IEP ¦ Global Terrorism Index 2025 - Measuring the Impact of Terrorism

Measuring the Financial Crime Risks of a Shifting Terrorism Landscape

How the 2025 Global Terrorism Index reshapes financial crime risk assessment

The Global Terrorism Index 2025 (GTI 2025) presents a changing picture of where and how terrorism is concentrated, the actors driving violence, and the technologies transforming operational capabilities. For professionals in financial crime compliance, fraud investigation, sanctions enforcement, and counter–terrorist financing (CTF), the report contains several implications that require immediate reassessment of risk models, transaction monitoring rules, customer due diligence (CDD) processes, and intelligence-sharing priorities. This article translates the GTI 2025’s findings into practical considerations for financial crime teams and senior decision‑makers.

Shifts in geographic risk require reprioritised country and regional matrices

GTI 2025 makes clear that the epicentre of terrorism has materially shifted toward the Sahel and sub‑Saharan Africa: the Sahel accounted for 51 percent of global terrorism deaths in 2024, and terrorism deaths there have risen nearly tenfold since 2019. Five of the ten most impacted countries are in the Sahel. At the same time, activity has spread into new coastal West African states and resurged in places such as Niger, which recorded a 94 percent rise in terrorism deaths in 2024.

For financial crime teams this means geographic risk scores, sanctions watchlists and correspondent banking controls that were heavily Middle East‑centric must be recalibrated. Banks, money‑service businesses (MSBs), and fintechs should:

• Reevaluate country risk weightings to reflect acute instability in Sahelian states and neighboring countries now experiencing spillover attacks and militant expansion.
• Increase scrutiny of correspondent relationships, cash‑intensive channels, and informal remittance corridors involving affected countries, including trade‑based remittance flows and cross‑border cash couriers.
• Tighten enhanced due diligence (EDD) thresholds for high‑risk natural persons and legal entities associated with gold, mining, or extractives supply chains originating from the Sahel, given documented competition over gold and other critical materials.

Bastian Schwind-Wagner_Follow "The rise of terrorism in the Sahel and the growing decentralisation of jihadist networks significantly increase the risk of illicit finance and trade‑based exploitation, demanding urgent recalibration of AML/CTF controls and intelligence sharing. Financial institutions must prioritise enhanced due diligence for commodity and trade flows, strengthen behavioural monitoring for decentralised funding patterns, and invest in interoperable AI tools for timely detection and response."

Evolving group structures and unclaimed attacks complicate attribution and sanctions design

GTI 2025 highlights that several groups — IS and affiliates, JNIM, TTP, and al‑Shabaab — account for a growing share of fatalities, and that 36 percent of attacks in 2024 were unclaimed. The Institute’s machine‑learning effort suggests significant under‑attribution: attributing some unclaimed events to IS would have raised its attributable deaths substantially. For compliance units, this has two consequences:

• First, legal and intelligence attribution will often lag the operational reality, complicating sanctions or designation decisions that rely on confirmed links.
• Second, the decentralised and affiliate model of IS and growing jihadist networks means financing and facilitation channels are less likely to be routed through established, named entities; instead, they may utilise loose networks, front businesses, or informal value transfer systems.

Actionable steps include:

• Strengthen behavioural indicators in transaction monitoring to capture patterns consistent with decentralised financing (small, recurrent transactions to a network of accounts; cross‑jurisdictional layering via low‑value wire transfers; frequent use of crypto mixers or unhosted wallets).
• Combine open‑source event detection with internal transaction analytics to detect emerging patterns linked to specific incidents or geographic spikes even before formal designations arrive.
• Coordinate earlier and more frequent information exchange with national financial intelligence units (FIUs) and industry consortiums to address attribution gaps and to support timely protective measures.

Commodity markets, extractives, and trade flows present heightened AML/CTF vulnerabilities

The GTI documents that gold mining and natural resource competition are key drivers of local and transnational influence in the Sahel. Niger’s importance as the world’s seventh largest uranium producer and increasing international interest in critical materials further elevates the risk that resource revenues or trade flows will be exploited for illicit purposes.

Financial crime teams should therefore treat commodity‑related counterparties, trade finance instruments, and related supply chains as high‑risk. Recommended measures:

• Apply EDD to export‑import firms, local mining companies, and traders from high‑risk zones, with documentary verification of shipments, beneficial ownership, and payment flows.
• Monitor trade finance transactions for signs of over‑ or under‑invoicing, duplicate financing, or rapid ownership changes — common methods to move value from unstable regions.
• Engage trade compliance and sanctions teams early when clients operate in extractives or logistics sectors tied to volatile jurisdictions.

Technology’s dual role: enhanced threat vectors and improved detection

GTI 2025 stresses that artificial intelligence and encrypted communications are reshaping both terrorist capabilities and counter‑terrorism tools. Terrorist actors increasingly use AI to craft convincing, localised propaganda and encrypted platforms for coordination. At the same time, AI-driven analytics present opportunities for banks and regulators to improve detection of illicit finance patterns.

For financial crime programs this duality means investing in technical capabilities while preparing for adversaries’ more sophisticated use of digital tools:

• Expand monitoring to include non‑financial signals that correlate with radicalisation or incident activity — sudden spikes in donations to specific NGOs, atypical purchase patterns of dual‑use goods, or abrupt account openings tied to new propaganda waves.
• Adopt machine‑learning models designed to spot low‑value, high‑volume structuring typical of decentralised fundraising, while ensuring models are interpretable for audit and regulatory review.
• Enhance capabilities to trace crypto‑native flows, including partnerships with blockchain analytics firms and improved policies for dealing with unhosted wallets and mixers.

Lone actors and “soft” funding channels: detection challenges for retail banking

The GTI documents a rise in lone‑actor attacks in Western countries, often executed by youths radicalised online and using minimal direct organisational support. While lone actors may not rely on large transfers or formal fundraising networks, they still generate financial patterns worth monitoring — small purchases of weapons components, travel bookings, and prepaid card usage.

Compliance teams should:

• Calibrate retail monitoring to flag atypical patterns such as sudden small purchases of weaponizable items, multiple small reloads of prepaid instruments, or last‑minute foreign travel originating from accounts with limited transactional histories.
• Improve alert triage by integrating behavioral risk scores (age, sudden change in activity, links to flagged content) to reduce false positives while prioritising genuinely suspicious cases.
• Train frontline staff to identify red flags beyond pure monetary thresholds — rapid change in account behavior, sudden use of anonymity tools, or new accounts funded by opaque third parties.

Sanctions, disrupted plots, and the intelligence gap

GTI 2025 reports that authorities disrupted at least 24 publicised IS‑linked plots in 2024 across multiple regions. The true number of thwarted operations is likely higher, since intelligence services rarely disclose all disruptions. This uneven visibility complicates a financial institution’s ability to align controls with the threat environment.

To mitigate the intelligence gap:

• Maintain flexible and dynamic watchlists that can be quickly updated when new operational intelligence is shared by regulators or FIUs.
• Participate in public‑private partnerships and local task forces that facilitate rapid dissemination of time‑sensitive indicators of compromise and threat actor financial signatures.
• Document and share anonymised case studies (where permissible) to improve sector‑wide detection rules and avoid re‑creating detection “silos.”

Operational and governance implications for financial institutions

The GTI’s findings imply several governance and operational actions:

• Risk governance: Boards and senior management should require an updated terrorism‑related AML/CTF risk assessment that incorporates GTI 2025 geographic and thematic shifts, with specific resource allocation to high‑risk regions and activity types.
• Resourcing and skills: Recruit analysts with regional expertise (Sahel, West Africa, South Asia, Central Asia) and digital investigation skills (crypto tracing, OSINT, open‑source event correlation).
• Scenario planning: Run red‑team exercises simulating rapid spillover from a Sahelian state, sudden designation of previously unknown affiliate entities, or a wave of AI‑enhanced online fundraising to stress‑test transaction monitoring and sanctions screening.
• Regulatory engagement: Proactively inform regulators of adjusted risk profiles and the reasoning behind new thresholds or watchlist changes; request guidance where the operating environment is ambiguous.

Conclusion: adapt controls to a fluid, decentralised threat

The GTI 2025 shows terrorism is not only persisting but changing in geography, structure, and method. For financial crime and compliance professionals, the lesson is clear: static models calibrated to past epicentres are no longer sufficient. The rise of the Sahel as an epicentre, the growth of decentralised networks and unclaimed attacks, the exploitation of extractive industries, and the accelerating use of AI and encrypted platforms all demand a proactive, intelligence‑driven response. Strengthening trade and commodity diligence, recalibrating geographic risk, investing in machine‑learning detection that is explainable and auditable, and deepening public‑private intelligence exchanges will be essential to manage the evolving financing risks that GTI 2025 reveals.

Dive deeper

• Institute for Economics & Peace (IEP) ¦ Global Terrorism Index 2025: Measuring The Impact of Terrorism, Sydney, March 2025. Available from: http://visionofhumanity.org/resources (accessed 09/2025). ¦ Link