The JERSEY FIU Q1 2025 Suspicious Activity Report (SAR) HAMAS case study

The JERSEY FIU Q1 2025 Suspicious Activity Report (SAR) has a Hamas-linked case study as follows.

SITUATION:

1. In the months following Hamas' attack in October 2023, a group of fraudsters affiliated with the terrorist organisation set up a crowdfunding GoFundMe campaign disguised as ‘humanitarian aid for a conflict zone.'
2. The GoFundMe page was shared in Facebook groups with ‘Jersey’ in their names, such as ‘Jersey Ask, Advise, Advertise.'
3. Thousands of Jersey residents saw the page, and some were willing to donate to the cause.
4. The donations, totalling over £5,000.00, were funnelled through multiple accounts, including a Jersey bank account opened two months before the attacks.
5. The Jersey account holder had an existing banking relationship with the institution in the US, which enabled them to open the Jersey account.
6. The funds were then converted into cryptocurrency and ultimately used to support Hamas' extremist activities.

Activity Indications:

1. High-risk jurisdiction & sector.
2. Non-profit organisations (NPOs) primarily rely on contributions from supporters and the general public's trust.
3. The psychological benefits, including the sense of fulfilment, from donating to charity can make it easy for false charity causes to deceive community members, making them an effective front for garnering donations that may be used illicitly.
4. Jersey was targeted as a jurisdiction because it is a well-known offshore finance centre with wealthy residents who may be more likely to donate funds.
5. Crowdfunding platforms are an effective fundraising method for terrorist organisations because they attract small donations from large audiences, which can go a long way in funding extremist activities.
6. Social media and the internet's widespread reach allow these campaigns to solicit donations from afar without being hindered by geographical distances.
7. This risk must be assessed further due to Al's advancements, which will likely make the process easier for the bad actors behind the pages.
8. Potential Suspicious Activity:
   1. Lack of information about the crowdfunding campaign’s purpose, goals and ultimate beneficiaries.
   2. The campaign encourages supporters to provide funds across different platforms or provides instructions on how to fragment the payments.
   3. Use vague and emotionally charged language, e.g. ‘help innocent people get supplies".
   4. Lack of transparency regarding how the funds would be used.
   5. Cryptic information included in transaction references from the Jersey bank account to multiple third parties that could indicate support for terrorist campaigns.
   6. Lack of transparency on the purpose of the account opened in Jersey.
   7. Rapid transfer of funds identified from the Jersey bank account to a Revolut account.
   8. Transfers from the Jersey bank account were of low value and in multiple tranches.
   9. The bank received no response when contacting the Jersey bank account holder.

Actions:

TERRORISM RED FLAGS

1. Due to the terrorist financing link, this report would be flagged to the highest level, known as a Code 1.
2. Additionally, it would be delegated to a FIU officer whose SPECIALIST POINT OF CONTACT (SPoC) subject is terrorist financing.
3. The risk of potential terrorist financing through NPOs has been identified as a geopolitical risk and raised within the FINANCIAL CRIME INTELLIGENCE THREATS TASK FORCE (FCI-TT) group, which assesses threats that may impact Jersey.
4. FIU Jersey (JFIU) carefully monitors reports with connections to jurisdictions within / related to the Middle East, given that countries such as Turkey and Qatar have acted as conduits for Hamas funding.

INFORMATION SHARING WITH THE PUBLIC

1. FIUJ plans to disseminate educational pieces/insights to the public to prevent public funds from being donated through different mechanisms.

TRAINING

1. FIU staff have undertaken training and listened to guest speakers centred on the structure of the Islamic world to better understand the cultural elements and financing intricacies of the religion, such as taxation.
2. All FIU officers have undertaken or will undertake a module on terrorist financing through a dedicated training provider.

DPA & REVOLUT

1. A Data Processing Agreement (DPA) was sent to Revolut to analyse further transactions associated with the flow from the Jersey bank account to the Revolut account.

CRYPTO SKILLS

1. FIUJ is assessing the need for a blockchain analysis tool that will enable crypto transaction tracing.
2. This has been raised at the FCI-TT group, where members have recognised the need to assess the crypto threat landscape in Jersey as a priority.
3. FIU engagement has been made with TRM Labs (a well-established provider).
4. FIUJ have dedicated two staff members as crypto SPoCs, enabling them to spend time researching and sharing valuable education pieces on the crypto asset ecosystem.
5. In this case, the FIU terrorist financing SPoCs and FIU Crypto SPoCs collaborated on analysis efforts.

INTELLIGENCE SHARING

1. The FIU also partners with the STATES OF JERSEY POLICE COUNTER TERRORISM POLICING UNIT (CTPU).
2. Whereby any intelligence deemed necessary to share with a connection to terrorism is disseminated through a secure platform.
1. FIUJ is seeking to join INTERPOL's GLOBAL RAPID INTERVENTION OF PAYMENTS (I-GRIP) as a stop-payment mechanism, which helps trace, intercept, and freeze crime proceeds.
2. FIUJ plans to sign a Memorandum of Understanding (MoU) with the Jersey Cyber Security Centre (JCSC) to understand the island's security threats better and coordinate effectively to tackle illicit finance.
3. Like FlUJ's MoU with challenger banks, the FIUJ can assess how it can agree with crowdfunding platforms to obtain information that is not publicly available on the page.

OUTCOME:

1. To help identify transactions related to the GoFundMe page, it is proposed that major banks can be alerted through
1. JERSEY'S PUBLIC-PRIVATE PARTNERSHIP (PPP),
2. JERSEY FINANCIAL INTELLIGENCE NETWORK (JFIN),
2. When GoFundMe pages link to bank accounts for withdrawals, the banks can verify the account holders and conduct due diligence to ensure legitimacy. This can help assess whether the page's stated purpose aligns with banking behaviour.
3. Banks can enhance monitoring of accounts opened by non-residents during geopolitical conflicts, such as the attack on Israel.
4. Additionally, this can extend to reviews of accounts opened in the months before a significant conflict breaks out, especially when there is no clear rationale for doing so, to prevent the accounts from being used for illicit purposes.
5. Efforts were made to remove the page's post on Facebook via a request to the page admin.
6. Local banks are addressing the ease of opening an offshore account due to holding an existing account in another jurisdiction.
7. This will most likely result in stricter Know Your Client (KYC) requirements and more clarification about the account's purpose.
8. FIUJ were advised that the global relationship would be reviewed and exited if appropriate.

FIU COMMENT:

1. During major conflicts or geopolitical tensions, the public should be encouraged to report pages soliciting donations, as law enforcement may not always know them.
2. FIUJ. With Jersey Financial Service Commission (JFSC) involvement, a research project with local non-profit organisations (NPOs) will be undertaken to identify how they may be exploited to raise and move funds in the same context.
3. Coordination with international partners to protect Jersey from being a conduit for terrorist financing.
4. FIUJ undertook Open-Source Intelligence (OSINT) research to identify whether other International Finance Centres (IFCs) had experienced similar targeting by bad actors.
5. The rapid transfer of funds out of the Jersey bank account is assessed to be a likely attempt to move small donations through different accounts and financial institutions to obfuscate the funds and make it more challenging for competent authorities to trace and identify the end destination.
6. Identifying IP addresses linked to crypto wallets hosted in Jersey may be a central tool in tackling illicit finance associated with crypto assets.
7. FIUJ regularly refers to the D2 list issued by the JFSC, which provides details of countries, territories, and areas that reliable and independent sources have identified as presenting a higher risk of terrorist financing.
8. This list assists with analysing and grading reports.

You can read the full quarterly report here:

• https://go.fiu.je/2025Q1
• https://cdn.prod.website-files.com/6464df252c82010a0d5f893f/68133ef565cf0d0ae129d9eb_20250430_1072_V1%20FIU%20SAR%20Q1%202025%20Report.pdf