In July, Iran test-launched what it claimed were new long- and medium-range missiles able to reach Israel, Europe, and the United States. The launches were quickly shown to be a ruse, however. Iran had actually launched obsolete medium-range weapons—and used software to manipulate the photo of the event to make it appear that all had launched successfully. Even with those caveats, the incident matters, because it highlights continuing concern over the spread of weapons of mass destruction.

Clearly, proliferation of weapons of mass destruction is as much a problem today as it was four years ago when Pakistani scientist Abdul Qadeer Khan and his nuclear marketplace were shut down. Khan’s network was a supplier to Iran’s secret nuclear program. After a televised confession in 2004, Pakistan placed him under house arrest until this July.

In June, Swiss investigators finished decrypting electronic evidence it had held for years linking Khan’s group to sophisticated designs for advanced, compact nuclear devices that could fit on the warheads of Iranian and North Korean missiles.

Western governments have struggled to prevent exports of sensitive technology and equipment for decades. Their job is not getting any easier. Dual-use industrial machinery and software are more sophisticated and more widely available today than when Khan was in business five years ago. Strangely, there is one big proliferation loophole that has remained wide open over the years: the financial industry. But that may soon change.

The Paris-based Financial Action Task Force (FATF), an inter-governmental agency set up to fight against money laundering and terrorism financing, has set its sights on proliferation financing. In a recent report, FATF warns that terrorists and rogue states are using the global financial system to pay for sensitive equipment.

Although the Nuclear Non-Proliferation Treaty and a 2004 United Nations Security Council resolution are meant to prevent the spread of nuclear-related sensitive technologies and expertise, FATF says governments still “have not focused on proliferation financing.”

This is disturbing, since proliferation and criminal activities operate through similar channels. “The financial arrangements North Korea put in place to facilitate smuggling of counterfeit bank notes, drugs, and other contraband goods were also likely used in the procurement of nuclear components,” according to Mark Fitzpatrick, a former U.S. non-proliferation official now at the London-based International Institute for Strategic Studies.

Financial institutions have systems that scan for money-laundering transactions, and they carry out “know your customer” (KYC) due diligence investigations into their main clients. But banks are not equipped to screen transactions that may be connected to proliferation.

FATF’s report explains that ties to proliferation may go undetected because “information in transactions that describes items is generally too vague and/or would require a significant amount of technical knowledge to determine if they were sensitive or not.”

There is a regulatory gap too, since proliferation assessments “may rely on information that is not currently reviewed as part of banking procedures,” the report says.

Also, it is hard for banks to confirm the identity, ownership, and true activity of foreign firms. Fitzpatrick notes that even friendly countries with strong trading relationships with the West, such as India, Pakistan, and Israel, have clandestine nuclear programs and have not signed the treaty on the nonproliferation of nuclear weapons.

The United States, which has taken the lead in cracking down on proliferation finance, was also the country that initially asked FATF to focus on the problem. After 9-11, the U.S. Treasury Department set up the Office of Terrorism and Financial Intelligence to combine analysis of financial networks with traditional intelligence work and to disseminate this knowledge throughout the intelligence community. The United States has also developed more focused financial sanctions aimed at individuals, companies, and banks it accuses of participating in proliferation.

Few Western companies knowingly sell dual-use products—the export of which is controlled because they contain technology that has both benign and national-security-related applications—to shadowy agents. But they might unknowingly sell to proliferators, who operate through complex webs of offshore bank accounts, front companies, brokers, and diplomatic missions.

Operating in the formal system, even illegally, creates a trail of documents and financial transactions. It should be possible to use anomalies in these links to alert investigators or financial institutions that something is wrong.

The FATF surveyed 20 countries’ proliferation financing controls. Most respondents told FATF that they considered their existing export control systems to be adequate. Yet the agency found that, in fact, most countries’ financial institutions were “at risk of being abused for proliferation financing.” None of the countries surveyed have reported any proliferation financing convictions.

Banks should already be checking U.S. and international databases of terrorist and money-laundering suspects as part of their KYC procedures. The U.S. Treasury and agencies of other governments publish lists of proliferation suspects too. Banks should also consult sanctions lists and rosters of those who purchase dual-use technologies. As another precautionary measure, banks should check that documents such as invoices or letters of credit presented by clients meet International Chamber of Commerce rules and accepted banking practices.