Navigating Sanctions and Proliferation Financing Risks in Australia

Introduction: The Role of Sanctions in Safeguarding Australia

Australia’s sanctions regime plays a central role in protecting national security and supporting international peace. By restricting activities that could enable the development or spread of Weapons of Mass Destruction (WMD), sanctions help ensure that businesses, institutions, and individuals do not inadvertently contribute to threats against global stability.

Purpose of the ASO Advisory

The Australian Sanctions Office (ASO), part of the Department of Foreign Affairs (DFAT), has issued guidance on Sanctions and Proliferation Financing to assist organisations in strengthening their compliance systems. The focus is on recognising and mitigating the risks of Proliferation Financing (PF), while encouraging Regulated Entities (REs) to adopt practices that align with both domestic obligations and international expectations.

Who Must Comply

These obligations apply to a wide group collectively described as REs. The category covers government agencies, private companies, professional service providers, and individuals whose activities fall within the scope of sanctions law. For each of these groups, compliance is more than just a formal requirement; it is a safeguard against exposure to unlawful or destabilising activities.

National and International Standards

Sanctions compliance reflects a blend of international standards and domestic law.

International standards include:  

• Financial Action Task Force (FATF): 

Globally, FATF provides the benchmark for combating Money Laundering (ML), Terrorism Financing (TF), and PF. Recommendation 7 requires the use of Targeted Financial Sanctions (TFS) to counter PF, while the FATF “call to action” requires stronger measures against high-risk jurisdictions such as Iran and the Democratic People’s Republic of Korea (DPRK).  

• United Nations Security Council (UNSC) 

UNSC reinforces this framework through resolutions such as 1540 (2004), which obliges states to prohibit non-state actors from engaging in activities relating to WMD, and 2325 (2016), which calls for stronger enforcement and tighter export controls. 

Domestically, Australia gives effect to these commitments through: 

• The Charter of the United Nations Act 1945, implementing UNSC Sanctions. 

• The Australian Sanctions Regulations and Rules impose additional Australia-specific measures 

• The Anti-Money Laundering and Counter Terrorism Financing (AML/CTF) Act (effective March 2026) requires risk assessments, Enhanced Due Diligence (EDD) for high-risk jurisdictions, and checks against the Consolidated List. 

• Defence Export Controls (DEC) regulate the export of military and dual-use goods to prevent their misuse.

Core Concepts Every Business Should Understand

For organisations subject to Australian sanctions law, there are a few concepts that form the foundation of compliance.

Proliferation Financing

PF refers to the provision of funds or financial services that support the development, movement, or possession of nuclear, chemical, biological, or radiological weapons and their delivery systems. Such activities breach both national and international laws and present significant risks to global peace.  

Preventing such financing is therefore critical not only for international security but also for maintaining the integrity of Australia’s financial system.

DFAT’s Consolidated List

A cornerstone of sanctions compliance is the Consolidated List maintained by the Department of Foreign Affairs and Trade (DFAT). This list identifies designated persons and entities that are subject to TFS, and in some cases, travel bans.  

In practice, organisations must screen transactions and parties against this list to ensure they are not engaging with prohibited actors. This measure forms part of the robust internal controls required under Australian sanctions law.

Risk of Dual-Use Goods

Dual-use goods are items designed for both civilian and military applications. They pose risks because proliferators often exploit legitimate supply chains to acquire them.  

Warning signs include requests to route goods through unusual shipping hubs, resistance to providing end-user certificates, or unclear end-use information. Trade in dual-use goods without a transparent purpose is one of the strongest red flags for potential PF.

Sanctions Permits

In certain cases, the Minister for Foreign Affairs may issue a Sanctions Permit, authorising an otherwise prohibited activity. These permits are only granted where doing so serves Australia’s national interest.

Sanctioned Vessels

A vessel may be designated as sanctioned if: 

• It is listed by the Minister under the Autonomous Sanctions Regulations 2011. 

• It is designated by the UNSC Resolution 1718 (2006) committee.  

• It is specified under the DPRK sanctions framework or is a DPRK-flagged or registered vessel.

Reasonable Precautions

REs are expected to take “reasonable precautions” to avoid involvement in sanctioned activities. This typically involves:  

• Implementing internal controls. 

• Screening against the Consolidated List. 

• Training staff to recognise sanctions risks. 

What counts as reasonable varies according to business size, transaction complexity, geography, and the sanctions regime involved, making it a flexible and content-dependent standard.

Designing A Practical Sanctions Compliance Framework

For REs, sanctions compliance cannot be an afterthought. A strong framework is essential to detect risks early, prevent violations, and protect the integrity of both financial and trading systems. Building such a framework requires a structured approach, one that considers customer behaviour, the nature of products and services offered, geographic exposure, and patterns of transactions.

Assessing Customer, Product and Geographic Risks

PF risks can emerge in different ways, so businesses must look beyond routine checks. Key risk factors include: 

• Customer Risk: Links to sanctioned countries or involvement in sensitive sectors. 

• Product and Service Risk: Particularly trade finance and correspondent banking. 

• Geographic Risk: Exposure to high-risk or sanctioned jurisdictions. 

• Transaction Patterns: Unusual routing or dealings in dual-use goods. 

Certain industries face heightened exposure. These include Trust and Company Service Providers (TCSPs), Dealers in Precious Metals and Stones (DPMS), VASPs, maritime operators, and academic or research institutions. Each of these sectors has been misused to obscure ownership, transfer value across borders, or gain access to sensitive technologies.

Identification of Transaction Red Flags

Transactions linked to WMD often share warning signs with trade-based ML. Red flags concerning the same may include:  

• Links to jurisdictions of proliferation concern, such as Iran or the DPRK. 

• Overlapping details among parties, such as common addresses or employment records. 

• Business activities are inconsistent with the stated profile of the party involved. 

• Unclear end-use of goods, resistance to providing end-use certificates, or use of unusual shipping routes. 

• Manipulated trade invoices, false documentation, or shell companies, obscuring ownership.  

• Payments are routed through correspondent accounts, cryptocurrency, or alternative remittance systems.  

These indicators are not exhaustive, but together they provide important signals for closer scrutiny.

Screening and Monitoring

Effective compliance requires more than basic due diligence. Businesses should integrate PF risks into their broader AML/CTF programs by: 

• Implementing internal controls. 

• Screening customers and transactions against DFAT’s Consolidated List. 

• Training staff to identify PF indicators and escalate concerns. 

• Conducting EDD for high-risk customers, including verifying Ultimate Beneficial Ownership (UBO), the source and destination of funds, and the intended end-use of goods.

Going Beyond AML/CTF Controls

Traditional AML/CTF systems, while essential, may not capture every PF risk. Recognising this, the AML/CTF Act imposes specific duties from 31 March 2026. Regulated Businesses will need to: 

• Assess PF risks relevant to their operations 

• Maintain policies to manage and mitigate these risks. 

• Apply EDD to customers or associates who are Designated Persons. 

• Consider sanctions compliance when establishing correspondent banking or nested relationships.  

• File Suspicious Matter Reports (SMRs) when sanctions breaches are suspected. 

Sanctions Compliance is therefore not static. It demands continuous monitoring, regular reassessment, and, in complex cases, tailored legal advice. Businesses that embed these practices into their compliance culture are better placed to meet regulatory expectations and protect themselves from serious reputational and legal consequences.

Legal and Regulatory Landscape

The framework governing PF is shaped by both international commitments and Australian domestic law. REs must be familiar with these obligations to strengthen compliance and ensure that financial and trade systems are not misused for the development of WMD.

United Nations Security Council Resolutions

United Nations Security Council Resolutions (UNSCRs) provide the foundation for international obligations and are central to the global fight against proliferation. 

• UNSCR 1540 (2004) – Requires all states to adopt effective laws prohibiting non-state actors from producing, acquiring, or transferring nuclear, chemical, or biological weapons and their delivery systems. It also prohibits financing, assisting, or attempting such activities, particularly when linked to terrorism. 

• UNSCR 2325 (2016) – Builds on these rules by stressing stronger enforcement. It highlights the need for controls over sensitive materials, better monitoring of national export systems, and effective transhipment safeguards.

FATF Recommendation 7

The FATF sets global standards for tackling ML, TF, and PF. The following are a few ways adopted for the same: 

• Recommendation 7 – Directs countries to apply TFS to meet their UNSCR obligations. 

• Call to Action: FATF also requires members to impose additional countermeasures against jurisdictions of concern, including Iran and the DPRK, most recently reaffirmed in June 2026.

Australian Laws and AML/CTF Reforms

Australia implements these international duties or obligations through its own legal system.  

• Charter of the United Nations Act 1945 – This gives legal force to UNSC sanctions and regulations in Australia. It ensures that measures adopted at the international level apply directly to Australian entities. 

• Autonomous Sanctions Regulations 2011 – Provides the basis for implementing UNSC Sanctions and establishing autonomous Australian measures, including restrictions on exports, services, asset dealings, travel bans and specific powers over sanctioned vessels.  

• AML/CTF Amendment Act (effective March 2026) – Will require Regulated Businesses to identify and assess their PF risks, adopt risk management policies, verify whether clients are Designated Persons, and apply EDD for customers from high-risk jurisdictions. They must also report suspicious matters when concerns about sanctions arise.

Defence Export Controls

Defence Export Controls (DEC) regulates the transfer of defence and dual-use goods. DEC: 

• Assesses export and brokering applications. 

• Issues licences where transfers do not threaten national security or international relations. 

• Prohibits any transaction that could contribute to a WMD program. 

Together, UNSC obligations, FATF standards, Australian sanctions, AML/CTF reforms, and export controls operate like a layered defence system. Each element acts as a checkpoint to prevent resources from being diverted into PF.

Countries of Concern and their Sanctions Framework

International sanctions target states whose activities threaten global peace and security, particularly those linked to the pursuit of nuclear, chemical, biological, or radiological weapons. Within Australia’s sanctions regime, two countries stand out as priority concerns: Iran and the DPRK. Both are subject to a mix of UNSC obligations, FATF requirements, and Australia’s autonomous measures.

Iran Sanctions and FATF Measures

Iran remains under scrutiny due to concerns about its nuclear program. Sanctions are designed to limit access to materials, technology, and financial systems that could be diverted for weapons development. 

• UNSCR 2231 (2015) – Imposes restrictions on exports, certain commercial activities, and the provision of assets, reflecting international efforts to contain proliferation risks.  

• Australian Autonomous Sanctions – These extend beyond UNSC measures and prohibit the export of specific goods and services, restrict financial dealings with Designated Persons or Entities, and impose travel bans on individuals linked to proliferation concerns. 

• FATF Call to Action – FATF continues to list Iran as a high-risk jurisdiction, urging countries to adopt countermeasures under Recommendation 19. This requires financial institutions and businesses to apply heightened scrutiny when engaging in transactions with any Iranian nexus.

The combined effect of these obligations is to isolate Iran from international financial systems and to ensure that businesses implement EDD before entering into any dealings that could create exposure.

DPRK Obligations and Counter Measures

The DPRK is subject to one of the most stringent sanctions frameworks in existence, reflecting its continued pursuit of nuclear weapons and ballistic missile programs.

• UNSC Resolutions: 

1. Resolution 2270 (2016) – Introduced TFS and required the prevention of transactions related to the WMD program, while restricting DPRK banks from operating abroad.  

1. Resolution 2731 (2017) and 2375 (2017) – Expanded prohibitions by banning all new or existing joint ventures with DPRK entities.  

• Australian Autonomous Sanctions: These mirror and strengthen UNSC measures by restricting commercial activities, financial dealings, and asset transfers. They also provide powers regarding DPRK vessels and impose travel bans.  

• FATF Call to Action (June 2025): Requires all countries to take direct countermeasures, such as terminating correspondent banking relationships with DPRK banks, closing branches, and severely limiting financial or commercial ties with DPRK persons.  

The risks extend beyond formal financial channels. The DPRK has been linked to cybercrime, fraudulent IT services, and deceptive business practices designed to generate revenue for its weapons programs. These activities are increasingly recognised as PF methodologies.

General Obligations for Businesses

From 31 March 2026, Australian businesses regulated under the AML/CTF Act must apply EDD to all customers connected to high-risk jurisdictions, including Iran and the DPRK. Indicators such as transactions involving parties located in or linked to these countries, unusual documentation, or opaque ownership structures should be treated as potential red flags. For REs, vigilance is not optional; it is the cornerstone of compliance in high-risk environments.

High-Risk Sectors and Exploitation Methods

Some industries face higher exposure to PF than others. These sectors are attractive to proliferators because they can be used to disguise financial flows, transfer goods, or acquire sensitive information. By understanding how each sector can be exploited, businesses are better placed to detect and disrupt suspicious activity.

Trust and Corporate Services  

TCSPs offer legitimate support in setting up and managing business structures, yet they are vulnerable to misuse. Proliferators may create shell entities through law firms, accounting firms, or financial planners to obscure the real parties behind transactions. In many cases, intermediaries may not even realise they are being exploited, particularly when clients submit incomplete or inconsistent details that conceal links to sanctioned persons.  

Precious Metals and Stones 

The trade in gold, diamonds, and other high-value commodities is often less transparent than formal financial channels. This makes DPMS attractive for those seeking to transfer value across borders without using banks. The physical nature of these assets, combined with cash-based transactions, provides a means of moving funds discreetly to support prohibited activities. 

Virtual Assets and Fintech 

Digital Assets and financial technology platforms present another avenue for exploitation. VASPs, including currency exchanges and decentralised platforms, allow for rapid, cross-border transfers that can bypass traditional oversight. Proliferators have been known to exploit these systems by layering funds through correspondent accounts and converting them into cryptocurrency, thereby complicating detection.  

Maritime Industry 

The shipping sector is vital for global trade but equally attractive to proliferators. Vessels can be used to transport restricted materials, often under falsified documentation or through altered shipping routes. Some ships may deliberately switch flags, obscure ownership, or disable tracking systems. Such practices allow components for weapons programs to be moved covertly while also generating illicit revenue streams.  

Academic Partnerships 

Universities and research institutions play a central role in innovation but can also be targets for exploitation. Foreign researchers or students engaged in legitimate collaborations may transfer sensitive knowledge or technology back to high-risk jurisdictions. This form of intellectual property theft poses significant challenges, as it often hides behind the appearance of academic cooperation. 

Common PF Techniques and Exploitation Methods 

Across these sectors, proliferators employ a range of techniques to conceal their activities. These include: 

• DPRK fraud schemes involving cybercrime, fake ventures, and converted IT services. 

• Front or shell companies with minimal physical presence are used to move goods or funds. 

• Misuse of dual-use goods, purchased under false pretences and shipped via unusual routes. 

• Trade-based money laundering relies on falsified invoices or documentation. 

• Use of intermediaries, such as corporate service providers.  

• Abuse of the financial system, particularly fintech platforms and cryptocurrencies, to layer and disguise transactions. 

Potential warning signs include inconsistencies in customer profiles, unidentified end-users, unusual shipping patterns, and unclear end-use declarations for sensitive goods. These “red flags” are subtle but critical indicators that compliance teams must be alert to.

Strengthening Due Diligence and Countermeasures

For REs, sanctions compliance is not a static obligation but a continuous process that evolves with global threats and changing legal requirements. A strong compliance framework is essential to guard against PF, helping protect the integrity of the financial system and contributing to wider international security.

Embedding PF Risk in Compliance

To effectively address PF, businesses must integrate these risks into their existing sanctions and AML/CTF frameworks. This involves several practical measures:  

• Screening and Monitoring- Customers and transactions should be checked against the Consolidated List of Designated Persons and Entities subject to financial sanctions or travel bans.  

• Staff Training- Employees should be trained to recognise PF indicators and understand escalation procedures, ensuring red flags are acted on promptly.  

• Risk Assessment- Institutions must look closely at four main factors, i.e., customer background, the type of products or services provided (such as trade finance or correspondent banking), geographical link to sanctioned jurisdictions, and transaction patterns that suggest complexity or concealment.  

It is also important to recognise that while AML/CTF controls are essential, they may not fully capture PF risks. Some indicators fall outside traditional financial crime measures, requiring additional vigilance and sector-specific monitoring.

Enhanced Due Diligence

“Reasonable precautions” and due diligence describe the steps a business must take to ensure it does not inadvertently engage in prohibited activities. What is considered reasonable depends on the size of the business, the complexity of its transactions, and the jurisdiction in which it operates. 

EDD becomes essential when dealing with higher-risk customers or transactions. This includes obtaining information on: 

• The UBO of companies and trusts. 

• The source and destination of funds. 

• The stated end-use of goods and services. 

• All parties involved in trade-related activity. 

From 31 March 2026, Regulated Businesses will have a legal obligation under the AML/CTF Act to apply EDD to clients in jurisdictions identified by FATF as high risk, including Iran and the DPRK.

AML/CTF Reporting Duties

Alongside stronger due diligence, Regulated Businesses will also face expanded reporting requirements under the AML/CTF Act. From March 2026, they must: 

• Assess their risk exposure to PF risks. 

• Develop and maintain policies to manage those risks. 

• Verify whether customers or associated persons are designated for sanctions. 

• Factor sanctions compliance into correspondent banking or nested service relationships. 

• Submit SMRs when there are grounds to believe a sanctions offence may have occurred. 

Together, these measures act as layers of protection. Embedding PF risk into compliance creates the foundation, EDD adds depth to investigations, and reporting duties ensure that potential breaches are escalated to authorities without delay.

Conclusion

Proliferation Financing is not a remote or abstract threat but a pressing challenge that intersects with global security, financial integrity, and business resilience. The risks cut across industries, whether through misuse of corporate services, exploitation of virtual assets, or manipulation of maritime and academic networks. For this reason, compliance cannot be treated as a box-ticking exercise; it requires an embedded, risk-based culture that evolves with shifting threats.  

True compliance goes beyond legal necessity; it is a contribution to safeguarding international peace and protecting Australia’s financial system. Continuous vigilance, proactive risk management, and reliance on credible guidance remain the most effective ways to counter PF.