Skip to main content
United States flag An official website of the United States government
Official websites use .gov
A .gov website belongs to an official government organization in the United States.
Secure .gov websites use HTTPS
A lock () or https:// means you’ve safely connected to the .gov website. Share sensitive information only on official, secure websites.

Joint Fact Sheet on Bank Secrecy Act Due Diligence Requirements for Charities and Non-Profit Organizations

November 2020
Joint Fact Sheet on Bank Secrecy Act Due Diligence Requirements for Charities and Non-Profit Organizations

Board of Governors of the Federal Reserve System
Federal Deposit Insurance Corporation
Financial Crimes Enforcement Network
National Credit Union Administration
Office of the Comptroller of the Currency

November 19, 2020

The Board of Governors of the Federal Reserve System (Federal Reserve), the Federal Deposit Insurance Corporation (FDIC), the Financial Crimes Enforcement Network (FinCEN), the National Credit Union Administration (NCUA), and the Office of the Comptroller of the Currency (OCC) (collectively, the Agencies) are issuing this joint fact sheet to provide clarity to banks1 on how to apply a risk- based approach to charities and other non-profit organizations (NPOs), consistent with the customer due diligence (CDD) requirements contained in FinCEN’s 2016 CDD Final Rule.2 Some charities have reported difficulty in obtaining and maintaining access to financial services, jeopardizing the important contributions charities make to the most vulnerable. The Agencies remind banks that the U.S. government does not view the charitable sector as a whole as presenting a uniform or unacceptably high risk of being used or exploited for money laundering, terrorist financing (ML/TF), or sanctions violations.3 The Agencies remind banks that charities vary in their risk profiles and should be treated according to such profiles. Banks should apply the risk-based approach and evaluate charities according to their particular characteristics to determine whether they can effectively mitigate the potential risk some charities may pose. This approach helps to minimize illicit finance risks. This joint fact sheet does not alter existing Bank Secrecy Act/Anti-Money Laundering (BSA/AML) legal or regulatory requirements, nor does it establish new supervisory expectations.

Helping those in need is a core American value, particularly in the difficult conditions caused by the COVID-19 pandemic. The United States is committed to ensuring that humanitarian assistance continues to reach at-risk populations through legitimate and transparent channels, including during the COVID-19 pandemic.4 The Agencies recognize that it is vital for legitimate charities and other NPOs to have access to financial services, including the ability to transmit funds. Charities and other NPOs rely on banks to facilitate the flow of funds transfers in a timely fashion. Although some charities and other NPOs have been misused to facilitate ML/TF5 or evade sanctions, the Agencies recognize that the vast majority of charities and other NPOs comply with the law and properly support charitable and humanitarian causes.

CDD Requirements

Like all bank accounts, those held by charity and NPO customers are subject to BSA/AML regulatory requirements. These include requirements related to suspicious activity reporting,6 customer identification,7 CDD, and beneficial ownership,8 as applicable.

Banks must apply a risk-based approach to CDD in developing the risk profiles of their customers, including charities and NPOs, and are required to establish and maintain written procedures reasonably designed to identify and verify beneficial owners of legal entity customers, as applicable.9 More specifically, banks must adopt appropriate risk-based procedures for conducting CDD that, among other things, enable banks to: (i) understand the nature and purpose of customer relationships for the purpose of developing a customer risk profile, and (ii) conduct ongoing monitoring to identify and report suspicious transactions and, on a risk basis, to maintain and update customer information.10 Consistent with a risk-based approach, the level and type of CDD should be appropriate for the risks presented by each customer. There is no regulatory requirement in the CDD rule, nor is there a supervisory expectation, for banks to have unique, additional due diligence steps for charities or other NPO customers.

Considerations for a Risk-Based Approach

As previously stated, charities and other NPOs do not present a uniform or unacceptably high ML/TF risk; rather, the risk to banks depends on facts and circumstances specific to the customer relationship. The ML/TF risk for charitable organizations can vary dramatically depending on the operations, activities, leadership, and affiliations of the organization. U.S. charities that operate and provide funds solely to domestic recipients generally present low TF risk. However, U.S. charities that operate abroad, provide funding to, or have affiliated organizations in conflict regions, can present potentially higher TF risks.11

Charities and other NPOs are subject to federal and state reporting requirements and regulatory oversight. For example, charities report specific information annually on IRS Form 990 regarding their stated mission, programs, finances (including non-cash contributions), donors, activities, and funds sent and used abroad.12 Many NPOs also adhere to voluntary self-regulatory standards13 and controls to improve individual governance, management, and operational practice, in addition to internal controls required by donors and others. Although the CDD rule does not require the collection of this specific information, the following customer information may be useful for banks in determining the ML/ TF risk profile of charities and other NPO customers:

  • Purpose and nature of the NPO, including mission(s), stated objectives, programs, activities, and services.
  • Geographic locations served, including headquarters and operational areas, particularly in higher-risk areas where terrorist groups are most active.
  • Organizational structure, including key principals, management, and internal controls of the NPO.
  • State incorporation, registration, and tax-exempt status by the IRS and required reports with regulatory authorities.
  • Voluntary participation in self-regulatory programs to enhance governance, management, and operational practice.
  • Financial statements, audits, and any self-assessment evaluations.
  • General information about the donor base, funding sources, and fundraising methods, and for public charities, level of support from the general public.
  • General information about beneficiaries and criteria for disbursement of funds, including guidelines/standards for qualifying beneficiaries and any intermediaries that may be involved.
  • Affiliation with other NPOs, governments, or groups.

Additional information that may be useful to banks in determining the customer risk profile of a charity or other NPO is available at the U.S. Department of the Treasury’s Resource Center, Protecting Charitable Organizations.14


Charitable organizations and other NPOs build communities, relieve suffering, provide life-saving assistance, and help developing nations. During this COVID-19 pandemic, charities and other NPOs are on the front lines, both domestically and internationally, delivering medical supplies and vital assistance to areas most impacted by COVID-19. Banks that operate in compliance with applicable laws, properly manage customer relationships, and effectively mitigate risks by implementing controls commensurate with those risks are neither prohibited nor discouraged from providing banking services to charities and other NPOs. The Agencies are issuing this joint fact sheet to reaffirm that the level of ML/TF risk associated with charities and other NPOs varies; these bank customers do not present a uniform or unacceptably high ML/TF risk. The application of a risk-based approach for charities and other NPOs is consistent with existing CDD and other BSA/AML requirements.

1 Under the Bank Secrecy Act, the term “bank” is defined in 31 CFR 1010.100(d) and includes each agent, agency, branch, or office within the United States of banks, savings associations, credit unions, and foreign banks.

2 Customer Due Diligence Requirements for Financial Institutions, 81 FR 29398 (May 2016); see also 31 CFR Parts 1010, 1020, 1023, 1024, and 1026.

3 National Terrorist Financing Risk Assessment (2018), p. 23.

4 See U.S. Department of the Treasury’s Office of Foreign Assets Control (OFAC) Fact Sheet: Provision of Humanitarian Assistance and Trade to Combat COVID-19 (April 16, 2020). See also OFAC Encourages Persons to Communicate OFAC Compliance Concerns Related to the Coronavirus Disease 2019 (COVID-19) (April 20, 2020) and U.S. Department of the Treasury’s Press Release: Treasury Underscores Commitment to Global Flow of Humanitarian Aid in Face of Covid-19 Pandemic (April 9, 2020).

5 See FinCEN Advisory to Financial Institutions Regarding Disaster-Related Fraud (October 31, 2017).

6 12 CFR 208.62, 211.5(k), 211.24(f), and 225.4(f) (Federal Reserve); 12 CFR 353 (FDIC); 12 CFR 748.1(c) (NCUA); 12 CFR 21.11 and 12 CFR 163.180 (OCC); and 31 CFR 1020.320 (FinCEN).

7 12 CFR 208.63(b)(2), 211.5(m)(2), and 211.24(j)(2) (Federal Reserve); 12 CFR 326.8(b)(2) (FDIC); 12 CFR 748.2(b)(2) (NCUA); 12 CFR 21.21(c)(2) (OCC); and 31 CFR 1020.220 (FinCEN).

8 31 CFR 1010.230.

9 See 31 CFR 1010.230(e)(3)(ii) (requiring that nonprofit entities only identify a single individual with significant responsibility to control, manage, or direct the entity).

10 31 CFR 1020.210(b)(5).

11 National Terrorist Financing Risk Assessment (2018), p. 23.

12 The extensive Schedule F of Form 990 includes many categories of reporting requirements for charities with overseas activities.

13 National Terrorist Financing Risk Assessment (2018), p. 24.


Last modified on