This article originally appeared in the November/December 2022 issue of ABA Bank Compliance, by Danny McGlynn. Reproduced with permission. © 2022 The American Bankers Association. For further use, please visit http://www.bna.com/copyright-permission-request/.
Domestic terrorism is not a new threat in America, but in recent years we have seen a significant and horrific increase in violent attacks and activities carried out by individuals and groups motivated by a range of radical ideologies. In response to these troubling developments, our government has stepped up law enforcement, intelligence attention, and resources to combat these threats. Financial institutions can be vital to this effort, just as they played a critical role after 9/11 in helping to identify terrorists, map out their support networks, and enhance the effectiveness of targeted financial sanctions.
The Domestic Terrorism Landscape
U.S. authorities also refer to domestic terrorists as “domestic violent extremists,” or “DVEs,” as distinguishable from (1) “Homegrown Violent Extremists,” or “HVEs,” who operate with direction or inspiration from a foreign terrorist group or other foreign power, and (2) individuals engaged solely in activities theoretically protected by the First Amendment or other rights secured by the U.S. Constitution. The U.S. Intelligence Community categorizes DVEs into five areas, noting that some draw upon or are inspired by ideological themes found in other threat categories:
- Racially or Ethnically Motivated Violent Extremists
- Anti-Government/Anti-Authority Violent Extremists
- Animal Rights/Environmental Violent Extremists
- Abortion-Related Violent Extremists
- All Other Domestic Terrorism Threats
The two most lethal elements of today’s domestic terrorism threat are (1) racially or ethnically motivated violent extremists (RMVEs)—most notably those who advocate for the superiority of the white race, such as the Buffalo and El Paso shooters, and (2) anti-government or anti-authority violent extremists—most notably militia violent extremists (MVEs) such as members of the Oath Keepers militia who stormed the Capitol on January 6, 2021. According to the U.S. Intelligence Community, RMVEs are most likely to conduct mass-casualty attacks against civilians and MVEs will typically target law enforcement and government personnel and facilities.
Domestic Terrorist Financing
While domestic terrorist attacks are most often perpetrated by self-funded “lone-wolf” actors, DVEs use a variety of methods to raise, move, and spend funds. The most extensive and insightful information available on DVE financing is from the Financial Action Task Force (FATF), which published a report in June 2021 on Ethnically or Racially Motivated Terrorist Financing. The report was the outcome of a project undertaken by a team from 13 countries and seven international organizations. It was led by representatives from the United States and Germany, and drew from case studies and other input from over 30 jurisdictions. Its findings serve as a useful starting point for understanding domestic terrorist financing tactics and typologies, including the following seven categories of funding sources, four methods for the movement of funds, and four types of expenditures.
Sources of Funding
Self-financing—usually through employment income or savings—is a significant source of funds for DVEs, according to the 2022 National Terrorist Financing Risk Assessment from the U.S. Department of the Treasury (Treasury). The vast majority of RMVE attacks in recent history have been perpetrated by self-funded individuals, according to the FATF report. This presents a challenge for financial institutions because the transactional activity is unlikely to look different than the customer’s expected activity, based on risk profile.
2. Donations from Crowdfunding
Crowdfunding allows DVE groups to collect funds from individuals who share their ideology and are located beyond their local community or even country. In response to a FATF questionnaire, multiple jurisdictions highlighted crowdfunding as one of the common methods for RMVE groups to openly gather funding. This method is popular among such groups as they tend to engage in a high level of online activity through social media, forums, gaming chatrooms, and other internet platforms. Terrorist financing risks associated with crowdfunding have been publicly identified by FATF since 2015 and have recently drawn attention from national authorities as well as non-profit counter-DVE organizations, most notably in the wake of the January 6th attack on the U.S. Capitol.
3. Private Donations
DVE groups also commonly generate funds through private donations, in some cases based on direct contact between the donors and the recipient and in other cases by soliciting funding on their websites or social networks, including through private messengers with restricted access. According to the FATF report, solicitations normally contain the identifiers of a financial instrument (bank account, e-wallet, etc.) controlled by the actor or his associates, and increasing allow for use of virtual assets that enable the financier to maintain pseudonymity.
4. Membership Fees
Another common fundraising method for DVE groups is collecting membership fees. Unlike crowdfunding and donations, both of which are forms of voluntary support, fees collected from members are sometimes mandatory. According to the FATF report, some RMVE groups collect membership fees in cash or by using bank accounts held at local or regional financial institutions, and this funding source appears to be more common across sophisticated RMVE with a more formal organization structure.
5. Commercial Activities
Many DVE groups raise money through commercial activities such as merchandise sales, organized music festivals and other events, and real estate. In addition to providing income, these activities often facilitate the promotion of their ideology and help with recruitment and networking. A number of jurisdictions reported to FATF the sale of merchandise online and at live events—including clothing, books, mugs, and other goods, typically with extremist logos and symbols—to be an important source of income for RMVE groups. In Europe, music concerts and festivals have been particularly popular fundraising events for RMVE groups, and some DVEs have also generated income by renting real estate and by owning and managing restaurants and pubs.
6. Criminal Activities
Though most of the funding for DVE groups appears to come from ostensibly licit sources, DVEs have also used a variety of other illicit methods to generate revenue to fund their activities. According to Treasury’s 2022 National Terrorist Financing Risk Assessment, some DVEs have used theft, fraud, and drug trafficking to generate revenue.
7. Abuse of NPOs
Transnational terrorist organizations have long abused non-profit organizations (NPOs) as a cover to raise and move funds, recruit and radicalize personnel, and provide logistical and other support. While there is limited literature discussing the abuse of NPOs by DVEs, the risk of such activity is present especially given the presence of numerous private foundations that are ideologically aligned and otherwise affiliated with DVE groups. Although these foundations may not openly support violence, in some instances they could provide material or other support to DVE groups or indirect support to DVE recruitment by financing books or research that supports DVE ideology.
Movement of Funds
DVE groups have traditionally been less concerned with concealing their transactions than international terrorist groups, and in general have left a larger financial footprint in the formal financial system. In some cases, they have held accounts in their own names and referenced group names and symbolism in transactions. At the same time, there is an emerging trend across the DVE community suggesting they are becoming more skilled at disguising their financial activities. For example, some DVE groups structure their transactions to avoid reporting thresholds, likely in response to increased attention and scrutiny from law enforcement.
1. Financial Institutions
DVE groups and their leaders have used financial institutions (FIs) more frequently to store and move funds than transnational terrorists, likely because their activities have historically not been considered illegal. Some countries that provided input for the FATF report were able to identify transfers through FIs to and from RMVE group leaders based on the analysis of financial links between the groups. Others noted that sometimes individuals belonging to RMVE groups have used bank accounts of their family members instead of their own accounts to wire payments.
U.S. authorities also refer to domestic terrorists as “domestic violent extremists,” or “DVEs,” as distinguishable from (1) “Homegrown Violent Extremists,” or “HVEs,” who operate with direction or inspiration from a foreign terrorist group or other foreign power, and (2) individuals engaged solely in activities theoretically protected by the First Amendment or other rights secured by the U.S. Constitution.
2. Money Services Businesses
According to Treasury’s 2022 National Terrorist Financing Risk Assessment, DVEs have gravitated toward online Money Services Businesses (MSBs) and other payment platforms and services that facilitate electronic funds transfers (such as those described in the context of crowdsourcing described above). Given the growing number of transnational connections between RMVEs in the U.S. and abroad, transactions between such individuals and groups are likely to flow through MSBs given their dominance of the international remittance space.
Cash is one of the most dominant methods by which RMVE groups transfer funds, according to the FATF report. Whether a group raises funds via wire transfers or cash, a significant portion is typically withdrawn to be used as cash. There have been instances of DVEs using cash to purchase weapons, tactical gear, or other material to support planned attacks or paramilitary training being conducted in preparation for a violent act, according to the U.S. Treasury Department. While most of these individuals reportedly continue to use credit or debit cards or other electronic payment methods for purchases, some DVE networks believe that using cash allows for increased anonymity and reduces the chance of drawing law enforcement scrutiny.
4. Virtual Assets
U.S. authorities have identified several instances where DVE groups and their financial supporters solicited funds in virtual assets, usually through a social media platform or other internet-based crowdsource platform. According to FATF, as financial services companies have started to refuse to process payments on their websites linked to RMVE groups for violating terms of service on hate speech, some groups have moved to using virtual assets like Bitcoin to move funds, and some RMVE groups have used so called “privacy coins”—virtual assets that allow a user to maintain anonymity when making blockchain transactions.
Use of Funds
Similar to international terrorist groups, DVEs have been found to use funds for various activities, including:
- Support for attacks, including purchasing weapons and ammunition: Domestic terrorism attacks in recent years have generally followed the typical “lone actor” scenario with perpetrators using self-funding to buy firearms and ammunition using credit cards or cash.
- Propaganda, recruitment, and networking: Unlike individual actors, DVE groups spend money for propaganda, recruitment of new members, organizing events, and maintaining websites that support and promote their views. Some DVE groups also use funding to train members, including in shooting and martial arts.
- Real estate purchases: In recent years, DVE groups have increasingly invested funds to purchase real estate, according to FATF. Groups have used such properties to open businesses like restaurants and pubs, to host internal meetings, and to network and spread ideas.
- Training, purchases and acquisition of equipment: According to the Treasury Department, U.S. authorities have identified financial activity from some DVE groups like “The Base,” an antisemitic, white nationalist network that trains members in survivalism and paramilitary skills to prepare them to mount an armed resistance against the government. The Base may have sought to purchase property so they can facilitate paramilitary-style training, to include learning how to make improvised explosive devices, for members or other like-minded individuals.
The Role of Banks: What Compliance Should Focus on to Help
Financial institutions have an important role to play in countering the elevated threat of domestic terrorism. As proven in the years since 9/11, FIs are in the unique position to help the government with three key lines of effort:
- Finding terrorists;
- Mapping out organizational structures and support networks; and
- Enhancing the effectiveness and impact of targeted financial sanctions.
The U.S. government has formulated its counter DVE strategy with these factors in mind. There are several areas compliance officers can focus on now and actions they can take in the short term to begin helping our nation address the issue of domestic violent extremism. However, it can be a difficult challenge since many of the transactions involved do not stand out from normal, everyday transactions of the average customer.
1. Screen for DVEs Designated by the U.S.
In 2020, the State Department designated the Russian Imperial Movement (RIM) and three of its leaders as “Specially Designated Global Terrorists” (SDGTs), the first time in history the U.S. government has designated a white supremacist terrorist group. The Treasury Department followed suit in mid-2022 by designating two RIM members, one who has raised money for the group online and the other who has travelled to the U.S. to establish connections between RIM and other far-right extremist and white nationalist groups.
Most compliance teams are familiar with this drill and have implemented sanctions-related policies and procedures for screening customers and transactions and as appropriate escalating, blocking, and reporting on RIM-related designation targets. Compliance should anticipate the rollout of additional DVE-related designations as the Biden administration is under pressure from Congress and counter-extremism advocacy groups to do more, and the State and Treasury Departments have sent strong public messages that they intend to do more in this area.
The challenge here is that current U.S. law does not provide for sanctions against domestic terrorists. However, that may change as Congress focuses on some of the threats presented, particularly after the attacks on the Capitol on January 6, 2021.
2. Screen for DVEs Designated by Non-U.S. Authorities.
U.S. persons are protected by the First Amendment or other rights secured by the U.S. Constitution. Therefore, U.S. authorities are significantly more limited in their ability to impose sanctions or other legal measures against persons associated with DVEs than with foreign terrorist organizations. However, nine DVE groups located in or with ties to America have been designated and sanctioned by other jurisdictions, including Canada, U.K., Germany, Australia, and New Zealand. These include:
- Aryan Strikeforce
- Atomwaffen Division
- Blood and Honour
- Combat 18
- Feuerkrieg Division
- Proud Boys
- Sonnenkrieg Division
- The Base
- Three Percenters
As a best practice, these groups should be included in negative news screening to identify potentially suspicious actors involved in DVE. While banks are not required under U.S. law to block property and prohibit transactions in which these entities have an interest, information related to such groups could be valuable financial intelligence for U.S. authorities for the reasons described above. And, banks have been increasingly willing to terminate account relationships with some of these organizations as incompatible with the bank’s terms of service agreements.
3. Become a Counter Violent Extremism Analyst.
Compliance officers who are serious about their role in countering domestic terrorism should make an effort to learn about DVE groups and sharpen their open-source research and analytical skills, including by incorporating social media research and specialized online DVE tools and resources into their investigations. They should apply their knowledge and skills in a broad way, and when the opportunity arises, identify and produce high-quality leads and reports useful to national security analysts and agents. Tactical actions that can be taken in this regard include the following:
- Develop an appropriate risk assessment about the potential for domestic terrorism based on the bank’s unique profile.
- Become familiar with designated DVE groups and leaders by reading U.S. and foreign government press releases announcing the designations. Also review profiles about the designation targets written by think tanks, NGOs, international organizations, and investigative journalists. Pay particular attention to information about their location, fundraising, and other activities that may relate to your institution’s business profile. Conduct additional screening, as appropriate, based on the research, and report any findings to the U.S. government.
- Get trained on open source (publicly available) data exploitation, social media and dark-web research, and sanctions evasion techniques and typologies to better conduct enhanced due diligence and other targeted investigations.
- When domestic terrorist attacks and incidents occur, proactively search names of the perpetrators/suspects and known associates across customers and transaction holding (and add to filters for future customers/transactions), and share findings with the U.S. government.
- Search names of known non-designated violent extremist groups leaders across customers and transaction holdings (and add to filters for future customers/transactions), and share findings with the U.S. government.
4. Focus on Enhancing Private–Public Sector Partnerships
The U.S. Strategy for Countering Domestic Terrorism places an emphasis on public-private sector partnerships, especially with the financial sector. Compliance officers should actively participate in such fora and get to know key federal, state, and local law enforcement officials (as well as other private sector compliance professionals) involved in countering violent extremism. They can bring additional value to such partnerships by proactively filing high-quality suspicious activity reports (SARs) and by being prepared, thorough, and responsive to requests from law enforcement. Three primary approaches for doing this are:
- Direct outreach from the FBI and other law enforcement agencies: The Federal Bureau of Investigation (FBI) has the lead for U.S. counterterrorism investigations, including those involving DVEs. Requests from FBI can be particularly critical and time-sensitive. To best assist with these questions FIs must:
- Know their customers by their real names and possess other essential identifying information;
- Have the ability to access this information in a timely fashion; and
- Quickly provide this information to the government in a format in which it can be effectively used.
- FinCEN’s 314(a) program: Pursuant to Section 314(a) of the USA PATRIOT Act of 2001, FinCEN provides a unique service to law enforcement to help locate financial assets and recent transactions by subjects of criminal investigations. In practice, this process enables law enforcement to find out if an individual of interest has accounts or has conducted transactions in any one of thousands of financial institutions across the country. It saves an investigator hundreds of hours that would have otherwise been spent on a bank-by-bank inquiry.
- SAR Review Teams: SAR Review Teams bring together federal, state, and local law enforcement officials, prosecutors, and regulators from across a jurisdiction to proactively seek out criminal activity suggested in SAR narratives and engage in enhanced collaboration and information-sharing with financial institutions. There are SAR Review Teams in well over 100 locations throughout the country, and many meet regularly with bank compliance officers to discuss priority illicit financing issues.
5. Build Domestic Terrorism Typologies and Red Flags into AML Risk Management Program
In mid-2021, FinCEN identified domestic terrorism as one of eight AML/CFT national priorities. Compliance officers should be on the lookout for regulations and guidance from FinCEN that will specify how FIs should incorporate domestic terrorism (and the other priorities) into their risk-based AML programs. Until then, one resource that provides some guidance worth considering is the 2021 U.S. Violent Extremist Mobilization Indicators booklet. The resource provides a catalog of observable behaviors that could signal whether individuals or groups are pursuing ideologically motivated violent extremist activities. The following indicators drawn from that publication could serve as financial typologies, methodologies, and red flags for FIs to consider:
- Outside pattern of life activities such as “out of the blue” firearm or ammunition purchases. This could be a new behavior entirely or a significantly larger quantity than normal.
- Surprise travel or one-way tickets if not consistent with previous pattern of life activities.
- Sending or receiving unexpected dollar amounts to or from parties not seen in previous transactions for unexplained purposes.
- Purchase indicating concealment tactics such as vendors that sell burner phones.
- Transactions to or from designated or otherwise known DVE groups or leaders, or such persons referenced in the text field of a check or wire transfer.
Additional background and social media research on suspicious parties is highly encouraged by law enforcement, and any findings of interest should be detailed in SAR narratives. Information of particular interest includes social media posts advocating or supporting violence or providing indications about the structure or hierarchy of an organization.
Domestic terrorism is a threat to the U.S. financial system, and it is important for all compliance professionals to understand the risks. Compliance must ensure governmental priorities are incorporated into their financial institutions’ risk-based (AML) programs.