Reported by FinCEN

The FinCEN Advisory issued in April 2025 outlines the ongoing threat posed by ISIS and its global affiliates, emphasizing their sustained capability to inspire and conduct terrorist attacks worldwide. While the group’s central leadership remains in Iraq and Syria, ISIS operates through numerous affiliates across Africa, the Middle East, and Central Asia. Recent high-profile attacks, including those in Moscow, Iran, and the U.S. (such as the 2025 New Orleans attack), illustrate the persistence of the threat. The Advisory aims to help financial institutions identify and report suspicious activities connected to ISIS financing, aligning with broader U.S. anti-money laundering and counterterrorism objectives.

The collapse of the ISIS caliphate in 2019 led to decentralization, pushing the group toward a covert operational model. Affiliates now function semi-independently but still receive guidance and funding from the central leadership’s General Directorate of Provinces. These affiliates vary widely in goals and methods, but collectively pose a serious global threat. In detention and refugee camps like al-Hol, ISIS maintains influence, particularly among women and adolescents, and actively recruits, smuggles resources, and attempts to rebuild its strength.

ISIS’s current funding strategies reflect its loss of territorial control. Affiliates rely on diverse sources such as extortion, resource extraction, kidnapping for ransom, and digital fundraising. For example, ISIS-Somalia has extorted millions from local businesses, and ISIS-DRC profits from gold mining. ISIS-K and other branches still use kidnapping to generate significant revenue. Crowdfunding—often masked as humanitarian relief—continues to support operations, especially via virtual currency and unregulated platforms.

The group exploits financial systems using a mix of traditional and digital means. Hawalas, money service businesses, and virtual asset exchanges, particularly in regions with weak anti-money laundering (AML) controls, are frequently used. Funds are transferred globally through mobile money platforms, cash couriers, and digital assets like Bitcoin and Tether. ISIS also uses deceptive tactics to disguise fundraising campaigns as humanitarian aid, especially targeting audiences sympathetic to civilians in conflict zones.

Finally, FinCEN provides detailed red flags and guidance for financial institutions to recognize potential ISIS-related activity. These include patterns such as sudden account closures, uncharacteristic asset liquidation, suspicious travel arrangements, or digital currency transfers linked to ISIS regions. Institutions are urged to file Suspicious Activity Reports (SARs) with specific keywords and collaborate under information-sharing frameworks. The advisory underscores the importance of robust due diligence, SAR filings, and vigilance to thwart terrorist financing networks.

Read full version: https://www.fincen.gov/sites/default/files/advisory/2025-04-01/FinCEN-Advisory-ISIS-508C.pdf