Civil society and banks often speak different languages. In this module, learn more about the drivers behind derisking so that you can advocate for improved financial access for CSOs.
By the end of this learning package, you will:
- Understand the context in which CSOs face problems accessing adequate financial services;
- Have learnt how CSOs can address immediate financial access challenges through examples and resources;
- Be able to identify ways in which CSOs can help tackle the structural problems that fuel bank derisking.
Do CSOs face challenges when accessing adequate financial services? Research in this area reflects what CSOs already know: they face increasing difficulties accessing financial services necessary to carry out essential programmes and activities. This is especially true for CSOs that need to transfer funds across borders, those that serve communities affected by financial sanctions, and in or near conflict zones, where armed groups on terrorist lists are active. Rather than considering these activities as creating insurmountable risks to banking relationships, banks should recognise that CSOs undertake considerable efforts to protect their staff, donors, programmes, partners and recipients and to prevent abuse by terrorists and criminals. However, in some cases financial institutions, mostly banks, have closed CSOs’ accounts without explanation, delayed or denied fund transfers, and required extensive documentation for routine transactions.
The problem described above, is termed ‘derisking’. It is the trend of financial institutions terminating or restricting business relationships with clients to avoid rather than manage risk.
There are no ready legal remedies for CSOs facing derisking. In fact, the current legal and regulatory structure banks and CSOs are subject to is very much part of the problem. International standards set by the FATF require countries to follow a risk-based approach (read more on risk based approach here) in AML/CFT regulation. According to this, AML/CFT measures need to be based on evidence of existing risk and targeted to it, not broad, blanket restrictions. Despite this, in reality CSOs often face sanctions and AML/CFT rules in their countries that are “zero-tolerance” or “non-failure” regimes.These stringent rules act as disincentive for banks to serve CSOs, who are already often low-profit customers. If any error is suspected, for example banks allow illegal funds to be transferred, subsequent regulatory investigations and penalties are costly for banks. In the extreme, one outcome could be that the bank loses their licence to do business. In this environment, it is not surprising that derisking occurs.
How can we address the impact of derisking on CSOs’ work? All stakeholders, including CSOs, banks, governments and banking regulators, must gain an understanding of the drivers behind derisking decisions made by banks. These same stakeholders must then work together to change the process and outcome of these decisions. Positive examples of collaboration between financial institutions and CSOs are already demonstrating improved CSO access to banking services. But without learning and concurrent exchange, derisking will continue to undermine essential, life-saving CSO work.
What are some other factors that drive derisking?
Limited guidance
Another factor giving rise to derisking is that of limited guidance. National regulators have not provided concrete guidance that would facilitate the risk-based approach. Without this direction from regulators on how to implement a cautious and context aware, but not zero-tolerance approach, banks tend to err on the side of caution to avoid any negative consequences.
Unawareness of CSO procedures
Further, both banks and the regulators themselves lack knowledge about the risk mitigation measures and due diligence procedures that CSOs already adhere to. They are often unaware that CSOs have these procedures in order to comply with the law, and protect their programmes. There is also a lack of understanding that CSOs’ transaction patterns will differ from business operations, due to how funding works in the nonprofit sector.
Misconception of risk
Last but not least, despite ample evidence to the contrary, CSOs are perceived as being high-risk customers. In reality, terrorist operations often use sham or front organisations in order to finance themselves, rather than legitimate, government-recognised CSOs.
Example of improved practice: Detailed guidance on CSOs for banks
In 2023 the Dutch Banking Association (NVB) developed more detailed guidance to banks on CSOs. This means that in the future, CSOs, charities, sports clubs and churches will be less affected by bank investigations if the risks of money laundering or terrorist financing are low. Read more here.
Banks and CSOs often have little understanding of each other's work and their respective internal regulations. Want to learn more about the effects of this on access to financing? Watch this video and hear examples of possible pathways forward.
When watching the video, you could consider…
- Do you think banks understand the regulations that CSOs follow or the ways in which funding works in the nonprofit sector?
- Are you familiar with international and national banking regulations?
- The example from North Macedonia shows both the issues CSOs faced and a possible solution. Have you come across similar challenges be it in your own work or others? Would a solution like this work in your context?
In order to prevent terrorist financing and other illegal transactions, FATF standards, UN Security Council Resolutions, domestic sanctions and banking laws require banks to screen all customers, including CSOs, before opening an account. In this “onboarding” process banks must verify the customer’s identity and assess potential AML/CFT risks. This includes a review of the jurisdictions where the CSO operates, the kind of financial services needed and the frequency of transactions. This verification and review process is called Customer Due Diligence (CDD).
How can CSOs address financial access challenges in the short term?
- Appoint a single point of contact in the organisation to liaise with the FI.
- Create a portfolio of basic information about the organisation’s structure, governance and finances that can be shared. This can include an explanation of the regulatory oversight and compliance and internal controls, good governance and due diligence. This can be prepared in advance and re-shared if needed in the future, saving time.
- Notify the FI of anticipated changes in the NPOs’ key personnel, governance or anticipated transaction patterns.
- Contact the FI prior to initiating transactions that, without an explanation, might create concerns.
- For international transfers, provide relevant information at the beginning of the process, to avoid delays caused by EDD and follow-up information requests.
Because of the diversity of the nonprofit sector, there is no one-size-fits-all approach to CDD. Despite this, banks are expected to understand the funding and disbursement criteria (including basic information on the types of beneficiaries receiving funds) for their CSO accounts. However, banks are not expected to know the identity of each individual donor or beneficiary.
Unfortunately, most banks do not have a good understanding of how CSOs operate or how their financial transactions differ from commercial enterprises. As a result, what banks consider to be “red flags” are often typical CSO fundraising or grantmaking situations, such as a large cash deposit after an annual fundraising event.
Once an account is opened banks must monitor transactions against the information the CSO provided during the onboarding process. This includes screening against terrorist lists and media reports (which may be based on disinformation). For international transfers, U.S. sanctions lists are routinely checked because banks typically rely on U.S.-based banks to provide correspondent (intermediary) banking between the sender’s bank and the recipient’s bank.
If the bank identifies a financial activity that is inconsistent with the profile established in onboarding or involves a higher risk location, the bank will initiate an inquiry. This is referred to as Enhanced Due Diligence (EDD), which requests further information from the CSO.
The result of the EDD inquiry could be to approve the transaction after evaluating information from the CSO or deny the transfer. In many cases CSOs are told their accounts or transfers are outside the banks’ “risk appetite. This means that the risk-assessment and inquiry itself exceeds a cost the bank is willing to absorb in order to keep a relatively low-profit customer. In those cases, the CSO has been “derisked.”
CSOs report extensive and sometimes intrusive information requests from banks conducting enhanced inquiry. But why does this happen? The lack of clear guidance from regulators, coupled with serious potential legal consequences if they make a mistake, contributes to this behaviour by banks.
How can banks limit inquiries whilst being able to follow regulations? To keep inquiries within legal and reasonable limits, banks should ensure that all information collected from CSOs is relevant to the stated purpose. Banks should not ask CSOs to violate legal and ethical obligations that protect the privacy of their donors, beneficiaries and members.
How can CSOs tackle structural problems that drive derisking? Some CSOs and banks have found ways to make the current system work better, solving short-term problems. While this is a positive step, without addressing the systemic drivers of derisking, the problems will persist. To avoid that outcome and effectively tackle derisking, stakeholders must work together to generate the political will to align legal and operational standards with the risk-based approach. As the stakeholders that bear the brunt of the problem, CSOs play a key role in generating that political will.
What approach can CSOs take? Multi-stakeholder dialogues are key to creating political will amongst the relevant bodies (bank regulators in each country and the ministries of finance). Strategic dialogue between CSOs, banks and governmental authorities can collaborate to find a common denominator of due diligence and risk mitigation that satisfy AML/CFT policy goals, facilitate by banks and do not hinder the legitimate work of CSOs.
In addition to these dialogues, where possible, CSOs can advocate for legal redress mechanisms for arbitrary and discriminatory denial of financial services. Further, CSOs can make creative use of new technology to facilitate transfers to higher risk areas and get support for advocacy asks for small CSOs from government and donors. CSOs can push regulators to provide greater clarity on application of the risk-based approach so that all stakeholders have reasonably clear standards where the focus is on mitigation and management of risk, not avoidance. This clarity will allow banks to be specific in information requests and limit the amount of inquiries.
Example of improved practice: Dedicated portal for CSO clients
The Dutch bank ABN AMRO launched a dedicated portal for CSO clients. Created together with Dutch CSOs, the page features information and help for CSOs on CFT/AML regulation, how banks conduct risk assessments, and what measures CSOs might need to put in place to mitigate potential risks. To see the portal, click here.
There are challenges to making multi-stakeholder dialogues effective. For example:
- It can be difficult to get commitment and participation from banks and regulators. Some governments perceive their role as limited, saying they do not tell banks which customers to serve. To address this, CSOs must educate policymakers and regulators about the legal and structural drivers of derisking that can in fact only be addressed by the government.
- There is a significant need for all sectors – banks, CSOs and government – to understand the operations and relevant regulatory environment of the other. Without such understanding, multi-stakeholder dialogues may not lead to effective solutions. CSOs can educate governments about the diversity of the CSO sector, the regulation and oversight CSOs are subject to, and the voluntary standards and self-regulatory mechanisms CSOs follow.
How can CSOs address these challenges and advocate for adequate access to financial services?
CSOs can urge governments and financial regulators to make it clear in both policy and practice that:
- CSOs are not inherently risky customers, even when their work serves people in higher-risk areas where sanctioned entities are active.
- AML/CFT goals are consistent with promoting humanitarian and development assistance and human rights protection.
- There is a real need to establish legal safeguards for CSOs in sanctions programmes so they can make transactions necessary to support their operations.
Reflect on what you have learnt:
- Have you, or your partners experienced issues when accessing banking services? How has it impacted your activities?
- You may already take, or see other organisations taking, steps to address immediate financial access challenges, can you think of any?
- In your context, do you think commitment to multi-stakeholder dialogues would be difficult? On a national level, who would you aim to involve in a collaboration like this? Can you think of useful allies or those who would be open to work on these issues?
Testimonials
While FATF and the core philosophy of Recommendation 8 reveal good intentions of protecting the NPOs sector against any form of abuse by terrorists, its implementation is vulnerable to deliberate and intentional misapplication and contributes to bank derisking. Recently several governments across Sub-Saharan Africa have used FATF regulations to justify undue restrictions on the work of legitimate NPOs.
Financial integrity and financial inclusion are complementary, not competing goals. However, the strict liability standard for counter-terrorist financing in the U.S., along with a lack of adequate humanitarian exemptions, a patchwork of General Licenses, and lingering uncertainty leads to bank derisking.
The very small number of civil society organisations that actually pose a risk for terrorist financing, are being used to justify the imposition of blanket restrictions on the non-profit sector. The misperception of CSOs as universally high risk, is affecting their ability to open accounts and to send and receive funds. Proportionality is of the essence- policy makers, regulators, financial institutions and civil society need to cooperate to establish the right perception of risk- and thus allow CSO to do their vital work.
These stories illustrate how CSOs in different countries tried to address the challenge of bank derisking.
Click on the countries to read more! Come back soon for more stories as we expand the map!
