E-Money, Pre-Paid Cards, Virtual Currencies and Terrorist Financing

Do the terror attacks in Paris and Brussels mark a significant shift in terrorist financing typologies and what does it mean for EU Law Enforcement?

Since we drafted our first post on terror financing (available here) there have been a number of key developments worthy of consideration and comment. Firstly there is now more information available on the financial activity of the Paris attackers. The French finance ministry’s intelligence unit Tracfin said prepaid cards, some bought in Belgium, were used to pay for cars and apartments used by the assailants in the 48 hours preceding the attacks. French Finance Minister Michel Sapin told a news conference attackers financed the assault by amassing several “tiny sums” which are hard to track, notably by using prepaid credit cards and “The cost of these latest attacks, the financing of the attacks, represents a sum not exceeding €30,000“.

Secondly Europe has witnessed a second major terrorist incident in Brussels on 22 March 2016. Media and government sources are suggesting that both the Paris and Brussels attackers are linked and potentially part of the same network. A great piece of visual analysis by the NY Times (available here) provides a clear picture of the social and geographic relationships between the attackers and support networks.

Image: http://www.nytimes.com/interactive/2016/03/23/world/europe/how-the-brussels-and-paris-attackers-could-be-connected.html?_r=1

Image: http://www.nytimes.com/interactive/2016/03/23/world/europe/how-the-brussels-and-paris-attackers-could-be-connected.html?_r=1

While details in the public domain remain scant it would not be a stretch to assess it as highly likely that the Brussels attackers and support network used similar or the same financing mechanisms to facilitate their activities. The volumes are likely to be broadly similar as they rented accommodation, purchased pre-cursor material, manufactured TATP, bought weapons (AK-47’s) and other subsistence. As noted by French investigators some of the pre-paid cards used in the Paris attacks were “bought in Belgium” and the close association between key facilitators in Paris such as Salah Abdeslam and Najim Laachraoui would create the right conditions for them to leverage proven mechanisms to finance the Brussels attack planning.

If our assessment is proved to be accurate it would be the second significant terrorist incident in less than a year where pre-paid cards and E-Money played a role in terrorist activities, albeit it as part of the same overall network. Additionally it is the second incident to go un-detected by EU law enforcement and while terror financing can be exceptionally difficult to identify due to the small sums involved, it highlights a potential intelligence and enforcement gap across new forms of E-Money and virtual currencies. When combined with the existing mechanisms of terror financing across global informal money remitters and physical cash, it makes for a growing challenge.

The UK National Risk Assessment (NRA) of Money Laundering & Terrorist Financing published in October 2015 stated “The money laundering risk associated with e-money (inc pre-paid cards) is medium, however terrorist financing risk associated with e-money is low.” It clearly calls out the challenge of E-Money regulation across the EU “At the EU level there are discrepancies between the 3MLD and the Second E-money Directive (2EMD). This has led to other EU member states applying discretion in the application of AML/CFT legislation to agents and/or distributors and different rules applying to different entities in the transaction chain. Passporting within the EU can add a further layer of confusion.” Significant is the admission that “Understanding criminal exploitation of the e-money sector remains an intelligence gap for law enforcement agencies. This is compounded by operational challenges. For example, in the majority of cases, prepaid cards do not carry a marking to differentiate them from other credit or debit cards”. 

It is interesting to see the sea-change in opinion between the UK NRA and comments driven through the EU by the French post Paris. On 02 Feb 2016 the European Commission released a statement outlining proposals to strengthen regulations and controls, proposing the following targeted amendments to the Fourth Anti-Money Laundering Directive by the end of second quarter 2016 (only relevant amendments provided in this post):

  • Ensuring a high level of safeguards for financial flows from high risk third countries: The Commission will amend the Directive to include a list of all compulsory checks (due diligence measures) that financial institutions should carry out on financial flows from countries having strategic deficiencies in their national anti-money laundering and terrorist financing regimes. Applying the same measures in all Member States will avoid having loopholes in Europe, where terrorists could run operations through countries with lower levels of protection;

  • Centralised national bank and payment account registers or central data retrieval systems in all Member States: the Directive will be amended to give Financial Intelligence Units easier and faster access to information on the holders of bank and payment accounts;

  • Tackling terrorist financing risks linked to virtual currencies: to prevent their abuse for money laundering and terrorist financing purposes, the Commission proposes to bring virtual currency exchange platforms under the scope of the Anti-Money Laundering Directive, so that these platforms have to apply customer due diligence controls when exchanging virtual for real currencies, ending the anonymity associated with such exchanges;

    • As a first step the Commission will propose to bring anonymous currency exchanges under the control of competent authorities by extending the scope of the AMLD to include virtual currency exchange platforms, and have them supervised under Anti-Money Laundering / countering terrorist financing legislation at national level. In addition, applying the licensing and supervision rules of the Payment Services Directive (PSD) to virtual currency exchange platforms would promote a better control and understanding of the market. The Commission will examine this option further. The Commission will also examine whether to include virtual currency “wallet providers”.

  • Tackling risks linked to anonymous pre-paid instruments (e.g. pre-paid cards): the Commission proposes to lower thresholds for identification and widening customer verification requirements. Due account will be taken of proportionality, in particular with regard to the use of these cards by financially vulnerable citizens.

    • In order to address the above concerns, the Commission will present further changes to the AMLD, which could focus in particular on reducing existing exemptions such as thresholds below which identification is not required, notably for cards used face-to-face, and requiring customer identification and verification at the time of online activation of the prepaid cards. The Commission is currently exploring the detailed design of such measures, taking into account their impact and the need for proportionality.

While it is far too early to suggest we are seeing a wholesale change in how terror financing is being facilitated it is important to recognise the important milestone these incidents represent. The apparent success of the Paris and Brussels attackers to go un-detected during a period of what can only have been relatively intense attack planning is likely to highlight the vulnerabilities in intelligence coverage and general knowledge amongst regulators and law enforcement of these products and the associated risks. A challenge the industry and regulators will always face is balancing the benefits new products and technology bring against the risks. What is clear is there is a need for industry to further increase education and awareness efforts with regulators and law enforcement, closing the gaps and setting the conditions for a sustainable long-term relationship.