The Paris Attacks Have Forced a European Rethink on Terror Finance

A police officer stands guard by the Eiffel Tower a week after a series of deadly attacks in Paris, November 22, 2015. Eric Gaillard/Reuters

As with many other acts of violence, the recent terrorist attacks in Paris have European leaders scrambling to come up with new strategies to prevent such bloodshed from happening again. The French and Dutch finance ministers have been particularly vocal about the urgency of implementing measures to deprive terror groups of funds.

One go-to strategy that gets thrown about frequently is cutting off sources of funding. One could call it a variation of the starve-the-beast strategy. This approach is appealing for its simple, intuitive logic. Remove the ability of the Islamic State militant group (ISIS) to raise funds (from oil sales, kidnapping, human smuggling), and the organization will eventually wither away.

Unfortunately, complicated conundrums rarely can be solved with simple solutions, especially if the goal is to stop the kind of attacks seen in Paris in January and November 2015.

ISIS-affiliated cells in Europe are typically self-funded. Apart from any training the attackers may have had in Syria, the attacks required minimal funding, such as daily expenses and cash to purchase weapons on the black market.

Most of the terrorists were legal residents or citizens of the EU, and they were presumably able to raise most of these funds on their own within the EU. Indeed, European law enforcement has found that most of these homegrown cells finance their operations with petty crime including drug dealing, credit card fraud and forgery.

However, even if these cells are receiving minimal funds from abroad, they are still likely to leave financial footprints within the EU. They may withdraw funds from an ATM, use a money service business to wire cash to another city, or even pay cash to set up a post office box.

None of these types of transactions are likely to set off an alert or result in a suspicious transaction report, but at each step in the process, whether setting up a bank account with ATM privileges, wiring funds, or even setting up a post office box, the individual would need to show some form of official photo identification and provide a phone number and residential address. Each of these interactions creates a footprint that investigators can track.

French Finance Minister Michel Sapin has called for new rules on pre-paid cash cards and virtual currencies, more border checks for cash and precious metals, and increased intelligence sharing both within the EU and with other nations. The latter will prove to be the most challenging given the EU's constitutionally enshrined protections on data privacy and reluctance on the part of some EU investigators to share intelligence with other EU countries.

The sensitivity over data privacy came to a head in 2009 when the EU suspended U.S. access to critical Society for Worldwide Interbank Financial Telecommunication (SWIFT) fund transfer data, which was part of the original Terrorist Finance Tracking Program (TFTP) that went into effect shortly after 9/11. A new TFTP agreement was signed in August 2010, but the new agreement prohibits the ability of investigators to mine the data. In other words, investigators would first need to know what they are looking for before they look, thereby precluding the serendipitous discovery of a previously unknown connection.

Discovering those unknown connections is the key to ferreting out militant cells that may be planning an attack. Intelligence analysts have come a long way in the last decade in using sophisticated network analysis tools to combine data on phone calls, financial transactions, email communications, airline records and other interactions to determine who might have a connection to whom. But those tools are only useful if investigators have the ability to mine the data.

The ability of investigators or financial institutions to share personal data, let alone mine it, was circumscribed even further by the European Court of Justice's decision in early October 2015 that the EU-U.S. "safe-harbor" agreement on the transfer of data was invalid. Before that, a thorough review completed in November 2013 concluded that an EU terrorist finance tracking system could not be justified on the basis of "necessity, proportionality, cost-effectiveness and respect of fundamental rights."

For the past 15 years, the Americans have been trying to encourage the Europeans to share more intelligence and cooperate on the timely freezing of assets, always running up against "the right to privacy and personal data protection."

Have the November 2015 Paris attacks forced a rethink on this issue? This month, Europol launched a new European Counter-Terrorism Centre. And there are renewed calls for an EU Terrorist Finance Tracking System (TFTS) that would coordinate closely with the U.S. TFTS.

The European Council also called for more sharing of information between EU financial intelligence units (the agencies that collect and review suspicious transaction reports from banks, money service businesses and other reporting entities). How well these new efforts play out depends on whether Europeans can feel assured that such data sharing will not be abused.

Moyara Ruehsen is an Associate Professor in the Graduate School of International Policy & Management at the Middlebury Institute of International Studies in Monterey, California.