA) and the National Police Agency administer Japan's AML regime under the Act on Prevention of Transfer of Criminal Proceeds. Designated trades — financial institutions, real estate agents, dealers in precious metals and stones, certain professional services — are inside the regime. Auction houses are not categorically named, but FATF Recommendation 22 obligations have been progressively layered onto high-value-goods dealers, and Japan's most recent FATF mutual-evaluation cycle pushed for tighter DNFBP supervision. Tokyo's growing role as an APAC art hub means cross-border CDD pressure from EU/UK buyers and consignors is the de facto compliance driver for many Japanese houses, even ahead of any formal direct regulation.
Jurisdictional summary table
Jurisdiction
Trigger threshold
Registration / supervisor
Enforcement body
Status (2026)
EU (5AMLD / 6AMLD / 2024 AML package)
€10,000 (art transactions)
National AML supervisors; AMLA from 2026
National FIUs; AMLA (phased)
In force
United Kingdom (MLR 2017)
€10,000 (art market participants)
HMRC
HMRC
In force
United States (Art Market Integrity Act)
TBD (per legislative draft)
Treasury / FinCEN (proposed)
FinCEN (proposed)
Proposed, status pending
Hong Kong (AMLO)
HK$120,000 (precious metals/stones); art via high-value-goods supervision
Customs and Excise; HKMA / SFC for related licensees
C&ED; HKMA; SFC
In force
Singapore (PSPM / MAS / ACRA)
S$20,000 (cash); art via DNFBP framework
ACRA / Ministry of Law; MAS for FIs
MAS; ACRA; STRO
In force
Australia (AML/CTF Act)
A$10,000 (cash); Tranche 2 phased
AUSTRAC
AUSTRAC
Tranche 2 phasing 2024–2026
Japan (Act on Prevention of Transfer of Criminal Proceeds)
Designated-trade-specific
JFSA; NPA / JAFIC
JFSA; JAFIC
In force; FATF-driven extensions ongoing
Thresholds are summary indications only and are subject to local rule changes; consult counsel for the current threshold and trigger logic in each jurisdiction.
What an auction-house AML programme typically includes
A defensible AML programme for an auction house has the same structural components regardless of jurisdiction — what changes is the threshold, the supervisor, and the reporting form. The core elements are:
Firm-wide risk assessment. A written assessment of the AML risks the house faces, by customer type (corporate vs individual; domestic vs cross-border; PEP density), product (live, online, private treaty), geography (sanctioned or higher-risk countries in the buyer/consignor base), and channel (in-person bidding vs absentee vs online). The assessment is the foundation document and should be reviewed at least annually.
Policies, controls, and procedures. Written internal procedures that translate the risk assessment into day-to-day practice: who runs CDD at paddle registration, what documents are required, when EDD is triggered, how sanctions screening works, what the SAR-escalation path is, and how records are retained.
Customer due diligence (CDD / KYC). Identification and verification of customers — typically a government-issued ID for individuals, articles of incorporation and beneficial-ownership confirmation for corporates — at the trigger threshold. Modern houses run KYC at paddle registration using identity-verification SaaS so that all bidders above a value threshold are pre-cleared before a sale opens, rather than scrambling at settlement.
Enhanced due diligence (EDD). A heavier check applied to higher-risk relationships: PEPs, customers in higher-risk geographies, complex ownership structures, source-of-funds questions on unusually large transactions. EDD is where most AML programmes break down operationally — it requires judgement, not just box-ticking — and it is where regulators look hardest in supervisory visits.
Sanctions screening. Continuous screening of buyers and consignors against OFAC, EU consolidated, UK OFSI, UN, and (where relevant) APAC sanctions lists. Screening should be applied at onboarding and re-applied periodically, since list updates are frequent.
Record-keeping. CDD documents, transaction records, internal SARs, and training records held for at least five years after the relationship ends. Most jurisdictions converge on a five-year retention floor.
MLRO / nominated officer. A named individual responsible for the AML programme, the SAR pathway, and liaison with the supervisor. In small houses this is usually a senior partner; in larger houses it is a dedicated compliance head. The MLRO must have the authority and independence to escalate without managerial interference.
Training. Regular, role-appropriate training for all relevant staff — paddle clerks, specialists, settlement, finance, marketing — on red flags, escalation paths, and the firm's own procedures. Training records are themselves a regulatory expectation.
Independent audit / review. Periodic review of the AML programme by someone independent of day-to-day operations — internal audit, an external compliance consultant, or external counsel. Most regulators expect at least annual review; supervisory examinations will ask to see the report.
Where AML programmes most often break down in practice
Three failure modes recur across enforcement actions and supervisory letters in the auction sector. The first is a paper programme that is never lived: a nicely drafted policy file, a named MLRO, and a training pack that is dated three years ago. Supervisors look for evidence of operation — recent SAR filings, recent training records, recent risk-assessment review, recent EDD escalations that went somewhere — and an inert programme is treated as worse than no programme at all because it suggests deliberate window-dressing.
The second is uneven CDD across channels. A house may have tight onboarding for in-room paddle registration but waive checks for online bidders who registered through a marketplace integration, or vice versa. The AML perimeter does not care which channel a buyer used; obligations attach at the transaction. Mapping every channel — live, online, absentee, telephone, post-sale offer, private treaty — to a defined CDD trigger and verification source is one of the highest-leverage operational fixes most houses can make.
The third is failure to handle the cross-border layer. A sale that hammers in London with a Hong Kong consignor and a Singapore corporate buyer touches three regimes simultaneously, plus US OFAC sanctions because the wire likely clears through a USD correspondent. Programmes designed only against the home regime miss obligations that the buyer's or consignor's bank will eventually impose anyway through its own CDD on you. Operators serving an internationally diverse client base should design CDD to the most stringent applicable standard rather than trying to optimise per jurisdiction.
How a small or mid-size house can stand up a programme without a full compliance department
A boutique house with a partner-led MLRO, an outsourced identity-verification vendor, an annual external review, and a trained settlement team can run a compliant programme without a dedicated compliance department. The shape that works in practice: the partner-MLRO owns the risk assessment and the SAR pathway, an off-the-shelf KYC SaaS handles ID verification and sanctions screening at paddle registration, settlement staff run a documented checklist for any transaction at or above threshold (or below where red flags trigger), and an external reviewer — counsel or a specialist compliance consultant — runs an annual programme review that produces a dated, signed report. The supervisor wants evidence that the programme is owned, lived, and reviewed; the supervisor does not require it to be staffed by a separate department.
The single highest-leverage investment for most houses is moving CDD upstream to paddle registration rather than running it at settlement. Verification at registration means every active bidder is pre-cleared before a sale opens, settlement is faster and cleaner, and the post-hammer scramble — which is where AML controls historically fail under time pressure — is replaced with a status check against an already-clean record. Modern auction software supports this natively; legacy stacks usually require a vendor integration, but the compliance ROI is substantial.
Probably yes. EU member states, the UK, Hong Kong, and Singapore all apply AML obligations to domestic art transactions above the local threshold. Even in jurisdictions where the auction sector is not formally inside the perimeter, banks and payment processors apply CDD on you because they are obliged entities, which means your operational reality is AML-regulated whether or not you are directly supervised.
Most EU member-state implementations of 5AMLD apply the €10,000 trigger to the total amount payable by the buyer, which includes buyer's premium. Some implementations and some UK guidance focus on the hammer price. Where it matters, take the broader view and apply CDD at €10,000 inclusive of premium — it is the safer default.
No. As of 2026, AMIA is proposed legislation introduced in the US Senate in July 2025. Final scope, thresholds, and effective date may change materially before any version becomes law. US auction houses already touching the antiquities trade are inside the BSA today; broader US art-market obligations remain pending.
Under MLR 2017 in the UK and under most 5AMLD implementations, yes. The role is functional rather than full-time — the MLRO is the named person responsible for the programme and SAR pathway. In a small house this is usually a senior partner who has done MLRO training and has clear escalation authority.
Source-of-funds documentation for unusually large transactions, additional checks on PEPs and on customers in higher-risk geographies, beneficial-ownership confirmation for corporate buyers and consignors, and senior-management sign-off before the relationship proceeds. EDD is where regulators look hardest, because it requires judgement rather than templated checks.
Most jurisdictions converge on five years from the end of the business relationship. Where you have customers crossing multiple regimes, default to the longest applicable period — usually six or seven years in the UK because of overlapping accounting rules — and document the retention policy in writing.
Yes for execution, no for accountability. Identity verification, sanctions screening, and ongoing monitoring are routinely outsourced to compliance-tech vendors. The house remains the regulated entity, the MLRO remains accountable, and the supervisor will look at your contracts, your monitoring of the vendor, and your override procedures when verification fails.
KYC — knowing who your customer is — is one component of an AML programme. AML is the broader regime: risk assessment, policies, KYC, ongoing monitoring, sanctions screening, suspicious-activity reporting, training, and audit. KYC alone is not an AML programme.
Generally yes. EU 5AMLD and UK MLR 2017 cover dealing in or intermediating works of art at or above the threshold regardless of whether the sale is at public auction or by private treaty. Some private-treaty paperwork and CDD is therefore required even where there is no hammer.
Common red flags include payment from a third party with no obvious connection to the buyer, structuring of payments to avoid thresholds, reluctance to provide identification or beneficial-ownership information, sudden interest in lots that do not fit a customer's known profile, willingness to overpay materially without negotiation, and pressure to short-circuit standard onboarding. A single red flag is not by itself an SAR; a pattern, or a single egregious instance, usually is.
Below the threshold, generally not directly — charity galas typically run with hammer prices well under €10,000 per lot. Above the threshold, the same rules apply. Charity auction operators should also apply general nonprofit-sector AML/CFT controls regardless of threshold, especially for cross-border donor payments.
They are separate regimes that often apply to the same lot. AML is about the money flow; cultural-property law (e.g., EU Regulation 2019/880) and CITES are about the legality of the object itself. A lot can be AML-clear and cultural-property-illegal, or vice versa. A defensible compliance programme covers both.