Money laundering and terrorism funding both have devastating effects. While acts of terrorism are more noticed because of their highly public nature, Money laundering is no less of a threat. In fact, concentrated efforts to combat money laundering were pursued long before terrorist activities grew to the point where Counter Terrorism Funding (CTF) was added to formal Anti–Money Laundering (AML) efforts.
To completely stop money laundering and terrorism funding is beyond our ability. For each action regulators and prevention specialists develop, criminals adopt new ways around it. An ongoing game of cat-and-mouse ensues, with each side constantly testing new ways to defeat the other.
One thing remains unchanged in this ongoing war, though. No matter what innovative techniques criminals adopt, their efforts rely on a three-stage process, each stage of which offers vulnerabilities that the criminals can often hide, but cannot complete erase.
The three stages in money laundering
The money laundering and terrorism funding processes consist of three distinct stages. The first is Placement, in which illicit funds are placed in financial institutions to start the process.
The second is Layering. This stage sends those funds through a dizzying cycle of financial transactions designed to obscure the illegal source of the funds and make them look legitimate.
Finally, the third is Integration. This stage sends funds back to the perpetrators of the original crimes, now with paper trails that make those funds look like revenues from legitimate business transactions. Or, in terrorism funding, it sends funds to terrorist operatives who will use the funds to commit their crimes.
Traditional money laundering
In traditional money laundering, some person or group engaged in criminal activity tries to make their illicit revenue look legitimate. Such revenues inevitably are too large to simply deposit in a bank without arousing unwanted suspicion from law enforcement.
To get around this, they divide their funds into smaller amounts. Multiple deposits are less likely to draw attention, especially since money launderers typically make their deposit in multiple financial institutions, using multiple names. They might place these initial deposits in multiple countries, as well, smuggling cash across borders to take advantage of separate regulatory systems that may not cooperate with each other fully.
Money launderers’ chief vulnerability in the placement stage is the amount of money they need to place. The larger the revenues, the more difficult it is to place them without detection. They cannot afford to place deposits that exceed regulatory thresholds. Crossing those thresholds triggers immediate reports to regulators, which can bring attention from law enforcement.
Breaking revenues into small enough individual deposits to avoid reporting thresholds requires a massive number of deposits. With banks’ detection teams scrutinizing every account application for ties to known money launderers and monitoring every existing account’s activity for transactions that don’t fit the known activity pattern of the account owner, placing such large numbers of deposits leaves money launders vulnerable here, too.
Once placement is complete, the process of layering begins with all revenues that avoided detection. In this stage, money launderers divide funds in each account further, transferring each fragment to different institutions, mixing it with transferred fragments from other accounts to further obscure the original source. This layering moves differing amounts of money through multiple banks and multiple countries, to create a paper trail that money launderers hope will be impenetrable to investigators.
Criminals particularly favor countries whose banking laws protect the anonymity of account owners from investigation. They do this so that investigators trying to follow the paper trail will hit dead ends, through which they cannot trace funds further.
As complex as layering is, though, it is not impregnable. Again, detection teams in banks play a key role in detecting suspicious activity. Money launderers’ vulnerability at this stage is in the way they handle these myriad transactions.
Detection teams monitor customer activity for patterns that do not match the type of activities that fit known information about the customer. Teams monitor for patterns that match known money laundering techniques. And they monitor transfers between customers and foreign financial institutions, flagging for particular scrutiny any contact with banks suspected of lax AML practices.
Again, despite detection teams’ best efforts, a significant amount of money makes it through the layering process, now with a paper trail that gives funds the appearance of legitimacy. Once funds have made it this far, detection is difficult, although law enforcement has had occasional success seizing assets even at this stage.
Terrorism funding operates in a similar way to money laundering, but with slight differences. In terrorism funding, terrorism funders usually have obtained their funds through legitimate means. Their funds are legitimate, but the activities they plan to fund are criminal, and funders want to avoid prosecution or having their assets frozen because of their complicity in terrorist acts. Therefore, funds still must be rendered untraceable.
Detection at the placement stage is difficult. Because the funds were obtained legitimately, the donor has no problem depositing funds in whatever amounts he wants in whatever institution he wants. The main means of detection at this stage is if the donor has been detected as a terrorist supporter previously. Only by scouring terrorist watch lists can detection teams flag terrorism funding placement.
Laundering terrorism funding uses the same approach as money laundering to anonymize sources. That means that the same vulnerabilities that applied to money laundering apply also to terrorism funding.
Again, detection teams monitor customer activity for suspicious patterns. Patterns that match known money laundering techniques are suspect. Transfers to and from banks in countries known for terrorism support are particularly suspect. Perhaps most important during this stage, however, are terror watch lists, which can clue detection teams in on suspicious contacts between bank customers and terrorist supporter, and intelligence provided by counter-terrorism agencies.
Unlike money laundering, where the integration stage presents the least vulnerability to money launderers, in terrorism funding, the Integration stage presents perhaps the most. This is because final recipients of this funding receiving them for the express purpose of committing crimes.
As such, they are the most likely link in the terrorism funding chain to draw attention. Again, terror watch lists and counter-terrorism intelligence are valuable tools to detect terrorist funding at this final stage.
Nothing can stop money laundering or terrorism funding completely. The people behind both are tenacious, clever and dedicated to their goals. But with a clear understanding of the vulnerabilities present in each stage of money laundering and terrorism funding processes, detection teams in AML/CTF efforts are better equipped to identify attempts to legitimize illicit fund or use legitimate funds for acts of terror.
For over 30 years, Marin Ivezic has been protecting critical infrastructure and financial services against cyber, financial crime and regulatory risks posed by complex and emerging technologies.
He held multiple interim CISO and technology leadership roles in Global 2000 companies.