Red Flags and SAR Triggers on the Financing of ISIS and Its Global Affiliates.

On April 1, 2025, the U.S. Department of the Treasury’s Financial Crimes Enforcement Network (FinCEN) issued an advisory to help financial institutions identify and report suspicious activities related to the financing of the Islamic State of Iraq and Syria (ISIS) and its global affiliates.

The advisory highlights several key points:

• Funding Sources: It details how ISIS and its affiliates fund themselves and receive financial support from sympathisers internationally.
• Money Transfer Typologies: It describes various methods ISIS uses to transfer money between its affiliates.
• Red Flags: It provides red flags to help financial institutions identify suspicious activities related to ISIS financing

FinCEN

• Emphasises the importance of vigilance as ISIS continues to pose a significant threat globally, exploiting instability in regions like Syria to grow and resurge
• Provides examples of Red Flag Indicators Related to the Financing of ISIS and its Global Affiliates

Red Flag Indicators Related to the Financing of ISIS and its Global Affiliates

FinCEN has identified the red flags listed below to assist financial institutions in detecting, preventing, and reporting suspicious activity connected to the financing of ISIS. As no single red flag is determinative of illicit or suspicious activity, financial institutions should consider the surrounding facts and circumstances, such as a customer’s historical financial activity, whether the transactions are in line with prevailing business practices, and whether the customer exhibits multiple red flags, before determining if a behaviour or transaction is indicative of terrorist finance or is otherwise suspicious.

1. One credit card or bank account is used to book travel to or accommodation and transportation in an area of known ISIS activity for several unrelated people at the same time for no known legitimate purpose.
2. Fundraisers are attached to social media profiles that show support for ISIS, display ISIS-related iconography or refer to supporting the “mujahideen” or the “war against KUFAR (non-believers),” especially if the fundraisers are soliciting donations to fund travel to an area of known ISIS activity—the fundraising appeal posted on social media references aid to imprisoned women and children in Iraq or Syria.
3. A customer collects small amounts through peer-to-peer transfers, social media, or virtual currency payments over a short period and then sends them in a lump sum to an individual located in a region where the presence of ISIS is prevalent.
4. A customer sends remittances with no known legitimate purpose from the United States to multiple individuals in jurisdictions, such as Türkiye, known for facilitating activities related to ISIS, who do not appear to have any relation to the sender.
5. A customer attempts to purchase a plane or other travel tickets after abruptly liquidating assets, closing accounts, cancelling subscriptions, or receiving large, unexplained sums of cash. A period of account dormancy following these behaviours should also be regarded as suspicious, even if the customer eventually resumes transactions within the United States.
6. A customer may appear to seek as many lines of credit as possible, for example, by acquiring several credit cards and taking out one or more loans for unclear reasons, mainly if the customer has not previously used credit cards or taken out loans. This behaviour should be regarded as especially suspicious if the customer uses newly obtained credit cards, either exclusively or almost exclusively, for cash advances and purchases of virtual currencies but then fails to make loan or credit card payments when they become due.
7. A customer begins receiving a sudden influx of unexplained cash deposits, especially if the customer is unemployed if these deposits are in addition to a regular paycheck, or if the deposits come from ATMs in locations where ISIS is prevalent but where the customer is not known to reside or has not travelled.
8. A customer suddenly adopts or increases their use of financial methods that conceal the ultimate source or end use of funds, such as P2P transfers, ATM withdrawals, third-party processors, prepaid cards, virtual currency, or wire transfers.
9. A customer makes deposits in an account locally, which are then withdrawn from other locations, including from abroad, where the individual is not known to reside or have travelled but where ISIS is prevalent.
10. A customer places virtual currency in a virtual currency wallet using an IP address in one location, which is then withdrawn from virtual currency kiosks or converted to fiat currency by users with IP addresses in different places where the individual is not known to reside or has travelled, but where ISIS is prevalent.
11. A customer’s account appears to have been accessed in multiple countries at the same time or within a very short period, mainly if the account is accessed in countries where ISIS is prevalent

References

[FinCEN%20Issues%20Advisory%20on%20the%20Financing%20of%20ISIS]FinCEN Issues Advisory on the Financing of ISIS https://www.fincen.gov/news/news-releases/fincen-issues-advisory-financing-isis

FinCEN Advisory, FIN-2025-A001, April 1, 2025 https://www.fincen.gov/sites/default/files/advisory/2025-04-01/FinCEN-Advisory-ISIS-508C.pdf