Subscribe to our InfoBytes Blog weekly newsletter and other publications for news affecting the financial services industry.
On May 14, the U.S. Departments of State and Treasury, along with the U.S. Coast Guard, issued a global advisory warning the maritime industry of deceptive shipping practices used by Iran, North Korea, and Syria to evade economic sanctions. The “Sanctions Advisory for the Maritime Industry, Energy and Metals Sectors, and Related Communities” expands upon previously issued advisories and discusses due diligence approaches that entities, including financial institutions, should employ to monitor illicit activity and mitigate the risk of potentially engaging in prohibited activities or transactions. Among other things, the advisory provides a list of general compliance practices that may help entities “in more effectively identifying potential sanctions evasion.” These include: (i) institutionalizing sanctions compliance programs; (ii) establishing Automatic Identification System (AIS) best practices and contractual requirements to monitor for manipulations and disruptions, which may be an indication of potential illicit or sanctionable activity; (iii) monitoring ships throughout the entire transaction lifecycle, including those leased to third parties; (iv) knowing your customers and counterparties; (v) exercising supply chain due diligence; (vi) incorporating these best practices into contractual language; and (vii) engaging in industry information sharing of challenges, threats, and risk mitigation measures.
See here for previous InfoBytes coverage on global shipping advisories.
On May 13, the U.S. Treasury Department’s Office of Foreign Assets Control (OFAC) provided clarifying text related to the modified North Korea Sanctions and Policy Enforcement Act (covered by InfoBytes here), which bars foreign subsidiaries of U.S. financial institutions from knowingly engaging in transactions with Specially Designated Nationals (SDNs) identified under North Korea-related authorities. OFAC added the following text to 490 SDN records to assist the private sector in identifying persons that have been so designated: “Transactions Prohibited For Persons Owned or Controlled by U.S. Financial Institutions: North Korea Sanctions Regulations section 510.214.”
On April 15, the U.S. Treasury Department’s Office of Foreign Assets Control (OFAC), in conjunction with the Departments of State and Homeland Security and the Federal Bureau of Investigation, issued an advisory warning that North Korea’s (DPRK) cyber activities—including cybertheft, money laundering, extortion, and cryptojacking—“pose a significant threat to the integrity and stability of the international finance system.” These activities, the agencies caution, highlight DPRK’s use of cyber-enabled means to generate revenue while mitigating the impact of OFAC-imposed sanctions. In addition to providing examples of cyber activities that target the international financial sector and DPRK state-sponsored cyber incidents, the advisory also outlines recommended measures that governments, industry, civil society, and individuals can take to counter DPRK cyber threats. These include (i) raising awareness; (ii) sharing technical information; (iii) implementing and promoting cybersecurity best practices; (iv) notifying law enforcement; and (v) strengthening anti-money laundering, countering the financing of terrorism, and counter-proliferation financing compliance. The agencies reiterate the consequences of engaging in prohibited and sanctionable conduct, and remind individuals and entities that OFAC has the authority to impose sanctions on any persons found to have engaged in conduct supporting DPRK cyber-related activity. The agencies also point out that foreign financial institutions that knowingly conduct or facilitate significate trade or transactions on behalf of a designated person for DPRK-related activity, may “lose the ability to maintain a correspondent or payable-through account in the [U.S.]”
On April 9, the U.S. Treasury Department’s Office of Foreign Assets Control (OFAC) announced amendments to the North Korea Sanctions Regulations. The final rule amends the sanctions regulations to incorporate “Treasury-administered provisions of the North Korea Sanctions and Policy Enhancement Act of 2016 [(NKSPEA)], as amended by the Countering America’s Adversaries Through Sanctions Act of 2017 [(CAATSA)] and the National Defense Authorization Act for Fiscal Year 2020 [(NDAA)].”
Specifically, OFAC is incorporating into the amended regulations prohibitions with respect to the blocking, correspondent, or payable-through accounts sanctions contained within the NKSPEA, CAATSA, and NDAA. The final rule also adds a new section applicable to individuals and entities that are owned or controlled by a U.S. financial institution and established or maintained outside the U.S., which prohibits them from “knowingly engaging in any transaction, directly or indirectly, with the Government of North Korea or any person designated for the imposition of sanctions with respect to North Korea under NKSPEA. . ., an applicable Executive Order, or an applicable United Nations Security Council resolution.” In addition, the final rule amends the definition of luxury goods by creating “a regulatory exception to exclude items approved for import, export, or reexport to or into North Korea by the United Nations Security Council.” The final rule also incorporates new statutory exemptions, makes technical and conforming edits, revises an interpretive provision, and updates the authorities and delegation sections of the regulations, among other things. The amended North Korea Sanctions Regulations take effect April 10.
On September 13, the U.S. Treasury Department's Office of Foreign Assets Control (OFAC) announced sanctions pursuant to Executive Order (E.O.) 13722 against three North Korean state-sponsored cyber groups allegedly responsible for North Korea’s malicious cyber activity on critical infrastructure around the world. OFAC cited cyber attacks using phishing and backdoor intrusions, targeting a range of organizations that included financial institutions. In addition to malicious cyber activities on conventional financial institutions and major companies, North Korea’s cyber operations also targeted Virtual Asset Providers and cryptocurrency exchanges “to possibly assist in obfuscating revenue streams and cyber-enabled thefts that also potentially fund North Korea’s WMD and ballistic missile programs.” As a result of the sanctions, “all property and interests in property of these individuals and entities that are in the United States or in the possession or control of U.S. persons must be blocked and reported to OFAC.” OFAC noted that its regulations “generally prohibit” U.S. persons from participating in transactions with the designated persons, and warned foreign financial institutions that if they knowingly facilitate significant transactions for any of the designated individuals, they may be subject to U.S. correspondent account or payable-through account sanctions.
On August 30, the U.S. Treasury Department’s Office of Foreign Assets Control (OFAC) announced additions to the Specially Designated Nationals List pursuant to Executive Order 13810. The additions identify two Taiwanese individuals and three entities, as well as one Hong Kong-based vessel identified as blocked property, for allegedly facilitating the delivery of fuel originally intended for the Philippines to North Korean vessels via ship-to-ship transfers. According to OFAC, the additions highlight “North Korea’s continued use of illicit ship-to-ship (STS) transfers to circumvent United Nations . . . sanctions that restrict the import of petroleum products, as well as the U.S. Government’s commitment to implement existing UN Security Council Resolutions.” As a result of the sanctions, “all property and interests in property of these individuals and entities that are in the United States or in the possession or control of U.S. persons must be blocked and reported to OFAC.” OFAC noted that its regulations “generally prohibit” U.S. persons from participating in transactions with the designated persons, and warned foreign financial institutions that if they knowingly facilitate significant transactions for any of the designated individuals, they may be subject to U.S. correspondent account or payable-through account sanctions.
D.C. Circuit: Maintaining a U.S. correspondent account can subject a foreign bank's records located abroad to USA PATRIOT Act subpoenas; Chinese banks subject to subpoenas in case claiming sanctions evasion
On August 6, the U.S. Court of Appeals for the D.C. Circuit affirmed a district court ruling that ordered three Chinese banks to comply with subpoenas seeking customer records stemming from a DOJ investigation into a now-defunct Chinese company’s evasion of North Korean sanctions, or face contempt fines each of $50,000 per day. According to the DOJ, the banks allegedly facilitated transactions for the Chinese company that may have operated as a front for the North Korean government in violation of U.S. sanctions. In 2017, the DOJ obtained grand jury subpoenas seeking records related to U.S. correspondent banking transactions of the defunct company from two of the banks with U.S. branches, and served the third bank, which did not have U.S. branches, with a Patriot Act subpoena. After the banks refused to comply with the subpoenas, the district court granted the DOJ’s motion to compel.
On appeal, the D.C. Circuit concluded that the district court had personal jurisdiction to enforce the subpoenas. The appellate court held that the two banks with U.S. branches consented to jurisdiction when they opened those branches because they had executed agreements with the Federal Reserve which required compliance with relevant provisions of federal law. For the bank without U.S. branches, the D.C. Circuit determined that “it had sufficient contact with the [U.S.] as a whole and the subpoena sufficiently related to that contact so as to support the court’s personal jurisdiction.” The court also held that the foreign records sought from the bank without U.S. branches were within the scope of the PATRIOT Act subpoena, noting that the PATRIOT Act authorized the DOJ to issue a “subpoena to any foreign bank that maintains a correspondent account in the [U.S.] and request records related to such correspondent account, including records maintained outside of the [U.S.] relating to the deposit of funds into the foreign bank.” The appellate court also affirmed the district court’s decision to hold the banks in contempt, dismissing the banks’ argument that this move was improper because they had done all they could to obtain approval from the Chinese government to produce the subpoenaed records.
On July 29, the U.S. Treasury Department's Office of Foreign Assets Control (OFAC) announced the addition of a North Korean individual operating in Vietnam to the Specially Designated Nationals List pursuant to Executive Order 13687. According to OFAC, the individual works on behalf of the Munitions Industry Department (MID), a Workers’ Party of Korea subordinate, and was responsible for trade activity that earned currency for the North Korean regime, which violates the United Nations Security Council resolutions (UNSCRs) and supports North Korea’s weapons program. OFAC notes that its regulations “generally prohibit all dealings by U.S. persons or within the United States that involve” transactions with the designated entities and individuals. Moreover, OFAC warned foreign financial institutions that if they knowingly facilitate significant transactions for any of the designated entities or individuals, they may be subject to U.S. correspondent account or payable-through account sanctions which, if imposed, could restrict their access to the U.S. financial system.
On June 19, the U.S. Treasury Department’s Office of Foreign Assets Control (OFAC) announced its decision to sanction a Russian financial entity, pursuant to Executive Order 13382, for allegedly “having provided, or attempted to provide, financial, material, technological, or other support for, or goods or services” on behalf of an entity that is owned and controlled by North Korea’s primary foreign exchange bank. According to OFAC, since at least 2017 and continuing through 2018, the Russian entity has provided multiple accounts to the North Korean entity, which has “enabled North Korea to circumvent U.S. and UN sanctions to gain access to the global financial system in order to generate revenue for the Kim regime’s nuclear program.” Pursuant to OFAC’s sanctions, all property and interests in property of the designated persons within U.S. jurisdiction must be blocked and reported to OFAC. OFAC notes that its regulations “generally prohibit” U.S. persons from participating in transactions with these individuals and entities.
On January 31, the U.S. Treasury Department’s Office of Foreign Assets Control (OFAC) announced a $996,080 settlement with a California-based cosmetics company for 156 alleged violations of the North Korean Sanctions Regulations. According to OFAC, the settlement resolves potential civil liability for the company’s alleged involvement in the importation of goods from two Chinese suppliers containing materials sourced from North Korea.
In arriving at the settlement amount, OFAC considered the following as aggravating factors: (i) the alleged violations may have resulted in the North Korean government gaining control of U.S.-origin funds; (ii) the company is “large and commercially sophisticated [and] engages in a substantial volume of international trade”; and (iii) during the period of the alleged activity, the company’s compliance program, which was either non-existent or inadequate, failed to have “exercised sufficient supply chain due diligence” in its sourcing of products from a region posing a high risk to the effectiveness of the North Korean Sanctions Regulations.
Visit here for additional InfoBytes coverage on North Korea sanctions.
- Jonice Gray Tucker to discuss "Fair servicing in wake of Covid-19" at an American Bar Association webinar
- APPROVED Webcast: Maximizing vendor value
- Daniel P. Stipano to discuss "Cram for the exam: Best prep strategies for a regulatory examination" at an ACAMS webinar
- Melissa Klimkiewicz to discuss "Flood insurance basics" at the NAFCU Virtual Regulatory Compliance School
- Sasha Leonhardt to discuss "Privacy laws clarified" at the National Settlement Services Summit (NS3)
- Amanda R. Lawrence to discuss "New privacy legislation: Preparing for a major source of class action and enforcement activity going forward" at the American Conference Institute Consumer Finance Class Actions, Litigation & Government Enforcement Actions