The Treasury Department’s Financial Crimes Enforcement Network (FinCEN) advised financial institutions in detecting illicit transactions related to Iran-backed terrorist organizations.

The agency’s advisory, issued Wednesday, contains information derived from FinCEN’s analysis of Bank Secrecy Act data, open-source reporting, and details provided by law enforcement partners.

“[W]e are issuing this advisory to help financial institutions protect the financial system from abuse by terrorists and to encourage financial institutions to stay vigilant in identifying and reporting related suspicious activity,” said Andrea Gacki, FinCEN’s director, in a press release.

According to BSA analysis, third-country front companies and exchange houses act as a global “shadow banking” network that processes illicit commercial transactions and channels money to terrorist organizations on Iran’s behalf.

FinCEN identified red flags financial institutions can watch for in addition to its 2018 Iran advisory and 2023 Hamas alert, including:

  • Customers conducting transactions with Office of Foreign Assets Control (OFAC)-designated entities and individuals or transactions that contain a nexus to identifiers to those designated, such as email addresses, physical addresses, phone numbers, passport numbers, or crypto addresses;
  • Transactions between customers or peer-to-peer transfers in which key terms associated with terrorism or terrorist organizations are noted;
  • Transactions with a money services business, crypto exchanges, or financial services with lax customer identification and verification processes, opaque ownership, or anti-money laundering or countering the finance of terrorism deficiencies;
  • Transactions that originate from front companies or general “trading companies” with an unclear business purpose or whose beneficial ownership information indicates they have a nexus to Iran;
  • A customer that is or purports to be a charitable organization or nonprofit;
  • Receiving small crypto payments from IP addresses in high-risk locations;
  • Customers transferring funds to high-risk locations with vague stated purposes like “travel expenses,” “charity,” “aid,” or “gifts”;
  • Accounts receiving large payouts from social media fundraisers or crowdfunding platforms from high-risk IP addresses, particularly if the accounts are supportive of terrorist campaigns; and
  • Customer companies incorporated in the United States or a third country jurisdiction but are active in high-risk locations and show no relationship to their stated business purpose.

The agency noted financial institutions can assist law enforcement by disclosing associated technical details, such as IP addresses with time stamps and device identifiers.

Terrorist organizations cited include Hezbollah, Hamas, Islamic Jihad, the Houthis, and Iran-aligned militia groups in Iraq and Syria.

Last month, OFAC kicked off a new round of Iran sanctions. The agency separately issued a $20 million fine against Thailand-based SCG Chemicals for hiding the Iranian nexus of commodities sold in U.S. markets.