Video Games Might Matter for Terrorist Financing
Published by The Lawfare Institute
in Cooperation With
Billions of dollars flow every day across international borders between millions of people on a public online market, with functionally no government oversight or regulation. The market? Virtual currency and digital assets in video games.
Criminal organizations, terrorists, and other malign actors have leveraged this market ripe for illicit financial activity to raise, launder, and liquidate funds. In many video games today, people can use fiat currency to purchase various items or currency in the video game economy. While states have focused on the terrorist financing threat presented by cryptocurrency and other blockchain-based virtual assets, governments have ignored some of the threats presented by other digital assets.
Money laundering in video games is not a hypothetical risk. In the past two decades, criminals have allegedly laundered money through popular video games such as Roblox, World of Warcraft, Fortnite, Eve Online, Counter-Strike, and Second Life—just to name several of the hundreds of games that appear to be susceptible to money laundering. These games possess some form of digital currency and public or illicit secondary markets for buying and selling virtual assets for fiat currency. On public markets, users can trade, buy, or sell in-game items or other valuables with other users on platforms directly supported or condoned by the video game. In illicit second markets, people can buy or sell accounts, items, and other valuables on unregulated marketplaces from eBay, to forums, to shadier corners of the internet—which frequently violate games’ terms of service. People can trade virtual assets acquired in the video game for other crypto-based virtual currencies or fiat currency. These virtual assets can come in the form of in-game currencies, “loot boxes” (a, usually random, collection of valuable digital items that can be used in game), “skins” (digital costumes for video game characters), or other virtual items, all of which users can acquire with microtransactions—purchasing in-game assets with real money. The money laundering process in video games follows a three-step framework:
- Step 1: Create an account and purchase the virtual assets or currency with the illicitly acquired funds (often with stolen credit card information) through microtransactions.
- Step 2: Create a second account and transfer those items and currency to the second account.
- Step 3: List those items, accounts, or currency for sale on public markets or illicit second markets and sell them for fiat currency.
In the Roblox case, the company identified 311 accounts whose behavior the company deemed “suspicious” despite the company’s internal controls. This behavior included accounts that had spent more than $1,000 on items that were transferred between the same buyer and seller multiple times or where the buyer and seller appeared to be the same individual—actions reminiscent of step 2 in the above framework. Additionally, because Roblox permits users to resell the in-game currency (“Robux”) only when a user reaches $375 worth of the currency, there exist additional secondary markets for buying or selling Robux, where people can also be susceptible to scams.
There is not much evidence of terrorists using video games for raising, transferring, or laundering funds, so why the concern? Extremists, from ISIS to the far right, have a history of using video games and leveraging the concept of “gamification” to inspire, recruit, spread propaganda, and communicate. Therefore, some analysts are worried that terrorists will add fundraising and money laundering to that list if they have not already.
As governments continue to close off avenues of terrorist financing, violent extremist groups have successfully innovated and found new ways to raise, access, and liquidate funds. Historically, when terrorist groups faced challenges with their traditional methods of financing, they had no qualms about shifting strategies and leveraging other forms of money laundering, whether it be hawala (a traditional informal money transfer system that is still used, especially in the Middle East and South Asia), cryptocurrencies, or “trade-based money laundering.” Recently, the United States and its allies have pressured cryptocurrencies and exchanges to crack down on illicit financial activities, constraining terrorist groups’ economic actions. As many extremists are already familiar with video games and have used them in other contexts, these markets would be a logical next option for conducting financial activity.
There is some skepticism that video games are a scalable method of money laundering and terrorist financing, as transactions may not be sufficiently valuable for criminals and terrorists to employ as a primary tool. However, data collected on microtransactions and the sale of digital video game items from the past several years indicates that virtual transactions can be lucrative. Because video games lack sufficient oversight and are relatively easy to exploit, criminals can quickly launder large amounts through thousands of small transactions—a familiar method for some terrorist groups.
The Financial Action Task Force (FATF), an international organization working to create international standards to prevent the misuse of funds for money laundering and terrorist financing, originally published Recommendation 15 in 2012, which encouraged countries to combat illicit financing conducted through “emerging technologies.” In 2019, FATF published an interpretive note for Recommendation 15, explicitly mentioning virtual asset service providers (VASPs), and encouraging member states to take the threat seriously. In 2021, FATF published updated guidance for how member countries can implement a risk-based approach toward combating money laundering via VASPs, including how countries can enforce anti-money laundering and counter-terrorist financing measures (AML/CFT) for all VASPs, which would include video games. These measures include, among other recommendations, requiring registration or licensure of service providers; taking a risk-based approach to AML/CFT in VASPs (similar to the approach taken for more traditional AML/CFT); stringently applying sanctions laws to VASP activity; and creating civil, administrative, and criminal penalties for the misuse of VASPs for money laundering or terrorist financing activities.
However, according to reports from the U.S. Treasury Department and FATF, most governments have struggled to regulate VASPs, and those that have implemented regulations have focused primarily on blockchain-based securities and assets. In March, FATF published a table describing the status of implementation of Recommendation 15 but appeared to focus exclusively on crypto- and blockchain-based threats: The table lists whether countries have enacted legislation or regulations regarding the licensure or registration of VASPs and answers in the affirmative for countries that have addressed crypto- and blockchain-based threats but that have not regulated video game economies. This is especially worrisome in light of the determination made by the Joint Counterterrorism Assessment Team that video game platforms are hosting “[v]irtual currency exchanges [that] often do not meet anti-money-laundering standards.” Meanwhile, “money laundering through video gaming remains unaddressed” in the European Union.
Some video game companies have made changes to comply with AML/CFT guidelines. In 2019, for example, Second Life required its users to register with a money service business to comply with AML/CFT standards. However, these policies cannot reach online gray and black markets where people can sell virtual assets outside the control of the video game. And there is often little the companies can do to detect or deter these transactions—as they often remain anonymous.
These markets often violate the platforms’ terms of service. Still, there is often little the companies can do to detect or deter these transactions at the liquidation stage, step 3 of the framework, especially because of the anonymity issue. Having the ability to detect liquidating transactions is critical because regulating these “fiat off ramps”—methods of turning digital assets into currency—would create an important bottleneck for illicit actors and attach significant risk to their use of video games for money laundering. If bad actors cannot translate their digital assets into fiat currency, then not only will they lose a method of financing, but the digital assets become effectively worthless to the launderers.
Finally, unregulated money markets harm the games themselves because they allow the games to be used purely as a method of transferring wealth and encourage divestment from the games. This should serve as an incentive for video game companies to work with governments to seek ways to close these unregulated markets and discourage the use of virtual assets in video games as a method of holding or transferring wealth.
***
As terrorists seek new methods of conducting financial activity, governments must remain one step ahead and consider how they can proactively investigate and close extant avenues for terrorist financing. Video game markets are currently ripe for financial abuse. Governments should implement FATF’s Recommendation 15 more forcefully and institute AML/CFT regulations to detect and deter terrorist financing. Meanwhile, FATF and other organizations combating money laundering and terrorist financing should take the threat of money laundering through video games seriously and expand their review to include a variety of virtual assets. Finally, online video games should consider implementing AML/CFT best practices, like Second Life did when it required players to register with a subsidiary company that was registered as a money service business.