The emergence of online, non-traditional financial service platforms creates additional avenues for terrorist groups to receive and transfer funds outside of the traditional banking system.  One consequence of this trend is the potential for increased litigation against these providers under U.S. statutes that create civil liability for provision of material support to terrorists: the Anti-Terrorism Act (the “ATA”), 18 U.S.C. § 2333(a), and the Justice Against Sponsors of Terrorism Act (“JASTA”), 18 U.S.C. § 2333(d)(2).

Civil claims for damages under the ATA and JASTA have historically been brought against large banks for providing financial services to entities with alleged terrorist links.  Typically in such cases, victims of a terrorist attack and/or their family members allege that the bank supported the attack by processing U.S. dollar denominated transactions to an entity with links to terrorism (often through a chain of intermediaries).  In recent years, the range of entities against which ATA and JASTA claims have been brought has increasingly expanded to include companies outside of the banking sector, such as pharmaceutical companies, government contractors, and social media platforms.  As terrorist groups increase their use of non-traditional financial service platforms, cryptocurrency exchanges, decentralized fintech platforms, and other similar businesses may begin to face ATA and JASTA claims.

Terrorists’ Use of Non-Traditional Financial Services

Terrorist groups have long used non-bank financial services to collect funding.  For example, rather than using traditional banks which create a paper trail accessible to law enforcement, terrorist groups have often opted to transact through physical couriers or the hawala system, an alternative form of remittance through which funds are transferred informally with minimal physical movement of money.

In the early days of the internet, terrorist groups began using websites to solicit funding donations.  For example, beginning in the late 1990’s, individuals based in the United Kingdom operated a family of websites to support the Taliban and other terrorist organizations by fundraising, soliciting donations of military equipment, and selling propaganda materials.  The websites provided detailed instructions to potential donors for delivering bulk cash in amounts over $20,000 to the Taliban via its consulate in Pakistan.[1]

Continuing this tradition, terrorist groups in the modern era have sought to leverage new financial technology services to aid their fundraising efforts.  An early publicly reported use of Bitcoin by a terrorist group was the 2016 Jahezona campaign by the Ibn Taymiyya Media Center (the “ITMC”), the media wing of the Mujahidin Shura Council in the Environs of Jerusalem that was first designated by the U.S. government as a Foreign Terrorist Organization (“FTO”) in 2014.  Jahezona was a social media crowdfunding campaign through which the ITMC netted “tens of thousands’ worth of cryptocurrency across more than 50 individual donations” over a two-year period.[2]  The ITMC explicitly advertised that donations received through Jahezona, which means “equip us” in Arabic, would be used to buy weapons.[3]

Since then, FTOs such as Hamas and the Islamic State and their supporters have reportedly followed suit in experimenting with cryptocurrencies to seek financing, including through U.S.-based exchanges.[4]  Terrorist groups have also reportedly used decentralized money transfer services from internet payment service providers in order to receive funds from donors.[5]

Civil Liability under the ATA and JASTA

Cryptocurrency exchanges and other online financial service providers are subject to various U.S. regulatory and enforcement regimes, similar to traditional banks.  These regimes range from the anti-money laundering provisions and suspicious transaction reporting requirements of the Bank Secrecy Act to sanctions regulations that prohibit dealings with designated persons or entities as a result of their link to targeted regimes or activities (including terrorism), or location in certain countries and territories (currently the Crimea region of Ukraine, Cuba, Iran, North Korea, and Syria). [6]

They could also be subject to civil liability under the ATA and JASTA.  The ATA provides U.S. nationals who are injured by an act of international terrorism with a civil claim for treble damages, as well as costs and attorney’s fees, against the attack’s perpetrators and any other person or entity who provided material support or financing for the attack.  In its initial form, the ATA solely provided for primary liability.[7]  That changed in 2016 with the enactment of JASTA, which expanded the ATA to provide for secondary liability under certain circumstances.  JASTA was originally enacted for the benefit of 9/11 victims seeking to bring claims against Saudi Arabia, but has been invoked much more widely in the years since its enactment.

Plaintiffs may bring primary and secondary liability claims pursuant to the ATA and JASTA based on the same underlying conduct.  For either type of claim, a plaintiff must demonstrate that the defendant committed a predicate criminal offense (usually under one or more of the U.S. criminal statutes prohibiting provision of material support for terrorism).[8]  For primary liability, the plaintiff must also establish that:

  • The defendant committed an “act of international terrorism,” e., the defendant’s actions (i) involved violence or were dangerous to human life, and (ii) appeared to be intended to intimidate a civilian population or influence a government.[9]
  • The plaintiff was injured “by reason of” that act of international terrorism. Courts have interpreted this to require a showing of proximate causation.[10]

As to secondary liability under JASTA, the plaintiff must have been injured in a terrorist attack “committed, planned or authorized” by an FTO so-designated at the time of the attack, and must show that the defendant aided and abetted, or conspired with, the FTO.

  • For aiding and abetting, the plaintiff must establish that the defendant (i) was generally aware that it was assuming a role in furthering the FTO’s terrorist act and (ii) knowingly and substantially assisted the FTO that carried out the attacks. In contexts outside of JASTA, courts have interpreted substantial assistance to require proximate causation.[11]
  • For conspiracy, the plaintiff must establish that the defendant entered into an agreement to commit an act of international terrorism and the plaintiff was injured by an unlawful overt act performed pursuant to this agreement.

Where an ATA or JASTA claim is brought against a foreign defendant, personal jurisdiction must be established.  The test is whether the defendant’s suit-related conduct creates a substantial connection with the forum, which courts have interpreted as requiring causation between the defendant’s in-forum contacts and the plaintiffs’ injuries.[12]  Plaintiffs in ATA cases typically allege that a defendant’s in-forum conduct, e.g., processing of dollar-denominated transactions through U.S. correspondent bank accounts, gave terrorist organizations access to funds they could then use to finance terrorist attacks.

A defendant financial services company is rarely alleged to have transferred funds directly to a terrorist organization for its terrorist activities.  Instead, ATA and JASTA claims have often followed on the heels of criminal charges for violations of U.S. sanctions regulations.  Civil plaintiffs tend to rely on the fungibility of money to claim, for example, that by processing U.S. dollar-denominated transactions to a state-owned bank or oil company in violation of U.S. sanctions, a defendant bank enabled a designated State Sponsor of Terrorism such as Iran or Sudan to fund a terrorist group that in turn funded another terrorist group that committed the attacks in which plaintiffs were injured.

Civil suits under the ATA have also been brought even absent allegations of sanctions violations.  For example, plaintiffs have brought cases alleging that the defendant bank provided financial services for ostensibly non-violent purposes to a private customer that is alleged to have transacted with entities that purportedly raised funds for terrorists.

Potential for Claims Against Online, Non-Traditional Financial Service Providers

Courts have largely adopted rigorous standards for liability of financial institutions under the ATA and JASTA.  Claims under the ATA and JASTA have often been dismissed on the grounds that (i) the plaintiffs failed to establish the requisite scienter or an agreement between the defendants and the perpetrators to commit the terrorist attack; (ii) the purported causal chain is too attenuated; and/or (iii) the provision of financial services is not itself an inherently violent or dangerous activity.  Cleary has secured dismissal in the initial stages of litigation and full stays of discovery for banks in several ATA/JASTA cases, and summary judgment in favor of the defendant bank in others.[13]

In recent years, plaintiffs have brought suits against new categories of defendants outside of the traditional banking sector.  Since 2016, various non-banking entities—including pharmaceutical companies,  government contractors, and social media platforms—have been named as ATA and JASTA defendants for direct or indirect payments or provision of services to terrorist organizations.[14]

Non-traditional online financial service providers may next face ATA claims as terrorist groups increase their use of such services to collect donations.  Governments have expressed the view that cryptocurrencies are susceptible to use by third parties for illicit purposes such as terrorism  in part because they are perceived to permit a greater level of anonymity and/or pseudonymity.[15]  In fact, one study has found that crypto exchanges accounted for the majority of funds received by Izz ad-Din al-Qassam Brigades (the military wing of the FTO Hamas) during its 2019 Bitcoin donation drive.[16]

Moreover, information about terrorist groups’ use of non-traditional financial services may be publicly disseminated and thus be easily discoverable by potential claimants for use to support a complaint:

  • Government scrutiny may publicly expose the use of non-traditional online financial platforms by terrorist groups. Investigations and prosecutions of individuals for terrorist financing activity may reveal their use of non-traditional financial services providers.[17]  There is also significant regulatory scrutiny of providers since many aspects of law related to cryptocurrencies and regulatory expectations are not yet settled.  This scrutiny could increase the likelihood that use of cryptocurrencies and online platforms by terrorist groups may come to light.
  • Terrorist groups may publicly post instructions for the transfer of cryptocurrency or other funds through non-traditional financial services platforms, as in the ITMC’s Jahezona campaign described above.
  • Third parties can trace the flow of transactions made through non-traditional online platforms. Despite the “black box” reputation of some online financial platforms, tools exist to facilitate creation of a transaction history in pseudonymous cryptocurrencies (including Bitcoin), which can help paint a comprehensive picture of the “wallet” sources of particular funds and the exchanges through which they were processed.[18]

Some of the defenses that traditional banks have asserted to successfully defend against ATA and JASTA liability — such as lack of proximate causation or scienter — could be invoked by non-traditional financial services providers depending on the particular facts.  But, even if cases are dismissed at early stages, a defendant company may nonetheless suffer reputational impacts and/or increased government or counterparty scrutiny as a result of the accusations.  Accordingly, it is important that such institutions take the time now to analyze their potential liability under ATA and JASTA, and take precautions wherever possible to limit their exposure to these types of claims.  These businesses should also review their anti-money laundering, know your customer, and sanctions compliance policies and procedures, with the risk of liability under the ATA and JASTA in mind.

[1] See U.S. Attorney’s Office, District of Connecticut, Two British Nationals Plead Guilty to Terrorism-Related Charges in New Haven Federal Court (Dec. 10, 2013),

[2] Chainalysis, Terrorism Financing in Early Stages with Cryptocurrency But Advancing Quickly, Chainalysis Insights (Jan. 17, 2020),; see also Yaya Fanusie, The New Frontier in Terror Fundraising: Bitcoin, The Cipher Brief (Aug. 24, 2016),

[3] Chainalysis, supra note 2.

[4] See Eitan Azani & Nadine Liv, Jihadists’ Use of Virtual Currency (2018), Jihadists %20Use%20of%20Virtual%20Currency.pdf; U.S. Attorney’s Office, Eastern District of New York, Long Island Woman Indicted for Bank Fraud and Money Laundering to Support Terrorists (Dec. 14, 2017),; Chainalysis, supra note 2; see also FinCEN, Advisory on Illicit Activity Involving Convertible Virtual Currency (May 9, 2019), Advisory%20CVC%20FINAL%20508.pdf (“According to FinCEN’s analysis of BSA and other data, illicit actors have used [convertible virtual currencies] to facilitate . . . terrorist financing”).

[5] Resty Woro Yuniar, Bitcoin, PayPal Used to Finance Terrorism, Indonesian Agency Says, Wall Street Journal (Jan. 10, 2017),

[6] The Financial Crimes Enforcement Network (“FinCEN”), a chief U.S. regulator, considers most online financial service providers to be “money transmitters” subject to “the full range” of regulatory requirements under the Bank Secrecy Act (as amended by the PATRIOT Act, the “BSA”).  See FFIEC, BSA/AML Examination Manual 301 (last modified Feb. 27, 2015),; 31 C.F.R. Part 1022.  Accordingly, these businesses must (i) establish an anti‑money laundering program;  (ii) file suspicious activity reports and currency transaction reports;  (iii) comply with BSA recordkeeping requirements;  (iv) comply with BSA information-sharing requirements; (v) identify certain customers and users of certain services; and (vi) register with FinCEN.  31 C.F.R. § 1022.210(d)(1)(i)(A); see also FinCEN and IRS, Bank Secrecy Act/Anti-Money Laundering Examination Manual for Money Services Businesses 44 (2008), files/ shared/MSB_Exam_Manual.pdf; 31 C.F.R. §§ 1022.210, 1022.310, 1022.320, 1022.380, 1022.400, 1022.500-40.  Pursuant to the “travel rule,” which is applicable to virtual currency transfers, such providers must also collect and include certain information about the originator of the transaction and, if received, about the recipient in funds transmittal orders equal to or greater than $3,000 (or its equivalent).  See FinCEN, Prepared Remarks of FinCEN Director Kenneth A. Blanco at Chainalysis Blockchain Symposium (Nov. 15, 2019),

[7] See Owens v. BNP Paribas, S.A., 897 F.3d 266, 278 (D.C. Cir. 2018); Rothstein v. UBS AG, 708 F.3d 82, 97 (2d Cir. 2013).

[8] 18 U.S.C. § 2339A prohibits provision of material support to certain terrorism-related crimes; 18 U.S.C. § 2339B prohibits provision of material support to a designated foreign terrorist organization; 18 U.S.C. § 2339C prohibits concealment of financing of terrorism; and 18 U.S.C. § 2332d prohibits financial transactions with a government designated as supporting terrorism.

[9] See Linde v. Arab Bank, PLC, 882 F.3d 314, 325-26 (2d Cir. 2018).

[10] See Rothstein, 708 F.3d at 91; Fields v. Twitter, Inc., 881 F.3d 739, 749 (9th Cir. 2018); Owens, 897 F.3d at 273 & n.8; see also Comcast Corp. v. Nat’l Ass’n of Afr. Am.-Owned Media, No. 18-1171, slip op. at *1, *6 (Mar. 23, 2020) (finding that the “by reason of” language in 42 U.S.C. § 1981 “indicate[s] a but-for causation requirement.”).

[11] See In re Temporomandibular Joint (TMJ) Implants Prods. Liab. Litig., 113 F.3d 1484, 1495 (8th Cir. 1997); Edwards & Hanly v. Wells Fargo Sec. Clearance Corp., 602 F.2d 478, 484-85 (2d Cir. 1979).

[12] See Bristol-Myers Squibb Co. v. Super. Ct. of Cal., S.F. Cty., 137 S. Ct. 1773, 1781 (2017).

[13] O’Sullivan v. Deutsche Bank AG, No. 17 CV-8709-LTS-GWG, 2020 WL 906153 (S.D.N.Y. Feb. 25, 2020) (dismissal of claims by U.S. military personnel injured in Iraq between 2003 and 2011 against ten banks for provision of financial services to Iranian entities in violation of U.S. sanctions); Freeman v. HSBC Holdings PLC, 413 F. Supp. 3d 67 (E.D.N.Y. 2019) (dismissal of similar claims against seven banks); Strauss v. Credit Lyonnais, S.A., 379 F. Supp. 3d 148 (E.D.N.Y. 2019) (summary judgment for bank on claims for injuries arising from Hamas attacks in Israel and Palestine between 2002 and 2004 against bank for having maintained accounts for a charity alleged to have funded Hamas and/or its affiliates); Weiss v. Nat’l Westminster Bank PLC, 381 F. Supp. 3d 223 (E.D.N.Y. 2019) (same); Owens, 897 F.3d 266 (dismissal of claims for injuries arising from 1998 Al Qaeda attacks on U.S. Embassies in Kenya and Tanzania against bank for provision of financial services to Sudan); Ofisi v. BNP Paribas S.A., 278 F. Supp. 3d 84 (D.D.C. 2017) (same); Teske, et al. v. BNP Paribas, S.A., et al., 17-cv-701 (JDB) (D.D.C. Oct. 18, 2018) (same).

[14] See, e.g., Third Amended Complaint, Atchley v. AstraZeneca UK Ltd., No. 17-02136 (RJL) (D.D.C. Jan. 21, 2020), ECF No. 124 (ATA suit against several pharmaceutical and medical equipment companies in relation to their sale of products to Iraq’s Ministry of Health); Complaint, Cabrera v. Black & Veatch Special Projects Corp., No. 19–03833 (D.D.C. Dec. 27, 2019), ECF No. 1 (ATA suit against government contractors and a telecommunications company operating in Afghanistan in relation to alleged “protection payments” to the Taliban); Force v. Facebook, Inc., 934 F.3d 53 (2d Cir. 2019) (affirming dismissal of ATA claims by victims of Hamas terrorist attacks in Israel who accused Facebook of unlawfully providing a communications platform that enabled those attacks); Fields, 881 F.3d 739 (affirming dismissal of ATA claims against Twitter related to use of its platform by terrorist groups).

[15] See, e.g., FinCEN Advisory, supra note 4 (“[I]llicit actors have used [convertible virtual currencies] to facilitate criminal activity such as human trafficking, child exploitation, fraud, extortion, cybercrime, drug trafficking, money laundering, terrorist financing, and to support rogue regimes and facilitate sanctions evasion”); Federal Deposit Insurance Corporation, Top Management and Performance Challenges Facing Financial-Sector Regulatory Organizations (2018), (“[V]irtual currencies lack the transparency and regulation underlying traditional payment systems. Such currencies, therefore, may lend themselves to money laundering, financial and other crimes including cross-border criminal activities, and consumer protection issues related to the loss of funds on virtual exchanges.”).

[16] Chainalysis, supra note 2.

[17] U.S. Attorney’s Office, Eastern District of New York, supra note 5.

[18] See, e.g., Chainalysis, supra note 2.