Introduction
Every bank providing accounts to NGOs or nonprofit organizations in Africa is already subject to FATF Recommendation 8, whether or not their compliance teams are treating it that way. This standard requires a risk-based approach to the NPO sector, not a blanket refusal and not a blanket acceptance. Getting this wrong carries regulatory exposure in both directions.
The challenge is calibrating KYB for a sector where the structure of legitimate organizations can look, on the surface, exactly like the structures used to misuse charitable funds for terrorist financing. Cross-border fund flows, cash disbursements to underserved regions, and international donor networks are hallmarks of effective humanitarian work and hallmarks of the typologies regulators are trained to flag. This article explains how to build a KYB program that does both jobs at once.
Why NGOs and NPOs Are Classified as a High-Risk Category Under FATF
FATF's updated Recommendation 8 revised most recently in 2023, identifies the non-profit sector as particularly vulnerable to terrorist financing abuse. The vulnerability is structural, not reputational.
NGOs collect funds from donors across borders, sometimes from anonymous or pseudonymous sources with limited documentation of the ultimate source of funds. Many operate in fragile states or conflict-affected areas where terrorist and extremist groups are active, creating risk that funds intended for legitimate humanitarian purposes could be diverted.
Cross-border fund transfers from international development agencies, foundations, and private donors to local partner organizations create multiple opportunities for diversion at each transfer point. Where banking infrastructure is limited, NGOs often disburse funds in cash, which is harder to trace than electronic payments and more susceptible to interception.
Smaller community-based organizations may have limited governance structures, weak internal controls, and no financial audit history, creating conditions in which financial misuse can go undetected for extended periods.
READ ALSO: AML Compliance for Neobanks and Digital Banks in Africa: CBN, FSCA, and BCEAO Requirements in 2026
FATF Recommendation 8: What It Requires of African Banks
FATF Recommendation 8 requires banks to apply a risk-based approach to NGO customers, not blanket de-risking. Banks must identify NPOs that present elevated terrorism financing risk, apply enhanced due diligence proportionate to that risk, and monitor transactions for fund diversion. FATF explicitly discourages categorical refusal of banking services to the NGO sector.
The 2023 revision of FATF Recommendation 8 clarifies that countries must review which subset of the NPO sector is genuinely at risk of terrorist financing abuse, rather than treating all NPOs as equally high-risk. For financial institutions, this translates into three practical obligations:
1. Assess the terrorism financing risk posed by each NGO customer based on its funding sources, geographic activities, sector focus, and governance quality.
2. Apply enhanced due diligence proportionate to assessed risk, not a uniform EDD treatment for all NGOs.
3. Avoid de-risking; do not categorically refuse banking services to NGOs as a class. FATF has identified blanket de-risking of the NPO sector as a harmful compliance overreaction that cuts legitimate charitable organizations off from banking services without improving AML outcomes.
The risk-based approach demands judgment, documentation, and a structured methodology, not a checkbox.
CBN NPO AML Guidelines in Nigeria: What Banks Must Do
The CBN AML/CFT/CPF Regulations 2022 classify NGOs as a designated category requiring specific due diligence. Nigerian banks have four non-negotiable requirements when onboarding NGO customers.
First, banks must verify the NGO's registration with the relevant government body. For incorporated NPOs, this means a current registration with the Corporate Affairs Commission (CAC). For unincorporated NGOs, this means verifying registration with SCUML, the Special Control Unit Against Money Laundering, which supervises AML compliance for Designated Non-Financial Businesses and Professions, including NGOs, under the Money Laundering (Prevention and Prohibition) Act 2022.
Second, banks must conduct enhanced due diligence for NGOs falling into elevated-risk categories: those receiving international funding, those operating in conflict-affected Nigerian states, or those active in sectors the CBN has identified as higher-risk for terrorism financing.
Third, transaction monitoring must be calibrated to detect fund diversion; specifically, whether funds received for stated charitable purposes are disbursed in a manner consistent with those purposes.
Fourth, banks must document their KYB rationale and maintain records of the due diligence conducted, including copies of SCUML registration certificates and CAC documentation.
SCUML Registration: A Non-Negotiable Verification Step
Under the Money Laundering (Prevention and Prohibition) Act 2022, operating as an NGO in Nigeria without SCUML registration is an offense. Banks must verify SCUML registration for every NGO customer at onboarding, and any NGO that cannot produce a current SCUML certificate should not be onboarded until registration is confirmed.
FIC Act Requirements for NPOs in South Africa
In South Africa, NPOs are not directly classified as Accountable Institutions under the Financial Intelligence Centre Act (FICA). However, banks that provide services to NPO customers are accountable institutions and carry full KYB obligations for those customers.
South African banks must conduct customer due diligence on the NPO as a legal entity, identify and verify the identities of all beneficial owners and persons who exercise effective control over the organization's funds and activities, and assess the NPO's risk profile based on its funding sources, geographic activities, sector focus, and governance characteristics.
The South African Non-Profit Organisations Act of 1997 provides a voluntary registration framework for NPOs through the Department of Social Development. While registration is not mandatory, registered NPOs carry greater regulatory transparency, and banks may use DSD registration as a positive factor in their KYB risk assessment.
Enhanced due diligence applies when the risk assessment indicates elevated risk. Senior management approval is required before establishing or continuing a relationship with a high-risk NPO customer under FICA standards.
KYB Due Diligence for NGOs: A Step-by-Step Framework
KYB for NGOs requires verifying legal registration (CAC, SCUML, DSD); identifying and verifying all trustees and executive officers; documenting the source of funding through grant agreements and audited accounts; assessing the NGO's charitable activities and geographic reach; and screening all principals against sanctions lists and PEP databases before account opening.
The following table sets out the complete KYB documentation and verification framework for NGO customers:
KYB Element | Document/Source Required | Risk Relevance |
| Legal entity verification | CAC certificate, SCUML registration, DSD registration | Confirms legal existence and regulatory standing |
| Governance and leadership | Constitution, board resolution, trustee ID documents | Identifies authorised signatories and controllers |
| Source of funding | Grant agreements, donor disclosures, audited accounts | Assesses legitimacy and origin of funds |
| Purpose and activities | Project descriptions, field reports, MoUs with partners | Confirms stated purpose is genuine |
| Geographic reach | Programme documentation, office addresses | Identifies conflict-zone or high-risk area exposure |
| Sanctions and PEP screening | All trustees, directors, executive officers | Identifies politically exposed or designated persons |
| Ongoing monitoring | Transaction pattern review, adverse media alerts | Detects fund diversion during the relationship |
For every NGO customer, all trustees, directors, and executive officers must be individually verified using government-issued identification and screened against both domestic and international sanctions lists and PEP databases. Screening the organization's name alone is insufficient and does not satisfy FATF, CBN, or FIC requirements.
Red Flags for NGO and NPO Accounts
Compliance teams should configure transaction monitoring and case management systems to flag the following patterns across three categories:
Funding red flags that require immediate investigation:
1. Funds received from anonymous or untraceable donor sources with no accompanying documentation.
2. Funds received from jurisdictions on the FATF Blacklist or Grey List inconsistent with the NGO's stated operating area.
3. Large, one-time contributions with no accompanying grant agreement or donor identification.
4. Funds received from other NGOs that are themselves poorly governed or unregistered.
Disbursement red flags:
1. Large cash withdrawals inconsistent with the NGO's stated beneficiary activities or operating environment.
2. Transfers to counterparties in conflict-affected areas without clear beneficiary documentation.
3. Rapid transfer of all received funds within hours of receipt the "rapid in-out" pattern characteristic of fund diversion.
4. Disbursements to individuals or entities that cannot be linked to identified beneficiaries.
Governance red flags:
1. Refusal to provide governing documents or audited financial accounts.
2. Frequent unexplained changes in trustees or account signatories.
3. Any trustee, director, or signatory identified as a PEP or sanctions target on screening.
4. NGO operating in sectors with confirmed exposure to terrorism financing typologies.
Transaction Monitoring for NGO Accounts: What Normal Looks Like
Normal transaction patterns for legitimate NGOs include periodic, predictable income from identified donors such as government grants and foundations, disbursements to named beneficiaries or partner organisations within the NGO's documented area of operation, and administrative expenses proportionate to the organisation's stated size and programme scope.
Transaction monitoring for NGO accounts must be calibrated against what legitimate charitable activity actually looks like not against commercial banking norms. Anomalous patterns that require investigation include:
1. Income significantly above historical levels without any explanation or corresponding documentation.
2. Disbursements to new counterparties not identified in the NGO's activity description or beneficiary list.
3. Cash withdrawals disproportionate to stated beneficiary delivery requirements.
4. Inbound funds from a large number of small donors in a short time window a potential indicator of crowdfunding for terrorism.
5. Rapid consecutive outbound transfers immediately following receipt of large inflows.
Banks should establish expected behaviour profiles for each NGO customer at onboarding, based on programme documentation and historical transaction data where available, and use those profiles as the baseline for ongoing TM.
See how Youverify's transaction monitoring platform supports NGO-specific alert calibration for African banks and fintechs.
Real-World Scenario: How Fund Diversion Goes Undetected
A commercial bank in Abuja onboarded an incorporated NGO with a valid CAC registration and SCUML certificate. The organisation's stated purpose was education programme delivery in three northern states. For 18 months, the account received quarterly grants from an international foundation and disbursed funds to local education partners. Transaction monitoring flagged no alerts.
In month 19, a change in grant reporting prompted the donor foundation to request an audit trail. The audit revealed that 40% of all disbursements had gone to a logistics company with no documented link to educational programming, controlled by a close associate of the NGO's executive director. The education partner payments in the remaining 60% could not be reconciled with actual programme delivery.
The bank had verified registration and screened trustees. It had not reviewed disbursement patterns against programme documentation or screened third-party recipients of disbursements a gap that allowed fund diversion to continue undetected for over a year. Regulators cited the bank's TM programme for inadequate NGO-specific typology coverage.
How Legitimate NGOs Can Facilitate Their Own KYB
Many legitimate NGOs in Africa experience difficulty accessing banking services because banks apply disproportionate restrictions to the sector. FATF explicitly discourages this de-risking approach. Responsible NGOs can reduce their own onboarding friction by taking the following steps:
1. Maintain current SCUML, CAC, DSD, or equivalent registrations and produce them proactively at account opening.
2. Commission annual financial audits even small NGOs benefit from the transparency that audited accounts provide during KYB.
3. Document all major donor relationships with signed grant agreements that identify the funding source and stated purpose.
4. Keep a current board resolution authorising account signatories and update it whenever signatories change.
5. Prepare a written description of activities, geographic areas of operation, and beneficiary types with supporting documentation such as project reports, field photos, and MoUs with local implementing partners.
Conclusion
KYB compliance for NGOs and NPOs in Africa is one of the most nuanced areas of financial crime risk management. The sector serves a critical developmental and humanitarian function across the continent, and regulators do not want banks to exit it entirely through blanket de-risking. What they do want is demonstrably proportionate, risk-based due diligence that identifies genuinely elevated risk without treating every charitable organization as a suspected terrorism financing vehicle.
Banks that build structured, document-driven NGO KYB programs verifying SCUML registration in Nigeria, conducting governance and source-of-funds reviews, and monitoring transactions against legitimate activity profiles will be better placed in supervisory examinations and better partners for the responsible NGOs operating across their markets.
Youverify provides KYB verification solutions for African banks managing NGO and NPO onboarding, including automated SCUML and CAC verification, trustee identity screening, global PEP and sanctions checks, and NGO-calibrated transaction monitoring alert rules.
Learn how Youverify supports compliant NGO onboarding for African banks.
About The Author
Victoria Okere is a compliance technology writer at Youverify with expertise in African KYB frameworks, NGO risk assessment, and non-profit AML compliance across Sub-Saharan Africa. She covers FATF, CBN, FIC, and BCEAO regulatory developments with a focus on proportionate, risk-based compliance for complex entity types.