Mitigating the risks of terrorist financing

Nicole Mazullo, Sam Murphy
| 5/24/2023
Mitigating the risks of terrorist financing

Financial services organizations play a critical role in identifying red flags and mitigating the risks of terrorist financing.

To evade defenses implemented by various jurisdictions, terrorist organizations have become increasingly creative in concealing the movement of funds that finance their illicit activities. Financial services organizations need to understand and assess their risks and take specific steps to mitigate those risks to protect their operations and to help combat domestic and foreign terrorism.

Keep informed
Sign up to receive the latest insights on strengthening your financial crime program.

Defining terrorist financing

Anti-money laundering (AML) and combating the financing of terrorism (CFT) are distinct functions that financial services organizations often approach similarly. Though AML and CFT are alike in many ways, financial services organizations should be aware of the unique considerations specific to terrorist financing.

The International Monetary Fund defines terrorist financing as “the solicitation, collection or provision of funds with the intention that they may be used to support terrorist acts or organizations.” In short, the goal of terrorist financing is not to conceal the origin of funds but to conceal the ideological motivation behind certain activities. Terrorist financing operates in various ways, including but not limited to:

  • Illicit activities. To finance their operations, terrorist organizations use criminal activities such as drug trafficking, human trafficking, fraud, and extortion to generate income.
  • Not-for-profit organizations (NPOs) and charities. Terrorist organizations use NPOs as a facade to allocate funds for their operations.
  • Informal transferring systems. Funds transferred via honor systems that operate outside of traditional banking channels can be difficult to trace and are not subject to traditional banking regulations. Terrorist organizations take advantage of such informal transferring platforms to finance their activities.
  • Crypto assets. Terrorist organizations use crypto assets, which are decentralized and pseudonymous in nature, to move money and generate funds. These qualities make it difficult for authorities to track transactions.

The Financial Crimes Enforcement Network (FinCEN) and the Office of Foreign Assets Control (OFAC) play key roles in identifying and mitigating domestic and foreign terrorist financing. FinCEN administers the Bank Secrecy Act (BSA) and implements regulations related to AML, and it aggregates and analyzes data reported by financial services organizations to identify terrorist financing activity. OFAC administers and enforces trade and economic sanctions for identified individuals and organizations, both domestic and foreign. Financial services organizations are required to screen transactions and customers against these OFAC-sanctioned parties, which are aggregated into various lists.

Terrorism has evolved over the past decade, and domestic terrorism and targeted attacks against vulnerable demographics such as religious groups and minority populations have increased. With the rise in internet use and advancements in technology, social media and various online platforms have become an easy and discreet way for terrorist organizations to advertise, recruit, and coordinate attacks. Online hubs for communication allow like-minded individuals to collaborate and organize violence privately, quickly, and in large groups.

When not facilitating in-person attacks, terrorists (both domestic and foreign) also commit a variety of cybercrimes, including cyber-related financial crimes such as stealing customer data and defrauding organizations. Terrorist organizations commit these types of cybercrimes to get access to illicit funds, which they then use to finance their operations and carry out attacks.

Terrorist financing national priorities

On June 30, 2021, FinCEN issued the first national and governmentwide priorities for AML and CFT. These priorities are focused on the most significant AML and CFT threats facing the United States and include corruption, cybercrime, domestic and foreign terrorist financing, fraud, transnational criminal organizations, drug trafficking organizations, human trafficking and human smuggling, and proliferation financing.

FinCEN’s priorities reflect ongoing AML and CFT concerns, and they specifically address elevated threats against vulnerabilities in the U.S. financial system. Of note in the June 30 issuance was the inclusion of domestic terrorism financing. FinCEN defines domestic terrorists as “individuals based and operating primarily within the territorial jurisdiction of the United States who seek to further their ideological goals wholly or in part through unlawful acts of force or violence.” According to a study commissioned by intelligence and law enforcement agencies, this emerging group presents the greatest domestic threat to the U.S. banking system. Further, individuals and groups engaged in domestic terrorism might be less likely to attract notice given that they don’t fit into foreign customer classifications and are unlikely to be included on sanctions screening lists.

With eight national priorities created, a renewed focus on domestic terrorism, and FinCEN’s pledge to refresh and update CFT priorities at least once every four years, it is important that covered organizations evaluate their AML and CFT controls and determine how best to navigate the changing landscape.

Risk assessment and mitigation tactics

As a result of the new national priorities, financial services organizations would benefit from assessing their organization’s risk mitigation tactics that directly combat terrorist financing. More specifically, organizations should take this opportunity to evaluate their initial and ongoing due diligence efforts, screening capabilities, and transaction monitoring techniques to ensure they align to their risk profiles and are configured to mitigate the unique risks posed by terrorist financing.

Customer due diligence and enhanced due diligence

An effective method of combating the terrorist financing and avoiding reputational, legal, and operational risks is to mitigate these risks during customer onboarding and on an ongoing basis.

First, traditionally higher risk customer types such as NPOs or politically exposed persons (PEPs) are more likely to be facilitators for terrorist financing. Many NPOs are made up of large, transitory workforces and operate on a global level, while PEPs might hold a position of influence that can be abused for money laundering or terrorist financing. To combat potentially bad actors, covered organizations should assess their AML and CFT compliance programs to ensure that comprehensive customer due diligence (CDD) and enhanced due diligence (EDD) is conducted for these customer types. Organizations might also consider additional steps like performing comprehensive EDD for all NPOs and PEPs regardless of their risk rating or instituting a secondary CDD and EDD review within the first 90 days of account opening. This assessment should consider the unique risk profile of the organization.

Additionally, financial services organizations should consider performing negative news searches to identify bad actors and promulgators of terrorist financing. As FinCEN notes in its priorities, domestic terrorism is now being highlighted in addition to more traditional foreign activities. Domestic terrorists represent a unique challenge for organizations because they are not included in the OFAC’s Specially Designated Nationals and Blocked Persons List (SDN List) list and as such might not be identified via sanction screening. Instead, organizations should consider the benefits of adverse media or negative news searches of their customer base.

Negative news searches might unearth red flags that cause an organization to decline onboarding a customer. Additionally, ongoing adverse media searches help organizations proactively identify red flags in their customer base that might result in suspicious activity report (SAR) filings or exiting customer relationships. While the frequency and breadth of negative news screenings depend on the size and complexity of the organization, incorporating negative news searches as an ongoing component of CDD and EDD can raise flags on customers participating in online terrorist recruitment and mobilization to violence via internet-based communication plans.

Sanctions screening

Screening against applicable government sanctions lists is a vital step in mitigating terrorist financing risks. Initial OFAC screening of customers and account parties such as guarantors and signatories at account opening assists in mitigating the risk of onboarding a customer participating in terrorist financing activities. Organizations should also screen beneficial owners at onboarding and in situations where there are changes in beneficial ownership. This added control helps to mitigate the risk of opening an account for a customer who might be facilitating terrorist financing. Finally, organizations should consider screening their own employees, as they can be vulnerable to exploitation.

Because most financial services organizations use third-party vendors for OFAC screening, it’s important to have strong vendor oversight processes to ensure comprehensive and timely screening. For example, organizations should know what watchlists their vendors are using and how often these lists are updated.

In addition to screening customers against the SDN List, organizations and their third-party vendors should be aware of all lists that might be relevant to their risk profile based on geographic location, customer base, and products and services offered. Examples of additional watchlists include the Sectoral Sanctions Identifications List and the Foreign Sanctions Evaders List.

Understanding red flags and monitoring transactions

Compliance teams should familiarize themselves with known terrorist financing red flags and understand how to effectively monitor for potential activity. Common red flags include:

  • Transactions originating from or going to high-risk jurisdictions, areas known for terrorist activities such as conflict areas, or major U.S. cities under political tension
  • Transactions that involve unusual patterns of behavior or activities that might indicate terrorist financing, such as a sudden increase in charity donations
  • Multiple accounts that collect and funnel funds to a small number of foreign beneficiaries, both persons and businesses, particularly in higher risk locations

Financial services organizations should employ a variety of tools to identify the activities and determine if they are suspicious in nature. Transaction monitoring systems can be employed to identify potential terrorist financing by analyzing transactions and identifying unusual patterns of activity. Additionally, to assist in the correct identification of these activities, employees should receive AML training, and at a minimum, receive an overview of terrorist financing red flags and patterns of activities, the organization’s current policies and procedures, and scenario-based training. Additionally, employees responsible for the completion of SAR filings should be trained on the FinCEN filing instructions and specific procedures.

Information sharing

Finally, information sharing is also an important component in the fight against terrorist financing. FinCEN notes that Section 314(b) of the USA PATRIOT Act helps financial services organizations “share information with one another in order to identify and report to the federal government activities that may involve money laundering or terrorist activity." Section 314(b) also helps organizations identify patterns of behavior and transactions that might indicate terrorist financing. While 314(b) information sharing is not an international requirement, international standards set forth by agencies such as the Financial Action Task Force also encourage information sharing among financial services organizations.

Proactive steps

Because terrorist financing tactics and exposure will change as these groups become more sophisticated, simply complying with regulations might not fully mitigate an organization’s risk. Organizations can take proactive steps to prevent terrorist financing in their operations such as performing risk assessments and incorporating FinCEN’s terrorist financing priorities into their mitigating controls. Assessing terrorist financing risk on an ongoing basis is imperative to maintaining the integrity of financial services organizations and protecting the collective financial system.

Financial services organizations play a critical role in supporting law enforcement by disrupting terrorist network activities in their operations, complying with federal and international regulations, and protecting their customers and stakeholders. By identifying terrorist activities, organizations can help prevent terrorist attacks and bring responsible parties to justice.