Sanctions Screening Tool
>Speak to our experts today to find out how our compliance software can help you stay protected against North Korea cyber crime.
Request DemoAn isolated and heavily restricted totalitarian state, North Korea engages in a range of cyber activities that violate international law, including conducting illegal cyber operations around the world. Ongoing international sanctions against North Korea prohibit a broad range of economic activities and are estimated to cost the country up to $1 billion in trade annually, however, North Korea cybercrime operations have become sophisticated and effective, and are thought to have generated over $2 billion to date, offsetting the economic damage of sanctions significantly.
As sanctions continue to add pressure, North Korea’s leadership is increasingly deploying cyberattacks to provide economic relief. Given the potential for sanctions compliance penalties, it is vital that firms understand the North Korea cybercrime risks, and how to implement a compliance solution capable of detecting and preventing threats.
Although it has a relatively weak diplomatic and military presence on the world stage, North Korea cybercrime capabilities are well developed and are in line with the country’s military strategy and national goals.
North Korea cybercrime activities reflect the strategies that it uses to mitigate the effect of its strict sanctions environment, including the illegal trafficking of weapons, precious metals, and counterfeit currency. From the North Korean perspective, cyber crimes are effective because they are less visible to regulators, hard to trace, and take advantage of the international community’s focus on its nuclear capabilities. Cybercrimes are also relatively low cost and easy to perpetrate with potentially significant rewards if executed successfully. A 2019 UN report stated that financial proceeds from North Korea cybercrime activities are generally directed towards the North Korean military and nuclear weapons programs.
North Korea has been responsible for numerous cyberattacks against foreign countries, including South Korea, the United States, and the EU. Examples of significant North Korean cyber attacks include:
North Korea’s cybercrime arsenal is expansive, but firms may mitigate risk and better protect themselves by understanding the criminal methodologies behind the threat. In practice, this means becoming familiar with a range of red flag cybersecurity weaknesses, including:
It is important to remember that not all North Korea cybercrimes are intended to generate financial profit. Many attacks target government networks and infrastructure in order to access protected information.
In order to prevent North Korea cybercrime, financial institutions must be aware of the risks they face and deploy appropriate cybersecurity measures. Similarly, financial institutions must ensure they do not inadvertently aid illegal North Korean activities by facilitating transactions on the behalf of cyberattack perpetrators or by moving funds that have been derived from cyberattacks. To this end, many governments, including the UK, the EU, and the US, have implemented dedicated sanctions regimes targeted at North Korea.
Sanctions penalties: Breaches of North Korean sanctions can result in significant financial and criminal penalties, including prison sentences for individuals that are found to have acted unlawfully. In the United States, for example, North Korea sanctions breaches may result in fines of up to $1,000,000 and prison sentences of up to 20 years.
Achieving compliance: With penalties in mind, regulators require firms to implement robust sanctions screening measures, as part of a wider anti-money laundering (AML) program, in order to detect customers and transactions that are linked to North Korea cybercrime and that may (knowingly or inadvertently) breach sanctions regulations.
An effective North Korea sanctions screening solution should include checks of all relevant international sanctions and watch lists, including the OFAC sanctions list, the UK sanctions list, the EU sanctions list, and the UNSC consolidated list. Sanctions screening should reflect the level of risk each customer presents and take into account unique North Korean naming conventions, use of aliases or nicknames, and the use of non-Latinate characters in spellings.
Beyond creating an effective sanctions screening solution, firms should focus on the Know Your Customer (KYC) process in order to understand who their customers are, and what level of compliance risk they present. The KYC process is a foundation of effective AML and entails the following measures and controls:
>Speak to our experts today to find out how our compliance software can help you stay protected against North Korea cyber crime.
Request DemoOriginally published 15 April 2021, updated 13 May 2024
Disclaimer: This is for general information only. The information presented does not constitute legal advice. ComplyAdvantage accepts no responsibility for any information contained herein and disclaims and excludes any liability in respect of the contents or for action taken based on this information.
Copyright © 2024 IVXS UK Limited (trading as ComplyAdvantage).