Anti-Money Laundering and Countering the Financing of Terrorism in the Non-Profit Sector: Practical Strategies for Risk Mitigation and Compliance

Table of contents:

1. Align AML to Your Risk Exposure

2. Prioritize Data Quality as a Foundation

3. Embed AML into Operational Workflows

4. Use a Flexible, Risk-Based Approach

5. Build Internal Knowledge and Ownership

Closing thoughts: From Obligation to Operational Strength

Non-governmental organizations (NGOs) play a vital role in global humanitarian, development, and social justice efforts. But their operations often place them at the intersection of complex regulations and high-risk financial environments. 

These entities operate in some of the most complex financial and geopolitical environments—collecting funds from donors around the world, disbursing those funds across borders, and partnering with diverse suppliers and other entities. This operational context exposes them to potential misuse by bad actors, including those seeking to exploit charitable networks for money laundering or terrorism financing purposes. In addition, NGOs have an increased risk of inadvertently transferring funds to listed entities and individuals due to the locations in which they operate. 

In response to growing regulatory requirements and expectations and internal risk management goals, many NGOs are strengthening their anti-money laundering (AML), countering the financing of terrorism (CFT), and sanctions screening programs. International NGOs share unique challenges and best practices that can help guide NGOs toward more effective prevention and detection of financial crimes. 

Developed in collaboration with WaterAid in the UK and DanChurchAid (DCA) in Denmark, this guide outlines practical, field-tested strategies for strengthening AML/CFT compliance practices within non-profits—focusing on five key pillars: risk alignment, data quality, workflow integration, screening methodology, and internal enablement. 

1. Align AML to Your Risk Exposure 

One size does not fit all. AML programs must reflect the unique operational footprint, funding model, and geographic exposure of each organization. NGOs operating in or funding projects in sanctioned or high-risk regions face a heightened need for precision and rigor in their risk tolerance, appetite, assessment, due diligence, and controls. 

Best practices: 

• Map your risk profile based on regions of operation, partners, and types of services delivered. As part of that, also consider statutory/regulatory requirements in countries of operation (e.g., financing of terrorist organizations and excluded parties) as well as donor requirements and expectations. 

• Tailor screening and due diligence in frequency, depth, and scope—not just regulatory minimums. Ensure that activities are proportionate to the risks. Be clear on the objectives of your screening program and tailor it accordingly (e.g., Is it intended to identify money laundering/financial crime? Act as a deterrent? Demonstrate statutory compliance or donor compliance? Or is it all those things?). 

• Use both global and local watchlists to ensure you are catching relevant risks in your areas of operation. Suggested watchlists include Transparency International’s Corruption Perception Index, the United Nations Security Council’s Consolidated List, the EU Consolidated Financial Sanctions List, the US Office of Foreign Assets Control (OFAC) Sanctions List, the UK Office of Financial Sanctions Implementation (OFSI) Consolidated List, and the UK Home Office Proscribed Terrorist List, and the World Bank Listing of Ineligible Firms and Individuals.  

Field experience: 

WaterAid has a range of existing internal controls designed to mitigate the risk of money laundering. With a strict donor refunds policy, for example, it would be difficult for organized crime to make a large donation of “dirty” money and then request that refunds be made in clean money.  

An even bigger risk is donor compliance. “Increasingly, large institutional and corporate donors are expecting there to be some kind of screening checks,” said Mark Lomas, Global Head of Assurance at WaterAid. In response, WaterAid established a program that is proportionate to the risks and provides evidence to donors of its checks. And, of course, good donor compliance increases the likelihood of further funding! 

2. Prioritize Data Quality as a Foundation 

Poor data = poor results. The effectiveness of any AML system depends heavily on the quality of the data being used for screening and due diligence. In the non-profit context, data often originates from diverse sources, field staff, or legacy systems—introducing inconsistencies that can lead to false positives or missed risks. 

Best practices: 

• Standardize and validate name and address data before entering your AML/CFT compliance platform. 

• Clean and enrich data with additional identifiers where available (e.g., dates of birth, national ID numbers). 

• Establish feedback loops with teams entering data to improve consistency and accountability. 

Field experience: 

Mark Lomas at WaterAid knows it takes time and effort to investigate potential matches with proscribed lists. Clearly, the better the data at the outset, the better the results. When screening individuals, it takes little extra effort to include data on gender, country of origin, and passport/ID numbers.  

“Country of origin, in particular, has helped us to efficiently investigate and conclude on potential matches; for instance, where you get numerous matches with a particular name that originates from just one country,” said Lomas. 

3. Embed AML into Operational Workflows 

AML and sanctions screening cannot be afterthoughts. They must be integrated into the core operational processes of the organization—from onboarding grantees or suppliers to releasing payments or launching field projects. 

Best practices: 

• Conduct initial screening as a key part of program partner, donor, and supplier due diligence (and in pre-employment checks for screening staff), on a regular basis according to transaction frequency, project duration, or geographic volatility. 

• Integrate the AML process into payment or grant approval workflows to ensure checks happen before funds move. 

• Automate where possible to reduce manual overhead and improve response times. 

Field experience: 

WaterAid’s very first screening checks were focused only on implementing partners in their country program, and then only after they had already started working with them. The checks were done at its head office in London and were considered to be an admin add-on.  

“Now, we have trained some staff in our country programs so that checks can be conducted as part of the selection and due diligence process for new partners, making it much more effective and efficient,” said Lomas. 

4. Use a Flexible, Risk-Based Approach 

Nonprofits often operate in regions where names and places are transliterated in multiple ways. Rigid approaches can result in a flood of false positives, while overly loose settings can introduce risk. The key is to use an adaptable, risk-based methodology. 

Best practices: 

• Choose an AML platform that supports configurable, advanced matching to account for regional name variations. 

• Calibrate match thresholds based on risk—use tighter settings for higher-risk payments and more lenient thresholds for low-risk areas, with oversight. 

• Implement tiered alert handling, allowing lower-risk hits to be fast-tracked while ensuring escalation of higher-risk cases. 

Field experience: 

• WaterAid believes that even if it’s brief and simple, documenting your approach is critical to screening effectiveness. To ensure everyone is clear, the organization has included the following in its policy: Purpose and why checks are conducted (e.g., statutory compliance, Charity Commission guidance, donor requirement, etc.) 

• Scope, such as which organizations and individuals will be screened and against which proscribed lists, based on the organization’s risk assessment, to ensure such activities are effective and proportionate. 

• Responsibility, including who will conduct the different checks, who will investigate potential matches, and what happens next if a match is confirmed. 

“At a very early stage, we selected a platform that we felt could deliver the above, would be easily used by staff, and which represented a good value for the money given the need to spend charitable resources carefully,” said Lomas.

DanChurchAid’s AML/CFT platform is designed to be sensitive to regional contexts because financial crime risks vary significantly across the countries in which it operates. This sensitivity ensures its measures are proportionate, applying stronger controls where risk is high, and avoiding unnecessary burdens where risk is low.  

“A one-size-fits-all approach would slow down our operations, strain partner relationships, and divert resources from where they are most needed,” said Han van Kammen, Compliance Coordinator at DanChurchAid.  

By allowing Country Programs to assess local risk factors and tailor mitigation accordingly, DanChurchAid’s AML/CFT framework supports an approach of focusing efforts where they have the greatest impact, while enabling timely and responsible program delivery. 

5. Build Internal Knowledge and Ownership 

Effective AML/CFT compliance requires more than technology. It depends on people who understand its purpose and how to execute it responsibly. Front-line and field staff must be trained and empowered to support compliance goals. 

Best practices: 

• Provide regular, practical training tailored to different roles, particularly those entering or reviewing data. 

• Develop guidance and playbooks for resolving screening alerts, especially in remote or decentralized teams. 

• Encourage a compliance-aware culture, where AML is seen as enabling the mission, not obstructing it. 

Field experience: 

From the beginning, one of WaterAid’s key drivers has been donor compliance. The risks are fairly obvious: failure to comply with donor requirements can result in repayment of funds, a reduced likelihood of future grants, and broader reputational damage.  

“Our staff understand these risks and how real they are, particularly now, at a time of so much pressure on charity funding,” said Lomas. “The more trained and engaged our staff is in the screening process, the better the risk awareness,” he added. 

At DanChurchAid, AML/CFT and screening training have played a key role in empowering Country Program staff to make informed decisions based on their analysis. By building their confidence and understanding of compliance principles, staff are better equipped to assess partner and program risks locally, without having to rely entirely on Head Office input. This has improved both the speed and quality of decision-making. As a result, compliance is more integrated into daily operations, and DanChurchAid’s AML/CFT operations are stronger and more sustainable across diverse settings. 

From Obligation to Operational Strength 

As AML expectations rise, non-profits cannot afford to treat compliance as a back-office, box-checking exercise. A robust, data-driven AML program is essential to securing funding, establishing and maintaining banking relationships, and delivering impact responsibly. In fact, banks may decline to take on clients that lack an AML/CFT program. 

By aligning AML and sanctions screening practices with organizational risk, investing in data quality, embedding controls into workflows, and empowering teams, NGOs can move beyond basic compliance—transforming AML/CFT compliance into a true operational safeguard.  

Learn more about how FinScan helps NGOs to fight financial crime or book a discovery call today.