Measures for detecting proliferation financing risk are designed to help identify sanctions evasion and uncover the beneficial owners of corporate entities.
In March, the UN Panel of Experts on North Korea released its annual report on sanctions implementation, highlighting the increasing sophistication of the country’s nuclear and ballistic missile programmes and the growing scale of sanctions evasion activity to fund these programmes.
The report said North Korea has displayed a range of new ICBM capabilities at military parades, is preparing to test and produce new ballistic missile warheads, and is still operating a facility uranium enrichment facility, in violation of UN sanctions.
North Korea continues to seek material and technology for its weapons programmes from overseas, facilitated by access to international banking channels via foreign representatives, joint ventures, offshore accounts, shell companies and virtual asset service providers, the report said.
It also pointed to state-sponsored cyber attacks, crypto hacks, illicit labour networks, and the export of prohibited goods such as coal as some of the activities being used to fund North Korea’s weapons programme.
North Korea has been engaged in such activity for years, and the UN Panel of Experts has been issuing such reports for a decade, detailing the PF (proliferation financing) threat. In June 2019, in response to a call from G20 leaders, the FATF (Financial Action Task Force) agreed to pursue further work to strengthen its standards on CPF (countering proliferation finance).
This led to amendments to FATF Recommendation 1 and its Interpretive Note in October 2020 to require countries, financial institutions and DNFBPs (designated non-financial businesses and professions) to identify, assess, understand and mitigate PF risks – as a core obligation.
Uncovering true identities
To facilitate compliance with the new requirements, the FATF released draft guidance for consultation detailing specific measures that financial institutions (and other entities) can take to mitigate the risk. These include enhanced onboarding processes, customer due diligence procedures and sanctions screening controls, among other recommendations.
The measures are largely designed to help identify sanctions evasion and uncover the beneficial owners of corporate entities (including shell companies) being used to avoid detection. “Where appropriate, financial institutions should supplement the reliance on list-based screening by additional due diligence measures to mitigate the risk of potential sanctions evasion,” the draft guidance says.
According to the UN Panel of Experts, the networks of shell companies and front companies being used for North Korean sanctions evasion are predominantly registered in Hong Kong, BVI, Seychelles, and Singapore. This points to specific challenges with due diligence and KYC procedures particularly when jurisdictions do not have complete transparency around beneficial ownership.
In a recent online briefing, Aaron Arnold, a member of the UN Panel of Experts on North Korea, noted that oftentimes individuals have no affiliation with the network being used to evade sanctions and, in some cases, don’t even know that they’re listed on companies as a director. This provides additional impetus for banks to carry out additional due diligence procedures to uncover the true identities of company directors.
“Greater identity management could potentially go a long way and offers generally better avenues for implementing compliant sanctions programmes,” Arnold said. Yet, the challenge to identify ultimate beneficial owners of shell companies and match them against high-risk or designated individuals has been a long-standing challenge for the financial industry.
The UN Panel of Experts report noted a heavy reliance by North Korea on corporate service providers to facilitate its sanctions evasion activities. The Panel encourages countries to continue to address opaque corporate registration rules and regulations that may afford anonymity to sanctions evasion activities.
A significant resource gap
Still, the fact that North Korean nationals have managed to open USD-denominated bank accounts to support their operations has raised questions about the level of due diligence banks perform on customers. According to Arnold, such failures are typically attributable to issues related to resources and technical capabilities.
“What is becoming very apparent is a significant resource gap between large and small banks,” he said. “In many cases, basic analytics technology was just not available [at small banks], or they were short-staffed in terms of personnel resources. That is a significant and growing problem. There is also a lot of circumstantial evidence to suggest that willful ignorance is a factor in some cases.”
One of the recommendations from the UN Panel of Experts report is for countries to work with technology firms to “promote and enhance sanctions compliance implementation capacity and capability”. The technology challenge, however, stems from several key areas.
According to Gokce Arslan Kumar, Threat Finance Research Manager for APAC at LSEG, one of these areas is the high volume of false positives generated by systems screening for Asian names. For instance, roughly 45 percent of all Koreans share just 3 family names.
“While higher false positives result from technology that allows fuzzy logic to be applied, a deluge of false positives may overburden already strained compliance teams, who may in turn close alerts without a thorough investigation,” she said.
“The right approach requires the use of technology that allows name matching thresholds to be set at the level of risk that the regulated institution is comfortable with, while working with risk intelligence data that is rich with secondary identifiers such as date of births and local aliases which would allow for resolving these false positive hits quicker.”
The FATF guidance likewise suggests that investment in AI/machine learning technology and advanced software to conduct analysis may help strengthen the compliance practices of financial institutions that are exposed to high PF risks. “This would enable them to identify linkages and relationships, and build PF scenarios and recognise patterns, which would be difficult to establish otherwise.”
“As designated entities and individuals are increasingly using advanced deception techniques to hide their true identities and conceal the beneficial owners, financial institutions and DNFBPs should be vigilant to such risks and stay ahead of the curve,” the guidance says.
A pure lack of awareness
A further challenge for financial institutions relates to a pure lack of awareness and understanding of the PF risks they may face. The FATF guidance highlights a low level of PF risk awareness among employees and a lack of understanding of targeted financial sanctions requirements as key issues.
“Last year we found that international banks were more likely to have a PF compliance programme, whereas the smaller nationally focus banks were less aware of the risk,” said Emil Dall, Senior Research Fellow at the Centre for Financial Crime and Security Studies at RUSI, citing findings from a global survey published last year in collaboration with ACAMS.
The survey found that just 40 percent of respondents were familiar with proliferation finance. This lack of industry understanding was found to be less prevalent among international banks, which were more likely to consult red flags, typologies and other resources such as the UN Panel of Expert reports on North Korea.
To address this, the FATF says financial institutions should allocate “appropriate and proportionate resources” to this area, and provide training to relevant personnel on the implementation of CPF measures, based on risk assessments.
“Regular and in-depth training in the areas of targeted financial sanctions obligations and risks … can help build capacity and lead to better overall compliance” for financial institutions. In particular, training should be provided for staff responsible for onboarding customers, maintaining customer relationships, monitoring transactions and handling risk assessments, the FATF says.
“As appropriate, staff should be aware of proliferation financing risks, typologies in relation to the breach, non-implementation or evasion of targeted financial sanctions, and the required risk mitigation measures.”
To learn more about proliferation finance trends and key considerations for conducting a PF risk assessment, join this webinar (27 May 2021).
Hosted by Regulation Asia and Refinitiv, the webinar will feature Dr Jonathan Brewer (King’s College London), Emil Dall (RUSI), and Gokce Arslan Kumar (LSEG) as speakers.