4 min read

The UK’s First National Risk Assessment of Proliferation Financing

The United Kingdom (UK) was one of the first countries to publish a Money Laundering (ML) and Terrorist Financing (TF) National Risk Assessment (NRA). The ML/TF NRA however did not include Proliferation Financing (PF). In September 2021, the UK released its first National Risk Assessment of Proliferation Financing.

The assessment was broken down into three main parts:

  • Strategic, Regulatory, and Operational frameworks in place in the UK for countering proliferation finance
  • PF threats faced by the UK
  • PF vulnerabilities faced by the UK.

While the first of these lays out the regulatory and legal frameworks in place in the UK, of particular interest for many will be the threats and vulnerabilities the UK faces from PF risks.

Proliferation Financing Threats the UK Faces

The risk assessment focusses on both direct and indirect PF threats the UK faces. Given the UK’s significance in the global financial system, as well as the transparency of the country’s economy, the risk assessment acknowledges that the financial system in the UK is susceptible to PF threats. The PF-related activity is highlighted through a series of seven case studies.

The risk assessment states that ‘direct' sourcing of dual-use items generally involves a procurement network seeking to export controlled items out of the UK to a high-risk jurisdiction. The assessment includes examples of everyday goods such as commercial items, which can be used for the nuclear industry that can become targets for procurement such as “carbon fiber, vacuum pumps, electronic components and testing equipment”. Precursors used in chemical weapons, also deemed dual-use items, are another target such as “chemicals used as flame retardant” and UK made electronic components, were said to have been found in the debris from a 2016 North Korean missile test.

One of the case studies involving direct PF financing includes a UK company being approached by a foreign company for procurement of dual-use goods, where a complex financial structure was used to obscure the end user - this highlighted the need for sufficient due diligence to ensure end users are not linked to illicit actors.

Indirect PF-related activity also poses risks - particularly since this activity involves more than one step between the financing involved and actors seeking to procure goods. The use of front companies, especially the ease with which they can be set up in the UK, makes them an attractive vehicle for exploitation for proliferators looking to set up companies in the UK.

A case study involving indirect PF risks highlights the complexities involved in this type of activity. The case study involves the purchase of aircraft parts from the U.S. for an Iranian end-user where a UK individual working for a Singapore company diverted the parts to Iran. This procurement network was refined over a number years, using front companies in the UK, Dubai, Malaysia and the British Virgin Islands (BVI).

The risk assessment goes on to further focus on other threats that Iran and North Korea pose. For example, it states that the use of North Korean embassies and diplomatic staff and North Korean workers in other countries create opportunities to access and raise finances - although the UK does not allow North Korean workers, nationals on student visas could offer the opportunity to raise funds for North Korea.

The UK’s Vulnerabilities to Proliferation Financing

The importance of understanding vulnerabilities that arise in PF is made clear given the UK’s role as a global financial center. It is this understanding of vulnerabilities that can help improve mitigation efforts to protect the UK financial system and economy.

The vulnerabilities identified include:

  • Payments involving PF coming into the UK financial system or exposure via overseas entities of UK headquartered financial institutions
  • UK headquartered financial institutions with global operations exposed to PF activities, for example those in Asian countries, where PF networks may be present or where trade is involved between such countries and proliferating states
  • Local branches/subsidiaries of UK headquartered banks facilitating access to financial services either directly or through links to local national banks with insufficient compliance controls of their own
  • Situations were items not necessarily shipped from or via the UK, but where the financial transactions for such trade could be facilitated by or cleared through the UK

The vulnerabilities follow on with details of risks posed by various financial services. One example is insurance in the maritime sector. Here the exposure centers on reinsurance into London, particularly where the primary insurer is located in Asia and the UK insurance provider is not involved in the original underwriting process. This limits oversight of the due diligence and sanctions screening conducted by the primary insurer.

Other areas of vulnerability noted are the ease with which UK companies can created; this provides an attractive access channel to the UK financial system. The use of a Trust or Company Service Provider (TCSP) to buy shelf companies, also creates the impression of a reputable and established company, through which nominee shareholders or directors create anonymity for the true beneficial owners.

Vulnerabilities are not limited to traditional finance. Recently there has been significant focus globally on cryptocurrencies and sanctions risks. The risk assessment covers the UK cryptocurrency environment, including the scope of the AML regime and its coverage of crypto-related businesses. It does note that a high number of businesses are not currently meeting the required standards under the UK regulations.

An increasing trend of sanctioned countries using cryptocurrencies, especially North Korea and Iran, confirms the significance of including this type of finance in the risk assessment. For example, North Korea has used cryptocurrency to raise revenue through hacks of exchanges and to move funds; estimates suggest $316.4 million worth of virtual assets were stolen by North Korea in 2019-2020, according to the latest UN Panel of Experts report on North Korea.

Other areas of the UK economy covered in the risk assessment include the defense sector. With the UK being the world’s second largest defense exporter and third largest security exporter, it provides an array of opportunities in securing sensitive items. The education sector is also an area of vulnerability, given UK’s role as a global education hub. Funding from overseas to UK institutions makes the sector prone to potential pressure from countries involved in proliferation, particularly where there are connections to Chemical, Biological, Radiological, and Nuclear (CBRN) linked research.

The assessment goes on to acknowledge that given the nature of the UK economy, “it is highly likely that proliferating actors will target the UK to gain financing for CBRN proliferation despite the robust controls in place to prevent this.” The country’s financial services sector, specifically banking and insurance, and the ease with which companies can be established in the UK, expose them to significant risk.

A robust Counter-Proliferation (CP) framework in the UK, along the country’s own implementation of sanctions and the implementation of UN sanctions, helps limit the opportunities for the UK to be exploited for proliferation activity.


There are plans to periodically update the risk assessment to cover new threats and risks. The risk assessment concludes that HM Treasury plans to add new provisions under UK’s Money Laundering, Terrorist Financing and Transfer of Funds (Information on the Payer) Regulations requiring the UK government and private sector to carry out PF risk assessments in a similar manner to those carried out for ML and TF risks.