Why NGOs Face Heightened AML/CFT Scrutiny#
The not-for-profit sector occupies a distinctive and sometimes uncomfortable position in the global AML/CFT framework. Charitable organisations, development NGOs, faith-based organisations, and community foundations are established to do good — yet they are specifically identified by FATF as presenting elevated terrorist financing risk.
This is not a general or theoretical concern. There are documented cases of NGO structures being exploited to move funds to terrorist organisations, to launder the proceeds of fraud, and to facilitate sanctions evasion. The exploitation may be deliberate — an organisation established specifically as a vehicle for illicit finance — or opportunistic, where a legitimate organisation is infiltrated or deceived.
FATF Recommendation 8 addresses the non-profit sector directly. It requires countries to assess the risks of terrorist financing abuse in the NPO sector, to apply targeted measures proportionate to identified risks, and to ensure that NPOs are not misused for terrorist financing. For regulators, this means NPO supervisory frameworks. For NGOs themselves, it means compliance obligations that many organisations have historically been ill-equipped to meet.
In Africa and Asia, these obligations are particularly relevant. Many of the regions where development NGOs are most active — including parts of East and West Africa, Pakistan, Bangladesh, and Myanmar — are also regions where FATF and its regional bodies have identified significant terrorist financing and financial crime risks.
Who This Guide Covers#
This guide is relevant to the following categories of organisations:
- International development NGOs operating programmes in Africa and Asia
- Local civil society organisations receiving international donor funding
- Faith-based organisations engaged in charitable, educational, or humanitarian activities
- Community foundations and grant-making organisations
- Donor-funded projects implemented through NGO structures
- Humanitarian organisations operating in conflict-affected or fragile states
The obligations and risks described in this guide apply regardless of whether the organisation considers itself primarily a charitable, humanitarian, or advocacy body. If the organisation receives, moves, or disburses funds — particularly internationally — it has AML/CFT obligations.
Key Risks in the NGO Sector#
Terrorist Financing Through Legitimate Structures#
The most serious risk associated with NGOs is the use of legitimate-appearing charitable structures to move funds to terrorist organisations or individuals. This can occur through several mechanisms: a controlled NGO established specifically for this purpose; an unwitting legitimate NGO that accepts donations from a tainted source; or an implementing partner arrangement where funds flow from a reputable organisation to a compromised downstream entity.
In the Sub-Saharan Africa and South Asia context, the risk is compounded by the geography of NGO operations. Organisations working in areas affected by Al-Shabaab, Boko Haram, or similar proscribed groups face specific scrutiny from donors, regulators, and correspondent banks.
Corruption and Diversion of Funds#
A distinct but related risk is the diversion of charitable funds through corruption. Where programme staff, local partners, or intermediaries divert donor funds for personal benefit, the resulting flows may exhibit patterns consistent with money laundering. This risk is particularly acute in cash-intensive programme environments where documentation standards are variable.
Cash-Intensive Operations#
Many NGOs operating in rural or conflict-affected environments distribute funds in cash — for beneficiary payments, local procurement, and staff costs. Cash-intensive operations are inherently more difficult to monitor and verify, and present elevated money laundering risk. In jurisdictions where formal banking infrastructure is limited, the proportion of cash transactions may be very high.
Regulatory Obligations#
NGOs in Africa and Asia are subject to varying national AML/CFT frameworks, but the core obligations derived from FATF Recommendation 8 and national legislation typically include the following.
Customer Due Diligence#
For purposes of AML/CFT compliance, NGOs should conduct due diligence on:
- Major donors, including institutional donors, foundations, and corporate donors contributing above defined thresholds
- Donor organisations, which should be screened against sanctions lists and checked for adverse media
- Implementing partners and sub-grantees who receive and disburse programme funds
- Beneficiaries, to the extent feasible, with particular attention to high-risk disbursements
The depth of due diligence should be proportionate to the risk profile of the relationship. A major institutional donor with a well-documented track record presents a different risk than an unverified private donor transferring funds from a high-risk jurisdiction.
Sanctions Screening#
All NGOs receiving or disbursing funds internationally should screen against relevant sanctions lists. This includes:
- UNSC consolidated sanctions list
- OFAC SDN list (for organisations with any US nexus)
- EU consolidated sanctions list
- UK HM Treasury financial sanctions list
- National sanctions lists applicable to the operating jurisdiction
Screening should cover donors, partner organisations, key beneficiaries, and any individuals in a position to influence or benefit from fund flows. Screening should be conducted at onboarding and on an ongoing basis, with periodic rescreening against updated lists.
Transaction Monitoring#
NGOs should have processes to identify unusual or suspicious transaction patterns. Common red flags in the NGO context include:
- Unexpected changes in the level, source, or destination of donor funding
- Requests to redirect funds to different beneficiaries or bank accounts
- Pressure to disburse funds quickly without standard documentation
- Pass-through transactions where funds are received and immediately transferred onwards without apparent programme purpose
- Large cash withdrawals inconsistent with programme requirements
- Transactions involving counterparties in sanctioned jurisdictions or high-risk areas
Record-Keeping#
Organisations should maintain records of donor due diligence, partner screening, transaction records, and programme documentation for a minimum period consistent with national legislation — typically five years. Records should be maintained in a form that can be produced to regulators or law enforcement on request.
Suspicious Transaction Reporting#
Where an NGO identifies a transaction or pattern of activity that gives rise to suspicion of money laundering or terrorist financing, it is typically required to file a Suspicious Transaction Report or Suspicious Activity Report with the relevant Financial Intelligence Unit. The obligation to report suspicion is not contingent on certainty — the threshold is reasonable suspicion, not proof.
NGO compliance officers should be familiar with the STR/SAR reporting procedures for each jurisdiction in which the organisation operates.
Donor Due Diligence in Practice#
Collecting and verifying donor information is among the most operationally demanding aspects of NGO compliance. For major individual donors, due diligence should establish identity (name, date of birth, nationality, address), source of funds, and the purpose of the donation. For corporate or foundation donors, due diligence should extend to understanding the donor organisation’s structure, beneficial ownership, and funding sources.
Where donors are themselves foundations or grant-making bodies, NGOs should satisfy themselves that those organisations are themselves subject to adequate AML/CFT oversight. A donation from a reputable bilateral development agency carries a different risk profile than a donation from an unregulated private foundation in a jurisdiction with weak AML supervision.
Donor organisations should be screened against sanctions lists and checked for adverse media at the point of onboarding, and periodically thereafter. Where a donor triggers a match — or where there is ambiguity — the matter should be escalated to the MLRO for review before funds are accepted.
Partner and Beneficiary Screening#
For many NGOs, the greater operational risk lies not with donors but with implementing partners — the local organisations and intermediaries through whom programme activities are delivered. Due diligence on implementing partners should include:
- Verification of legal registration and governance structure
- Sanctions and PEP screening of the organisation and its key personnel
- Assessment of the partner’s own AML/CFT controls, where relevant
- Review of the partner’s track record and reputation
Where partners operate in high-risk areas, enhanced due diligence is appropriate, including more frequent reporting requirements and site visits where feasible.
For beneficiary screening, a proportionate approach is required. Full documentary KYC on individual programme beneficiaries is generally impractical, and FATF guidance allows for simplified measures in lower-risk contexts. However, where programme design involves significant cash transfers to identifiable individuals, appropriate identification and screening procedures should be in place.
Board and Governance Obligations#
The MLRO function in NGOs — often discharged by the Finance Director, Country Director, or a designated compliance officer — carries significant personal responsibility. Boards of trustees and governing bodies should ensure that:
- A qualified MLRO has been appointed and has adequate resources and authority
- AML/CFT policies and procedures are documented, up to date, and approved at board level
- Staff with relevant responsibilities receive regular training on AML/CFT obligations
- The organisation has a clear process for reporting suspicion internally and, where required, to the relevant FIU
In smaller organisations, these functions may be combined. The key requirement is that someone with appropriate authority and knowledge is responsible for AML/CFT compliance, and that there is a clear escalation path for suspicious activity concerns.
Practical Challenges#
Limited Staff and Resources#
Many NGOs — particularly local civil society organisations and smaller international NGOs — operate with very limited administrative capacity. Compliance obligations that are manageable for a well-resourced international organisation may be genuinely burdensome for a small team focused primarily on programme delivery.
Proportionality is the appropriate response to this challenge. FATF guidance supports risk-based approaches, and organisations with lower-risk funding profiles and simple transaction patterns can maintain robust compliance with lean processes. Technology tools — including automated screening platforms and digital record-keeping systems — can substantially reduce the manual burden.
Informal Documentation in Beneficiary Populations#
In many programme contexts, particularly in rural or conflict-affected areas, beneficiaries may lack formal identity documents. Standard KYC processes may be impractical. NGOs in these contexts should document the steps they have taken to verify identity, the alternatives used (community attestation, biometric registration, beneficiary lists), and the rationale for the approach adopted.
Operating in Greylisted or High-Risk Jurisdictions#
NGOs operating in FATF-greylisted jurisdictions face additional scrutiny from donors, banks, and regulators. This scrutiny may affect the organisation’s ability to receive international transfers, maintain banking relationships, and retain institutional donors. Maintaining rigorous compliance documentation is not merely a regulatory obligation in these contexts — it is a practical necessity for organisational viability.
How Anqa Helps#
Anqa Compliance offers a free AML/CFT course specifically designed for NGO compliance teams, covering obligations under FATF Recommendation 8, practical donor and partner due diligence, and suspicious transaction identification in the NGO context.
For organisations requiring a technology platform, Anqa provides tools for sanctions screening, partner due diligence, and transaction monitoring — accessible from $35 per month, making professional-grade compliance tools available to organisations operating on restricted budgets. The platform is designed for emerging market contexts and can accommodate the informal documentation environments and transaction patterns typical of NGO operations in Africa and Asia.