ISRM: A quick review of the 2024 US National Proliferation Financing Risk Assessment

risk assessment

The United States Department of the Treasury released an updated National Proliferation Financing Risk Assessment (NPFRA) for 2024. Here, Mark Nuttall, Middle East Region chair of the ISRM offers a quick overview of the new guidelines, providing insight into the key risks and threats identified in the 2024 NPFRA, with a particular emphasis on geopolitical factors, economic vulnerabilities, and legal and regulatory challenges.

Firstly, what is it?

The 36-page document, in accordance with the Financial Action Task Force’s (FATF’s) PF risk assessment guidance, aims to identify and better understand the risks associated with proliferation financing, thereby strengthening the ability to prevent individuals and entities from raising, storing, moving, and using funds, financial assets, or other economic resources in connection with the proliferation of weapons of mass destruction.

Executive Summary

The 2024 NPFRA examines the persistent proliferation financing (PF) threats and vulnerabilities within the United States, identifying key actors, trends, and emerging issues while also presenting several case studies.

Importantly, the report recognises the significance of conducting regular risk assessments to strengthen the ability to prevent individuals and entities from raising, storing, moving, and using funds, financial assets, or other economic resources related to the proliferation of weapons of mass destruction (WMD).

Key Findings

The report highlights several key findings. It establishes that the size of the US financial system, the centrality of the US dollar in global trade, and the role of US manufacturers in producing military and proliferation-related technology continue to make the US a target of exploitation by PF networks.

Moreover, the report identifies several state actors, including the Russian Federation, Democratic People’s Republic of Korea, Iran, the People’s Republic of China, Syria, and Pakistan, as posing significant PF risks.

Finally, the report notes the emerging trend of cyber-enabled proliferation financing and the use of new and alternative payment infrastructure.


The 2024 NPFRA identifies several key threats to the US, with state-sponsored or -affiliated actors posing the most significant PF threat.

These actors leverage significant technical expertise to design and execute clandestine procurement and revenue-raising schemes at scale, often in violation of comprehensive multilateral and US sanctions and export controls.

Russian Federation

The risk assessment report identifies Russia as one of the highest-risk threat actors due to the scope and sophistication of its illicit procurement and revenue-generation efforts.

Russia’s invasion of Ukraine in February 2022 highlighted its illicit procurement of a variety of goods and technologies with military applications.

Russia continues to utilise complex transnational networks to acquire much-needed technology and equipment for its war economy.


The risk assessment identifies the Democratic People’s Republic of Korea (DPRK) as a significant threat actor.

The DPRK has continued to conduct malicious cyber activity and deploy information technology (IT) workers to, at least in part, fund its WMD capabilities.

This activity includes efforts to illicitly raise revenue in fiat currency and virtual assets, including hacking of Virtual Asset Service Providers (VASPs) and, to a lesser extent, ransomware attacks.


Iran is mentioned as a significant threat actor due to its ongoing nuclear activities and its increasing uranium stockpile.

The report also identifies Iran’s export of Unmanned Aerial Vehicles (UAVs) in violation of UNSCR 2231 as a proliferation concern.

Other Threat Actors

The risk assessment report also identifies the People’s Republic of China (PRC), Syria, and Pakistan as posing significant PF risks.

The PRC’s pursuit of military capabilities, Syria’s past use of chemical weapons, and Pakistan’s continued ballistic missile development are all identified as significant threats.


The report also identifies several key vulnerabilities with respect to PF, including the size, sophistication, stability, and openness of the US financial system, as well as industrial and technological factors.

It also identifies legal and regulatory factors as key vulnerabilities, including gaps in the US AML/CFT/CPF framework, the lack of a beneficial ownership information (BOI) reporting framework prior to January 2024, and the risks posed by the extensive use of convertible virtual currency (CVC) mixing services by a variety of illicit actors.

Case Studies

The report presents several detailed case studies illustrating the intersection of threats and vulnerabilities.

These case studies are divided into two parts:

The “traditional” procurement and revenue-raising model;

And the “digital” revenue-raising model.

The former explores how proliferation networks mimic legitimate commercial trade to acquire goods or raise revenue, often leveraging corporate entities to gain access to financial services and exploiting the maritime sector.

The latter discusses how state actors use cyber capabilities, such as cyber-enabled theft or ransomware attacks, to raise and move money by conducting attacks on financial institutions, including VASPs.


The 2024 National Proliferation Financing Risk Assessment provides a detailed overview of the key risks and threats associated with proliferation financing within the United States.

It highlights the importance of regular assessments and the implementation of effective countermeasures to mitigate these threats.

This rapid review has sought to summarise and analyse the key findings of the 2024 NPFRA, providing a quick headline overview of the key threats, vulnerabilities, and case studies identified in the report.

For more ISRM news, click here


Related posts

Scroll to Top