Know Your Donors: the improving KYC picture for charities and banks

Having to perform due diligence on customers is a priority for all businesses to make sure that risks are averted. When your organization not only operates in multiple jurisdictions, but has to justify their business decisions to multiple stakeholders (in the case of charities, donors), the risks are amplified even further.

This is the case for charities and other non-profit organisations (NPOs). NPOs have to go where the need is, which means they often operate in places that other businesses would find beyond the pale: countries that can often be placed on sanctions lists, or subject to humanitarian crises or political turmoil. Charities have a tough task to manage the risk of who they deal with on the ground. On the other side, they also need to know exactly where their support – financial or otherwise – comes from. Because of the way AML regulation works, this puts banks in the unenviable position of policing and evaluating their charity customers to make sure that they can carry on doing good without becoming vectors for corruption, bribery and money laundering.

A myriad of reasons show why charities in particular need to make sure their due diligence efforts are thorough, albeit a difficulty when much of the onus is on the charities themselves to conduct it, and monitor entities for all transactions, as outlined by their trustees.

A risky business

There have been found to be three main reasons why charities, or indeed all ‘service NPOs’ that support healthcare or education, face particular threat from criminals, according to the Financial Action Task Force (FATF).

1. The logistical networks within one of these businesses are extended, across a worldwide remit.
2. A charities’ large workforce is often impermanent, comprising staff based in many countries at once, and multiple volunteers that work for little to no pay and on an ad-hoc basis.
3. There is also a high operational capacity that is easy to be exploited by such criminals as terrorists, who can intercept these supply chains to distribute their financials. Criminals can launder illegal proceeds through charities through donations, inflating false purchase orders for funds that the charity has to pay, or creating fake grant applications for beneficiaries as a form of identity fraud.

Of course, charities that work in areas where bribery, corruption, organised crime and terrorism are commonplace face huge difficulties in screening individuals or companies that they partner with, as these issues can highlight a degree of control over vulnerable people that charities are attempting to aid. Almost no two charities have the exact same risk profile: they have different philosophies, different financial clout, and different aims and beneficiaries. Hence a risk-based approach is the only way to conduct due diligence, rather than a standardised one-size-fits-all method. While the amount of exploitation recorded on charities is relatively low considering the sector’s size, that does not mean that charities and banks need to outline these approaches far in advance to halt any nefarious activity before it occurs – namely creating an advanced audit trail for the movement of funds from donor to charity to partner.

Some evidence of insufficient due diligence includes a UK charity partnering with an African NGO whose staff assaulted a volunteer, and children in the care of the NGO were sent to host families without proper background checks. Elsewhere, Human Aid UK has faced a backlash from the Charity Commission due to a lack of properly implemented financial policies for providing aid to Syria, as well as missing transaction records between the charity and a Turkish partner organisation. In this case, the monitoring for the end use of funds for activities in Turkey and Syria – areas of high risk activity – was also incomplete, highlighting the need for due diligence to protect assets and reputation.

Know Your Donors

Of course, much like we discuss the need for KYC – or even Know Your Customer’s Customer (KYCC) – in banking and financial institutions, charities have a similar responsibility to know where their money comes from. This can be hard given the extent to which charities of all kinds can receive generous, anonymous donations from beneficiaries and through a complex network of multiple partnerships.

Selecting beneficiaries is in the hands of the charity, and the selection process can be outlined in its governing document or policy to make it a legal requirement. The selection process can rely on an enhanced due diligence (EDD) procedure in order to identify if a donor has any links to suspicious groups or activities, and so that the extent of monitoring can be decided for end use of charitable funds.

The Charity Commission in the UK has put together a list of materials for charities – particularly those operating in higher-risk jurisdictions – in order to enhance their capabilities in due diligence. These include a risk assessment checklist, a ‘know your partner’ checklist and a Monitoring Visit checklist, alongside the UK Treasury’s financial sanctions list and the Home Office List of Proscribed Terrorist Organisations. Other charities such as galleries or museums also use data providers to screen individuals or companies that wish to donate; examples include Companies House, public sanctions lists, the Electoral Register, LexisNexis, World Check or the Prospect Research UK Forum.

In the US, charities must file Form 990 with the IRS – as mentioned in Arachnys’ look into religious institutions and AML – so that financial intermediaries can track the ingoing and outgoing payments made by the organisation. There are a multitude of resources available for charities to best prepare for conducting EDD to know their donors; the extent to which charities follow through with these protocols for compliance can vary.

Banking guidance

So what does this mean for the banks that handle these transactions? While the initial due diligence is left to be performed by the charity according to the trustees’ outlined financial policies, the banks have an obligation to make sure that these procedures are effective in identifying dirty money that may have been obtained by organised crime groups, terrorism or other fraudulent activity.

Ultimately, charities must contact their respective banks to inform them about the success of their monitoring and due diligence procedures in moderating risk, and banks must also be alerted whenever a charity looks to conduct projects in risky jurisdictions.

Banks should conduct their own due diligence on the charities that they work with in these capacities by evaluating the objectives of the charity, reviewing transactions and financial information, mapping audit trails for the source and end use of funds and conducting references for large beneficiaries of the NGO or charity.

For charities registered In the US and UK, huge amounts of due diligence information is available from Federal regulatory filings and the Charity Commission respectively. Other countries are also putting growing amounts of data online to facilitate due diligence. At Arachnys we are seeing growing concerns over charity customers’ risk profiles and increasing demand for automated data gathering for KYC and risk monitoring.

Much like the financial industry itself, the charity sector provides massive benefit to those most vulnerable in our societies, but this also carries huge risks. Open to exploitation by financial criminals, banks and charities must work together to establish state-of-the-art due diligence and monitoring capabilities to eliminate these opportunities and allow charitable projects to be conducted to better the world, and not the opportunistic criminals looking to thwart this.