Tactics

Adversaries generate or obtain illicit proceeds through crimes that produce monetary gain, establishing the foundational source of funds that will later be laundered. Often, these proceeds continuously re-enter criminal channels, perpetuating illegal activity and complicating efforts to trace their true origin.

Adversaries deliberately establish structures designed to disguise the true ownership and origin of illicitly obtained assets, creating distance and opacity around their involvement. These arrangements are intended to complicate tracing efforts long before the funds enter circulation.

Adversaries proactively establish reliable pathways and entry points into financial systems or commercial channels to ensure illicit proceeds can move or enter circulation smoothly and without immediate detection.

Adversaries introduce illicit value into ordinary financial or commercial channels—whether as money, goods, or contractual rights—creating transaction records that look routine and set the stage for deeper laundering.

Layering breaks the audit trail by shuffling already-placed assets through chains of transfers, conversions, and jurisdictional hops until the link to the original crime is effectively lost.

Adversaries integrate previously obscured illicit funds into the legitimate economy, converting them into openly usable forms of wealth or investments. Often, these assets return to jurisdictions familiar or beneficial to the criminals involved.

Adversaries actively safeguard illicitly derived and integrated assets against future detection, seizure, or legal action by maintaining liquidity, mobility, and protection behind legal and jurisdictional barriers.

Adversaries actively maintain secrecy by implementing operational controls and disciplined practices that minimize their exposure to detection, limit vulnerabilities, and allow laundering activity to remain covert.

Fundraising involves diversifying and amplifying revenue streams—ranging from legitimate self-financing and exploitation of non-profit entities to criminal activities and state sponsorship—to secure a steady flow of illicit funds. This tactic is critical for sustaining and expanding the operational capabilities of adversarial groups.

Threat actors utilize both formal (e.g., banks, remittance services) and informal channels (e.g., hawala networks, digital currencies, cash smuggling) to covertly transfer and layer funds, obscuring their origin and destination. This approach exploits gaps in monitoring and reporting systems to evade detection and prolong illicit financial flows.

Legitimation is the tactic of appearing trustworthy and acceptable within social and legal frameworks—often using legitimate businesses, philanthropic activities, or religious and cultural ties—to conceal terrorist financing operations. By positioning themselves as socially aligned and benevolent, adversaries reduce scrutiny and gain broader financial support.

Terrorist organizations establish durable and often covert channels to ensure a consistent flow of finances, leveraging both legitimate means (e.g., charities, crowdfunding, businesses) and illicit activities (e.g., extortion, criminal networks, or state sponsorship). This organized approach provides a reliable stream of resources that underpins and sustains their operations over time.

Adversaries strategically preserve and shield illicit funds by diversifying their value storage across assets like precious metals, real estate, and digital currencies. This approach minimizes detection risk and maintains financial stability, ensuring continued liquidity for their operations.

Terrorist organizations strategically channel funds to procure essential resources and cover operational costs, including weapons, logistics, recruitment, and propaganda efforts. They also embed themselves in legitimate businesses and social programs, using these channels to both generate revenue and mask illegal activities.

Operational Continuity focuses on maintaining the resilience and longevity of terrorist operations by diversifying funding sources, training successors, and promptly adapting operational methods in response to counter-terrorism efforts. This ensures stability and continuity despite disruptions or law enforcement interventions.

Adversaries generate and sustain funding for WMD programs by leveraging a range of legitimate and illicit channels, such as state budget allocations, commercial fronts, non-profit organizations, and criminal activities. This diversified approach ensures a steady flow of resources while obscuring their ultimate proliferation-related use.

Criminal actors introduce illicit funds into legitimate financial channels by investing in high-value assets, businesses, or financial instruments, thereby intermingling criminal proceeds with lawful income. This approach dilutes the illegal origins of the money, making it more difficult for authorities to detect and trace.

Threat actors engage in complex layering and multi-jurisdictional transfers to disguise the true source and destination of illicit funds, exploiting regulatory loopholes and transparency gaps to evade detection by financial institutions and authorities.

Adversaries exploit inconsistent AML/CFT standards across jurisdictions and leverage informal financial channels to evade regulatory scrutiny, enabling them to channel funds toward proliferation activities undetected.

Adversaries acquire monetary and material support through a mix of legitimate channels (such as front companies or lawful transactions) and illicit methods (e.g., smuggling or fraud) to bolster proliferation activities. This approach ensures they gain the necessary capital and assets to sustain and advance their operations.

Threat actors employ orchestrated misinformation and disinformation campaigns to disguise their true financial activities, creating a fog of misleading narratives that hamper regulatory and investigative efforts. By selectively manipulating information sources and misleading stakeholders, they divert attention and hinder effective AML/CFT responses.

Adversaries establish or co-opt ostensibly legitimate businesses to disguise illicit financial activities supporting proliferation financing. These businesses create a veneer of normalcy, making it harder for authorities to detect and disrupt the underlying criminal transactions.

Threat actors leverage multi-layered and complex transaction chains to mask illicit fund flows, often integrating illegal proceeds with lawful operations to appear legitimate. This tactic requires advanced financial expertise, enabling the creation of layered intermediaries that mimic money laundering processes and hinder traceability, thereby facilitating further illicit financial activities.

Obfuscation of Identity and Ownership involves creating shell or front companies, employing complex legal arrangements, and using nominees to hide the true identities and beneficial owners of sanctioned individuals or entities, thereby evading sanctions controls and complicating due diligence efforts.

Criminals exploit legitimate trade channels by falsifying or misrepresenting invoices, shipping documents, valuation, and goods classification, thereby concealing the true origin, value, or purpose of funds and commodities. This deceptive practice facilitates the movement of illicit proceeds across borders, complicating detection by AML/CFT authorities.

Threat actors exploit financial networks and payment systems by leveraging complex international correspondent banking channels, non-traditional payment methods, and transaction structuring techniques to covertly transfer illicit funds and evade detection. They also utilize high-risk jurisdictions and loosely regulated money service businesses to obfuscate the origin and movement of these funds.

This tactic relies on falsifying or manipulating documentation—such as KYC records, maritime data, or permits—to obscure the true nature of illicit transactions. By presenting misleading information, adversaries aim to bypass financial institutions’ and regulators’ scrutiny, thereby facilitating money laundering or terrorist financing activities.

Threat actors target jurisdictions with insufficient sanctions enforcement or oversight—such as offshore financial centers, free trade zones, or non-cooperative regulatory environments—to funnel illicit funds and obscure ownership, taking advantage of gaps and inconsistencies in the global AML/CFT framework.

This strategy involves constantly adapting techniques and structures—such as rotating communication channels, regularly rebranding corporate entities, and staying ahead of regulatory updates—to preserve operational security and effectively evade sanctions. By training staff in these evolving evasion methods, adversaries maintain the flexibility needed to thwart AML/CFT countermeasures over time.

Identifying potential victims or loopholes in financial systems before launching any deception.

Acquiring or forging the resources needed to execute and mask the fraud.

Zeroing in on those most likely to fall for deception or social engineering.

Manipulating relationships or authority cues to disarm victims’ skepticism.

Carrying out the final act that tricks victims into transferring funds or disclosing credentials.

Channeling stolen money through safe conduits or accomplice networks.

Converting illicit gains into a form they can immediately use or profit from.

Hiding immediate traces of wrongdoing to prolong undetected access or stolen funds.

Using advanced laundering or asset protection strategies to secure illicit profits.

Continuously exploiting existing vulnerabilities or victim relationships for repeated gains.