Risk Report

An open source database used for strategic trade control that profiles thousands of entities linked to proliferation worldwide.

The Risk Report is a copyrighted subscription database created, owned, and maintained by the Wisconsin Project on Nuclear Arms Control. The Risk Report is the Project’s principal vehicle for helping governments and companies manage strategic trade and sanctions implementation. The database was first published in 1995 and it is now used in some 40 countries around the world. Through their subscriptions, Risk Report users directly support the Project’s research and its mission.

The Risk Report logo uses a boomerang to symbolize the expression: “What goes around comes around.” This expression aptly represents the Wisconsin Project’s mission of helping responsible suppliers (both government and industry) prevent their sensitive technology from contributing to proliferation. By exercising care with what is exported (what goes around), exporters avoid supporting a WMD or missile program that could one day target them (what comes around).

History and Impact

During the 1990s, the United States and other supplier countries began applying “catch all” controls, requiring exporters to seek a license to sell an unlisted item if they know or are informed that a potential customer is connected to proliferation. However, governments did not supply exporters with a list of dangerous end-users. The Wisconsin Project sought to bridge this knowledge gap and began publishing a newsletter called the Risk Report.

The introductory issue of the Risk Report appeared in 1995. It contained several articles about India’s nuclear program and listed the entities helping to grow the country’s plutonium stockpile. It also described Iraq’s efforts to smuggle missile fuel and successful U.S. efforts to thwart the transfer. The aim of the newsletter was to raise awareness about how WMD programs around the world were being fueled with Western exports, and to help exporters avoid such sales so as to “protect their reputations” and “know more about their customers.” Initial funding for the Risk Report was provided by several private foundations.

After several years as a paper newsletter, the Wisconsin Project decided to publish all entity profiles in electronic form, to accommodate the cumulative information about risky end users and to enable subscribers to search easily across this information. This Risk Report database was initially made available on CD and, in 2001, through a secure online interface. At this time, funding to support the Risk Report shifted from private foundations to a combination of government grants and direct “subscriptions.”

In its nearly 30 year history, database content has expanded to include profiles of entities linked to proliferation and sanctions evasion, analysis about programs of concern by the Wisconsin Project, descriptions of dual-use commodities, strategic trade control regulations, multilateral control lists, and government sanctions lists. Data from the Risk Report is incorporated into a number of company screening systems and government risk management, targeting, and licensing systems.

The Risk Report is the only comprehensive, curated database focused on proliferation that is used as a tool to manage strategic trade.

What’s in the Risk Report?

The Risk Report contains profiles of thousands of companies, government organizations, and individuals around the world linked to the proliferation of nuclear, chemical, and biological weapons, missiles, and advanced military technology, as well as the evasion of sanctions. Some of these entities appear on official restricted party lists or are associated with designated entities; many do not appear on public lists but are supporting weapons of mass destruction programs.

Each entity profile is rigorously researched and carefully vetted by Wisconsin Project analysts using reliable open sources. Profiles include:

  • Identifiers – Primary names, aliases, original script names, addresses, telephone numbers, other identifying information
  • Sanctions – A summary of sanctions or trade restrictions imposed on the entity
  • Risk activity – A description of proliferation-related activities, including relevant facilities, products, and projects
  • Procurement efforts – Information about sensitive imports and exports, and efforts to acquire controlled items
  • Company information – A listing of related entities, including parents, subsidiaries, clients, and key personnel

The database also contains the full text of U.N., EU, U.S., and other restricted party lists, EU and U.S. regulations governing trade in arms and dual-use goods, multilateral export control regimes, descriptions of the commodities controlled by these regimes, analysis of programs of concern by the Wisconsin Project, and additional reference material.

Learn more about Risk Report content here.

Who Uses the Risk Report?

Risk Report training in Indonesia

In some 40 countries, government officials in licensing, customs, law enforcement, financial regulation, policy-making, and intelligence roles rely upon the Risk Report on a daily basis to help make decisions of strategic importance. Some of these countries receive access to the database through support from the U.S. State Department. The Wisconsin Project has worked with the State Department for over a decade to conduct training and provide Risk Report access to countries, in order to build their strategic trade control capacity.

Companies were the original audience for the Risk Report and continue to rely on the database to screen their supply chain, customers, and clients. Companies have come to realize the potential damage that can come from unwittingly doing business with a restricted party or an entity linked to a dangerous weapon program. The “bare minimum” version of due diligence is not enough to protect companies from such transactions, particularly when weighing costs of a bad decision: hefty fines and reputational damage.

Learn more about Risk Report users and subscriptions.

Risk Report Contributors

Wisconsin Project founder Gary Milhollin conceptualized and created the Risk Report. He served as its Executive Editor until retiring as the Project’s Executive Director in 2011. Since then, Valerie Lincy has served as Risk Report Executive Editor.

Senior Research Associates John P. Caves III and Treston Chandler are jointly responsible for managing Risk Report content. John focuses on Iranian entities supporting proliferation and Russia’s military and missile sectors. Treston focuses on China’s missile and military programs as well as North Korea’s weapons of mass destruction programs and the entities helping North Korea evade international sanctions. He also conducts data modeling and visualization work using Risk Report data and manages IT-related tasks for the database. Research Associate Jessica Seltzer monitors changes to global restricted party lists and U.S. and international export control regulations and updates this content in the Risk Report.

Deputy Director Meghan Peri Crimmins is responsible for sanctions and export control-related content in the Risk Report. She also oversees outreach, capacity-building, and publicity for the Risk Report, with support from Research Associate Rachel Kaye.

The Risk Report has benefited from the contribution of former analysts, including Matthew Godsey, Jonathan McLaughlin, Jordan Ritchie, Arthur Shulman, and Gerard White.