In the wake of the ongoing pandemic, various charities have been created with mission statements specific to COVID-19. What seems like an opportunity for giving back may present yet another vehicle for fraud to money launderers and other fraudsters.

To try to help weed out the legitimate from the not so innocent, on November 19, 2020, the U.S. Department of the Treasury’s Financial Crimes Enforcement Network (FinCEN) issued a press release announcing a joint fact sheet (Fact Sheet), prepared in coordination with Federal Banking Agencies (defined below), “to provide clarity to banks on how to apply a risk-based approach to charities and other non-profit organizations (NPOs).” The press release and Fact Sheet seek to strike a balance between recognizing “the important role played by the charitable sector, especially during the COVID-19 pandemic” while reminding financial institutions to utilize the risk-based approach when conducting due diligence and developing risk profiles for charities and other NPOs.

This not the first time that the Treasury Department has raised concerns about charities, albeit in a different context: according to the Treasury Department’s reports on the 2020 National Strategy for Combatting Terrorist and other Illicit Financing and the 2018 National Terrorist Financing Risk Assessment, some charities and non-profit organizations (NPOs) “have been misused to facilitate terrorist financing.” And it is certainly not the first time that FinCEN has raised concerns about specific types of fraud fueled by the global pandemic (see here, here and here).

The Fact Sheet

The Fact Sheet was developed by FinCEN and the Federal Reserve Board, the Federal Deposit Insurance Corporation, the National Credit Union Administration, and the Office of the Comptroller of the Currency (collectively, “the Agencies”). Additionally, the U.S. Department of Treasury stated its “commitment to providing guidance and clarification on AML/CFT and sanctions obligations relevant to the charitable sector.”  In the press release for the Fact Sheet, FinCEN Director Kenneth A. Blanco stated:

FinCEN appreciates the role of those charities and NPOs who are on the front lines of the COVID-19 pandemic. FinCEN demonstrates in this communication our joint resolve and the importance of ensuring their access to banking services, while at the same time protecting our national security, keeping our citizens safe from harm, and safeguarding our financial system.

Like the press release, the Fact Sheet emphasizes the government’s support to ensure “that humanitarian assistance continues to reach at-risk populations through legitimate and transparent channels, including during the COVID-19 pandemic.” That mission requires access to financial services, which the Fact Sheet acknowledges some charities have had difficulties obtaining. To that end, the Fact Sheet emphasizes that the charitable sector as a whole does not “present[] a uniform or unacceptably high risk of being used or exploited for money laundering, terrorist financing, or sanctions violations.”

However, charitable and NPO customers are still subject to a financial institution’s BSA/AML regulatory requirements, including those related to suspicious activity reporting, customer identification, customer due diligence (CDD), and beneficial ownership, as applicable. On CDD:

Banks must apply a risk-based approach to CDD in developing the risk profiles of their customers, including charities and NPOs and are required to establish and maintain written procedures reasonably designed to identify and verify beneficial owners of legal entity customers, as applicable. More specifically, banks must adopt appropriate risk-based procedures for conducting CDD that, among other things, enable banks to: (i) understand the nature and purpose of customer relationships for the purpose of developing a customer risk profile, and (ii) conduct ongoing monitoring to identify and report suspicious transactions and, on a risk basis, to maintain and update customer information. Consistent with a risk-based approach, the level and type of CDD should be appropriate for the risks presented by each customer.

The risks presented by each charitable organization will vary depending on its operations, activities, leadership, and affiliations. This risk-based approach is consistent with the CDD requirements from FinCEN’s 2016 CDD Rule, which requires financial institutions to identify the beneficial owners of entities opening new accounts, including not-for-profit entities (the CDD Rule requires financial entities to only identify a single individual with “control” over a not-for-profit entity; the “ownership” prong of the CDD Rule does not apply to not-for-profits).

Although the CDD Rule does not require collection of the following specific information, the Fact Sheet recommends a list of customer information useful in developing a charity or NPO’s risk profile:

• Purpose and nature of the NPO, including mission(s), stated objectives, programs, activities and services;
• Geographic locations served, including headquarters and operational areas, particularly higher-risk areas where terrorist groups are most active;
• Organizational structure, including key principals, management, and internal controls of the NPO;
• State incorporation, registration, and tax-exempt status by the IRS and required reports with regulatory authorities;
• Voluntary participation in self-regulatory programs to enhance governance, management, and operational practice;
• Financial statements, audits, and any self-assessment evaluations;
• General information about the donor base, funding sources, and fundraising methods, and for public charities, level of support from the general public;
• General information about beneficiaries and criteria for disbursement of funds, including guidelines/standards for qualifying beneficiaries and any intermediaries that may be involved; and
• Affiliation with other NPOs, governments, or groups.

Such information can likely be found in public filings. For example, charities report information regarding their “stated mission, programs, finances (including non-cash contributions), donors, activities, and funds sent and used abroad” in their annual IRS Form 990, while many NPOs report on their “voluntary self-regulatory standards and controls to improve individual governance, management, and operational practice, in addition to internal controls required by donors and others.” The Treasury Department has listed additional information that may be relevant to charity or NPO risk profiles on its website.

While it is clear that charitable work is of the utmost importance, especially in these trying times, it is clear that FinCEN and the Agencies are preemptively striking against what anticipated fraud surfacing in the philanthropic sector relating to the COVID-19 pandemic.