America’s 2021 Counterproliferation Finance Agenda

The global proliferation of weapons of mass destruction by state and non-state actors continues to threaten international peace and security. While the United States has led efforts to target the financial networks that support such activity, much work remains to be done. An incoming administration and the Treasury Department’s expected 2021 update to the National Proliferation Financing Risk Assessment is an opportunity for the U.S. government to set an aggressive counterproliferation financing (CPF) agenda.

Despite a robust set of U.S. and UN sanctions intended to deny resources to proliferating states, countries like North Korea continue to successfully procure funds for their nuclear and ballistic missile programs through a variety of illicit activity and sanction evasions schemes. In particular, North Korea has developed sophisticated cyber capabilities to steal and procure funds for its weapons of mass destruction (WMD) programs. For example, the recent leak of the Department of the Treasury’s Financial Crimes Enforcement Network (FinCEN) records exposed an elaborate $175 million dollar North Korean money laundering scheme spanning over two U.S. presidential administrations. However, this is only one example of the vulnerabilities that have long faced government and financial institutions. Illicit actors continue to exploit enforcement and institutional vulnerabilities within U.S. sanctions regimes and financial institutions, ultimately threatening U.S. national interests and security.

The incoming Biden administration will have an opportunity to strengthen America’s counterproliferation finance regime, upholding the integrity of the international financial system and improving global security. To achieve these goals, the Biden administration will likely work closely with the Financial Action Task Force (FATF) and like-minded nations to create a multilateral and comprehensive approach to strengthening global counterproliferation finance efforts. The following recommendations address legal, regulatory, and enforcement avenues for the United States to leverage its traditional leadership role in global counterproliferation.

Policy Recommendations

1. Congress should provide increased intelligence analysis and investigation resources to FinCEN in order to allow better capitalization of the wealth of suspicious activity and other data provided by U.S. financial institutions and otherwise available to FinCEN.

As the FinCEN leaks demonstrate, illicit actors involved in proliferation, such as North Korea, are adaptable and sophisticated in using the vast transactions flows of the international financial system to launder funds and hide their illicit activities. However, the universe of suspicious activity reports (SARs) and other Bank Secrecy Act reporting also is vast. In the fiscal year 2019 alone, FinCEN received more than 20 million reports pursuant to the Bank Secrecy Act (BSA). The available data would further increase if FinCEN finalizes a proposed rule to reduce the applicable threshold for financial institutions to record information about originators and beneficiaries in international transactions from $3,000 to $250.

Therefore, Congress should allocate increased resources to FinCEN, in particular to its Intelligence Division and new Global Investigations Division, in order to bolster their ability to analyze SARs and other reports and records available to the agency through the BSA, and to combine these with other materials available to partner agencies through the FinCEN liaison system, to investigate such activity.

2. The Department of the Treasury, in coordination with the Department of Justice, can help like-minded countries draft and adopt legislation criminalizing proliferation finance.

Proliferation networks often abuse weak financial systems and institutions in jurisdictions with lax financial crime laws and poor enforcement capabilities. As the United States has adopted numerous pieces of legislation addressing illicit financial crime and proliferation-related activity, the Treasury can lead an U.S. government effort to assist like-minded countries in drafting legislation criminalizing proliferation finance and its supporting actors. For example, the U.S. government can collaborate with regional and multinational organizations such as ASEAN to tackle proliferation finance in Southeast Asia through biannual U.S.-ASEAN counterproliferation finance workshops. Additionally, the Department of State can provide regional-specific guidance and illicit activity reports in partnership with ASEAN, while the Departments of the Treasury and Justice can help national jurisdictions draft effective and enforceable legislation criminalizing proliferation finance.

3. The Department of Justice should levy fines on U.S. financial institutions that fail to incorporate Cybersecurity and Infrastructure Security Agency (CISA) guidelines and advisories into their due diligence practices by the end of 2021.

Illicit actors such as North Korea continue to exploit cybersecurity vulnerabilities within the global financial system to the benefit of its nuclear weapons development program. The Department of Justice can require cybersecurity audits as part of deferred prosecution agreements with financial institutions to encourage compliance with CISA-issued cybersecurity guidelines and advisories. Failure to implement fundamental cybersecurity practices, such as regular updates of computer software and operating systems, including ATMs, can result in significant cybersecurity breaches. Financial institutions could avoid both such cybersecurity breaches and government fines by incorporating lessons learned from the CISA malware analysis reports and FATF virtual assets red flag indicator guidelines into company due diligence protocols and employee cybersecurity training.

4. The Department of the Treasury should support the current initiative to include proliferation finance in national risk and foreign investment risk assessments before the 4th Round Mutual Evaluation Process in February 2021.

The Treasury should encourage countries to take appropriate steps to identify and assess the proliferation financing risks for their countries on an ongoing basis and in order to: (i) inform potential changes to the country’s counterproliferation finance regime, including changes to laws, regulations and other measures; (ii) assist in the allocation and prioritization of counterproliferation finance resources by competent authorities; and (iii) make information available for proliferation finance risk assessments conducted by financial institutions and designated non-financial businesses and professions (DNFBPs). Countries should update assessments and apply mechanisms to provide appropriate information on the results to all relevant competent authorities and socially responsible businesses, financial institutions, and DNFBPs.

5. The Department of the Treasury should update its existing guidance on counterproliferation finance requirements in concert with FATF and other responsible nations as stipulated in United Nations Security Council Resolutions 1540 (2004) and 2325 (2016).

Both UNSCR 1540 (2004) and 2325 (2016) highlight the importance of prohibiting proliferation finance activities and require countries to establish, develop, review, and maintain appropriate controls on providing funds and services related to the export of items that could contribute to WMD proliferation. Therefore, the Treasury should collaborate with FATF nations to update existing guidance related to global proliferation finance and inform like-minded countries of its own policies for combating illicit financial activity, including cybercrime, money laundering, and hacking attacks. The Treasury can also revisit the conclusions reached in the 2019 FATF Project Team on Proliferation Finance related to the criminalization of proliferation finance and international cooperation on information exchange to determine what further work is required.

6. The Department of the Treasury should create an Asia-focused counterproliferation version of the Terrorist Financing Targeting Center with Japan, South Korea, and Australia.

The Treasury should adapt the model of the U.S.-Saudi Arabia-Gulf Cooperation Council joint Terrorist Financing Targeting Center to coordinate designations and investigations with ally Indo-Pacific nations who have the authority to impose their own sanctions. While U.S. sanctions alone will most likely bear the greatest influence, a comprehensive and multinational approach will send equally important diplomatic signaling to illicit actors and proliferation financers. This could also lead to joint guidance, typologies, training, and information sharing which can circumvent the bureaucratic difficulties associated with UNSC politics.

7. The Department of the Treasury should use its authorities and relationships with federal functional regulators and state regulators to drive anti-money laundering (AML) program enforcement priorities to encourage and reward quality reporting on counterproliferation, while expanding information sharing safe harbors to facilitate such sharing.

Congress should expand section 314(b) of the USA PATRIOT Act to specifically permit sharing of information relating to potential counterproliferation activities within the PATRIOT Act’s safe harbor, regardless of information suggesting money laundering or terrorism finance. FinCEN could strengthen the utility of such sharing by providing advisories to strategically chosen financial institutions through its Secure Information Sharing System. Additionally, law enforcement and intelligence agencies could provide briefings that help financial institutions identify threat actors and deliver quality reporting. At the same time, FinCEN can better incentivize financial institutions to share information by playing a greater role in setting reporting and enforcement priorities for federal functional regulators. These regulators often lack adequate knowledge of counterproliferation and other national security threats to ensure that AML programs are competent to deliver quality reporting in these areas and defend against such threats.

8. The Department of Commerce should update its Elements of An Effective Controls Compliance Program (ECP) on various national security concerns, including proliferation finance and supporting actors.

Similar to the OFAC-5 Pillars Compliance Framework, the Bureau of Industry and Security can expand its ECP to help guide U.S. financial institutions and their foreign correspondents to better understand the intersection between export control violations and financial flows. Moreover, the Departments of Commerce and the Treasury can require financial institutions to include proliferation finance indicators within their existing compliance frameworks, including anti-money laundering and counterterrorism finance monitoring systems. This will allow increased visibility and documentation of illicit financial activity linked to global proliferation attempts.

9. The Department of the Treasury should organize annual workshops with the Wolfsberg Group to produce updated guidance protocols, white papers, and standardized education on CPF for global distribution.

Increased global coordination and understanding of U.S. sanctions regimes can lead to more successful implementation of counterproliferation finance efforts. The Treasury can collaborate with the thirteen global banks of the Wolfsberg Group to develop a standardized educational framework and guidance requirements on financial crime risks, counterproliferation finance, and cybersecurity for U.S. financial institutions and participating foreign banks. The Treasury and Wolfsberg Group can convene annually and produce a series of white papers for global distribution to banks and governments of like-minded countries to increase overall compliance and understanding of U.S. sanctions regimes and counterproliferation finance. The Treasury can also offer additional safe harbor protections to participating U.S. banks if they adequately incorporate the yearly guidance protocols into their risk assessment and management policies.

Jason Bartlett is a Research Assistant for the Energy, Economics, and Security Program at the Center for a New American Security. His work primarily focuses on proliferation finance and sanctions evasion tactics, including cyber-enabled financial crime. The author would like to thank Neil Bhatiya, Jonathan Brewer, and Carlton Greene for their invaluable comments during the drafting phase.