1. What Is Proliferation Financing (PF)?
Proliferation financing refers to the act of providing funds or financial services, directly or indirectly, that contribute to the development, production, acquisition, stockpiling, or transfer of weapons of mass destruction (WMDs). This includes nuclear, chemical, biological, and radiological (CBRN) weapons, as well as their delivery systems.
The "proliferation" in proliferation financing refers to the spread of these weapons, particularly to states or non-state actors that are prohibited from possessing them under international law. The financing element works similarly to money laundering or terrorism financing: moving money, goods, or services through financial and trade channels in ways that obscure the ultimate purpose.
How PF Differs from Terrorism Financing
Terrorism financing (TF) involves funding acts of terrorism, which are typically carried out by non-state actors and involve relatively small sums. Proliferation financing, by contrast, tends to involve:
- State actors – sovereign governments subject to UN Security Council sanctions, such as North Korea and Iran.
- Larger and more complex transactions – often concealed within legitimate international trade flows, involving dual-use goods, technology transfers, or front companies.
- Longer time horizons – weapons development programmes take years or decades, the financing flows accordingly.
Understanding this distinction matters because the detection methods, red flags, and control frameworks for PF differ meaningfully from those designed for TF or ML.
2. FATF Recommendation 7 & Targeted Financial Sanctions
The international framework for proliferation financing is built around FATF Recommendation 7, which requires countries to implement targeted financial sanctions (TFS) in relation to the financing of proliferation of weapons of mass destruction.
What Recommendation 7 Requires
FATF Recommendation 7 specifically addresses UN Security Council sanctions regimes established under Resolutions 1267/1989/2253 (relating to Al-Qaeda and associated groups) and 1718 (relating to the Democratic People's Republic of Korea) and 2231 (relating to Iran). Countries must:
- Freeze without delay the assets of designated persons and entities, meaning immediately upon designation, without a court order or regulatory notice period.
- Prohibit the making available of funds or economic resources to designated parties.
- Ensure that all natural and legal persons within their jurisdiction, not just regulated financial institutions, comply with the prohibition.
The 2020 FATF Expansion: PF Risk Assessment
In 2020, FATF significantly expanded the scope of PF obligations beyond targeted financial sanctions through revisions to Recommendation 1 (Risk Assessment) and Recommendation 10 (Customer Due Diligence). Countries and regulated entities are now required to:
- Conduct a Proliferation Financing National Risk Assessment (PF NRA), distinct from the ML/TF national risk assessment.
- Require regulated entities to assess and understand their own inherent PF risk at the institutional level.
- Apply a risk-based approach to PF within their customer due diligence and monitoring frameworks.
This 2020 expansion is the primary reason why a standalone PF section is now expected in every regulated entity's AML programme – not merely a passing reference to sanctions screening.
3. UAE Legal Framework on PF (Federal Decree-Law No. 20/2018 & Cabinet Decision No. 74/2020)
The UAE has incorporated proliferation financing obligations into its legal and regulatory framework through several interlocking instruments.
Federal Decree-Law No. 20 of 2018
The primary AML/CFT law defines "financing of illegal organisations" broadly enough to encompass proliferation financing and requires all reporting entities to apply measures consistent with UAE's international obligations, which include the UN Security Council resolutions underpinning FATF Recommendation 7.
Cabinet Decision No. 74 of 2020 on Terrorism Lists
This Cabinet Decision establishes the UAE's framework for implementing targeted financial sanctions, including those related to WMD proliferation. It mandates:
- Immediate asset freezing upon designation, within hours, not days.
- Obligations to report frozen assets to the competent authority (the Executive Office for Control and Non-Proliferation, or EOCN).
- Prohibition on providing funds, financial services, or economic resources to designated persons and entities.
- Requirements for all natural and legal persons to comply with the prohibition.
Cabinet Decision No. 10 of 2019 (AML/CFT Implementing Regulation)
Article 4 of this Decision requires reporting entities to include PF risk within their enterprise-wide risk assessments. The supervisory authorities, Central Bank of the UAE, Securities and Commodities Authority, and Ministry of Economy, have all issued sector-specific guidance reinforcing this obligation.
The UAE's Proliferation Financing National Risk Assessment
The UAE published its PF NRA as part of its broader national risk assessment framework, identifying the sectors, transaction types, and jurisdictions that present the highest PF exposure. Regulated entities are expected to have regard to this assessment when conducting their own institutional PF risk assessments. Key sectors identified as higher-risk include trade finance, free zone entities, and businesses dealing in dual-use goods.
4. PF Risk Assessment: What UAE Businesses Must Cover
Unlike the binary question of "is this customer sanctioned?", which sanctions screening answers, a PF risk assessment asks a broader question: does this business relationship or transaction type create a pathway through which proliferation financing could occur, even if no designated party is currently identified?
Every UAE reporting entity must conduct a PF risk assessment at the institutional level, covering the following dimensions:
Customer Risk
Which customers in your portfolio, or customer types you commonly onboard, present elevated PF risk? Consider:
- Customers in or connected to jurisdictions under UN Security Council sanctions (North Korea, Iran).
- Customers involved in the manufacture, trade, or brokerage of dual-use goods or military-related items.
- Customers using complex corporate structures, particularly multi-jurisdictional chains involving free zones or jurisdictions with limited transparency.
- State-owned enterprises or government-connected entities from high-risk jurisdictions.
Product and Service Risk
Which of your products or services could be misused to facilitate PF? For financial institutions, trade finance products carry the highest inherent PF risk due to the volume of international goods flows they support. For free zone operators, the ability to import, store, and re-export goods through the zone creates exposure. For VASPs, the cross-border transfer of value without the information transparency of traditional wire transfers is a recognised PF vector.
Geographic Risk
Beyond the FATF list, which jurisdictions create PF exposure? The relevant framework here is UN Security Council designations, not just FATF grey/red lists. Businesses with transactional connections to Iran, DPRK, Syria, and other sanctions-designated states face inherent PF risk that must be assessed and mitigated.
Delivery Channel Risk
How are products and services delivered? Remote customer onboarding, reliance on third-party intermediaries, and use of free zones or transit jurisdictions all increase PF risk by reducing visibility into ultimate beneficial ownership and the nature of underlying transactions.
The output of this assessment must be documented, approved by senior management, and reviewed at least annually, or whenever a material change in the business or regulatory environment occurs.
5. PF Red Flags & Typologies: Dual-Use Goods, Shell Intermediaries
Proliferation financing is deliberately obscured within legitimate-looking trade and financial flows. The following red flags are recognised by FATF, the UN Panel of Experts, and UAE supervisory guidance as common indicators of potential PF activity.
Trade Finance Red Flags
- Requests to finance goods with dual-use potential, items that have legitimate civilian applications but can also be used in weapons programmes (e.g., certain electronics, metals, chemicals, precision machinery).
- Shipping routes or transshipment points that are economically illogical given the stated origin and destination of goods.
- Discrepancies between the description of goods in trade documents and their HS codes, values, or physical characteristics.
- Use of multiple middlemen or brokers in a transaction chain with no clear commercial rationale.
- Last-minute changes to the destination country, beneficiary, or payment routing that reroute the transaction through a sanctions-exposed jurisdiction.
- Payment by a third party in a different country from the stated buyer.
Corporate Structure Red Flags
- Shell companies with no identifiable business operations, employees, or physical presence, particularly when incorporated in jurisdictions known for opacity.
- Complex layered structures where the UBO cannot be identified despite reasonable investigation.
- Entities in free zones that import goods and re-export them without apparent value-added activity – a common typology for sanctions evasion identified in UAE context specifically.
- Companies with names or business descriptions that are vague or overly broad, inconsistent with the specificity of the goods they claim to trade.
Behavioural and Transactional Red Flags
- A customer who is unusually secretive about the end-use or end-user of goods being financed or traded.
- Requests to process payments in unusual currencies or through jurisdictions with no evident connection to the transaction.
- Use of cash or crypto assets in payment for high-value goods or technology.
- A customer who appears unfamiliar with the goods they are purportedly importing or exporting, suggesting they may be acting as a front.
None of these indicators is conclusive on its own. The obligation is to consider them holistically and escalate for further review when a cluster of red flags appears in the same transaction or relationship.
6. How to Update Your AML Programme for PF Compliance
If your AML programme addresses money laundering and terrorism financing but has not been explicitly updated for proliferation financing, the following steps will bring it into alignment with UAE regulatory expectations.
Step 1: Update Your AML Policy to Reference PF Explicitly
Your AML/CFT policy document should be expanded to "AML/CFT/CPF" (Combating Proliferation Financing) and should include a dedicated section explaining the entity's PF obligations, the legal basis, and the risk-based approach to be applied. Regulators conducting examinations will look for this as a baseline indicator of compliance awareness.
Step 2: Conduct a Standalone PF Risk Assessment
Do not simply add a paragraph to your existing ML/TF risk assessment. Conduct a separate PF risk assessment covering customers, products, geographies, and delivery channels as described in Section 4 above. Document the methodology, findings, and risk ratings. Where high PF risk is identified, document the mitigating controls.
Step 3: Enhance Sanctions Screening for PF
Standard sanctions screening against the UN Consolidated List and UAE EOCN lists is necessary but not sufficient for PF compliance. Consider whether your screening covers:
- Names and aliases of PF-related designees (which may differ from TF-related designees on the same list).
- Vessel, aircraft, and IP address screening where relevant to your sector.
- Screening of counterparties in trade transactions, not just direct customers.
- Frequency of list updates – your screening tool should refresh against updated lists within hours of a new designation.
Step 4: Train Your Team on PF-Specific Red Flags
Most AML training focuses on ML and TF typologies. Add a dedicated PF module covering the dual-use goods indicators, trade-based red flags, and jurisdictional risk factors outlined in Section 5. Front-line staff in trade finance, corporate banking, and free zone operations need targeted training, not just the generic AML awareness session.
Step 5: Review Correspondent and Third-Party Relationships
If your entity relies on correspondent banks, third-party introducers, or free zone operators as part of your service delivery, assess whether these relationships introduce PF risk that is not adequately mitigated. Include PF in your third-party due diligence questionnaires and onboarding reviews.
Step 6: Establish a PF Escalation and Reporting Protocol
Define clearly what happens when a PF red flag is identified: who is notified, what investigation steps are taken, what the escalation chain looks like, and under what circumstances an STR is filed on goAML. The STR obligation applies to PF suspicion as much as to ML or TF suspicion.
Is Your AML Programme PF-Ready?
Proliferation financing compliance has moved from a specialist niche to a mainstream regulatory expectation for UAE businesses. Supervisory examinations now routinely probe for standalone PF risk assessments, updated policy frameworks, and PF-specific staff training and gaps in any of these areas are increasingly treated as findings, not observations.
B-AML's compliance experts can review your existing AML programme and identify exactly where PF obligations are unmet. Our PF compliance review covers policy documentation, risk assessment methodology, sanctions screening adequacy, and staff training — delivering a clear remediation roadmap within two weeks.



