The Federal Reserve, FDIC, FinCEN, NCUA and OCC issued a fact sheet clarifying that compliance efforts to meet Bank Secrecy Act due diligence requirements for customers that are charities and other nonprofit organizations should be based on the money laundering risks posed by the customer relationship.
The fact sheet highlights the importance of legitimate charities and nonprofit organizations having access to financial services and being able to transmit funds through legitimate and transparent channels, especially in the context of responding to the coronavirus. It also clarifies that charities and nonprofit organizations as a whole do not present a uniform or unacceptably high risk of being used or exploited for money laundering, terrorist financing, or sanctions violations, and that banks and credit unions must develop risk profiles that are appropriate for the risks presented by each customer. Additionally, it provides examples of customer information that may be useful to banks and credit unions in determining those risk profiles.
The fact sheet does not alter existing Bank Secrecy Act/anti-money laundering legal or regulatory requirements or establish new supervisory expectations.
The fact sheet is reprinted below, without referenced citations, for your convenience.
Joint Fact Sheet on Bank Secrecy Act Due Diligence Requirements for
Charities and Non-Profit Organizations
November 19, 2020
The Board of Governors of the Federal Reserve System (Federal Reserve), the Federal Deposit Insurance Corporation (FDIC), the Financial Crimes Enforcement Network (FinCEN), the National Credit Union Administration (NCUA), and the Office of the Comptroller of the Currency (OCC) (collectively, the Agencies) are issuing this joint fact sheet to provide clarity to banks on how to apply a risk based approach to charities and other non-profit organizations (NPOs), consistent with the customer due diligence (CDD) requirements contained in FinCEN’s 2016 CDD Final Rule.
Some charities have reported difficulty in obtaining and maintaining access to financial services, jeopardizing the important contributions charities make to the most vulnerable. The Agencies remind banks that the U.S. government does not view the charitable sector as a whole as presenting a uniform or unacceptably high risk of being used or exploited for money laundering,
terrorist financing (ML/TF), or sanctions violations. The Agencies remind banks that charities vary in their risk profiles and should be treated according to such profiles. Banks should apply the risk-based approach and evaluate charities according to their particular characteristics to determine whether they can effectively mitigate the potential risk some charities may pose. This approach
helps to minimize illicit finance risks. This joint fact sheet does not alter existing Bank Secrecy Act/Anti-Money Laundering (BSA/AML) legal or regulatory requirements, nor does it establish new supervisory expectations.
Helping those in need is a core American value, particularly in the difficult conditions caused by the COVID-19 pandemic. The United States is committed to ensuring that humanitarian assistance continues to reach at-risk populations through legitimate and transparent channels, including during the COVID-19 pandemic. The Agencies recognize that it is vital for legitimate charities and other NPOs to have access to financial services, including the ability to transmit funds. Charities and other NPOs rely on banks to facilitate the flow of funds transfers in a timely fashion. Although some charities and other NPOs have been misused to facilitate ML/TF or evade sanctions, the Agencies recognize that the vast majority of charities and other NPOs comply with the law and properly support charitable and humanitarian causes.
Like all bank accounts, those held by charity and NPO customers are subject to BSA/AML regulatory requirements. These include requirements related to suspicious activity reporting, customer identification, CDD, and beneficial ownership, as applicable.
Banks must apply a risk-based approach to CDD in developing the risk profiles of their customers, including charities and NPOs, and are required to establish and maintain written procedures reasonably designed to identify and verify beneficial owners of legal entity customers, as applicable. More specifically, banks must adopt appropriate risk-based procedures for conducting CDD that, among other things, enable banks to: (i) understand the nature and purpose of customer relationships for the purpose of developing a customer risk profile, and (ii) conduct ongoing monitoring to identify and report suspicious transactions and, on a risk basis, to maintain and update customer information. Consistent with a risk-based approach, the level and type of CDD should be appropriate for the risks presented by each customer. There is no regulatory requirement in the CDD rule, nor is there a supervisory expectation, for banks to have unique, additional due diligence steps for charities or other NPO customers.
Considerations for a Risk-Based Approach
As previously stated, charities and other NPOs do not present a uniform or unacceptably high ML/TF risk; rather, the risk to banks depends on facts and circumstances specific to the customer relationship. The ML/TF risk for charitable organizations can vary dramatically depending on the operations, activities, leadership, and affiliations of the organization. U.S. charities that operate and provide funds solely to domestic recipients generally present low TF risk. However, U.S. charities that operate abroad, provide funding to, or have affiliated organizations in conflict regions, can present potentially higher TF risks.
Charities and other NPOs are subject to federal and state reporting requirements and regulatory oversight. For example, charities report specific information annually on IRS Form 990 regarding their stated mission, programs, finances (including non-cash contributions), donors, activities, and funds sent and used abroad.12 Many NPOs also adhere to voluntary self-regulatory standards
and controls to improve individual governance, management, and operational practice, in addition to internal controls required by donors and others. Although the CDD rule does not require the collection of this specific information, the following customer information may be useful for banks in determining the ML/TF risk profile of charities and other NPO customers:
- Purpose and nature of the NPO, including mission(s), stated objectives, programs, activities, and services.
- Geographic locations served, including headquarters and operational areas, particularly in higher-risk areas where terrorist groups are most active.
- Organizational structure, including key principals, management, and internal controls of the NPO.
- State incorporation, registration, and tax-exempt status by the IRS and required reports with regulatory authorities.
- Voluntary participation in self-regulatory programs to enhance governance, management, and operational practice.
- Financial statements, audits, and any self-assessment evaluations.
- General information about the donor base, funding sources, and fundraising methods, and for public charities, level of support from the general public.
- General information about beneficiaries and criteria for disbursement of funds, including guidelines/standards for qualifying beneficiaries and any intermediaries that may be involved.
- Affiliation with other NPOs, governments, or groups.
Additional information that may be useful to banks in determining the customer risk profile of a charity or other NPO is available at the U.S. Department of the Treasury’s Resource Center, Protecting Charitable Organizations.
Charitable organizations and other NPOs build communities, relieve suffering, provide life-saving assistance, and help developing nations. During this COVID-19 pandemic, charities and other NPOs are on the front lines, both domestically and internationally, delivering medical supplies and vital assistance to areas most impacted by COVID-19. Banks that operate in compliance with
applicable laws, properly manage customer relationships, and effectively mitigate risks by implementing controls commensurate with those risks are neither prohibited nor discouraged from providing banking services to charities and other NPOs. The Agencies are issuing this joint fact sheet to reaffirm that the level of ML/TF risk associated with charities and other NPOs varies; these bank customers do not present a uniform or unacceptably high ML/TF risk. The application of a risk-based approach for charities and other NPOs is consistent with existing CDD and other BSA/AML requirements.
Please be advised that CSG provides financial services compliance audit and consulting services to our clients. The services that we provide include certain tasks that may be characterized as “law-related services” under Rule 5.7 of the Rules of Professional Conduct governing lawyers. Since some of our employees are lawyers with an active bar license but are NOT engaged in the private practice of law, that Rule requires us to make disclosures clarifying that the services we perform may be law-related services, but they are not legal services. Because they are not legal services, those services and our relationship will not be governed by the Rules of Professional Conduct that guide the client-lawyer relationship, such as rules applicable to privileged communications and prohibitions of conflicts of interest. Notwithstanding this disclaimer, we will continue to govern our relationship with you using reasonable ethical and professional standards that are expected to meet your expectations.