Protests across Ottawa and US-Canada border crossings in 2022 brought global awareness to the problem of crowdfunding platforms being used to finance extremist groups. Crowdfunding has also supported terrorist financing (TF) – notably, for Islamic State (IS) operatives in Syria. Reporting indicates family members of young men trapped in Syrian camps have attempted to use the Telegram messenger service to “bring them to safety.” It’s believed some of those looking to escape are doing so to fight for IS.
This year, 87 percent of survey respondents said they’d seen an increase in the use of these platforms to fund extremism, with 31 percent believing the growth to be “significant.” In a report issued on March 1, 2022, the US Treasury explained how domestic extremists have used legal fundraising methods to support their activities, making them harder to detect. The Treasury also highlighted the pandemic’s role in making these platforms “a necessity rather than a convenience.”
3 Ways Firms Can Manage Crowdfunding Risks
Alia Mahmud, Regulatory Affairs Specialist at ComplyAdvantage, pointed out that “many crowdfunding platforms have been caught short by the surging demand for their services. Crowdfunding, in conjunction with cryptocurrencies and social media, increases the risks of terrorist financing by allowing bad actors to utilize the reach of crowdfunding platforms and crypto asset technologies to gain support from followers and receive funds.”
Mahmud emphasized three practical areas firms can consider in response to this trend.
1. Study Global Crowdfunding Regulations
Mahmud urges “compliance officers in firms offering decentralized finance services” to educate themselves regarding “emerging regulations in the cryptocurrency and crowdfunding space.” The goal, she says, is to “ensure they have adequate, effective, scalable financial crime control solutions in place.”
What might this look like in practice? Firms should become familiar with global regulatory trends such as Canada’s crowdfunding AML legislation and responses to crypto from governments in Singapore, the United Kingdom, the United States, France, and other key players. And Mahmud recommends a particular focus on the European Union’s new crowdfunding regulations. The EU updated that legislation in 2022, requiring firms to assess business continuity risks for outsourced services. This is especially relevant in a risk-management context, as financial crime controls are considered critical and are often provided by third-party vendors.
In light of this amendment, firms should develop a robust business continuity plan to mitigate the risk of critical failures by third-party providers, ensuring, for example, the continuity of payment services.
2. Align Crowdfunding Transaction Monitoring with Financial Crime Trends
As firms ground their risk assessments in sound regulatory knowledge, Mahmud urges them to focus especially on transaction monitoring. Crowdfunding service providers (CSPs) should tailor their “rules to the unique typologies and behaviors” associated with high-risk crowdfunding activity. A report funded by the Internal Security Fund of the European Union highlighted several key risks CSPs should be aware of, including:
- Donation-based services – Terrorist financers tend to prefer these over commercial crowdfunding platforms.
- Money-pooling schemes – Higher risks are present when users were able to pool money over an indefinite period of time for vague purposes.
- Lack of sufficient controls – Services that did not closely supervise accountholder activity were also deemed to be at higher risk.
When it comes to risk-based transaction monitoring, many firms’ hard-coded rules cannot identify dynamic risks. To address this challenge, firms might consider an artificial intelligence (AI)-based overlay, which can learn to identify risks through behavioral analysis.
To ensure AI is applied efficiently, CSPs’ AML/CFT departments should start with a gap analysis. What areas in their current process struggle most to meet robust AML/CFT standards? Once the most pressing inefficiencies are identified, firms can consider how best to address them with machine learning or artificial intelligence.
For example, our survey showed firms believe improved alert prioritization, the flexible tuning of alert thresholds, and the ability to identify new connections between individuals/entities to be the use cases that could add the most value to their organization. In one example, prioritization reduced false positives by a third (33 percent). Firms can also use AI to uncover hidden risks by seamlessly layering advanced techniques like behavioral analysis and anomaly detection.
3. Boost Enhanced CSP Due Diligence
“Banks and other providers working with crowdfunding organizations should perform enhanced due diligence before agreeing to a partnership,” Mahmud concludes. Such comprehensive due diligence is necessary to avoid “being exposed to financial crime risks by facilitating the movement of illicit funds and the bad publicity that comes with these.”
While the exact processes involved in enhanced due diligence can vary, firms should expect to be held accountable for successfully screening out noncompliant CSPs and should ensure EDD is an extension of holistic due diligence practices.
The European Banking Authority (EBA) recommends firms consider several red flags for high-risk crowdfunding service providers. These may indicate the need for EDD before onboarding and include:
- CSPs allowing delayed contributions to unspecified projects
- CSPs that do not impose transaction or total funds limits
- CSPs permitting individuals or unregulated entities to withdraw cash
- CSPs that allow virtual currency payments
- CSPs that permit account holders to transfer funds to each other
In their customer screening processes, firms should also verify that prospective client firms have sound customer screening, onboarding, and monitoring practices that align with or surpass AML/CFT regulations and best industry practices.
The State of Financial Crime 2023
Learn more about emerging AML risks identified by compliance industry professionals.
Originally published January 18, 2023, updated January 17, 2023