CFCS Domain 9: Terrorist Financing Study Guide 2026

Table of Contents

What Domain 9 Actually Covers
Why Terrorist Financing Is Distinct from Money Laundering
Core Concepts You Must Master
How Scenario Questions Test This Domain
Cross-Domain Connections That Appear on the Exam
A Domain 9-Specific Study Schedule
Who Hires CFCS Holders and Why Domain 9 Matters
Exam Mechanics Recap
Frequently Asked Questions

TL;DR

Domain 9 addresses terrorist financing as a standalone financial crime with distinct typologies, not just a subset of money laundering.
The CFCS exam presents 135 scenario-based questions over 4 hours; Domain 9 questions will embed TF red flags inside realistic case narratives.
Passing requires 88 out of 135 correct answers; mastering cross-domain linkages (especially Domains 1, 6, and 10) boosts your Domain 9 performance.
ACFCS membership and 40 earned credits in financial crime are prerequisites before you can sit for the $1,195 member-rate exam.

What Domain 9 Actually Covers

Terrorist financing (TF) occupies a unique position within the CFCS body of knowledge. Unlike most financial crimes that center on concealing illegally obtained funds, terrorist financing can involve money from entirely legitimate sources - wages, charitable donations, small business income - redirected toward violent ends. That inversion is exactly what makes Domain 9 conceptually demanding, and it is why the ACFCS treats it as a standalone domain rather than folding it into Domain 1 (Money Laundering).

Domain 9 asks candidates to understand the full lifecycle of terrorist funds: how they are raised, how they move across borders and institutions, how they are stored between operations, and how they are ultimately used. The exam does not simply test whether you can define "terrorist financing." It expects you to identify it, distinguish it from adjacent crimes, and recommend appropriate institutional responses - all within realistic, scenario-driven question stems.

  Scope Alert: Domain 9 covers both international and domestic terrorism financing, including lone-actor threats. Do not limit your study to state-sponsored or large-network models. The CFCS exam reflects the modern threat landscape, which includes small-cell and self-radicalized actors who use retail banking, prepaid cards, and online payment platforms.

Why Terrorist Financing Is Distinct from Money Laundering

Candidates who come to the CFCS with a strong AML background sometimes underestimate Domain 9 because they assume TF is just money laundering with a different end-use. That assumption will cost you points. Here is how the two domains diverge in ways the exam will test:

Characteristic	Money Laundering (Domain 1)	Terrorist Financing (Domain 9)
Source of funds	Always illegal (proceeds of crime)	Can be legal or illegal
Transaction amounts	Often large to justify layering	Frequently small; micro-transactions common
Primary goal	Disguise criminal origin	Fund an operation or organization
Detection challenge	Tracing funds back to predicate offense	Identifying intent and destination network
Key regulatory framework	BSA, FATF Rec. 1-16	FATF Rec. 5-8, UN Security Council Resolutions
Overlap with other domains	Fraud, Tax Evasion, Cybercrime	Sanctions (Domain 6), Human Trafficking (Domain 7)

Understanding this table is not enough - you must be able to apply these distinctions in a scenario where a compliance analyst receives transaction alerts and must determine the correct escalation path. That is the level of precision the CFCS demands.

Core Concepts You Must Master

Fundraising Typologies

Terrorist organizations raise funds through a wide range of methods that your exam scenarios may depict. Study each of the following categories with concrete operational examples:

Key TF Fundraising Channels

Each channel presents different red flags for financial institutions and different reporting obligations for compliance teams.

Charitable and non-profit abuse: Misuse of donor funds through shell NGOs or diversion of legitimate humanitarian contributions. FATF Recommendation 8 specifically addresses non-profit organization (NPO) risk.
Self-financing: Personal savings, wages, student loans, or consumer credit used to fund an attack. This is especially relevant in lone-actor scenarios.
Criminal proceeds: Drug trafficking, kidnap-for-ransom, extortion, and smuggling can simultaneously constitute money laundering predicate offenses and TF funding mechanisms.
State sponsorship: Government-directed financial flows through diplomatic channels, front companies, or correspondent banking relationships.
Online crowdfunding and virtual assets: Cryptocurrency donations, social media fundraising, and peer-to-peer platforms increasingly appear in TF scenarios on the exam.

Movement and Storage Mechanisms

Once funds are raised, they must reach operatives. Domain 9 requires fluency in how terrorist networks move value across borders and store it between operational use:

Hawala and informal value transfer systems (IVTS): Underground broker networks that settle obligations through trust and bookkeeping rather than physical fund movement. Exam scenarios involving hawala are common because IVTS transactions leave minimal paper trails in the formal banking system.
Bulk cash smuggling: Physical transport of currency across borders, often exploiting weak customs controls or corrupt officials - which creates overlap with Domain 3 (Anti-Corruption and Bribery).
Prepaid cards and e-wallets: Low-value, low-KYC instruments frequently used for cell-level operational expenses.
Trade-based value transfer: Over- or under-invoicing of goods to move value internationally, a technique that also appears in Domain 4 (Tax Evasion) scenarios.
Real estate and luxury goods: Less liquid but used for longer-term storage of TF funds in high-value, opaque markets.

Legal and Regulatory Frameworks

You need to know the architecture of the counter-terrorist financing (CTF) regulatory environment at both the international and domestic level. Key instruments include:

FATF Recommendations 5, 6, 7, and 8 (terrorist financing, targeted financial sanctions, wire transfers, and NPO risk)
UN Security Council Resolutions 1267, 1373, and their successor resolutions establishing the Al-Qaida/ISIL sanctions regime
The USA PATRIOT Act Section 326 (customer identification) and Section 314(a)/(b) (information sharing)
The EU's successive Anti-Money Laundering Directives and their CTF provisions
Designation processes: OFAC SDN List, UN consolidated list, and the distinction between statutory and executive-order-based designations

Key Takeaway

FATF Recommendation 6 on targeted financial sanctions is the bridge between Domain 9 (Terrorist Financing) and Domain 6 (Sanctions). Expect scenario questions that require you to apply both frameworks simultaneously - for example, a correspondent bank receiving a wire from an entity that appears on a sanctions watch list but is not yet formally designated.

Reporting Obligations and Institutional Response

Domain 9 is not purely academic. The exam will test what a financial institution - or an investigator - should do when TF is suspected. This includes:

When to file a Suspicious Activity Report (SAR) versus a Currency Transaction Report (CTR)
The "no tipping off" prohibition and its application to TF investigations
Freezing assets under OFAC or UN designations without prior customer notice
Coordinating with law enforcement under Section 314(a) requests
Enhanced due diligence (EDD) triggers for high-risk customers with TF indicators

How Scenario Questions Test This Domain

The CFCS exam uses 135 scenario-based multiple-choice questions across its 12 domains. Understanding the question architecture is as important as knowing the subject matter. For a deeper breakdown of question formats, review the CFCS Exam Format: Question Types and Time Management guide before sitting your exam.

Domain 9 scenarios typically follow one of three patterns:

The compliance officer scenario: A financial institution employee reviews transaction data and must determine whether activity constitutes TF, ordinary ML, or legitimate business. The correct answer often hinges on the destination of funds rather than their source.
The investigator scenario: An analyst following a financial trail must identify which technique (hawala, IVTS, trade-based transfer) is being used and recommend the most appropriate investigative step or legal instrument.
The policy scenario: A compliance manager must update institutional controls in response to a new typology, designation, or regulatory guidance. These questions test your knowledge of FATF recommendations and domestic frameworks.

In all three patterns, wrong answers are carefully designed to be plausible. Distractors often describe the correct action for a money laundering scenario rather than a TF scenario - reinforcing why the Domain 1 vs. Domain 9 distinctions matter so much in practice.

  Practice Tip: After reading a Domain 9 question stem, ask yourself two questions before looking at the answers: (1) Is the source of funds legal or illegal? (2) What is the suspected destination or end-use? Your answers to those two questions will almost always point you toward the correct response and away from the money laundering distractors.

Cross-Domain Connections That Appear on the Exam

No CFCS domain exists in isolation. Domain 9 has documented, examinable connections to at least five other domains. Candidates who study TF in a silo will miss the integrated questions that test whether you understand financial crime as a system.

Domain 9 ↔ Domain 6: Sanctions

Targeted financial sanctions are the primary preventive tool against designated terrorist organizations. Domain 9 candidates must understand how OFAC, UN, and EU designation lists work, the difference between blocking and rejecting transactions, and the compliance obligations triggered by a potential match.

Know the difference between a true match and a false positive in sanctions screening
Understand the licensing and delisting process under OFAC regulations
Be able to identify when a wire transfer must be rejected versus blocked versus reported

Domain 9 ↔ Domain 7: Human Trafficking and Modern Slavery

Terrorist organizations frequently finance operations through trafficking networks. The financial footprints overlap: cash-intensive businesses, third-party payment arrangements, and geographic concentration of transactions in conflict-adjacent regions.

Recognize when a trafficking scenario has TF implications and vice versa
Know the role of NGO-based financial flows in both trafficking and TF typologies

Domain 9 ↔ Domain 10: Regulatory Compliance

Domain 10 covers the institutional compliance architecture. For Domain 9, this means understanding CTF program requirements, customer risk rating models that account for TF exposure, and the role of the BSA/AML officer in managing TF risk.

Know what a risk-based CTF program must include under FATF standards
Understand how customer due diligence (CDD) rules apply specifically to TF risk factors

A Domain 9-Specific Study Schedule

Because the CFCS exam covers 12 domains across a 4-hour, 135-question sitting, you cannot treat each domain equally. Domain 9 is conceptually dense and cross-linked enough to warrant concentrated, multi-week attention. The schedule below uses spaced repetition and active recall - but mapped specifically to the CFCS content areas rather than generic topic blocks.

Week 1

Foundations: TF vs. ML and Regulatory Framework

Read FATF Recommendations 5-8 and summarize each in one paragraph
Construct the comparison table between Domain 1 and Domain 9 from memory
Review UN Security Council Resolutions 1267 and 1373 summaries
Complete a set of Domain 9 practice scenarios at the CFCS Exam Prep platform

Week 2

Typologies: Fundraising, Movement, and Storage

Map each fundraising channel to its detection red flag and reporting obligation
Study three real-world FATF typology reports on hawala and IVTS
Connect virtual asset TF methods to Domain 5 (Cybercrime) concepts studied separately
Write out five scenario question stems using the compliance officer, investigator, and policy patterns

Week 3

Cross-Domain Integration: Sanctions, Trafficking, and Compliance

Work through mixed Domain 6 + Domain 9 practice questions focusing on sanctions screening decisions
Review your institution's (or a published sample) CTF risk assessment to anchor Domain 10 linkages
Use the Feynman technique: explain TF reporting obligations to a non-specialist in plain English
Review your CFCS Exam Format: Question Types and Time Management notes and time yourself on a 20-question timed block

Week 4

Full Integration and Exam Readiness

Take a full timed practice session covering all 12 domains; flag every Domain 9 question for post-session review
Re-read flagged answers to identify whether errors are conceptual (knowledge gap) or strategic (misreading scenario)
Final review of OFAC blocking vs. rejecting procedures, SAR timing rules, and NPO risk under FATF Recommendation 8

Who Hires CFCS Holders and Why Domain 9 Matters

The CFCS credential is recognized across financial intelligence, compliance, law enforcement, and regulatory sectors. Domain 9 proficiency is particularly valued by employers operating in high-stakes CTF environments:

Financial intelligence units (FIUs): National-level agencies that process SAR data rely on analysts who can distinguish TF patterns from general AML typologies. CFCS holders with strong Domain 9 knowledge are well-positioned for these roles.
Global banks and correspondent banking departments: Post-FATF Recommendation 13 scrutiny means banks need compliance staff who understand how TF moves through correspondent relationships and can design appropriate screening controls.
International organizations and NGOs: Multilateral bodies and humanitarian organizations increasingly require financial crime expertise to manage the risk that their own funds may be diverted - a direct Domain 9 concern under FATF Recommendation 8.
Law enforcement and prosecution agencies: Federal agencies with financial crime mandates, including task forces focused on terrorist finance disruption, recruit CFCS credentialed professionals as analytical staff.
Fintech and payments companies: As virtual assets and digital payment platforms become primary TF vectors, fintech compliance teams with CFCS holders gain regulatory credibility with examiners.

The breadth of the CFCS - covering 12 domains from Domain 1 through Domain 12 - is precisely what distinguishes it from narrower certifications. An employer hiring a CFCS holder knows that candidate can reason across money laundering, sanctions, human trafficking, and terrorist financing simultaneously, which is how financial crime actually operates in practice.

Exam Mechanics Recap

Before you schedule your exam, make sure you have the logistics confirmed. The CFCS is delivered through the Kryterion Online Proctored (OLP) network, meaning you can sit it from home with appropriate proctoring controls in place. The exam fee is $1,195 for current ACFCS members, $1,395 bundled with a one-year membership, or $1,725 with a three-year membership. Government and public sector rates are available in a lower range. If you are eligible for a government rate, confirm eligibility with ACFCS directly before purchasing.

Once you purchase, you have a 12-month window to schedule your sitting - there is no fixed exam calendar. The exam itself is 4 hours, 135 scenario-based questions, closed-book. You need 88 correct answers to pass. That means you can miss up to 47 questions and still earn the credential - but that margin disappears quickly if you have significant gaps in multiple domains.

Prerequisites are non-negotiable: you must hold an active ACFCS membership and have accumulated 40 earned credits in financial crime and related fields through a combination of experience, education, training, and professional certifications. The certification is valid for three years, with renewal requiring 60 continuing education credits and maintained ACFCS membership.

  Scheduling Strategy: Because you have a 12-month scheduling window, resist the temptation to defer indefinitely. Set a target exam date when you purchase, work backward to build your Domain 9 (and full exam) study schedule, and book the actual proctored session at least three weeks in advance to ensure slot availability through the Kryterion network.

For scenario-format question practice that mirrors the actual exam experience, use the CFCS Exam Prep practice tests throughout your preparation - not just in the final week. Early exposure to the scenario format helps you internalize how the exam distinguishes between domains before you are under timed pressure.

Frequently Asked Questions

How much of the CFCS exam focuses specifically on terrorist financing?

ACFCS does not publicly disclose the percentage weight assigned to each of the 12 domains, including Domain 9. What is known is that the exam covers 135 questions across all 12 domains. Treat Domain 9 as a substantive content area with cross-domain implications - particularly its connections to Domain 6 (Sanctions) and Domain 10 (Regulatory Compliance) - rather than a minor topic you can skim.

Is terrorist financing always treated separately from money laundering on the exam?

Yes, and this distinction is critical. The CFCS treats Domain 1 (Money Laundering) and Domain 9 (Terrorist Financing) as separate content areas because they have meaningfully different characteristics - most importantly, TF can involve legally sourced funds. Scenario questions are designed to test whether candidates can tell them apart under realistic conditions.

What regulatory frameworks should I prioritize for Domain 9?

Focus on FATF Recommendations 5 through 8, UN Security Council Resolutions 1267 and 1373, the USA PATRIOT Act's CTF provisions (particularly Sections 314(a) and 326), and OFAC's targeted financial sanctions framework. Understanding how these frameworks interact - especially in correspondent banking and cross-border wire transfer scenarios - is essential for the integrated questions the CFCS presents.

Can I use study materials from other AML certifications to prepare for Domain 9?

Supplementary AML materials can fill knowledge gaps, but they will not prepare you for the CFCS's scenario-based format or its cross-domain integration. The CFCS exam tests financial crime as an interconnected system across 12 domains. Domain 9-specific practice with CFCS-format scenarios - available at cfcsexam.com - is essential preparation that single-domain AML materials cannot replace.

How does hawala appear on Domain 9 exam questions?

Hawala and other informal value transfer systems (IVTS) typically appear in scenarios where a financial institution or investigator must identify a transaction pattern that bypasses the formal banking system. Questions may ask you to identify the typology, determine the appropriate regulatory response, or recommend enhanced due diligence steps. Know that IVTS operates on trust-based settlement and leaves minimal paper trails in formal banking records - that gap is what makes it relevant to both TF movement and regulatory compliance questions.

Ready to Start Practicing?

Domain 9 scenario questions require more than memorization - they demand the ability to apply terrorist financing concepts under time pressure across realistic case narratives. Build that skill now with CFCS-format practice tests designed to mirror the 135-question, scenario-based exam experience.

Start Free Practice Test

Continue reading: