If your nonprofit operates outside the United States, you now have additional reasons to worry about your organization being associated with – and abused by – terrorists or terrorist groups. Absent additional internal controls and heightened due diligence, your nonprofit is at risk of not only government-imposed fines and penalties, but also private sector lawsuits and damages.

From the government side, the additional pressure comes from the renewed focus the Financial Action Task Force (FATF)1 is placing on the risk to nonprofits of terrorist abuse. Earlier this year, FATF published an extensive study listing the threats to nonprofits from terrorist entities, the drivers of the threats, and the complexities facing stakeholders (nonprofits, governments, and others). This study was a follow-up to one of FATF's original 2001 recommendations:

Nonprofit organisations are particularly vulnerable [to abuse for the financing of terrorism], and countries should ensure that they cannot be misused: (a) by terrorist organisations posing as legitimate entities; (b) to exploit legitimate entities as conduits for terrorist financing, including for the purpose of escaping asset-freeze measures; and (c) to conceal or obscure the clandestine diversion of funds intended for legitimate purposes to terrorist organisations.2

Why should a non-U.S., multilateral organization's study concern U.S. nonprofits? Almost every major development in U.S. anti-money laundering (AML) and counter-financing of terrorism (CFT) in the last ten years has come from FATF recommendations and studies.

The Financial Crimes Enforcement Network (FinCEN), the arm of the U.S. Treasury that oversees and enforces U.S. AML laws, recognizes FATF as "the global standard setter for combating money laundering and the financing of terrorism and proliferation."3 FATF conducts independent reviews of member countries' (including the United States') AML/CFT systems and compliance with FATF recommendations, publishing its findings in FATF public compliance reports.4

The most recent example of FATF's influence on U.S. law is FinCEN's "beneficial ownership" rulemaking.5 The rulemaking arose from FATF's Customer Due Diligence (CDD) recommendations, and subsequent FATF Reports, stating that a country's CDD measures must require:

Identifying the beneficial owner, and taking reasonable measures to verify the identity of the beneficial owner…For legal persons and arrangements this should include financial institutions understanding the ownership and control structure of the customer.6

We can, therefore, expect that the "nonprofit organization" recommendation will be incorporated into U.S. law in the near future. This will result in additional governmental oversight and, as to potential civil liability, will place heightened standards and obligations on nonprofits to police themselves to ensure they are neither supporting nor being used by terrorist organizations.

The second factor comes from the private sector and is illustrated by the September 22, 2014, U.S. district court decision that Arab Bank Plc., by doing business with Hamas leaders, is responsible for funding terrorist acts in violation of the U.S. Anti-Terrorism Act (ATA).7 This is a private action brought by U.S. victims of attacks and, in some cases, their surviving relatives. The decision will be appealed and a separate trial held on damages.

The ATA gives a private right of action for treble damages to any U.S. national injured "in his or her person, property, or business by reason of an act of international terrorism." 18 U.S.C. § 2333(a). The theory of the case is that U.S. law prohibits persons from knowingly (defined to include "being deliberately indifferent to") providing material support to a terrorist organization.

The confluence of (1) a nonprofit's current obligations under U.S. economic sanctions laws; (2) the probable increase in internal control requirements based on the FATF recommendation; and (3) the likelihood of private lawsuits based on aid provided to any designated terrorists organization, increases the threat of liability from governmental or private action. The failure of a nonprofit to meet a potentially heightened internal control standard based on the FATF recommendation and study will make it easier for a private litigant to prove liability under the ATA.

In sum, nonprofits now face higher compliance obligations with regard to U.S. economic sanctions and, similarly, higher threats of civil and criminal fines and penalties. Nonprofits cannot, however, have tunnel vision in this field. They must remain aware of developments with regard to a number of closely related laws:

  1. Anti-corruption laws of (a) the United States (such as the Foreign Corrupt Practices Act [FCPA]); (b) countries in which an organization carries out charitable activities; and (c) any other country in which an organization has a presence (such as the United Kingdom, which has a relatively new, and broad, anti-bribery act).
  2. Anti-money laundering and economic sanctions laws of the countries in which a nonprofit either has a presence or carries out its mission.
  3. New foreign bank account reporting rules for U.S. organizations (such as the Foreign Account Tax Compliance Act [FATCA], in addition to the more familiar Foreign Bank Account Report [FBAR] rules).
  4. Anti-boycott compliance and reporting requirements administered by the U.S. Departments of Commerce and Treasury.

Carrying these standards into practice requires careful thought and planning by a nonprofit. Initial mitigation steps to reduce the risk of liability include:

  1. Follow the AML/CFT rules applicable to financial institutions, particularly if your nonprofit works in unsettled parts of the world that are subject to U.S. economic sanctions.
  2. Know your donors and the sources of your donors' funds.
  3. Know your recipients and your recipients' projects.
  4. Check all funders, staff, board members, suppliers, and recipients against the U.S. Department of Treasury Office of Foreign Assets Control (OFAC) lists.
  5. Install, use, and maintain strong internal controls on people, projects, and funds.

Together, these steps can go a long way to help minimize your organization's risk when carrying out its mission abroad.