On May 8, 2024, the U.S. Financial Crimes Enforcement Network (FinCEN) issued an advisory on illicit transactions related to Iran-backed terrorist organizations.

Iran seeks to export terrorism throughout the Middle East and beyond through the financing of a range of regional armed groups, such as Hizballah, Hamas and the Houthis. FinCEN’s advisory overviews the methods by which terrorist organizations receive financial support from Iran and details several techniques used to illicitly access or circumvent the international financial system to raise, move, and spend funds.

Iran’s financing of terrorist organizations involves the movement of funds through financial institutions located outside Iran by utilizing third-country front companies and exchange houses which act as a global “shadow banking” network. These front companies and exchange houses rely on banks with correspondent accounts with U.S. financial institutions.

Red Flags

FinCEN’s advisory includes nine red flags to help financial institutions detect, prevent, and report suspicious activity connected to the financing of Iran-backed terrorist organizations:

  1. “A customer or a customer’s counterparty conducts transactions with Office of Foreign Assets Control (OFAC)-designated entities and individuals, or transactions that contain a nexus to identifiers listed for OFAC-designated entities and individuals, to include email addresses, physical addresses, phone numbers, passport numbers, or CVC addresses.
  2. Information included in a transaction between customers or in a note accompanying a peer-to-peer transfer include key terms known to be associated with terrorism or terrorist organizations.
  3. A customer conducts transactions with a money services business (MSB) or other financial institution, including a VASP, that operates in jurisdictions known for, or at high risk for, terrorist activity and is reasonably believed to have lax customer identification and verification processes, opaque ownership, or otherwise fails to comply with AML/CFT best practices.
  4. A customer conducts transactions that originate with, are directed to, or otherwise involve entities that are front companies, general “trading companies” with unclear business purposes, or other companies whose beneficial ownership information indicates that they may have a nexus with Iran or other Iran-supported terrorist groups. Indicators of possible front companies include opaque ownership structures, individuals and/or entities with obscure names that direct the company, or business addresses that are residential or co-located with other companies.
  5. A customer that is or purports to be a charitable organization or NPO solicits donations but does not appear to provide any charitable services or openly supports terrorist activity or operations. In some cases, these organizations may post on social media platforms or encrypted messaging apps to solicit donations, including in CVC.
  6. A customer receives numerous small CVC payments from many wallets, then transfers the funds to another wallet, particularly if the customer logs in using an Internet Protocol (IP) based in a jurisdiction known for, or at high risk for, terrorist activity. In such cases, financial institutions may also be able to provide associated technical details such as IP addresses with time stamps and device identifiers that can provide helpful information to authorities.
  7. A customer makes money transfers to a jurisdiction known for, or at high risk for, terrorist activity that are inconsistent with their stated occupation or business purpose with vague stated purposes such as “travel expenses,” “charity,” “aid,” or “gifts.
  8. A customer account receives large payouts from social media fundraisers or crowdfunding platforms and is then accessed from an IP address in a jurisdiction known for, or at high risk for, terrorist activity, particularly if the social media accounts that contribute to the fundraisers contain content supportive of terrorist campaigns.
  9. A customer company is incorporated in the United States or a third-country jurisdiction, but its activities occur solely in jurisdictions known for, or at high risk for, terrorist activity and show no relationship to the company’s stated business purpose.”

Blowing the Whistle on Financing of Iran-Backed Terrorist Organizations

Under the U.S. Treasury Department’s Anti-Money Laundering (AML) and Sanctions Whistleblower Program, individuals may anonymously blow the whistle on money laundering and sanctions violations and receive protections and rewards for their information.

Violations covered under the AML and Sanctions Whistleblower Program include failures by financial institutions to file Suspicious Activity Reports (SARs) and comply with other Bank Secrecy Act (BSA) requirements as well as schemes by companies and financial institutions to evade sanctions.

Individuals looking to blow the whistle on the financing of Iran-backed terrorist organizations should consult an experienced whistleblower attorney.

Rules for Whistleblowers - 3 Ways to Order

New Release

Rules for Whistleblowers

The ultimate guide to blowing the whistle and getting rewarded for doing what’s right.