Alert

Federal Regulators Issue Notice Advising Financial Institutions How to Assess Risks Associated with Accounts Maintained by Charitable Organizations

The nonprofit industry in the United States accounts for one trillion dollars of annual economic activity.[1] But high-profile enforcement actions against nonprofit organizations (“NPOs”) at both the federal and state level in recent years have brought scrutiny to this sector. In addition, bad actors cast a shadow by exploiting charitable gift giving and NPOs to facilitate money laundering, terrorist financing, and evasion of sanctions.

This industry-wide concern has led to banks’ apprehension in providing services to nonprofit clients. Some legitimate charities have reported difficulty in obtaining and maintaining access to financial services.[2] Recognizing that “[h]elping those in need is a core American value, particularly in the difficult conditions caused by the COVID-19 pandemic” and that “[t]he United States is committed to ensuring that humanitarian assistance continues to reach at-risk populations through legitimate and transparent channels,” the U.S. Department of Treasury’s Financial Crimes Enforcement Network (“FinCEN”) and the Federal Banking Agencies[3] (the “Agencies”), recently took action to ensure that legitimate charities and other NPOs have the access they need to financial services, including the ability to transmit funds.

On November 19, 2020, FinCEN and the Agencies published a “Joint Fact Sheet on Bank Secrecy Act Due Diligence Requirements for Charities and Nonprofit Organizations” (the “Joint Fact Sheet”).[4] The Joint Fact Sheet provides guidance to financial institutions on analyzing risks associated with bank accounts owned by charities and other NPOs, consistent with applicable customer due diligence (“CDD”) requirements. These requirements are set forth in “Customer Due Diligence Requirements for Financial Institutions,” 81 FR 29398 (May 2016) (the “CDD Requirements”). FinCEN explains in the Joint Fact Sheet that its guidance is intended to clarify existing CDD Requirements. It does not augment the CDD Requirements or establish new supervisory expectations. Nevertheless, banks should review the Joint Fact Sheet to ensure that they are meeting their due diligence obligations and properly assessing the risk profiles associated with their nonprofit customers’ bank accounts. Likewise, legitimate charities and NPOs should review the Joint Fact Sheet to understand the types of information banks may request from them so that they can access financial services without interruption.

Obligations under the Bank Secrecy Act to Verify Bank Account Ownership

All bank accounts are subject to anti-money laundering (“AML”) regulatory requirements, including basic customer identification rules that identify a business entity’s beneficial owner(s) (i.e., natural persons who own or control the entity). For all customers (including charities and NPOs), banks must establish and maintain written procedures reasonably designed to, among other things, (i) understand the nature and purpose of customer relationships, and (ii) conduct ongoing monitoring to identify and report suspicious transactions and, on a risk basis, maintain and update customer information.

How to Assess Risks Associated with Bank Accounts Owned by Charities and Other NPOs

FinCEN’s Joint Fact Sheet provides guidance to banks, which, in turn, informs charities and NPOs what is expected of them. The Joint Fact Sheet emphasizes that “the U.S. government does not view the charitable sector as a whole as presenting a uniform or unacceptably high risk of being used or exploited for money laundering, terrorist financing (“ML/TF”), or sanctions violations.” On the contrary, the Joint Fact Sheet acknowledges that “charities vary in their risk profiles.” The Joint Fact Sheet accordingly instructs banks to assess the individual risk profiles of their charitable customers. Banks can accomplish this objective by taking steps in accordance with their existing CDD obligations, which are applicable to all customers. In fact, the Joint Fact Sheet notes that banks do not have “unique, additional due diligence steps for charities or other NPO customers.”

To accurately determine the ML/TF risk profile of charities and other NPO customers, the Joint Fact Sheet suggests banks collect the following information:

• Purpose and nature of the NPO, including mission(s), stated objectives, programs, activities, and services;
• Geographic locations served, including headquarters and operational areas, particularly in higher-risk areas where terrorist groups are most active;
• Organizational structure, including key principals, management, and internal controls of the entity;
• State incorporation, registration, and tax-exempt status by the IRS and required reports with regulatory authorities;
• Voluntary participation in self-regulatory programs to enhance governance, management, and operational practice;
• Financial statements, audits, and any self-assessment evaluations;
• General information about the donor base, funding sources, and fundraising methods, and, for public charities, level of support from the general public;
• General information about beneficiaries and criteria for disbursement of funds, including guidelines and standards for qualifying beneficiaries and any intermediaries that may be involved; and
• Affiliation with other NPOs, governments, or groups.

Conclusion

The Joint Fact Sheet guides charitable organizations to implement risk-mitigation measures to ensure continued access to financial services. FinCEN and the Agencies recognize that such access is vital, not only to the administration of charities and NPOs, but to the recipients of domestic and international humanitarian aid during the global COVID-19 pandemic. To avoid disruption in access to financial services, charities and NPOs should familiarize themselves with the Joint Fact Sheet and be prepared to provide pertinent information, if requested, to relevant financial institutions.