The Financial Action Task Force (FATF) has published its guidance on how to identify and mitigate exposure to the funding of weapons of mass destruction.

The FATF’s “Guidance on Proliferation Financing Risk Assessment and Mitigation’’ is aimed at countries and their authorities, financial institutions and designated non-financial businesses and professions (DNFBPs), and virtual asset service providers (VASPs) that are not classified as financial institutions or DNFBPs.

The guidance, which is non-binding, aims to develop a common understanding of the impact of the changes that FATF made in October last year to Recommendation 1 and its Interpretative Note, which called on member states and private sector organisations to strengthen their efforts to fight proliferation financing (PF) linked to sanctions targets. Under the revisions, banks and other financial institutions were not required to create their own independent PF initiatives, but need to have in place procedures to identify, assess, monitor, manage and mitigate such risks.

Public and Private Sector Risk Assessment

According to the FATF, tackling networks that traffic weapons of mass destruction will require more private-public sector engagement. It advises governments and businesses to start their risk assessment by compiling a list of known or suspected threats, key sectors, products or services that have been exploited, types of activities that designated individuals or entities engaged in, and the reasons why designated persons and entities were not identified or deprived of their assets. Governments and businesses should then assess their vulnerabilities.

FATF emphasises that governments and businesses that consider themselves to be at low risk of exposure need to consider the possibility that sophisticated PF networks have simply evaded their detection. It states that the absence of cases involving known or suspected breaches, non-implementation or evasion of PF-targeted financial sanctions in a particular country does not necessarily mean that a country or a private sector firm faces low or no proliferation financing risk.

The guidance refers to sanctions evasion involving maritime shipping, trade finance, precious metals and stones, virtual asset service providers, shell and front companies and banking.

Conducting Assessment

The guidance states that a PF risk assessment can follow the same six stages that are involved in a money laundering-terrorist financing risk assessment:

  • preliminary scoping
  • planning and organisation
  • identification of threats and vulnerabilities
  • analysis
  • evaluation and follow-up
  • update

For a national PF risk assessment, authorities are encouraged to make use of available financial intelligence and law enforcement data and, where available, domestic and foreign intelligence on global, regional, and national proliferation threats, the use of funds by designated persons and entities and possible PF activities.

Private sector firms are encouraged to use information gained through customer due diligence and transaction records involving the sale of dual-use goods or goods subject to export control.

Identifying Risk

While making specific points regarding the maritime and trade finance sectors, the guidance details the following as risk indicators regarding customers:

  • Vague or incomplete information given by them about their proposed trading activities, and a reluctance to provide more details.
  • Any past connection to sanctions lists or reports relating to criminal activities.
  • A connection to a country of proliferation or diversion concern.
  • Dealings with dual-use goods, goods subject to export control or complex equipment for which they lack the technical background.
  • Involvement in complex trading with numerous third-party intermediaries in lines of business that are not linked to their stated business profile.
  • Conducting transactions that suggest that they are  acting as a money-remittance business or a pay-through account.
  • Accounts used for rapid, high-volume and / or complex transactions, without any clear business reasons for such activity. Or accounts that are dormant for a long time before sudden surges in activity.
  • Affiliation to a university or research institution involved in the trading of dual-use goods or goods subject to export control.
  • The originator or beneficiary of a transaction being someone resident in a country of proliferation or diversion concern (eg:Iran).
  • Involvement with companies that do not have transparent ownership structures.

Steps to be taken

The guidance says that countries must make sure that any action taken is communicated promptly to all relevant parties and that procedures are in place to ensure lists of designated persons and entities are updated whenever they need to be. FATF expects countries to have in place inter-agency frameworks to encourage cooperation and information sharing.

Financial institutions, DNFBPs and VASPs should be subject to supervision or monitoring to ensure their full compliance with their targeted financial sanctions obligations. The nature of risk mitigation measures in such organisations will depend on the source and degree of risks.  The guidance states that possible risk mitigation measures include improved onboarding processes for customers (including beneficial owners), enhanced customer due diligence procedures, effective maintenance of customer master data, improved staff training and software use and making the most of existing compliance programmes to identify potential sanctions evasion.