Wipfli logo
Insights - Articles, Blogs and on-demand webcasts

Articles & E-Books


How financial institutions can assess risks of nonprofits

Mar 02, 2021

Financial institutions should evaluate charities and other non-profit organizations to identify those that are at higher risk for money laundering, terrorist financing or other illicit acts. 

To help, federal agencies recently released The Joint Fact Sheet on Bank Secrecy Act Due Diligence Requirements for Charities and Non-Profit Organizations with guidelines on how to apply a risk-based approach to charities and other nonprofit organizations.

The sheet was released in November by the Board of Governors of the Federal Reserve System, Federal Deposit Insurance Corporation (FDIC), Financial Crimes Enforcement Network (FinCEN), National Credit Union Administration (NCUA), and Office of the Comptroller of the Currency (OCC).

The fact sheet clarifies how to apply a risk-based approach to charities and other nonprofit organizations (NPOs). The information is consistent with the customer due diligence requirements that were described in FinCEN’s 2016 CDD Final Rule.

Because nongovernmental organizations (NGOs) can be used to obtain funds for charitable organizations, the sheet states, the flow of funds both into and out of the NGO may be complex, making them susceptible to abuse by money launderers and terrorists.

They did not say that all NPOs have a high risk of abuse by money launderers or terrorists, but did want financial institutions to be prepared for a possible influx in the number of NPOs requesting to establish new account relationships.

The agencies wanted to stress that it is critical for NPOs to have access to financial services so they are able to achieve their specific and important missions, especially during the COVID-19 pandemic.

To clarify, there is a difference between NGOs, not NPOs, namely in their scope of work. Many NPOs are affiliated with churches, boys’ and girls’ clubs and associations. An NGO, on the other hand, has a broader and more internationally driven footprint.

The agencies recommend that financial institutions develop customer due diligence (CDD) procedures for NPOs so they can:

  • Understand the nature and purpose of customer relationships for the purpose of developing customer risk profile.
  • Conduct ongoing monitoring to identify and report suspicious transactions.
  • On a risk basis, maintain and update customer information.

The level and type of CDD should be appropriate for the risks presented by each NPO.

While not required by the CDD rule, financial institutions should also gather additional information to help learn about what type of activity to expect from the organization:

  • Purpose and nature of the NPO, including mission(s), stated objectives, programs, activities and services.
  • Geographic locations served, including headquarters and operational areas, particularly in higher-risk areas where terrorist groups are most active.
  • Organizational structure, including key principals, management and internal controls of the NPO
  • State incorporation, registration and tax-exempt status with the IRS and required reports with regulatory authorities.
  • Voluntary participation in self-regulatory programs to enhance governance, management and operational practice.
  • Financial statements, audits and any self-assessment evaluations.
  • General information about the donor base, funding sources, fundraising methods and, for public charities, level of support from the general public.
  • General information about beneficiaries and criteria for disbursement of funds, including guidelines/standards for qualifying beneficiaries and any intermediaries that may be involved.
  • Affiliation with other NPOs, governments or groups.

Financial institutions may find additional information to help determine an NPO’s risk profile at the U.S. Department of the Treasury’s Resource Center, Protecting Charitable Organizations.

How Wipfli can help

Wipfli’s team brings real-world experience to your financial institutions to meets today’s evolving compliance programs. Learn more about our compliance services on our web page or learn more from our team with these resources:

How you can help with BSA/AML and COVID-19-related fraud (podcast)

Bank Secrecy Act and COVID-19 fraud

Updates to FFIEC BSA/AML manual

Is your BSA/AML training program adequate?


Kristen J. Ferwerda, CRCM
Manager, Compliance
View Profile