Around the world, domestic terrorism is a real and present danger. Countries have endured violent attacks brought by home-grown terrorists. There is a growing realization that even as war rages in Iraq, Syria and Afghanistan, there is a rising threat from the enemy within.

Malcolm Nance, an expert in counter-terrorism, recently told me that he strongly believes terrorism organizations have been beaten on the battlefield and realize fighting well-equipped armies will not work. Instead, terrorists are going into stealth mode, hiding and waiting while expanding their cells and sympathizers, who are often vulnerable young people who lack firm guidance at home.

In the global war against terror, we need to be on constant lookout for threats, however subtle. Identifying terrorist financing is not easy, but robust financial-crimes programs can help. Too many institutions still struggle to get it right. Globally, regulators have deputized financial institutions in the fight against money-laundering and counter-terrorist financing. Institutions need to accept and understand this, and must invest in not only building the right programs, but maintaining those programs. Such programs must take into account the increasing risks of violent extremism at home.

When I joined a regional US bank in 2010 as chief compliance officer and asked the staff how many high-risk accounts they had, the response was, “We don’t have any risk like you’re used to in your big bank”. After vetting the portfolio, we found a significant number of high-risk customers, notwithstanding our relatively small size.

In many countries, domestic risk has long been viewed as a lower priority and less significant than foreign risk. However, that dynamic needs to change to account for the increase in domestic terrorist threats. Knowing your customer has become more important than ever before.

Robust training for staff members in every line of defense—first, second and third—is a must. Customer due diligence and alert investigations, all with a stronger eye towards terrorist financing, are imperatives for a more effective anti-money-laundering/counter-terrorist-financing  (AML/ CTF) program. Leveraging the right monitoring and screening tools for sanctions, and having a robust governance program over those tools, is equally urgent.

Too many institutions settle for doing only what is required. But in an age in which the levels of risk to institutions and societies have increased dramatically, institutions must shed this mindset. Banks continue to be sanctioned by their regulators for insufficient programs and criminal activities, driving home the need for fundamental changes in practice and culture. Regulators, including those in the United Kingdom and United States, have been emphasizing the importance of a strong AML/ CTF culture for years. It is really nothing new—to the regulators, at least. So what is holding back financial institutions from fully embracing cultural change?

Culture begins with the board and executive management, who must help shareholders grasp the level of commitment institutions must make in AML/CTF programs. Mitigating risk is not just a matter of protecting an institution; it is also an institution’s contribution to the protection of our interconnected financial systems and global society, and it requires proportionate resources. Unfortunately, public companies often take a defensive tone when explaining compliance costs in annual reports and other shareholder communications. The message should be that shareholders and financial institutions play an essential role in the fight against money laundering and terrorism and are intent on being engaged corporate citizens. Shareholders, no matter where they reside in the world, must understand that money is required for AML/CTF programs, and sometimes lots of it. Helping to protect our fundamental freedoms is nothing to apologize for. But regulators, too, need to be supportive and realistic in expectations of financial institutions in the AML/CTF space. With shareholder support, boards can then drive the right culture. With board support and appropriate funding, chief executives and their management teams can cascade that culture throughout the organization. It is a collective effort that cannot be put on the shoulders of the compliance officer. Shareholders, boards and management need to be part of the program, or it will inevitably fail.

As nations watch domestic-terror events unfold, none can deny that the enemy lurks among us. Financial institutions must step up and support the fight against terrorism—domestic and foreign—by updating, implementing and maintaining robust AML/CTF programs. It is no longer enough to do “what is required”.