Key Findings from FATF’s July 2025 Report
Report Title: Comprehensive Update on Terrorist Financing Risks
Publisher: Financial Action Task Force (FATF)
Context: Highlights evolving methods used by terrorists globally, with India cited in two major case studies.
Case 1: Gorakhnath Temple Attack (April 3, 2022) – Lone Wolf Radicalisation
- Nature of Attack: A “lone actor” radicalised by ISIL ideology attempted to attack security personnel at the Gorakhnath Temple, UP.
- Modus Operandi:
- Fund transfers worth ₹6,69,841 via PayPal to foreign entities allegedly supporting ISIL.
- ₹10,323.35 received from foreign source—indicative of reverse funding.
- Used VPNs for online communication, calls, and downloads to mask digital identity.
- Third-party international transactions used to obscure traceability.
- Investigation & Charges:
- Handled by UP ATS.
- Accused charged under the Unlawful Activities (Prevention) Act (UAPA).
Case 2: Pulwama Attack (February 14, 2019) – E-Commerce Enabled Logistics
- Attack Details:
- Suicide bombing on a CRPF convoy in Pulwama, J&K killing 40 personnel.
- Orchestrated by Pakistan-based Jaish-e-Mohammed.
- Use of E-Commerce:
- Aluminium powder, a component of the IED, was purchased via Amazon.
- Used to enhance blast intensity.
- Procurement traced through digital transaction logs.
- Aftermath:
- 19 individuals were charged under UAPA, including 7 foreign nationals and the suicide bomber.
FATF’s Broader Concerns on EPOMs & Digital Platforms
- EPOMs: E-commerce Platforms & Online Marketplaces are becoming prime tools for terrorist procurement.
- Money Laundering & Terror Financing (ML/TF) Risks:
- Criminals pose as fraudulent sellers/buyers.
- Employ trade-based techniques like over/under invoicing to transfer value covertly.
- Use EPOMs as fronts for illegal activity, including:
- Purchase of restricted components
- Disguised fund transfers
- Virtual storefronts aiding cross-border logistics
Policy Implications for India
- Digital Ecosystem Gaps:
- Insufficient regulation over cross-border PayPal flows and cryptic VPN use.
- Lack of real-time data sharing between fintech and intelligence bodies.
- Needed Reforms:
- Strengthen FEMA & PMLA enforcement in digital payment corridors.
- Mandate KYC across all EPOMs, including global platforms operating in India.
- Enforce traceability mandates for VPNs and encrypted communications under the IT Act.
- Public-private coordination between e-commerce firms, fintech, and counter-terror agencies.
India’s Regulatory Landscape (As of July 2025)
| Tool/Platform | Current Status | Regulatory Gap |
| PayPal & Intl Wallets | Subject to FEMA norms & RBI monitoring | Poor traceability for foreign P2P transactions |
| VPN Services | Users not required to register with govt. | High anonymity = misuse risk |
| E-commerce (Amazon) | GST, KYC enforced for sellers | No vetting of component-level product buyers |
| Cryptocurrency | Partially regulated via FIU and tax reporting | Largely opaque—used for cross-border fund flows |
Key Takeaways
- Terrorists are shifting from hawala to hyperlinks—digital traceability is now the new battlefield.
- Online anonymity tools like VPNs and international wallets are increasingly weaponised.
- India must create a centralised anti-terror-fintech task force involving MEITY, MHA, RBI, and global partners.
- Greater FATF compliance and cyber-regulatory overhauls are essential to secure India’s digital ecosystem.
