Proliferation finance risk assessment fails to assess risk: but is there value buried in the noise?
HM Treasury have published their first national risk assessment of proliferation financing.
In general HMT appear to self-certify that the UK has a “robust, bespoke regulatory framework in place to combat the threat posed by proliferation finance” however, the “risk assessment” would not meet any regulatory body’s own expectations of what a risk assessment should achieve. Potentially this document serves more as a political play to FATF rather than with the intent of being useful for firms at the sharp end of the industry.
It does not give any clear insight into inherent or residual risks and fails to tackle issues of likelihood or impact. There is little, if any, measurable content in the publicly available documentation of the risk assessment. It certainly falls short of the tests in the recent FCA Dear CEO letter of being “a powerful tool to help firms understand their risk exposure, set risk appetite, and inform their mitigating controls including the customer risk assessment and levels and types of customer due diligence”.
“...it became clear that PF is often considered alongside other illicit finance risks, particularly terrorist financing and money laundering, rather than as an independent risk which should be considered separately from other illicit activity. The UK has long supported a greater focus on PF risks and has advocated for changes to the FATF’s standards to strengthen requirements in this area.”
There is a clear assertion in the document that firms will be required to perform a separate PF risk assessment. With existing challenges in the quality and usefulness of AML, sanctions, terrorist finance, trade finance, bribery and tax evasion risk assessments the inclusion of another requirement seems somewhat ideological and detached from the real challenges facing commercial organisations.
However, the “risk assessment” does include some useful case studies which firm’s can use to test and self-assess their own controls or use as valuable training content.
Our recommendations:
Review the HMT risk assessment
Utilise the contents to further their own understanding of risk and in turn enhance their own systems and controls.
Whilst the tangible changes may be minimal, enhancements (including referencing of external source material) will be possible to both the business wide risk assessment (BWRA) and trade finance risk assessment (particularly when assessing dual use goods controls).
As you respond to the FCA / PRA trade finance letter it will be worth wrapping in this latest HMT risk assessment for completeness.
Consider whether your understanding of industry / sector risks sufficiently recognises proliferation finance concerns.
On the basis of all the above, trigger a focused review of certain customer relationships - including situations where KYC data may not be detailed enough to identify sectors, industries or customers posing a higher proliferation financing risk.
If you want to ensure your risk assessments would stand up to regulatory scrutiny or you’re wondering how to incorporate the messages from the risk assessment into your control framework, give us a shout – we have some practical ideas that address the real risk of financing the proliferation of chemical, biological, radiological, and nuclear weapons.. Do get in touch.
