News

In an ideal world for compliance officers, the finances of individuals plotting mass casualty attacks would exhibit enough anomalies to draw attention to their plans before they could carry them out, assuming such plans were made at all.

But violent homegrown extremists often don’t require large sums of money or financial assistance from the larger terrorist organizations that sometimes inspire them, decreasing the likelihood they would engage in unusual transactions, purchases, travel or other suspicious behavior that financial institutions could conceivably identify and report ahead of time.

Take the example of Rizwan Farook and Tashfeen Malik, the married couple who shot and killed 14 people and wounded 22 others at a local government office in San Bernardino, CA last December.

“Here is a guy with a regular job, a steady income, good credit, who is renting a house and who has a wife and a kid,” said Dennis Lormel, former head of the FBI’s Terrorist Financing Operations Section. “There would be no reason for a bank to look at him as a high-risk customer.”

Investigators learned afterwards that Farook had earlier secured $28,500 from a peer-to-peer online lender based in San Francisco, then converted $10,000 of the loan into cash and transferred at least $15,000 to his mother days before the shooting.

There is no indication that the pair received funds from offshore, or that any of the financial institutions involved in the loan and subsequent transfers failed to identify anything unusual, The Wall Street Journal reported that month.

These all-too-frequent circumstances make knowledge and analysis of transactions after such attacks “crucial” for investigators seeking to map out the financial history of the perpetrators and possibly locate other suspects, said a senior official with the U.S. Department of Defense.

“If you look at where they spent their money, whether it’s a charity, a place they frequent, if they used the same credit card to go to the same locations, you can start figuring out where they got radicalized,” said the official, who asked to remain anonymous. “You may also be able to identify other people in their social sphere that may have some culpability in terms of what they have done.”

Financial institutions should conduct a so-called “postmortem” internal inquiry immediately after terrorist attacks and other large-scale crimes, and promptly report any suspicious activity discovered during their review to the U.S. Treasury Department and, when authorized, directly to law enforcement, said a federal counterterrorism investigator.

“People think that that’s just the banks covering their back,” said the investigator, who asked not to be named. “But that filing is very important because they might have information about that individual that might not yet be known to law enforcement.”

Banks should closely review transactions that can be linked to the purchase of weapons and their components, survival gear, and vehicles possibly used in the attack, sources said.

With all relevant financial data in hand, regulators may be able to “reverse engineer” the financial history of a lone wolf attacker to expose new red flags and methodologies, according to Nikos Passas, a professor of criminology and criminal justice at Northeastern University.

“When you know for sure someone is a terrorist, you can go thoroughly through bank transactions to see what suspicious activity shows up on the radar screen,” Passas said.

In some instances, analysis of the funding behind previous domestic terrorist attacks revealed little or even no intersection with the formal financial system.

In 1995, Timothy McVeigh and Terry Nichols used cash they stole from a gun dealership in Arkansas and currency they obtained from selling firearms they acquired during the robbery to rent hotel rooms and storage space, buy a car and obtain components for the truck-bomb that killed 168 people and injured more than 600 in Oklahoma City that year.

U.S. officials said that Faisal Shahzad, the would-be Times Square bomber, traveled to Pakistan more than a dozen times after first entering the United States in 1999 but used hawala transfers and paid his expenses in currency to bypass U.S. financial institutions ahead of his failed 2010 attack.

Individual terrorists, or even terrorists organizations, are less likely now than ever to transact through the formal financial system, according to John Cassara, a former U.S. Treasury Department special agent and former case officer with the Central Intelligence Agency.

“That’s not what financial transparency reporting requirements and financial intelligence were set up for. They were set up to combat narcotics money laundering or large amounts of dirty money,” Cassara said.

Other lone wolf terrorists rack up debt through credit cards and loans they have no intention of paying back, or obtain social benefits through fraudulent schemes.

Investigators can use knowledge of those transactions to piece together a profile that may expose common characteristics of the funding patterns of individual attackers, according to a senior official with the U.S. Justice Department who asked not to be named.

“I think it would be a worthy project [for the Financial Crimes Enforcement Network] to isolate the universe of recent lone shooters and see what, if anything, their banks reported about them,” said the official. The suspicious activity reports may reveal “indicators” that were previously unknown to investigators, the person said.

Because reaction time is critical in the aftermath of a terrorist attack, compliance departments should consider forming and at all times maintaining a strategic response team specifically trained to locate transactions, accounts and clients that may prove useful to investigators, Lormel suggested.

The team should establish relationships with investigators in their jurisdiction and maintain a relationship, according to Lormel.

Compliance officers should commence their reviews immediately after obtaining enough data points to inform queries of their customer and transactional databases.

“As soon as the names of the attackers are disclosed, possibly alongside their date of birth and some sort of physical description or video footage, financial institutions have to begin looking through their documentation to figure out whether they have any relationship with those names,” the defense official said.

Compliance departments should also consider any information they may have obtained on other banks tied to the suspect and whether they have any correspondent links to those institutions, the official said.

When looking for red flags, financial institutions should pay attention to any change in the usual patterns their customers may have followed, such as unexplained wire transfers to new recipients at unusual times, from different branches or through different intermediaries, the defense official said.

Any such unusual behavior might help unveil financial links between the persons publicly identified and others who may be associated with them, Lormel said.

Financial donations to charities or non-profit organizations also warrant review by compliance officers, especially if the transfers involve entities already suspected of links to terrorism.

The details of transactions involving those types of organizations may take longer to emerge, but may also yield critical clues for the government to identify others who may be plotting incidents of their own.