On April 24, the US Treasury’s Office of Foreign Assets Control (OFAC) used sanctions to target money laundering networks that support cybercriminal activities in North Korea.
In a press release, OFAC announced sanctions against three individuals involved in converting cryptoassets derived through cybercriminal hacks into fiat currencies on behalf of the North Korean regime.
Specifically, the agency said it sanctioned Wu HuiHui and Chen Hung Man, crypto brokers located in China and Hong Kong, respectively. OFAC also imposed sanctions against Sim Hyon Sop, a representative of the sanctioned China-based Korea Kwangson Banking Corp (KKBC).
According to OFAC, as of September 2021, Sim has been accepting cryptocurrency payments from cybercriminals linked to North Korea. This involved receiving funds from North Korean IT workers who were employed on crypto-asset exchanges to steal the funds, an activity coordinated by the North Korean cyber group Lazarus Group.
In a separate indictment issued on the same day as OFAC’s sanctions action, the U.S. Department of Justice alleged that Sim, working with another North Korean operative known as “Jammy Chen,” had sent funds to Wu Huihui and Chen Hung Man to convert the proceeds of these thefts cryptocurrency.
After converting the funds into fiat currencies, Wu and Chen set up shell companies that maintained bank accounts in Hong Kong, which they used to purchase tobacco products, communications products and other items in US dollars on behalf of North Korean operatives.
The elaborate money-laundering scheme provides one of the best indicators yet of how North Korea manages to turn cryptoassets derived from its prolific hacking activity into goods and services to circumvent sanctions.
As part of the sanction, OFAC identified 18 crypto addresses controlled by Wu and Sim. At Elliptic, we worked quickly to update our solutions to allow our customers to review wallets and addresses with this new information, and to block prohibited transactions.
OFAC’s latest sanctions were not the first it has issued against North Korea’s overseas cryptocurrency laundering networks. In March 2020, OFAC sanctioned two Chinese nationals for their involvement in the laundering of funds from the theft of cryptoassets in North Korea.
As we detailed in our recently reissued report – “Cryptocurrency Sanctions Compliance: Using Blockchain Analytics to Mitigate Risk” – as OFAC continues to issue sanctions affecting the cryptospace, it is critical that compliance teams use block analysis solutions to identify the activities of sanctioned actors.
The US Treasury Department is holding a roundtable on the use of cryptocurrencies in domestic violent extremism
On April 21, the US Treasury Department convened a roundtable of experts from the private and public sectors to discuss the risks associated with the growing use of crypto-assets in domestic violent extremism (DVE) cases. Law enforcement agencies around the world are increasingly concerned about the rise of DVE in various jurisdictions.
Revelations that individuals involved in the January 2021 attack on the U.S. Capitol raised funds in bitcoins have helped accelerate the debate over how to deal with TWO fundraising campaigns that rely on the crypto-asset. According to the Treasury: “Discussions at the roundtable focused on how DVEs and foreign RMVEs raised, moved or used funds using virtual assets and some of the challenges in identifying and reporting abuse of virtual assets by these groups, along with potential opportunities for collaboration .”
Elliptic participated in the Treasury Roundtable and we appreciated the opportunity to share knowledge and insights with other stakeholders on potential approaches to identifying TWO activities involving cryptoassets.
Hong Kong to provide guidance to crypto license applicants
Hong Kong regulators are preparing to help the industry navigate the new cryptocurrency licensing regime. As Bloomberg reported on April 27, the Securities and Exchange Commission (SFC) intends to issue guidelines in May designed to help virtual asset service providers (VASPs) apply for a license under Hong Kong’s upcoming regulatory framework, which will take effect from June 1.
Under the upcoming regime, licensed VASPs will be able to offer retail trading services, provided they implement appropriate safeguards to protect their customers. Hong Kong’s decision to relax its previous ban on retail cryptocurrency trading, coupled with recent revelations that local banking supervisors are facilitating talks between the crypto industry and domestic financial institutions, has led many crypto industry participants to view it as a potential hub for innovation and regulation. clarity.
The SFC indicated that it received more than 150 comments on the public consultation it is currently holding on its proposed virtual asset and VASP regulatory framework. You can read Elliptic’s response to the consultation here.
CFTC Commissioner Warns of Illegal Financial Risks in Crypto, Especially DeFi
A senior official at the US Commodity Futures Trading Commission (CFTC) has warned that the US regulator believes more needs to be done to reduce illicit activity in crypto markets. In a speech at City Week in London, CFTC Commissioner Christy Goldsmith Romero described the use of cryptocurrencies in illicit finance – such as hacking and fraud – as “the most serious risk in digital asset markets”.
Romero pointed to the use of cryptocurrencies in dark web markets, ransomware, cyber theft and other crimes as the main areas of concern to regulators. She also emphasized that the increasing tendency of illegal actors, such as North Korean cybercriminals, to launder the proceeds of those crimes through the decentralized finance (DeFi) ecosystem exacerbates these risks.
Romero’s comments come less than a month after the US Treasury released its DeFi Illicit Financing Risk Assessment, which highlighted the growing use of DeFi services across money laundering typologies.
The French regulator is considering how to manage MiCA registration for existing VASPs
French regulators will consider how to enable VASPs already registered in France to go through the approval process under the forthcoming EU Regulation on Markets in Crypto-assets (MiCA) in a simplified manner, assuming they can demonstrate compliance with the upcoming requirements.
On April 21, the Autorite des Marches Financiers (AMF), which oversees the country’s domestic VASP licensing regime, said it may allow VASPs already operating with its approval in France to fast-track their authorization under MiCA.
Currently, VASPs in France are subject to limited licensing agreements and can only offer services in the country. Under MiCA, VASPs will be able to offer services throughout the EU, but will be subject to strict regulatory requirements related to consumer protection, prevention of market manipulation, market conduct requirements and other measures.
MiCA – adopted by the European Parliament on April 20 – is currently due to become European law this July, meaning its provisions will enter into force between July 2024 and January 2025. During that time, French VASPs are expected to ensure that comply with the enhanced measures and that they will require additional approval from the AMF to continue operating.
Sanctions Compliance with the law