Thank you, sir, for your question. It's an excellent question. We keep on wrestling with this day in and day out.
ISIS' origins are with al Qaeda in Iraq. ISIS is the new name of al Qaeda in Iraq, as a matter of fact.
We've had problems dealing with al Qaeda financing. Obviously, the U.S. and Canada and all the international partners have been attacking al Qaeda central and trying to choke off its finances with a good degree of success. But what that led to was the splintering of al Qaeda, the rise of al Qaeda affiliates, cells, and smaller groups, and so on which to a large extent were self-sustaining. We were just on the verge of dealing with that problem, and then we had ISIS, formerly called al Qaeda in Iraq, spring up.
What is happening within the financial and logistical relationships among affiliates, thanks to technology in a great measure and to YouTube and social media and so on, is that there has been an increasing level of interaction between affiliates. Our measures of targeted sanctions, while they may have been successful in some measure against al Qaeda central, are difficult to apply against al Qaeda affiliates and ISIS, which is an al Qaeda affiliate of sorts but has relationships across the board with many affiliates.
That's why you see Boko Haram aligning with ISIS, and a segment of the Tehreek-e-Taliban in Pakistan and Afghanistan aligning with ISIS. ISIS is in a way the new al Qaeda, but in my research and my sense of this terrorist organization, they are not too different. It's just that, going with the times, ISIS has adopted, as one of the witnesses said, a more outsourced financing paradigm.
One thing that I want to mention and bring to the committee's attention is the shift, whether in FATF or at the national level, and even within the UN, to risk-based application of anti-money laundering and countering the financing of terrorism, and also the stress on effectiveness.
I think Ms. Duhaime very rightly said that we lack convictions and lack prosecutions. What has to happen really is.... The banks need information from the government also. It can't be a one-way track, whereby the financial sector has to give information to the government.
As I mentioned, one of my recommendations is that, if there is a two-way information flow, the banks are better informed to look for what is suspicious and what is not. Going by the risk-based modelling, banks know their vulnerabilities and the government knows the threats, and risk is a function of vulnerabilities, threats, and consequences. If the public and private sectors come together, risks can be, I would say, compared with vulnerabilities. We can have a risk mapping, a vulnerability mapping, and a threat mapping. That way a risk-based, more informed, and more focused effort could ensue.
Thank you.