All Things FinReg


The Agencies issued a joint Fact Sheet that lists considerations for a risk-based approach when it comes to charities and nonprofits. While the Fact Sheet purports to not impose additional obligations on banks, it is hard to view the “considerations” as anything but.

On November 19, 2020, the Federal Reserve, the FDIC, the FinCEN, the NCUA, and the OCC (collectively, Agencies) issued a press release and joint fact sheet (Fact Sheet) to provide clarity to banks on how to apply a risk-based approach to charities and other nonprofit organizations (NPOs), consistent with the customer due diligence (CDD) requirements contained in FinCEN’s CDD Rule.


Of note, the Fact Sheet emphasizes that “charities and other NPOs do not present a uniform or unacceptably high money laundering/terrorist financing risk; rather, the risk to banks depends on facts and circumstances specific to the customer relationship.” It then generally distinguishes between (1) US charities that operate and provide funds solely to domestic recipients, which the Agencies state generally present low terrorist financing risk, and (2) US charities that operate abroad, provide funding to, or have affiliated organizations in conflict regions, which the Agencies states generally can present potentially higher terrorist financing risks. The Fact Sheet then states that although the CDD Rule does not require the collection of specific information, the following customer information could be useful in determining the money laundering and terrorist financing risk profile of charities and other NPO customers:

  • Purpose and nature of the NPO, including mission(s), stated objectives, programs, activities, and services
  • Geographic locations served, including headquarters and operational areas, particularly in higher-risk areas where terrorist groups are most active
  • Organizational structure, including key principals, management, and internal controls of the NPO
  • State incorporation, registration, and tax-exempt status by the IRS and required reports with regulatory authorities
  • Voluntary participation in self-regulatory programs to enhance governance, management, and operational practice
  • Financial statements, audits, and any self-assessment evaluations
  • General information about the donor base, funding sources, and fundraising methods, and for public charities, level of support from the general public
  • General information about beneficiaries and criteria for disbursement of funds, including guidelines/standards for qualifying beneficiaries and any intermediaries that may be involved
  • Affiliation with other NPOs, governments, or groups


At one level, the Fact Sheet will provide useful guidance – and some level of comfort – to financial institutions by identifying specific types of information that financial institutions may want to request from charitable and NPO clients, and by reason of the Agencies’ observations concerning the relatively low AML risks presented by many such organizations. At the same time, although the considerations listed in the Fact Sheet are styled as not imposing additional obligations, banks and other financial institutions would be remiss not to incorporate some or all of the items listed above into their risk assessment protocols for charities and NPOs.

That said, financial institutions may still have some challenges in assessing the risk posed by US charities operating abroad in geographical areas that may pose terrorist financing risks. In this regard, we note that although the customer identification program rule adopted under Section 326 of the USA PATRIOT Act a number of years ago contemplates that the US Department of the Treasury would produce a list of known or suspected terrorist organizations, it has not done so to date. Financial institutions are thus left to their own devices, by sorting through various other lists, from the Financial Action Task Force’s high-risk and other monitored jurisdictions to the lists associated with the sanctions programs administered by the Office of Foreign Assets Control.

We also note that when one reviews the list it does not represent much in the way of CDD “relief” relating to these types of organizations, and in fact, places them on a relative par with other, for-profit organizations in terms of the recommended diligence effort. In addition, the additional information that financial institutions may require of charities and NPOs under the Fact Sheet might further strain some organizations’ limited resources and complicate their account relationships with some financial institutions if all of the due diligence considerations reflected in the Fact Sheet are not satisfied.