“Simply by using standard anti-money laundering typologies financial institutions should have been able to identify fourteen instances of terrorism financing as being suspicious, though not on their face to raise suspicion of terrorism financing.”
Numerous Terrorism Financing Cases Reveal Suspicious Transactions
I recently read an eye-opening report titled Terrorism Financing Indicators for Financial Institutions in the United States by Richard Gordon, an American law professor who served on the International Monetary Fund (IMF) Task Force on Terrorism Finance following the September 11, 2001 attacks. The report revealed that suspicious financial transactions could be noted in more than a dozen terrorism-related prosecutions which were analyzed as part of a comprehensive study of terrorism financing for the United Nations Counter-Terrorism Implementation Task Force (CTITF). This jarring reality compelled me to share a few highlights from these cases (discussed later in this article) as they explicitly underline how immensely important it is for financial institutions to be diligent and vigilant in their monitoring and reporting of suspicious activity.
This sentiment was very strongly voiced by the Director of FinCEN last month in a speech which focused on terrorist financing and the important fact that BSA reports filed by financial institutions can identify suspicious activity which may ultimately prove to be related to the funding of terrorism. This stance was also endorsed by renowned counter-terrorism expert Richard Barrett at a congressional hearing before the Task Force to Investigate Terrorist Financing last week. Mr. Barrett testified that “Suspicious Activity Reports filed by financial institutions may provide possible indicators of terrorist planning worthy of investigation”. I have included some brief snippets from these commentaries and others below.
Finally, I’ve concluded this article with 58 red flag indicators for terrorist financing from four different sources. I opted to provide readers with the original lists as compiled by these sources rather than remove redundant indicators and consolidate into a single list since the nuances of the different wording provides more detail or specifics in some cases for the noted indicators.
Director of FinCEN shares that 18% of the FBI’s international terrorism cases in 2014 had related BSA filings and urges financial institutions’ “continued vigilance and support.”
A few weeks ago, the Director of FinCEN, Jennifer Shasky Calvery, made terrorist financing the theme of her speech at an anti-money laundering seminar for bankers. Director Calvery informed the attendees that “The reporting your institutions provide has already proven to be an essential component in identifying foreign terrorist fighters, their financial facilitators, and the flow of funds” and she urged financial institutions’ continued vigilance and support. She provided statistics that FinCEN processes about 50,000 new filings each day and that automated business rules related to ISIL, alone, generate over 800 matches each month for further review and exploitation. She added that “Foreign terrorist fighters may use an ATM, a money services business (MSB), or a depository institution to send or receive funds to facilitate travel to Iraq and Syria”. Director Calvery stressed that “there is no doubt at FinCEN, or amongst our partners across government, that the reporting your financial institutions provide is essential to our efforts to disrupt, degrade, and ultimately defeat al-Qa’ida, ISIL and other terrorist groups”. As Juan Zarate, former Deputy Assistant to the President and Deputy National Security Advisor for Combating Terrorism so aptly put it – “Money is their [terrorist groups] enabler, but it’s also their Achilles’ heel.”
Sample Case Highlights – Credit Card Fraud; Wire Fraud; Bank Fraud and Money Laundering Structuring
One noteworthy case in the above mentioned report Terrorism Financing Indicators for Financial Institutions in the United States involved two small businesses – a deli and an ice cream shop. The case highlighted 12 feeder accounts held at multiple U.S. banks. Money was deposited into the feeder accounts by various means, including check deposits, cash deposits, and wire transfers. Bank records for the 12 feeder accounts revealed 3,252 cash deposits. The deposits were structured to avoid reporting requirements. Only one of them was a cash deposit for more than $10,000 triggering a reporting requirement. However, on each of several hundred days, an aggregate of more than $10,000 was deposited into the feeder accounts. The ice cream shop also operated as an unlicensed and unregistered money transmitter and over an eight year period, $22.1 million was deposited into the feeder accounts even though the small shop only had annual revenue of about $185,000. The funds were subsequently consolidated into a central account in the U.S. using checks and wire transfers from the 12 accounts; and $21.9 million was wired from the central account on behalf of customers in the U.S. to accounts in 25 countries, ultimately making its way back to Yemen. The recipient operators who controlled the accounts in those countries exchanged the funds into local currency and distributed payments to the intended beneficiaries. Evidence showed that the money transfers were tied to funding for al-Qaeda and Hamas. This case clearly illustrates that terrorist financers often uses classic money laundering typologies regardless of whether they are trying to launder the proceeds of crime. The study concluded that “by using standard anti-money laundering typologies financial institutions should have been able to identify fourteen instances of terrorism financing as being suspicious”, even though the FI might not see on the face of it that the suspicious activity was in fact linked to terrorism financing.
Other terrorist financing cases have involved bank fraud, credit card fraud, wire fraud, identity fraud and a host of criminal activities which we typically consider much less grave than the funding of terrorism. The FBI has indicated that numerous terrorist investigations have resulted from financial information provided by the financial sector and that is has assisted with connecting the dots.
“Terrorism Financing Version 2.0” – Counter-terrorism Experts Highlight A Dangerous Union: The Intersection of Terrorism and Organized Crime
A distinguished panel of witnesses all emphasized one dominant trend at last week’s congressional hearing before the Task Force to Investigate Terrorist Financing – terrorists increasingly are turning to crime and criminal networks for funding. Chairman Mike Fitzpatrick commented in his opening remarks that “Terrorist groups have become entwined with trans-national criminal syndicates – or in some cases evolving into the role themselves – engaging in criminal activities which yield greater profits than simply relying on state sponsorship or big pocket donors.” Expert after expert witness confirmed that shared view. The words in their testimonies were different but their message was the same. As terrorist groups have become larger and more organized and have sought to raise more money, they have been forced into closer cooperation with organized criminals and have copied some of their methods. Although terrorists continue to raise money through “legal” means such as collecting funds from witting or unwitting donors through established charities or by direct donation, David Asher, Board of Advisors Member for The Center on Sanctions and Illicit Finance referred to the emergence of a trend which he termed “Terrorism Financing Version 2.0”. Mr. Asher elaborated that “Version 2.0 represents a vast evolution above and beyond the traditional religious charities, mosques, and jihadi financiers and involves a substantial embrace of transnational organized crime.” As illicit finance expert Douglas Farah succinctly summarized – “The TOC [Transnational Organized Crime] / terrorism divide is increasingly disappearing.”
In some cases, terrorist groups primarily pursue criminal activities for fundraising purposes. According to the DEA, 22 of 59 Foreign Terrorist Organizations (FTOs) in 2014 were linked to drug trafficking. The DEA, the FBI, and the intelligence community have focused more and more attention on the nexus between drugs and terror and the U.S. Attorney for the Southern District of New York has merged its international drug and foreign terrorism sections because of the intimate link between the two. Juan Zarate who testified before the Task Force last month, stated that “America’s enemies – drug trafficking cartels, organized crime groups, militant groups, and terrorists – are finding each other, as a matter of convenience and opportunity.” Mr. Zarate emphasized that “the overlaps between the criminal underworld, illicit financial activity, and terrorist operations and funding will continue to evolve as marriages of convenience emerge in common areas of operation”.
Four Lists of Red Flag Indicators for Terrorist Financing
1. Financial and Behavioral Indicators Published by The Egmont Group of Financial Intelligence Units
Indicators linked to the financial transactions:
- The use of funds by the non-profit organization is not consistent with the purpose for which it was established.
- The transaction is not economically justified considering the account holder’s business or profession.
- A series of complicated transfers of funds from one person to another as a means to hide the source and intended use of the funds.
- Transactions which are inconsistent with the account’s normal activity.
- Deposits were structured below the reporting requirements to avoid detection.
- Multiple cash deposits and withdrawals with suspicious references.
- Frequent domestic and international ATM activity.
- No business rationale or economic justification for the transaction.
- Unusual cash activity in foreign bank accounts.
- Multiple cash deposits in small amounts in an account followed by a large wire transfer to another country.
- Use of multiple, foreign bank accounts.
Behavioral Indicators:
- The parties to the transaction (owner, beneficiary, etc.) are from countries known to support terrorist activities and organizations.
- Use of false corporations, including shell-companies.
- Inclusion of the individual in the United Nations 1267 Sanctions list.
- Media reports that the account holder is linked to known terrorist organizations or is engaged in terrorist activities.
- Beneficial owner of the account not properly identified.
- Use of nominees, trusts, family member or third party accounts.
- Use of false identification.
- Abuse of non-profit organization.
2. Potentially Suspicious Activity That May Indicate Terrorist Financing Published in the FFIEC BSA/AML Examination Manual
Activity Inconsistent With the Customer’s Business:
- Funds are generated by a business owned by persons of the same origin or by a business that involves persons of the same origin from higher-risk countries (e.g., countries designated by national authorities and FATF as noncooperative countries and territories).
- The stated occupation of the customer is not commensurate with the type or level of activity.
- Persons involved in currency transactions share an address or phone number, particularly when the address is also a business location or does not seem to correspond to the stated occupation (e.g., student, unemployed, or self-employed).
- Regarding nonprofit or charitable organizations, financial transactions occur for which there appears to be no logical economic purpose or in which there appears to be no link between the stated activity of the organization and the other parties in the transaction.
- A safe deposit box opened on behalf of a commercial entity when the business activity of the customer is unknown or such activity does not appear to justify the use of a safe deposit box.
Funds Transfers:
- A large number of incoming or outgoing funds transfers take place through a business account, and there appears to be no logical business or other economic purpose for the transfers, particularly when this activity involves higher-risk locations.
- Funds transfers are ordered in small amounts in an apparent effort to avoid triggering identification or reporting requirements.
- Funds transfers do not include information on the originator, or the person on whose behalf the transaction is conducted, when the inclusion of such information would be expected.
- Multiple personal and business accounts or the accounts of nonprofit organizations or charities are used to collect and funnel funds to a small number of foreign beneficiaries.
- Foreign exchange transactions are performed on behalf of a customer by a third party, followed by funds transfers to locations having no apparent business connection with the customer or to higher-risk countries.
Other Transactions That Appear Unusual or Suspicious:
- Transactions involving foreign currency exchanges are followed within a short time by funds transfers to higher-risk locations.
- Multiple accounts are used to collect and funnel funds to a small number of foreign beneficiaries, both persons and businesses, particularly in higher-risk locations.
- A customer obtains a credit instrument or engages in commercial financial transactions involving the movement of funds to or from higher-risk locations when there appear to be no logical business reasons for dealing with those locations.
- Banks from higher-risk locations open accounts.
- Funds are sent or received via international transfers from or to higher-risk locations.
- Insurance policy loans or policy surrender values that are subject to a substantial surrender charge.
3. Financial Red Flags Published by DML Associates LLC:
Dennis Lormel, founder and president of DML Associates, LLC, established and directed the FBI’s terrorist financing initiative following the terrorist attacks of September 11, 2001.
- IP logins in areas of conflict such as near the Syrian border, to include Jordan and Lebanon, but particularly in Turkey
- Periods of transaction dormancy, which could be the result of terrorist training or engagement in combat
- ATM cash withdrawals in areas of conflict
- Wire transfers to areas of conflict
- Charitable activity in areas of conflict especially in Syria
- Financial activity identifiable with travel [purchase of airline tickets] to Syria through Turkey and other points of entry to include Jordan, Lebanon and Israel
4. Terrorist Activity Financing Related Indicators Published by FINTRAC (Canada’s Financial Intelligence Unit)
FINTRAC (Financial Transactions and Reports Analysis Centre of Canada) noted that a single indicator on its own may seem insignificant, but combined with others, could provide reasonable grounds to suspect that the transaction is related to terrorist financing activity.
- Client accesses accounts, and/or uses debit or credit cards in high risk jurisdictions (including cities or districts of concern), specifically countries (and adjacent countries) under conflict and/or political instability or known to support terrorist activities and organizations.
- Client identified by media or law enforcement as having travelled, attempted/intended to travel to high risk jurisdictions (including cities or districts of concern), specifically countries (and adjacent countries) under conflict and/or political instability or known to support terrorist activities and organizations.
- Client conducted travel-related purchases (e.g. purchase of airline tickets, travel visa, passport, etc.) linked to high-risk jurisdictions (including cities or districts of concern), specifically countries (and adjacent countries) under conflict and/or political instability or known to support terrorist activities and organizations.
- The client mentions that they will be travelling to, are currently in, or have returned from, a high risk jurisdiction (including cities or districts of concern), specifically countries (and adjacent countries) under conflict and/or political instability or known to support terrorist activities and organizations.
- Client depletes account(s) by way of cash withdrawal.
- Client or account activity indicates the sale of personal property/possessions.
- Individual/Entity’s online presence supports violent extremism or radicalization.
- Client indicates planned cease date to account activity.
- Client utters threats of violence that could be of concern to National Security/Public Safety.
- Sudden settlement of debt(s) or payments of debts by unrelated 3rd party(ies).
- Law enforcement indicates to reporting entity that the individual/entity may be relevant to a law enforcement and/or national security investigation.
- Client’s transactions involve individual(s)/entity(ies) identified by media or law enforcement as the subject of a terrorist financing or national security investigation.
- Client donates to a cause that is subject to derogatory publicly available information (crowdfunding initiative, charity, NPO, NGO, etc.).
- Client conducts uncharacteristic purchases (e.g. camping/outdoor equipment, weapons, ammonium nitrate, hydrogen peroxide, acetone, propane, etc.).
- A large number of email transfers between client and unrelated 3rd party(ies).
- Client provides multiple variations of name, address, phone number or additional identifiers.
- The sudden conversion of financial assets to a virtual currency exchange or virtual currency intermediary that allows for increased anonymity.
Since counter-terrorist financing is of such vital importance for financial institutions in today’s global environment, I have also provided the red flags indicators noted above as PDF documents which can be downloaded and conveniently shared with colleagues in your institution. I hope I have succeeded in heightening the awareness among financial institutions that tracking and reporting suspicious bank transactions can enhance efforts to counter terrorism.