The ‘Panama Papers’: What lessons can NGOs learn?

2

This week, the world is reeling from two significant scandals in the space of five days, Mossack Fonseca in Panama and Unaoil in Monaco. They are both interesting cases, potentially offering fascinating insights into the shady world of illicit financial flows and their enablers. NGOs worldwide are lining up to challenge the global financial order afresh.

But as they do so, now might be a good time for them to reflect internally on the extent to which their own operations minimise the risk of involvement in the darker side of finance. One risk in particular is money-laundering – the process by which the proceeds of crime are given a veneer of legitimacy, obscuring their origin or ownership.

port-1030760_1920
Monaco

While there may be some examples of illegitimate NGOs being used as vehicles for money-laundering, there are also dangers that this risk can be over-emphasised and perhaps used unfairly to penalise local civil societies. A more common and credible risk, instead, might be that legitimate NGOs are abused by criminals during a money laundering phase known as ‘layering,’ in which multiple transactions are created, perhaps between entities, across borders and involving other fraudulent activities.

Indeed, depending on the jurisdiction, NGOs, nonprofits and charities may have explicit or implied legal obligations to minimise money-laundering risks. What all such organisations should do, however, is consider where there might be a risk of exposure and take steps to limit it.

This article suggests some common areas of particular risk. It does not, of course, advocate that NGOs avoid all these situations wholesale, nor that they are necessarily indicative of money-laundering. But, these could be situations of heightened risk and therefore our diligence in managing them should rise accordingly.

Funds from anonymous donors

mask-1249923_1920Anonymous donors are a normal feature of fundraising. We’ve all popped a few coins into a collection bucket. But where NGOs receive unusual or significant funds, with no information on their provenance, a red light should flicker into life. Anonymous giving could be the starting point for a number of laundering methodologies, perhaps even involving insiders. NGOs need to take reasonable steps to identify the sources of such contributions.

Donors with restrictive demands

Major institutional donors are likely to meet our due diligence requirements – so that’s not necessarily who we mean here. We mean the rich, local businessman who approaches our NGO to execute a project entirely of his choosing – especially where it sits outside or at the fringes of our stated mission, or where it comes with unusual requirements.

credit-card-851506_1920An example might arise from the UK. In 2013, the Charity Commission published a warning that followed a Serious Organised Crime Agency (SOCA) alert. Some British charities had been approached by an individual who wanted to give them a large donation – but the charity had to pay some of it to a foreign charity of the individual’s choosing. Alas, the person was laundering the proceeds of fraudulently-obtained credit cards, and there was no foreign charity. It was the criminal’s own bank account, and a number of charities fell for this scam.

Requests to move funds between organisations

OLYMPUS DIGITAL CAMERALet’s say you are running a social development enterprise. A company approaches you to purchase a quantity of your beautiful wooden products. You’re delighted – but then the company asks if a second company can settle the invoice on its behalf. They’ll settle up between themselves, later, it says. The red light should come on.

A second example might be what’s known as conduit funding, which is variously defined but broadly means that our NGO acts a funding intermediary without influence or control over what happens to the funds. The Canada Revenue Agency gives a good example of this here.

Requests from donors to return funds to them

RETURNED COINSLet’s say that our rich, local businessman approaches you with a proposition. He wishes to store some money in a savings account, but he doesn’t like banks. Maybe he says they’re greedy and corrupt, and he wants to help those who live out his own commitment to social justice. He suggests giving you his US$100,000 – which he will retrieve in six months, while you get to keep the interest. Red light.

Another example might be where a donor asks for a refund for some reason, perhaps stating that the donation was in error or quibbling over the extent to which the NGO delivered on its promises or stated purpose. Requests for refunds are not uncommon, and may present elevated money-laundering risk – particularly when amounts are substantial or unusual. A good defence is a clear and publicised policy on refunds.

Using Money Transfer Organisations (MTOs) in high-risk locations

IMG_2298A range of complex issues face NGOs that move funds into and around locations of elevated risk, such as conflict zones, fragile states and areas of significant terrorist activity. One of these is that we don’t know who else’s money an MTO is moving in or out of these places. If our NGO engages an unscrupulous, unregulated or badly-run MTO, there are real risks of breaching the principle of ‘do no harm’ and of reputational impact.

We need to do what we can to assure ourselves of the agent’s probity ahead of engagement. This is known as due diligence, and should include comprehensive checks on identity, legality and competence.

How can NGOs respond?

There is much that an NGO, charity or nonprofit can do to minimise the risk of abuse by money-launderers. Some of the cornerstones of a framework might include:

  • A clear organisational policy, together with an owner for the issue;
  • A system of regular and meticulous risk assessment that identifies what could happen and how best the NGO can minimise these risks;
  • Procedures that prevent, monitor and detect suspicious transactions, and meaningful due diligence of third parties (staff, volunteers, contractors, consultants, partners etc) – both informed by the risk assessment;
  • Good quality training and communication to staff and managers, prioritising the roles most likely to encounter the risk and that considers induction, reinforcement and performance management;
  • The embedding of the framework into the NGO’s governance systems and across all operations (including and especially programming), together with its ongoing monitoring and regular review.

 

FFCHGDSFind out more about the risk that fraud and corruption pose to humanitarian and global development organisations, and how they can better deter, prevent, detect and respond to it, in my book! Click here to get your copy of Fighting Fraud and Corruption in the Humanitarian and Global Development Sector from the Routledge website or Amazon!

Advertisements

Aid diversion to terrorists: 3 things NGOs need to know

This week I’ve been in Nairobi, Kenya, delivering workshops for local NGOs on minimising the risk of money-laundering and terrorist financing. Preparing the material led me to reflect on some of the conversations I’ve had with NGO managers about reducing the risk that physical assets, funds and stock might fall into the hands of those designated as terrorists, or subject to financial sanctions.

Diversion_11This presents a very challenging issue for NGOs that work in high-risk areas, and one with significant tensions at its heart. These include the tension between minimising the risk of diversion versus disrupting the delivery of aid, competing obligations on the ground, and the wider balancing act between regulation and enforcement versus guidance and capacity building.

It does not help that the international regulatory picture and sectoral response are far from coherent, and subsequently it is understandable that there are widespread misunderstandings. This is not an exhaustive article, of course,  but we’ll explore (in no particular order) some of the most common areas that have popped up in my conversations around the sector.

Audit may be unlikely to pick up incidents.

16811751576_856ea1d5f2_oAudit is a helpful process that assists managers to meet their organisational goals and minimise risks. It is not its purpose to detect financial crime (less than 20% of detected fraud cases are identified this way). That’s assuming, of course, that systematic and independent audit even happens – in remote programmes, conflict zones or humanitarian emergencies, whole projects in some organisations may see little or no independent review at all.

NGO managers need to avoid the errors of assuming that a detection-free audit is an all-clear, or that it is solely the duty of auditors to prevent and detect financial crime, rather than everybody’s responsibility. ‘Protection money’ or ‘taxes’ paid to terrorist groups can be masked as vague costs, such as ‘transport’ or ‘security.’ If identity and sanctions list checks of partners, contractors, consultants, staff and volunteers were not conducted, auditors won’t necessarily pick up positive hits either. Audit may help identify vulnerabilities, but it cannot be relied upon to spot incidents.

Instead, according to FATF, factors that might elevate an NGO’s risk include programmes in close proximity to terrorist groups, and/or those that are ‘service’-oriented; these could include construction and distributions (i.e. operations more likely to involve the movement of physical assets, funds or stock). An NGO in this position needs to ensure that it implements a meaningful risk management cycle, creating space to look for vulnerabilities and taking reasonable precautions. Risk assessment is only a bureaucratic ‘tick-box exercise’ if we let it be – it can be a powerful method to spot what could go wrong and do our best to prepare for it.

Transferring all the risk to local partners isn’t fair.

afghanistan-90761_1920In my book, I suggest that a chain of unbridled risk transfer from back-donors to INGOs to local partners has the opposite effect of protecting funds – it increases the risk of fraud and corruption. In the end, too much risk derived from decisions taken in coffee-laced, air-conditioned meetings in Brussels, London and Kabul sits on the shoulders of one Afghan worker standing in the sun at a checkpoint in Badakhshan. This is poor risk management, poor partnership-working, and poor diversion prevention.

The flow needs to be inverted. Rather than just responsibility flowing from back-donor to local organisation, communication about the nature of the risks needs to flow the other way, and provoke increased investment in capacity-building and shared responsibility. There are difficulties with reconciling programmatic objectives and terrorism risk (‘what if we really can’t access that population without a payment?’), but we will not start to address these if agencies hide behind risk transfer to avoid the conversation.

Relying on assurances of non-prosecution is dangerous.

getoutofjailIn 2015, the UK government issued guidance describing the risk of a prosecution for a terrorism offence as a result of involvement in humanitarian efforts or conflict resolution as ‘low.’ This was encouraging in terms of the British government’s recognition of the vital need for humanitarian work in conflict zones and the difficult circumstances in which it occurs. However, we need to be cautious about how we respond to this in terms of our investment in minimising the risk – we might have been here before.

In 2010, the Bribery Act led to a flurry of compliance activity amongst NGOs keen to avoid prosecution for failing to prevent bribery. According to some, however, unnamed British officials apparently indicated to nervous NGOs that their organisations were not the focus of this legislation and appeared to imply that they would not be paid much attention. Some perceive that, sadly, this well-intentioned move contributed to a dwindling of effort amongst some NGOs in developing meaningful compliance frameworks. (Ironically, in this regulation with strong ‘prevention’ requirements, it is the dwindling of effort and its consequences that could potentially elevate the chances of prosecution!)

Save_the_Children,_Westport,_CT,_USA_2012Implied assurance of non-prosecution is always caveated, is not always made by those with the correct authority, and might not relate to that which is perceived. The British guidance note, for example, does not indicate whether it is referring to placing resources in the hands of terrorists (potentially s15-18 Terrorism Act offences), failing to have sufficient systems to prevent sanctions breaches (potentially a s34 Terrorist Asset Freezing Act offence of neglect), failing to report a suspected funding offence (s19 Terrorism Act), or some of those, or none – and so on. In any event, any decisions would be made on the basis of the prevailing circumstances of the case and it is worth noting that Save the Children International were investigated by the Metropolitan Police for allegedly failing to report a suspected incident of theft by a terrorist group in Somalia.

This situation also comes with an ethical choice – if we are not to be prosecuted, is it okay to commit the offence? Our donors and supporters may have something to say about that.

Assurances of the low probability of prosecution are not literal Get Out Of Jail Free cards. Instead, a pragmatic response for NGOs might be to continue to do all that is reasonable to comply with regulations, invest in proper systems to reduce the risk of both incidents and non-compliance, and maintain dialogue with authorities on the implications for humanitarian operations generated by the intricacies of their regulatory regimes. And there is no substitute, of course, for professional legal advice.

Conclusion

As with many of the corruption risks facing NGOs, the issues are complex and difficult. NGOs require the understanding – and patience – of the public, their donors and host governments. However, there is much that NGOs can do to reduce these risks.

Many of the systems and approaches that minimise the risk of diversion represent good governance and management – creating space for proper planning and monitoring of operations, ensuring that open internal communication channels exist, investing in the coherent verification of outputs, the diligent management of third parties, and so on. Getting these things right in areas where we are more able to do so reduces overall exposure, allowing us to focus our problem-solving on the areas where things are more challenging.

Improving transparency – or, in old money, having the conversation – will start the ball rolling.