You are here

From Lone Actors to Daesh: Rethinking the Response to the Diverse Threats of Terrorist Financing

Tom Keatinge, Florence Keen and Anton Moiseienko
Newsbrief, 23 January 2018
Centre for Financial Crime and Security Studies, Terrorism
In view of the terrorist threat and diversity of funding efforts, counter-terrorist financing efforts should aim to address the modus operandi of any given target, placing greater emphasis on the intelligence value that finance provides.

On 23 September 2001, President George W Bush signed Executive Order 13224, which imposed an immediate asset freeze on individuals and organisations suspected of being involved in Islamic terrorism in the US, and additionally granted the US Treasury enhanced powers to sanction domestic and international banks that provided these entities access to the financial system. ‘If they [the banks] fail to help us by sharing information or freezing accounts’, declared Bush, ‘the Treasury Department now has the authority to freeze their banks’ assets and transactions in the United States’.

Signed less than two weeks after the 9/11 attacks, the order was an immediate response to the emergence of evidence that the plotters spent between $400,000 and $500,000 to finance the attacks, with funds passing largely through the formal financial system without being identified as suspicious. The action was a watershed moment in the financial regime against terrorism, which had arguably not been a global priority, save for some notable exceptions. Indeed, when the attacks occurred, only four countries had ratified the 1999 UN Convention for the Suppression of the Financing of Terrorism, namely Botswana, Sri Lanka, Uzbekistan and the UK.

Following the adoption of UN Security Council Resolution 1373 on 28 September 2001, which built upon UN Security Council Resolution 1267 (1999) on Taliban finances, and the 1999 Convention, the Financial Action Task Force (FATF, the global standard setter for anti-money laundering and counter-terror finance) added a further nine ‘Special Recommendations designed to combat the financing of terrorism. Thus, the global counter-terrorist financing (CTF) regime as we know it today was born, with countries moving quickly worldwide to legislate against terrorist financing. Financial institutions were placed on the front line, with an increased responsibility to detect and report suspicions of terrorist financing to law enforcement agencies in their own jurisdictions.

Signed less than two weeks after the 9/11 attacks, the order was an immediate response to the emergence of evidence that the plotters spent between $400,000 and $500,000 to finance the attacks

Sixteen years later, despite the evolution and diversification of the terrorist threat, the CTF architecture that was put in place following the 9/11 attacks has seen little change. Its effectiveness as a tool for disrupting terrorism has been increasingly questioned; terrorists still move funds around the globe, either through the formal financial system or through other channels.

In our attempt to analyse the CTF regime, it is also pertinent that we understand what effectiveness looks like, and how we may measure success. If success is equated to a high number of terrorist-financing prosecutions, or the amount of terrorist assets frozen, then we must accept that the international record is patchy at best. If, however, we were to rethink CTF, placing greater emphasis on the intelligence value that finance provides, then a new picture may begin to emerge.

This depends of course on the terrorist model, of which there are many: at one end of the spectrum the ‘lone-actor’ who may simply need to purchase a knife or hire a van to commit an attack; at the other, a territory-controlling group such as Daesh (also known as the Islamic State of Iraq and Syria, ISIS) that requires a substantial income to sustain itself and its commitments over a long period. By breaking down the different actors and subsequent funding models, this article will put forward the argument that the CTF model as it stands today does not necessarily reflect the multitude of threats we face, and thereby argues for a more nuanced and less generic response.

It is important to recall that while the policy focus on CTF intensified after the 9/11 attacks, governments had long been conscious of the terrorists’ need to resource their activities. Take for example, the British experience in confronting the Provisional Irish Republican Army (PIRA) and its utilisation of organised-crime tactics to raise funds, or the Colombian experience with the Fuerzas Armadas Revolucionarias de Colombi (FARC) which capitalised on coca to engage in narco-trafficking. Therefore, we must be cognisant of emerging threats, while also not forgetting the lessons of the past.

CTF: A Useful Acronym?

In analysing the effectiveness of the CTF regime, it is pertinent to question: what is encompassed by ‘CTF’ and is the categorisation useful? Just as there is no universally accepted definition of terrorism, so there is no universally accepted definition of CTF. Interviews conducted by the authors reveal that CTF means widely different things to different actors. In short, there is an apparent lack of coordinated thinking on both the tactical and strategic application of CTF. The lack of a harmonised definition is partially a branding issue. CTF was tacked onto the existing anti-money laundering (AML) regime following the 9/11 attacks, and is therefore broadly viewed as a problem that can be addressed under the framework that was already in place to respond to the drug cartels of the 1980s. Subsequently, FATF’s 2012 revision of its International Standards integrated the Special Recommendations into its original 40 Recommendations, entrenching the AML/CTF regimes even further. In reality, these financial crimes are often very different; money laundering at the tactical end describes the process of making sums of dirty money appear legitimate, whereas terrorist finance attempts to use sums of (often legitimate) money for dirty purposes, sums that are often entirely unremarkable. Of course, some terrorist finance looks indistinguishable from that of organised crime, which is why the responses have historically overlapped.

The conflation of AML and CTF has led to a system that has placed financial institutions at the heart of the global terrorist finance effort. This has resulted in a widely held view among policymakers and political leaders that CTF is a tool for ‘cutting off the funding’ of terrorist actors and organisations, in order to prevent attacks in the future. While this is of course a desirable goal, it is clear that to do so completely is impossible, as terrorists will always find ways to raise, move and store money, be it within the formal financial system or otherwise. The modus operandi may change, but the principles remain.

In reality, CTF describes myriad activities, from the legal frameworks that countries put in place to prosecute terrorist finance and seize terrorist assets; efforts by financial institutions and other supervised entities to identify terrorist-related transactions, in accordance with law and regulations; and the development of financial intelligence to inform the overall counter-terrorist picture. This final strand is arguably the most important, and yet lacks prioritisation. At its heart, it is the process of using financial intelligence to counter terrorism via law enforcement and the use of security services. Networks and associates, travel patterns and locations, communication methods, and purchases of vehicles or other materiel intended for use in attacks may all be identified through financial analysis. These contributions to the overall intelligence picture may be more valuable than simply removing one financial node.

Despite the evolution and diversification of the terrorist threat, the CTF architecture that was put in place following the 9/11 attacks has seen little change

Of course, the strategy of ‘following’ or ‘freezing’ money should not be a binary choice, and casting it as such would be overly simplistic. These tools should be complementary, and responses should be shaped according to contexts that differ substantially between different terrorist groups and regions. It is therefore imperative that we distinguish between groups and their funding models, and, from that, put forward the most appropriate CTF strategies to deal with them.

No One Size Fits All

As described above, no single, generic CTF strategy can be effective in all circumstances. How terrorist actors meet their financial and material needs depends on a range of factors such as the size of a group, the scale and geographical location of its operations, and the availability of external support, which may come from other terrorists, sympathetic members of the public (such as diasporas) or state sponsors.

In view of the diversity of the terrorist threat and the diversity of funding methods, CTF efforts should be tailor-made to address the modus operandi of any given target and integrated into broader counter-terrorist strategies. Indeed, it is arguable that even the objectives that can be served by CTF measures differ depending on the type of terrorist threat. Whereas it is possible to undermine the capabilities of large terrorist organisations by constricting their access to necessary resources, CTF responses to small cells and lone actors must be focused on using financial intelligence to assist in the identification of terrorist networks.

It is thus helpful as a starting point in devising bespoke CTF strategies to distinguish between several major types of terrorist actors: lone actors; small cells; command and control terrorist networks; territory-controlling groups; and ‘corporate’ groups.

At one end of the spectrum are small cells and lone actors, who most often rely on modest resources to carry out relatively low-tech attacks. A 2015 analysis by Emilie Oftedal indicates that 75% of terror plots in Europe from 1994 to 2013 cost less than $10,000, with 50% of jihadi terror cells in Europe being entirely self-financed, mostly through petty crime or members’ salaries and welfare payments. Small cells and lone actors can either act on their own or receive instructions – and, occasionally, financial support (see page 16 of the report) – from larger terrorist organisations such as Al-Qa’ida or Lashkar-e-Taiba. As was already alluded to above, it is virtually impossible to prevent would-be terrorists from obtaining the trivial amounts of funding required for an attack – however, records of their financial activities form a source of intelligence that can, if used in conjunction with network analysis, potentially disclose associates, facilitators and potentially those that may also be planning attacks.

75% of terror plots in Europe from 1994 to 2013 cost less than $10,000, with 50% of jihadi terror cells in Europe being entirely self-financed

Command and control terrorist networks, such as Al-Qa’ida at the time of the 9/11 attacks, seek to operate over an extended period of time, coordinating their members’ activities across the world. Despite pressures that have forced the group to decentralise, their transnational nature still necessitates the movement of funds to terrorists from their supporters, as well as to local cells directed by the group’s leadership. Typical ways of moving money include the abuse of charities, bank transfers, the use of money-service businesses and informal value transfer systems such as hawala and hundi, and cash couriers. Given the reliance of such a group on money transfers, taking out its main financial nodes can disrupt its operations. This can be achieved, for example, by freezing the assets of terrorist financiers under UN Security Council resolutions or domestic legal instruments such as Executive Order 13224 in the US, as well as by bringing criminal prosecutions and/or confiscation proceedings.

Terrorist organisations that control territory, such as Daesh or Al-Shabaab, pose a different set of challenges since they have demonstrated a high degree of financial self-sufficiency. Their revenues come from exploiting the resources in their territory (such as oil and charcoal production) and taxing the local population under their control. This approach minimises reliance on external funding. For instance, the UN estimated that at its height in 2015, Daesh raised $500 million from oil sales. External sources of funds reportedly only accounted for 1–2% of Daesh’s budget (see page 11 of the report). The economic health of Daesh has since deteriorated due to air strikes on its oil fields and distribution network. At the same time, the sale of commodities by terrorists requires the existence of a market, whether for Daesh’s oil or looted antiquities, or Al-Shabaab’s charcoal. Closing access to such markets, particularly in neighbouring states, as well as sanctioning those who knowingly engage in trade with terrorist organisations, is essential.

‘Corporate’ terrorist groups straddle the divide between terrorism and organised crime. Organisations such as Hizbullah and the IRA are known to have successfully engaged in a variety of criminal activities and legitimate enterprises to generate substantial income. Despite their professed ideological motivation, the financial modus operandi of ‘corporate’ terrorist actors resemble that of organised criminal groups. For instance, Hizbullah has profited from a variety of crimes ranging from drug trafficking in Latin America’s Tri-Border Area to cigarette smuggling in the US; the IRA reportedly benefited (see page 32 of the report) from the European Community’s subsidies for exporting pigs from the UK to Ireland by smuggling pigs back to UK before exporting them again and again, as well as film and software piracy (see page 82 of the report), among other criminal activity. Consequently, in addition to terrorism-specific sanctions such as the freezing of terrorists’ assets under the relevant UN Security Council resolutions, anti-organised crime tools can be usefully applied to such groups. These include law enforcement interventions such as prosecutions and criminal or civil confiscations. It is worth reiterating that law enforcement agencies should exploit the full value of financial intelligence whenever the regulated sector is involved in the money transfers of suspected terrorists.

The aim of this classification is to provide a framework for thinking about various types of terrorist actors, thereby facilitating a more nuanced approach to CTF. It is also important to remember that terrorist actors mutate over time, often taking on more than one form, which requires a mixed CTF response. It should be further recognised that significant regional differences will exist. For instance, although the FARC and Daesh both controlled large swathes of territory at one point, the economies they created and the context within which they operated are self-evidently different. The characteristics of a terrorist actor are useful indicators of what tools may be applied as part of a CTF strategy, but a regional approach is likely to be indispensable to ensure those tools are used to the maximum effect.

The Need to Rethink CTF

What is evident is that the global CTF regime remains heavily focused on a post-9/11, Al-Qa’ida-based threat, which does not always encompass the range of terrorist-financing activities that exists today. There are an ever-growing number of UN Security Council Resolutions that emphasise new typologies that countries must address, from antiquities and human trafficking to kidnap for ransom and the abuse of charities, with little context as to where countries (and the private sector) should focus their efforts. The top-down approach, led primarily through FATF Recommendations, clearly had a role to play in the period immediately following 9/11. However, more creative thinking is needed to meet the challenges of today. Countries must take greater ownership over devising tailored CTF responses, including collaboration on a regional basis, rooted in a genuine country or region-specific terrorist-financing risk assessment. The Australian- and Indonesian-led Regional Risk Assessment of South East Asia and Australia is a helpful example of this in practice.

‘Rethinking CTF’ does not mean casting aside the current model; the use of international sanctions and asset freezes to target high-level terrorist financiers and their networks should remain a core part of the global response, as should the reporting responsibilities of financial institutions. Greater emphasis must however be placed on complementary strategies that use financial intelligence to understand terrorist networks, including greater cooperation between law enforcement and private sector actors.

In sum, and as RUSI’s Centre for Financial Crime and Security Studies will continue to research during 2018, after sixteen years of CTF effort directed by the international community at a range of evolving terrorist threats, a more nuanced approach is required that defines more clearly what CTF actually means, how ‘success’ will be determined, and distinguishes more precisely between groups, methods, regions and responses.

Tom Keatinge
Tom Keatinge is the Director of the Centre for Financial Crime and Security Studies at RUSI, where his research focuses on matters at the intersection of finance and security, including the use of finance as a tool of intelligence and disruption.

Florence Keen
Florence Keen is a Research Analyst with the Centre for Financial Crime and Security Studies at RUSI, where her research focuses on the counter-terrorist finance regime; the impact of counter-terrorism legislation on the non-profit sector; and how emerging technologies are addressing financial crime.

Anton Moiseienko
Anton Moiseienko is a Researcher with the Centre for Financial Crime and Security Studies at RUSI. His research interests include money laundering, terrorist financing and corruption. He holds a PhD in law from Queen Mary University of London and a master’s degree in law from Cambridge University.

BANNER IMAGE: US Department of the Treasury. Executive Order 13224 granted the Treasury the power to sanction banks that provide terrorist entities with access to the financial system. Courtesy of Wikimedia.

The views expressed in this article are those of the author, and do not necessarily reflect those of RUSI or any other institution.


Tom Keatinge
Director, Centre for Financial Crime and Security Studies, RUSI

Tom Keatinge is the Director of the Centre for Financial Crime and Security Studies at RUSI, where his research focuses on matters at... read more

Florence Keen
Research Analyst

Florence is a Research Analyst at RUSI within the Centre for Financial Crime and Security Studies. She joined RUSI in October 2015 after... read more

Support Rusi Research

Subscribe to our Newsletter