Image
Low Medium High Risk Compass, Civil Society in Background
Image
Low Medium High Risk Compass, Civil Society in Background
Image
Low Medium High Risk Compass, Civil Society in Background

Risk-based approach: the need for collaboration

With the risk-based approach, civil society can raise its voice and challenge the traditional narrative that nonprofits are 'particularly vulnerable' to terrorist financing abuse. In this module, you can learn how CSOs can get involved in risk assessment processes as key partners.

By the end of this learning package, you will:

  • Understand the key elements of the risk-based approach to CFT;
  • Be able to effectively engage  with governments during the risk assessment process;
  • Know how to review CFT measures to ensure they are targeted, proportionate and do not disrupt or discourage legitimate CSO activities.
Introduction

The risk-based approach (RBA) serves as the global standard for national laws intended to combat the financing of terrorism. This approach is set by the Financial Action Task Force and endorsed by the UN. The RBA requires CFT measures to be consistent with international human rights and humanitarian law. This is to ensure that there are no blanket restrictions, which could unduly disrupt or discourage the activities of legitimate civil society organisations (CSOs). FATF adopted the RBA in 2012 to make CFT measures more targeted and effective. It requires countries to “ensure that measures to prevent or mitigate money laundering and terrorist financing are commensurate with the risks identified.” It replaced the old “check-the-box” compliance approach, which often had a negative impact on CSOs. Many countries have been slow to adopt the RBA, despite its adoption in 2012. 

 

Take a moment and answer this quiz question!
Quiz
Mini Quiz CT LP3
Risk-based vs. Rule-based 

Prior to 2012, the approach to counter-terrorism financing measures, used by FATF and national governments, was the rule-based approach. This method included use of broad blanket restrictions, with no attention paid to the context and actual risk. The newer RBA instead requires that CFT measures are  based on evidence of existing risk and specifically targeted to that risk. As the World Bank has noted, “A framework designed to prevent money laundering and combat terrorist financing is most effective when it targets resources  where they will have the most effect.” In other words, a one-size-fits-all model such as the rule-based approach, is inconsistent with the current standards and is viewed as ineffective.

FATF Recommendation 8 (R8) mandates  that Terrorist Financing Risk Assessments (RA) of the non-profit sector are conducted. This is due to the sector’s unique activities, structures and diversity.  Outreach to the sector is now required throughout the process. FATF standards allow flexibility on how countries go about the risk assessment process, but emphasise that it is essential that risk be monitored on an ongoing basis. Risk assessments typically look at issues such as kidnapping for ransom, smuggling, terrorist partnerships with organised crime and donations through shell companies or sham organisations.  

The RBA is in stark contrast to traditional rule-based, zero tolerance approaches, which waste resources of both CSOs and governments and tend to hamper CSO activities. This is because rule-based approaches treat the entire CSO sector as “risky”, and impose blanket (restrictive) measures based on no demonstrable risks.  

The FATF notes that many countries have found the shift to the RBA and risk assessment of the non-profit sector challenging, due to the diversity of the sector and varying levels of risk. Some CSOs have higher risk levels, whereas “some NPOs represent little or no risk at all.” FATF also emphasises in its Terrorist Financing Risk Assessment Guidance that an ongoing engagement with the civil society is important in the success of any efforts to identify and assess TF risks within the sector. FATF evaluators will look at how the RA was conducted, whether there was outreach to CSOs and if measures are risk-based and proportionate. In cases where a country applies one-size-fits-all restrictions to CSOs, there is an opportunity for CSOs to raise objections during the evaluation process.  

 

Three steps of the RBA
Step One: Risk assessment process

FATF Recommendations 1 and 8 set out the requirements for TF risk assessments, including the assessment of the non-profit sector. FATF’s guidance manual provides in-depth information on implementation and examples of good practices, emphasising the need for coordination, stakeholder engagement and keeping the assessment up to date.  

Recommendation 8’s core principles are that countries should: 

  • Take a risk-based approach to risk assessment and CFT measures; 
  • Conduct outreach to the nonprofit sector regarding the risk assessment; 
  • Adopt measures that do not disrupt or discourage activities of legitimate CSOs

A risk assessment must not only identify threats and vulnerabilities, but also existing measures that CSOs have in place to mitigate or reduce risk. This should include good governance and transparency measures adopted by CSOs. Such measures implemented by CSOs reduce the likelihood of abuse of civil society by terrorist organisations or its potential impact. 

This image demonstrates how only a small percentage of NPO sector is actually at risk of TF abuse:

Image
NPO Sector image, showing actual NPOs, those at risk and those considered NPOs by the FATF
Step Two: Review of laws and measures 

The purpose of the review of a country’s existing laws and measures that affect CSOs identified at risk is to identify: 

  • gaps where risks are not adequately mitigated;  
  • ineffective (disproportionate) regulations that divert resources and time away from where they are needed, unduly discouraging or disrupting activities of legitimate CSOs.   

The review should go beyond formal laws and regulations, so it also includes: 

  • self-regulatory governance and transparency measures (at the CSO sector and organisational level); 
  • policy measures by government (including outreach to the CSO sector).

  

Step Three: The Outcome - Aligning laws and measures with risk

Comparing current laws and measures with risks identified as priority for resolution, the final step in the process is to determine whether or not the analysis indicates a need for changes. Sometimes countries feel they must pass new restrictions in order to meet FATF evaluators' expectations. However, it is possible that existing measures may already sufficiently address risks in a proportionate manner. 

If changes are required, regulators should:

  • Develop proportionate risk mitigation measures if gaps have been identified;
  • Replace disproportionate (ineffective) measures with risk-mitigating alternatives that do not hinder legitimate CSO activities;
  • Consider revising or repealing legislation to align measures with the risk assessment;
  • Ensure that all measures adhere to international human rights and humanitarian law standards.
Image
Threat + Vulnerability - Consequence = Risk  Image
Video explainer

Want to learn more about risk assessments and why CSOs need to be involved? Watch the video explainer.

When watching the video consider the following questions...
  • Have you encountered instances of poor risk assessments or practices that have an impact on civil society? 
  • Do you think your government is implementing the FATF risk-based approach?
  • In your country can civil society collaborate effectively in the risk assessment process? Can you think of  examples, similar to the one mentioned in Tunisia?
Video Url

Read the Stories section of the page for more examples of CSO responses to government risk assessments. 

Civil society engagement

FATF’s Recommendation 8 (R8) mandates governmental outreach to the nonprofit sector during the RA process. Its Guidance on conducting RAs states that “an assessment of TF risk will require engagement with non-government stakeholders,” including CSOs, and that experience highlights the benefits of doing so. FATF also emphasises in its Guidance that an ongoing engagement with  civil society is important in the success of any efforts to identify and assess TF risks. Therefore, when advocating for inclusion, CSOs can point to FATF’s Guidance, which promotes a multi-stakeholder process that can build trust through open dialogue and includes financial institutions as well as CSOs.  FATF also recommends that countries use a variety of means to get a representative sample of CSO input, such as including large and small organisations in the process, contacting umbrella groups and conducting surveys.  

There are some common challenges for CSOs that wish to engage in the RA process, for example: 

  • The coordinating agency is likely to be a financial intelligence unit that is not accustomed to engaging with the public and CSOs. 
  • Non-democratic governments, or those who are misappropriating CFT rules, are often not inclined to engage with CSOs. 
  • A lack of government’s experience with multi-stakeholder engagement.

Tips for CSOs to address challenges

 

  • Establish a network within your country: Creating an informal coalition can facilitate information-sharing and constructive dialogue, ensuring one coherent voice.
  • Identify allies and points of contact between your civil society coalition and the government.
  • Gain insights into the government's perspective: It's crucial to listen and address the government's specific concerns about specific risks. 
  • Conduct a shadow risk assessment if your government hasn't done so or has conducted it without involving the sector.
  • Ensure the government understands that failing to engage with CSOs will result in a poor R8 rating during FATF evaluations.
  • For more information on how to become involved in your region, consult the Global NPO Coalition on FATF.

Source: Global NPO Coalition on FATF

Reflect on what you have learnt:
  1. In your country/region, do you believe that the risk-based approach has been implemented? 
  2. Do you already have a network in your country that could be built to form a coalition for information sharing, engagement in RA and creating a shared voice?
  3. Do you think your government and regulators would engage with civil society? What takeaways from this learning package will you use to support this process?

Testimonials

Image
An image of Ben evans - a man wearing blue shirt with blue lanyard

“Many member states fail to do risk assessments, or fail to do them well… We’re still seeing examples of blanket measures imposed on all NPOs based on no demonstrable risks. … Engagement between CSOs and government tends to lead to higher quality RAs".

Ben Evans
Greenacre Associates
Image
United nations logo in blue and white

“It is essential that Member States apply a risk-based approach to ensure that the measures implemented to prevent or mitigate terrorist financing activities are commensurate with the risks identified and effective in mitigating those risks.”

UNODC
United Nations Office on Drugs and Crime
Quiz
Test your knowledge
Quiz
New CT LP3
Resources
Document
Resources
Document
Seven Phases of a Risk Assessment
What can you find on this map?

These stories illustrate how CSOs in different countries managed to influence the risk assessment of the nonprofit sector.

Click on the countries to read more and come back soon for more stories as we expand the map!

Filters
Filter stories based on focus areas