Office of Foreign Assets Control Designations Highlight Compliance Risks from North Korean Involvement in Information Technology Sector

On September 13, the U.S. Department of the Treasury Office of Foreign Assets Control (OFAC) announced three North Korea-related sanctions designations. OFAC stated that the designations against two entities and one individual — China-based Yanbian Silverstar Network Technology Co., Ltd. (“China Silver Star”), China Silver Star’s North Korean Chief Executive Officer Jong Song Hwa, and its Russia-based sister company, Volasys Silver Star – “targets the revenue North Korea earns from overseas information technology (IT) workers.”

The Treasury Department described China Silver Star as “nominally a Chinese IT company, but in reality  . . . managed and controlled by North Koreans[,]” that as of mid-2018, “had earned millions of dollars from collaborative projects with Chinese and other companies.”  It also explained that Volasys Silver Star was created in early 2017 “as a Russia-based front company” created by a North Korean IT worker and employee of China Silver Star.   As of early 2018, Volasys Silver Star employees, “many of whom had moved to Russia from China Silver Star, had earned hundreds of thousands of dollars in under a year.  Although nominally run by a Russian individual, Volasys Silver Star is also in fact managed by North Koreans.  As its CEO, Jong Song Hwa set company goals for China Silver Star, and he controls the flow of earnings for several teams of developers in China and Russia.”

Earlier this summer, on July 23, U.S. Department of State, with OFAC and the U.S. Department of Homeland Security’s (DHS) Customs and Border Protection (CBP) and Immigration and Customs Enforcement (ICE), issued an advisory “to highlight sanctions evasions tactics used by North Korea that could expose businesses – including manufacturers, buyers, and service providers – to sanctions compliance risks under U.S. and/or United Nations sanctions authorities.”  The advisory warned that “[b]usinesses should be aware of deceptive practices employed by North Korea in order to implement effective due diligence policies, procedures, and internal controls to ensure compliance with applicable legal requirements across their entire supply chains.”

The advisory set out a list of five factors that are potential indicators of goods, services, and technology with a North Korean nexus, including the following statement regarding IT services:

North Korea sells a range of IT services and products abroad, including website and app development, security software, and biometric identification software that have military and law enforcement applications. North Korean firms disguise their footprint through a variety of tactics including the use of front companies, aliases, and third country nationals who act as facilitators. For example, there are cases where North Korean companies exploit the anonymity provided by freelancing websites to sell their IT services to unwitting buyers.

It also included a list of potential indicators of North Korean overseas labor, as the North Korean government “exports large numbers of laborers to fulfill a single contract in various industries,” including IT services.  It noted that in 2018-2018 North Korean laborers working on behalf of the North Korean government were present in 41 listed countries and jurisdictions.

The advisory also briefly discussed due diligence best practices.  It stressed that “[b]usinesses should closely examine their entire supply chain(s) for North Korean laborers and goods, services, or technology” and including crosslinks to DHS and OFAC recommendations for due diligence practices and potential mitigating factors.  It summarized the penalties for individuals and entities for sanctions violations and enforcement actions, as well as activities that could result in OFAC designation.

Probably because of the mention of IT companies in the State Department advisory, Treasury Secretary Steven Mnuchin stated in the OFAC announcement that “Treasury is once again warning the IT industry, businesses, and individuals across the globe to take precautions to ensure that they are not unwittingly employing North Korean workers for technology projects by doing business with companies like the ones designated today,”

Note:  Corporate compliance officers need to take note of these latest designations, and recognize that North Korea poses an even broader range of financial-crime risks to U.S. companies than money laundering or cyberattacks and network intrusions.  Two separate Executive Orders were applied in these designations: Executive Order 13722, which applies to individuals or entities that are engaged in, facilitated, or are responsible for the exportation of workers from North Korea, including exportation to generate revenue for the Government of North Korea or the Workers’ Party of Korea; and Executive Order 13810, which applies in pertinent part to individuals or entities operating in the IT industry in North Korea.

Compliance officers therefore need to take pains in ensuring that their sanctions compliance programs, especially their supply-chain due diligence processes, are demonstrably effective in addressing any potential engagements with IT companies.  Slipshod due diligence or inconsistently operating internal controls that fail to detect North Korean connections could well result in enforcement actions relating to either or both of those orders under Title III of the Countering America’s Adversaries Through Sanctions Act (CAATSA).  Moreover, lack of vigilance in North Korea sanctions compliance on all fronts could have long-term geopolitical consequences.  As Treasury pointed out in its announcement, the United Nations Security Council acknowledged in its Resolution 2397 (2017) “that the revenue generated from North Korean workers overseas contributes to North Korea’s nuclear weapons and ballistic missile programs.”

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google+ photo

You are commenting using your Google+ account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s