Money Laundry and Financing Terrorism
ArticlesEnglish Articles

National Risk Assessment on Money Laundering and Terrorist Financing: Lessons Learned

Abstract: As part and parcel of the international standards on combating money laundering and terrorism finance and proliferation, countries need to assess the risk of money laundering and terrorism financing. They should also ideally apply a risk-based approach to commensurate their economic resources according to the risk. To better understand the value of conducting a National Risk Assessment on Money Laundering and Terrorist Financing (NRA), the recently published Sri Lankan NRA is a good starting point. In the Sri Lankan context, the findings of the NRA have to be presented to the National Coordinating Committee, which represents the key stakeholders who can initiate policies to curb anti-money laundering and counter the financing of terrorism.

Problem Statement: What is the rationale for having a National Risk Assessment on Money Laundering and Terrorist Financing?

Bottom-line-up-front: Conducting an NRA on money and terrorism financing is challenging because mapping trends in innovations has become more vital than ever to prevent money laundering and terrorism financing. These innovations include virtual currencies, modern payment systems like PayPal, and country-specific risks unique to every nation.

So what?: Policymakers are urged to revisit the existing recommendation and assess its practicality to cover the persistent and potential risks of money laundering and terrorist financing. The findings of the NRA should certainly not be limited to data. Rather, they should direct policymakers to take appropriate measures to prevent and mitigate money laundering and terrorist financing risks.

Source: studio

Understanding the Problem

The National Risk Assessment on Money Laundering and Terrorist Financing[1] (NRA) is an international requirement imposed by the Financial Action Task Force (FATF).[2] It recommends that countries identify, analyse, and understand the risks of Money Laundering (ML) and Terrorist Financing (TF). The objective of this research is not to evaluate the findings of the NRA. Instead, it seeks to explore whether or not all the relevant factors are accounted for in assessing TF risk and to what extent the Countering the Financing of Terrorism (CFT) measures are effective as an intervention tool. It investigates the purpose of having an NRA. The purpose is to present data that can support claims of efficiency in countermeasures against the financing of terrorism and be successful in controlling TF risk or understand how the TF risk has declined with the interventional measures of CFT.

Assessing Risks

The FATF, as the policy setter on combating ML and financing terrorism and proliferation, requires countries to demonstrate their understanding of the distribution of ML and TF risks across different sectors. Recommendation 1 of the FATF deals with assessing risks and applying a risk-based approach. It states, and it is as follows:

“Countries should identify, assess, and understand the money laundering and terrorist financing risks for the country, and should take action, including designating an authority or mechanism to coordinate actions to assess risks, and apply resources to ensure the risks are mitigated effectively. Based on that assessment, countries should apply a risk-based approach to ensure that measures to prevent or mitigate money laundering and terrorist financing are commensurate with the risks identified. This approach should be an essential foundation for the efficient allocation of resources across the anti-money laundering and countering the financing of terrorism (AML/CFT) regime and the implementation of risk-based measures throughout the FATF Recommendations. Where countries identify higher risks, they should ensure that their AML/CFT regime adequately addresses such risks. Where countries identify lower risks, they may allow simplified measures for some FATF Recommendations under certain conditions.”

The intention of having an NRA is to provide an opportunity for countries to demonstrate an adequate understanding of their sectoral and overall ML and TF risks. Ferwerda and Reuter[3] propose that “NRA is an effort, within the context of the existing set of laws, to determine whether AML resources (including the stringency of monitoring, the severity of sanctions, and the intensity of investigations) are sufficient and whether they could be better allocated across different sectors of the financial system to reduce overall money laundering in a country”. Contradictingly, the FATF provides little guidance on how  NRAs will be conducted.[4] Without specific guidance, countries have been left with the discretion of whether to adopt their inbuilt methodology or adopt tools developed by the World Bank or other such international organisations. There is no standard method of conducting an NRA; therefore, the assessment of ML/TF risks, the methodology and the outcome of the NRAs differ from country to country.

The World Bank methodology for assessing NRA provides guidance for nations to conduct a standard ML/TF risk assessment. Said methodology has been designed to be used by any country. The benefit of applying the World Bank framework is that it is deemed acceptable by the FATF. Therefore, there might not be questions on the methodology or the Mutual Evaluation. The Mutual Evaluation investigates the country’s adherence to the FATF recommendations through a peer-reviewed process. On the same note, it needs to be noted that the World Bank methodology has been designed to be used by any country.

The benefit of applying the World Bank framework is that it is deemed acceptable by the FATF.

However, the World Bank methodology may not capture the country-specific concerns in other cases. As an example, if a country’s TF threat level is posed by drug trafficking, the nexus between drug trafficking and TF will not be addressed unless there is a risk indicator to capture the TF risk posed by predicate offences. This limitation would not have occurred if the country had used an inbuilt methodology instead or modified the World Bank’s methodology according to its needs. However, it has to be noted that modifying a methodology needs more resources and is time-consuming. If the country is around the corner for the Mutual Evaluation, it could adopt the given methodology and show it has completed recommendation 1 of the FATF. By conducting the NRA, the country may have completed the task and gotten a higher rating from the international evaluators. However, it still raises the question of whether the country has fulfilled the objective of what is meant or expected by conducting an ML/TF Risk Assessment.

The general idea of having an NRA is to identify, assess, and understand the TF risk of the country and take mitigation measures. As such, it is reasonable to assume that countries should identify and evaluate the persistent TF risk and the potential TF risk that might harm its national security and economy. Therefore, the objective of an NRA is not primarily to please international evaluators but to understand a country’s sectoral and overall risk assessment – and to evaluate whether it has sufficient mechanisms to intervene and disrupt the sources of TF.

TF is a transnational crime. When assessing national TF risk, countries need to understand the global landscape of TF. In the landscape of TF, there has been a paradigm shift from funded to self-funded TF activities and from structured to loosely structured terrorist organisations. Assessing the TF risk should not be limited to understanding only homegrown individuals or terrorist organisations but also the risk posed by movements in the regional/international TF landscape.  


This research is based on the NRA completed in 2021/2022 in Sri Lanka and, more specifically, on the TF risk. It also assessed the TF component on other published NRAs, mainly in the United Kingdom, Italy, Switzerland, the Netherlands, and the USA. Sri Lanka adopted the World Bank methodology, which assesses risk as a combination of threat and vulnerability.

Terrorist Financing Threat

According to the World Bank methodology, TF threat is divided into three limbs: defining terms, data collection and analysis. From the outset, it mentions that the TF risk of a country is assessed under the categories of TF threat, sectoral TF risk, and TF vulnerability. The methodology evaluated the national TF threat under four elements: domestic TF threat, outgoing TF threat, incoming TF threat, and transit TF threat.

Foremost, what TF means has not been defined in the NRA or the FATF recommendations. Without clear guidance from the FATF, some countries identify TF threats emanating from persons (Canada), and some refer to crimes (Singapore).[5] To assess the TF risk, it must be clear what is covered or not under the definition of TF. Without a specific definition, it can be assumed that NRA has the same meaning as TF, defined under a country’s national laws. If the country has a definition with deficiencies, it will be reflected and passed on to the NRA. For example, the Sri Lankan NRA admits that the enactment’s definition needs further amendments to capture individuals travelling abroad to prepare, plan, or participate in conflict zones. In that regard, one can conclude that the definition used to assess the TF risk is embedded with the necessity for further improvements on a country basis. To overcome deficiencies, as in Sri Lanka, countries should explain whether or (not), incorporating the risks posed by the individuals travelling to conflict zones, known as the foreign terrorist fighters or the returned foreign terrorist fighters, would have made any difference in the outcome of the risk assessment.

To assess the TF risk, it must be clear what is covered or not under the definition of TF.

Then, it needs to understand how the data was collected and to identify and assess the TF risks needs to be understood. Data represents both qualitative and quantitative types. In the NRA, there is no specific reference as to how data should be collected. Reading through the published document, it appears that Sri Lanka relied on qualitative and quantitative data from official sources like the State Intelligence Service (SIS), military intelligence units, and intelligence units that function under the Sri Lanka Police. Basically, the NRA is conducted based on official data, but it does not specify whether it includes unsuccessful or prevented terrorist attacks.

Generally, a country can obtain official data from sources such as Suspicious Transaction Reports, Threshold Transaction Reports, and the dissemination of information provided by law enforcement authorities. It is of the view that the Financial Intelligence Unit, as the central authority for AML/CFT, may have given guidelines and conducted the capacity-building training workshops for the officers of the reporting institutions on how the reports are created, what data needs to be entered, and how the data needs to be analysed at the initial stage. Thus, quantitative data is produced, but experts are still needed to analyse the data produced by the reporting institutions. It is unclear whether the experts have reached a consensus on the outcome of the findings (as in Italy) or whether the officers of the Financial Intelligence Unit have assessed the outcome after considering all the available data.[6] On the other hand, scholars have criticised relying on official data, highlighting that data was relatively unimportant in developing national policies followed by the policies’ implementation.[7]  

The interpretation of data is crucial in an NRA. Sri Lanka experienced the Easter Sunday terrorist attacks nearly a decade after the military defeated the Liberation Tigers of Tamil Eelam (LTTE) in 2009. The NRA reports data on the Easter Sunday attack but pays less attention to the fact that the global landscape of terrorism has changed from funded terrorist activities to self-funded terrorist activities. Nonetheless, the data can be interpreted as indicative of the threat posed by territory-controlling terrorist groups such as the LTTE, which has decreased over the years. In contrast, the threat posed by self-funded small cells has increased. In other words, the two have an inverse relationship. This section similarly does not give a take-home message for policymakers that the dimensions of TF have been changed and that it is needed to direct the countermeasures on a new form of terrorism that emanates from small cells and lone actors.[8] 

AML/CFT Policy History

The paradigm shift of the TF also questions whether the country has sufficient tools to identify the threat posed by the new form of terrorism. When analysing the history of AML/CFT policies, the CFT measures were introduced only after the terrorist attacks that took place on September 11, 2001, also commonly referred to as the 9/11 attacks. The 9/11 attacks created reverberation across nations, and the FATF introduced nine special recommendations to counter the risk created by terrorist organisations. Later, these recommendations were amalgamated with the recommendations on AML. The recommendations on CFT were mainly focused on disrupting the financial flow of Al-Qaeda, as they held responsibility for the 9/11 attacks.

The analysis of the FATF recommendations on the CFT reveals that these recommendations were more focused on identifying the financial footprint of the territory controlling terrorist groups. Territory-controlling terrorist groups need continuous and stable financial flow for several reasons, which include maintaining the territory under their rule, advancing troops, buying weapons, and maintaining training camps. The financial needs of unaffiliated small cells and lone actors differ from those of territory-controlling terrorist groups. IS, it is necessary to evaluate the recommendation made on one segment of terrorist financing that fits all its forms. This should compel policymakers to rethink, without having a sophisticated framework to capture the financing of the new form of terrorism, whether it is reasonable to conclude that “the current terrorism threat level is low”.

The analysis of the FATF recommendations on the CFT reveals that these recommendations were more focused on identifying the financial footprint of the territory controlling terrorist groups.

The NRA would have been comprehensive if attention had been given to the prevalent offence of crimes such as drug trafficking. In the analysis of the ML threat levels, drug trafficking has been identified as the major predicate crime with a rating of ‘Medium High’. The LTTE was identified as the leading mover of narcotics before the Turkish-based terrorist organisation PKK took over.[9] Previous research revealed that there is a nexus between drug trafficking and TF.[10] The research findings reported that the Madrid bombing in 2004, which killed 191 people and wounded 1800, was mainly funded by the proceeds of trafficking illicit drugs.[11] Due to the nexus of drug trafficking and TF, if the country is posed with a medium-high threat level of ML, it may have a positive correlation with TF as well. In such a situation, an analysis of the TF threat level without considering the threat posed by drug trafficking will not be comprehensive.

The latter part of the TF threat assessment refers to TF threats arising from terrorist persons, groups, and organisations. Identifying a terrorist person, group, or organisation can be done in two ways: top-down or bottom-up. The NRA uses the United Nations Security Council Resolution (1373) as a reference point. This resolution mentions imposing targeted financial sanctions on a list of persons where the member countries have no choice but to comply with the list. Complying with a given list was characterised as adopting a top-down approach.[12]

The other method of identifying terrorist persons, groups, and organisations is to adopt a bottom-up approach. In this context, the reporting institutions generate suspicious transaction reports based on the suspicious activities of persons, groups, and organisations and send them to the Financial Intelligence Unit for further investigation. Finding suspicious activity among thousands of financial transactions is a challenging task. To ease this process, the FATF and the Financial Intelligence Unit have provided specific indicators as red flags where such financial transactions would be flagged as suspicious if they are not compatible with the economic profile of the relevant person. Indeed, the NRA cannot reveal to the public what the red flags given to the financial institutions to identify small cells and lone actors are. However, it would be worthwhile to take NRA findings into account to broaden the red flags, as in the process of completing the NRA, intelligence information has been shared with policymakers.

Moreover, the NRA mentioned that the funding needs of the LTTE were found to be low. The funding needs of the LTTE need to be low if it is no longer operating as a territory-controlling terrorist group. The objective of the LTTE is to claim an independent state, and this is reflected in the organisation name by including the wording ‘Tamil Eelam’. The funding needs of terrorist organisations can be divided into carrying out operational activities and maintaining the organisational structure. As the LTTE was militarily defeated in 2009, their funding requirement to preserve the structure of the organisation and carry out operational activities became redundant, but this did not preclude the LTTE from working on maintaining its international reputation, spreading propaganda, or attracting sympathisers. What is essential is that the funding requirement of the LTTE has become low with the military defeat, but this has not curtailed their ability to raise funds for terrorist activities.  

Further, the statement of the LTTE was limited to funding; there was no reference given to the present status of the ban imposed on the LTTE by the international community. Previous research revealed that the LTTE mainly collected money from the international arm of the Tamil diaspora.[13] As such, the developments in the international forum with respect to the LTTE have a direct impact on their ability to raise funds. The movements in the international forum, as an example, the UK Proscribed Organization Appeal Commission,[14] have delisted the LTTE as a terrorist organisation in the UK, and whether such delisting has an impact on TF risk in Sri Lanka was not presented.

Previous research revealed that the LTTE mainly collected money from the international arm of the Tamil diaspora.

The NRA refers to “other extremist groups,” but there is no reference given in the content to those other extremist groups. Extremism can be derived from different kinds of ideologies that stem from religion, political agendas, or social change, as examples. Therefore, the wording of other extremist groups requires clarity to identify what is covered or not under the preferred term. Further, it has to be noted that terrorism may not occur only among extremist groups. In the plethora of studies of terrorism, terrorism has been categorised as far-left terrorism, far-right terrorism, state terrorism, neo-Nazi terrorist groups, and animal rights terrorist groups.     

Sectoral Terrorist Financing Risk

According to the World Bank, the second part of the NRA is devoted to understanding the sectoral risk assessment, which comprises an analysis of sectors that might impact TF. This sectoral assessment reflects nothing more than the traditional methods, also referred to as golden oldies, which includes the risk posed by the banking and finance sector and designated non-financial sectors. When conducting an NRA, authorities should not fall behind the new developments in technologies and focus on traditional methods or blindly follow what has been given by the FATF. Better said, NRAs should not be limited to assessing risk, which emanates from traditional methods. They also need to focus on the threat posed by emerging technologies.

The internet has played a remarkable role in developing e-commerce and facilitating payments through electronic means like PayPal and virtual currencies, including USDT, Bitcoin, and Ethereum. These payment methods have become alternatives to traditional financial systems and legal tender. The EU directive interprets virtual currencies as “a digital representation of value that is not issued or guaranteed by a central bank or a public authority, is not necessarily attached to a legally established currency, and does not possess a legal status of currency or money, but is accepted by natural or legal persons as a means of exchange and which can be transferred, stored, and traded electronically.”

The TF risk posed by using an e-commerce platform and virtual currencies does not arise only because of the anonymity of the transactions. The features, including irreversibility of the transaction, decentralisation, and globalisation,[15] also attract criminals and terrorists. Further, these transactions occur outside the supervision of the AML/CFT framework or with minimum intervention by regulators or supervisors. Although the activities done in blockchain are out of the scope of AML/CFT supervision, financial institutions can still apply due diligence measures at the point of fiat on-ramps. Fiat on-ramps refer to the fiat-to-crypto exchange.[16] This NRA could have been more comprehensive if the TF risk posed by the cryptocurrencies had been accounted for and the regulatory interventions taken at the point of fiat on-ramps had also been mentioned in the data analysis.

It is understood that customer due diligence measures cannot be applicable if it is a crypto-only exchange where the cryptocurrencies are exchanged with one another. Eisermann stipulates that without knowing the cryptocurrency’s private key, it is impossible to take regulatory actions such as seizing or freezing assets deposited in a cryptocurrency wallet. Wang and Zhu[17] propose that cryptocurrencies are attractive to terrorist organisations, but their usage remains low. This may be because of the large fluctuation of cryptocurrency prices. The reason for not referring to cryptocurrencies in the NRA may be the reason that there is less evidence of terrorists using them.

In the NRA, it was mentioned that the Non-Profit Organization (NPO) sector was not considered for reasons not stated. Identifying the TF risk posed by the NPO sector is vital because, after forming an NPO, a large volume of money can be transferred frequently to the end user without suspicion. It is not only the NPO sector; other sectors can transfer large sums of money, like real estate, precious stones and metals. The sectoral vulnerability of these sectors is also not mentioned in the sanitised version. The above factors highlight that assessing sectoral TF risk requires diverse assessments in traditional and emerging sectors that emanate from new techniques.

Identifying the TF risk posed by the NPO sector is vital because, after forming an NPO, a large volume of money can be transferred frequently to the end user without suspicion.

National Terrorist Financing Vulnerability

In the World Bank methodology, the national TF vulnerability section is devoted to understanding national combat abilities. The World Bank methodology requires countries to present asset types and the details of the assets in the NRA. The Sri Lankan NRA detailed a list of confiscated assets; however, the duration of the confiscation has not been mentioned. In the absence of a specific period, it is assumed that these confiscations of assets were related to the period in which the NRA was conducted. The presentation of such data is relevant for policymakers to take appropriate countermeasures.

As an example, the Italian authorities suggested implementing restrictions on the usage of cash by placing a threshold limit that can be used to make payments in cash. The payment must go through the banks if the required amount exceeds the threshold limit of 500 EUR.[18] The Italian data presentation can be seen as a classic example of how the NRA data has been directed to make policy decisions.

One of the parameters mentioned in the quality of TF intelligence gathering and processing includes the quality of the intelligence gathering and processing, which refers to suspicious transaction reporting and threshold transaction reports. TF’s paradigm shift from funded to self-funded activities raises concerns about the ability to identify suspicious activities done by small cells and lone actors. For example, the attacks were carried out by a small cell of people known as “Doctor Cell” demonstrating that the entire plot can be financed through legitimate sources.[19] The Doctor Cell consists of people who work as medical practitioners or as trainee doctors. The expenses related to the terrorist activities were borne by legitimate sources such as salaries, savings, and personal loans. Further, the London Underground bombing, which occurred in 2005, was funded by salaries, bank loans, and credit card debts.[20] These examples show the difficulties in triggering suspicious transaction reports if the TF originated from a legitimate source. Financial surveillance was drafted to capture money that may be derived from illegal sources, but if the transactions are compatible with the economic profile of a perpetrator, then they are hard to detect.

The same argument referred to above is valid for threshold transaction reports. At the outset, it can be mentioned that the validity of the threshold transaction reports with respect to the transactions done by small cells and lone actors is redundant. Reimer and Redhead present the seminal argument that self-funding terrorism, which was deployed by small cells and lone actors, demonstrates little to no financial resourcing.[21] In such a situation, it is difficult to believe that the financial transactions of the small cells or lone actors will exceed the threshold limits. Although it is discussed that it is hard to trigger suspicious transaction reports and threshold reports about the financial activities of small cells and lone actors, Reimer and Redhead[22] argue that small cells and lone actors create a financial footprint. Still, it is difficult to capture through the present AML/CFT network. The present AML/CFT network has not been developed to identify the financial footprint of small cells and lone actors.

The present AML/CFT network has not been developed to identify the financial footprint of small cells and lone actors.

The NRA reveals that “there had been minimal reported terrorist activities in Sri Lanka over the past five years.” It cannot be agreed on this statement as there may be terrorist activities done by unaffiliated small cells and lone actors that do not fall under the radar of the law enforcement authorities (unreported cases), or there may be sleeping cells that are inactive but have the capacity and potential to deploy a terrorist attack at any given time.

Completing the NRA in Sri Lanka took 18 months with the cooperation of key holders representing the state and private sectors. It reflects the effect that the country needs to put to complete an NRA. In such a scenario, the NRA would have been more progressive if the data had been presented in a manner that enabled policymakers to take appropriate national policies to counter ML/TF.


The purpose of the FATF would have been to analyse the risks of money laundering and terrorist financing from a country’s perspective and to take appropriate policies at the national level. Although the FATF has directed countries to analyse money laundering and terrorist financing, it has not provided guidance and left countries to follow the methodologies they would prefer to adopt during the NRA process. In this process, countries conduct an NRA as an item of the checklists to be presented for the FATF or regional evaluators but do not understand the underlying rationale of doing an NRA. Therefore, strengthening the NRA process would direct countries to utilise their resources meaningfully, ultimately benefiting both national and international communities.

Noragal Dasni Lakmalee Hemchandra holds the following titles: Attorney-at-Law, LLB, and a Master’s in Economics and Public Policy from the University of Queensland, Australia. Her research interests are money laundering and terror finance. Previous works by her include an article on FATF standards, The Financing of Terrorism and the Characteristics of Terrorist Groups, The International Standards on Countering the Financing of Terrorism, What We Know About Self-Financed Terrorism and Implementing Anti-Money Laundering Laws: Challenges for Law Enforcement Authorities. The views contained in this article are the author’s own and do not represent the views of the Central Bank of Sri Lanka.

[1] National Risk Assessment on Money Laundering and Terrorist Financing, 2021/2022, last accessed September 10, 2023,

[2] Financial Action Task Force, 2023, International Standards on Combating Money Laundering and the Financing of Terrorism & Proliferation: The FATF Recommendation, last accessed January 15, 2023, FATF Recommendations 2012.pdf.coredownload.inline.pdf (

[3] J. Ferwerda and P. Reuter, “Learning from Money Laundering National Risk Assessment: The Case of Italy and Switzerland,” European Journal on Criminal Policy and Research, 25: 5-20.

[4] Idem.

[5] J. Ferwerda and P. Reuter, “National Assessment of Money Laundering Risks: Do Governments Understand Risk Well Enough to Implement a Risk Based Approach,” last accessed on October 14, 2023,,%20Do%20Governments%20Understand%20Risk%20Well%20Enough%20to%20Implement%20a%20Risk%20Based%20Approach,%20Ferwerda%20and%20Reuter.pdf.

[6] Idem.

[7] M. Levi, P. Reuter and T. Halliday, “Can the AML system be evaluated without better data?,” Crime Law Social Change, 68, 307-328.

[8] S. Reimer and M. Redhead, “Financial intelligence in the age of lone actor terrorism,” last accessed on October 01, 2023, CRAAFT_+RB3_Reimer+Redhead.pdf.; S. Reimer and M. Redhead, “A new normal: countering the financing of self-activating terrorism in Europe,” last accessed on June 15, 2023,

[9] N. Kochan, The Washing Machine, Edward Brothers, Ohio.

[10] E. Oftedal, “The Financing of Jihadi Terrorist Cells in Europe. Norwegian Defence Research Establishment,” last accessed on October 20, 2023,

[11] Ibid.

[12] Idem.

[13] R. Aryasinha, “Terrorism, the LTTE and the conflict in Sri Lanka,” Conflict, Security & Development 1 (2), 25-50.

[14] “Proscribed Organizations Appeal Commission,” 2020, TGTE wins appeal in the UK Proscribed Organizations Appeal Commission against proscription of LTTE as terrorist organisation, last accessed on October 22, 2023,

[15] S. Wang and X. Zhu, “Evaluation of Potential Cryptocurrency Development Ability in Terrorist Financing,” Policing 14: 4, 2329 -2340.

[16] D. Eisermann, 2020, “Cryptocurrencies as Threats to Public Security and Counter-Terrorism: Risk Analysis and Regulatory Challenges,” last accessed on December 01, 2023,

[17] Idem.

[18] Dipartimento del Tesoro, 2018, “Italy’s national money laundering and terrorist financing risks assessment drawn up by the Financial Security Committee,” last accessed on December 12, 2023,

[19] Idem.

[20] Idem.

[21] Idem.

[22] Idem.

You may also like

Comments are closed.