Ingenique Solutions

First North Korean extradited to U.S. faces money laundering charges 

In March 2021, Mun Chol-myong, who has ties to the Reconnaissance General Bureau, a North Korean intelligence agency that manages the state’s clandestine operations, was the first North Korean to be extradited from Malaysia to the United States. Mun was arrested in Malaysia in 2019 on charges of Money Laundering (ML) activities in transactions valued at over $1.5 million to evade sanctions imposed by the United States and the United Nations. 

Click to read the full story of the extradition as reported in CNBC

What is North Korea’s money laundering methodology? 

Mun is accused of money laundering through the financial system in the U.S. and supplying prohibited luxury goods such as alcohol and tobacco to North Korea. How does he hide under the radar to move $1.5 million? According to the indictment, between April 2013 and November 2018, Mun and his conspirators, including “Chinese co-conspirator” companies and individuals, used a network of front companies, registering bank accounts with false names, removing references to North Korea from international wire transfers and transactional documents, and issuing fraudulent documents to defraud U.S. banks. 

Using complicated layering and involving multiple jurisdictions is a common technique that North Korea use to exploit the loopholes and defeat the sanctions. “What they will do is set up a shell company, then establish a company in another location, a bank in a third location, and do business in another location,” William Newcomb, a former member on the UN Panel of Experts, once explained.  

Implication 1 – How do professional firms protect themselves from dealing with illegal companies? 

To prevent the identity fraud and multiple-layer illicit activities, verifying the authenticity of clients’ identity is essential. Professional firms should consider additional layers of verification and perform Customer Due Diligence (CDD) process when onboarding customers. The main purpose of the CDD effort is to uncover the true beneficial owners of the client, and understand their business activities so that these can be used subsequently when monitoring the client.  Combining CDD with transaction scrutinizing and on-going monitoring, firms could have full behavior profiles of customers for analyzing the risk and identify suspicious trading patterns that do not corroborate with the CDD information collected. 

Strong ties between North Korea and Southeast Asia 

Aside from Chinese loophole, North Korea has a well-documented record of illicit financial activity in Southeast Asia. In 2017, Kim Jong Nam, Kim Jong Un’s half-brother, was assassinated in the Kuala Lumpur airport. In the same year, UN Panel of Experts reports that Glocom was a Malaysia-based front company controlled by the Reconnaissance General Bureau, the same North Korean intelligence agency as Mun’s case. Additionally, Malaysia is listed as one of the major hotspots for illicit North Korean cyber activity in the 2020 U.S. Army Manuel on North Korean Tactics

However, these cases in Malaysia are just the tip of the iceberg of North Korean illicit activity in Southeast Asia. Philippines had been a hub for the North Korean drug trade and money laundering. In 2016, a cyber bank heist in which North Koreans allegedly funneled $81 million from the Bangladeshi Central Bank to Manila had been reported.

Even in sophisticated financial systems like Singapore’s, North Korea’s illicit operations can also be found. In 2016, Singapore-based Chinpo Shipping Company was fined for facilitating weapons shipments to North Korea in violation of UN sanctions. Meanwhile, two Singapore-based firms OCN and T Specialist had been charged for supplying luxury goods to North Korea.

Implication 2 – Practical measures to mitigate AML/CFT risks for Cross-border Businesses 

Whilst professional firms can always decline clients dealing with high-risk and increased-monitoring countries to avoid such AML risks associated it, a more pro-business approach would be to implement practical and pro-active measures to mitigate such risks from higher-risk or increased-monitoring countries: 

  1. Perform Enhanced Customer Due Diligence (ECDD) for higher-risk businesses 
    Professional firms should adopt risk base approach and conduct ECDD for clients from or transactions connected with a jurisdiction that does not adopt or insufficiently adopts the FATF recommendations, in order to assess clients’ risks, implement control measures, and reduce the inherent AML/CFT risks posed by such clients. *

    * Apart from higher risk countries, ECDD are also required for the following situations: 
    i. When the client is a Politically Exposed Persons (PEPs), including Relatives or Close Associates (RCAs) of PEPs, or 
    ii. Business from high- risk industries or sectors as recommended by FATF, or 
    iii. Any other scenarios as specified by the regulators, such as where client is not physically present for identification purposes, or when corporate client has issued bearer shares, etc.

  2. Alert to the unusual activities from poorly regulated countries 
    Considering the well-documented record of North Korea’s illicit financial activities in Southeast Asia, when assessing clients’ risks, professional firms should pay more attention to the clients or transactions that involves unusual activities, such as complicated financial operations in multiple locations, particularly in poorly regulated countries. Be particularly sensitive to trade transactions that do not make business sense – for instance shipping goods to a particular port when the main market is in another country. 

  3. Conduct On-going Monitoring of your customers to protect yourself & your firm
    On-going Monitoring of clients is one of the keys to detect the sanction and criminal risks arising from their dealings with high-risk countries.  This is so that should the situation arise, a suspicious transaction report can be made promptly to the relevant authorities.  While professional firms are not required to perform investigations into client’s transactions, processes should be in place to regularly review the client’s information and transactions to pick up any unusual activities described in (2). 

Implication 3 – Strengthening the enforcement of sanctions compliance

Mun’s case not only explicates the major development in sanctions enforcement against illicit North Korean activity abroad, but also Malaysia’s contribution to the integrity of the global financial system. Whilst this single extradition will not freeze or discourage all such illicit activities from North Korea or other FATF-identified high-risk jurisdictions, it will nonetheless create a new precedent for strengthening the legal framework and sanctions compliance in many responsible countries. Malaysia’s efforts in Anti-Money Laundering and Countering Terrorism Financing will likely strengthen the resolve and give impetus to many countries, particularly to the Southeast Asian countries used to strongly tied with North Korea’s illicit activities, to enforce sanctions imposed by the United Nations (U.N.) and U.S. 

For professional firms who wish to continue business relationships with higher value clients with cross-border business, they will need to pro-actively adopt AML/CFT measures to safeguard against potential rogue clients.  

To help evaluate the risk profile of customers more efficiently, commercial AML screening tools such as Dow Jones and SentroWeb-DJ can be leveraged for screening global sanction lists, involvement or connections to serious crimes, and to detect persons of special interests or their associated parties, entities. Click here to learn more about how SentroWeb-DJ can help you in effective AML operation. 

Final Words 

By taking a pro-active approach in AML compliance, professional firms can focus on acquiring high-value clients with cross-border business, while mitigating & managing the inherent country and sanction risks associated with such clients with cross-border businesses.  As highlighted by Malaysia’s Mun Chol-myong extradition case, early compliance and proper documentation are key mitigants, should and when the regulators or authorities comes knocking.   

Recent Posts: