Beyond Traditional Red Flags: How Hybrid Threat Finance is Revolutionizing Financial Crime Detection

With traditional alert systems generating false positive rates as high as 94%, the current approach of monitoring broad red flags and typologies has proven insufficient against increasingly sophisticated criminal networks – some could even argue that the system is failing. As regulatory expectations intensify and detection rates for illicit finance remain stubbornly low - less than 1% according to industry estimates - financial institutions continue to search for more effective methodologies.

Changing the Focus

This emerging concept broadens the frame by integrating conventional financial crime detection with threat intelligence. HTF fuses transaction information with geopolitical, behavioral, and criminal threat terrain knowledge. The goal is to identify both suspicious transactions and the actors behind them, as well as their processes and motivations. As Ashley S. Boyle of the American Security Project puts it, “Threat finance encompasses the means and methods used by organizations to finance illicit operations and activities that pose a threat to U.S. national security”.

What Makes Up HTF?

HTF can be broken into four elements:

• Actor-Focused Analysis: HTF shifts the focus from just monitoring financial actions (e.g., transactions) to understanding who the threat actors are, how they operate, and what they target.
• Integration of Typologies: It incorporates real-world crime typologies such as drug trafficking, cybercrime, human trafficking, and proliferation financing.
• Enhanced Risk Assessment: HTF helps financial institutions align their risk scoring with national threat assessments (e.g., the U.S. Treasury’s NMLRA and NTFRA).
• Strategic Intelligence Use: Combines law enforcement, national security, and financial systems data to build a comprehensive threat profile.

HTF goes beyond the focus on compliance and transaction monitoring, improving detection of evolving threats and fostering proactive risk mitigation. While traditional anti-money laundering focuses on the three-stage model of placement, layering, and integration, Hybrid Threat Finance expands this to a five-stage lifecycle that includes revenue generation and operational sustainment as bookends to the process. Debra Geister, CEO of Section 2, explains the value of the five-stage framework they’ve developed on this front:

"The revenue generation portion determines the flow for the entire lifecycle and how that money behaves. This expanded view recognizes how criminals generate revenue, fundamentally shapes how they subsequently launder and deploy those funds.”

Who is Using HTF?

Many organizations are adopting the principles of HTF, though few are currently using the term.

International Organizations

• Financial Action Task Force (FATF): FATF’s emphasis on typologies, risk indicators, and actor-based risk assessments aligns with HTF methodology.
• The Egmont Group of Financial Intelligence Units: Promotes cross-border cooperation and intelligence sharing, a key component of HTF.

Private Sector

• American Security Project: Advocates for multidisciplinary approaches to threat finance, including HTF.
• Association of Certified Financial Crime Specialists (ACFCS): Offers training and webinars on HTF, encouraging financial institutions to shift focus from transactions to threat actors.
• Section 2: A leading intelligence and analytics firm pioneering HTF methodologies, with proprietary tools focusing on action-based threat detection and pattern recognition.

Academic & Research Institutions

• Academy of the Police Force in Bratislava and University of Economics in Bratislava: Research integrating hybrid threat analysis into AML/CTF frameworks.

U.S. Government Agencies

• Department of the Treasury: Through its Office of Terrorism and Financial Intelligence, the Treasury integrates financial intelligence with national security priorities, aligning with HTF principles.
• Financial Crimes Enforcement Network (FinCEN): Uses actor-based analysis and threat typologies to issue advisories and track illicit finance.
• Department of Homeland Security (DHS) and Customs and Border Protection (CBP): Engage in HTF-aligned practices through programs like CTPAT, focusing on supply chain threats and trade-based money laundering.

The "Who" and "How" of Financial Crime

What distinguishes Hybrid Threat Finance from traditional approaches is its focus on how crimes are committed and on understanding the operational roles within criminal organizations. Victims in human trafficking networks exhibit different financial patterns than their handlers, and these role-based behaviors create distinct "fingerprints" that can be tracked and identified.

Systemic Problems

Financial institutions primarily rely on risk assessments - evaluating products, services, geographies, and customers to identify internal vulnerabilities. While valuable, this approach misses the external threat landscape that criminal organizations represent.

Threat assessments, by contrast, evaluate the global threat environment and specific risks relevant to different geographic areas. A bank operating in a border community in Texas faces different threat vectors than one in Nebraska, and its detection systems should reflect these realities.

One of the most significant challenges in the current system is the absence of meaningful feedback mechanisms. Financial institutions file SARs but receive very limited information about their effectiveness, quality, or ultimate use by law enforcement. This lack of feedback prevents institutions from improving their detection systems and creates a disconnect between compliance activity and actual crime-fighting effectiveness.

The Need for Systemic Reform

The current system suffers from what industry veterans describe as a fundamental misalignment between its three key components: law enforcement, regulators, and private sector institutions. Regulators focus on process compliance rather than outcomes, while banks operate from a risk avoidance perspective rather than proactively pursuing financial crime detection.

Historical collaboration mechanisms, such as the Bank Secrecy Advisory Group and SAR Activity Review publications, have either declined in effectiveness or been discontinued entirely. The result is a system prioritizing checking boxes over disrupting criminal financial flows.

Global Perspective: EU vs. US Approaches

While the European Union appears slightly ahead in innovative cycles for anti-money laundering, both regions face similar fundamental challenges. EU detection rates for illicit finance stand at approximately 1%, compared to 0.75% in the United States—a marginal difference that highlights the global nature of the detection problem.

The EU's slightly more innovative approach and recent guidance on AI and machine learning in financial crime detection suggest potential pathways forward. However, no jurisdiction has solved the core challenges of effective financial crime detection at scale.

The Path Forward

Innovation and Collaboration

Addressing these systemic issues requires a "clean slate" approach rather than attempting to build on existing flawed mechanisms. Key elements of reform include:

• Creating advisory councils that bring together law enforcement, regulators, and private sector expertise to develop more effective approaches.
• Moving from purely punitive regulatory approaches to systems that reward institutions for contributing to successful investigations and effective crime detection.
• Establishing shared methodologies and definitions that allow all stakeholders to operate from the same framework.
• Leveraging AI and machine learning capabilities to provide contextual intelligence rather than just generating more alerts.
• Creating more significant typologies to detect true financial crime, not just anomalies. Adding this intelligence layer to the detection is key.

With criminal organizations becoming increasingly sophisticated and traditional detection methods proving inadequate, the financial services industry must continue innovating. One way to do this is to examine how HTF can enhance its effectiveness in mitigating risk.