Regulating NPOs for Suspicious Activity


Growing terrorism fears are a major concern worldwide. Terrorist attacks have dismantled entire communities and thwarted the continued development of countries. Despite the enactment of various anti-money laundering regulations such as the Bank Secrecy Act in the U.S. and various statutes in other countries, as well as the release of Financial Action Task Force (FATF) guidelines, terrorists have invented various methodologies to circumvent detection and funnel money for financing their operations.

According to a FATF study, nonprofit organizations (NPOs) with the highest risk of terrorist abuse are those engaged in service activities that usually operate in close proximity to an active terrorist threat.1 This article will discuss why it is essential to monitor NPOs for suspicious activity and terrorist financing.

NPOs and Terrorist Financing

In many nations, NPOs play an important role; they significantly improve economic conditions in areas where there are conflicts and disasters. An NPO is usually formed as a charitable entity rather than for profit or financial gain. The entity’s assets and net income may not be distributed or otherwise used to benefit the corporation’s members, directors or officers except as permitted by law or as reasonable compensation for services to the corporation.2 In addition, many governments provide tax relief for these organizations and their donors.

Due to the ease of incorporation and annual reporting standards, NPOs have been used for money laundering and terrorist financing. For example, NPOs are used as fronts by many terrorist organizations and their supporting networks. Based on the CIA’s findings, it was estimated that al-Qaida received approximately $30 million of its financial resources primarily from donations.3 In addition, the 9/11 Commission stated that much of al-Qaida’s solicited cash donations were via legitimate charities, since they took advantage of Islam’s charitable giving concept—zakat.4

IRS Rulings Based on Current Revenue Recognition Rules

One of the major benefits of operating as a registered NPO in the U.S. is being tax exempt. Pursuant to the regulations of the IRS, to be considered a tax-exempt organization under the Internal Revenue Code Section 501(c)(3), these organizations must be organized and operated solely for their exempt purposes.5 All organizations registered with the IRS under said section must file an annual information return or an electronic notice based on their annual revenue as follows:

  • Gross receipts equal or less than $50,000
  • Gross receipts less than $200,000 and total assets less than $500,000
  • Gross receipts greater than $200,000 and total assets greater than or equal to $500,000
  • Private foundation regardless of financial status6

In addition, an organization with less than $50,000 in gross receipts and certain church-affiliated organizations are not required to file this annual information return7 and only need to file an electronic notice with minimal verifiable information such as employer identification number and certification that the calendar year gross receipts were less than $50,000. The donor information and the recipient of the distributed funds are also not required to be reported. This exemption has and will continue to be used by criminals for illicit purposes. Moreover, loopholes exist in the laws of many nations, making monitoring more difficult for agencies like the IRS.

According to the National Center for Charitable Statistics, more than 1.5 million NPOs were registered in the U.S. in 2015.8 Approximately 66% of these NPOs were not required to file an information return with the IRS. In addition, according to estimates by the U.S. Bureau of Economic Analysis and including NPO-serving households,9 the NPO sector contributed an estimated $985.4 billion to the U.S. economy, which composed 5.4% of GDP.10 These statistics are alarming because out of approximately 1.5 million registered charities in the U.S., only 34% were legally mandated to report their gross receipts/revenue-detailed information to the IRS. This lack of detailed information on fund flows allowed a great deal of money to go undetected.11 Other key risks associated with NPOs include lack of appropriate regulatory oversight for record-keeping thresholds, lack of source and beneficiary identifications, and lack of validation in terms of audits.

Current Issues

Present loopholes and reporting thresholds of nonprofits make detecting potential suspicious transactions difficult for the IRS, state governments and law enforcement agencies that already lack information on fund flows.

The IRS is the primary federal regulatory agency with NPO oversight responsibility. However, the IRS has not mandated reporting of suspicious activity in NPOs nor provided any monitoring tools. Incorporating mandatory reporting regardless of the size of the NPO is the key in detecting illicit fund flows. Reforms should come at the individual (nonprofit level), state or federal levels or as a combination dual system of control.

Present IRS requirements contain many loopholes beyond the lack of mandatory reporting, including revenue recognition exemptions, lack of disclosure of donor grants, and lack of donor and recipient vetting. Furthermore, NPOs are required to disclose only the disbursements of cash grants and not the receipt of cash grants. This lack of vetting may enable some donor grants to go through without adequate due diligence, potentially facilitating terrorist financing. The Treasury Department is also aware that certain extenuating circumstances and catastrophic disasters across the world make it extremely difficult for charities to adhere to even established guidelines. Finally, lack of funds to implement adequate training and appropriate systems coupled with lack of staffing creates challenges to monitor suspicious activity in a timely fashion.

Suggested Methodologies to Monitor Suspicious Activities

To follow the money, all responsible authorities (both regulators and financial institutions) may be able to help law enforcement gather intelligence on specific geographic locations of suspicious activity. Then, those areas can be focused on to identify potential terrorism-related activities such as recruitment, training facilities and the people behind the terrorist activities. Regulatory bodies need to educate the NPO sector on how having a robust internal control system that is risk-focused and can guard them against potential diversion of funds.

In terms of detecting suspicious activity, the focus should be on mapping and predicting vulnerable demographics that would need due diligence requirements for potential terrorist financing links/networks. A mandatory compliance protocol program for all registered NPOs should also be implemented. This compliance protocol program should have guidelines on detecting suspicious activity for legitimate nonprofits, the IRS and other regulatory bodies, as well as tools and methodologies to detect bogus charities and illegal fund flows regardless of the established thresholds of reporting. In addition, all NPOs should be required to register with the Financial Crimes Enforcement Network if they are either accepting donor funds or distributing cash to recipients. Even if an NPO does not accept donor funds (such as foundations and endowments), they still would provide grants, which would still provide the opportunity to send out illicit funds.

Mapping charities with international presence and focusing on charities located near disaster zones, conflict areas and other humanitarian aid zones (risky geographies) would aid law enforcement in monitoring suspicious activities. In addition, NPOs that transfer funds to risky geographies and/or receive funds from suspicious individuals must be vetted. As previously discussed, the exemption from reporting requirements that exists for NPOs that stay below the $50,000 gross receipt threshold and for religious organizations regardless of their gross receipts should be abolished for the sake of transparency.


Both national and state governments should adopt a more active role in monitoring terrorist financing via NPOs. The monitoring efforts of all states should be consistent and use a more standardized approach to avoid creating weak states with less stringent rules for forming and operating charities. These so-called weak states will likely attract money launderers and terrorists.

Regulatory bodies must work in collaboration with counterterrorism experts to increase awareness and identify emerging trends in financing strategies used by terrorists. These goals should be accomplished by having law enforcement increase its investigative focus on both sides of fund flows: tracing the sender and receiver of a transaction, which is not as simple as a traditional wire transaction consisting of only two parties. In the case of terrorist financing, there may be many layers involved in the transaction flow; funds could be embedded through series of legitimate transactions to cover and protect the identities of the perpetrator.

What government organizations can do is expand the scope of risk assessment to include methods to identify and verify NPOs’ revenue sources, expenses and methods, including conducting frequent random audits of these organizations to identify where funds donated have been used. In addition, FIs servicing NPOs should apply enhanced due diligence, especially if there are any international payments authorized or any incoming international donations to the charity. Together, the anti-financial crime industry can combat terrorist financing within NPOs and subsequently provide NPOs access to FIs’ services. 

Kishani A. Udugampola, CAMS-FCI, CFE, Federal Reserve Bank of New York

Disclaimer: The views and opinions expressed here are those of the author and do not represent an official position of the FRBNY or FRS.

  1. “Risk of Terrorist Abuse in Non-Profit Organisations,” Financial Action Task Force, June 2014,
  2. “Not-for-Profit Incorporation Guide,” New York Department of State,
  3. “The 9/11 Commission Report: Final Report of the National Commission on Terrorist Attacks Upon the United States,” National Public Radio,
  4. Greg Bruno, “Al-Qaeda’s Financial Pressures,” Council on Foreign Relations, February 1, 2010,; John Roth, Douglas Greenburg and Serena Wille, “National Commission on Terrorist Attacks Upon the United States Monograph on Terrorist Financing,” UNT Libraries: CyberCemetary Home,
  5. “Exemption Requirements – 501(c)(3) Organizations,” Internal Revenue Service,
  6. “Form 990 Series Which Forms Do Exempt Organizations File Filing Phase In,” Internal Revenue Service,
  7. “Filing Requirements,” Internal Revenue Service,
  8. “How many nonprofit organizations are there in the U.S.?” GrantSpace,
  9. These are NPOs not funded by governments. They are essentially private institutions, such as a church (a separate legal entity), that serve the public through voluntary contributions, fundraisers and other means.
  10. “All Nonprofit Organizations,”; “Bureau of Economic Analysis U.S. Department of Commerce,” Bureau of Economic Analysis,
  11. “Risks associated with money laundering and terrorist financing,” FFIEC BSA/AML,

The post Regulating NPOs for Suspicious Activity appeared first on ACAMS Today.