On 8 July 2025, the Financial Action Task Force (FATF) – the global standard setter for countering the financing of terrorism (CFT) – published “the most extensive global assessment of terrorist financing risks to date”, drawing on contributions from over 80 jurisdictions in the FATF’s global network for the first time in 10 years. Given the increasing importance of new technologies in the financial tradecraft of terrorist groups, the review dedicates substantial focus to these risks and vulnerabilities, including in relation to mobile money, cryptocurrencies, and social media. This Insight introduces the FATF and explains its authoritative role in shaping CFT tools and measures, including why what it says really matters for practitioners, policymakers, researchers, and others concerned with terrorism financing (TF).
The FATF, Illicit Finance, and CFT
Just days after the 9/11 attacks, both the UN Security Council and the FATF set to work rectifying how Al Qaida had managed to exploit the global financial system to bankroll such a monumental act of terror, turbocharging a policy agenda initiated by the 1999 Convention for the Suppression of the Financing of Terrorism, which had rather embarrassingly been ratified by only four states prior to 9/11. While the Security Council passed resolutions establishing new bodies like the Counter-Terrorism Committee and its Executive Directorate, and imposed targeted financial sanctions on Al Qaida figures, the FATF convened an emergency meeting to devise new international standards for CFT, largely adapting existing anti-money laundering (AML) measures to this novel type of “illicit finance”. This two-headed global framework (see Figure 1) was built within a matter of weeks and has remained largely intact for a quarter of a century.
Figure 1: A Venn diagram illustrating the twin hosts of the countering the financing of terrorism (CFT) policy agenda (Source: author’s own, reproduced with permission only).
The FATF’s most unique value-add to the global CFT project is its process of mutual evaluations, whereby FATF member countries peer-review each other’s implementation of the standards. Receiving poor grades on a mutual evaluation risks a jurisdiction being included on the FATF’s “grey list”, which carries real economic consequences and thus acts as a powerful inducement for states to pass the FATF test. For this capacity to force fairly drastic behaviour change on the part of states, the FATF has earned the reputation of being “the most important organisation most people have never heard of”.
As part of its mandate, the FATF is looked up to as a global authority for identifying and analysing evolving TF threats as a means of crafting appropriate responses. To this point, the Introduction of the updated threat assessment warns against “legal and enforcement responses that are based on assumed rather than evidence-based TF risks” as they are often “ineffective, unnecessary, and disproportionate, and risk violating international law, including international human rights law.”
This sets a clear expectation on the part of the FATF that when it comes time for a jurisdiction’s CFT system to be audited, it must be able to illustrate how CFT measures speak to discerned, evidenced and jurisdictionally relevant TF risks.
Looking specifically at the area of new and emerging technologies within this latest threat update, a longstanding focal point for both heads of the CFT regime, four core principles emerge that should steer CFT policymakers in understanding, and steeling themselves against, TF as it happens in 2025.
Principle 1: “Who’s in Charge Here?”
The FATF’s assessment accurately highlights a challenge of responsibility within modern digital payment systems. As different payment service providers (PSPs) are layered on top of one another to deliver the rapid payments infrastructure customers have become accustomed to, responsibility for identifying, reporting, and/or blocking suspected TF is diffused. Many non-bank PSPs, including FinTech companies of varying degrees of notoriety, have been incorporated into the CFT regime only recently and have unevenly prioritised compliance and due diligence among competing commercial priorities, such as solvency. In this intricate ecosystem, it is unclear who bears ultimate responsibility for CFT, and an incentive to “pass-the-buck” down the line of providers is created. In the meantime, as argued by Dr Hans-Jakob Schindler of the Counter-Extremism Project, useful data remains dispersed across platforms, service providers, and the financial industry, and faces impediments from data protection laws to being pooled for CFT purposes.
Further related complications emerge with the integration of financial products and services into telecommunications and social media. Inconsistent registration of Subscriber Identity Module (SIM) cards across jurisdictions exacerbates a worrying nexus between TF and telecommunications, particularly where the TF risks of mobile money are concerned. Mobile money firms with limited awareness of TF risks – and whose applications run on unregistered SIM cards – operate in a CFT blind spot whereby transactions may be made anonymously. Likewise, integration of payment services into social media and messaging applications offers regulation-free or light opportunities for funds transfer, and frequently obfuscates the true origins of funds once they leave the platform and arrive at CFT-obliged entities, such as banks.
While this is not new, there is certainly an appetite for innovative solutions which do not depend on expanding CFT regulation to cover all members of the PSP ecosystem, including social media companies, which are unlikely to ever subject themselves to the full gamut of CFT obligations voluntarily. In their report, the FATF has settled on asking for enhanced outreach to social media firms to press for expanded voluntary measures such as self-regulation and content moderation specific to TF. Yet, it remains unclear what incentives could be presented to unregulated entities used in complex TF methods to spur such voluntary action that must, as reflected by this report, go much further and deeper than present efforts.
Principle 2: Financial Facilitators
Financial facilitators of terrorism – typically individuals providing sophisticated financial management at an arm’s length away from the nastier, deadly side of terrorism – have been presented with bountiful new opportunities thanks to rapid developments in financial (and non-financial) technologies. Making use of financial facilitators means that financial institutions only engage with loosely affiliated individuals, many of whom may have no genuine ideological affinity with the terrorist entity they are supporting that day. FATF gives the example of third parties purchasing large quantities of pre-paid debit cards for terrorist purposes, using their relatively clean profiles to pass customer due diligence checks. Indirectly, the increasing youth of lone-actor or self-activating terrorists in Europe and Southeast Asia makes their parents into de facto financial facilitators, given the former’s financial dependence on the latter, which obscures the origin of funds and complicates “legal attribution and enforcement actions” (p.32).
As reflected in past studies on the uptake of new technologies by terrorist financiers, FATF ascribes the rising use of virtual assets in TF tradecraft to their popularisation among the public. By implication, this would mean that the pool of potential financial facilitators, based on capability alone, has already grown. Taken together, the FATF paints a picture of current and future TF schemes making greater use of technologically adept financial facilitators. This includes many with the capacity to use shell companies, which have long been the gold standard of professional money-laundering approaches, to further obfuscate their identities and the flow of funds.
Principle 3: Fundraising Integrated into Radicalisation
One of the most notable contributions the FATF report makes to our understanding of technology-enabled TF is the increasing proximity of online terrorist propaganda campaigns with online fundraising campaigns. Propaganda, as both an expenditure and a revenue-generator for large, networked terrorist organisations, aims to support the radicalisation of new recruits and amplify the consequences of successful violent attacks. But its role in fundraising appears to be changing. For example, Islamic State-Khorasan Province (ISKP) has long prioritised creating and disseminating propaganda in cooperation with the Al-Azaim media group, including stand-alone calls for existing supporters to donate in privacy coins such as Monero. FATF cites other studies referencing incidents from as far back as 2017, where Islamist and far-right groups monetise their online propaganda by holding premium accounts on social media platforms, enabling them to profit from advertisements running on their content.
However, contemporary propaganda vehicles such as live-streamed videos have brought the twin aims of radicalisation and fundraising closer together. Academics like Megan Squire show how in-platform tokens and integrated payments within video streaming services allow content consumers to support streamers with instant donations made in the course of a livestream video event. Such functionality enables content creators to capture in-the-moment sentiments such as outrage or passion, perhaps solicited through deliberate social engineering or narrative construction around events in Gaza or within Islamic State detainee camps in Syria, and convert this into immediate financial support. By further closing the gap between consumption of propaganda and the act of donating, terrorist propagandists compel new and established adherents to make donations as a means of operationalising their commitment to the ideology being espoused.
Principle 4: New Technology Autonomy
Across the threat assessment, the FATF, perhaps unintentionally, underscore the potential incompatibility of a state-based CFT regime with internet-enabled TF threats. These threats not only span borders, but are inherently decentralised and exist independent of entities (states, companies, individuals) that could be held accountable for CFT obligations. Virtual assets, for example, are accurately described in the report as a mere tech-upgrade of long-established modes of “informal” (ie. non-bank) value transfer such as hawala, the decentralised nature of which has thwarted many a CFT investigator. Virtual asset service providers that have thus far skirted subjectification to CFT regulation by governments (both in cooperative as well as uncooperative jurisdictions) represent a gaping hole in collective global defences. Many operating on the margins will never succumb to regulation. As a multilateral body of states, the FATF itself faces inherent limitations in setting standards to counter TF occurring largely beyond the reach of states.
Conclusion: Future Trends, Implicit Recommendations
Among all the future TF trends FATF posits in their threat update, two stand out for having particular relevance to tech companies and the technology and extremism research community.
The FATF predicts a further intensification of fundraising integrated with terrorist propaganda in various formats, from the live-streaming methods mentioned above to the insertion of online crowdfunding calls into encrypted chat, a tactic already being employed by ISKP in its Russian-language communications with Central Asian communities. This challenges the status quo of content moderation by social media platforms and necessitates a more robust (ie. non-takedown) response to content that solicits funds. Instead, serious thought must be given to how details of such campaigns, including listed cryptocurrency addresses, could be swiftly passed on to national financial intelligence units, the FATF-mandated body responsible for collecting and analysing financial information for use in law enforcement investigations.
FATF expects TF tradecraft to diversify across still emerging online ecosystems like the Metaverse, where bespoke virtual assets could be minted for terrorist value transfer. However, we can expect the established pattern of terrorist adoption of new technologies to continue to apply, whereby uptake for TF will be commensurate with uptake in society overall. While concern over TF through non-fungible tokens (NFTs) has now been largely debunked, the popularisation of cryptocurrency appears to be matched with a deeper integration of the technology into the financial tradecraft of many terrorist groups. Prioritising operational efforts on a TF threat that has yet to mature into a real and present danger would therefore see law enforcement agencies chasing a phantom threat while ignoring the wide range of TF vectors that are known to generate substantial sums for terrorists today.
This is not to say there is no value in future-proofing the CFT regime against nascent threats. Instead, researchers and practitioners should focus their efforts on understanding and securing, respectively, the off-ramps of virtual assets, both present and future, into fiat currency and cash, which are squarely in the purview of states and banks with the obligation and ability to apply CFT measures. Regardless of what kind of virtual asset wins out in the end to become the next “big thing” in TF, off-ramps would seem to remain a baseline requirement for terrorist groups seeking to use their funds to prepare attacks in the real world.
At 132 pages, this threat update will undoubtedly shape the global CFT regime for years to come, whether it’s by informing national risk assessments from Fiji to Finland, or setting operational priorities for national or international law enforcement agencies. By posing as many questions as it tries to answer, the document offers CFT researchers a generous “hook” on which to hang various new research agendas pertaining to the impacts of new technologies on terrorism financing.
—
Stephen Reimer is an internationally recognised expert on the money flows that fuel terrorism and extremism. His recent research explores terrorism financing using new technologies, terrorist financial facilitation networks, and terrorism financing abuse in the not-for-profit sector. Stephen also works on the unintended impacts of the Financial Action Task Force on human rights and supports advocacy and research efforts worldwide on misuse of its standards as a tool for eroding democracy. He is an Associate Fellow and former Senior Research Fellow at the Royal United Services Institute’s Centre for Finance & Security, and an affiliate expert with the EU Global Facility on AML/CFT. Stephen is also an Adjunct Professor at the SciencesPo Paris School of International Affairs, where he lectures on financial intelligence and security.
—
Are you a tech company interested in strengthening your capacity to counter terrorist and violent extremist activity online? Apply for GIFCT membership to join over 30 other tech platforms working together to prevent terrorists and violent extremists from exploiting online platforms by leveraging technology, expertise, and cross-sector partnerships.