Five essential steps for NGOs and NPOs to best handle their banks' concerns
It’s an unfortunate fact that Non Profitable Organizations and Non-Governmental Organizations (NPOs and NGOs - hereafter referred to as NPOs for ease) are prime for exploitation by criminals. I published an article previously about why the geopolitical environment in which NPOs distribute funds makes them inherently high-risk and therefore under increased scrutiny from banks. This categorization can result in numerous payments blocked by banks every month, delaying crucial funds from reaching their intended cause. In the worst case, aid sent too late can actually mean the difference between life and death. For NPOs and the people they help, the stakes couldn’t be higher.
Unfortunately, the high-risk nature of the industry also means that NPOs’ Treasury teams are over-stretched, required to spend hours each week dealing with manual tasks related to Customer Due Diligence (CDD). Given the worthy endeavors of NPOs and their limited resources, the situation can seem unfairly stacked against them. However, it’s important to bear in mind that banks and NPOs share the same goal – neither want their hard-won funds to reach the hands of terrorists and other criminals.
How can NPOs best address banks’ concerns?
Understandably, banks need reassurance that NPOs are mitigating risks of terrorist financing, bribery, corruption and sanctions breaches effectively. However, many Treasury teams within NPOs spend hours each week fixing blocked transactions, verifying supplier and distribution identities and manually screening for sanctions - rather than thinking strategically about processes and risk mitigation. Limited time, resources and in-house expertise can leave NPOs unsure of how to ease this burden. We’ve therefore broken the process down into the following five manageable steps:
1. Assess your risk
This is the first and most important part of the process. There’s no one-size-fits-all approach to understanding an organization’s inherent risk level, as each NPO works with different purposes, governments and across distinct territories. The risk depends on a number of factors including the regulatory environment of the countries involved and whether they’re sanctioned, and the nature of the NPO itself and how it collects and distributes funds.
Risk assessment can feel highly complex, but with the right combination of deep in-house knowledge and expert guidance, it can be done in a week.
2. Digitize and document KYC information
Know Your Customer (KYC) processes are key for NPOs to verify the identities of donors, volunteers, vendors and entities they work with. Occasionally, NPOs must also carry out checks for their beneficiaries, though this can prove challenging as those receiving the funds are often vulnerable - for example in the case of children or people living in areas of conflict. I’ve previously written a blog about why money laundering and tax evasion are therefore less of a risk within the industry.
Typically, KYC requests from banks lead to NPOs collecting data in one system and responding to requests using another, resulting in time wasted cutting and pasting information from emails to spreadsheets or SharePoints. The volume of requests means that many organizations struggle to manage these processes manually. Without one single place for KYC management, NPOs also lack a comprehensive overview of tasks to complete.
The solution is fairly simple, NPOs need to centralize all KYC information in one digital database. There’s a bonus benefit of digitization – it gives NPOs ongoing data to make future risk assessments more accurate.
3. Automate where you can
NPOs have never-ending to-do lists, from verifying identities to managing questionnaires for CDD. Automating certain repeatable tasks, such as carrying out politically exposed persons (PEP) screening, can ease this workload and reduce human error. Crucially, automation allows Treasurers to release hours in their week to spend on more strategic activities.
4. Develop internal processes, policies and training programs
Beyond digitizing KYC information, it’s essential to create effective processes and policies in order to assess and mitigate risk. For example, it’s not enough to screen for PEPs, you also need a process in place for what to do when you find a match. Or what your donor offboarding process looks like, should you determine that this is necessary.
NPOs should also establish ongoing learning and development programs for their teams on the ground and in the office, and consider how they will stay up-to-date in terms of developing risks.
5. Monitor and maintain
After following the first four steps, how will you ensure that an ongoing process is in place for managing CDD? How will you know that your existing processes are always working, in the ever-evolving environments in which you fundraise and distribute funds?
It’s crucial to keep developing in terms of processes, technologies and ongoing communication with your banks. KYC is never a case of “once and done”.
The opportunity cost of doing nothing
NPOs have a choice. They can either spend their limited time and resources doing what they’ve always done – fighting fires; dealing with blocked transactions; responding manually to their banks’ concerns. Or they can approach the issue strategically by setting up a robust framework, digital database and processes to mitigate risks. Both options take time, however the latter leans on technology and trusted partners to free up hours in the long term. By choosing the second option, NPOs also preserve their integrity by ensuring that their funds are always put to good use, and reassure their banks, donors and other stakeholders that they treat KYC seriously and manage it appropriately.
Finally, it’s no secret that criminals are using all the tools and technologies at their disposal to defraud NPOs. There’s no reason why NPOs can’t also deploy the latest innovations in KYC, in order to ease their workload and tackle their risks head on.