Sham Charities and Nonprofits
Exploited by terrorists to fund operations
The Treasury Department yesterday designated five individuals and five entities used by HAMAS to fund the group’s terrorist activities. The individuals and “charities” sanctioned yesterday fund HAMAS’s military wing under the guise of “humanitarian work.” Treasury also sanctioned a separate fraudulent charity linked to the Popular Front for the Liberation of Palestine (PFLP).
This is not new. We have known for quite a while that terrorist organizations exploit nonprofit organizations (NPOs) and charities to raise funds and move money. As, Treasury noted in its press release, HAMAS and the PFLP have a long history of abusing these sectors.
Some of these NPOs and charities are entirely co-opted and run by terrorist organizations, with the links to these groups obscured. Other charities and nonprofits are legitimate organizations, exploited by terrorist groups that divert donations provided by sympathetic and generous supporters for their operations.
Money laundering and terrorist financing - what’s the difference?
Money laundering involves obscuring the illicit origins of dirty money to make it appear legitimate. In other words, cleaning dirty funds.
A drug cartel deposits proceeds from narcotics sales into a financial institution, structuring the deposits to avoid the bank’s reporting threshold (placement). The funds are then transferred between accounts, sent overseas, or converted into other assets to obscure the money’s origins (layering). And finally, the seemingly “clean” funds are reintroduced to the formal financial system via real-estate purchases, high-value art, and various investments (integration).
Terrorist financing provides funding for terrorism. It’s the end-users that matter. The money can come from legitimate sources, but can be used for terrorist operations.
One is obscuring the origin of illicit wealth (misappropriated assets, drug proceeds, etc.), while the other obscures the destination of what could have been perfectly legitimate money.
Charities and NPOs continue to be ripe for abuse.
Charities and nonprofits are a convenient way for terrorists to obtain funds, and although they have made significant strides in stemming exploitation by terrorist organizations, a small number of charities and NPOs remain sources of revenue for terrorist groups. After all, the terrorists don’t have to hide where the funds originated. They can simply grab perfectly legitimate donations provided by kindhearted supporters for their own nefarious ends. And it’s the people who live in conflict zones and others who need the help most who suffer.
The United States and Canada in October 2024 designated the Samidoun network, used by the PFLP to fundraise in Europe and North America. The group’s activities were banned by Germany in 2023.
I wrote for the Foundation for Defense of Democracies in 2023 that terrorists and violent extremists often use crowdfunding and social media platforms to exploit humanitarian causes, taking advantage of donors’ compassion while using their contributions to fund illicit operations.
The Treasury 2024 National Terrorist Financing Risk Assessment last year noted that terrorist organizations in the past several years have leveraged sham charities as a cover to raise funds. The fraudulent charities are generally set up as foreign NPOs and may be established under the cover of providing humanitarian assistance but instead primarily or exclusively funnel money to terrorist organizations.
Global financial crimes watchdog, the Financial Action Task Force (FATF), notes that not all NPOs are high risk, and some may represent little or no risk at all. But that just makes compliance more challenging.
Measures adopted by countries to protect the NPO sector from terrorist abuse should not disrupt or discourage legitimate charitable activities. Rather, such measures should promote transparency and engender greater confidence in the sector, across the donor community and with the general public, that charitable funds and services reach intended legitimate beneficiaries. Systems that promote achieving a high degree of transparency, integrity and public confidence in the management and functioning of all NPOs are integral to ensuring the sector cannot be misused for terrorist financing.
Close examination of ogranizations ostensibly set up to help needy populations can be uncomfortable and seem callous, but even the NPOs themselves understand the need for transparency and integrity to detect and deter abuse.
Mitigation strategies.
On the national level, the NPO sector requires scrutiny by regulators, according to FATF. Elements of a country’s domestic sector review could include: the size, type, and scope of the NPOs, their activities, their donor base, cross-border activity and financing, movement of funds, means of payments, type and location of activities engaged in, services provided, and the level of risk associated with these elements.
FATF found that the NPOs most at risk of abuse for terrorist financing are engaged in “service activities,” such as housing, social services, education, or health care. That makes closer scrutiny even more awkward. No one wants to be known as the reason sorely needed aid was shut down.
That said, an NPO operating in a risky geography—a jurisdiction rife with terrorist activity or a country that’s in close proximity to a conflict zone, a nation known for terrorist attacks, or a country known for lax AML/CFT regulation and weak governance—needs to be closely examined.
FATF flags five types of risk when it comes to NPOs.
The diversion of funds is a significant method of abuse, with actors inside the NPO or external actors (such as foreign partners or third-party fundraisers) being responsible for the diversion to support terrorist entities at some point through the NPO’s operational or financial processes;
NPOs or their directing officials knowingly or unknowingly maintaining an affiliation with a terrorist entity which may result in the NPO being abused for multiple purposes, including general logistical support to the terrorist entity;
Abuse to support recruitment efforts by terrorist entities;
The abuse of programming in which the flow of resources is legitimate, but NPO programmes are abused at the point of delivery; and
Abuse through false representation in which terrorist entities start “sham” NPOs or falsely represent themselves as the agents of “good works” in order to deceive donors into providing support. Well-planned deceptions are difficult to penetrate with the resources available to non-governmental actors, making state-based oversight and its capabilities a necessary element to detecting the most sophisticated threats to the sector’s activities.
FATF also recommends several strategies governments can implement to reduce these risks, including outreach, supervision and monitoring, information gathering and investigation, and international cooperation.
The NPOs themselves also need to be cautious, exercising restraint, self-regulation, and transparency and good governance.
Meanwhile, financial institutions can also counter terrorism financing, exercising vigilance in in identifying not just suspicious activity that could indicate support to HAMAS, but other terrorist organizations.
FinCEN in 2023 issued an advisory identifying several red flags that can help financial institutions mitigate the risk of being exploited by HAMAS and its supporters.
A customer or a customer’s counterparty conducts transactions with OFAC-designated entities and individuals, or transactions that contain a nexus to identifiers listed for OFAC-designated entities and individuals, to include email addresses, physical addresses, phone numbers, orpassport numbers, or virtual currency addresses.
Information included in a transaction between customers indicates support for terrorist campaigns.
A customer conducts transactions with a Money Services Business (MSB) or other financial institution, including one that offers services in virtual currency, that operates in higher-risk jurisdictions tied to HAMAS (or other terrorist) activity, and is reasonably believed or suspected to have lax customer due diligence (CDD) requirements, opaque ownership, or otherwise fails to comply with AML/CFT best practices.
A customer conducts transactions that involve entities that are shell corporations, general “trading companies,” or other companies that have a nexus with Iran or other Iran-supported terrorist groups, such as Hizballah and Palestinian Islamic Jihad.
A customer that is a charitable organization or NPO solicits donations but does not appear to provide any charitable services or openly supports terrorist groups or activities. In some cases, these organizations may post on social media platforms or encrypted messaging apps to solicit donations, including in virtual currency.
A customer that is a charitable organization or NPO receives large donations from an unknown source over a short period of time and then sends significant wire transfers or checks to other charitable organizations or NPOs.
A customer conducts transactions with known or suspected virtual currency addresses tied to terrorism or terrorist financing donation campaigns.
These are not just specific to HAMAS, but also to numerous other terrorist organizations.
In addition, as I wrote in 2023, detection may be triggered by specific jargon or symbolism that may not be familiar to an average user. The Anti-Defamation League (ADL) has a useful database that documents slogans, slang, acronyms and other symbology.
According to the Anti-Defamation League, white supremacists in 2017 introduced three extremist-oriented crowdfunding platforms: GoyFundMe, Hatreon, and RootBocks. In February 2021, a fourth platform, OurFreedomFunding, was established and served as a haven for deplatformed extremists’ crowdfunding campaigns in the wake of the January 6 attack on the Capitol in Washington, DC.
The Goyim Defense League (GDL) is a loose network of antisemites who conduct harassment campaigns targeting Jewish people online and in the real world. A GDL connection to crowdfunding campaign would be an immediate source of concern.
Extremist crowdfunding campaigns often allude to the possibility of violence or violent intentions. One example was a campaign hosted on GoyFundMe by a group called the Nationalist Defense Force that described itself as “the only NS [National Socialist] security task force in Weimerica.” The campaign sought to raise funds for “equipment such as, uniforms, (more) shields, pepper spray, helmets, goggles, gas masks, batons, and much more.”
Terminology, symbols, and even names of groups can evolve, merge, and change over time, making continuing education and monitoring vital to detecting possible terrorist or extremist activity, as distasteful as it may be to delve into extremist language and ideology.
It’s not just operations.
Many terrorist organizations thrive on charitable giving. They thrive on the ability to divert funds for ostensibly humanitarian causes for terrorist aims and use them, thinking that the legitimate origins of the money will protect them.
Financial institutions should also be aware that charitable giving can include training and education, media publications, and networking, which can be abused for recruitment, radicalization, training, payments to martyrs’ families, and propaganda. Therefore, transactions related to education, media, and payments to families of those who died in various operations should also be cautiously examined - especially if other red flags, such as the ones noted above are present.
“Humanitarian” and “charity” may not always mean what we think they mean, and the need to be cautious when dealing with the non-profit sector is critical to protecting your organization and the financial system writ large.