New FinCEN Advisory: Counter the Financing of Iran-Backed Terrorist Organizations
Amid intensified terrorist activity in the Middle East, a recent FinCEN Advisory provides guidance for financial institutions in detecting illicit transactions related to Iran-backed terrorist organizations.
In light of intensified terrorist activity in the Middle East, FinCEN has recently urged increased vigilance in identifying potential suspicious activity related to the financing of Iran-backed militias and terrorist organizations. These groups include a number of alleged Iran-aligned militia groups in Iraq and Syria.
Iran continues to explore new ways to fund its dangerous and destabilizing activities, including the proliferation of dangerous weapons, malicious cyber activities, and financing of terrorist proxies in the region.... As the Office of Terrorism and Financial Intelligence marks its twentieth anniversary, we reaffirm our commitment to constrain the ability of Iran and its terrorist proxies to exploit the international financial system.
Brian E. Nelson, Under Secretary of the Treasury for Terrorism and Financial Intelligence (May 2024)
Press release: FinCEN Issues Advisory on Iran-Backed Terrorist Organizations
The insights in the Advisory came from analyzing data derived from FinCEN’s analysis of Bank Secrecy Act (BSA) data, open-source reporting, and information provided by law enforcement. Although principally aimed at US domestic financial service providers, this latest advisory highlights useful insights for global financial institutions into the means through which terrorist organizations receive support from Iran, and details several red flags to look for in order to better detect and disrupt these illicit activities.
This article summarizes the key points in the Advisory and suggests steps financial institutions can take to address FinCEN's guidance.
Key takeaways from the FinCEN Advisory
The Advisory outlines that following the re-imposition of US sanctions against Iran’s petroleum industry in 2018, the country turned increasingly to large-scale global oil smuggling and money laundering networks. This enabled access to foreign currency and the international financial system through the illicit sale of crude oil and petroleum products. This is in addition to exporting military drones to Russia and crude oil to the People’s Republic of China, according to the Advisory.
Front companies continue to be at the heart of making and moving money
As in many initiatives associated with the generation, laundering, or movement of illicit finances, the presence of front and shell companies is crucial.
The Advisory reports that the Iranian regime uses overseas front companies and accounts at financial institutions in neighboring countries to transfer funds into Iran or to state-supported terrorist organizations. According to BSA analysis, third-country front companies (often incorporated as “trading companies” or “general trading companies”) and exchange houses are acting as a global “shadow banking” network that processes illicit commercial transactions and channels money to terrorist organizations on Iran’s behalf.
In addition to receiving support from Iran, terrorist organizations and Iran-aligned militia groups in Iraq and Syria use a range of other mechanisms to raise revenue, including sham or fraudulent charities, engaging in illicit trade activities like arms and drug trafficking, taxing and extorting local populations, and crowdfunding.
According to the analysis of BSA data, donations for Hamas are often placed in bank accounts in other countries, including Lebanon, Qatar, and Turkey, which are then accessed by individuals or groups operating in the Gaza Strip and other zones of conflict.
Hezbollah also utilizes networks of front companies and legitimate businesses to raise, launder, and transfer funds. The Advisory notes that Hezbollah financiers make use of free trade zones and countries with weak regulatory frameworks to establish import-export companies that facilitate trade-based money laundering schemes. These companies are often held in the name of a relative of the financier (for example, a spouse). Hezbollah operatives have been known to operate in the Tri-Border Area of Argentina, Brazil, and Paraguay, and in free trade zones in Chile and Panama, with members and supporters also identified in Colombia and Peru.
FinCEN provides red flags to help detect potential suspicious activity
To help organizations fulfil their obligations, FinCEN also provides a number of red flags to help detect, prevent, and report suspicious activity specifically connected to the financing of Iran-backed terrorist organizations. As the Advisory reiterates, however, it is the combination and assessment of often traditionally complex behavioral and transactional risk indicators and data points that brings this particular activity to light. This is also in addition to the obligation of screening against government-derived sanctions watch lists connected to the Iranian regime and terrorist organizations.
Tackling this complexity has been a recurring theme in recent global FinCrime conferences and industry engagements—not just in those linked to Iran, but also regarding DPRK and, of course, Russia. Here, there have been numerous discussions concerning the approaches being used or considered by regulated entities to better detect and manage risk exposure—particularly indirect sanctions risk that can emerge from a lack of insight into, and risk assessment of, high-risk third parties that can sit outside of the institutions’ usual KYC processes.
AML/CFT and sanctions convergence
One emerging answer to this challenge seems to lie in the closer alignment of AML/CFT and sanctions-related technologies and processes.
Current industry regulations mean traditional list-matching and real-time payment intervention will naturally continue using primary screening and filtering tools. However, increasing numbers of regulated institutions are seeking to leverage their investment in monitoring, including entity resolution and network generation capabilities, to help better identify circumvention/evasion typologies and risks. This is particularly true in the correspondent banking and export controls monitoring spaces.
Examples of red flag indicators
Here are some of the red flags identified by FinCEN to assist financial institutions in detecting, preventing, and reporting suspicious activity connected to the financing of Iran-backed terrorist organizations. These should be integrated into AML/CFT technology to create and assess both customer and counterparty records as part of wider network monitoring:
Direct and indirect connections to sanctioned parties (including email addresses, physical addresses, phone numbers, passport numbers, or CVC addresses)
Signs of a shell or front company, including general “trading companies” with unclear business purposes, or other companies whose beneficial ownership information indicates that they may have a nexus with Iran or other Iran-supported terrorist groups
Organizations operating in high-risk industries and trading routes
Transactions containing keywords and phrases associated with terrorists or terrorism
The presence of potential “sham” charities and NPOs, including the lack of actual charitable services, or if the organization has direct/indirect support for terrorist causes
Steps to consider in strengthening control frameworks
As in all best practices, effective control frameworks to mitigate the risk of being directly or indirectly exposed in this space starts with truly understanding customers and their networks, including associated counterparties, relationships, and supply chain activities.
This is made possible by connecting internal data (e.g., KYC records, transactions, exit lists, watchlists, and intelligence reports) and external data (e.g., corporate registry records, adverse media, and leak data ) into a single, strong intelligence foundation that provides a holistic view of direct and indirect risk exposure. Using a contextual 360-degree view of customers and non-customer counterparties, private and public institutions can then build and analyze the full network of relationships and the types of red flags and typologies highlighted by FinCEN and other international agencies.
With the right technology, this approach lets financial institutions understand direct and indirect network exposure to sanctions risk from onboarding to exit and will allow government agencies to better see the full picture.
By proactively addressing real risk and the resulting decrease in false positives and "noise" within transactions and accounts, teams can respond more quickly and mitigate exposure, since they’re no longer stuck in a cycle of reactive activity. Teams can also augment decision-making with the context and insight needed to visualize risk and make informed decisions.
To learn more about how to mitigate evolving terrorism financing and sanctions risks, visit here to see Quantexa's Financial Crime solutions.