Proliferation financing in Australia: the rise of a new money laundering challenge

What is proliferation financing and what do regulated entities have to do?

Proliferation Financing (PF) is an international crime which facilitates the movement and development of illegal goods in order to provide weapons of mass destruction for rogue states like Russia, Iran and North Korea. It has become an increasing cause of global concern over the last decade, and its potential consequences can be severe – from global instability to a catastrophic loss of life. 

Regulated entities in many countries are required to undertake proliferation financing risk assessments. In the UK, the Legal Sector Affinity Group (LSAG) has published updated guidance on the anti-money laundering (AML) regulations to incorporate PF. Guidance is to carry out proliferation financing risk assessments, either as part of the firm’s existing practice-wide risk assessment or as a standalone document.

VinciWorks has created a number of tools to assist with proliferation financing compliance. This includes dedicated training modules on proliferation financing and template emails to update and inform staff. VinciWorks have also produced guidance on high risk jurisdictions on PF, incorporating the latest 2024 US National Proliferation Financing Risk Assessment prepared by the US Treasury. VinciWorks hosted a webinar on how to comply with proliferation financing which can be accessed here.

How does proliferation financing impact Australia?

AUSTRAC released their first national proliferation financing risk assessment at the end of 2022, and in it they highlighted Australian financial services and infrastructure being used to procure dual use goods and evade sanctions, and certain professionals like lawyers and accountants facilitating proliferation financing through shell companies and export issues.

Australia is uniquely at risk for proliferation financing given its extensive economic relations and trade with Asian markets which are popular destinations for transshipments to high risk countries like North Korea, Iran and Pakistan. Australia also has a high volume of dual-use goods and proliferation-sensitive exports. The large mining industry and exports of materials which are subject to UN sanction also has a risk of diversion to PF networks. The different way of regulating lawyers, accountants and company service providers in Australia caused AUSTRAC to highlight this as a risk factor. In the debates around the Tranche 2 reforms, we might see additional requirements on Australian firms to undertake proliferation financing risk assessments.

According to AUSTRAC’s 2022 PF National Risk Assessment, the key proliferation financing threats facing Australian professional services are:

  • Procurement of dual-use goods and sanctions evasion
  • Abuse of Australia-based corporate structures
  • Use of designated non-financial businesses and professions (DNFBPs)

What are some proliferation financing examples in Australia?

Sydney man jailed for North Korean arms shipments

Australia actually saw its first proliferation financing prosecution in 2021 when a Sydney man pleaded guilty to providing brokering services for selling arms related material from North Korea. Chan Han Choi was arrested in 2017 and accused of brokering five transactions for missiles, petrol, and coal on behalf of North Korea to entities in Indonesia. The New South Wales Supreme Court sentenced the man to three and a half years in prison.

Troll Holdings proliferation financing

In 2022, OFAC settled a case with an Australian freight and logistics company called Toll Holdings. Toll had processed thousands of transactions between North Korea, Iran and Syria, and had used the US financial system to do so. This was for the benefit of sanctified individuals and entities, and it was due to a complete failure of compliance controls from the company. Toll didn’t have in place policies of controls which matched the complexity of its operations. Toll had over 600 payment, invoicing and data systems spread across its business units, few of which talked to each other. The breaches only came to light when an internal whistleblower raised concerns about the company’s compliance with US sanctions. The company actually tried to mitigate its risk by ceasing all business with US sanctioned countries in 2016, but the company didn’t fully implement policies and procedures to stop payments from sanctioned entities. It didn’t test its procedures either, so customers based in US sanctioned countries could still use the company’s services, and it took another year for controls to finally prevent shipments to sanctioned countries. 

Sydney couple jailed for Iran sanctions evasion

In 2019, a New South Wales-based couple was convicted and sentenced for contravening

Australian sanctions law relating to Iran. The crimes  involved the procurement and supply of approximately 90 tonnes of export-sanctioned nickel alloys to Iran. The couple established and used a joint business venture to procure the production of the nickel alloy from a UK company. Then the nickel alloy was shipped from the UK to a company in Dubai owned by Iran, then forward to Iran in breach of Australian sanctions. 

Taking on clients near PF high risk borders

In 2018, an international bank submitted a suspicious matter report to AUSTRAC regarding Company X. The company had declared its main place of business in the Dalian

province in China. This region is near the border with North Korea and considered a high-risk region for sanctions evasion and proliferation financing activity. Company X received a number of incoming transfers from shipping companies located in Hong Kong and China, and then attempted to remit these funds to an unknown beneficiary in Vladivostok,

Russia. This was a clear risk of proliferation financing related to geographic risk. 

Risk of Australian trade with North Korea

Asia has historically been a popular destination for sanctioned trade with North Korea. North Korea is known to route sanctioned goods and proliferation financing-related financial transactions through third countries as a way of obfuscating their connection to the country, designated entities and sanctioned activities. The combination of geographic proximity, gaps in sanctions compliance and regimes to fight financial crime, and in some instances political sympathies and cultural ties, makes parts of Asia particularly vulnerable to proliferation financing activity by North Korea.

Australia’s free trade agreements with the Association of Southeast Asian Nations (ASEAN) and other bilateral agreements in the region may add to this vulnerability by streamlining the flow of goods and finances between Australia and the region. Illicit trade and financial flows may be mixed with legitimate activity, making it difficult to identify instances of sanctions evasion through third countries. Some goods like petroleum and coal are also transferred in illicit ship-to-ship transfers at sea, with parts of the Yellow Sea and East China Sea being particularly popular locations for such transfers.

In 2022, Australia-ASEAN trade reached 178 billion Australian dollars. Australian goods exports to Southeast Asia were mainly minerals and fuels were worth 31.3 billion Australian dollars that year. 

Key Australian exports with PF risks include transportation products and components such as aircraft, spacecraft, ship and automotive. Weapons parts and accessories, as well as machines including gas turbines, liquid pumps and centrifuges which could all be useful for WMDs. Asian countries were the primary destination for these exports.

Australian mining sector proliferation financing risks

Australia is a significant contributor to global mining, with over 350 mines across the country. Australia is the leading global exporter of zinc ore, iron ore, precious metal ore, aluminium ore, gold, copper ore, raw aluminium, natural uranium, uranium ores and concentrates. Combined with a number of active ports including the world’s largest iron ore port in Port Hedland, WA, the sheer volume of exports makes Australia uniquely vulnerable to diversion or theft of resources by proliferation networks.

Under UN sanctions, export of metals to North Korea is prohibited, so the financing of such trade with the country would risk violating UN proliferation financing sanctions. Iran is banned from entering into any commercial agreements involving the mining of uranium, or the ‘production or use of nuclear materials and technology.’ Export of proliferation-sensitive materials, technology and expertise to Iran and North Korea is also prohibited.

Australian mining expertise and technology and some of the materials it produces may also be of interest to other proliferation actors, either for their value or for their application in industry, including for military or WMD purposes. Involvement in prohibited commercial activities or trade within the mining sector may therefore constitute proliferation financing and may involve sanctioned entities, or those acting on their behalf.

What is the legislative background of proliferation financing in Australia?

Australia has signed a number of international conventions on non-proliferation, disarmament and export control regimes. The Department for Foreign Affairs and Trade (DFAT) has responsibility to ensure Australia’s obligations under the Nuclear Non-Proliferation Treaty and the Chemical Weapons Convention are met.

A number of Commonwealth laws deal with combating WMD proliferation:

  • Chemical Weapons (Prohibition) Act 1994 – implements criminal offences for violations of the1972 United Nations Convention on the Prohibition of the Development, Production and Stockpiling of Bacteriological (Biological) and Toxin Weapons and on their Destruction
  • Comprehensive Nuclear-Test Ban Treaty Act 1998 – prohibits the causing of any nuclear explosion at any place within Australian jurisdiction or control and establishes a penalty or life imprisonment for an offence against this prohibition
  • Crimes (Biological Weapons) Act 1976 – implements criminal offences for violations of the1972 United Nations Convention on the Prohibition of the Development, Production and Stockpiling of Bacteriological (Biological) and Toxin Weapons and on their Destruction
  • Customs Act 1901 and (Prohibited Exports) Regulations 1958 – prescribes prohibited exports and is administered by the Australian Border Force
  • Nuclear Non-Proliferation (Safeguards) Act 1987 – regulates nuclear material in Australia and is administered by the Australian Safeguards and Non-Proliferation Office
  • Weapons of Mass Destruction (Prevention and Proliferation) Act 1995 – covers exports not controlled under the Customs Act which may contribute to WMD programs and is administered by the Department of Defence

What are the relevant Australian government agencies who deal with proliferation financing?

Australia has a number of coordinated agencies and government departments dealing with proliferation financing.

AUSTRAC is Australia’s AML/CTF regulator and financial intelligence unit. AUSTRAC provides specialist financial analysis capabilities to help protect Australia from proliferation actors and sanctions evasion activities.

The Australian Border Force (ABF) monitors and detects the illegal movement of people, goods, and illicit cash across the border. It also administers border controls on United Nations-sanctioned goods to prevent activities that may contribute to the proliferation of WMD.

The Australian Federal Police (AFP) is responsible for investigating serious and complex crimes against the federal government (including sanctions offences). The AFP leads the multi-agency Criminal Asset Confiscation Taskforce, which would be involved in any asset seizure or forfeiture relating to designated entities.

The Commonwealth Director of Public Prosecutions prosecutes offences against federal law, which includes sanctions and proliferation financing-related offences.

The Defence Export Controls (DEC) branch within the Department of Defence is Australia’s Military and dual-use goods and technology export regulator. The DEC issues permits to export, supply, publish or broker military and dual-use goods and technology listed on the Defence and Strategic Goods List; and works to ensure exported items are not used in, or assist, a WMD program.

The Department of Foreign Affairs and Trade (DFAT) leads domestic coordination and international cooperation in relation to proliferation financing. The Australian Sanctions Office in DFAT is responsible for the administration of Australian sanction laws, consistent with Australia’s international obligations and foreign policy objectives. 

The National Intelligence Community (NIC) is composed of ten Commonwealth agencies that have intelligence and operational roles for aspects of counter-proliferation and counterproliferation financing. 

What to do now to stay compliant with proliferation financing?

VinciWorks has created a number of tools to assist with proliferation financing compliance. This includes dedicated training modules on proliferation financing and template emails to update and inform staff. VinciWorks have also produced guidance on high risk jurisdictions on PF, incorporating the latest 2024 US National Proliferation Financing Risk Assessment prepared by the US Treasury. VinciWorks hosted a webinar on how to comply with proliferation financing which can be accessed here.

Download our guide to proliferation financing

Download our proliferation financing policy template

Join our webinar on proliferation financing on Wednesday, 3 April 2024 – or register to receive a free recording

How are you managing your GDPR compliance requirements?

GDPR added a significant compliance burden on DPOs and data processors. Data breaches must be reported to the authorities within 72 hours, each new data processing activity needs to be documented and Data Protection Impact Assessments (DPIA) must be carried out for processing that is likely to result in a high risk to individuals. Penalties for breaching GDPR can reach into the tens of millions of Euros.

GDPR added a significant compliance burden on DPOs and data processors. Data breaches must be reported to the authorities within 72 hours, each new data processing activity needs to be documented and Data Protection Impact Assessments (DPIA) must be carried out for processing that is likely to result in a high risk to individuals. Penalties for breaching GDPR can reach into the tens of millions of Euros.

“In a world older and more complete than ours they move finished and complete, gifted with extensions of the senses we have lost or never attained, living by voices we shall never hear.”

Picture of James

James

VinciWorks CEO, VInciWorks

Spending time looking for your parcel around the neighbourhood is a thing of the past. That’s a promise.

How are you managing your GDPR compliance requirements?

GDPR added a significant compliance burden on DPOs and data processors. Data breaches must be reported to the authorities within 72 hours, each new data processing activity needs to be documented and Data Protection Impact Assessments (DPIA) must be carried out for processing that is likely to result in a high risk to individuals. Penalties for breaching GDPR can reach into the tens of millions of Euros.

GDPR added a significant compliance burden on DPOs and data processors. Data breaches must be reported to the authorities within 72 hours, each new data processing activity needs to be documented and Data Protection Impact Assessments (DPIA) must be carried out for processing that is likely to result in a high risk to individuals. Penalties for breaching GDPR can reach into the tens of millions of Euros.

How are you managing your GDPR compliance requirements?

GDPR added a significant compliance burden on DPOs and data processors. Data breaches must be reported to the authorities within 72 hours, each new data processing activity needs to be documented and Data Protection Impact Assessments (DPIA) must be carried out for processing that is likely to result in a high risk to individuals. Penalties for breaching GDPR can reach into the tens of millions of Euros.

GDPR added a significant compliance burden on DPOs and data processors. Data breaches must be reported to the authorities within 72 hours, each new data processing activity needs to be documented and Data Protection Impact Assessments (DPIA) must be carried out for processing that is likely to result in a high risk to individuals. Penalties for breaching GDPR can reach into the tens of millions of Euros.