The Financial Action Task Force (FATF) in October 2020 adopted amendments expanding Recommendation 1 to include proliferation financing (PF) risk, in addition to money laundering and terrorist financing risks. Key PF typologies clearly demonstrate that certain open source data connected to show relationships can be critical in detecting and mitigating PF risk.
FATF defines “proliferation financing risk” strictly as “potential breach, non-implementation, or evasion” of targeted financial sanctions called for in Recommendation 7. FATF also has begun revising its methodology for assessing the new obligations and, during its fifth-round evaluations, it will look for concrete steps towards implementation, including providing guidance and PF-related information to the private sector.
Even with these amendments, the risk-based approach expectation still applies and financial institutions (FI) must take steps to identify and assess risks tailored to the nature/size of their business. Network analytics, in particular, prove incredibly helpful in identifying and gaining a better understanding of not only PF risk but many other types of financial crime risks.
DPRK’s Use of Chinese Intermediaries to Procure for WMD, Missile Programs a Perfect Example
A scheme used by the Democratic People’s Republic of Korea (DPRK) to procure goods used in its WMD and ballistic missile programs demonstrates why connecting ownership and control data and analyzing relationships can help FIs detect complex PF risk.
Specifically, the DPRK sells natural resources to Chinese companies that send payment to China- or Hong Kong-based front, shell, or licit trading companies, which later ship goods to the DPRK. This scheme easily could result in a breach of sanctions — one of the risks specified by the FATF.
What is notable about this scheme, however, is that some red flags associated with it show that, by connecting ownership and control data using graph technology, investigators are enabled to more quickly and effectively detect the scheme and mitigate associated risk.
#1: Many of the front & shell companies have shared:
- corporate officers
- authorized signers
- phone numbers
#2: Often these companies receive payment for good/services unrelated to their stated business.
#3: Often these companies are ”cycled” — used to transact for a period of time, after which they are inactive and replaced by another company typically with the same address.
Open Data Exploration with Graph Leads to Better Risk ID & SARs
These red flags show that there are several types of relationships involved in the DPRK scheme: one-to-many, many-to-one, and many-to-many. Graph technology can quickly build a visualization of these relationships to make exploration of what is often a tremendous amount of data fast and easy. Patterns and typologies emerge to more quickly enable risk detection and focus investigators on the most important subjects of an investigation. A more complete picture of individual entities along with a relationship map also helps them craft more comprehensive, useful SARs.
FATF Watch: For more information on the amendments to Recommendation 1, please see FATF’s Public Statement on Counter Proliferation Financing.