Washington wants Corporate America to step up its attention to terrorism risk.

That was the warning delivered at a House Financial Services Committee hearing on Sept. 9, to explore just how extensive terrorist financing is (very) and what steps businesses should take to reduce their exposure to that risk. Amid talk of Iranian sanctions and global encroachment of ISIL, experts also offered what may be a common sense approach: understand that the business of terrorism is just that—a business—and leverage the expertise of the private sector.

Increasingly, the circles of legitimate business interests and terror funding are intersecting:

One of the brothers responsible for the Charlie Hebdo massacre in Paris funded the attack by selling counterfeit Nike sneakers.

Huge swaths of land in West Africa are littered with used cars from the United States, the after-effect of trade-based schemes by Hezbollah that use vehicles purchased here at used car lots and auction houses as a front for moving cash and drugs.

Overseas buyers are purchasing real estate in major cities, notably New York and Washington D.C., as a means to move ill-gotten funds.

Cigarette companies assisted the tracking and freezing of money that was suspected of contributing to North Korea’s WMD program.

With the assistance of a multinational pharmaceutical company, a plot by Hezbollah to profit from counterfeit prescription drugs was uncovered by government officials.

“Terrorists seek a product mix, professional services, conduct cost-benefit analyses, employ tax strategies, and exploit supply chains,” says Scott Modell, managing director of the Rapidan Group, a geopolitical consulting firm and one of the panelists at the recent House hearing. “They seek market dominance, strategic alliances, and competitive advantage … [T]hey resemble multinational businesses that need to diversify to survive in the global economy.”

“We must appreciate their capacity as business people and not just explore their past streams of funding,” he added.

That view, experts say, underlines the need for the government and private sector to work together closely. Among the suggestions: creating a public-private partnership for data sharing, similar to efforts to do so for cyber-security efforts, and expanding the use of Suspicious Activity Reports beyond banks to investment advisers, real estate agents, and others as the need arises.

Banks have traditionally had major obstacles when sharing AML, know-your-customer, and cyber-security data with the government, foreign agencies, or even within the corporation across national borders. The data can be scattered in silos that may not communicate well with each other. Privacy and liability concerns abound. Those challenges would be even more problematic if such an effort is expanded across business sectors, unless the government does a better job of facilitating those relationships.

“Terrorism finance has become one of our most pressing national security challenges, yet the plans, programs, and practitioners are falling far short of where they need to be,” Modell says. “Almost everyone in the U.S. government knows just enough to be dangerous about finance, but the time for going well beyond that is long overdue.”

“The first step in strengthening the U.S. financial system’s resilience to abuse by illicit activity is tougher KYC and customer due diligence programs.”
Elizabeth Rosenberg, Senior Fellow, Center for a New American Security

The broader business community, he says, has insight on how to combat business competitors, and these insights need to be shared with governmental personnel who have less experience with business but do know how terrorists work. Companies could, for example, be able to collect intelligence on terrorist financing derived from diverted and counterfeit products.

“We need to establish working and advisory groups with sectors of the business community whose products are likely targets of terrorists,” Modell says. “Many of these companies have well-established investigative units to discover illicit trade in their products.” Among the sectors to start with as new partnerships are forged: manufacturers of consumer goods, pharmaceutical companies, and cigarette makers.

“Most of the early warning signs reside with the private sector, and the private sector is most often best suited to identify those anomalies,” says Daniel Larkin, founder of the National Cyber Forensics & Training Alliance and a former FBI unit chief. Just as is the case with cyber-security, “law enforcement needs private industry help more than vice-versa.”

Public-private partnerships must be structured to protect privacy and promote transparency. “Within the financial services industry, there are clearer safe harbor provisions,” he says. “In telecomm, retail, e-commerce, and other areas, there is a hesitation to share information because they don’t truly feel there is a clear safe harbor that protects those organizations from doing so.”

Elizabeth Rosenberg, a senior fellow at the Center for a New American Security, says international cooperation would be vital to any information-sharing program. She cited privacy laws as one example of a barrier, since moving data across national borders even within one corporation—let alone several—is complex.

HIGH-RISK JURISDICTIONS

The following is from a House Committee on Financial Services committee memorandum, issued in advance of a Sept. 9 hearing on combating the financing of terrorist groups.
FATF-Designated High-Risk and Non-Cooperative Jurisdictions and U.S. Guidance
Three times each year, the Financial Action Task Force on Money Laundering’s International Cooperation Review Group (ICRG) evaluates jurisdictions around the world for anti-money laundering and counter-financing of terrorism (AML/CFT) deficiencies.
To protect the international financial system from those with the most concerning AML/CFT deficiencies, FATF recommends that all jurisdictions “apply effective counter-measures.” The results of the most recent review were released on June 26, 2015, identifying 17 countries of concern.

Jurisdictions that have strategic AML/CFT deficiencies and to which counter-measures apply: Iran and North Korea

Jurisdictions with strategic AML/CFT deficiencies that have not made improvements: Algeria and Burma

Jurisdictions with strategic AML/CFT deficiencies that have made political commitments to improve: Afghanistan, Angola, Bosnia and Herzegovina, Ecuador, Guyana, Laos, Panama, Papua New Guinea, Sudan, Syria, Uganda, Yemen

Jurisdictions with strategic AML/CFT deficiencies that are not making sufficient progress: Iraq
In response to FATF’s ICRG review, the U.S. Department of the Treasury’s Financial Crimes Enforcement Network (FinCEN) issued an advisory on July 20, 2015 that reminded financial institutions of the counter-measures in place against Iran and North Korea, including a broad array of U.S. and U.N. sanctions programs.
With respect to Algeria and Burma, FinCEN advised financial institutions to apply enhanced due diligence procedures when maintaining correspondent accounts for foreign banks operating under banking licenses issued by those countries.
For all other listed countries, FinCEN advised financial institutions to ensure compliance with general due diligence obligations and, if appropriate, enhanced policies, procedures, and controls to detect and report suspected money laundering activity.
Source: House Committee on Financial Services.

“When such laws make it difficult for different divisions within the same bank, for example, to exchange information on customers or beneficial ownership data, it can make it difficult to identify sanctions evasion or criminal activity,” she says. “In turn, these barriers hamper the sharing of investigative leads, suspicious activity reports, and forensic accounting data with government authorities.”

If customer information were more easily shared across national jurisdictions, “it would better help financial institutions and government authorities to understand emerging methodologies in raising and moving illicit money,” she adds.

While efforts to unify the private sector and government in the fight against terrorism and its financing may be complex and far from imminent, several more immediate steps can be taken.

Reforms are desperately needed in the area of trade finance, a “dark hole,” according to Hugh Jones, president and CEO of Accuity, a firm that assists banks with payment processing and AML compliance.

Trade-based money laundering involves the use of trade transactions to disguise the origin of illicit funds and move them internationally. The schemes vary in sophistication, but often involve the under- or over-invoicing of the price, quantity, or value of goods in a trade transaction. One example: all those automobile graveyards in West Africa.

Jones’ concern is that this process often relies on outdated technology—nearly everything is paper-based. “It is very tough to check the transaction all the way from end to end,” Jones says. “It is very easy to game.” Stricter recordkeeping and disclosure standards should be considered.

And in the middle of it all still are the nation’s banks. “The first step in strengthening the U.S. financial system’s resilience to abuse by illicit activity is tougher KYC and customer due diligence programs,” Rosenberg says.

The Treasury Department, she explained, is considering a new rule on customer due diligence, and is working with Congress to strengthen disclosure requirements about beneficial owners in the corporate formation process as part of the FY2016 budget. That effort is a “critical step that would improve sanctions enforcement and the identification of criminals and terrorists, and it may be useful in identifying the source of malicious cyber-activity,” she says.