What countries are high risk for proliferation financing?

How to assess geographic risks of proliferation financing

Regulated entities are required by law to carry out proliferation financing (PF) risk assessments. But this relatively new compliance requirement can be hard to fully integrate into your risk assessment process. At first glance, proliferation financing risks are mainly concerned with activities carried out in North Korea and Iran. If your business doesn’t have a connection with either of these countries, then it might seem there is little more to do in a proliferation financing risk assessment.

But in reality, proliferation financing risks are connected to more countries than just North Korea and Iran, and firms should factor this into their risk assessment processes. However PF risks are constantly evolving. As global concerns on the proliferation of weapons of mass destruction (WMD) evolve, it is vital to broaden the risk assessment process to ensure your firm is not caught out.

What are the highest risk countries for proliferation financing?

According to the 2024 US National Proliferation Financing Risk Assessment prepared by the US Treasury, Russia and North Korea are the highest risk threat actors for proliferation financing. This is significant due to the scale of Western sanctions on Russia. The risk of doing business with Russia or sanctioned entities connected to Russia can now come with PF risks. This is particularly concerning as Russia continues to utilise complex transaction structures in Türkiye, the United Arab Emirates and China.

Russia and proliferation financing risks

Russia has the largest nuclear stockpile on earth, alongside a sizeable military force currently engaged in the invasion of Ukraine. Given the breadth of international sanctions on the country, Russia has engaged its allies and partners to replenish its conventional weapons, as well as increasing its reliance on nuclear, cyber and space capabilities, as well as threatening nuclear action in Ukraine.

Russia has also reduced or suspended cooperation with nuclear non-proliferation treaties. Russia as also revoked ratification of the Comprehensive Nuclear-Test Ban Treaty. Meanwhile, Russia is increasing investment in chemical weapons and has given material support to the use of chemical weapons by the Assad regime in Syria. 

Russia is prioritising the illegal procurement of goods and technologies, both in breach of international sanctions, and to support and maintain the proliferation of weapons of mass destruction (WMD). Russian PF networks leverage front and shell companies to place orders for needed components. These networks often then obfuscate the end-user and destination for the goods, routing shipments through third countries before they are ultimately delivered to customers in Russia.

Russia is also working closely with North Korea and Iran, two other states of PF concern. Russia is procuring military equipment from North Korea, in violation of UN Security Council resolutions. Russia has also been procuring Unmanned Aerial Vehicles (UAVs) from Iran to support its invasion of Ukraine.

Proliferation financing risk score: Restricted

North Korea and proliferation financing risks

The Democratic People’s Republic of Korea (DPRK / North Korea) has been testing Intercontinental Ballistic Missiles (ICBMs) and the use of military satellite launch technology. The North Korean regime sees its possession and acquisition of nuclear weapons as critical for its survival, and the country’s main purpose is to increase its nuclear capabilities and maintain its stock. The country may have up to 100 nuclear weapons.

North Korea actively engages in cyber crime and illicit trade to raise revenue for its illicit WMD programme. The country has attempted to steal as much as $2 billion through cyber crime networks. In 2022, it is estimated North Korea stole $1.7 billion in virtual assets, although the true figure may be much higher. 

The country is attempting to access the international financing system to launder money through overseas banking representatives, joint ventures, cooperative entities, and illicit business activities. North Korea runs weapons exporters, financial institutions and front companies linked to its foreign intelligence agency the Reconnaissance General Bureau, and the Foreign Trade Bank (FTB), North Korea’s primary foreign exchange bank.

Proliferation financing risk score: Restricted

Iran and proliferation financing risks

Iran is increasing the size and enrichment level of its uranium stockpile and is conducting advanced centrifuge research and development in order to acquire a nuclear weapon. Iran has effectively withdrawn from the Non-Proliferation Treaty Safeguards Agreement, and its current research and development trajectory brings it closer to producing the fissile material for completing a device.

Iran’s main proliferation activities are related to missile development. Western nations are continuing to sanction Iran’s missile development efforts, as well as targeting its acquisition of conventional weapons. The US is currently focused on countering Iran’s proliferation of UAVs, used by Houthi pirates in Yemen to attack global shipping, and used by terrorist groups across the Middle East to target US and Western forces.

Iran also remains a key financial and military backer of sanctioned terrorist groups, including Hezbollah and Hamas. This means Iran-linked transactions are critical for terrorist financing.

Proliferation financing risk score: Restricted 

China and proliferation financing risks

China has committed to strengthening its “strategic deterrent,” and has accelerated the modernization, diversification, and expansion of its nuclear forces, while continuing to develop its cyber, space, and counterspace capabilities. China is engaging in economic espionage and cyber theft to steal technology. There have been multiple criminal indictments in the US of Chinese espionage efforts to steal US technology to support its nuclear programme and military modernisation.  

Proliferation financing risk score: Restricted

Syria and proliferation financing risks

The Assad regime in Syria is known to use chemical weapons, which are a weapon of mass destruction that are acquired through proliferation financing. Syria’s capabilities have been built in part on illicit procurement and fundraising. There is a significant export and sanctions risk connected to Syria. Selling oil and other petrochemicals to Syria creates significant proliferation financing income for the Iranian regime, despite sanctions targeting these transactions.

Proliferation financing risk score: Restricted

Pakistan and proliferation financing risks

Pakistan sees its nuclear capability as of critical importance in the face of neighbour India’s nuclear arsenal and superiority in conventional forces. Pakistan is continuing its development of ballistic missiles, including acquiring technology and material from China. The US has sanctioned a number of Chinese suppliers supporting Pakistan’s ballistic missile programme. A number of individuals and entities connected to Pakistan have attempted to engage in illicit procurement of sanctioned materials and technology. 

Proliferation financing risk score: Restricted

Türkiye and proliferation financing risks

Türkiye is grey listed by the FATF for its deficiencies in money laundering, terrorist financing and proliferation financing. Türkiye serves as a key transit point for Russian and Iranian procurement. The country also supports terrorist actors in the Middle East as a matter of policy. 

Proliferation financing risk score: Medium-High

United Arab Emirates and proliferation financing risks

Despite the UAE being removed from the FATF grey list in February 2024, the Middle Eastern financial hub remains a jurisdiction of concern given its connections to Russian military financing, as well as Iran.

Proliferation financing risk score: Medium-High

How to conduct a proliferation financing assessment for geographic risks

There are a number of factors that should be assessed when considering the geographic risk of proliferation financing. These risks can also change over time. The FATF recommends the following methodology for considering geographic PF risks. This checklist can be used in country risk scoring.

Country score: Restricted

  • Country is subject to UN sanctions (North Korea and Iran)
  • Country is subject to other sanctions (for example, China, Syria, Russia and Pakistan)
  • Country has significant corporate/trade network of PF state/ties with sanctioned country/ countries
  • Country offers shipping flags of convenience or passports of convenience
  • Country is on the FATF’s ‘high-risk country list’ and/or the FATF’s ‘grey list’
  • Intelligence suggests that country may consider developing nuclear capability through illicit procurement

Country score: Medium-High

  • Known country of diversion, country scored with a low level of effectiveness in mutual evaluation reports
  • Geographical proximity to a proliferating country
  • Country named by the UNPoE/Office of Foreign Assets Control/mainstream media as either trading with sanctioned states or lacking sufficient visibility/transparency on trade patterns
  • Country does not respond to UNPoE enquiries
  • Country outside the Nuclear Non-Proliferation Treaty and/or country is maintaining or improving, or is expected to maintain or improve, its nuclear capabilities
  • Proliferating state has diplomatic presence in the country

Country score: Medium-Low

  • Country neighbours a proliferating state
  • Country has a large diaspora from a state of proliferation concern
  • Country hosts a financial, trade centre, or transhipment hub that is attractive to proliferation financiers
  • The jurisdiction is home to a manufacturing sector that produces goods controlled by international supplier regimes related to WMD and/or their delivery vehicles
  • The jurisdiction has weak controls and/or enforcements in relation to ML, TF and PF

Country score: Low

  • Country has strong regulation and enforcement mechanisms that are recognised by the FATF, and/or are not assessed in any of the risk category reports, and/or country is not on FATF lists
  • Country has robust company registry system
  • Country has performed national risk assessment (NRA) for ML/TF/PF (note that this is a FATF requirement and may be an indicator of low risk) and has identified and implemented mitigating controls to tackle high-risk issues raised in NRAs

How VinciWorks can help

VinciWorks is a key provider of training and software solutions to counter the threat of ML, TF and PF. 

Download our free guide to proliferation financing risks.

Join our free webinar on Wednesday, 3 April 2024 UK time: Getting to grips with proliferation financing one year on.

How are you managing your GDPR compliance requirements?

GDPR added a significant compliance burden on DPOs and data processors. Data breaches must be reported to the authorities within 72 hours, each new data processing activity needs to be documented and Data Protection Impact Assessments (DPIA) must be carried out for processing that is likely to result in a high risk to individuals. Penalties for breaching GDPR can reach into the tens of millions of Euros.

GDPR added a significant compliance burden on DPOs and data processors. Data breaches must be reported to the authorities within 72 hours, each new data processing activity needs to be documented and Data Protection Impact Assessments (DPIA) must be carried out for processing that is likely to result in a high risk to individuals. Penalties for breaching GDPR can reach into the tens of millions of Euros.

“In a world older and more complete than ours they move finished and complete, gifted with extensions of the senses we have lost or never attained, living by voices we shall never hear.”

Picture of James

James

VinciWorks CEO, VInciWorks

Spending time looking for your parcel around the neighbourhood is a thing of the past. That’s a promise.

How are you managing your GDPR compliance requirements?

GDPR added a significant compliance burden on DPOs and data processors. Data breaches must be reported to the authorities within 72 hours, each new data processing activity needs to be documented and Data Protection Impact Assessments (DPIA) must be carried out for processing that is likely to result in a high risk to individuals. Penalties for breaching GDPR can reach into the tens of millions of Euros.

GDPR added a significant compliance burden on DPOs and data processors. Data breaches must be reported to the authorities within 72 hours, each new data processing activity needs to be documented and Data Protection Impact Assessments (DPIA) must be carried out for processing that is likely to result in a high risk to individuals. Penalties for breaching GDPR can reach into the tens of millions of Euros.

How are you managing your GDPR compliance requirements?

GDPR added a significant compliance burden on DPOs and data processors. Data breaches must be reported to the authorities within 72 hours, each new data processing activity needs to be documented and Data Protection Impact Assessments (DPIA) must be carried out for processing that is likely to result in a high risk to individuals. Penalties for breaching GDPR can reach into the tens of millions of Euros.

GDPR added a significant compliance burden on DPOs and data processors. Data breaches must be reported to the authorities within 72 hours, each new data processing activity needs to be documented and Data Protection Impact Assessments (DPIA) must be carried out for processing that is likely to result in a high risk to individuals. Penalties for breaching GDPR can reach into the tens of millions of Euros.