I. introduction
The federal banking agencies have issued a joint fact sheet to provide clarity to banks on how to apply a risk-based approach to charities and other non-profit organizations (NPOs), consistent with the customer due diligence (CDD) requirements contained in FinCEN’s 2016 CDD Final Rule.
The Agencies remind banks that the U.S. government does not view the charitable sector as a whole as presenting a uniform or unacceptably high risk of being used or exploited for money laundering, terrorist financing (ML/TF), or sanctions violations. The Agencies remind banks that charities vary in their risk profiles and should be treated according to such profiles. Banks should apply the risk-based approach and evaluate charities according to their particular characteristics to determine whether they can effectively mitigate the potential risk some charities may pose. The joint fact sheet does not alter existing Bank Secrecy Act/Anti-Money Laundering (BSA/AML) legal or regulatory requirements, nor does it establish new supervisory expectations.
II. CDD REQUIREMENTS
Like all bank accounts, those held by charity and NPO customers are subject to BSA/AML regulatory requirements. These include requirements related to suspicious activity reporting, customer identification, CDD, and beneficial ownership, as applicable.
Banks must apply a risk-based approach to CDD in developing the risk profiles of their customers, including charities and NPOs, and are required to establish and maintain written procedures reasonably designed to identify and verify beneficial owners of legal entity customers, as applicable. More specifically, banks must adopt appropriate risk-based procedures for conducting CDD that, among other things, enable banks to: (i) understand the nature and purpose of customer relationships for the purpose of developing a customer risk profile, and (ii) conduct ongoing monitoring to identify and report suspicious transactions and, on a risk basis, to maintain and update customer information. Consistent with a risk-based approach, the level and type of CDD should be appropriate for the risks presented by each customer.
III. CONSIDERATIONS FOR A RISK-BASED APPROACH
As previously stated, charities and other NPOs do not present a uniform or unacceptably high ML/TF risk; rather, the risk to banks depends on facts and circumstances specific to the customer relationship. The ML/TF risk for charitable organizations can vary dramatically depending on the operations, activities, leadership, and affiliations of the organization. U.S. charities that operate and provide funds solely to domestic recipients generally present low TF risk. However, U.S. charities that operate abroad, provide funding to, or have affiliated organizations in conflict regions, can present potentially higher TF risks.
Charities and other NPOs are subject to federal and state reporting requirements and regulatory oversight. For example, charities report specific information annually on IRS Form 990 regarding their stated mission, programs, finances (including non-cash contributions), donors, activities, and funds sent and used abroad. Many NPOs also adhere to voluntary self-regulatory standards and controls to improve individual governance, management, and operational practice, in addition to internal controls required by donors and others. Although the CDD rule does not require the collection of this specific information, the following customer information may be useful for banks in determining the ML/TF risk profile of charities and other NPO customers:
• Purpose and nature of the NPO, including mission(s), stated objectives, programs, activities, and services.
• Geographic locations served, including headquarters and operational areas, particularly in higher-risk areas where terrorist groups are most active.
• Organizational structure, including key principals, management, and internal controls of the NPO.
• State incorporation, registration, and tax-exempt status by the IRS and required reports with regulatory authorities.
• Voluntary participation in self-regulatory programs to enhance governance, management, and operational practice.
• Financial statements, audits, and any self-assessment evaluations.
• General information about the donor base, funding sources, and fundraising methods, and for public charities, level of support from the general public.
• General information about beneficiaries and criteria for disbursement of funds, including guidelines/standards for qualifying beneficiaries and any intermediaries that may be involved.
• Affiliation with other NPOs, governments, or groups.
IV. CONCLUSION
Banks that operate in compliance with applicable laws, properly manage customer relationships, and effectively mitigate risks by implementing controls commensurate with those risks are neither prohibited nor discouraged from providing banking services to charities and other NPOs. The Agencies are issuing this joint fact sheet to reaffirm that the level of ML/TF risk associated with charities and other NPOs varies; these bank customers do not present a uniform or unacceptably high ML/TF risk. The application of a risk-based approach for charities and other NPOs is consistent with existing CDD and other BSA/AML requirements.