Over the last two decades, there has been considerable focus in the international community on countering the financing of terrorism (CTF). Part of a global counter-terrorism strategy, CTF is meant to “disrupt the financial support network for terrorists and terrorist organisations” and “prevent and suppress the financing of terrorist acts.” These efforts have resulted in extensive regulatory regimes that impact companies globally, particularly and increasingly financial and communication technology companies.
Why CTF Matters for Tech Companies
Countering the financing of terrorism is a set of policies and activities aimed at reducing funds available to terrorist groups, cells, and individuals for organisational or operational activities. CTF activities have five objectives: detecting terrorist financing, denying terrorists access to funds, deterring terrorists from raising funds, disrupting financing activities, and destroying terrorist resources. CTF activities are meant to detect, deny, deter, disrupt, and destroy terrorists, their support networks, their ability to raise, use, move, store, manage, and obscure funds, and their organisational and operational activities and structures.
The CTF approach to counter-terrorism has changed dramatically over the last twenty years. Activities that were once largely contained within banks have now been applied throughout the financial sector and beyond. There are now seven separate (but often complimentary) approaches to CTF:
1. The criminalisation / policing of terrorist financing, which criminalises terrorist financing activities at the international and domestic level;
- In most jurisdictions, financing terrorist activities (such as attacks) is a criminal offence. This often includes the provision of financial services. Increasingly, financial services used by terrorists take place online, through things like digital marketplaces, financial technologies like PayPal, or cryptocurrencies, and are facilitated by communication technologies. Technology companies are increasingly finding themselves dealing with criminal activity on their platforms.
2. The intelligence approach, which creates and exploits financial intelligence and financial surveillance;
- Financial intelligence is any intelligence derived from financial information. This can include bank records, but also increasingly comes from other forms of financial activities that can include in-app purchases, transfer capabilities embedded in communications applications, and facilitation using social media. Even in cases where there is no native transfer capability in communication technologies, transfers are often arranged through these applications, meaning that these can be important sources of intelligence. Technology companies are already navigating the judicial process of warrants and requests for information, and this will only increase as terrorists and violent extremists continue to exploit these platforms.
3. The military approach, which conducts targeted strikes, prevents control of territory, and captures or kills key individuals;
- While the military approach generally interacts less with technology companies, particularly popular communication or financial technology ones, information obtained from these applications can facilitate the military approach to CTF. For instance, information derived from communication or financial applications can be used to identify targets for capture / kill missions. In CTF disruption activities, much of this involves capture missions, although some financial leaders have been targeted for kinetic strikes in order to degrade their organisational capabilities.
4. The financial exclusion approach, which creates international and domestic sanctions, asset forfeiture and seizure;
- This approach requires the implementation of domestic and international sanctions against listed or proscribed entities. This often includes a prohibition on the provision of financial services. Technology companies can find themselves required to implement these sanctions, as well as facilitate asset forfeiture and seizure. Increasingly, states are sanctioning a greater diversity of terrorist and extremist actors, including extreme-right actors. Technology companies might find themselves having to implement some of these sanctions and proscribe the provision of financial services to some of these entities, and navigate a patchwork of proscriptions across jurisdictions.
5. The private sector / regulatory risk approach, which downloads responsibilities for CTF to the private sector and requires mandatory reporting and participation in CTF regimes;
- Technology companies need to think about compliance with their regimes by design, not as an after-thought. As companies increasingly integrate payment options into their platforms, states are also increasingly interested in regulating these activities. The recent case of Canada regulating crowdfunding companies illustrates that even established technologies can face scrutiny and new regulations.
6. The technical assistance approach, which draws on the above practices and seeks to increase the capacity of states to implement these other approaches; and
- Technology companies and their tools are increasingly being exported to countries for use and to assist in CTF. Technology companies should be concerned about the unintended consequences of the use of their technologies. For instance, some states have used CTF as a means to crack down on dissent – increasingly, China is using technology for financial surveillance of its citizens and dissidents.
7. The civil law approach, which uses civil lawsuits to restrict terrorist actors’ access to funds and degrade their future capabilities.
- As states expand their civil law approach to CTF, technology companies might increasingly find themselves either embroiled in or subject to legal proceedings if terrorists use their platforms for communications or financing. In some cases, they could be the subject of these lawsuits for allowing fundraising or financial facilitation on their platforms.
Understanding How Terrorists Finance Their Activities Helps Anticipate Regulatory Risks
Technology companies need to better understand both how terrorists finance their activities and the CTF approaches, and where vulnerabilities and risks lie. Increasingly, terrorists are adopting new technologies to finance their activities, coordinate their plans, and support their organisations. This is also true in the extremist financing space. As terrorists continue to adopt these technologies, companies will increasingly be called on to address some of the inherent risks in the technologies they have developed, prevent terrorist financing using their technologies, and adopt better compliance and risk reduction by design. Companies can only do that if they understand how terrorists might abuse their technologies, and how the international community is likely to respond to these risks. And these risks go well beyond traditional financial technology companies; they now have implications for any service that is or could be used by terrorists or extremists to finance their activities and spread their propaganda.