Staff Report to the Commission

45See, e.g., Treasury Memorandum, Apr. 12, 2002. The memorandum proposed a six-month limit for

discussion purposes, and offered a “clear recommendation”  that “temporary blocking orders be pursued

with due diligence and an anticipated end date.”

Terrorist Financing Staff Monograph

51

is an innocent owner—that is, obtained or possessed the property in question without

knowing its illegal character or nature. The difference between an IEEPA freeze and a

civil forfeiture is that a freeze does not technically divest title. But when a freeze

separates the owner from his or her money for dozens of years, as it has in other IEEPA

contexts, that is a distinction without a difference.

Even more controversial is the government’s use of the provisions to block assets “during

the pendency of an investigation,” codified in the USA PATRIOT Act. The government

is able to (and has, on at least three occasions) shut down U.S. entities without

developing even the administrative record necessary for a designation. Such action

requires only the signature of a midlevel government official. The “pending

investigation” provision may be necessary in true emergency situations, when there is not

time to marshal the evidence to support a formal designation before a terrorist financier

must be shut down. But when the interim blocking lasts 10 or 11 months, as it did in the

Illinois charities cases (as we note in chapter 6), real issues of administrative due process

and fundamental fairness arise.

The premise behind the government’s efforts here—that terrorist operations need a

financial support network—may itself be outdated. The effort to find, track, and stop

money presumes that it is being sent from a central source or group of identifiable

sources. As al Qaeda is further disrupted and its members are killed and dispersed, it

loses the central command and control structure it had before. Some terrorist operations

do not rely on outside sources of money, and cells may now be self-funding, either

through legitimate employment or through low-level criminal activity. Terrorist groups

only remotely affiliated with al Qaeda—and dependent on al Qaeda as a source of

inspiration rather than operational funding—pose a significant threat of mass casualty

attacks. Our terrorist-financing efforts can do little to stop them, as there is no “central

command” from which the money flowed, as in the 9/11 attacks. Terrorist operations cost

next to nothing. It is to our advantage to ensure that operational cells receive as little

money as possible from established terrorist organizations, but our success in doing so

will not guarantee our safety.

National Commission on Terrorist Attacks Upon the United States

52

Chapter 4

Combating Terrorist Financing in the United States:

The Role of Financial Institutions

Since the 9/11 terrorist attacks, U.S. financial institutions have, almost uniformly, wanted

to do everything in their power to prevent their use by terrorist operatives and fundraisers.

Indeed, law enforcement and intelligence officials have praised the private

financial services sector for its willingness to assist in terrorist-related investigations. The

effort is clearly there, but what about the results?

The current regulatory regime was designed primarily for discovering and reporting

money laundering—the efforts of criminals, such as drug traffickers, to filter huge

amounts of cash through the financial system. Only banks have the information needed to

discover and report those kinds of transactions. A regulatory regime in which valuable

data are passed from the banks to the government, in that context, makes sense.

For terrorist financial transactions, the amount of money is often small or consistent with

the customer’s profile (such as a charity raising money for humanitarian aid) and the

transactions seemingly innocuous. As a consequence, banks generally are unable to

separate suspicious from legitimate transactions. The government, however, may have

information that would enable banks to stop or track suspicious transactions. As a result,

financial institutions can be most useful in the fight against terrorist financing by

collecting accurate information about their customers and providing this information—

pursuant to legal process—to aid in terrorism investigations. At the same time, the

government should strive to provide as much unclassified information to financial

institutions as possible.

Terrorist Financing in the United States

The term “terrorist financing” is commonly used to describe two distinct types of activity.

First, it can consist of the financing of operational terrorist cells, like the 19 hijackers

who conducted the 9/11 attacks. This financing consists of the funds the cell needs to live

and to plan, train for, and commit the terrorist act. The second type of terrorist financing

is fund-raising—the process by which an organized terrorist group, such as al Qaeda or

Hamas, raises money to fund its activities. Such fund-raising often takes place through

nongovernmental organizations, which may raise money for legitimate humanitarian

purposes and divert a fraction of their total funds for illicit purposes.

The funding of terrorist operations involves relatively small dollar amounts, from the

estimated $10,000 cost of the 1998 U.S. embassy bombings in East Africa, to the

estimated $400,000–500,000 for the 9/11 attacks themselves (of which roughly $300,000

passed through U.S. bank accounts over a period of nearly two years). The 9/11 attack

provides a good case study of how a large terrorist cell can be financed in the United

States. The hijackers moved money into the United States in three ways. They received

Terrorist Financing Staff Monograph

53

wires totaling approximately $130,000 from overseas facilitators in the United Arab

Emirates and Germany; they physically carried large amounts of cash and traveler’s

checks with them; and some of them set up accounts overseas, which they accessed in the

United States with credit or ATM cards. Once here, the hijackers opened bank accounts

in their real names at U.S. banks, which they used just as millions of other people do to

conduct the routine transactions necessary to their plan. The hijackers used branches of

both large national banks and smaller regional banks.46

Nothing the hijackers did would have alerted any bank personnel to their being criminals,

let alone terrorists bent on mass murder. Their transactions were routine and caused no

alarm. Their wire transfers, in amounts from $5,000 to $70,000, were utterly anonymous

in the billions of dollars moving through the international financial system on a daily

basis. Their bank transactions, typically large deposits followed by many small ATM or

credit card withdrawals, were entirely normal, especially for foreign students living in the

United States. No financial institution filed a suspicious activity report (SAR) and, even

with benefit of hindsight, none of them should have.47 Contrary to numerous published

reports, there is no evidence the hijackers ever used false Social Security numbers to

open any bank accounts. In some cases, bank employees completed the Social Security

number fields on the new account application with a hijacker’s date of birth or visa

control number, but did soon their own to complete the form.48

The use of a financial institution for a fund-raising operation looks entirely different from

the use of an institution by a terrorist cell, like the 9/11 plotters. The transactions are

often much larger. For example, the Benevolence International Foundation (BIF), an

Illinois charity designated a terrorist supporter by the U.S. government in 2002, received

more than $15 million in donations between 1995 and 2000.49 Funds are likely pooled

from multiple small donors and then sent overseas, frequently to troubled places in the

world under the auspices of a charity. For example, the Global Relief Foundation (GRF),

another Illinois charity designated a terrorist supporter by the U.S. government in 2002,

annually sent millions of dollars overseas, especially to such strife-torn regions as Bosnia,

Kashmir, Afghanistan, Lebanon, and Chechnya. According to its IRS filings, GRF sent

$3.2 million overseas in 1999 and $3.7 million in 2000. Like the financing of a cell such

as the 9/11 hijackers, however, a competent terrorist fund-raising operation will not be

apparent to bank personnel. The money sent overseas will not go to al Qaeda or any

designated terrorist group. Instead, the money will go to an overseas office of the charity

or an affiliated charity, and the diversions to terrorist facilitators or operatives will likely

46 See appendix A (discussing 9/11 transactions in detail).

47 As discussed later, U.S. law requires banks to report potentially criminal financial activity by filing SARs

with the Financial Crimes Enforcement Network (FinCEN) within 30 days of the suspicious transaction.

48 This is not to say that the hijackers were experts in the use of the U.S. financial system. For example, the

teller who opened an account for plot leaders Atta and al Shehhi spent an hour with them, explaining the

procedures for ATM transactions and wire transfers, and one branch refused to cash a check for al Shehhi

on one occasion because he presented IDs with different addresses. This incident led the bank to issue a

routine, internal security alert to watch the account for possible fraud, but provided no basis for concern

about serious criminality—let alone terrorism. These minor blips provided no clue to the financial

institution about the hijackers’ murderous purpose.

49Whether BIF actually funded al Qaeda remains an open question. See chapter 6.

National Commission on Terrorist Attacks Upon the United States

54

take place overseas. In the current environment, the donors presumably will not include

pro-Jihad comments on the memo line of their checks, as did pre-9/11 donors to one

suspect charity the FBI investigated. The fund-raising operation will look to the bank like

a charity sending money to troubled parts of the world—which it is doing, at least in part.

Why Suspicious Activity Reporting Works for Money Laundering

But Is Less Useful for Terrorist Financing

The Bank Secrecy Act (BSA) regime, described below, was designed to combat money

laundering and related offenses and, assuming that it is well-implemented and wellenforced,

it is reasonably effective for this purpose. However, the requirement that

financial institutions file SARs does not work very well to detect or prevent terrorist

financing, for there is a fundamental distinction between money laundering and terrorist

financing. Financial institutions have the information and expertise to detect the one but

not the other.

The Bank Secrecy Act—what it is and what it does

The premise behind the money-laundering laws and regulations was that because the

underlying crimes generate enormous amounts of cash, criminal enterprises need to

convert that cash into something less traceable and more usable. In perhaps the bestknown

example of money laundering, Russian and U.S. shell corporations were able to

move billions of dollars through correspondent accounts owned by foreign banks at the

Bank of New York and Citibank. Likewise, Raul Salinas, the former president of

Mexico, was found to have laundered millions of dollars in alleged public corruption

money through Citibank accounts. The role of Mexican banks was highlighted in a U.S.

law enforcement investigation known as Operation Casablanca, which found that

millions of drug-tainted dollars had been laundered through Mexican banks.

The United States’ method to prevent criminals from taking advantage of the financial

system relies on the basic premise that financial institutions—not the government—are in

the best position to detect money laundering and related illicit transactions. Thus, the law

imposes on financial institutions the obligation to report suspicious activity that involves

their use. This law and related regulations, generically referred to as the “Bank Secrecy

Act,” require banks (and now a host of other financial institutions, including brokerdealers,

credit card companies, insurance companies, and money service businesses)50 to

understand, control, and report transactions that may have a questionable origin or

purpose. Specifically, banks are required to report cash transactions in excess of $10,000,

as well as any other transactions they deem “suspicious.”51

50 For purposes of this discussion, we use the term bank, although in most respects the obligations extend to

other financial institutions.

51 Additionally, banks must ensure that they do not unwittingly engage in transactions with individuals

listed on Treasury’s list of prohibited persons, maintained by the Office of Foreign Assets Control (OFAC).

Such transactions are prohibited by a number of statutes tied to the president’s ability to bar U.S. persons

Terrorist Financing Staff Monograph

55

The SAR requirement is at the core of the government’s anti-money-laundering effort.

Inherent in a bank’s responsibility to report (or refuse to conduct) a suspicious transaction

is an obligation to have sufficient knowledge of its own transactions and customers to

understand what is suspicious. This requires a bank to “know” its customer—who the

beneficial owner of an account is, what the customer’s likely transactions should be, and

what, in general, is the source of the customer’s money. Once it understands its customer

and the customer’s likely transactions, the bank is able to determine whether the customer

is conducting transactions out of character for that profile. Additionally, understanding

the customer’s probable transactions enables the bank to assess the risk that the account

will be used to launder money, and will in some respects determine how closely the

institution monitors the customer’s account. A bank’s failure to report suspicious

activities, or to have a system in place that could reasonably detect suspicious financial

transactions, is punishable by some combination of administrative sanctions, civil fines,

and criminal penalties.

A bank can best detect suspicious transactions at one of two points. The “front end” of a

transaction involves the tellers and other individuals who may have face-to-face contact

with the customer and can often determine if a specific transaction is worth a second

look. A bank will typically train tellers and other such individuals to look for specific

“red flags” to determine if a transaction is suspicious. The second likely point of

detection occurs in the “back office”—an analysis of financial transactions, which takes

place in a specialized unit, for example, or in particularly high-risk areas such as the

bank’s wire transfer operations. Money-laundering analysts look at the bank’s

transactions to determine if they can conclude, by examining patterns of transactions,

whether those patterns are suspicious.

Analysts are aided significantly by software that is programmed to catch “anomalies”

(i.e., unusual financial transactions) that are indicative of money laundering. The key is to

find those transactions that would be out of character for the customer’s purported

business activity. A large cash deposit would not be suspicious for a customer like Wal-

Mart, but it would be for a customer whose only reported source of income is a Social

Security check. Sophisticated software should be able to distinguish between such

transactions and alert the money-laundering compliance analyst at the bank to investigate

further. This software, however, is not self-executing. It must be set up and fine-tuned.

Such adjustments can only be done by the bank itself; they require a deep and thorough

understanding both of the bank’s ordinary business and of its potential high-risk product

lines and high-risk customers. Additionally, the bank typically has specialists with a

fairly sophisticated understanding of money laundering. Because money laundering must

involve large transactions, banks are able to safely ignore a significant percentage of their

transactions that fall below specific thresholds.

from trading with an enemy of the state. Violations of these prohibitions are enforced by criminal penalties

or by civil fines, depending on the seriousness of the offense, among other factors. The listing process,

described elsewhere, is generally considered to be too cumbersome to be of use in detecting operational

elements of terrorist organizations.

National Commission on Terrorist Attacks Upon the United States

56

If further review does not dispel suspicions, the bank is required to file a SAR within 30

days from the discovery of the suspicious conduct. (When a bank cannot identify a

suspect, it has an additional 30 days to try to do so.) The bank must also monitor the

account and should refuse to engage in future transactions it deems to be suspicious. In

some cases, it may terminate the relationship with the customer.

The BSA regime also reflects sensitivities concerning financial privacy. A system

requiring bank reporting was thought to be less intrusive than allowing unfettered

government surveillance of bank records. The specter of a bank “knowing its customer”

is somewhat less threatening than the idea that the government ought to understand and

know all of a citizen’s probable financial transactions.

As a result of the BSA regime, most money launderers, drug dealers, and high-level

fraudsters understand that trying to pump massive amounts of cash through a U.S. bank is

fraught with peril. As a result, they generally prefer instead to use other, less risky,

methods to move money—sending it in bulk across our porous borders, for example, or

through a less-regulated industry like money-transmitting services. If they do use banks,

they take care to structure smaller transactions among dozens of different accounts—less

risky, to be sure, but considerably slower and more costly.

The terrorist-financing model

The model of banks having superior knowledge to detect illicit activity may not apply to

terrorist financing. Although the U.S. government may possess the intelligence that could

reveal terrorist operatives and fund-raisers, financial institutions generally do not. The

9/11 operation provides a perfect example. The 19 hijackers hid in plain sight: none of

their transactions could have revealed their murderous purpose, no matter how hard the

banks looked at them (see appendix A). Intelligence the government had, however, could

have been critical to identify the terrorists among us. For example, the U.S. government

had reason to believe that future hijackers Khalid al Mihdhar and Nawaf al Hazmi were

al Qaeda operatives in the United States. Both these terrorists had U.S. bank accounts, but

bank personnel never could have suspected that their customers were terrorists no matter

how diligently they studied the transactions, which were utterly routine.

Since September 11, financial institutions and the government have made efforts to create

a financial profile of terrorist operatives. The FBI examined the financial transactions of

the 9/11 hijackers and came up with some distinguishing features: they arrived at banks

in groups; they listed their occupation as students; they spent a large percentage of their

income on flight schools and airfare, particularly first-class airfare; and they were funded

in large part through wire transfers from the UAE. This profile might help detect another

plot exactly like 9/11, but we can expect that the next plot will look entirely different. As

a result, this profile does not especially help banks find future terrorist operatives, who

we can expect will make different, although equally routine, use of the financial system.

In fact, no effective financial profile for operational terrorists located in the United States

exists. The New York Clearinghouse, a private consortium of the largest money-center

banks, attempted to put together such a profile in partnership with government

investigators. After two years, they concluded it could not be done.

Terrorist Financing Staff Monograph

57

Creating a profile for terrorist fund-raising groups is not necessarily any easier. An

Islamic organization that collects funds from small donors, pools the funds, and then

sends large monthly wire transfers to Chechnya, Afghanistan, Kashmir, or the West Bank

could be a jihadist or terrorist fund-raising operation, or an entirely legitimate

humanitarian operation devoted to serving civilians in impoverished and war-torn regions

of the world. The government may have information (derived from sources such as

electronic surveillance or human intelligence) from which it can distinguish between the

two rationales for the transactions, but it is unlikely that banks will be able to tell the

difference from the transactions themselves.

The government has also tried to describe suspicious activity indicative of terrorist fundraising.

The Financial Crimes Enforcement Network (FinCEN) conducted a

comprehensive analysis of potential terrorist-financing patterns, which it published in

January 2002. Drawing on actual SARs filed by banks, it described five cases that might

have been examples of terrorist fund-raising. Ultimately, these cases centered on

financial transactions indicative of money laundering that involved, as FinCEN delicately

put it, “nationals of countries associated with terrorist activity.”52 This analysis appears to

be of little use in ferreting out a sophisticated terrorist fund-raising operation, which will

likely look to the bank identical to a legitimate Islamic charity.

Although FinCEN took great pains to caution that country of origin or ethnicity should

not, absent other factors, be taken to indicate potential criminal activity, the report

highlights a problem with applying the BSA regime to terrorist financing. The inability to

develop meaningful indicia of a terrorist cell or terrorist fund-raising operation creates a

risk that financial institutions could rely primarily on religious, geographic, or ethnic

profiling in an attempt to find some criteria helpful for identifying terrorist financing.

Such profiling raises a number of problems. Fundamentally, it will not be an effective

means to combat terrorist financing. The vast majority of Islamic or Arab bank customers

are not terrorists or terrorist supporters, so indiscriminately filing SARs on them will do

nothing but waste resources and cause bad will. Similarly, reporting that an Islamic

charity is sending money to Afghanistan will not be particularly effective in finding

terrorist financiers; there are certainly many legitimate humanitarian needs there. In

addition to doing little good, this type of profiling may subject customers to heightened