The current AML/CFT frameworks that exist to combat the financing of terrorism are based largely on an anti-money laundering and arrangement introduced in the 1980’s. Those frameworks have been amended and expanded following various amendments to the Financial Action Task Force recommendations and subsequent implementation by national governments.
AML/CFT frameworks adopt a risk based approach to the detection, reporting and prevention of money laundering and terrorism financing. This risk based approach shifts responsibility from AML/CFT regulators to reporting entities. It is a significant change from the previous framework with reporting entities now required to do more than just comply with relevant AML/CFT legislation. The shift was a necessary adjustment because a focus by reporting entities on compliance and reporting alone did not necessarily identify and manage money laundering and terrorism financing risks.
The adoption of a risk based approach means that the level of understanding by reporting entities of the sources of terrorist financing in particular sources of funding derived from criminal activities is more onerous under the AML/CFT framework than under the previous compliance focused regulatory regimes. However, as will be identified later, there is a question as to whether reporting entities and for that matter by extension Financial Intelligence Units and law enforcement agencies understand the nature of the risk posed by the use by terrorists and foreign fighters of the proceeds of fraud.
Putting aside minor variations to various report titles, the AML/CFT reporting framework in most countries comprises:
- Threshold Reports,
- Cross Border Currency Reports, and
- Suspicious Transaction Report/Suspicious Matter Reports (STR/SMR).
Other than a Suspicious Matter Report all report types are mandatory when certain conditions are satisfied. While acknowledging that all of the AML/CFT reports are important, a criminal investigation including a terrorism investigation are more likely to be triggered when an STR/SMR is filed with an FIU. This is due to the greater emphasis placed by law enforcement, revenue and intelligence agencies on “suspicions” communicated by reporting entities in particular by financial institutions.
AML/CFT reporting frameworks were established during an era when the risk of terror attack particularly a home grown terrorist attack was low. They have not kept pace with recent international and domestic developments in terrorism or with developments in payment technology. None of the reports are filed in real time by the reporting entities and FIU’s do not have access to any real time transactions. As a consequence an FIU, police and intelligence agencies are not able to monitor and track in real time the movements and activities of a terror suspect using the financial foot print he or she leaves behind. This is a major weakness in an AML/CFT framework.
Reporting of Suspicious Matters
The reporting of a suspicious matter report by a reporting entity requires the raising or forming of the requisite suspicion by that entity. If no suspicion is raised in relation to any matter arising from the provision or delivery of a service by that reporting entity then no STR/SMR is raised and sent to an FIU.
The forming of the suspicion by the reporting entity is subjective. An STR/SMR only becomes a mandatory report when the level of suspicion in relation to the issues contained in relevant AML/CFT legislation is reached.
What one reporting entity might regard as suspicious and therefore warrants being reported to an FIU, another reporting entity assessing similar information might not. The time for reporting a suspicious transaction does not arise until the reporting entity forms the relevant suspicion. In the case of an organisation this means when a responsible officer of the organisation forms the suspicion. For example, if a bank teller thinks that a transaction is suspicious and reports it to the relevant Money Laundering Reporting Officer (MLRO) the bank time to report the transaction does not commence to run until the MLRO officer forms the suspicion. There could be some delay in the identification of the behaviour by a front line officer and the reporting of that information to an FIU by the MLRO in the financial institution.
If the MLRO does not agree with the suspicions raised by the officer who initially reported the behaviour then no suspicion is grounded and no STR/SMR is sent to the FIU. The process is very subjective and when left to staff with little or no training or experience with investigating crime, particularly terrorism then the effectiveness of the system is brought into question.
And this is where a problem can arise from the perspective of law enforcement and intelligence agencies. Information held by a reporting entity might not be suspicious when that organisation views it in isolation. But if that information was combined with information filed by another reporting entity or with intelligence held by a law enforcement/intelligence agency it might form a strong suspicion or a higher level of proof that results in the generation of an active investigation into the reported activity. But if no information is reported then nothing will happen. An important piece of information could be lost which in relation to terrorism might have potential tragic consequences for our community.
Credit Card Fraud & Terrorism
In relation to the reporting of suspicious matters, the main area of concern is the reporting of suspicious activity relating to terrorism and terrorist financing. By extension this includes the reporting of information that potentially relates to foreign fighters recruited to engage in terrorist activities abroad primarily in Syria, Iraq and Somalia.
The commission of credit card fraud is a crime type that is misunderstood when it comes to the financing of terrorism. Without any nexus to terrorism it is often only treated as a local crime problem to be solved by police. And credit card fraud would only be considered a terrorist financing matter if the fraud was connected to terrorist activity or someone engaged or suspected of terrorist activity. Or alternatively, the credit card fraud is reported as being suspicious and that suspicion relates to terrorism financing. From the perspective of terrorist financing, the risk posed by credit card fraud is the least understood risk by reporting entities, FIU’s and police agencies. It is difficult for financial institutions to assess and manage the risk because often they manage financial crime risks in separate crime silos.
The problem that confronts a reporting entity (usually a financial institution) in relation to credit card fraud is establishing the requisite reasonable suspicion that the funds derived from credit card fraud relate to the financing of terrorism. Financial crime and engaging in terrorist activity are clandestine activities which are planned and executed to prevent the identification and investigation of those involved in the crime. Often the nexus between criminal activity and terrorism is not obvious to bank staff charged with identifying such activity. That issue is compounded by the lack of experience and training by staff of terrorist funding. It is also not always obvious to police investigators involved in the investigation of the offences.
From engagement with employees and managers in the AML/CFT environment it has become apparent that financial institutions do not or have not, either on every occasion or on many occasions submitted to an FIU, STR/SMR’s detailing credit card fraud activity where no person has been identified as the suspect involved in the crime. It is also not always certain that credit card fraud involving known offenders is reported to an FIU via the STR/SMR process as those fraud incidents are usually dealt with by the bank or not dealt with at all as the amounts involved are below the acceptable “risk appetite” of the bank.
The identification and investigation of offenders is a function of the police. Generally it is usually not the responsibility of an FIU. While the responsibility of a reporting entity is to detect, report and monitor. Police and intelligence agencies will use a range of sources including STR/SMR’s submitted by other reporting entities to identify those involved in the crime and the intended use of the funds. But those actions and powers used by law enforcement agencies are only “triggered” by the receipt of financial intelligence such as an STR/SMR from a financial institution.
If that situation outlined above is occurring, then it is of serious concern from a terrorism financing perspective. Credit card fraud is a major source of funding for groups planning a terrorist act. The following examples highlight the issue:
- The convicted ‘‘Millennium bomber,’’ Ahmed Ressam, who took part in a plotted attack on Los Angeles International Airport, opened a store in Montreal, Canada, where he obtained credit card information and passed it on to Al-Qaeda associates.
- The 1998 US Embassy bombings in Africa and the first World Trade Centre bombing in 1993 were funded by criminal activities which included credit card fraud.
- An al-Qaeda cell in Milan, Italy stole credit card information that was remitted to a Frankfurt cell to procure chemicals for explosives.
- Algerian Armed Islamic Group (GIA) cells in Europe provided the bulk of the organization’s funds through petty theft and credit card fraud.
- The Salafist Group for Prayer and Combat (GSPC) based in Algeria and highly active in Western Europe (particularly in France) have also been involved in a range of crimes such as car theft, credit card fraud and document forgery.
- In 2005 a Melbourne based terrorist group engaged in systematic credit card fraud involving payment to taxi drivers to provide them with the credit card numbers of unsuspecting taxi passengers.
- In the UK two Liberation Tigers of Tamil Eelam (LTTE) members were arrested for obtaining credit and debit card information at over 200 petrol stations that used pumps through the use of skimming machines.
- Ali Al Marri was arrested in Illinois in December 2001 for having lied to FBI Agents about having contact with facilitators of the 9/11 terrorist attack. At the time of his arrest, Al Marri had 36 credit card numbers and account information in his possession. A subsequent search of his computer found he had compiled over 1,000 credit card numbers and other identifying information.
- Mohammed Belaziz, a Salafist, was arrested on 25 September 2001 in Spain. Inquiries revealed that Belaziz and other members of his cell had been financing their operations through credit card fraud.
- The terrorists who bombed the trains in Madrid in March 2004 supported themselves through drug trafficking while another Al Qaeda cell in Spain supported itself over an extended period of time through credit card fraud.
- The Liberation Tigers of Tamil Eelam (LTTE) who established cells in as many as 38 countries in Europe, North America, the Middle East and Australia funded operations through extortion, narcotics trafficking, credit card fraud, social security fraud, counterfeit currency, piracy, people smuggling, and gun running. Special cells operating within the LTTE focused on each criminal activity.
- Imran Samudra admitted prior to his execution for his role in the Bali nightclub bombings in 2002 that together with another JI member he encouraged jihadists to engage in hacking and online credit card fraud and money laundering.
- Younis Tsouli a British citizen and his partner, Tariq al-Daour, began acquiring stolen credit card numbers on the web, purchasing them through various online forums, such as Cardplanet. When Tsouli and al-Daour were arrested, al-Daour had accumulated 37,000 stolen credit card numbers on his computer, which they had used to make more than $3.5 million in charges. Tsouli used 72 credit cards to register 180 websites, hosted by 95 different companies which were used to launder the proceeds of the credit card fraud.
The examples above demonstrate that credit card fraud is an important source of revenue for terrorist groups or terrorist supporters. But from a terrorist financing perspective it is one of the most difficult financial crimes to detect and to investigate. And as discussed above it is extremely difficult to draw the nexus between the funding and its intended purpose namely financing terrorism.
However, the investigation by law enforcement agencies into the source of terrorist funding is frustrated if they do not know where to look. Important leads are often identified via suspicious matter reports lodged by reporting entities. And if reporting entities such as financial institutions do not submit STR/SMR’s reporting the commission of financial crime, law enforcement agencies are blind as to the activity. Whether an offender is identified by the reporting entity or not is totally irrelevant. Consequently all instances of credit card fraud should be reported in real time to an FIU whether or not an offender is identified.
Real Time Reporting
Under the current AML/CFT reporting frameworks operating in the world none of the reports submitted by reporting entities are received by an FIU in real time. Consequently the information received by intelligence and law enforcement agencies is dated. At best the transactions or events reported occurred at least 24 hours previously but in most cases several days previously, particularly where the responsible officer is assessing the information. When it comes to preventing terrorist acts this time delay could have fatal consequences.
Credit card transactions are monitored by financial institutions in real time. Often those organisations review transactions independently but when patterns of fraud develop the major financial institutions consult with each other and exchange intelligence on the activity leading to the identification of suspects and prevention of loss and on occasions to the apprehension of offenders. If suspected terrorists or foreign fighters are using credit cards anywhere in the world they or the person using the card can be tracked live.
The same technology could be applied to the use of debit cards and to the identification of any device (computer, laptop, smart phone) used to access bank services and any IP address associated with it. This live examination of financial data, IP addresses and hardware is very useful in combating fraud and in terrorist financing cases would be an extremely valuable tool.
Application of the technology by intelligence and law enforcement agencies would enable suspects to be tracked live with connections being made between people, places and transactions in real time. This information is probably more effective than current intelligence that is sent to an FIU via the existing AML/CFT reporting frameworks which is often several days late.
Reporting Credit Card Fraud
It appears that the involvement of terrorists in credit card fraud only becomes apparent after they have achieved their intended purpose which often results in their death and the death of innocent people. That is clearly not an acceptable outcome. And as referred to earlier unless a nexus between the terrorist or terrorist group and the credit card fraud is made, no STR/SMR alerting the authorities to the issue will be filed by the relevant reporting entity. Given the covert nature of terrorist financing and the difficulty of establishing the connection between credit card fraud and terrorist activity, in particular acts of preparation relating to a future terrorist attack, it might be prudent to report all fraudulent credit card activity to an FIU.
The issue for consideration is determining the best way to communicate information to the intelligence and law enforcement community about credit card fraud to determine if it might relate to terrorist financing? There are possibly two solutions to the problem.
The first approach would involve financial institutions sending to an FIU reports of all credit card fraud activity involving both identified suspects and no known offenders. There are however, two significant issues with this approach:
- The FIU would be OVERWHELMED with information and would not have the capacity or capability to analyse it. The FIU would require assistance from Police and from people with experience in analysing credit card data to assess the material, and
- There is a risk that the information would be communicated using the current format and not be sent or processed in real time.
The second approach involves the development of a specialised team to be situated in an FIU Headquarters. The team would comprise specialists from the FIU, Police and each of the major banks. The seconded police would be specialists in terrorism investigations with access to all relevant databases holding information on all known terrorist suspects or persons who are suspected of being associated with or recruited to be foreign fighters. The bank officers would be specialists in credit card and bank fraud and have access to the databases of participating banks which detect and monitor credit card transactions and fraud. This approach has a number of advantages:
- Credit card transactions including credit card fraud would be communicated in real time to the team.
- Suspects identified by the bank would be passed to the police and cross matched against police and intelligence records to determine if they had come to notice as being suspected terrorists or foreign fighters. All information received would be stored in police databases for future reference.
- Where no offender is identified the credit card fraud activity would be matched against other activity known to have occurred involving suspected terrorists or foreign fighters. For example: mobile phone metadata of known suspects would be compared to credit card fraud transactions to identify potential connections between them (e.g. common locations and time of events).
- The FIU and police would provide the details of terror suspects and foreign fighters to the banks who would identify the credit card account details of those persons and continue to monitor their activity in real time. The transactions and data would be fed back to the FIU and police for analysis with other data. FIU and police would obtain the account data from the banks without the need to obtain a warrant or production order.
- The team would operate on a mutual benefit basis. Any information obtained by the FIU and police that identifies any person or group involved in credit card fraud that does not relate to terrorism would be communicated back to the banks to enable them to take appropriate action either alone or in conjunction with other police agencies.
Financial institution staff working with the FIU would be subject to the same security vetting processes undertaken by police and intelligence employees occupying similar positions of responsibility. With this approach the skills of bank employees in analysing credit card fraud and the information derived from their activities are combined with the expertise and information held by the FIU and law enforcement representatives. And the information being analysed is viewed in real time.
 Now known as the Organization of al-Qa’ida in the Land of the Islamic Maghreb.