Institutional Proliferation Finance Risk Assessment Guide

The potential involvement of the private sector in supporting WMD programmes is broad. Proliferators need access to the private sector to generate money, transfer it and purchase dual-use goods. Furthermore, they need to leverage the private sector to trade with companies and, finally, import dual-use goods into their jurisdictions. Thus, while governments have a role to play in setting the regulatory and legal landscape to fight proliferation finance (PF), they need the cooperation of the private sector to achieve an effective global counterproliferation finance (CPF) framework. Thus the private sector, including financial institutions (FIs), has an essential role in identifying activities that may be suspicious, alerting relevant authorities, freezing assets and implementing financial sanctions.

This guide is designed to provide multi-jurisdictional support to the private sector in identifying activities that may be higher risk, determining the levels of PF risks the sector faces, and developing strategies to tackle such risks. With the private sector conducting institutional risk assessments (RAs), national authorities will obtain an increasingly comprehensive understanding of PF risk at national level. PF RAs will help institutions better understand and define their risk appetite while being aligned to CPF laws and regulations.

The guide documents the ways that FIs should understand the inherent PF risks they face through their customers, products and services offered, jurisdictions operated in and with, transactions, delivery channels used, and cyber threats. It explains how FIs can assess the inherent risk of these categories by considering the likelihood of the risk materialising, alongside the impact of the event should it materialise.

Once the inherent risk is evaluated, the next step is to assess the institution’s residual PF risks. This is achieved by assessing the effectiveness of the controls an FI has in place to tackle inherent risks. When the institution completes its PF RA, it can measure its residual risk and hence its vulnerability to PF risk. Institutions can then choose whether to accept this risk or to further mitigate or try to prevent such vulnerabilities and exposures to PF risk.

The guide explains that RAs should be a dynamic exercise, and that FIs need to ensure that emerging and/or future vulnerabilities to PF are identified. Furthermore, the RA should follow a risk-based approach that provides institutions with flexibility in relation to CPF efforts.