Charity financial crime
Supporting international aid charities whilst maintaining financial safety is more important than ever. This guide provides you with the tools needed to manage financial crime risk.
Welcome to our revised guide intended to provide some assistance to international charities on how to manage their financial crime risk.
This document is a revision to that launched in 2017, following 2 years of learning from supporting our valued clients.
Charities operating internationally have real financial crime and reputational risks.
Regardless of a charity’s best intentions, even inadvertent involvement in financial crime can result in severe legal repercussions, irreparable reputational damage, regulatory fines, loss of donor funding and disruption to the charity’s financial services. All of this will impact a charity’s ability to fulfil its mission.
Financial crime includes a number of different risks, namely bribery and corruption, terrorist financing, money laundering, and sanctions/export controls. All charities should be alert to laws applicable to them and to regulated financial institutions such as banks designed to prevent financial crime, particularly if they work in sanctioned or high-risk countries.
There is an increasing trend towards pub¬lic/private partnerships in the fight against financial crime and the detrimental effect it has on the international community. The finance industry, charities, governments and regulators are working together to prevent the banking system from being used for financial crime.
Banks are subject to enhanced regulatory obligations due to the potential for abuse of financial institutions by criminals, such as to launder and move proceeds of crime, and fund terrorism. Banks are obliged to carry out due diligence measures to gather information about their clients, including charities, such as;
- Where they operate
- Who they deal with
- Who controls them
- Their source of funds
Charities operating internationally, including in high risk or sanctioned countries, may also be asked to undertake enhanced due diligence. This may include requests to review governance policies, procedures and training materials used to manage financial crime risks.
Charities should be aware of the regulatory framework and international guidance covering anti-money laundering (AML), anti-bribery and corruption (ABC), counter-terrorist financing (CTF), sanctions and export controls. All of these result in the know your customer (KYC) requirements with which banks in the UK must comply to prevent criminals and terrorists accessing financial services.
Banks will expect their customers, including charities, to have due diligence processes to ensure both the bank and customer meet their regulatory obligations, in turn preventing financial crime.
Charity obligations – setting the right policy and tools
Charities have obligations as a result of their registration with the charity commis¬sion, and legal requirements as companies such as under the Companies Act 2006 and various financial crime acts and legislation. The financial crime legislation includes but is not limited to
- Bribery and corruption (Bribery Act 2010)
- Money laundering (Charities Act 2011 and charities should be aware of the obligations of their banks under the Money Laundering Regulations 2017)
- Terrorism (Terrorism Act 2000 and Proceeds of Crime Act 2002), and
- Sanctions (various including UK, EU, UN, USA sanctions regulations).
Charities therefore need to have a compre¬hensive financial crime policy or suite of policies to cover the legislation applicable to them and the operating risks that they face.
The role of a policy is to set an organisa¬tion-wide, pre-determined course of action and risk limits. It is a guide to the accepted organisational strategies, objectives and operating standards.
The policy should be a meaningful document which is central to the way a charity operates; it should fundamentally guide the operations of the organisation. This link is through procedure (or operating frame¬works) which provide the organisation with clear and easily understood plans of action to implement the policy. Procedure allocates responsibility and provides clear decision making processes and courses of action. Procedure operationally reflects the policy.
While the policy reflects a charity’s risk appetite, objectives and operating standards, and procedures guide how a policy is implemented and allocates responsibility, employees need to be trained to ensure they fully understand what they need to do in order to be compliant.
A risk-based approach can be used in setting the detail of the policy, detail of the procedure and who undertakes what training. For example, charity staff who operate on the ground in sanctioned countries and conflict zones should be significantly more aware of the terrorist financing risk than perhaps domestic UK staff, with enhanced training provided to mitigate the risk and keep these staff safe.
Policies should be owned by trustees. They remain responsible due to their role as the company directors, even if they delegate the operational duties of keeping them up to date to members of the senior management team. The policies need to be reviewed periodically to ensure they reflect legislation and the operating environment at the time. A feedback mechanism is also necessary, whereby breaches of policy / procedures or “near misses” are reviewed and considered, determining updates to the policy or procedures as appropriate.
The risks of operating in sanctioned countries, conflict zones and high-risk countries are very real. Near misses and breaches, whilst undesirable, should be reported so that they can be understood and managed. It is therefore important to foster a transparent and open culture where staff feel that all matters can be reported.
Due diligence is key
Just as a bank must perform due diligence on the people and businesses it comes into contact with, so should a charity. Due diligence is key to mitigating financial crime, and a bank will expect a charity to have diligence procedures in place. Charities therefore need to have risk-based processes in place to ensure they know enough about donors, beneficiaries, employees, volunteers, affiliated organisations / member organisations, partners and suppliers. A risk-based approach means the greater the risks, the more due diligence required.
For example, charities should know where donations come from and the reasons for any conditions attached. Charities should know the people and organisations they work with, and look out for unusual circumstances. Charities have been misused in the past by terrorists and other criminals to move money to associated groups. Charities operating in sanctioned or otherwise high-risk countries must ensure they comply with applicable sanctions and export control laws. If the charity is dealing with a “politically exposed person”, there may be additional financial crime risks, particularly corruption.
Charities also need to be comfortable that their partners operating with their funds, on their behalf, even if they are members of the same family or federation, are doing so to the charity’s standards and in compliance with their regulatory obligations.
Due diligence measures should be a part of the financial crime policy agreed by a charity’s Trustees. Senior management must understand the requirements of the policy and ensure that staff are adequately trained to implement it. All due diligence procedures and reasons for decisions should be recorded.
The Charity Commission provides a useful compliance toolkit for monitoring and verifying the end use of charitable funds (see link in the useful information section at the end of the report below).