OFAC Sanctions: AML Compliance With DPRK-Linked Activity

On November 4, 2025, the U.S. Department of the Treasury's Office of Foreign Assets Control (OFAC) designated eight individuals and two entities for their involvement in laundering funds derived from illicit schemes originating in the Democratic People's Republic of Korea (DPRK). These activities included cybercrime operations and information technology (IT) worker fraud, both connected to revenue streams supporting North Korea's nuclear weapons and ballistic missile programs.

North Korean Cybercrime, IT Worker Sanctions Evasion

The OFAC announcement identified cybercrime as a major mechanism for DPRK-affiliated actors to obtain funds outside legitimate financial channels. Reports estimate that these actors have stolen over $3 billion—primarily in cryptocurrency—using, among other methods, advanced malware techniques and social engineering tactics. OFAC's November 4^th announcement identified sanctioned individuals and financial entities pursuant to its authority under Executive Orders 13694 (as amended), 13810, as well as other relevant orders, for providing material assistance or support for illicit cyber activities, engaging in commercial conduct that generates revenue for the DPRK, and/or facilitating transactions involving the property or interests in property of designated entities.

Additionally, OFAC noted ongoing fraudulent activities involving North Korean IT workers operating abroad. Despite prohibitions outlined in Paragraph 17 of United Nations Security Council Resolution 2375 against granting work authorizations to DPRK nationals absent UN approval, these individuals reportedly continue to earn income globally by obfuscating their identities when engaging with freelance platforms and employers. According to the Multilateral Sanctions Monitoring Team report titled, "The DPRK's Violation and Evasion of UN Sanctions Through Cyber and Information Technology Worker Activities," at least a portion of the earnings generated by the IT teams are used in support of DPRK objectives, including weapons development and production, domestic infrastructure projects, and the procurement of consumer goods.

Blocking Requirements and Financial Networks Targeted by OFAC Sanctions

Under the new sanctions, all property or interests in property belonging to the designated parties that are within the United States or under possession or control of U.S. persons are blocked and must be reported to OFAC. Entities directly or indirectly owned (individually or collectively at least fifty percent) by one or more blocked persons also become subject to blocking requirements. Unless specifically authorized by an OFAC license or exempted by regulation, transactions involving sanctioned individuals or entities are generally prohibited if conducted by U.S. persons or occur within, or transit through, the United States.

Financial institutions and other organizations may face secondary sanctions risk if they engage in certain transactions with sanctioned parties, including providing funds, goods, services (or receiving such contributions from those individuals or entities) even if not intentionally facilitating sanctionable conduct.

Among those recently designated by OFAC are key North Korean financial institutions along with several senior representatives. These include:

• Jang Kuk Chol and Ho Jong Son, bankers at U.S.-designated First Credit Bank, managed funds, including $5.3 million in cryptocurrency, on behalf of the designated institution;
• Korea Mangyongdae Computer Technology Company along with its current president U Yong Su, organizing IT worker delegations to China and employing Chinese nationals as banking proxies;
• Ho Yong Chol facilitated $2.5 million transfer in U.S. dollars (USD) and Chinese yuan (CNY) on behalf of the U.S.-designated Korea Daesong Bank;
• Han Hong Gil, employee at U.S.-designated Koryo Commercial Bank, facilitated $630,000 in transactions on behalf of U.S.-designated Ryugyong Commercial Bank;
• U.S.-designated Foreign Trade Bank (FTB) chief representative Jong Sung Hyok;
• Ri Jin Hyok, also a representative of FTB, facilitated transactions worth over $350,000 in USD, CNY, and euros through a front company;
• Choe Chun Pom, official at U.S.-designated Central Bank of DPRK, facilitated transactions worth over $200,000; and
• Ryujong Credit Bank engaged in sanctions evasion activities, including remitting North Korea's foreign currency earnings, money laundering, and conducting financial transactions for overseas North Korean workers.

These designations illustrate methods employed by DPRK-linked networks such as deploying front companies abroad, leveraging international proxies for banking activity intended to obscure transaction originators/beneficiaries, moving earnings from overseas IT workforces into state channels via complex cross-jurisdictional arrangements, as well as utilizing digital assets for sanctions evasion purposes.

Compliance Implications for Financial Institutions and AML Practices

For industry practitioners focused on anti-money laundering compliance, including banks and fintech providers, this regulatory action highlights continued expectations regarding enhanced due diligence practices around high-risk geographies and typologies associated with state-sponsored illicit finance activity. Monitoring customer onboarding processes for indicators like frequent use of freelance hiring platforms under suspicious circumstances is among several areas cited by authorities where vigilance is warranted given current trends.

In summary: The November 2025 designations reflect evolving approaches used in DPRK-related money laundering schemes across digital asset ecosystems and traditional financial systems alike. Regulatory compliance teams should evaluate existing frameworks governing exposure risk assessment relative to updated guidance while ensuring processes align with current reporting/blocking obligations where applicable under U.S., UN-sanctioned measures, or similar regimes implemented elsewhere internationally.

The content of this article is intended to provide a general guide to the subject matter. Specialist advice should be sought about your specific circumstances.