• header EFSAS

Publications - Study Papers

Networked Terrorism: Implications for Policy-Making



The two most formidable transnational jihadi threats of the past two decades – the Islamic State (IS) and Al Qaeda (AQ) – lie in pieces. AQ, in the words of former US Secretary of State Mike Pompeo, is a ‘shadow of its former self’ (Fox News, 2020) and the Islamic State, according to counter-terrorism expert Colin Clarke, lies ‘in ruins’ (Clarke, 2018). What Pompeo and Clarke refer to is the dissipation of said terror organizations as a result of US-led counterterrorism campaigns: AQ’s top echelon, its ‘core’, has been hollowed out with remaining AQ members and allies dispersed across the globe and similarly, thousands of the IS’ loyal soldiers who have evaded capture are in hideouts in Syria and Iraq or in lawless, war-torn regions in remote corners of the world as the IS’ crown jewel, its territorial Caliphate, is reduced to rubble by counter-IS coalition forces. Statistical data appears to corroborate the assumption that the defeat of transnational jihadism is well underway as both the number of attacks and the number of casualties from terror attacks is steadily declining since 2016 (Institute for Economic & Peace, 2020).

Despite of what appears to indicate a major step towards the crushing of terrorism, voices from the academic community and experts on the ground call for caution, urging policymakers to adopt a more nuanced understanding of the evolution of the terrorism landscape and the nature of the threats that come with it. The Global Coalition Against IS, in a report of June 2021, thus warns that “the work of the Global Coalition is far from complete as Daesh/ISIS remains a significant threat”, and that “comprehensive efforts in Iraq and Syria, and globally” are required in order “to deny ISIS’ ambitions and the activities of its branches and networks” (Global Coalition, 2021). The organizational diffusion of terrorist organizations such as IS and AQ, much rather than a victory, is to be understood as a strategic re-organization by which terrorist groups branch out and devolve power to ensure group survival in the face of intense pressures and emerging opportunities.

Terrorist groups’ astounding creativity and malleability has, in the years following 9/11, been highlighted in academic literature with respect to diverse dimensions such as use of technology, recruitment strategies and attack modes. The creative use of organizational modes as a survival strategy has also found some acknowledgement; studying terrorism from an organizational perspective, however, turns out to be a tricky endeavor. Aside from the notorious elusiveness of terrorism both as a legal and empirical concept and a paucity of publicly available data that plague terrorism research, terrorism is typically understood as deriving its particularity as a criminological phenomenon not from some organizational feature but rather from its choice of strategy (infliction of visibly massive harm on non-combatants) and proclaimed goal (radical change of the socio-political status quo on a national, regional or global level) (Mayntz, 2004). Organizational aspects of terrorism, in contrast, are fluid, complex and indeterminate. “The War on Terror”, reads a statement by Neuman et al of 2011, “may have been the first conflict in modern history in which scholars, politicians, and security practitioners have continued to debate the nature of the enemy even as billions of dollars were spent, a plethora of security measures enacted, and hundreds of thousands of troops deployed abroad to wage war. Nearly a decade after this war has started, there is still no agreement on what Al Qaeda represents and how it functions as an organization” (Neumann et al, 2011)  – a statement that holds true today for a plethora of terrorist groups as did ten years ago.

Continued efforts towards understanding the changing terrorism landscape, including from an organizational perspective, remains key to maintaining the efficiency of ongoing counter-terrorism efforts and keeping the threat at bay. At the time when the ‘War on Terror’ was launched, organizational fragmentation was viewed as analogous with the decline of the terrorist group – and therefore often was the explicit goal of counter-terrorism operations – while it is now increasingly acknowledged within academic circles that while organizational fragmentation may well indicate a weakening of the organization as a unified, hierarchical structure, it also suggests the formation of new threats each in their own right, which oftentimes turn out more potent than the original one, as the experience with IS - originally an AQ branch - has shown (Morrison, 2017).

In order to be able to address present terrorism threats and avert future ones, therefore, policy frameworks need to be re-evaluated in light of the structural transformations of the terrorism landscape. This need is salient in particular with regard to policies aimed at countering the financing of terrorism (henceforth CTF) which were adopted in reaction to the highly coordinated 9/11 attacks, and which thus were devised so as to detect and disrupt large, steady financial flows to and within an organization understood as hierarchical and monolithic. If the presumptions that terror organizations are indeed becoming networked rather than hierarchical and that this development affects the way in which financial transactions are structured are correct, it may be assumed that established frameworks designed to detect and disrupt terrorists’ financial activities may not be capable of fulfilling their stated goals anymore. The overarching research question we will address hence may be framed as follows:

How has the evolution of terrorist groups’ organizational structures affected the capability of CTF policy frameworks to detect and disrupt terrorism operations?

Thus, the present submission explicitly links CTF to the presumed organizational transformation within the terrorism landscape in order to test the former’s contemporary relevance. For this purpose, the present paper is divided into two chapters. Chapter I will evaluate the empirical and theoretical literature on the organizational evolution of the terrorism landscape and use the example of two terror groups – AQ and IS – to demonstrate how and why this evolution has played out and how this affects said groups’ financial management system. In Chapter II, we will take a look at key CTF measures aimed at detecting and disrupting terrorism financial activities, and assess their relevance in light of the findings of Chapter I.


The evolution of terror organizations

In the past years, research has pointed to the organizational transformation of the terrorism landscape which, in line with such assessments, is becoming increasingly decentralized, network-like and globally dispersed (e.g., Mayntz, 2004; Zelinsky & Shubik, 2009; Clarke, 2019; Gaibulloev & Sandler, 2019; Eleftheriadou 2020). Although power diffusion dynamics within terror groups, for example though splits resulting from internal disagreements, are hardly a novel phenomenon - barely any terrorist group has been immune from organizational splits for one or another reason at some point in its life cycle (Morrison, 2017) - the contemporarily observable dynamics are distinct as power is devolved through the formation of alliances, the establishment of branches, individuals – historically rare forms of interaction among non-State militias – and the mobilization of far-away radicals throughout the globe. Rather than ‘fragmentation’, therefore, the contemporary trend is more accurately expressed in terms of a transition from organization (fixed headquarters, clear hierarchies and central resource pooling) to network (operational decision-making and resources dispersed across entities across the globe). This posited trend in terrorism organization is sometimes worked into such papers attempting to differentiate between ‘old’ with ‘new’ terrorism: Renate Mayntz from the German Max Planck Institute for the Study of Societies, for example, contrasts “old, or traditional, terrorism that seeks regime change in a national context” with “new terrorism [that] is characterized, in addition to its rather religious than secular basis, by its international scope and its network structure” (Mayntz, 2004) while political scientist Colin Clark, in an article written for RAND, asserts that “many terror groups underwent radical changes to their command and control structures, as vertically aligned, top-down organizations grew more networked and decentralized” (Clark, 2018).

The terms ‘network’ and ‘decentralization’ are, from a theoretical perspective, not necessarily corollaries. In principle, modern communication and financial technologies enable highly centralized management of diffuse networks. In practice, however, centrally managing a transnationally dispersed terror network proves firstly difficult (because far-away affiliates might not be willing to fully subordinate their own, perhaps local goals to the pan-Islamic ones of their guardian organization), and secondly risky (because centralization makes the ‘core’ organization more vulnerable to exposure in case a branch is infiltrated). With regard to the latter, a metaphor by Brafman & Beckstrom is aptly illustrative: The authors compare centralized networks to a spider (which is agile but dies when the head is cut), while the starfish embodies a decentralized network (which is clumsy, but resilient to threats because it does not have a central brain, and cutting it will simply lead to the generation of new legs) (Brafman & Beckstrom, 2007). What’s more, as the cases of AQ and IS discussed below demonstrate, the shift from (local) organization to (transnational) network will put the expanding terror group in focus of counter-terrorism forces, which in turn will result in intense pressure on the group and cause its remaining command and control structures to disperse. For those reasons, in both cases discussed below, the adoption of network structures was closely linked to the dissipation of hierarchical lines of control and command.  


The case of Al-Qaeda 

The dynamics and rationales underlying the organizational diffusion of Al-Qaeda are well-documented. Zelinsky & Schubik (2009), in order to showcase this evolution, distinguish between the ‘Hierarchy’ (tight central control of resources and decision-making), ‘Venture Capital’ (decentralized decision-making and centralized resources), ‘Franchise’ (centralized decision-making and decentralized resources) and ‘Brand’ models (decentralized decision-making and decentralized resources). The typology is subsequently applied to Al-Qaeda in order to demonstrate how, from its inception in the late 1980s as an anti-Soviet jihadi force in Afghanistan, the group has evolved from a small and hierarchical organization wherein resources and operations were controlled tightly by Bin Laden and his consultative council in Afghanistan to one which, fueled by increasingly global ambitions, branched out into the Middle East and North Africa (Zeninsky & Shubik, 2009). Thus, through the process of ‘in-house expansion’ came to life terror outfits that to this day persist, including Al-Qaeda in the Arabian Peninsula (AQAP), Al-Qaeda in the Islamic Maghreb (AQIM), and Al-Qaeda in in the Indian Subcontinent (AQIS) while elsewhere, AQ merged with existing jihadi groups in exchange for an official pledge of allegiance (bay’ah), e.g., with Al-Shabaab in Africa and Jemmah Islamiyah in Indonesia (Clarke, 2019).

Although AQ initially attempted to maintain tight centralized control over its branches and affiliates abroad, it soon had to recognize that this was impossible as diverging ideas on ideological goals, strategic priorities and power ambitions of local operatives brought tensions with affiliates to the surface (Clarke, 2019). Thus, in the earlier years of the 2000s, the AQ Central Command still provided money and operational guidance to affiliates without, however, exercising tight control over particular operations (i.e., the Venture Capital type). In the late 2000s, according to Zelinsky & Shubik, financial and military pressures eventually caused Al-Qaeda’s core to scatter and AQ’s name to function as a brand rather than an organizational entity with defined boundaries, with largely autonomous groups and cells being linked by not much more than their shared ideology and occasional inter-branch cooperation (Zelinksy & Shubik, 2009). Although the description of contemporary AQ as a ‘leaderless movement’ may not be entirely correct – AQ’s Central Command is hiding out along the border between Pakistan and Afghanistan from where it still exerts some, even if only symbolic, influence (Aguilera, 2021) – its ability to coordinate and control its network is unarguably not what it was some 20 years ago.

The gradual decentralization of AQ may in part be considered a conscious decision resulting from the group’s desire to internationalize its agenda. Indeed, AQ’s ambitions have over time shifted from the ‘liberation’ of Afghanistan in the 1980s - a local objective - towards an ideology that, upon Soviet retreat from Afghanistan, made the fight of the Muslim ‘Ummah’ against the West its primary objective: a global, sometimes termed pan-Islamic agenda, in light of which it made perfect sense for the terror outfit to extend its reach beyond Afghanistan (Clarke, 2019).  Just as much as an ideological goal in itself, however, AQ’s branching out may be viewed as a strategic necessity resulting from the group’s realization that its global project was in danger as the war on terror started taking its toll (Mendelssohn, 2016). Global counter-terror efforts, of which AQ initially was the primary target, dismantled the group’s operational base in Afghanistan, deprived it of its income and resulted in the capture of thousands of AQ foot soldiers and an estimated two-thirds of the network’s pre-9/11 leaders, as well as the death of AQ’s charismatic leader Osama Bin Laden in Pakistan in 2011  (Bencherif, 2017). AQ’s loosely connected network of Franchises in war-torn, lawless areas in, for example, Yemen, Iraq and North Africa provided escaping jihadis safe havens and allowed AQ to continue its operations from a variety of difficult-to-intercept nodes dispersed across the world even as the AQ Command had largely lost its ability to centrally control its network. Some of AQ’s branches – most prominently AQI, which was to become the Islamic State – ultimately decoupled themselves entirely from the parent organization in order to pursue own goals independently, while others to this day keep Bin Laden’s legacy alive. AQ’s branch in Yemen (AQAP) in particular has proven as extraordinarily resilient as it is lethal, targeting not only touristic targets in the region but even successfully involving itself in terror attacks in the West – the 2015 Charlies Hebdo attackers, for example, provenly had links to AQAP (Council of Foreign Relations, 2015). Certainly, the decline of central funding has diminished the group’s capacity to replicate large-scale attacks requiring long-term planning, coordination and large funds, such as those of 9/11. The fact that groups, cells and individuals across the world continue staging attacks in AQ’s name still 20 years after the ‘War on terror’ had been launched demonstrates that the network model has merits in terms of organizational resilience.  

AQ’s organizational evolution is closely tied to the re-organization of its financial management structures. Pre-9/11 AQ relied heavily on deep-pocketed, external donors which included allies in the Gulf States – including Bin Laden himself, who spent much of his personal wealth on his AQ project –, with funds being funneled largely though charitable fronts (Bauer, 2018). Such large, steady streams of funding were advantageous because they allowed AQ to control resource allocation top-down, hence providing it with a means to maintain some sense of cohesion within and control of its network. For several years after the ‘War on terror’ was launched, thus, AQ still attempted to finance its various offshoots centrally in line with above-mentioned Venture Capital model – the 2002 Bali attacks committed by AQ-affiliated Jemaah Islamyia, costing more than 200 lives, for example, were still predominantly funded with AQ’s own resources (Abuza, 2003). Later into the 2000s, however, AQ fell on hard times as many of AQ’s donors had been killed, designated on terror lists, arrested or turned their back to the group: Then-US Director of National Intelligence Michael McConnor in 2008, in this context, commented that “the intelligence community notices that al-Qaeda and its affiliated groups have had difficulty in raising funds and sustaining themselves” (US House of Representatives 2008).

Faced with such difficulties,  the AQ central command eventually saw itself forced to adopt a different approach to its resource management model in a bid for survival: Instead of top-down funding, leading AQ figures, now from their hideouts in Afghanistan and Pakistan, instructed their affiliates and widely dispersed cells to take care of their own funding in the local context in which they had embedded themselves and to concentrate on small-scale, inexpensive attacks (Bauer & Levitt, 2020). Local affiliates started, with varying success, to generate their own incomes from diverse portfolios; AQAP, for example, became financially highly successful by exploiting a varied set of locally available opportunities including looting, extortion and gas sales (Fanusie & Entz 2017) while AQIM creates funds by participating in international drug trade (David 2017). Other groups, such as AQ-affiliated Jahbat al-Nusra, have attracted to generate an income by soliciting donations via crowdfunding platforms (Paraszczuk, 2015). The decline in top-down funding came along with a “general weakening of the hierarchical relationship between the core and the affiliates”, as stated by former US Treasury Undersecretary David Cohen (Bauer & Levitt, 2020) but bolstered the resilience of the network as a whole.

In short, the diffusion of AQ’s organizational structures was closely linked to the adoption of a decentralized, micro-funding model wherein top-down financial streams were replaced by bottom-up ones. In addition, reliance on external donors has been replaced by a multitude of diverse, locally generated funds to ‘in-source’ funding. In cases where funds still have to be moved across borders, AQ today makes use of a variety of channels so as to circumvent the formal financial system, such as the traditional Hawala system, internet-based payment systems or cash couriers (Bauer & Levitt, 2020).


IS: A new enemy emerges

The by then popular wisdom that terrorism was becoming more networked seemed to lose credibility with the rise of the Islamic State (IS) – which developed out of alienated AQ offshoot in Iraq (AQI) - and the declaration of its Caliphate in 2014. Indeed, the Caliphate was unprecedented in terms of the extent to which it managed to pool resources and exert central control over its subjects, including through provision of governance services (Eleftheriadou 2020). By taking advantage of the resources on the territories it had captured - oil, agricultural products, antiquities, and a taxable local population - the IS quickly grew into the richest terrorist organization that had existed to date, at its height making roughly $1 million per day (Kenner 2019).

Territorial control of its Caliphate in Syria, however, was never the IS’ only ambition; rather, the Caliphate was to provide the base from where the group was to wage its global jihad. In line with its often-repeated slogan “Baqiya wa Tatamaddad”, or “remaining and expanding”, the IS emulated its rival, AQ, by establishing its own network of franchises and affiliates – its  ‘Wilayats’ (Arabic for ‘provinces’) - across the globe (Weston, 2020). The pace by which IS conquered territories and swept through major cities like Raqqa and Mosul motivated jihadi groups across the globe to swear allegiance to al-Baghdadi as IS’ success was widely interpreted as a ‘divine favor’ and thus, soon after the Caliphate was established, Bay’ahs started trickling in (Homeland Security Committee, 2016). As opposed to AQ, which had been much more conservative and elitist in its design and which had been relatively selective as to the groups whose Bay’ah it accepted, the IS - sometimes described as a ‘catch-all’ organization  - has shown little restraint in allowing jihadis worldwide to use its brand (and sometimes even falsely claiming attacks): Potential affiliates were expected to act under IS’ banner but were given the freedom to plan and execute operations relatively autonomously (Foucher, 2020). Besides, IS founded its own Franchises – just like AQ ten years earlier –in conflict zones all around the world, most prominently in South Asia (Islamic State in Khorasan Province, or ISKP) and in Africa (e.g., the Islamic State in the Greater Sahara (ISGS) or the Islamic State in West Africa Province (ISWAP)). Using terms very similar to those employed to characterize AQ’s organizational evolution, David Weston speaks of the “proliferation of IS Franchises across North, Middle and Southern Africa”, with IS deploying “limited, yet targeted support such as ideological and operational guidance, as well as small amounts of money, to upgrade the capabilities of a distant jihadi group adopting the IS brand” (Weston, 2020).

By the time its Caliphate definitively fell apart with IS’ defeat at the Syrian town of Baghouz in 2019, IS had claimed roughly 50 ‘Wilayats’. Some of them, for example in Libya but also in Afghanistan or Yemen where AQ had already entrenched itself, exist in name only with local IS affiliates barely capable of gaining foothold; some, such as in the case of Nigeria’s Boko Haram, are in the process of decoupling themselves from their guardian organization; but some, especially in Sub-Saharan Africa, are highly potent with concerns mounting that they could provide the stage for the next ‘Caliphate’ (Micallef, 2021). Thousands of jihadis who had evaded capture by the counter-IS coalition forces dissipated into civilian communities and ungoverned spaces in their former territories and in their provinces abroad, from where they, for the time being, concentrate on small-scale surprise attacks and targeted assassinations - between July and September 2020 alone, 359 such attacks have been executed across Syria and Iraq (Selman 2021).

While the IS’ Wilayats, like AQ’s affiliates and franchises, are based in weakly governed spaces where terrorist groups can operate in relative safety, including in its former territories in Iraq and Syria but also in Afghanistan, Yemen and increasingly in African States, the IS’ tentacles also stretch deep into the Western world. Although the establishment of a full-blown IS franchise in, say, the United States or Germany is highly unlikely, the terror group here too manages to spread fear by nurturing a loose collection of ‘lone wolves’, i.e., home-grown radicals without any, or very little, material connection to the organization in whose name they act. It is estimated that there are a few hundred of such individuals on European soil, each of whom constitutes a security threat in his or her own right - such actors are currently considered the most formidable terrorism-related security threat in the global West. While AQ too has its own ’lone wolfs’, IS is believed to be far more effective in rallying far-away individual actors due to its highly sophisticated media apparatus, and its use of social media by which the group distributes flashy propaganda materials in particular: this is sometimes referred to as the IS’ ‘virtual Caliphate’, and it puts AQ’s grainy video sermons to shame (Crisis Group 2016). Thus, IS’ early establishment of a loyal network of affiliates, franchises, small cells and lone actors, all held together by its virtual Caliphate, allows it to continue pursuing its global project even upon the loss of its Caliphate in 2019.

On the financial front, the IS’ point of departure was very different from that of AQ. Having learned from AQ’s missteps, IS from the very beginning minimized its dependence on external donors and was able to do so by, as mentioned above, extracting rents from the territories under its control (Clarke, 2018). It also encouraged the thousands of Western foreign fighters to bring along their personal wealth as they flocked into IS-held territories (Ranstorp, 2016) and called upon its franchises, affiliates and lone wolves abroad to generate their own revenues through whatever means, licit or illicit, locally available (FATF 2019). In particular in Western contexts, the IS purposely recruits members from criminal milieus in order to leverage their experience in robbery, drug dealing, extortion and so forth for resource generation (Homeland Security Committee, 2016).

Hence, financial self-sufficiency and ‘nuclear funding’ from the onset constituted the cornerstone of the IS’ financing strategy. Still IS injects small sums of money into its affiliates on as-needs basis, but rarely does so using the official banking system, haven taken its lesson from AQ, and rather uses informal value transfer systems (Kencherla, 2021). When it became clear that IS would not be able to retain its territories, the group recognized that it would need to rely, at least to some extent, on external funding sources and thus started to solicit donations (Weston, 2020); however, rather than reliance on steady financial streams from deep-pocketed donors the IS successfully exploits internet and social media resources to set up crowdfunding campaigns in order to generate a multitude of ad-hoc, micro-streams of revenue from supporters all around the world (Schindler, 2020). Donations in cryptocurrencies too are encouraged by the IS, whereby the group helps protect the identity of its potential sponsors by distributing manuals for the setting up and use of Dark Wallets through social media (Dion-Schwarz et al, 2019).

The organizational and funding strategies of the IS demonstrate the group’s extraordinary strategic capabilities. On one hand, the IS as an organizational entity is, for the moment, unarguably weakened both financially and militarily as a result of the loss of its territories. On the other hand, the group’s thriving network allowed its global project to outlive its Caliphate with groups, networks, cells and personalities loyal to the IS continuing to grow their ideological and operational spaces (Gunaratna, 2019). IS’ virtual Caliphate plays a crucial role in this success: alive as ever, it continues mobilizing supporters worldwide, connecting distant jihadis, and, importantly for the purposes of this paper, attracting revenue streams. Besides, there is evidence that the IS managed to smuggle much of its wealth out of Iraq and Syria - up to $400 million, according to some sources – where it was partly invested in legitimate enterprises, including real estate companies, hotels and automobile dealerships, partly buried in the desert, and partly used to allow the IS to continue its operations from the underground (Warrick, 2018). Declaring the IS defeated, in light of this, is likely a politically motivated and certainly reckless statement.


CTF relevance in contemporary context 

The analysis above allows us to discern striking similarities in the overall organizational evolution of AQ and that of the IS some 10 years later, with the IS clearly having learned from AQ’s successes and mistakes. Both groups have, for ideological and strategic reasons, extended their reach by embedding themselves in conflicts all around the world through the establishment of networks of affiliates and franchises in ungoverned spaces, and by mobilizing small cells and lone actors in Europe and America to spread fear in the West. In both cases, while international outreach likely put the groups at the center stage of counter-terrorism coalitions and thus precipitated the dissipation of remaining hierarchical structures, the networks, now without a clearly discernable center of gravity, function so as to sustain the groups’ brands, allowing them to maintain a sense of legitimacy and to continue waging wars against their declared enemies, albeit with a focus on numerous small-scale, localized attacks that do not require large funds and coordinated planning. AQ’s network, 20 years after the ‘War on terror’ was launched, functions to keep AQ’s narrative and Bin Laden’s legacy alive while its more successful branches, for example Al-Qaeda in the Arabian Peninsula (AQAP) or Al-Qaeda in the Islamic Maghreb (AQIM), continue to operate at local, and in AQAP’s case even transnational, levels (Aguilera 2021). IS’ dispersal is still relatively recent but given its comparably larger network and its highly effective use of digital resources, the group must be expected to be at least similarly resilient.

In terms of financial management designs, the terror outfits started off somewhat differently with AQ relying heavily on external donors and the IS largely in-sourcing its funding from the onset. Still, the trend towards decentralized funding as manifested in the encouragement of localized self-funding, reduction of top-down funding streams, the preference of ad-hoc crowdfunding over large and steady financial streams from individual donors and the shift towards low-cost terrorism are observable in relation to both groups. Both AQ and the IS today use diversified portfolios of funding sources combining legal and illegal methods, as well as a multitude of different financial channels with funds, where they have to cross national borders, being funneled through traditional Hawala networks, smuggled across borders in the form of cash and, especially with regard to donations, being solicited through electronic payment systems such as PayPal or Bitcoin.

Financial counter-terror measures are said to have been among the more successful tactics in weakening AQ in the wake of the War on terror. This section will assess whether and to what extent these measures are still capable of fulfilling their mandate. For present purposes, we will categorize the global CTF regime into two classes following distinct (but interconnected) logics: those that aim at detecting terrorism-related financing streams, and those dedicated to disrupting them.


Detecting terrorism activity in financial systems

The funds by which the 9/11 attacks were financed were to a large extent moved through the formal banking sector and stored in legitimate bank accounts under the hijackers’ real names (Roth et al 2001). There afterwards was much debate as to whether the CIA was to blame for failing to take notice of these financial transactions, which could have provided leads to prevent the death of more than three thousand American citizens (Syed 2019). Consequently, much of the subsequently implemented CTF measures were directed towards enhancing security actors’ capabilities of surveilling financial services and collecting financial intelligence that may help identify terror networks and predict and prevent attacks: “Raising, storing and transferring money leaves a financial trail investigators can follow”, reads a statement by the Washington Institute; “definitively linking people with numbered accounts or specific money changers is a powerful preemptive tool, often leading authorities to conduits between terrorist organizations and individual cells” (Levitt & Jacobson 2008).

What sounds compelling in its logic, however, is difficult in its implementation. How, within a complex international banking system where millions of transactions are executed on a daily basis and that is becoming increasingly opaque as globalization advances, can one discern a terrorism-related transaction (or account) from a legitimate one? What characteristics must a transaction have in order to qualify as ‘terrorism-related’?

Part of the solution to such hard questions involves the placing of the financial sector, believed to be most adequately suited to police its own services due to its privileged access to customer data and transactions, at the frontlines. Banking laws around the world today bind financial institutions under threat of hefty fines to comply by sets of laws commonly known as know-your-customer (KYC) rules, compelling them, amongst other things, to verify the identity of all customers and to keep records of financial transactions for a minimum of 5 years. Banks are obliged, furthermore, to pay special attention to ‘all complex, unusually large transactions, and all unusual patterns of transactions, which have no apparent economic or visible lawful purpose’, and to promptly issue reports – Suspicious Activity Reports (SAPs) – whenever there existed ‘reasonable grounds to suspect that funds are the proceeds of criminal activity’ (FATF 2020). Such Reports would then be transmitted to specialized Financial Intelligence Units (FIUs), which would analyze and systematize them, compare them against other available intelligence material and, in case the likelihood of the presence of some terrorism-related activity was determined, transmit them to law enforcement for the launching of a formal investigation. 

Financial institutions today employ specialized personnel and evermore sophisticated algorithms in order to build individualized customer profiles and check transactions against ‘red flags’ that may indicate foul play. Risk indicators may relate to geographical aspects (e.g., a transaction from the UAE to the US might arouse suspicion more readily than one from Germany to the US) or their size in absence of a sound justification, but also to activity that appears inconsistent with the account holder’s prior activity  (Basel Committee, 2016).  

The value of such efforts to identify terror networks and prevent attacks through the logic of ‘following the money trail’ is difficult to conclusively assess due to the classified nature of financial intelligence material. On one hand, there is a consensus that financial surveillance has been critical in tracing and tracking terror networks, and the resulting financial intelligence instrumental in bringing down terrorists and their sponsors and facilitators because “financial transactions are (…) often one of the first triggers of an investigation, the first element that flags a specific individual for potential involvement in terrorism” (Vidino et al 2020). Financial intelligence thus was a key strategy for the 9/11 Commission in establishing direct links among the hijackers of the four flights and helped identify co-conspirators (Lormel 2002), for example, and in 2006, British authorities were able to foil a major plot by British al-Qaeda operatives in large part because financial intelligence provided the right leads (Levitt, 2011). On the other hand, the slickness by which terrorists adapt to changed contexts and new challenges has, over time, diminished the value of financial surveillance as a counter-terror tool, for two key reasons.

Ineffective ‘red flags’ - A first caveat has to do with the applicability of ‘red flags’ used by banks to identify terrorism-related financial activity. Indicators that once might have been useful – geography, size or divergence from usual transactional patterns – are ill-suited to detect the multitude of banal micro-financial activities by which terror networks today fund their activities. This is particularly true in the context of self-funded small cells or lone individuals who use their private salaries or loans or engage in petty crime to supplement their income, hence making it extremely difficult for the intelligence community to identify links between such individuals and the terror outfit they belong to. The vast majority of lone actors and small cells in fact receive no material support from their guardian organization whatsoever: Of 204 individuals charged for IS-related activities in the US from 2013-2020, only one received funding from IS operatives abroad to conduct an attack in the US (Vidino et al 2020).

The CTF community attempts to keep pace with these developments by routinely conducting trend analyses and issuing guidelines along with suggestions for new risk indicators. In 2019, for example, FATF published a report outlining the patterns of financial activity that may indicate that an individual is planning to travel abroad to fight alongside IS, suggesting that banks pay close attention to accounts where it shows sudden activity in terms of cash withdrawals, the application for loans and the application for credit cards that can be used for cash withdrawals in areas bordering conflict zones (FATF 2019) and in 2018, the Egmont Institute suggested for banks to focus their attention on purchasing behaviors of their clients, and to flag those who buy large amounts of firearms, explosives or chemicals that may be used to make explosive substances (Egmont Group 2019). Still, many ‘lone wolves’ will leave a small financial footprint that is unlikely to be identified as terror-related (Vidino et al 2020). 

Circumventing the formal financial system – as the formal financial sector becomes increasingly tightly regulated, terrorist groups can relatively easily switch to alternative money transfer mechanisms. Governments are well aware of these seams in the financial market and have attempted to extend financial controls to alternative transfer mechanisms, but such efforts are believed to have been much less effective and coordinated than those related to the regulation of the formal financial system.

Firstly, both ISIS and AQ today make extensive use of trusted money exchange dealers and in particular hawala traders. Hawala is a traditional system whereby money transferred without it physically crossing any border: A sender hands over the amount of money to be transferred to a nearby Hawaladar who then instructs a correspondent Hawaladar in the location of destination (usually a relative or another trusted person) to hand out the same amount, minus the fee, to the beneficiary (El-Qorchi, 2002). While this system is inexpensive and easy to use, and a key transfer mechanism in many rural, underbanked communities in South and Southeast Asia, it also allows terrorists to move financial resources without leaving a money trail. States have taken different approaches toward regulating Hawala by, for example, obliging Hawaladars to register their businesses and extending banking regulations to them (especially such ones relating to the identification of clients, the keeping of records and the reporting of suspicious requests), or by outlawing the system altogether, as India has done. Yet, the informal character of the Hawala system often makes the enforcement of such regulations difficult and it is believed that a large share of Hawaladars, especially in less developed countries, is rampant.

Secondly, the proliferation of digital payment methods such as PayPal and a variety of cryptocurrencies allow terrorists to circumvent the banking sector. This is particularly relevant in relation to terrorism fund-raising as terror groups increasingly use such platforms to solicit contributions. The regulation of these and similar platforms is incoherent across jurisdictions and leaves ample room for abuse (Schindler 2020). Transfers via digital payment systems may additionally be protected through encryption technologies, which makes them the more difficult to detect.

Thirdly, terrorists sometimes transport cash physically across borders, for example via cash couriers or by encouraging foreign terrorist fighters to bring cash with them. In order to address this vulnerability, close collaboration between States’ law enforcement agencies (and especially border police) is required; however, controlling borders seamlessly is a herculean task.


Disrupting terrorism financing

Such policies and practices directed at disrupting terrorism financing follow a logic that centers on “starving the terrorists of funding and shutting down the institutions that support or facilitate terrorism” (Roth et al, 2001). It was thought that depriving terrorists of their income would interfere with their ability to conduct attacks and sustain every-day operations (the provision of trainings to recruits, the execution of propaganda campaigns, the payment of salaries to operatives and sometimes their families and the purchasing of equipment and weapons materials, to name a few examples). Because pre-9/11 AQ received its funding predominantly from individual external donors, pretense NGOs posing as Islamic charities and mosques, efforts to disrupt AQ’s financial network focused on shutting down and deterring individuals and institutions sponsoring terrorism, or facilitating terrorism sponsorship, by means of legislative and executive mechanisms (Bauer & Levitt 2020).  

The basis of the legislative pillar can be found in the United Nations Convention on the Suppression of the Financing of Terrorism of 1999 and its implementing resolution, Security Council Resolution 1373. Both documents oblige States, among other things, to prevent and suppress the financing of terrorist acts and to refrain from providing support to terrorist actors (United Nations, 2019). Terrorism financing is today a criminal offence in almost every jurisdiction and provides States with the necessary legal tools to prosecute individuals or entities involved in terrorism sponsorship domestically.

The executive branch of the regime is that of targeted sanctions, which finds its basis in Security Council Resolution 1267 of 1999. In contrast to classical international sanctions imposed by States on other, ‘rogue’ States to coerce the latter’s alignment with some international norm, targeted sanctions are applied to non-State actors – individuals or entities – and pursue the goal of immobilizing such actors with, in principle, immediate effect. Resolution 1267 set up a ‘blacklist’ on which initially 162 individuals and 7 entities with links to the Taliban were designated; after 9/11, the list was expanded by more than 200 new entries, and over time, the listing regime branched further out with Resolution 1989 (2011) establishing an own list for Al-Qaeda and its supporters and Resolution 2253 (2015) creating one for individuals and entities linked to the Islamic State in Iraq and Levant (ISIL) (UN 2021). The lists are continuously updated and made available to States, which are expected to ‘without delay’ block the assets of affected persons. It is worth noting that besides the UN regime of targeted sanctions there exists a plethora of sanctions regime on national on regional levels; almost every State today maintains own list(s) on which it designates whomever it considers a terrorist or terrorism sponsor, including the US and the EU.

The abovementioned measures were instrumental in eroding AQ’s ability to attract external funding. By 2007, the US Treasury Department had already designated and frozen the assets of approximately 460 terrorist financiers and support networks, thus reducing its revenue streams significantly (Levitt & Jacobson, 2008). This manifested in a reversal of financial streams from top-down to bottom-up as evidenced in a letter sent in 2005 by the deputy leader of al-Qaeda, Ayman al-Zawahiri, to the leader of al-Qaeda in Iraq (AQI), Abu Musab al-Zarqawi, asking for money and noting that “many of the lines [of financing] had been cut off. Because of this we need payment...” (Bauer & Levitt, 2020).

Yet unfortunately, as the previous section has shown, AQ has eventually managed to absorb this challenge by de-centralizing its funding structure through relegation of the responsibility for funds procurement to local branches and diversifying its portfolio. The IS, having learned from AQ’s experience to avoid over-reliance on external donors, from the onset adopted a funding model predicated on self-sufficiency. The de-centralized financial management structure of contemporary terror networks has decreased the efficiency of targeted sanctions and (domestic) terrorism prosecutions.

The link with financial intelligence - The prosecution of terrorism sponsors and the designation of terrorists and their supporters on terrorism lists often hinges on the availability of financial intelligence, which provides the leads as well as the evidentiary basis for many terrorism-related law enforcement and criminal justice actions (Vidino et al, 2020). Hence the loss of law enforcement’s ability to trace ever-complex terror networks automatically translates into diminished capacities for enforcing terrorism financing offences and designating individuals and entities.

Small attack surfaces – one crucial advantage decentralized designs with multiple, diverse sources of income have for clandestine organizations, and undoubtedly a key reason why such designs are preferred by terror groups under attack, is that due to the minimal linkages between the nodes, severing one link will only compromise a small number of operatives while leaving the network as a whole intact. It certainly has its merits, even if only as a deterrent, to expose and prosecute singular terrorists or terrorism sponsors, however, in light of the lack of material connection between core group and local operatives as well as the multitude of nodes from where money is generated, it is unlikely that such enforcement actions lead to any outcome capable of harming the terror network itself. The lack of operational sophistication of US-based IS operatives indicates that the IS is well aware of this as it does not seem to see it necessary to invest in the security of singular actors within its network (Vidino et al 2020).

Ungoverned spaces – Indictments, extradition requests and asset freezing orders resulting from designation on some terror list may be issued by some international (or national) authority, yet, these measures also need to be enforced by authorities in the jurisdiction where the terrorists are located. AQ and IS affiliates and franchises like to embed themselves in ungoverned territories where conflict, corruption and sometimes geography prevent the rule of law to take hold or where they can expect the locally present government to provide protection (or at least turn a blind eye). Therefore, many well-known terrorists their supporters are often able to evade criminal justice and other punitive measures.

A related concern with the rapidly proliferating phenomenon of terrorism infestation in civil-war torn countries is that the lack of governability allows such groups to take hold of locally available resources, not unlike the IS has done in its Caliphate. AQAP for example, in 2015, took advantage of the ongoing conflict in Yemen to take control of parts of Hadramawt governorate, seizing as much as $100 million from a Central Bank branch, extorting funds from the national oil company, and raising as much as $2 million per day in taxes on goods and fuel coming into the port of al-Mukalla (Bauer & Levitt, 2020). Since counterterror measures (other than military strikes by international forces) will hardly be effective in areas where authorities are unable (or unwilling) to contribute to the fight against terrorism, the strategy of piggybacking on local conflicts allows terror groups to thrive financially and otherwise.



“The sober reality”, as noted aptly by Mowatt Larssen, former director of US intelligence for the Department of Energy, “is that the threat posed by nuclear terrorism is much broader than the aspirations of a single terrorist group” (Bauer & Levitt 2020). After 9/11, massive campaigns against AQ, and 10 years later against IS, caused the groups to break up their organizational structures into complex networks – to the effect that we are today faced with a multitude of loosely connected, globally dispersed actors and entities whose links within the network we neither fully understand nor are ready to coherently and comprehensively address. Proving their astounding adaptability, terrorists have engaged policy-makers what resembles a game of ‘Whack-A-Mole’ wherein whenever a tactical success is achieved, a new threat pops up elsewhere. Being presented with multiple, small and geographically diffused attack surfaces, we have to alter our expectations as to what counter-terror measures based on force and surveillance realistically can do for us.

This is true too with regard to CTF measures. Terrorism financial networks have become more complex with funds from diverse sources being generated from across the network, often without being moved through the formal financial system. The fact that terrorism casualties are declining as a result of the shift toward low-cost terrorism should not embolden policy-makers; this trend is a manifestation of the above described organizational transformation that, for the time being, prioritizes resilience over operational efficiency.

Will the absence of a strong, central leadership eventually cause the local objectives of AQ’s and IS’ branches to prevail over the pan-Islamic ones of their guardian organization, causing the network to further scatter?  Will the groups eventually re-consolidate after a period of quietly and patiently rebuilding their capacities, as suggested by Bruce Hoffmann (2016),  strengthened by the experience gained over the past two decades? Will the original Caliphate eventually be replicated elsewhere as one of the many IS or AQ offshoots gain strength? Speculating about future scenarios of global terrorism is just that – speculation. Taking into consideration what we know about terrorism, however, and in the light of the fast pace by which globalization is accelerating, it is likely that the model of networked terrorism, as a system with proven merits, is there to stay. What is key for policy-makers, thus, is to find an appropriate response to this elusive threat.

Continuing to put utmost efforts into safeguarding the integrity of financial systems and identifying those who abuse them for malicious purposes should continue to play a role within counter-terrorism frameworks. There are several avenues for improvement with the regulation of alternative value transfer mechanisms, such as the Hawala system and electronic payment systems, being particularly pressing. Technological improvements with regard to financial technologies to detect suspicious activity too might prove helpful. Targeted sanctions and domestic criminal justice measures aimed at punishing terrorists and their financiers and deterring those who might be inclined to support terrorism similarly should continue to be part of global counter-terror efforts, even though it must be acknowledged that the effects of such measures on the terror network as a whole will be limited. Other measures to dry out the sources from which terrorist actors draw their income will need to be devised according to a localized strategy, considering that the sources of terrorism funding are highly dependent on the particular social and economic realities on the ground. While, however, keeping up the pressure, including financial, on terrorist groups is important, what is equally important is to develop more comprehensive strategies to mitigate the proliferation of terrorism across the globe. Such approach must take as its point of departure the conditions that enable radicalism and terrorism in the first place; in other words, terrorism can only be addressed sustainably when its drivers are addressed.

A key reason why terrorism spreads with such ease is the proliferation of civil war and State collapse in the Middle East, South Asia and North, and increasingly also Sub-Saharan Africa, leaving large swathes of territory effectively anarchical and populations present on them vulnerable to terrorism recruitment. For Sunni Muslims residing in dysfunctional States, the protection offered by terrorist groups as well as the services they sometimes provide – such as education, employment and (Islamic) justice – are often compelling enough, even in absence of genuine identification with radical Islam (Crisis Group, 2016). Both IS and AQ have exploited grievances and sentiments of victimization among Sunni Arabs by, sometimes more and sometimes less successfully, embedding themselves in local conflicts, capitalizing on inter-ethnic or inter-religious tensions and imbuing them with their own narratives surrounding the supposed evil of Western hegemony and corrupt elites. Aggressive US-led counter-terrorism campaigns with their quiet acceptance of large counts of human and infrastructural ‘collateral damage’ only helped to corroborate such narratives (Clarke 2018).

In the long run, the proliferation of radical Islamism and transnational terrorism can only be addressed sustainably through a strategy that finds the right balance between the cautious, targeted use of force and such measures addressing the drivers of radicalization in the respective local context through diplomatic engagement, capacity-building and financial assistance with the goal of rebuilding weak and/or failed States and their institutions.


September 2021. © European Foundation for South Asian Studies (EFSAS), Amsterdam

***This Study Paper was written by EFSAS and also served as a contribution to the project “Free 4 Youth: Fighting radicalization to enhance e-strategy for a youth-comprehensive approach towards on-line terrorism” under the aegis of the European Commission’s International Cooperation and Development call on Support to civil society actors in promoting confidence-building and preventing radicalisation in South Asia.