ONE THING THAT makes ISIS so hard to fight is that the terrorist network is diffuse and scattered, with small cells of operatives all over the world. Not only does this make it hard for law enforcement to predict where the group might strike next; it makes it incredibly complicated to track activity on the network—activity like banking transactions. Small sums of money flow from foreign fighter to foreign fighter, yet banks struggle to identify it within their systems.
Banks have long used anti-money laundering systems to flag suspicious activity, and in the aftermath of September 11th, they have turned to those same legacy tools to catch terror-related transactions, too. But these legacy tools are not up to the job. They rely upon hard-coded “if-then” rules about predictably suspicious behavior. If the software spots a seven-figure transfer of funds from Miami to Bogota, for example, it knows to flag it. But as terrorist groups like ISIS recruit people internationally for smaller, targeted attacks, those tools become far less effective. There are just too many rules and possibilities to consider.
“It doesn’t take much to survive in a hostel in Belgium while waiting to be moved to another location,” says Dan Stitt, who’s spent two decades in the financial crimes industry, with stints at the Drug Enforcement Agency and the Export-Import Bank of the United States. The pattern of small transactions a terrorist in hiding makes might not raise red flags for the usual anti-money-laundering systems.