North Korea Exploiting DNFBPs To Evade Sanctions: New Report

Defense think tank RUSI is warning that a lack of guidance around proliferation finance (PF) and designated non-financial businesses and professions (DNFBPs) is increasing the risk of North Korea evading targeted sanctions. In a new report, it recommends organizations and governments adapt their anti-money laundering and terrorist financing regulations to better reflect DNFBP-related risks.

North Korea has often exploited or used DNFBPs to evade global sanctions. The Financial Action Task Force (FATF) now recommends that the private sector – including DNFBPs – “identify and assess the risks of potential breaches, non-implementation or evasion of the targeted financial sanctions related to proliferation financing”. But RUSI says gaps in guidance available for this sector are being exploited and need to be urgently addressed. 

“The 87 cases of PF activity across DNFBP sectors identified for this paper in UN Panel of Experts reports, are therefore likely to address only the tip of a potentially much larger iceberg,” the report says.

A joint survey conducted by RUSI and the Association of Certified Anti-Money Laundering Specialists (ACAMS) in 2020 revealed that while 76% of respondents working in international banks said their organization has a compliance function that incorporates PF, among non-bank financial institutions (including the DNFBP sector) only 46% identified a PF compliance function. Limited resources in DNFBP compliance teams, alongside insufficient controls, converge to create opportunities North Korea is able to exploit.

While DNFBPs have an obligation to implement targeted financial sanctions in line with FATF Recommendation 7 in most jurisdictions, only 24% of the cases reviewed by RUSI involved a sanctioned person or entity. This indicates that focusing solely on sanctions compliance is only capturing some of the cases involving North Korea and DNFBPs.

The report spotlights four DNFBP sectors that are at particularly high risk of being involved in the evasion of economic sanctions:

1. High-value goods dealers (HVGDs): While not included in FATF’s DNFBP definition, many countries choose to cover HVGDs, or adjacent businesses such as art and antiquities dealers, in their DNFBP regimes. Uneven implementation of the UN’s luxury goods ban on North Korea, and HVGDs not being covered by FATF Standards, means existing regulatory frameworks contain loopholes.
2. Dealers in precious metals and stones (DPMS): Jewelry and diamonds appear in 25% and 5% of cases respectively, with gold the most frequently mentioned precious metal (60%). Wholesale/trading and mining/production are the supply chain stages most targeted by North Korea.
3. Real estate: This sector is mostly targeted for income-generating purposes. 50% of real estate cases deal with the letting of commercial properties for rental income – an area that falls outside of FATF’s scope.
4. Gatekeeper professions (including lawyers, accountants, and trust and company service providers): At least 25% of cases indicate that North Korea in-sourced gatekeeper services, either performing these services itself or providing gatekeeper services to others, as opposed to using third-party intermediaries.

More information on these sectors can be found on pages 10-19 of the report. Recommendations on pages 20-21 also provide important insight for compliance teams on if and how DNFBP regulations could be extended. They include:

• Equipping the DPMS sector with better knowledge of the types of precious materials being valued and sourced by North Korea, defining luxury goods in domestic legislation, and extending the definition of DNFBPs to the HVGD sector.
• Providing the real estate sector with PF guidance, encouraging additional due diligence on supply chain partners in property development, and including rental and property development in the scope of covered real estate services.
• Raising awareness of UN sanctions among gatekeepers, encouraging research into how North Korea is using gatekeeping to evade sanctions, establishing strict market entry provisions for gatekeeping professions, and raising awareness of the importance of due diligence on ownership of DNFBPs.
• Ensuring casinos, particularly online casinos, are aware of their sanctions obligations and have effective screening programs in place. 

Compliance teams should also review the reports issued annually by the UN Panel of Experts reports on North Korea, with a particular focus on the ‘finance’ section.

FATF MER assessments in Asia Pacific 

The Mutual Evaluation Report (MER) assessments that FATF and its regional bodies carry out to monitor countries’ compliance with its standards have highlighted that DNFBPs fall behind financial institutions when it comes to PF awareness and implementation.

With its increased exposure to North Korea, Japan’s latest MER in 2021 was particularly closely watched. The country was judged to require “enhanced follow-up” on measures to improve its anti-money laundering program. In particular, the report notes that Japan’s supervision of the DNFBP sector, and the extent to which DNFBPs adequately apply preventative AML/CFT measures, both require improvement.

In one high-profile case, a Japanese regional bank remitted over 550m yen to a corporate account in Hong Kong with close ties to North Korean trading companies operating in China’s Heilongjiang province. 

In September 2018, an investigation by Japan’s Financial Services Agency (FSA) into a furniture exporter in Wakayama prefecture found that the firm had sent money to its joint venture in Dalian, China. The China-based entity was sourcing materials from North Korea. There are other examples of remittances sent through joint ventures such as this one that increase Japan’s exposure to North Korea. 

In Hong Kong’s 2019 MER, FATF highlighted that while a robust legal framework was in place, “there are significant gaps in awareness among other sectors, particularly money service operators and DNFBPs”.

Australia’s 2015 MER also showed a shortfall. The country was assessed as being largely non-compliant or only partially compliant with recommendations pertinent to DNFBPs. Australian banks and fintechs are currently backing additional legislation to close this gap.

Increased proliferation financing through DNFBPs dovetails with growth in North Korea’s increasingly aggressive cyber activity. It has recently been reported that the country often targets financial institutions as a result of the heavy economic sanctions it faces. With any respite to these sanctions unlikely in 2022, banks should expect further such cyber attacks in the year ahead. 

Find out more about the state of financial crime in 2022 by pre-registering for this year’s report.