Deputy Assistant Attorney General Eun Young Choi Delivers Keynote Remarks at GIR Live: Sanctions & Anti-Money Laundering Meeting

Sanctions and export control enforcement is a top priority for the Department, so I’m very glad to have this opportunity to tell you a bit about our current work.

My name is Eun Young Choi, and I’m the Deputy Assistant Attorney General in the National Security Division (NSD), responsible for overseeing NSD’s efforts to counter hostile nation threats, combat foreign malign influence, mitigate foreign investment risks, disrupt nation-state cyber actors, and, as is most important here, enforce sanctions and export controls.

Although I’ve been with NSD for just the past few months, I have had deep ties to the Department’s national security work for over a decade, starting my career as an Assistant U.S. Attorney with Andrew Adams in the Southern District of New York, then working on cyber and cryptocurrency issues at the Office of the Deputy Attorney General, and most recently, by serving as the inaugural Director of the National Cryptocurrency Enforcement Team.

The National Security Division was established in 2006 as a response to the attacks on 9/11, concentrating the Department’s efforts to protect our national security into a single division in Washington, dedicated to carry out the Justice Department’s mission of combating terrorism, espionage and other national security threats.

The primary focus back then was on counterterrorism and combating international terrorist groups like al-Qaeda. And counterterrorism continues to be a core part of our mission – as the events of the past month in the Middle East are a stark reminder that those threats persist to the present day. But over the years, the work of NSD has expanded to respond to the increasing threats we face from nation-state adversaries.

Authoritarian countries like China and Iran seek to project power at home and abroad through repression and challenges to international norms. This includes government-sponsored efforts to surveil, harass and intimidate people living in the United States.

Russia’s unlawful invasion of Ukraine has disrupted peace and stability across Europe and has spurred the creation of illicit supply chains worldwide to fuel Russia’s appetite for sensitive technologies that support its war effort.

North Korean cyber actors have become increasingly sophisticated, not only in their efforts to target U.S. critical infrastructure, but also in their efforts to generate revenue in contravention of our sanctions regime to support their weapons of mass destruction program. North Korea uses its technical prowess to hack and steal hundreds of millions of dollars of cryptocurrency from decentralized finance, or DeFi, platforms, and also to deploy a cadre of remote IT workers to provide services for companies here and elsewhere who unwittingly employ them, funneling proceeds of their work to the regime.

One of the most robust tools we have to counter these types of threats are sanctions and export controls. These authorities allow us to deny our adversaries access to the U.S. financial system to fund their malicious activities, and to protect American technology and innovation from being exploited in ways that threaten our national security and prosperity.

Against the increasingly precarious threat landscape, it is no surprise that our partners across the U.S. government have imposed new restrictions in recent months. 

For instance, within the first year of Russia’s invasion of Ukraine, Treasury’s Office of Foreign Assets Control (OFAC) added more than 2,500 Russia-related targets to the Specially Designated Nationals (SDN) list, ranging from senior Russian government officials, including President Putin himself, to high-net worth individuals whose worth is tied to the Russian state, and supporters of the military-industrial complex. Currently, over 80% of Russia’s banking sector by assets are under U.S. sanctions, including all top 10 of Russian-owned banks.

For its part, Commerce’s Bureau of Industry and Security (BIS) has taken numerous regulatory actions to restrict Russia’s access to items needed to sustain its war effort, resulting in a 50% decrease in total exports to Russia. BIS has also added more than 600 entities to its Entity List in connection with Russia’s invasion of Ukraine. In an effort to crack down on intermediaries in third-party countries, more than 60 of the entities designated are located in countries other than Russia or Belarus.

When it comes to China, in October 2022, and again in October 2023, BIS tightened controls on advanced semiconductors that can be used in technologies such as advanced weapons systems, supercomputers and artificial intelligence. These new controls restrict the export of semiconductors themselves as well as manufacturing tools and items that the PRC can use to develop its own semiconductor manufacturing equipment domestically.  

And finally, earlier this week, OFAC imposed a third round of sanctions on a group of Hamas officials, members of a Palestinian Islamic Jihad who worked to transfer money from Iran to Gaza, and a Lebanese money exchange service that facilitates these transfers.

To help ensure that these economic countermeasures have their full, intended effect on our adversaries, sanctions and export enforcement is one of NSD’s top priority areas right now: to hold criminally accountable individuals and corporations who would seek to undermine our national security by willfully evading these controls.

I want to spend some time today to talk in a little more detail about three of our enforcement efforts in particular, which have been touched upon earlier today:  Task Force KleptoCapture; the Disruptive Technology Strike Force (DTSF); and our focus on corporate enforcement. These efforts illustrate how we in the National Security Division are evolving our approach to ensure that we are able to effectively counter the threats we are seeing.

The Department stood up Task Force KleptoCapture immediately following Russia’s unprovoked and unjustified invasion of Ukraine in February 2022. The goal of the Task Force is simple: to ensure that oligarchs and other supporters of the Russian regime feel the full impact of the economic sanctions and other economic countermeasures that the United States has levied in response to the Russian invasion.

Since its creation, the task force has focused on freezing and seizing assets and bringing prosecutions against those whose criminal acts enable the Russian government to continue its unjust war. Its successes to date include seizing more than $500 million in oligarch assets, including luxury assets, funds and securities, real estate and airplanes.

Just last month, the task force brought a civil forfeiture complaint against a 348-foot luxury yacht known as the Amadea. This superyacht is reportedly worth more than $300 million and is believed to be owned by the Russian oligarch Suleiman Kerimov, who was sanctioned in 2022 by OFAC for his support of the Russian regime.

The task force has also charged more than 40 individuals, many of whom have been arrested in more than a half dozen countries. The targets of many of these prosecutions are oligarchs who use their personal wealth to fund or otherwise provide support for Russia’s unlawful invasion of Ukraine. But the task force has also targeted those who facilitate the illicit conduct of oligarchs – such as lawyers and money managers – as well as procurement networks that supply the Russian military with munitions and other military and tactical equipment.

In October, for example, the president of an Orlando-based company pleaded guilty to engaging in unlawful transactions to acquire more than $150 million in metal products such as steelmaking equipment and raw materials owned by a sanctioned Russian oligarch. As part of his guilty plea, the defendant agreed to forfeit more than $160 million in proceeds that he obtained from the illicit transactions.

In some instances, the Department is able to transfer these forfeited assets to those who need them the most – the Ukrainians – to help them with their defense against and recovery from Russia’s unprovoked attack. Last spring, pursuant to new congressional legislation, the Attorney General authorized the United States’s first transfer of forfeited assets to support the rebuilding of Ukraine, totaling millions of dollars. More recently, the Attorney General authorized the transfer to the Ukrainian military of more than one million rounds of ammunition seized and forfeited by Iran’s Islamic Revolutionary Guard Corps.   

We also have a related but separate effort specifically aimed at stopping the flow of sensitive technologies to our foreign adversaries. Last February, the Deputy Attorney General announced the creation of the Disruptive Technology Strike Force, an interagency enforcement effort designed to pursue criminal prosecutions and other types of enforcement actions against those who engage in the illicit transfer of emerging technologies in violation of U.S. laws. This effort is co-led by the National Security Division and the Commerce’s BIS.

The Strike Force consists of 14 local cells across the country – these are local enforcement teams made up of federal prosecutors and agents from FBI, BIS, and the Department of Homeland Security (DHS)’s Homeland Security Investigations (HSI). These enforcement teams investigate and prosecute companies and individuals who violate U.S. laws governing the transfer of technology.

The work of the local cells is supported by an interagency team of data analysts who identify gaps in enforcement and prioritize lines of effort.

Since its formation eight months ago, the strike force has been hard at work bringing to bear the collective power of our resources against those who would seek to exploit technology to undermine our national security. At its core, the strike force is an enforcement effort – and we are already seeing results.

Last May, we announced our first strike force cases, which were brought by five of the most significant U.S. Attorneys’ Offices in the country.

Two cases involved dismantling alleged procurement networks created to help the Russian government, including its military and intelligence services, to obtain sensitive technologies in violation of U.S. export laws. The technologies at issue include military tactical equipment, airplane braking technology and quantum cryptography.

Two additional cases charged former software engineers with stealing software and hardware source code from U.S. tech companies in order to market it to Chinese competitors. In one of the cases, the defendant was trying to sell the source code to Chinese state-owned enterprises.

The stolen code is alleged to be trade secrets used by the U.S. companies to develop self-driving cars and advanced automated manufacturing equipment.

And the fifth case charges a Chinese national with violating U.S. sanctions in attempting to sell materials used to produce weapons of mass destruction to Iran. The defendant tried to arrange the sale using two Chinese companies that the U.S. government has sanctioned for supporting Iran’s ballistic missile program.

We recently charged two more cases involving procurement networks that were set up to send microelectronics and micro-displays used in military equipment to Russia. The technology in these two cases was being routed through intermediaries located in Cyprus, Latvia and Hong Kong.

And just earlier this month, we announced two more cases against individuals who were allegedly sending technology to Russia. One of the cases charged three Russian nationals living in the United States and Canada with conspiring to send controlled technology to Russian procurement firms based in Moscow by routing them through intermediary companies in other countries. Some of the items they were allegedly sending to Russia have the same make, model, and part numbers as electronic components found in things like military helicopters, counter missile systems, battle tanks and drones used by Russia against the Ukrainians.

These Russia-related cases were brought in partnership between DTSF and Task Force KleptoCapture.

Each of these enforcement efforts is unique and serves an important function. And neither would be possible without our ability to come together with both our interagency partners to ensure that we are bringing our collective resources and authorities to bear. As critical as it is for the Department to prioritize enforcing our sanctions and export control laws in this threat environment, it’s not something we can successfully do on our own.

Both KleptoCapture and the strike force bring together federal prosecutors, agents and analysts from numerous government agencies and with the involvement of offices across the country, allowing us to coordinate lines of effort, develop case leads and prioritize enforcement actions.

The investigations that we pursue through these lines of effort are intelligence driven. To be effective in responding to the threats we are seeing, we have to push information collected by the Intelligence Community into the hands of the agents responsible for going after those threats inside the United States. This intelligence helps us to identify gaps and develop case leads.

Given the global scale of the threat, international cooperation is also critical. Malicious actors are illicitly moving technology and money through intermediary points – often times multiple – in an effort to evade our sanctions and export control laws. This problem demands an international response.

We have been increasingly looking to leverage our international partnerships to enhance and strengthen our enforcement efforts, and our allies are rising to the occasions. We have received assistance from our international partners, including Germany, Italy, France, Estonia and Cyprus, to track down perpetrators and make arrests. And we have joined forces with our allies through work like the Russian Elites, Proxies and Oligarchs (REPO) Task Force to ensure that our respective legal authorities are aligned and to share information to take concrete action, including imposing sanctions, freezing and seizing assets and pursuing criminal prosecutions.

Finally, a word on corporate enforcement and compliance.

We at the Department of Justice have watched with concern as a trend has emerged in our corporate investigations. Increasingly, these cases are revealing violations of our national security laws, resulting in a growing number of corporate criminal investigations of sanctions and export control violations, across different industries and geographic regions.

Corporations that facilitate the evasion of sanctions regimes by terrorist groups or hostile nation-states, or the illicit export of sensitive technologies to further the military advantage of our adversaries, have made the business decision to profit from their crimes at the expense of our collective security and prosperity.

Over the past year, we have taken concrete steps to best position ourselves to address this trend.

In September, we announced the appointment of our first Chief Counsel and Deputy Chief Counsel for Corporate Enforcement within NSD, who are leading our efforts to investigate and hold accountable corporate actors who violate national security laws.

We are halfway through hiring 25 additional attorneys into our Counterintelligence and Export Control Section, or CES: the section at NSD that handles sanctions and export control investigations and prosecutions.

In March of this year, we updated our voluntary self-disclosure (VSD) policy, which covers potential violations of export control and sanctions laws. The updated policy is designed to incentivize companies to come forward promptly when they identify or become aware of potential criminal violations in exchange for the ability to reduce – or, in some cases, eliminate – their criminal exposure.

And finally, we’ve been deepening our ties with our interagency partners. Together with our interagency partners at Treasury, Commerce and State, we’ve issued tri- and quad-seal compliance notes which highlight enforcement trends, convey our collective expectations about compliance and identify red flags and other signs of potential illicit activity in financial and commercial networks. We are also working more closely than ever before with these partners to initiate new investigations from leads developed, for example, by FinCEN’s Office of the Whistleblower, or BIS’s analytics team.

Our focus on corporate enforcement is also reflected in our casework. Over the course of the past year, roughly two-thirds of the Justice Department’s corporate criminal resolutions have involved threats to U.S. national security. And the financial penalties from these cases total billions of dollars.

These cases include the Department’s first-ever corporate conviction for providing material support to a foreign terrorist organization. In that case, Lafarge SA, the world’s largest cement manufacturer, pleaded guilty to paying ISIS to protect profits and expand its market share in Northern Syria, and as part of the plea deal, agreed to pay a financial penalty totaling $778 million.

And last spring, we announced a corporate resolution with the British American Tobacco (BAT) company and its Asia-based subsidiary for bank fraud and sanctions violations. BAT – one of the largest tobacco companies in the world, which has been in operation for over 120 years – used an offshore subsidiary and third-party intermediary to conduct illicit business in North Korea that propped up the DPRK regime and supported its nuclear weapons program. The resolution in that case resulted in a total of $629 million in penalties.

And earlier this fall, the Department announced a guilty plea by a shipping company for conspiring to transport crude oil on behalf of Iran’s Islamic Revolutionary Guard Corps in violation of sanctions laws. In that action, the government seized nearly one million barrels of contraband crude oil.

Our national security cases reach across every walk of corporate life. Even those business operations that may appear far removed from the defense sector – like a cement and concrete manufacturer, or a tobacco company – can pose national security risks if companies are not highly sensitive to high-risk actors, high-risk regions and high-risk activities.

Across the full spectrum of the Department’s corporate enforcement efforts, we are also working to develop new tools and remedies to address the ever-evolving facets of corporate malfeasance we encounter, including criminal resolutions that, for the first time, include divestiture of lines of business, specific performance as part of restitution and remediation, and tailored compensation and compliance requirements.

And the Department has further strengthened its efforts to promote voluntary self-disclosure through the announcement just last month of our new Department-wide mergers and acquisitions (M&A) policy.

In our increasingly global economy, companies are on the front line in responding to geopolitical risks. Rather than inadvertently discouraging responsible corporate actors from lawfully acquiring companies with ineffective compliance programs or a history of misconduct, we want to encourage acquiring companies to timely disclose misconduct committed by the acquired entity when they uncover evidence of those crimes during M&A due diligence or post-acquisition integration.

To that end, under the Department’s M&A policy, acquiring companies that voluntarily disclose criminal misconduct committed by an acquired entity within six months of the completion of a lawful, bona fide acquisition; cooperate with the ensuing investigation; and engage in timely, and appropriate remediation, restitution and disgorgement – generally within one year of the completion of the acquisition – can earn a presumption of declination.

Those time periods are subject to a rule of reasonableness and the important exception that companies that detect misconduct involving an ongoing or imminent threat to national security or harm to persons or property must disclose such conduct and act to prevent the threatened harm immediately in order to claim the benefits of the Department’s M&A policy.

I expect that NSD, along with other Department components, will soon be issuing revisions to its voluntary self-disclosure policy to incorporate the core principles of the Department-wide M&A policy.

We at the Department of Justice, along with our interagency and international partners, will continue to address the concerning trend of corporate crime intersecting with threats to our national security by prioritizing our enforcement of laws that protect the U.S. financial system and our technologies from being exploited by our adversaries.

But the deterrent value of criminal enforcement is only part of the answer. Our goal is to create incentives for corporations to do their part to prevent, detect, and report corporate misconduct that threatens national security.

In our increasingly interconnected world, corporations with international reach should build their compliance programs with sanctions, export control, and national security laws at front of mind. The key to stopping the illicit flow of funds and sensitive technologies is for companies to implement effective and robust risk-based compliance measures as part of their controls. Companies need to invest in compliance now or pay the price later. And these are concrete steps that companies can take to do their part:

• Review your compliance policies to ensure that they put a premium on national security compliance risks. This is especially true for companies that operate in high-risk industries or who deal in our most sensitive technologies.
• Take note of the compliance bulletins that we are issuing with our interagency partners and the enforcement trends that we are highlighting.
• Familiarize yourself with our voluntary self-disclosure policies and know the VSD policies of our regulatory partners at OFAC, BIS and elsewhere.

Last but not least, make sure you know who to call in the government if a compliance incident does arise. This will help ensure that you are meeting your reporting obligations and working with us early to mitigate any potential harm. Make sure that you come to us before we come to you.

Along with our enforcement efforts, we are putting a premium on collaboration and building strong relationships with the private sector to mitigate national security compliance risks, so that companies do their part to further our collective security against foreign threats to American prosperity. Together, we can safeguard our country’s innovation economy and protect our nation’s financial investments and development of technologies of the future.

Thank you again for having me here today to talk about this important work.