Combating the Financing of Terrorism (CFT)
What Does CFT Mean?
CFT stands for Combating the Financing of Terrorism. It's the framework of laws, regulations, and procedures designed to detect and disrupt the flow of money to terrorist organizations.
You'll almost always see CFT paired with AML, written as "AML/CFT." There's a reason for that coupling. While AML focuses on criminals trying to hide where their money came from, CFT focuses on stopping money from reaching terrorists regardless of where it originated. The money flowing to a terrorist cell might be perfectly legitimate in origin. That's what makes CFT uniquely challenging.
The global CFT framework really took shape after September 11, 2001. Before that, terrorist financing existed as a concern, but it wasn't the driving force behind financial regulation that it became afterward. The attacks highlighted just how effectively terrorist organizations could exploit the financial system, and governments worldwide responded by building increasingly sophisticated approaches to identifying and blocking terrorist financing channels.
If you're working in compliance at any financial institution, CFT requirements are woven into virtually everything you do. Your transaction monitoring, your customer due diligence, your sanctions screening. All of it has a CFT component. And the stakes are high. Fail to implement adequate CFT controls and you're looking at severe regulatory penalties. But beyond the fines, there's the reality that inadequate controls could mean inadvertently facilitating terrorism. That's not something any compliance professional wants on their conscience.
CFT vs. AML: Understanding the Differences
AML and CFT get discussed together constantly. They share operational tools. But they address fundamentally different problems, and understanding that distinction matters when you're designing compliance programs.
The Core Distinction
Here's the simplest way to think about it. AML asks: "Where did this money come from?" CFT asks: "Where is this money going?"
With money laundering, the crime has already happened. Drug trafficking, fraud, corruption. The criminal has dirty money and needs to clean it so they can use it without raising suspicion. The money moves from illegal source to seemingly legitimate use.
Terrorist financing flips that around. The crime you're trying to prevent hasn't happened yet. The terrorist attack is the future event you're trying to stop by cutting off the funding. And here's the kicker: the funds themselves might be completely legitimate. A radicalized individual's paycheck. Revenue from a business that happens to be a front organization. Charitable donations diverted to purposes the donors never intended.
| Aspect | AML | CFT |
|---|---|---|
| Primary Question | Where did the money come from? | Where is the money going? |
| Fund Origins | Illegal (criminal proceeds) | May be legal or illegal |
| Purpose | Hide criminal origins | Support terrorist activity |
| Investigation Direction | Trace backwards to source | Trace forward to destination |
Why This Matters for Detection
The fact that terrorist funds can be entirely legitimate creates a detection problem that AML doesn't have. You can't rely solely on identifying suspicious fund origins because the origins might not be suspicious.
Think about it. A radicalized person slowly withdrawing from their savings account doesn't look like a criminal trying to clean drug money. A charity sending money overseas looks like exactly what it claims to be, until you trace where that money actually ends up. State sponsors of terrorism can move funds through official government channels.
This is why CFT detection has to look beyond transaction patterns to include suspicious destinations, associations, and behavioral indicators that traditional AML monitoring might miss.
Where AML and CFT Overlap
Despite their differences, the two share many compliance tools. Your Customer Due Diligence program serves both purposes. Your sanctions screening catches both money launderers and terrorists on watchlists. Transaction monitoring flags suspicious patterns regardless of whether they indicate laundering or terrorist financing. SARs get filed either way.
That's why regulations typically require combined AML/CFT programs rather than treating them as separate frameworks. The controls reinforce each other.
| Element | AML Focus | CFT Focus |
|---|---|---|
| Objective | Stop dirty money entering the system | Stop any money reaching terrorists |
| Predicate Crime | Already occurred | May be in the future |
| Key Lists | Adverse media, criminal databases | OFAC SDN, UN sanctions, terrorist databases |
| Detection Focus | Unusual cash, structuring patterns | Watchlist matches, high-risk geography, suspicious associations |
The Legal Framework for CFT
CFT operates within a web of international standards, national laws, and regulatory requirements. Knowing where the rules come from helps you understand why your program needs to look the way it does.
United States CFT Laws
The USA PATRIOT Act of 2001 was the primary legislative response to 9/11 and remains the backbone of U.S. CFT requirements. It expanded Bank Secrecy Act requirements to explicitly address terrorist financing, prohibited financial institutions from maintaining accounts for foreign shell banks, required enhanced due diligence for correspondent accounts and private banking, criminalized the financing of terrorism itself, and authorized blocking of terrorist assets.
The International Emergency Economic Powers Act gives the President authority to impose economic sanctions on foreign entities, block assets of foreign nationals who threaten national security, and prohibit transactions with designated entities. This is the authority underlying many of the sanctions programs you deal with daily.
Presidential Executive Orders designate specific terrorist organizations and individuals. E.O. 13224, issued right after 9/11, blocks property of persons who commit or threaten terrorism. Additional designations under IEEPA target specific terrorist threats as they emerge.
The Bank Secrecy Act, while originally focused on money laundering, now includes terrorist financing detection requirements. It mandates SAR filing for suspected terrorist financing and prohibits correspondent accounts for shell banks.
Key Regulatory Agencies
| Agency | CFT Role |
|---|---|
| Treasury/OFAC | Administers sanctions programs, designates terrorists |
| FinCEN | Issues AML/CFT regulations, receives SARs |
| FBI | Investigates terrorist financing |
| DOJ | Prosecutes terrorist financing cases |
| Banking Regulators | Examine financial institutions for CFT compliance |
The International Framework
The United Nations plays a foundational role. UN Security Council Resolution 1373 requires member states to criminalize terrorist financing. The UN maintains a consolidated list of individuals and entities subject to sanctions. And the 1999 International Convention for the Suppression of Financing of Terrorism established the legal basis for international cooperation.
The Financial Action Task Force sets global AML/CFT standards through its 40 Recommendations, which include specific CFT requirements. FATF evaluates countries on their AML/CFT effectiveness and maintains lists of high-risk and non-cooperative jurisdictions. When FATF puts a country on its gray or black list, that has real consequences for how you handle transactions involving that jurisdiction.
In Europe, the EU Anti-Money Laundering Directives include CFT requirements, and the EU maintains its own consolidated sanctions list that may differ slightly from OFAC's.
How Terrorist Financing Works
Understanding how terrorists actually raise, move, and use funds helps you design detection and prevention strategies that work. Let's look at the practical reality.
Sources of Terrorist Funding
State Sponsorship. Some terrorist organizations receive direct funding from nation-states. This includes direct financial support from government budgets, use of state infrastructure for fund transfers, and protection from international financial controls. State-sponsored terrorism is particularly difficult to detect because the funds move through official channels.
Criminal Enterprises. Many terrorist groups engage in or benefit from criminal activities to fund operations. Drug trafficking, human smuggling, kidnapping for ransom, robbery and extortion, counterfeit goods, and cybercrime all generate revenue. The line between organized crime and terrorist financing often blurs.
Legitimate Businesses. Terrorist organizations may operate genuine businesses that generate revenue. Front companies provide cover. Import/export operations facilitate trade-based laundering. Real estate can store value. Cash-intensive businesses like restaurants or retail stores make it easy to commingle illicit funds with legitimate revenue.
Charitable Organizations. The exploitation of charities for terrorist financing takes several forms. Donations intended for legitimate charitable purposes get diverted. Shell charities get established specifically to funnel money to terrorists. Religious giving obligations get abused. And organizations operating under the cover of humanitarian work can move resources into conflict zones.
Individual Supporters. Self-funded terrorism and small-donor networks are increasingly common. Personal savings of radicalized individuals fund their own activities. Small donations from supporters add up. Family and community networks provide support. Online fundraising and cryptocurrency donations enable crowdfunding for terrorism.
Moving the Money
The Formal Banking System. Despite all the controls, terrorists still use traditional banking. Wire transfers move through correspondent banking networks. Deposits and withdrawals happen at banks across multiple jurisdictions. Front companies with legitimate banking relationships provide access.
Money Services Businesses. MSBs are frequently exploited because they offer international remittance services, currency exchange, money orders, prepaid cards, and now cryptocurrency exchange. The volume of transactions and sometimes weaker controls make them attractive channels.
Hawala and Informal Value Transfer. These traditional systems operate outside the regulated financial system entirely. They rely on trust networks, often along ethnic or family lines. They're difficult to detect and track, and they're widespread in certain regions. A hawaladar in one country can arrange payment in another without any money actually crossing borders.
Trade-Based Methods. Manipulation of international trade provides another channel. Over-invoicing or under-invoicing goods, multiple invoicing for single shipments, phantom shipments with no goods at all, and misrepresentation of goods, services, or financial transactions all move value while appearing to be normal commerce.
Cash Smuggling. Sometimes the simplest method is physical. Bulk cash gets smuggled across borders, often using couriers or concealed in cargo.
Cryptocurrency. Digital assets present new challenges. Pseudonymous transactions are difficult to trace. Cross-border transfers happen without traditional intermediaries. Privacy coins are specifically designed to obscure transaction details. And decentralized exchanges may have limited AML controls.
The Terrorist Financing Cycle
The cycle works like this. First, funds get collected from various sources. Second, those funds get transmitted through whatever channels are available to reach terrorist operatives or organizations, often crossing multiple borders along the way. Third, funds may be held pending use, often in locations or forms that are difficult to detect or seize. Finally, funds get deployed for actual terrorist purposes: operational expenses like travel, communications, and weapons; training and recruitment; propaganda and media operations; support for fighters' families; and infrastructure and logistics.
CFT in Banking and Financial Services
Financial institutions sit on the front line of CFT. If you're working in compliance at a bank, understanding your CFT obligations and how to implement them effectively is essential.
Your CFT Program Requirements
CFT controls get built into your broader AML program. The key components include sanctions screening, enhanced due diligence, transaction monitoring, and suspicious activity reporting.
Sanctions Screening. Every customer and every transaction must be screened against terrorist-related sanctions lists.
| List | Administrator | Scope |
|---|---|---|
| SDN List | OFAC | U.S. designated terrorists and entities |
| UN Consolidated List | UN Security Council | Globally designated terrorists |
| EU Consolidated List | European Union | EU designated terrorists |
| FBI Terrorist Watchlist | FBI | Known and suspected terrorists |
You screen at customer onboarding. You screen all transactions in real-time. You re-screen when lists get updated. You investigate and resolve potential matches. And you document your false-positive resolutions thoroughly.
Enhanced Due Diligence. Certain relationships require extra CFT scrutiny. Customers from high-risk jurisdictions, correspondent banking relationships, private banking and wealth management clients, customers with connections to terrorism-prone regions, and non-profit organizations operating internationally all warrant additional attention.
Transaction Monitoring. Your systems need to detect patterns that might indicate terrorist financing. Transactions with high-risk countries, rapid movement of funds through accounts, activity that doesn't match the customer's profile, connections to known terrorist-linked entities, and unusual patterns in charity or non-profit accounts should all trigger alerts.
Suspicious Activity Reporting. When you know or suspect funds relate to terrorist activity, you file a SAR. When you detect transactions involving known or suspected terrorists, you file. When you identify unusual activity potentially linked to terrorism, you file.
For banks, the threshold for potential terrorist financing is $5,000 or more. For MSBs, it's $2,000 or more. But here's the important part: there's no threshold at all if you know or have reason to suspect terrorism is involved. Any transaction, any amount.
Geographic Risk
Certain regions present elevated CFT risk. Active terrorist organizations, weak government AML/CFT controls, conflict zones, and areas with known terrorist financing activity all increase risk. FATF maintains two lists you need to know: the "black list" of high-risk jurisdictions and the "gray list" of jurisdictions under increased monitoring. Transactions and customers connected to these regions warrant enhanced scrutiny.
Red Flags for Terrorist Financing
Identifying potential terrorist financing requires vigilance for specific behavioral and transactional patterns. When you see these red flags, it's time for enhanced review.
Customer-Related Red Flags
Pay attention to identity and background issues. A customer who matches or closely resembles names on terrorist watchlists needs investigation. Inconsistent or incomplete identity information should raise questions. Known or suspected ties to terrorist organizations are obvious concerns. And an unexplained signatory on an account linked to terrorism warrants immediate attention.
Geographic indicators matter too. A customer who resides in or frequently travels to high-risk jurisdictions, who has unexplained connections to terrorism-prone regions, or who opened an account shortly before or after travel to high-risk areas deserves extra scrutiny.
For entities, watch for non-profit organizations with vague or unclear purposes. Charities with minimal legitimate program expenses. Businesses with no clear economic purpose. Shell companies with opaque ownership.
Transaction-Related Red Flags
Wire transfer patterns can be revealing. Frequent transfers to high-risk jurisdictions, round-dollar transfers that don't match commercial activity, transfers with vague or unusual purpose descriptions, and nested transactions through multiple intermediary banks all warrant attention.
Cash activity raises different concerns. Deposits structured to avoid reporting thresholds, rapid movement of cash through accounts, and cash-intensive businesses with unexplained volume all need investigation.
Account behavior matters as well. A dormant account that suddenly becomes active, an account used only as a pass-through with rapid in-and-out activity, multiple accounts funneling funds to a single destination, and activity inconsistent with the stated account purpose are all red flags.
Non-Profit Specific Red Flags
Charities and non-profits require particular attention. When donations substantially exceed legitimate program spending, something's wrong. Funds transferred to regions with no apparent charitable programs should trigger questions. A charity operating in conflict zones without a clear humanitarian purpose needs investigation. Minimal oversight or board governance is concerning. And the use of cash or informal transfer methods by an organization that should be using the formal banking system is a significant red flag.
Technology-Related Red Flags
Cryptocurrency activity presents its own indicators. Conversion of fiat currency to privacy coins, transactions through mixers or tumblers, addresses associated with known terrorist financing, and unusual patterns in decentralized exchange activity all warrant attention.
Online activity matters too. Crowdfunding campaigns with suspicious purposes, social media fundraising linked to extremist content, and use of encrypted communications combined with suspicious financial activity should all raise concerns.
CFT Compliance Requirements
If you're subject to AML regulations, you need CFT controls. Here's what compliance actually looks like.
Program Requirements
You need written policies and procedures. CFT policies should be integrated with your AML program, not treated as an afterthought. You need clear procedures for sanctions screening, guidance on identifying and escalating potential terrorist financing, and regular policy review and updates.
Your risk assessment must address CFT risks specific to your organization. Consider your customer base, your products, and your geographic exposure. Document your methodology and findings. Update the assessment regularly as risks evolve.
Training needs to cover CFT specifically. Employees need education on terrorist financing methods and red flags. They need to understand sanctions compliance obligations. And they need regular refresher training as threats change.
Independent testing should include periodic assessment of your CFT controls. That means evaluating sanctions screening effectiveness, reviewing alert handling and investigation quality, and reporting findings to management with remediation tracking.
Regulatory Expectations
When examiners show up, they're looking at your sanctions screening coverage and accuracy, your alert investigation quality and timeliness, whether your SAR filing is appropriate, how you handle high-risk customers and transactions, and your geographic risk management.
Common deficiencies that get cited include incomplete sanctions list coverage, inadequate investigation of screening alerts, failure to file SARs for suspicious activity, insufficient enhanced due diligence, and poor documentation of decisions.
Reporting Obligations
For SARs, you have 30 days from detection to file. Include all relevant information. Maintain confidentiality. Retain supporting documentation.
For OFAC blocking, report blocked transactions within 10 business days. Include all required information. Maintain records of blocked property.
International CFT Standards
CFT requires international cooperation. No single country can combat terrorist financing alone. The Financial Action Task Force serves as the primary international standard-setter.
FATF Recommendations on CFT
The FATF 40 Recommendations include specific CFT requirements.
Recommendation 5 requires countries to criminalize terrorist financing consistent with the UN Terrorist Financing Convention.
Recommendation 6 requires implementation of UN Security Council resolutions on terrorist financing, including asset freezing and prohibitions on making funds available to designated terrorists.
Recommendation 7 addresses UN sanctions related to weapons proliferation financing.
Recommendation 8 requires countries to review their non-profit sectors for terrorist financing vulnerabilities and implement appropriate measures.
FATF Evaluations
FATF conducts mutual evaluations of member countries' AML/CFT regimes. Technical compliance assessments look at the legal and regulatory framework and whether laws meet FATF standards, scored as Compliant, Largely Compliant, Partially Compliant, or Non-Compliant.
Effectiveness assessments look at actual implementation and whether the system achieves its intended outcomes, scored across 11 Immediate Outcomes.
High-Risk Jurisdictions
FATF maintains two lists identifying jurisdictions with strategic AML/CFT deficiencies.
The "black list" covers countries with significant strategic deficiencies. FATF calls on members to apply enhanced due diligence and, in serious cases, countermeasures.
The "gray list" covers countries actively working with FATF to address strategic deficiencies. These get enhanced monitoring but aren't subject to countermeasures.
Your institution should apply enhanced scrutiny to transactions and customers connected to listed jurisdictions. This isn't optional.
CFT Challenges and Emerging Threats
The terrorist financing landscape keeps evolving. Here's what compliance professionals need to watch in 2026.
Cryptocurrency and Digital Assets
The challenges are real. Pseudonymous transactions are difficult to trace. Cross-border transfers happen without traditional intermediaries. Technology evolves faster than regulation. Decentralized platforms may have limited AML controls. And privacy-enhancing technologies like mixers and privacy coins are specifically designed to obscure activity.
Regulators are responding by extending AML/CFT requirements to virtual asset service provide