Non-Profit Organisations: Best Practices to Protect Against the Risk of Terrorist Financing
How to implement, at your own level, FATF Recommendation 8
Non-profit organisations (NPOs) — associations, NGOs, foundations, faith-based organisations, development projects — occupy an important place in our economies. Their role exposes some organisations to an unsuspected risk: that of being used, without their knowledge, as a vehicle for terrorist financing.
The Financial Action Task Force (FATF), an international body combating money laundering and terrorist financing, has devoted its Recommendation 8 to this specific risk. Since its November 2023 revision, this recommendation rests on a clear principle: the risk concerns only a minority of organisations, and protective measures must be proportionate, rather than applied uniformly across the entire non-profit sector.
|
💡 IN BRIEF
This publication is addressed directly to NPO leaders, treasurers and administrative managers. It sets out concrete actions your organisation can take on its own initiative — regardless of what the State or a regulator requires — to effectively protect itself against this risk, and to demonstrate, where needed, its good faith and management rigour to partners, donors and supervisory authorities.
|
1. Understanding that the risk does not affect all NPOs in the same way
Before acting, it helps to know where your organisation stands. The FATF itself recognises that the vast majority of non-profit organisations present only a low, or even non-existent, risk of exploitation for terrorist financing purposes. The level of risk depends notably on:
-
- Nature of activities: an organisation operating in conflict zones or areas of security instability has a different profile from a local cultural association.
- Origin of funds: unsolicited international funding, large cash donations, cross-border fundraising.
- Destination of funds: geographic areas of intervention, local partners, subcontractors.
- Degree of formalisation: quality of the organisation's governance and internal controls.
The risk profiles identified (FATF classification)
National assessments carried out under the FATF framework (and echoed by regional bodies such as GABAC in Central Africa) typically classify NPOs according to two broad distinctions, combined with one another:
-
- By type of activity: “fundraising” NPOs, primarily oriented towards raising funds and redistributing them to third parties or partners; and “service” NPOs, which directly implement activities on the ground — this second category is considered more exposed when operating in close proximity to an active terrorist threat.
- By category of organisation: sectoral assessments typically distinguish religious NPOs, social NPOs (humanitarian aid, development), international NPOs (NGOs with transnational branches), and cultural NPOs.
The risk-level scale
Beyond these profiles, the FATF and regional bodies rate NPOs on a risk scale, by cross-referencing the level of threat with the level of vulnerability specific to each organisation. The current trend favours a four-level scale:
|
Risk level
|
Meaning and practical scope
|
|
Low
|
Virtually non-existent or nil risk: basic vigilance and rigorous accounting are generally sufficient.
|
|
Moderate
|
Risk is present but limited: occasional enhanced vigilance is recommended for certain transactions or partners.
|
|
High
|
Significant risk: enhanced controls and close monitoring of financial flows are expected.
|
|
Very High
|
Confirmed risk: maximum vigilance measures, or even immediate mitigation measures (external audit, precautionary freeze, reporting to authorities).
|
Some countries or sectors still use a simplified three-level scale (Low / Medium / High) — both scales coexist depending on the jurisdiction and national methodology.
Good practice #1: conduct your own risk self-assessment. Do not wait for an external review to ask the question. A simple internal exercise, carried out once a year, allows the organisation to know where it stands and to adjust its vigilance measures accordingly.
2. Knowing your partners, beneficiaries and staff
Good practice #2: exercise reasonable vigilance over third parties.
-
- Verify the identity and reputation of partners before transferring funds to them, particularly for a first-time collaboration or in a sensitive area of intervention.
- Be attentive to requests for large cash payments, unusual financial arrangements, or partners refusing any transparency on the use of transferred funds.
- Raise awareness among staff and volunteers involved in financial management about warning signs (opaque financial arrangements, unjustified urgency of a transfer, an end beneficiary that cannot be identified).
Good practice #3: formalise your governance.
-
- Clearly define who, within the organisation, is authorised to commit expenditure and approve transfers.
- Put in place a dual-signature rule above a certain amount.
- Document board decisions relating to significant funding or new partnerships.
3. Adopting a risk-based approach, proportionate to your size
The FATF insists on this point: there is no one-size-fits-all solution. A small local association should not feel obliged to replicate the control systems of a large international NGO.
Good practice #4: align your vigilance measures with your actual risk profile.
-
- A low-risk organisation can rely on rigorous accounting and reduced vigilance.
- A higher-risk organisation would benefit from strengthening its controls: periodic external audit, designation of a compliance officer, written vigilance procedures.
|
⚠️ POINT OF CAUTION
This principle of proportionality also protects the organisation itself: controls disproportionate to its size consume resources that should serve its social mission. The FATF itself warns against excessive measures — requiring a systematic external audit or a dedicated compliance officer makes no sense for an association facing low or no risk.
|
4. Maintaining traceable financial accounting and documentation
This is the simplest, most expected, and often most neglected measure.
Good practice #5: systematically document the origin and destination of funds.
-
- Keep supporting documents for each donation or grant received (donor identity, amount, date, method of payment).
- Keep supporting documents for the use of funds (invoices, contracts, activity reports), including for funds redistributed to partners or end beneficiaries.
- Maintain an up-to-date centralised donor register, including for in-kind donations or bequests — an obligation which, in the OHADA area, is now also required under the SYCEBNL.
Good practice #6: separate funds by project or by source of funding. Accounting that clearly distinguishes each project, each donor and each area of intervention allows the organisation to quickly answer any question about the traceability of a particular funding source, without having to reconstruct information after the fact.
|
💡 GOOD TO KNOW
In the OHADA area, the SYCEBNL (Accounting System for Non-Profit Entities), in force since 1 January 2024, already makes it mandatory to maintain a registered and stamped donor register. An organisation compliant with the SYCEBNL has therefore already laid much of the groundwork expected under Recommendation 8 regarding financial traceability.
|
5. Engaging in dialogue rather than simply complying: building a relationship of trust with authorities
Good practice #7: actively participate in consultations and awareness sessions organised by authorities. When supervisory authorities (ministry of territorial administration, financial intelligence unit, sectoral regulators) organise consultations or training on AML/CFT compliance, participating allows the organisation to better understand actual expectations — often more measured than one might imagine — and to raise practical difficulties encountered in the field.
Good practice #8: anticipate rather than react. An organisation that can demonstrate, with supporting documents, that it already applies these good practices is in a stronger position when facing a review — whether from the national regulator or an international donor requiring compliance guarantees before funding a project.
6. What not to do: pitfalls to avoid
|
🚫 ABSOLUTELY AVOID
• Ignoring transparency requests from administrative authorities and partners: refusing to provide information on the origin of funds is one of the leading causes of suspicion currently affecting many legitimate NPOs.
• Accepting funds whose origin cannot be clearly established, even if the amount is significant for the organisation.
• Leaving financial management to a single person without any cross-checking, including in small organisations.
• Confusing administrative burden with actual security: the goal is not to accumulate documents, but to be able to answer, when needed, legitimate questions about the origin and destination of funds.
|
|
💡 KEY TAKEAWAY
These good practices are not intended to turn every association into a supervised financial institution: they aim to protect the non-profit sector itself, its reputation, its ability to access banking services and international funding, and above all its mission — by excluding the small number of abuse cases that, without this, cast suspicion on an entire sector that is essential to our societies.
|
1. FATF (2012, updated 2025), The FATF Recommendations — Recommendation 8 and its Interpretive Note. www.fatf-gafi.org/en/publications/Fatfrecommendations/Fatf-recommendations.html
2. FATF (2023), Best Practices on Combating the Abuse of Non-Profit Organisations. www.fatf-gafi.org/content/dam/fatf-gafi/guidance/BPP-combating-abuse-non-profit-organisations.pdf
3. FATF (November 2023), Protecting non-profits from abuse for terrorist financing through the risk-based implementation of revised FATF Recommendation 8. www.fatf-gafi.org/en/publications/Fatfrecommendations/protecting-non-profits-abuse-implementation-R8.html
4. GABAC (2022), Mutual Evaluation Report of Cameroon — Anti-money laundering and counter-terrorist financing measures. www.fatf-gafi.org/content/dam/fatf-gafi/fsrb-mer/GABAC-French-Mutual-Evaluation-Report-Cameroun-2022.pdf
5. OHADA (December 2022), Uniform Act on the Accounting System for Non-Profit Entities (SYCEBNL), in force since 1 January 2024. www.ohada.org
6. CENTIF Côte d'Ivoire (2025), Sectoral Risk Assessment Report on Non-Profit Organisations (NPOs).
This publication is an educational synthesis prepared from the sources listed above; it does not replace consultation of the official texts of the FATF, GABAC or OHADA for any compliance decision.