What does counter-proliferation financing involve?

Counter-proliferation financing (CPF) is the third pillar of the UK’s financial crime framework, sitting alongside anti-money laundering (AML) and counter-terrorist financing (CTF). 

It refers to the controls and obligations that regulated firms apply to detect and disrupt the financing of weapons of mass destruction, such as nuclear, chemical, biological and radiological weapons, and their delivery systems.

FATF significantly strengthened its CPF standards in 2020, and the UK’s Money Laundering Regulations 2017 (as amended) (MLRs) now explicitly require regulated businesses to assess and address proliferation financing risk as a standalone obligation.

Supervisors are increasingly looking for evidence that firms have done exactly that.

How CPF differs from AML and CTF

With money laundering, the concern is the criminal origin of funds and the attempt to legitimise them. With terrorist financing, the concern is the destination of funds, which may themselves be entirely legitimate. 

With proliferation financing, the concern is both more specific and more complex: funds, goods and services being channelled towards the development or acquisition of weapons capable of mass casualties.

Proliferation financing often involves sanctions evasion rather than obvious financial crime. The parties involved may be state-linked entities, front companies or intermediaries operating across multiple jurisdictions. 

The legal framework behind CPF

Proliferation financing obligations in the UK come from two pieces of legislation.

The Sanctions and Anti-Money Laundering Act 2018 provides the framework for implementing UK sanctions, including those targeted at proliferation-related individuals, entities and ships. 

Many of the most significant CPF-related designations appear on the UK Consolidated List, maintained by OFSI, and relate to state programmes linked to weapons of mass destruction, with North Korea and Iran being the most prominent examples.

The Money Laundering Regulations 2017 require regulated firms to assess proliferation financing risk at both business and client level. This is a distinct requirement from the AML and CTF risk assessments, and supervisors expect it to be treated as such. 

For example, a business-wide risk assessment that addresses money laundering and terrorist financing without considering proliferation financing is incomplete under the current framework.

FATF’s (the Financial Action Task Force) updated Recommendation 1, introduced in 2020, requires countries to apply a risk-based approach specifically to proliferation financing. The UK’s regime reflects that expectation.

What CPF risk looks like in practice

The UK’s 2025 National Risk Assessment identified proliferation financing as a growing concern across professional services, reflecting the increasing sophistication of sanctions evasion and the use of legitimate business structures to move funds undetected. 

Your counter-proliferation financing  risk assessment should reflect your actual client base and services, not a default assumption that the risk doesn’t apply to you. NRA and FATF guidance are clear that certain types of work carry more inherent risk. These include:

Trade finance and logistics, where dual-use goods (items with legitimate civilian applications but potential weapons-related uses) can be moved through complex supply chains involving multiple jurisdictions and intermediaries.

Corporate and trust structuring, where layered ownership arrangements or nominee structures can obscure the ultimate beneficiary of a transaction or business relationship, creating opportunity for sanctions evasion.

International transactions involving high-risk jurisdictions, particularly where those jurisdictions are subject to arms embargoes or identified by FATF or the UK government as having weak export controls or sanctions frameworks.

Professional services supporting trade, including legal advice on contracts, shipping documentation or financing arrangements where the underlying goods or parties may have proliferation-related connections.

The common thread is that counter-proliferation financing risk tends to be most present where international exposure, complex structures or opaque supply chains are involved, which is why the MLRs require you to assess it at both business and client level.

Sanctions screening and CPF

Sanctions screening is the most direct counter-proliferation financing control available to regulated firms. The UK Consolidated List includes individuals, entities and ships connected to weapons programmes that are subject to asset freezes and other financial restrictions.

Screening clients, beneficial owners, directors and counterparties against current sanctions lists is a legal requirement, and CPF is a core part of why. 

For firms with international exposure, particularly those involved in trade, manufacturing, logistics or cross-border corporate work, screening needs to be current, documented and built into both onboarding and ongoing monitoring.

Where a potential match arises, the process mirrors the sanctions response more broadly: review the match carefully, stop the transaction if it’s confirmed, freeze any relevant funds or assets and report without delay.

Staff training and CPF awareness

Regulation 24 of the Money Laundering Regulations 2017 requires training to cover proliferation financing alongside money laundering and terrorist financing. 

Effective counter-proliferation financing training doesn’t require your staff to become export control specialists. It does require them to understand what proliferation financing is, why it matters, what the red flags might look like in the context of your firm’s work, and what to do if a concern arises. 

For most firms, that means situating CPF clearly within your wider financial crime training rather than treating it as a technical add-on.

Final thoughts

The practical challenge of CPF is proportionality. For a sole practitioner accountant with a domestic client base, the proliferation financing risk could be genuinely low but it still needs to be assessed, documented and reflected in the business-wide risk assessment. 

For a firm advising on international corporate structures, trade transactions or clients with connections to high-risk jurisdictions, the risk might warrant more detailed consideration and stronger controls.

What supervisors are looking for is evidence of genuine thought: that you’ve considered CPF as a distinct risk, assessed it in the context of your actual client base and services, and applied controls proportionate to what you found.