How would you picture those who work to prevent weapons of mass destruction (WMD) from falling into the wrong hands? Would you picture them heavily armed and with a military bearing? Then you might be surprised.
Although such individuals sometimes fight the spread of WMD, the front lines feature a different type. The bulk of front-line defenders are less likely to have military backgrounds than financial ones.
That’s because the most vulnerable place to identify and block those who spread WMD is through their financial dealings. So, we look at the world of sanctions violations and proliferation financing to see how those who traffic in such dangerous commerce are identified and thwarted.
Understanding the terms
Two key terms fill discussions of the fight against WMD: sanctions violations and proliferation financing.
Sanction violations are actions that defy the efforts of sanctioning bodies to stop acts that destabilize nations and threaten lives. Sanctions are designed to bring a target nation, organization (such as a terrorist group or crime syndicate) or individual in line with established norms. They enforce diplomatic and economic penalties on targets in the hope of motivating them to bring their actions back within established standards. These sanctions may be applied by individual countries or by larger groups, such as the United Nations.
Although sanctions may target a variety of harmful behaviors, most often they target those who seek to obtain WMD. Initial sanctions cut targets off from technology or equipment that could help them acquire WMD or the means to build or deliver them. If those targets persist, restrictions grow increasingly severe, to the point where sanctions may isolate them from trade of any goods other than those that supply innocent citizens’ basic needs.
In seeking to stop targets from engaging in sanctions violations, sanctions enforcement looks for evidence of proliferation financing. Proliferation financing refers to providing funds or financial services used in any way to manufacture, acquire, develop, export, transport or stockpile WMD for use by persons or governments that are banned from possessing them. It applies also to the materials or technologies needed for these weapons’ production, or to systems that could be used to deploy such weapons against others. Thus, proliferation financing’s goal is to equip nations or parties with WMD despite their demonstrated likelihood of using them without regard to – or for the express purpose of causing – a catastrophic loss of life.
How sanctions work
Sanctions provide a carrot-and-stick motivation to encourage targets to conform to international standards. If a target abandons the efforts that triggered sanctions, it receives the carrot of fewer restrictions and access to broader trade. If it persists in its efforts, it receives the stick of seeing their trade with sanctioning nations wither to the most basic goods.
Sanctions can take many forms. Sanctioning bodies may suspend diplomatic relations with targets and end any aid or services to them. Sanctioning bodies may enforce financial penalties, such as seizing any of a target’s assets located within the sanctioning body’s jurisdiction or freezing accounts of the target or its citizens/members. Sanctions may affect what trade goods the target can buy from or sell to sanctioning nations or their citizens. Or they may ban individuals associated with the targeted nation/organization from entering countries that enforce the sanctions.
Penalties for companies or individuals that engage in sanctions violations can range from fines to prison time. Helping a target evade sanctions carries the harshest penalties. Exceptions to sanction restrictions may be granted if a company can demonstrate that its interaction with a target is necessary and will not reduce the sanction’s effect. Exceptions, however, must be licensed by the sanction enforcers and subject the licensee to special reporting requirements to ensure that the license is not abused.
The role financial institutions play in enforcing sanctions
Financial institutions use many of the same approaches they use to guard against money laundering and terrorist funding to guard against proliferation financing. Know Your Customer (KYC) and Customer Due Diligence (CDD) practices lead specialized financial institution teams to thoroughly investigate whether prospective customers: 1) are who they say they are; 2) do not have ties to individuals or organizations known to have participated in money laundering, terrorist funding or proliferation financing. They do this using documents provided by applicants, as well as available public information, a variety of government watch lists and special intelligence from agencies charged with gathering information on these classes of criminals.
KYC/CDD teams then monitor customers’ financial activities after they are approved. They use risk ratings and profiles of those customers that the teams developed during the application investigation. These help KYC/CDD teams anticipate what kinds of financial activities each customer is likely to conduct. Activities contrary to expectations will trigger greater scrutiny from KYC/CDD teams.
KYC/CDD monitoring doesn’t stop with just the customers, either. Teams also monitor individuals and institutions with whom customers do business, to ensure that customers are not engaging in suspicious transactions with parties or institutions that may be involved or complicit in illegal financial actions. These are all basic KYC/CDD practices.
Monitoring for sanctions violations requires even more of KYC/CDD teams than their basic practices, though. Teams must also understand current sanction requirements. What countries, organizations and individuals are currently targeted? What specific restrictions apply to each? What individual licenses that permit limited interactions with targets exist? In cases where multiple bodies have placed sanctions on a target, financial institutions must also determine how each body’s sanctions apply to the current situation.
Then, too, they must understand specific typologies used in proliferation financing. Proliferators, like money launderers and terrorist funders, seek to make their transactions look like legitimate trade. They seek weak links – such as free-trade zones or countries whose attitude toward illicit money movement is lax – through which they can channel funds with the least risk of detection.
Some typologies are obvious. These include transactions that involve individuals or entities with connections to a targeted nation/organization, or individuals/entities with ties to weak links that proliferators can use as shipping destinations from which goods can be diverted to the target.
They may also involve transactions in which the stated use of materials or equipment described in the request for a letter of credit seems inconsistent with the customer’s usual business needs. Or, the destination listed for a prospective shipment is a freight-forwarding company.
Other typologies are subtler. These include requests for letters of credit based on vague or incomplete information. Proliferators often provide descriptions for intended purchases that seek to conceal the true nature of equipment or materials.
Asking for a letter of credit based on another institution’s letter of credit is also a red flag. Proliferators often use layers of letters of credit to conceal a trail of illicit transactions. Similarly, complex transaction trails that lead through a series of companies in a series of countries can also suggest suspicious activity.
By understanding potential red flags, financial institutions can better detect proliferators’ attempts to use them as channels for proliferation financing. The Financial Action Task Force’s (FATF) 2008 paper on proliferation financing is an excellent resource for this.
Financial institutions are positioned to play a key role in helping to enforce sanctions and block proliferation efforts. In fact, when proliferation funding runs through the traditional international financial system, KYC/CDD teams may be the best chance of identifying many of the transactions and activities connected to proliferation financing. Understanding current requirements and typologies – in addition to regular KYC/CDD practices – is crucial to stemming sanction violations and the proliferation of WMD.
For over 30 years, Marin Ivezic has been protecting people, critical infrastructure, enterprises, and the environment against cyber-caused physical damage. He brings together cybersecurity, cyber-physical systems security, operational resilience, and safety approaches to comprehensively address such cyber-kinetic risk.
Marin leads Industrial and IoT Security and 5G Security at PwC. Previously he held multiple interim CISO and technology leadership roles in Global 2000 companies. He advised over a dozen countries on national-level cybersecurity strategies.