Non-Profit Organisations: Best Practices to Protect Against the Risk of Terrorist Financing
How to implement, at your own level, FATF Recommendation 8
Why this publication?
Non-profit organisations (NPOs) — associations, NGOs, foundations, faith-based organisations, development projects — occupy an important place in our economies. Their role exposes some organisations to an unsuspected risk: that of being used, without their knowledge, as a vehicle for terrorist financing.
The Financial Action Task Force (FATF), an international body combating money laundering and terrorist financing, has devoted its Recommendation 8 to this specific risk. Since its November 2023 revision, this recommendation rests on a clear principle: the risk concerns only a minority of organisations, and protective measures must be proportionate, rather than applied uniformly across the entire non-profit sector.
|
💡 IN BRIEF This publication is addressed directly to NPO leaders, treasurers and administrative managers. It sets out concrete actions your organisation can take on its own initiative — regardless of what the State or a regulator requires — to effectively protect itself against this risk, and to demonstrate, where needed, its good faith and management rigour to partners, donors and supervisory authorities. |
1. Understanding that the risk does not affect all NPOs in the same way
Before acting, it helps to know where your organisation stands. The FATF itself recognises that the vast majority of non-profit organisations present only a low, or even non-existent, risk of exploitation for terrorist financing purposes. The level of risk depends notably on:
The risk profiles identified (FATF classification)
National assessments carried out under the FATF framework (and echoed by regional bodies such as GABAC in Central Africa) typically classify NPOs according to two broad distinctions, combined with one another:
The risk-level scale
Beyond these profiles, the FATF and regional bodies rate NPOs on a risk scale, by cross-referencing the level of threat with the level of vulnerability specific to each organisation. The current trend favours a four-level scale:
|
Risk level |
Meaning and practical scope |
|
Low |
Virtually non-existent or nil risk: basic vigilance and rigorous accounting are generally sufficient. |
|
Moderate |
Risk is present but limited: occasional enhanced vigilance is recommended for certain transactions or partners. |
|
High |
Significant risk: enhanced controls and close monitoring of financial flows are expected. |
|
Very High |
Confirmed risk: maximum vigilance measures, or even immediate mitigation measures (external audit, precautionary freeze, reporting to authorities). |
Some countries or sectors still use a simplified three-level scale (Low / Medium / High) — both scales coexist depending on the jurisdiction and national methodology.
Good practice #1: conduct your own risk self-assessment. Do not wait for an external review to ask the question. A simple internal exercise, carried out once a year, allows the organisation to know where it stands and to adjust its vigilance measures accordingly.
2. Knowing your partners, beneficiaries and staff
Good practice #2: exercise reasonable vigilance over third parties.
Good practice #3: formalise your governance.
3. Adopting a risk-based approach, proportionate to your size
The FATF insists on this point: there is no one-size-fits-all solution. A small local association should not feel obliged to replicate the control systems of a large international NGO.
Good practice #4: align your vigilance measures with your actual risk profile.
|
⚠️ POINT OF CAUTION This principle of proportionality also protects the organisation itself: controls disproportionate to its size consume resources that should serve its social mission. The FATF itself warns against excessive measures — requiring a systematic external audit or a dedicated compliance officer makes no sense for an association facing low or no risk. |
4. Maintaining traceable financial accounting and documentation
This is the simplest, most expected, and often most neglected measure.
Good practice #5: systematically document the origin and destination of funds.
Good practice #6: separate funds by project or by source of funding. Accounting that clearly distinguishes each project, each donor and each area of intervention allows the organisation to quickly answer any question about the traceability of a particular funding source, without having to reconstruct information after the fact.
|
💡 GOOD TO KNOW In the OHADA area, the SYCEBNL (Accounting System for Non-Profit Entities), in force since 1 January 2024, already makes it mandatory to maintain a registered and stamped donor register. An organisation compliant with the SYCEBNL has therefore already laid much of the groundwork expected under Recommendation 8 regarding financial traceability. |
5. Engaging in dialogue rather than simply complying: building a relationship of trust with authorities
Good practice #7: actively participate in consultations and awareness sessions organised by authorities. When supervisory authorities (ministry of territorial administration, financial intelligence unit, sectoral regulators) organise consultations or training on AML/CFT compliance, participating allows the organisation to better understand actual expectations — often more measured than one might imagine — and to raise practical difficulties encountered in the field.
Good practice #8: anticipate rather than react. An organisation that can demonstrate, with supporting documents, that it already applies these good practices is in a stronger position when facing a review — whether from the national regulator or an international donor requiring compliance guarantees before funding a project.
6. What not to do: pitfalls to avoid
|
🚫 ABSOLUTELY AVOID • Ignoring transparency requests from administrative authorities and partners: refusing to provide information on the origin of funds is one of the leading causes of suspicion currently affecting many legitimate NPOs. • Accepting funds whose origin cannot be clearly established, even if the amount is significant for the organisation. • Leaving financial management to a single person without any cross-checking, including in small organisations. • Confusing administrative burden with actual security: the goal is not to accumulate documents, but to be able to answer, when needed, legitimate questions about the origin and destination of funds. |
Summary
|
💡 KEY TAKEAWAY These good practices are not intended to turn every association into a supervised financial institution: they aim to protect the non-profit sector itself, its reputation, its ability to access banking services and international funding, and above all its mission — by excluding the small number of abuse cases that, without this, cast suspicion on an entire sector that is essential to our societies. |
References and sources
1. FATF (2012, updated 2025), The FATF Recommendations — Recommendation 8 and its Interpretive Note. www.fatf-gafi.org/en/publications/Fatfrecommendations/Fatf-recommendations.html
2. FATF (2023), Best Practices on Combating the Abuse of Non-Profit Organisations. www.fatf-gafi.org/content/dam/fatf-gafi/guidance/BPP-combating-abuse-non-profit-organisations.pdf
3. FATF (November 2023), Protecting non-profits from abuse for terrorist financing through the risk-based implementation of revised FATF Recommendation 8. www.fatf-gafi.org/en/publications/Fatfrecommendations/protecting-non-profits-abuse-implementation-R8.html
4. GABAC (2022), Mutual Evaluation Report of Cameroon — Anti-money laundering and counter-terrorist financing measures. www.fatf-gafi.org/content/dam/fatf-gafi/fsrb-mer/GABAC-French-Mutual-Evaluation-Report-Cameroun-2022.pdf
5. OHADA (December 2022), Uniform Act on the Accounting System for Non-Profit Entities (SYCEBNL), in force since 1 January 2024. www.ohada.org
6. CENTIF Côte d'Ivoire (2025), Sectoral Risk Assessment Report on Non-Profit Organisations (NPOs).
This publication is an educational synthesis prepared from the sources listed above; it does not replace consultation of the official texts of the FATF, GABAC or OHADA for any compliance decision.
Nous encourageons activement l'échange de bonnes pratiques pour enrichir continuellement nos méthodologies et offrir des solutions optimales à nos clients.
