Even small-sized transactions can suffer from out-sized risks.
When it comes to terrorism, following the money trail is our best chance of preventing terror attacks before they occur. But that’s a challenge when that trail is composed of small-quantity transactions.
Funding streams are often small-scale and easy to overlook. What’s more, many transactions appear legitimate — at least on the surface. After all, rent payments and cost of living expenses are commonplace. However, these seemingly innocuous purchases can be weaponized with ease.
This strategy, called micro-financing, isn’t new, but it has picked up steam. While law enforcement and financial institutions (FIs) have honed their AML/CFT detection methods for larger-scale financing, more work is needed to identify these threats disguised as routine financial behavior. The stakes are high: failure to detect the micro-financing of terrorism has devastating consequences, with FIs potentially left shouldering the blame.
The Dollar Cost of Terrorism
Thoroughly planned and centrally-funded, the September 11 attacks killed nearly 3,000 people and injured over 6,000. One estimate puts the economic cost at $3.3 trillion. In comparison, it cost Al Qaeda about $500,000 to cause such devastation — expensive but just a fraction of Al Qaeda’s $35 million budget at that time.
One impact of the attack was to raise the profile of finance in terrorism. High-level U.S. officials of the day stated that fighting the financing of such terrorist groups was as instrumental as fighting the groups themselves. It’s an ethos that’s still true today.
Recent attacks, which have been less elaborate yet still deadly, have cost much less. Terrorists are estimated to have spent no more than $10,000 on the November 2015 attacks in Paris. Other extremists likely spent just a few hundred to a few thousand dollars each when planning and carrying out the slew of mass shootings or acts of terror involving rented vehicles over the last few years.
It doesn’t take much money to inflict significant damage. Current assessments note that the “most persistent” terror threats come from decentralized, isolated terror cells or homegrown violent extremists, who are often self-funded or funded by close associates and on a budget. This means low-cost terror attacks are set to become more common.
Hidden in Plain Sight
Detecting suspicious small-currency transactions is a challenge for FIs. Current AML/CFT regulations and processes have been generally effective but were designed to frustrate the flow of large funding streams to known terrorist organizations.
One consequence of this is that banks now must identify the illicit transactions that masquerade as legitimate financial activity. Given the volume and velocity of transactions that banks process per day, it’s akin to looking for a needle in a gigantic haystack.
Knowing where to look is the first step. Online marketplaces, payment services and crowdfunding sites are especially vulnerable. In 2017, the US discovered that ISIS had been funding a US-based terrorist through an alleged scam on eBay, which possibly also funded terrorists in Britain and Bangladesh.
Earlier this year, female detainees in a Syrian camp, long suspected of being ISIS sympathizers, received several thousand dollars to facilitate their escape through donations made via a crowdfunding campaign.
The Financial Action Task Force (FATF) has identified several other common examples of how terrorism is micro-financed. These include prepaid cards, student or personal loan withdrawals with no intention to repay and the exploitation of cryptocurrencies.
Since such transactions seem normal on the surface, it forces FIs to dig deeper. Instead of looking at the transaction itself, the question becomes: is this transaction being performed in a context that makes sense?
The Silver Lining
While these transactions are hard to detect, it’s not impossible. Modern transaction monitoring software facilitates rules designed to flag activity based on certain risk factors, such as changes in transaction frequency or volume across your customers, even if the activity itself seems legitimate.
A sudden increase, for example, in small eBay transfers to a bank account may be innocuous, but it could signal something far more sinister and is worth a second look. In cases such as these, identifying these illegitimate transactions involves looking at where the money is going rather than where the money has come from.
It’s also worth seeing who else has paid into that account and who else has been linked to the account in question. Doing that successfully means banks can track money across an entire network.
To do this well, financial institutions must build a comprehensive customer risk profile that contains high-quality data about the individual and their spending habits as well as relatives and close associates. Continuously monitoring for changes in that customer’s risk status over time is key. Fighting terrorism requires a focus on individual accounts, not just the size of the transaction.
But in order to do that banks and FIs need to have access to the right data. So much time is wasted dealing with false positives and playing catchup with an endless stream of alerts.
Sophisticated tools, available today, screen individuals and comb through data collated from both internal and external sources. These tools make connections between financial and non-financial information, identify patterns and detect anomalies.
Adverse information and media software like AIM Insight scan millions of online news sources to unearth information that may impact that customer’s risk profile, including involvement in unethical or illicit activity.
The solution is close at hand. Even as the terrorist profile shifts and terrorists find new ways to exploit the financial system and fund their attacks, the tools to prevent them are available. Banks and financial institutions need to rise to the challenge.
It’s only through combining the right technology with the right information that FIs will be able to disrupt terror financing, however large or small the funding stream.
Read more on how to use data to inform risk-based decisions here.