Terrorist funding detection has been practiced the same way as money laundering detection ever since Counter Terrorism Funding (CTF) initiatives were added to Anti–Money Laundering (AML) efforts after 9/11. Although the two have similarities on the surface, a deeper look reveals more differences than similarities. In fact, some have rightly called terrorist funding “money laundering in reverse” because of marked differences in its sources and goals.
Do the two warrant similar treatment in detection methods? Or do their dissimilarities call for different detection approaches?
How are they similar?
Money laundering and terrorist financing share three similarities:
1. They involve a source of money or objects that have monetary value.
2. They involve moving the money through channels that conceal the original source.
3. This money movement and concealment of the source enables recipients to use the end funds in ways that would otherwise have exposed the initiator to legal jeopardy.
How are they different?
Admittedly, those three similarities are fairly high-level. Their differences are at a deeper level.
Source of funds
Money laundering and terrorist financing usually differ in their respective source of funds. With money laundering, the initiator is an individual or organization that obtained the money through criminal activity. This may be a single individual, as in the case of embezzlement or tax evasion. Or it may be large criminal organizations. The source, in money laundering, is always funds obtained by illicit activity.
With terrorist financing, a criminal origin is not always the case. The initial source may be legitimate. It may be wealthy benefactors who agree with terrorist goals and want to support terrorist activity. It may be groups that pose as charitable organizations, gather funds supposedly for humanitarian aid but then, either with or without donor knowledge, transfer the funds to terrorist groups or operatives to support their activity.
That’s not to say that the source in terrorist funding is never from criminal activity. Increasingly, terrorist organizations have turned there for funding. In fact, many well-funded terrorist groups have engaged in criminal activity to eliminate reliance on donors and thus become self-supporting. Kidnappings and ransom demands by paramilitary groups, as well as trade in blood diamonds, human trafficking and arms dealing have become a growing terrorist funding source.
So, although terrorist financing might use criminal activity as a funding source, the difference between money laundering and terrorist financing is this: In money laundering, the source of funds is always criminal activity; in terrorist financing, funding sources may be either legitimate or illicit.
Transaction amounts and transfer methods
Money laundering and terrorist financing differ also in the typical size of monetary transactions involved and the methods used to move them. In money laundering, the amount of funds is generally large. This requires initiators to be both more careful and more creative in the ways they move funds.
Most often, they start by breaking funds into smaller amounts to avoid triggering immediate alerts tied to size of deposits. Then they place those smaller amounts into financial institutions as multiple deposits in multiple accounts under multiple names, to make the placement of funds look as natural as possible.
Then they transfer that money, bit by bit, into other financial institutions – often in countries whose banking laws allow greater anonymity and, from there, into yet other institutions. By continually moving the money through multiple institutions, they seek to create layer upon layer of transfers until the paper trail is too complex to trace back to its source.
Along the way, they may use informal financial systems that protect sender’s and recipient’s identities, such as the Middle Eastern hawala, Chinese fei chi’en or South American Black Market Peso Exchange. They may also send the money through shell companies that exist to create false invoices that give the impression that money was received for real goods or services, thus making it look legitimate.
Eventually, though, the money is reintegrated back into financial institutions under the real names of the initiators, but now with a string of transactions that give the illusion of being revenues from legitimate businesses. At this point, the initiators can use the money as legitimate wealth, because the trail back to its illicit source has been obscured beyond the ability of law enforcement to trace.
Contrast that to terrorist financing, where the amount of funds generally is smaller. These smaller amounts – and the original legitimacy of the funds – require less creativity to move without triggering alerts. In fact, one of the greatest challenges in detecting terrorist funding transactions is that they so closely mimic legitimate money movement. This makes it easier to use financial institutions – either at the beginning of the process, at the end or all the way through.
That doesn’t mean that financial institutions are the only means used. Couriers sometimes smuggle cash from country to country, to move it into countries that have more relaxed detection systems. Or the hawala is sometimes used. But, again, traditional financial systems are heavily used because of their ability to move money vast distances at the push of a computer key.
So, both money laundering and terrorist funding rely heavily on the lightning-quick ability of financial institutions to move cash. This is important to remember as we continue looking at the similarities and differences of the two processes.
Intended destination and purpose of funds
When we look at the intended destination and purpose of funds, money laundering and terrorist financing are completely different. In money laundering, funds come full circle back into the criminals whose illicit activities created them. The goal is long-term: to disguise criminally obtained funds so they build a seemingly legitimate accumulation of personal wealth for their criminal perpetrators while keeping the criminal activity that generated them secret.
With terrorist financing, on the other hand, funds move from the hands of donors who usually obtained them legitimately, into the hands of criminals who intend to use them to commit illegal acts. The goal is short-term: to pay terrorist operators to commit highly public criminal acts (terrorist attacks) while concealing the originator’s connection to those acts.
So, the destination and purpose of funds is dramatically different. Money laundering starts with perpetrators of criminal acts and returns all funds to those same perpetrators, only now looking legitimate and keeping the perpetrators’ past criminal activity secret. Terrorist financing pays others to commit crimes that receive maximum publicity, yet keep the donors’ involvement secret.
How can money laundering and terrorist financing be detected?
For all their differences, both rely on financial institutions at some point in their transfer process. This creates a vulnerability that can enable detection. In many ways, detection methods for both are similar.
In both processes, following recommended AML/CTF practices enables detection. Know Your Customer (KYC) and Customer Due Diligence (CDD) practices require specialized units in financial institutions to perform thorough verifications of prospective customer identities and backgrounds before the institution accepts them as customers.
Units dig deeper into customer applications to determine whether the customer is the account’s beneficial owner or only a representative. If so, the units must investigate the beneficial owner as well as the representative.
KYC/CDD units also compare prospective customers, representatives and beneficial owners against money laundering and terrorist watch lists to whether determine they – or any individuals with whom they have connections – are on those lists. Only through this exhaustive screening process can the institution accept the prospective customer.
The initial investigation is not the end of the KYC/CDD unit’s work, though. It also involves understanding the typical banking activities the institution can expect of each customer and continuously monitoring for possible signs of money laundering or terrorist financing involvement.
Monitoring doesn’t stop with the institution’s customers, either. It also involves assessing the reputation of institutions to or from which customers send or receive transfers. It involves flagging customers who maintain relationships with questionable institutions or engage in transactions with countries considered lax in their detection efforts. And it involves applying counter-terrorist intelligence provided by government agencies to further inform assessments of customers and related institutions.
The differences between money laundering and terrorist financing are striking in origination, scope, use and purpose. Yet their joint reliance on financial institutions offers opportunities for detection.
Even terrorist financing, with its additional challenges of smaller transaction amounts and initial legitimacy of most funds, can be detected by a dedicated detection team. The key is for the institution to actively practice strong KYC/CDD procedures in all aspects of opening accounts, monitoring activity for suspicious behavior and assessing the legitimacy of funds transferring both into and out of those accounts. These practices offer the best chance for an institution to detect and avoid efforts to use it for money laundering or terrorist funding.
For over 30 years, Marin Ivezic has been protecting people, critical infrastructure, enterprises, and the environment against cyber-caused physical damage. He brings together cybersecurity, cyber-physical systems security, operational resilience, and safety approaches to comprehensively address such cyber-kinetic risk.
Marin leads Industrial and IoT Security and 5G Security at PwC. Previously he held multiple interim CISO and technology leadership roles in Global 2000 companies. He advised over a dozen countries on national-level cybersecurity strategies.