Nine Red Flags on Terrorist Financing from FinCEN’s New Advisory

June 18, 2024 by Nasdaq Verafin

The financing of terrorist activity threatens the integrity of the global financial system. With $11.5 billion in terrorist financing flowing through the worldwide economic system in 2023, this heinous crime is exceedingly lucrative.

“Terrorism threatens the safety and security of communities worldwide and tears at the fabric of society. Disrupting the financing flows to terrorist groups is essential to shut down these operations and the power they seek to gain from fear”.

Nasdaq’s 2024 Global Financial Crime Report

In May 2024, the U.S. Department of the Treasury’s Financial Crimes Enforcement Network (FinCEN) issued an Advisory to assist financial institutions in detecting potentially illicit transactions related to terrorist financing. This advisory highlights the means by which terrorist organizations receive support from terrorist entities and describes several typologies these organizations use to illicitly access or circumvent the international financial system to raise, move, and spend funds.

Red Flag Indicators Related to the Fundraising and Money Laundering Activities of Terrorist Organizations

FinCEN has identified the red flags listed below to assist financial institutions in detecting, preventing, and reporting suspicious activity connected to terrorist financing:

  1. A customer or a customer’s counterparty conducts transactions with Office of Foreign Assets Control (OFAC)-designated entities and individuals, or transactions that contain a nexus to identifiers listed for OFAC-designated entities and individuals, to include email addresses, physical addresses, phone numbers, passport numbers, or CVC addresses.
  2. Information included in a transaction between customers or in a note accompanying a peer-to-peer transfer include key terms known to be associated with terrorism or terrorist organizations.
  3. A customer conducts transactions with a money services business (MSB) or other financial institution, including a VASP, that operates in jurisdictions known for, or at high risk for, terrorist activity and is reasonably believed to have lax customer identification and verification processes, opaque ownership, or otherwise fails to comply with AML/CFT best practices.
  4. A customer conducts transactions that originate with, are directed to, or otherwise involve entities that are front companies, general “trading companies” with unclear business purposes, or other companies whose beneficial ownership information indicates that they may have a nexus terrorist group. Indicators of possible front companies include opaque ownership structures, individuals and/or entities with obscure names that direct the company, or business addresses that are residential or co-located with other companies.
  5. A customer that is or purports to be a charitable organization or NPO solicits donations but does not appear to provide any charitable services or openly supports terrorist activity or operations. In some cases, these organizations may post on social media platforms or encrypted messaging apps to solicit donations, including in CVC.
  6. A customer receives numerous small CVC payments from many wallets, then transfers the funds to another wallet, particularly if the customer logs in using an Internet Protocol (IP) based in a jurisdiction known for, or at high risk for, terrorist activity. In such cases, financial institutions may also be able to provide associated technical details such as IP addresses with time stamps and device identifiers that can provide helpful information to authorities.
  7. A customer makes money transfers to a jurisdiction known for, or at high risk for, terrorist activity that are inconsistent with their stated occupation or business purpose with vague stated purposes such as “travel expenses,” “charity,” “aid,” or “gifts”.
  8. A customer account receives large payouts from social media fundraisers or crowdfunding platforms and is then accessed from an IP address in a jurisdiction known for, or at high risk for, terrorist activity, particularly if the social media accounts that contribute to the fundraisers contain content supportive of terrorist campaigns.
  9. A customer company is incorporated in the United States or a third-country jurisdiction, but its activities occur solely in jurisdictions known for, or at high risk for, terrorist activity and show no relationship to the company’s stated business purpose.

Working Together to Prevent Terrorist Activity

Financial institutions play a critical role in detecting and preventing terrorist financing. AML/CFT programs should have BSA compliance and reporting solutions in place to file suspicious activity reports (SARs) for potentially suspicious activity and provide actionable intelligence for law enforcement.

Nasdaq Verafin provides cloud-based Financial Crime Management Technology solutions for Fraud Detection, AML/CFT Compliance, High-Risk Customer Management, Sanctions Screening and Management, and Information Sharing. More than 2,500 financial institutions globally, representing more than $8T in collective assets, use Nasdaq Verafin to prevent fraud and strengthen AML/CFT efforts. Leveraging our unique consortium data approach in targeted analytics with artificial intelligence and machine learning, Nasdaq Verafin significantly reduces false positive alerts and delivers context-rich insights to fight financial crime more efficiently and effectively. To learn how Nasdaq Verafin can help your institution fight fraud and money laundering, call 1-877-368-9986.