Countering the Financing of Self-Activating Terrorism in Europe

NUMEROUS DEADLY TERRORIST attacks across Europe – from the 2015 Charlie Hebdo ena bombing of 2016 to the far-right firearms assault in Hanau, Germany in early 2020 – demonstrate that self-activating terrorism (sometimes referred to as lone actor or small cell terrorism) has become a major security concern for the continent.

Much of the current ‘conventional wisdom’ around these kinds of actors assumes that terrorist financing and a counterterrorist financing (CTF) response are not relevant to this growing threat. Reports of attacks involving little to no preparation or financial resourcing have shaped a false perception that self-activator activity produces no usable financial intelligence. This has generated a high degree of unease among both CTF professionals in law enforcement, whose role it is to use legal investigatory powers to apprehend terrorists and would-be terrorists, and practitioners in the financial services sector, whose controls and instruments are designed to identify and report abuse of the financial system by terrorists planning attacks. The natural fear is that if the private sector cannot produce the kind of financial intelligence required, then law enforcement cannot do its job as effectively as it might.

In light of this, the European Commission commissioned RUSI Europe to carry out this research study as part of Project CRAAFT,1 which seeks to answer two related research questions:

  1. How do self-activating terrorists operating in Europe conduct their financial attack preparations?
  2. How should the CTF regime be changed to meet this pervasive terrorist threat?

For evidence, the research team reviewed relevant academic and policy literature and credible media reports, conducted 37 semi-structured interviews with relevant experts, reviewed 106 cases of successful and disrupted self-activated attacks in Europe between January 2015 and November 2020, and carried out three in-depth case study analyses.


Key Findings

For research question 1:

  • Attack planning by self-activating terrorists can have a financial and commercial dimension that is not yet fully appreciated by practitioners.
  • Self-activating terrorists’ financial activity is not necessarily negligible or invisible, and they may use a range of financial channels and products, including cash, digital payments and in a small number of cases, new financial technologies, to undertake their activities.
  • The economic ecosystem that self-activating terrorists (and terrorists in general) currently operate within is broad, and their financial activities also leave commercial traces, some of which may be pronounced.

For research question 2:

  • CTF faces basic problems with the detection of financial intelligence because of its focus on outdated models of terrorist financing, problems which are exacerbated in small-scale but complex threats such as self-activating terrorists.
  • Where the private sector provides well-prepared financial intelligence, it is often poorly aligned to investigative priorities, or poorly distributed, and therefore goes unexploited.
  • Current lead-generating initiatives that could identify potential financial intelligence on self-activating terrorists have not been fully encouraged or exploited by the public sector.
  • Current CTF collaborations are not structurally flexible or wide-ranging enough to tackle the self-activating terrorist problem proactively.



  • It is vital that Europol, Eurojust and other relevant EU-level agencies work with member states’ law enforcement and intelligence agencies on the collection and analysis of sensitive and publicly unavailable financial and commercial information in self- activating terrorism cases to create an evidence-based understanding of attack-planning behaviours and a library of typologies that could provide financial institutions with a better understanding of the logistics of self-activating terrorism events.
  • The private sector and EU agencies have better prospects of tracing suspicious activity where cash is not used. The European Commission should therefore review the potential benefits of limiting cash payments (or requiring customer identification and verification) in the purchase of a small number of high-risk items such as ornamental or ritualistic edged weapons, or chemicals used in improvised explosive devices.
  • In keeping with its wider anti-money-laundering (AML)/CTF responsibilities, the European Commission should undertake an annual review with relevant EU agencies to ensure that its Anti-Money Laundering Directives cover all relevant emerging financial technologies and platforms that might be used by criminals and terrorists.
  • The European Commission should consider developing a list of high-risk items that have been/could be used in self-activating terrorism or other attacks to guide vendor decisions on whether to execute a sale.
  • The European Commission should review whether specific types of retail outlet which sell high-risk items should be encouraged to develop voluntary reporting mechanisms of suspicious items or be covered by mandatory AML/CTF monitoring and reporting requirements.
  • The European Commission and relevant EU agencies should consult on ways to ensure financial institutions and other obligated entities produce better and more timely financial intelligence on self-activating terrorism. This could include:
    • The development of evidence-based self-activating terrorism typologies, case studies and supporting information (based on work in the first recommendation) to be shared with member states’ governments and agencies, and the AML/CTF- obligated private sector.
    • Feasibility studies on how AML/CTF transaction monitoring platforms can best exploit modern payments data to provide a more granular view of client activity, and how new technologies could be used to get institutions closer to real-time monitoring for threat-to-life risks.
  • The European Commission and relevant EU agencies should consult on ways in which CTF intelligence can be better aligned with current risk priorities and distributed to all relevant audiences. This could include:
    • The development of prioritisation and feedback mechanisms for CTF suspicious transaction reports between the public and private sectors. Responsible public agencies could set specific requirements for the kind of financial intelligence they wish to receive (such as potential self-activating terrorist activity) and provide evaluations of whether those requirements are being met.
    • The requirement that all counterterrorism-tasked intelligence services should become standard and integral elements in the distribution and feedback channels of CTF-related suspicious transaction reports.
  • The European Commission and relevant EU agencies, in particular Europol and the EU’s proposed new AML/CTF regulatory authority, should encourage national law enforcement agencies and regulators, and by extension the private sector, to exploit new technologies and data analytics in general, and on the self-activating terrorism problem in particular. Ideally, this should be in collaborative environments such as financial intelligence-sharing partnerships.
  • The European Commission should consider how to support such collaborations through a review and potential extension of the legal thresholds for sharing CTF data in AML/CTF and data protection law.
  • The European Commission and relevant EU-level agencies should review the options for more flexible and agile CTF intelligence sharing to aid proactive self-activating terrorist identification. This could include reviewing the likely costs and operational benefits of:
    • Direct data-sharing/transaction monitoring for CTF risks by a government agency, as in France, or potentially in collaboration with the private sector.
    • The development of private–public sector intelligence ‘fusion cells’ to create real- time intelligence sharing on CTF issues such as potential self-activating terrorists.


It should be noted that these recommendations are based on what is practically feasible in light of current capabilities to better tackle self-activating terrorism. However, any reforms must also take into account other policy considerations, such as financial costs incurred – and who pays for them – as well as the potential effects on data privacy of increased collaboration between the public and private sectors. Although there are potential mitigants for these concerns, the decision to make the current CTF framework more responsive to the self-activating terrorism threat will require greater effort and more targeted monitoring of some individuals. The decision to take this path rests on a societal consensus that the likely costs are worth the operational benefit.


For the full paper (PDF): Press Here


By Stephen Reimer and Matthew Redhead, Published on RUSI

Recent Posts