Treasury Urges Banks to Catch Terrorism-Related Red Flags

The Treasury Department’s Financial Crimes Enforcement Network issued a new advisory this week to alert industry about the ways Iran-backed terrorist organizations are illegally circumventing or using the international financial system to raise, move and spend money. The advisory also includes a list of red flags to help banks and other financial institutions catch suspicious activity that may be linked to those groups.

FinCEN said Iran is increasingly looking to finance a range of terror groups, including Hezbollah, Hamas, Palestinian Islamic Jihad, the Yemen-based Houthis and militia groups in Iraq and Syria. Banks can alert Treasury about transactions that may be linked to those groups by filing suspicious activity reports with FinCEN and referencing the code “IRANTF-2024-A001” in those reports.

The 17-page advisory describes the ways Iran and the groups are able to generate revenue, including through “sham” charities, crowdfunding, taxing local populations and weapons trafficking. It also outlines how they channel those funds using overseas front companies and banks and describes a case study of a U.S. indictment involving businesses in China and Turkey that helped Iran evade sanctions.

FinCEN said banks should look out for a host of red flags when vetting transactions, including:

• A customer or customer's counterparty doing business with sanctioned entities or entities with similar email addresses, addresses or phone numbers to sanctioned entities.
• A note accompanying a “peer-to-peer transfer” that includes terms “known to be associated with terrorism or terrorist organizations.”
• A customer doing business with a money services company that operates in jurisdictions at high risk for terrorist activity and is “reasonably believed to have lax customer identification and verification processes.”
• A customer doing business that involves front companies, general “trading companies” with “unclear" business purposes, or other companies with opaque ownership structures or business addresses that are residential or co-located with other companies.
• A customer purporting to be a charitable organization but not appearing to provide any charitable services or openly supporting terrorist activity.
• A customer receiving “numerous” small convertible virtual currency payments from many wallets, then transferring the funds to another wallet, especially if those transfers are to a destination known for terrorist activity. Banks should also monitor for those transfers if they have “vague” stated business purposes, like “travel expenses,” “charity,” “aid” or “gifts.”
• A customer account receiving “large payouts” from social media or crowdfunding platforms and then accessed from an internet protocol address in a jurisdiction linked to terrorist activity, especially if those social media accounts support terror groups.
• A customer’s company in the U.S. or another third-country with its activities occurring “solely in” jurisdictions linked to terrorist activity and showing “no relationship to the company’s stated business purpose.”

Along with urging banks to file suspicious activity reports if they encounter these red flags, FinCEN also reminded banks, brokers and dealers that they must have “appropriate risk-based procedures” for conducting customer due diligence. That diligence should allow the bank, broker or dealer to understand “the nature and purpose of customer relationships for the purpose of developing a customer risk profile” and conduct “ongoing monitoring to identify and report suspicious transactions and, on a risk basis, to maintain and update customer information.”

The agency also said banks should share information with each other about suspicious transactions or customers. “FinCEN strongly encourages such voluntary information sharing as it relates to money laundering or possible terrorist financing,” it said.