Why terrorist financing remains a priority risk
While regulatory attention has largely centred on money laundering and fraud, terrorist financing (TF) risks are quietly but steadily escalating, and the financial sector is not prepared. The European Banking Authority’s (EBA) latest Opinion on ML/TF risks from July 2025 confirms what many compliance professionals already suspect: TF threats are evolving faster than the controls designed to detect them.
At VinciWorks, we’ve been tracking the growing complexity of these risks, from our recent deep dive into terrorist sanctions circumvention via crypto and crowdfunding, to our exposé on terrorist financing in the art market. Across sectors, we see the same pattern: financial institutions relying on outdated assumptions, underestimating low-value transfers, and continuing to tolerate inherently high-risk channels like cryptocurrency.
The EBA may have labelled overall TF risk as “stable,” but the details tell a different story. The use of stablecoins and e-money tokens to move funds under the radar is increasing. Self-hosted wallets, virtual IBANs and P2P platforms are spreading without meaningful oversight. And geopolitical shifts, from armed conflicts to the rise of violent extremism, are creating new digital routes for terrorist funding. Meanwhile, too many firms still treat sanctions screening as a proxy for TF risk management, ignoring the very typologies being exploited.
There is no legitimate use case for crypto in regulated finance: only risk. As terrorists and criminals find ever more creative ways to exploit technological loopholes and regulatory blind spots, compliance teams must shift from passive monitoring to active disruption.
Crypto and stablecoins in TF activity
Cryptocurrencies have long been associated with illicit finance, but the EBA now sees a significant shift: stablecoins (crypto assets pegged to traditional currencies) are becoming the tool of choice for terrorist financiers. Their ease of use, relative price stability, and growing popularity for cross-border transactions make them ideal for moving funds under the radar.
Recent investigations show that terrorists are increasingly using e-money tokens (EMTs) and peer-to-peer platforms that operate outside traditional financial systems. These platforms often fail to enforce robust KYC or CDD requirements, allowing illicit funds to flow through self-hosted wallets and be exchanged for fiat currency with little scrutiny.
- Law enforcement and competent authorities continue to detect the use of cryptocurrencies in TF.
- A key shift has been observed from Bitcoin to stablecoins like e-money tokens (EMTs), which offer price stability and are attractive for cross-border transfers — particularly in regions with unstable banking systems or ongoing conflict.
- Self-hosted wallets and P2P platforms remain largely unregulated, allowing funds to be moved without triggering CDD measures.
The EBA cites growing concern over EMTs being used in high-risk jurisdictions through platforms that lack robust KYC procedures, making illicit flows harder to detect.
Compliance takeaway: Firms must include stablecoin and EMT-specific risk factors in firm-wide risk assessments (FWRAs). This includes screening for counterparties in high-risk jurisdictions and integrating crypto transaction monitoring tools.
The crypto cross-contamination risk
The EBA warns of a rising threat not from crypto alone, but from its integration with mainstream finance. As traditional institutions increasingly partner with or acquire crypto asset service providers (CASPs), TF risks are spreading across sectors.
Examples include e-money institutions offering crypto-to-fiat services through group structures or outsourcing, often without clear governance. High-value goods dealers and art market participants now accept prepaid cards linked to crypto wallets, blurring the lines between regulated finance and high-risk digital assets. These developments increase the risk of cross-contamination, where weak crypto controls infect otherwise compliant institutions.
Compliance takeaway: Map your firm’s crypto exposure, even indirect or outsourced, and review governance structures for clarity and accountability. Apply group-wide policies to crypto-linked services and implement strict onboarding and monitoring of crypto-embedded partners.
Weak controls and over-reliance on sanctions screening
Many financial institutions equate terrorist financing controls with sanctions compliance, but this is a dangerous oversimplification. The EBA finds that firms often rely exclusively on sanctions lists as their primary TF risk control, failing to implement broader detection mechanisms.
This gap results in institutions missing low-value transactions, overlooking customers with criminal TF backgrounds, and failing to consider typologies that fall outside the scope of official sanctions regimes.
Between 2022 and 2024, 62 TF-related weaknesses were reported across the EU, many due to the lack of a sound methodology for identifying TF activity. Almost half involved the lack of a sufficiently robust methodology for assessing TF risks. In those cases, financial institutions did not distinguish between ML and TF risks in their business-wide risk assessments, or did so inadequately. Half involved poor TF risk assessment methodologies; 38% were due to inadequate transaction monitoring; and 35% linked to sanctions screening tool failures.
- Many financial institutions rely solely on sanctions list screening as their primary TF control, which the EBA warns is insufficient.
- Institutions frequently fail to distinguish between AML and TF in their BWRAs, resulting in a lack of targeted TF controls.
- Deficiencies were also noted in transaction monitoring rules (e.g., thresholds too high to catch TF-linked microtransactions) and in failing to flag customers with TF-related convictions.
Compliance takeaway: Institutions should develop standalone TF risk typologies, train staff to detect low-value/high-frequency TF transactions, and not rely solely on sanctions filters.
Geopolitical events and extremism
Terrorist financing doesn’t only flow from overseas networks. As the EBA highlights, geopolitical instability, including the refugee crisis and rising political extremism, is fuelling new domestic TF risks. Some Member States reported a measurable increase in TF threat levels due to these developments.
The influx of donations, humanitarian payments, and cross-border transfers in response to international crises has also created opportunities for terrorist groups to infiltrate legitimate channels. Small NGOs and informal money service businesses operating near conflict zones are particularly vulnerable.
- Some Member States report an increase in TF risk due to violent political extremism and refugee influxes from armed conflicts.
- Although some large institutions have improved monitoring systems, smaller firms often lack the capacity to adapt quickly to geopolitical shifts.
Several reports from the EU, UK and US note a rise in suspicious cross-border transactions linked to supposed humanitarian aid channels, for example funds raised for Gaza or Lebanon which are abused by terrorist groups and directly fund terrorist entities Hezbollah and Hamas.
Compliance takeaway: Firms must assess how external geopolitical events impact their exposure to TF risk and adjust onboarding, monitoring, and reporting protocols accordingly.
The false comfort of “stable” risk ratings
While many authorities report that TF risk is “stable,” the EBA urges caution. This rating masks serious deficiencies in controls, monitoring, and institutional understanding. Around one-third of EU financial institutions do not differentiate ML and TF in their risk assessments. This leads to a one-size-fits-all compliance framework that fails to address the unique complexities of TF.
In one Member State, financial institutions were found to screen against sanctions lists daily, but had no monitoring in place for small, frequent payments to high-risk jurisdictions, even when customers had prior links to extremist activity. The assumption that sanctions screening alone would catch terrorist financing led to blind spots in transaction monitoring.
A major EU-based payment provider was flagged in the EBA’s EuReCA database for failing to detect deepfake-assisted remote onboarding. Criminals used AI-generated identity documents to open accounts and transfer funds via self-hosted wallets, a tactic that slipped through because the firm had not updated its fraud controls to account for TF typologies involving synthetic identities.
Compliance takeaway: Reassess your risk frameworks. Create dedicated TF risk indicators and train staff on how TF diverges from traditional ML. Embed TF as a standalone risk factor in board-level risk reviews.
A false sense of security: Weaknesses in transaction monitoring
Despite the increasing sophistication of financial crime, transaction monitoring systems across the EU still show major gaps when it comes to identifying TF. Many systems are set up to detect large-scale fraud or money laundering but fail to catch the kinds of small, frequent, or obscured payments often used to fund terrorist activity.
The EBA found that 38% of TF weaknesses were due to absent or poorly calibrated monitoring scenarios. For example, systems failed to flag customers with terrorism-related convictions or scan for adverse media. Others ignored small transactions, assuming they were low-risk, a flawed assumption when dealing with TF.
Compliance takeaway: Audit your monitoring rules. Ensure scenarios are tailored to TF risk patterns (e.g., low amounts, known high-risk destinations, anonymous transfers). Integrate behavioural analysis, and make use of public watchlists and adverse media scanning tools.
What’s changing in the regulatory landscape?
A single, unified AML/CFT rulebook is on the horizon. This is a game-changing shift from directive-based law to directly applicable regulation. Under Regulation (EU) 2024/1624, the EU AML Regulation establishes consistent, binding rules across all Member States, eliminating national discrepancies and loopholes. It expands the scope of obliged entities to include CASPs, crowdfunding platforms, high-value goods traders, and more, while tightening beneficial ownership thresholds, transaction limits, and due‑diligence obligations. This regulation takes effect on 10 July 2027, with select sectors like football clubs and agents coming under scope by 10 July 2029. The Anti‑Money Laundering Authority (AMLA), created by Regulation (EU) 2024/1620 and operational from 1 July 2025, will oversee direct supervision of high‑risk institutions and issue technical standards to ensure uniform application of the Rulebook.
This new framework means compliance teams must prepare now for harmonised ER efforts. Expect stricter CDD/EDD limits, mandatory sanctions programmes, lower cash payment ceilings, and broader entity coverage. Institutions will also need to implement group-wide policies, formalise reliance arrangements, and boost transparency on beneficial ownership and crypto flows. Start adapting your compliance framework now as the era of national divergence is ending, and uniform, regulation-led TF controls are coming soon.
What other regulations are coming?
- MiCA (Markets in Crypto Assets Regulation) and FTR (Funds Transfer Regulation) began applying from December 2024.
- From 2025, all CASPs must comply with EU AML/CFT rules, including specific TF controls.
- EBA’s December 2024 TF Risk Factsheet outlines how firms should go beyond sanctions screening to effectively detect TF.
Practical steps for compliance professionals
With the implementation of MiCA and the EU AML/CFT package, compliance teams are expected to step up. The EBA’s TF Factsheet (Dec 2024) and new AML guidelines emphasise proactive detection and risk-based control over mere sanctions enforcement. The shift is clear: TF must be embedded across the compliance function — not bolted on.
Separate AML and TF Risk Assessments
- Don’t assume controls for money laundering cover terrorist financing.
- Develop TF-specific risk indicators and scenarios.
Enhance CDD for Crypto and Digital Products
- Include EMTs, P2P platforms, and self-hosted wallets in risk appetite frameworks.
Strengthen Transaction Monitoring
- Tune systems to flag patterns typical of TF (e.g. frequent low-value transfers to conflict zones).
Broaden Training and Governance
- Train staff on typologies of TF, including domestic extremism and NGO abuse.
- Ensure governance bodies regularly review TF risks separately from ML.
Engage with Updated EBA Guidelines
- Refer to the EBA’s December 2024 TF Factsheet and related guidance on sanctions evasion, crypto, and restrictive measures.
