Our Voices

Deterring North Korea’s Office 39: Counterproliferation Finance in Focus

By Rachel Paik, Project Associate, CRDF Global

To strengthen the resilience of the banking sector in Southeast Asia against North Korea’s attempts to evade sanctions and generate revenue for its weapons of mass destruction (WMD) programs, CRDF Global collaborated with the South East Asian Central Banks (SEACEN) Research and Training Centre and counterproliferation finance experts at Compliance and Capacity Skills International (CCSI) to convene a two-day hybrid training workshop for compliance officials in Kuala Lumpur, Malaysia from May 25–26, 2022. The event included 29 high-level representatives from the central banks of Cambodia, Laos, Malaysia, Vietnam, Philippines, and Nepal who engaged through interactive training exercises and tailored case studies for the region to learn how to better recognize and address risks posed by North Korea’s strategies to evade UN sanctions.

During the two-day workshop made possible by the generous support of Global Affairs Canada’s (GAC) Weapons Threat Reduction Program (WTRP), participants had the opportunity to interact with leading UN sanctions experts, senior practitioners of financial integrity best practices, and cyber-security experts to discuss how North Korea disrupts banking systems and exploits vulnerabilities within financial institutions in Southeast Asia. Participants learned about the UN Security Council Resolutions designed to curb North Korea’s proliferation activities, Financial Action Task Force (FATF) compliance guidelines and reporting requirements, and the important role central banks and financial supervisors play in preventing North Korea from further advancing its WMD programs.

How North Korea Evades International Sanctions through Office 39

The clandestine organization responsible for overseeing DPRK proliferation finance activities has been collectively referred to as “Office 39” and its sole purpose is to generate revenue for the North Korean regime and its ambitious weapons program. Office 39 has demonstrated a global scope since its inception in the 1970s and engages a variety of activities—including but not limited to cybertheft, proliferation finance, money laundering, and drug trafficking—to transfer hard currency, ballistic missile technology, and luxury goods back to Pyongyang. The 2020 Midterm Report of the UN Panel of Experts (POE) to the 1718 Committee revealed how North Korea continues to target banks and regional financial hubs in Southeast Asia to launder money toward its WMD programs.

Some recent evidence of Office 39 proliferation activities and tactics include:

  • Infiltration of Financial institutions and Cryptocurrency Exchanges – since 2017, North Korea has been traced back to several multi-million dollar thefts targeting ATMs, international banking systems, and, more recently, cryptocurrency exchange networks. The U.S. Department of Justice estimates that Office 39 has generated around $1.3 billion USD in fiat and cryptocurrency through its cyber extortion campaigns alone.
  • Forced Labor – North Korea is estimated to have sent as many as 150,000 of its citizens overseas to work as forced laborers in the mining industry and other high-risk sectors with the vast majority of money earned by these laborers being confiscated by Pyongyang. More recently, Office 39 has also been contracting out agents as remote IT workers at private companies to gain access to sensitive information and contribute to the success of its malicious cyber intrusions.
  • Illegal Arms Sales – since the early 1980s, North Korea has developed a reputation for exporting small arms to fragile and warring nations, including but not limited to Libya, Yemen, Uganda, Madagascar, Iraq, Syria, and Iran.
  • Ship-to-Ship Transfers – North Korea uses illicit ship-to-ship transfers to circumvent UN sanctions on its coal exports and oil imports by disguising their vessels in order to transfer bulk cargo and avoid ports where their cargo would be inspected. This practice increases the chance for accidents while at sea and complicates the efforts of customs and port authorities to manage what goods are brought in and out of their countries.

Addressing the Proliferation Threat through Capacity Building and Regional Collaborations

The hybrid workshop featured expert-led presentations and interactive tabletop exercises to demonstrate the value of regional collaboration and information sharing. Central bank and financial supervisory staff with responsibilities for ensuring compliance with national and international sanctions compliance obligations within their jurisdictions shared some of the bureaucratic challenges they faced regarding reporting, enforcement, and implementation. The Lead Expert Trainer and Managing Director at CCSI, Enrico Carisch, noted “the thematic selection of threats and risks associated with Office 39 and the highly specific audience profile with representatives of SEACEN and their associated Financial Intelligence Unit (FIU) monitors presented a unique opportunity to narrow down sanctions implementation and compliance practicalities to a level never encountered before.” In addition, Thayanjana Fernando, Cybersecurity Certification Specialist at CCSI, said “it is impressive to see Southeast Asia is enhancing its current security practices amidst the challenges faced during a year of high-volume cybercrime attempts. CRDF’s significant efforts to support and educate countries with technical assistance is highly appreciated!”

CRDF Global implementing team

Glenn Tasky, the Director of Financial Stability, Supervision, and Payments at the SEACEN Centre, appreciated the chance to convene their first in-person event since February 2020 and thought the training was both “well-organized and informative and helped our stakeholder central banks gain important knowledge not normally covered in SEACEN Centre courses and conferences. The SEACEN Centre is grateful for its strong partnership with CRDF Global and looks forward to continued collaborations.”

Participants reported an increase in their understanding of North Korean sanctions enforcement, further demonstrating the need for future training in the region.

As a result of the insights gathered from this workshop, CRDF Global plans to expand its programming in Southeast Asia to meet the capacity building and training needs in the region, especially on cybersecurity and cryptocurrency focused programming. CRDF Global’s recently launched Southeast Asia regional hub in Manila (Philippines) will play a key role in this future counterproliferation capacity-building initiative.

Since the sanctions compliance field can often present barriers to entry for women interested in serving this critical international security mission, CRDF Global remains committed to promoting gender equality and equal opportunity for both women and men to participate in and lead these types of capacity-building efforts. As a result, women represented 69 percent of the country delegates selected for this workshop, and there was a 50:50 ratio of male to female experts leading this training.