North Korea -- AML/CFT Compliance Regulatory Overview

It is crucial to understand that North Korea (DPRK) operates under a unique and highly opaque financial and legal system, which is fundamentally different from that of any other country with a legitimate, regulated virtual asset service provider (VASP) industry.

In short, North Korea does not have a publicly known, legitimate, or regulated cryptocurrency/virtual asset service provider (VASP) industry that is subject to conventional Anti-Money Laundering (AML) and Know Your Customer (KYC) requirements.

Instead, North Korea is widely recognized by international bodies (like the Financial Action Task Force - FATF, and the United Nations Security Council) as a high-risk jurisdiction for money laundering and terrorist financing, primarily due to its state-sponsored illicit activities, including the use of cryptocurrencies for sanctions evasion, cyberattacks, and funding its weapons of mass destruction programs.

Here's a breakdown of why the requested information does not exist in the conventional sense for North Korea:

1. AML/CFT Legislation for VASPs:

   • Absence of Specific VASP AML/KYC Laws: There are no publicly available or recognized North Korean laws that specifically regulate private VASPs or impose AML/KYC obligations on them in a manner consistent with international standards. The concept of a private, regulated crypto industry providing services to the general public simply does not align with the DPRK's economic and political structure, nor its known strategic use of virtual assets.
   • North Korea's Claimed AML Laws (General): While North Korea has, on paper, passed general AML/CFT laws (e.g., the "Law on Anti-Money Laundering and Combating the Financing of Terrorism," reportedly adopted in 2007 and amended periodically, and the "Law on Combating Money Laundering and the Financing of Terrorism" from 2017), these are widely considered to be superficial attempts to appease international bodies like the FATF, rather than genuinely implemented and enforced frameworks. These general laws do not contain specific provisions for VASPs.
   • FATF Assessment: The FATF has consistently identified North Korea as a "high-risk jurisdiction subject to a Call for Action," meaning it has fundamental deficiencies in its AML/CFT regime and poses a significant risk to the international financial system. FATF calls on all members to apply enhanced due diligence and, in the most severe cases (like DPRK), apply countermeasures.

2. Customer Due Diligence (CDD) Requirements:

   • Since there's no legitimate VASP industry, there are no CDD requirements for them. The DPRK's interest in cryptocurrency is precisely to avoid CDD and achieve anonymity for its illicit financial operations.

3. Suspicious Transaction Reporting (STR):

   • Without a regulated VASP sector, there are no mechanisms for STRs from such entities. Any financial activity involving cryptocurrencies within North Korea is likely state-controlled or part of illicit networks, where transparency and reporting would be counterproductive to their goals.

4. Record-Keeping Obligations:

   • Again, no specific record-keeping obligations exist for non-existent legitimate VASPs.

5. Authority Overseeing Compliance:

   • There is no regulatory authority in North Korea that oversees AML/KYC compliance for a private VASP sector, as this sector does not exist.
   • General Financial Oversight Bodies (not for VASP AML/KYC):
     • Central Bank of the Democratic People's Republic of Korea: While this is the central financial authority, its role is to implement state financial policy, which includes facilitating state-controlled economic activities, not regulating private financial service providers for AML/KYC compliance as understood internationally.
     • Ministry of Finance: Similar to the Central Bank, it manages state finances.
   • Regulatory Body URLs: Given the secretive nature of the regime and the absence of a legitimate private VASP sector, there are no publicly accessible websites or URLs for North Korean regulatory bodies that provide guidance or oversight on AML/KYC for virtual asset service providers. The DPRK's official government websites are few and primarily for propaganda or state-to-state communications, not regulatory transparency.

Conclusion:

Any entity or individual engaging with virtual assets linked to North Korea does so at extreme risk, facing potential violations of international sanctions and involvement in illicit finance. The focus for international financial institutions and VASPs globally is to implement robust screening to prevent any interaction with North Korean entities or individuals, rather than to understand North Korea's non-existent internal VASP AML/KYC framework.