Risks Associated with Money Laundering and Terrorist Financing

Charities and NonProfit Organizations Examination and Testing Procedures

Objective: Evaluate the bank's policies, procedures, and processes to assess, manage, and mitigate risks associated with customers that are charities and other nonprofit organizations (NPOs). Evaluate the bank's compliance with regulatory requirements, such as customer identification, customer due diligence (CDD), beneficial ownership of legal entity customers, and suspicious activity reporting, with respect to these customers. Examiners are reminded that there are no Bank Secrecy Act (BSA) regulations specific to customers who are charities and other NPOs.

The following examination and testing procedures are intended to be a subset of a broader review of compliance with Bank Secrecy Act/anti-money laundering (BSA/AML) regulations, such as customer identification, customer due diligence (CDD), beneficial ownership, and suspicious activity reporting. Not all of the examination and testing procedures will apply to every bank or will be used during every examination.

  1. Determine whether the bank has developed and implemented appropriate, written risk-based procedures for conducting ongoing CDD for all customers, including charity and other nonprofit organization (NPO) customers, and that these procedures enable the bank to:
    • Understand the nature and purpose of the customer relationship in order to develop a customer risk profile.
    • Conduct ongoing monitoring:
      • for the purpose of identifying and reporting suspicious transactions; and
      • on a risk basis, to maintain and update customer information, including information regarding the beneficial owner(s) of legal entity customers. (As a reminder, charity and NPO customers are only subject to the control prong of the beneficial ownership requirement, which requires the identification and verification of a single individual with significant responsibility to control, manage, or direct a legal entity customer.)
    • Use customer information and the customer risk profile to understand the types of transactions in which a particular customer would be expected to engage, and to establish a baseline against which suspicious transactions are identified.
  2. Determine whether the bank, as part of the overall CDD program, has effective processes to develop customer risk profiles that identify the specific risks of individual customers including, as appropriate, charity and other NPO customers.
  3. Determine whether the bank has policies, procedures, and processes to identify customers that may pose higher risk for money laundering, terrorist financing (ML/TF), and other illicit financial activities, which may include certain charities and other NPOs. Policies, procedures, and processes generally include whether and when, based on risk, it is appropriate to obtain and review additional customer information, including guidance for resolving issues when insufficient, inaccurate, or unverifiable information is obtained. Determine whether the risk-based CDD policies, procedures, and processes are commensurate with the bank's ML/TF and other illicit financial activity risk profile.
  4. Determine whether the bank's system for monitoring charity and other NPO customer accounts for suspicious activities, and for reporting suspicious activities, is adequate given the bank's risk profile.
  5. Determine if performing risk-focused testing is appropriate based on the review of a risk assessment, prior examination reports, other examination information, or a review of the bank's audit findings. If risk-focused testing is appropriate, select a sample of charity and other NPO customer relationships and request applicable documentation to perform risk-focused testing. From the sample selected, perform the following examination procedures:
    • Determine whether the bank collects appropriate information to understand the nature and purpose of customer relationships and to evaluate such customers according to their particular characteristics when assessing whether the bank can effectively mitigate the potential risk those customers may pose.
    • Determine whether the bank effectively incorporates customer information, including beneficial ownership information for legal entity customers, into the customer risk profile. (As a reminder, charity and NPO customers are only subject to the control prong of the beneficial ownership requirement, which requires the identification and verification of a single individual with significant responsibility to control, manage, or direct a legal entity customer.)
    • Review transaction activity for selected customer relationships and, if necessary, request and review specific transactions and transaction monitoring documentation to determine whether the bank has identified and reported any suspicious activity.
  6. Based on examination and testing procedures completed, form a conclusion about the adequacy of, and the bank's adherence to, its policies, procedures, and processes associated with charity and other NPO customers.

 

< Previous Page
Charities and Nonprofit Organizations
Next Page >
Business Entities (Domestic and Foreign)