The Money Laundering, Terrorist Financing and Transfer of Funds (Information on the Payer) Regulations 2017 (MLRs) have been made (updated) as of 30th June 2026 by Statutory Instrument (SI 2026/621) and come into force on 1st July 2026.
Key changes impacting Art Market Participants (AMPs):
- Change of value threshold for relevant activity, from EUR 10,000 to GBP 10,000;
- Narrower definition of ‘high-risk third country’ that automatically triggers enhanced due diligence, focused on FATF’s ‘call for action’ (black list) countries; and
- Revision of language around unusually complex or unusually large transactions necessitating enhanced due diligence.
Threshold and linked transactions
For AMPs, the most significant change is the shift from EUR 10,000 to GBP 10,000 as the threshold that triggers Customer Due Diligence (CDD) obligations under Regulation 14.*
Accordingly, AMPs are now defined in regulation 14(d) MLRs 2017** as:
(d)”art market participant” means a firm or sole practitioner who—
(i)by way of business trades in, or acts as an intermediary in the sale or purchase of, works of art and the value of the transaction, or a series of linked transactions, amounts to £10,000 or more; or
(ii)is the operator of a freeport when it, or any other firm or sole practitioner, by way of business stores works of art in the freeport and the value of the works of art so stored for a person, or a series of linked persons, amounts to £10,000 or more.
Worth noting: the Statutory Instrument states in Regulation 27 that the threshold applies to linked transactions, not just individual ones. This is clarification of existing practice rather than a new requirement.
High-risk third countries: a narrower automatic trigger, not a narrower risk
Until this change, ‘high-risk third country‘ under Regulation 33(3)(a) was defined by reference to two FATF lists: the Call for Action list (the ‘black list’) and the Increased Monitoring list (the ‘grey list’), with a connection to either automatically triggering enhanced due diligence (EDD) under Regulation 33(1)(b). This update to the MLRs narrows that automatic trigger to the Call for Action list only.
This doesn’t make grey list exposure low risk. Regulation 33(1)(f) still requires EDD wherever a transaction or relationship otherwise presents a higher risk, assessed on the AMP’s own judgement, which is separate from the country-list definition. A grey list jurisdiction remains a legitimate factor in that risk assessment, particularly alongside other red flags such as unusual transaction structuring, opacity around beneficial ownership, or third-party payment sources.
In short: what the Regulations now automatically compel (Call for Action, i.e., black list countries only) and what a properly risk-sensitive AML Policy should still flag and weigh (which continues to include grey list exposure) are two different considerations, and shouldn’t be conflated.
Accordingly, from Monday 6th July, the ArtAML™ platform will automatically trigger EDD for Call for Action (black list) matches, and flag Increased Monitoring (grey list) matches for risk-based review, with mandatory decision-recording either way. Until then, apply manual risk-based judgement for grey list connections.
Unusually complex or unusually large transactions
Lastly, the threshold for enhanced due diligence on complex or unusually large transactions has been refined. Regulations 19, 19A and 33 now require AMPs to assess whether a transaction is “unusually complex or unusually large in each case given the nature of the transaction”, rather than applying a flat standard. This means AMPs should calibrate what counts as ‘unusual’ against a customer’s typical transaction profile, not a generic benchmark.
What you should do now
1) Review internal AML policies to ensure the GBP 10,000 threshold is correctly applied, particularly for occasional transactions and linked transaction series. 2) Update AML Risk Assessment + Policy documentation referencing ‘high-risk third countries’ to reference the FATF Call for Action list specifically as the automatic EDD trigger, while continuing to capture grey list exposure within the risk-based assessment. 3) Revisit criteria for ‘unusually complex’ or ‘unusually large’ transactions to confirm these are assessed against the nature of the specific transaction, not a generic benchmark.
Alongside CDD platform updates, we are rolling out updates to AML Policies to reflect these changes. If you’re in need of a PCPs refresh or have never properly developed a business-wide AML Risk Assessment + Policy, get in touch.
**HMRC’s Economic Crime Supervision Handbook confirms the GBP 10,000 figure was inserted into the MLRs from 30 June 2026, replacing the previous EUR 10,000 threshold. AMPs no longer need to track exchange rate movements to determine whether a transaction crosses the threshold. https://www.gov.uk/hmrc-internal-manuals/economic-crime-supervision-handbook/ecsh54525
**The definition of an AMP has been updated in HMRC’s internal handbook ECSH54525: https://www.gov.uk/hmrc-internal-manuals/economic-crime-supervision-handbook/ecsh54525
Further reading
- Statutory Instrument 2026/621: https://www.legislation.gov.uk/uksi/2026/621/made