Interviewee: Stephanie Kleine-Ahlbrandt, former Finance and Economics Expert on UN Panel of Experts Established Pursuant to Resolution 1874.
What are the key findings of this new report?
Stephanie Kleine-Ahlbrandt: Particularly noteworthy is the DPRK’s continuing access to the international financial system as well as its increasingly sophisticated cyber attacks to steal funds from financial institutions and cryptocurrency exchanges to generate income. The report has other key findings on issues ranging from the ongoing ballistic missile program and prohibited activities of designated entities, to new evasion techniques in ship-to-ship transfers and violations of financial sanctions. These findings help us to better understand how the DPRK and other countries are responding to the sanctions regime, and where additional effort is needed if the international community is serious about enforcement and implementation.
North Korea does seem more active in cyber attacks now than before. What did the report find?
SKA: Frankly, it has been stunning to see how much progress North Korea is making in the area of cyber since I first started focusing more on this with the attack on Bangladesh Bank in February 2016. The report speaks about how North Korea has been engaging in multiple cyber attacks on both financial institutions (often through the SWIFT network) and cryptocurrency exchanges as well as the mining of cryptocurrency and cryptojacking; these efforts show a clear progression in capabilities from earlier cyber activities and in ways that are harder to trace and are subject to less government regulation and oversight. For those that think North Korea is being squeezed, this is a real eye-opener. In one notable example of the growing sophistication of the attacks, DPRK cyber actors gained access to the infrastructure managing entire ATM networks of a country in order to force 10,000 cash distributions to individuals across more than 20 countries in 5 hours, suggesting the cooperation of large numbers of people on the ground.
Why is North Korea so focused on cyber? Are they using it to get around other sanctions?
SKA: These attacks are low risk and high yield, requiring only a laptop and Internet access. They allow the DPRK to evade financial sanctions by engaging in theft which circumvents the ability of Member States to freeze assets and to prevent the transfer of assets which could contribute to WMDs. In cyberspace, the DPRK Reconnaissance General Bureau, for example, doesn’t have to jump through hoops to arrange complicated evasion schemes to access the banking system through front companies, false documents, complicit foreign nationals, etc. in order to transfer funds and launder stolen proceeds. Instead, it can just hack into a bank to steal money. As the report points out, the proportion of revenue generated from cyber attacks has grown in relation to income generated through other DPRK activities.
What did the report find on the ballistic missile program?
SKA: After considerable debate and discussion, we concluded that the DPRK, even though it hadn’t conducted any ICBM launches (or nuclear tests) since our last report to the Council on March 5, 2019, continued to enhance its nuclear and missile programs through the short-range missile launches in May and July of 2019. These launches showed mastery of key components of ballistic missile systems, including solid rocket fuel production, mobility through the use of different types of transporter erector launchers and the capacity to penetrate ballistic missile defense systems. Of course, given the integrated nature of the program, any advances in short-range ballistic missile systems contribute to the ballistic missile program’s overall effectiveness.
What does the Security Council need to do given these findings? What should others in the international community do?
SKA: The Panel of Experts (POE) made strong recommendations in its report on the DPRK’s use of cyber including that the Security Council itself highlight the gravity of cyber attacks in circumventing the resolutions and illegally generating revenue. While it is politically unlikely that there will be more North Korea sanctions resolutions in the short term, this language highlights the severity of the problem. The Panel also recommended that Member States ensure that their regulations cover virtual currency and non-banking financial institutions and money services businesses, including cryptocurrency exchanges, and that they ensure that these exchanges share the same obligations assigned to banks to prevent the laundering of funds; this enhanced vigilance would apply to monitoring suspicious transactions, providing governments with information on accounts after attacks, freezing assets of sanctioned entities and blocking transactions from accounts controlled by malicious actors. North Korea definitely has a knack for exploiting areas of rapid growth where regulation is nonexistent or insufficient. Advances in North Korea’s cyber capabilities along with the ongoing global advances in technology and digitization mean that this problem is only going to get worse. While some of the larger US banks have established impressive “cyber fusion” centers and are stepping up information sharing with their competitor banks, the DPRK will continue to exploit the weakest links in the chain, which are likely to be in financial institutions with fewer resources to devote to the issue.
What is the most difficult part of preparing and submitting a report to the Security Council?
SKA: Definitely the negotiation of text. Experts submit their draft text to the full Panel ahead of what can be extremely lengthy meetings in which text is reviewed and revisions and edits are discussed and negotiated. As is the case with all UN report drafting, the final text generally differs substantially from earlier drafts. At the same time, producing text is more challenging because our investigations are also becoming more complex. As DPRK networks adapt to sanctions, there are more layers of the onion to peel back—more obfuscation and deception—both of which make our work more demanding and complicated, and all this work is done with minimal research support from the UN Secretariat due to competing priorities and tasks.
Tell us more about this increasing complexity of Panel investigations.
SKA: As the DPRK continues to work tirelessly to minimize the impact of sanctions, not only does the Panel have to dig much deeper to uncover violations, but there are also many more layers now between DPRK entities and the violation. The DPRK’s foreign partners are also becoming more sophisticated and demanding higher prices. While that raises the transaction costs for the DPRK, it also means that they can count on better-quality assistance in their evasion schemes. The DPRK is adept at hiding on-paper links to themselves by ensuring that front companies and foreign national facilitators appear to be nationals of other countries, often China, many Southeast Asian countries and even South Korea. Writing “Korean” in the country field on corporate registry paperwork leads many corporate secretaries to record the individual’s nationality as “South Korean.” Hong Kong-registered front companies have become a main vehicle for DPRK activity.
Tell us more about Hong Kong’s role.
SKA: Well, it’s not just the Hong Kong Special Administrative Region (SAR) but other Asian financial centers as well. But with regard to Hong Kong, it’s really the corporate service providers that allow the DPRK to easily create front companies where they leverage the assistance of non-DPRK nationals and use the companies to open bank accounts to move money worldwide. That’s why Hong Kong-registered companies so often feature in Panel reports—from registering vessels engaged in illicit activities, to operating on behalf of DPRK banks and designated entities. Banks there have complained to me on numerous occasions about the liberal company law regime (inherited from the United Kingdom), which exposes them to a significant amount of risk. They told me that in order to set up a company, it was not necessary to show original company paperwork. With corporate documents in hand, one could then open a bank account. Before committing illicit transfers, a company could simply be sold the day before, because the bank doesn’t actually receive any information on the sale before police arrive to inquire about transactions processed in the name of an already-defunct company. There was a new Controllers Register amendment as of March 1, 2018 in light of Financial Action Task Force recommendations on transparency of beneficial ownership, but apparently, this was not open to either the banks or the public. The banks told me that this could make things only slightly more difficult as it is pretty easy to get around.
What happens if Panel members can’t agree on text?
SKA: The POE always aims to achieve full consensus of its eight members on all report texts; if this is not possible after protracted negotiations and the deadlock needs to be broken, one of the mechanisms it has used since 2012 has been a “dissenting footnote” to reflect the alternate view of the minority. The Panel’s midterm report contained such a footnote. The dissenting footnote in this report is the eighth time the Panel has used this device in a report it has submitted to the Council. The only difference between this footnote and the previous ones is that it does not specify how many Panel members dissented. In the past, dissenting footnotes always stipulated whether it was one or two members.
Has the DPRK mission ever responded to the Panel on a report? What is that like? Do you expect them to engage on this one?
SKA: The DPRK rejects the entire legal validity of the DPRK sanctions regime, so it doesn’t engage with the Panel at all. Through my many visits to North Korea, I have had extensive contacts with North Korean officials, and during my time on the Panel, I continued to have sporadic contact with them in the context of events and conferences where we were both invited participants. But I am pretty sure that they are hardly encouraged to fraternize with members of a UN Panel that is the product of a legal regime their government categorically rejects.
Do Member States suggest cases…or try to discourage you from pursuing cases?
SKA: Both, of course! While the work of the Panel of Experts is, in theory, technical, the DPRK issue is high-stakes diplomacy and very political, and Member States have strong opinions on the sanctions regime. So, they can request things and try to pressure the Panel but it’s up to the experts to assert their independence. I got in the habit of telling Member States that my job was to make them all “equally unhappy.” The most effective way in which they generally ask the POE to investigate cases is by providing the Committee and/or the Panel with information about allegations of violations of the UN Security Council resolutions which the Panel can then investigate. But the provision of such information does not automatically trigger an investigation, as ultimately, it’s up to the relevant expert to determine if the information is sufficient to merit an investigation, including whether the case can be linked to a specific sanctions provision, or is of a size or nature that justifies the Panel using its limited resources to investigate. Of course, while we have our technical expertise, the majority of us are from countries sitting on the Security Council. So, there is a constant balancing act to preserve our independence and credibility. The Panel also has certain working methods that aid this, including a practice for experts to never lead investigations related to their own countries. They can assist in such investigations, but the lead investigator must always come from another country.
What is the composition of the Panel of Experts?
SKA: There are eight of us. Five are nationals drawn from the P5 Security Council membership and the other three are from Japan, the Republic of Korea and Singapore. Most are on a leave of absence from government, mainly from Ministries of Foreign Affairs or Defense, or they are military officers, military attachés, or analysts or experts who are outside government. Nevertheless, all experts are appointed in a personal capacity by the UN Secretary-General as independent experts. Each expert has a specific area of focus—for example, maritime, missiles, customs, finance and economics, etc.
What is the significance of your recommendations?
SKA: Some of the Panel’s past recommendations have been included in UN resolutions and during designation negotiations. In theory, the Panel’s letters and reports also act as a disincentive or correction tool when it comes to governments and often larger companies which seek to limit reputational damage, and can also help countries as they look at their legal or regulatory frameworks. The Panel’s reports are fact-based, using high evidentiary standards so people inside and outside of governments tend to take them seriously. This, however, does not mean that the sanctions regime is matched by the requisite political will, prioritization and resource allocation necessary to drive effective implementation. On the contrary—all of the Panel’s reports have illustrated the multiple ways in which the DPRK continues to defy the resolutions.
On March 1, 2018, the Companies (Amendment) Ordinance 2018 came into force in the Hong Kong SAR.
Footnote 43 states, “Some experts expressed an opinion that projectiles launched on 4 and 9 May 2019 were ‘tactical guided weapons’ and not short-range ballistic missiles and were similar to the projectiles launched on 24 July 2019.”