How has terrorism financing changed since 9/11?

The financial provisions enacted after the September 11^th, 2001, terrorist attacks—particularly those contained in the USA PATRIOT Act and global standards for combating terrorism financing set by the Financial Action Task Force (FATF)—have succeeded in addressing some obvious vulnerabilities in our financial system. However, new technologies and digital assets are transforming the way illicit actors move money, conduct fundraising campaigns, and transact in the global financial system, and terrorist groups and their facilitators are increasingly taking notice.

That’s why it’s critical for financial institutions to be aware of the modern and ever-evolving technologies that allow terrorist groups to move funds and access the financial system.

In addition to tried-and-true methods, such as hawalas, which allow terrorist organizations to transact outside the formal financial system, financial innovations such as digital assets, social media and messaging platforms, and those virtual asset service providers (VASPs) that exercise lax AML/CFT controls are enabling terrorist groups to fund their operations.

• The U.S. Treasury in late 2023 reached a record settlement with digital asset exchange Binance for violations that included failure to implement programs to prevent and report suspicious transactions with terrorists—including Hamas, Palestinian Islamic Jihad (PIJ), al-Qa‘ida, and the Islamic State of Iraq and Syria (ISIS). Learn more about the details of the Binance settlement in our Expert Insight Report.
• Hamas has used complicit VASPs and money transmitters throughout the globe to move funds, according to the Treasury Department. In the aftermath of the October 7, 2023, terrorist attacks in Israel, OFAC designated a Gaza-based VASP, Buy Cash Money and Money Transfer Company for providing money transfer and digital asset exchange services, including Bitcoin to Hamas. The same entity is also involved with funds transfers on behalf of other terrorist groups.
• Blockchain investigation firm TRM Labs in early 2023 reported that it had observed a significant increase in the use of the Tron blockchain among terrorist groups during the previous year. TRM noted that among the terror financing entities it tracked in 2022, there was a 240 percent increase in the use of the stablecoin Tether to collect donations.
• The U.S. Justice Department in August, 2020, announced that the U.S. dismantled three terrorist financing cyber-enabled campaigns that involved Hamas, al-Qa‘ida, and the Islamic State (ISIS). Each group used digital assets and social media to garner attention and raise funds for their terror campaigns, and U.S. authorities seized millions of dollars, more 300 digital asset accounts, four websites, and four Facebook pages all related to the terrorist campaigns.

The FATF in 2023 assessed that virtual assets pose increasing terrorist financing risks, although most terrorist financing still takes place using fiat currency. Contrary to popular belief, many cryptocurrencies are very traceable and the blockchains along which they travel are transparent and immutable. FATF identified the Travel Rule is a key AML/CFT measure that helps VASPs to prevent terrorists, money launderers, and other criminals from accessing wire transfers to move their digital assets and detect such misuse when it occurs. The rule helps intermediary and beneficiary VASPs and financial institutions to identify and report suspicious transactions and freeze funds and prevent transactions with sanctioned persons or entities.

Fundraising

Technological advances such as crowdfunding platforms, social media, and digital assets are providing terrorist organizations with innovative ways to raise money for their operations. The FATF in October noted in its report on the use of crowdfunding by terrorist organizations and individuals to raise money for their operations that the use of new technologies, and the perceived anonymity afforded by some crowdfunding platforms can make them attractive as relatively quick and simple means to obtain donations from around the world.

[Learn more about terrorist use of crowdfunding in our Expert Insight Report.]

• FinCEN in October 2023 issued an alert to financial institutions noting the variety of ways in which Hamas raises funds, including “fundraising campaigns involving virtual currency and fictitious charities raising both fiat and virtual currency.” The alert includes a red flag highlighting customer transactions with known or suspected virtual currency addresses tied to terrorism or terrorist financing donation campaigns as high-risk.
• TRM Labs in 2022 reported that almost immediately following ISIS’s territorial defeat in northeastern Syria in March 2019, online fundraising campaigns were launched on messaging and social media platforms, including Telegram, WhatsApp, and Facebook in support of the women and children linked to ISIS fighters taken to internment camps. Fundraisers stated that the funds were needed to improve the detainees’ conditions in the camps and for bribes to camp guards.
• Social media sites can allow donors to donate to terrorist causes directly through their platforms, including in-platform instant messaging applications or in-app gift donation features, which can ultimately be redeemed for cash. The UN Counter-Terrorism Committee Executive Directorate noted in 2022 that social media fundraising loopholes exist that allow users to make donations during live streams, including “super chat” features that allow online viewers to purchase live chat messages, while watching terrorist content.

Digital assets with “privacy features” are also enabling terrorist fundraising, helping obscure the involvement of terrorist groups in transactions, according to FATF. For example, various sources have highlighted that ISIS-linked websites have been soliciting funds in Monero – a digital asset that uses a blockchain with privacy-enhancing technologies.

The Southern Poverty Law Center in 2021 reported that white supremacist Greg Johnson regularly solicited donations in digital tokens, such as Bitcoin, Ethereum, Litecoin, privacy coin Monero, Bitcoin Cash, Tether, Cardano, and others.

Terrorist groups soliciting donations of virtual assets are also increasingly turning to stablecoins, according to the U.S. Treasury 2024 National Terrorist Financing Risk Assessment. Stablecoins are virtual assets that are designed to maintain a stable value relative to a national currency or other reference assets and are less volatile than other virtual assets, making them attractive to terrorist groups.

Challenges with Customer Identification for Financial Institutions

In a post-9/11 world, the onus is on financial institutions to ensure they understand their customer base and correctly identify who is using their bank and gaining access to the financial system. The 9/11 hijackers did not trigger any red flags when they used the U.S. financial system to receive and move funds, because their transactions were unremarkable and they used bank accounts in their own names to fund the operation. After the attacks, the responsibility increased on financial institutions to identify their customers and enhance their customer identification programs, according to Juan Zarate, former U.S. Treasury official, Deputy National Security Advisor for Combating Terrorism under President George W. Bush, and author of Treasury’s War: The Unleashing of a New Era of Financial Warfare.

However, new technologies are making gathering customer identification information difficult. Deep fakes and believable counterfeits are being increasingly used by malign actors to open accounts and conduct transactions. For example, FinCEN in April 2024 warned that counterfeit U.S. passport cards are being used for identity theft and fraud schemes at financial institutions, which could make them attractive for terrorist actors.

• Illicit actors are counterfeiting U.S. passport cards because banks are less familiar with these forms of U.S. government-issued identification, and their use potentially decreases the likelihood of detection. U.S. Passport cards are also significantly cheaper to counterfeit compared to U.S. passport books.
• Fraudsters are using generative AI to create false identities, resulting in a significant increase in identity theft, synthetic identities, deep fakes, online payment fraud, and account takeovers. Terrorist groups can almost certainly access and exploit these technologies to access the formal financial system and transfer funds.
• FinCEN in early 2024 issued a Financial Trend Analysis, analyzing malign actors’ use of identity-related processes involved in processing transactions and opening and accessing accounts. FinCEN’s analysis identified three identity-related exploitations in which malign actors evade validation by impersonating others, exploit insufficient verification processes, and use compromised credentials to gain unauthorized access during authentication. Terrorist actors and their supporters can also exploit these new technologies to evade identify verification processes.

Derisking

With compliance requirements rapidly expanding and methodologies that allow terrorist groups to obtain and move assets becoming more technologically complex, financial institutions may surrender to an instinct to derisk, or simply terminate or restrict business with VASPs and other entities in the digital asset arena out of regulatory concerns as well as worries about inadvertently allowing terrorist actors to access the financial system.

The private sector feels like they’re whipsawed, Zarate says. “Businesses are challenged if they’re derisking too bluntly and challenged if they do take a risk and a problem arises,” Zarate says.

However, regardless of regulatory pressure or posture, financial institutions must understand their risk exposure and know with whom they are transacting. There are international standards about what is expected from financial institutions, according to Zarate, that put the onus on banks, MSBs, and VASPs to use their data better, to use analytics in a better way, and to be more efficient and effective at managing risk.

When transacting with VASPs, financial institutions can and should research the exchange’s ownership and control structure, its know your customer and customer due diligence controls, and its transaction history to ensure that it has not facilitated transfers from wallets linked to terrorist organizations, and other high-risk transactions in which the VASP may have engaged. Adverse media reports can also provide insights into the VASP’s possible connections to terrorism financing.

In the end, Zarate says, you’re not going to be perfect. The important questions are:

• Are you preventing terrorism financing using virtual assets or other methodologies at scale?
• Are you remediating the issues if mistakes are made?
• How are you dealing with the new technologies that facilitate movements of terrorist funds?

Financial crime occurs. Is your financial institution using its resources most effectively to reduce the risk?