Proliferation financing: Carrying out a risk assessment
Proliferation financing can be considered to be the provision or processing of funds which are linked to the illegal manufacture, acquisition, development, transfer or use of chemical, nuclear or biological weapons of mass destruction and their means of delivery and related materials.
Internationally, many countries are signatories to the UN International Convention for the Suppression of the Financing of Terrorism and the Treaty on the Non-Proliferation of Nuclear Weapons.
Why do I need to know this?
In 2018, FATF released guidance on Counter Proliferation Financing, expanding on Recommendation 7 and intended ‘…to facilitate both public and private sector stakeholders in understanding and implementing these obligations.’[1]
In September 2021, the UK released its first national risk assessment in relation to proliferation financing. In the same month, the FCA and PRA jointly released a ‘Dear CEO Letter’ to all UK regulated firms carrying out trade finance activities. The letter focused on the importance of identifying and understanding trade-related financial crime risk, requiring all such firms to carry out a detailed financial crime risk assessment.
For firm’s based in the UAE, proliferation financing is also a high area of risk. The FATF review of the UAE identified this as a particular risk for the Emirates and The Executive Office[2] resulting in a comprehensive assessment of proliferation finance risk in the UAE in January 2022. The results of the review should be available soon, meanwhile the relevant legislation and regulatory guidance incorporates specific requirements in respect to the requirements of regulated firms regarding countering the financing of proliferation.
These highlight the growing political and regulatory focus on the risks of proliferation and related financing, whether that is directly through trade activities or sanctions evasion, or through indirect methods which might include the use of procurement networks, front companies and other obfuscation techniques to hide the true beneficial owners or participants.
What does that mean for regulated firms?
In response, the UK Money Laundering Regulations were updated in September 2022. The update included new and specific requirements applying to regulated firms relating to countering proliferation financing.
All firms, regardless of involvement in trade-related activities, are required to ‘…take appropriate steps to identify and assess the risks of proliferation financing to which its business is subject.’[3]
Having carried out the risk assessment, firms should ensure that they have in place appropriate, risk-based policies, controls and procedures commensurate to the level of proliferation financing risk to which the firm is exposed.
The risk assessment
Firms must assess their exposure to proliferation risk by considering a number of risk factors, including the firm’s:
- Customers;
- Geographic areas of operation;
- Products or services;
- Transactions; and
- Delivery channels.
These categories will be familiar to those involved in financial crime risk assessments. However, it is important to note that these are required to be considered specifically in the context of proliferation financing, and taking into account the size and nature of a firm’s business.
Firms must keep an up-to-date record of the steps taken to create the risk assessment and are required to produce the risk assessment for the regulator, should a relevant regulator require it.
Whilst there is no statutory provision requiring this risk assessment to be updated and reviewed within a given time frame, firms are expected to ensure that the risk assessment continues to reflect the risks of their business. It is therefore good practice to ensure that a regular review of the assessment is carried out.
Policies, controls, procedures
Firms are obliged to create and maintain systems and controls which are intended to mitigate and manage any risks of proliferation financing that are identified in the risk assessment. These will need to be written, regularly reviewed and updated and proportionate to the risks identified.
These must be monitored to ensure that the systems and controls are applied appropriately, comprehensively and within the spirit of their intent. Given the nature of such risks, senior management must approve the firm’s policies and procedures.
The policies, controls and procedures should provide for the identification and scrutiny of:
- Any transaction which is complex or unusually large;
- Any situation in which there is an unusual pattern of transactions;
- Transactions which have no apparent economic or legal purpose; and
- Any other activity which the firm regards as particularly likely by its nature to be related to proliferation financing.
Should any of these, or other indicators occur, the Regulations require that the firm’s policies and procedures specify any additional measures which, as appropriate, might be needed to prevent proliferation financing.
When a firm introduces new products, business practices or technologies, these should be assessed for risks associated with proliferation financing and any appropriate mitigations should be applied.
Red flags
Unlike money laundering, known incidents of proliferation financing are less common, and so there is less data on which to build known typologies. This means that firms must take time to identify and consider how proliferation financing works, how illicit actors may try to use the firm’s products and services, and create a list of red flags accordingly.
Proliferation activities are rarely simple or straightforward. Illicit actors will typically use front companies to hide their activities as well as nominee beneficial owners or directors. They will also often use chains of intermediaries to further challenge detection of their actions.
It is important to understand that those involved in proliferation activities are adept at hiding the nature of their activities. Only very rarely will such actors be seeking to ship complete weaponry, for example. It is far more likely that individual components will be shipped, often in such a way as to avoid triggering export control thresholds.
However, there are indicators that can be considered. For example:
- Any country named in documentation that is itself subject to relevant sanctions, is an embargoed destination or has strong links to terrorist activities or organised crime.
- Customers who are on national lists relating to high-risk entities.
- A military or research body connected with a higher-risk jurisdiction.
- A customer is involved with the supply, purchase, or sale of dual-use goods (goods that can be used for both military and civilian applications).
- Financing of sensitive industries in a high-risk jurisdiction.
- Delivery of high volumes of dual-use, proliferation-sensitive or military goods, especially to a high-risk country.
Trans-shipment is a common and valid part of trade activities. However, it is a risk from a proliferation financing perspective - in particular, due to the loss of transparency it affords, and the opportunity for cargo to be rearranged and/or manufactured further.
In conclusion, firms must take action to carry out a dedicated risk assessment in respect of proliferation financing, regardless of the activities of the firm.
Useful resources
Further reading and guidance, including examples and case studies, can be found in the publications already mentioned or referenced. Other relevant documents and publications can be found through online searches. For example, the Royal United Services Institute (RUSI) has a section on their website dedicated to research on this topic, which compliance and other professionals may find helpful.
CCL Academy addresses proliferation financing risk in its eLearning and public/in-house financial crime courses.
The Virtual Compliance Mentor
A range of compliance and financial crime topics are also included in CCL Academy’s Virtual Compliance Mentor (VCM).
The VCM is a library of short video tutorials and other learning resources for Compliance and Financial Crime Compliance staff.
About the Author
Bruce has been working in financial services for nearly 40 years, 25 of these as a learning professional focusing on compliance for a wide range of financial services companies, mainly through the analysis, design, creation and implementation of global training programmes for Tier 1 Banks and FTSE 100 companies. He has been Global Head of Compliance Learning for such firms three times and has provided compliance learning consultancy to similar companies many times.
Bruce has also provided compliance training and consultancy in other fields such as real estate, industrial supply chains, charities, payment services providers, gambling and casinos and many others.
A former Director of Training for CISI, Bruce has extensive experience of compliance and financial services-related qualifications and qualified as a Chartered Accountant with Price Waterhouse (as it was then known).
Bruce provides excellent training events on compliance, with a specific focus on financial crime, including all aspects of anti-money laundering, anti-bribery and corruption, fraud and sanctions.