The hard work that goes into fundraising and executing on core missions can take up most of a nonprofit organization’s time and efforts. In some cases, oversight of third parties — including the vetting of donors can unfortunately go overlooked. This is problematic because, just like for-profit companies, nonprofit organizations face a multitude of reputational, regulatory, and operational risks that stem from their relationships with their third parties and donors.
Unbeknownst to nonprofit organizations, certain donors may have undesirable affiliations to politically exposed persons or questionable sources of income. These particular risks can be heightened when a donor resides or operates in a remote or unfamiliar geography.
As such, it is essential for nonprofit organizations to establish and implement a risk-based approach to donor due diligence. Based on our experience, we suggest four best practices when nonprofit organizations are developing due diligence and compliance programs for accepting donations:
1. Set the tone from the top
According to Kroll’s recent survey of 267 ethics, compliance, and anti-corruption executives, respondents who reported high levels of engagement by leadership were more likely to express confidence in their ability to detect misconduct in relationships that involve third parties. It is important for leadership at nonprofit organizations to support and publicly communicate the organization's commitment to a culture of transparency, especially in regards to donor contributions.
2. Take a risk-based approach
Completing due diligence on donors can be daunting. How do you prioritize resources? An effective risk assessment program is the backbone of a strong compliance organization and involves recognizing potential risk factors at the early stages of evaluating new donors. The goal is to be able to provide a unique risk profile/score based on the risk assessment for each donor and have policies and procedures in place to act on that information.
Questions to consider when establishing a meaningful risk assessment program for donors include:
Who are they? Identify and verify the identity of donors.
How much are they donating? Rate donors’ impact on your organization.
Why are they donating or engaging with you? Ascertain the nature and purpose of the relationship.
What ties do they maintain with others? Look beyond your point of contact and consider business, political, and other relationships that prospective donors maintain.
To properly build and implement effective risk-scoring programs, it can be helpful to align with a specialized vendor, such as Kroll, who can advise on the development of a compliance program and best practices for assessing donor-related risks.
3. Develop a governance program that incorporates clear and actionable policies and procedures
A governance program should be structured to ensure best practices for vetting and engaging with donors. A strong governance program would also seek to lay the foundation for consistent due diligence, screening, and approval processes prior to accepting donations or otherwise engaging with a donor.
The goal is to establish guidance on the specific circumstances in which your nonprofit organization will engage with donors. For example, you may consider outlining parameters for how donations can be received, as well as guiding principles and controls around the purposes of those contributions. Likewise, you may want to predetermine levels of giving, either as a single donation or in the aggregate, that would trigger more extensive due diligence.
4. Establish a process for continued monitoring
Assessing risk at the beginning of a relationship allows you to make informed choices about whether or not to engage with a donor, or how best to engage according to your organization's policies and procedures. However, initial risk-based screening and the subsequent decisions you make should not be mistaken for the need to undertake an ongoing and routine review of your donors. The parameters described above are subject to change and, for that reason, you should aim keep a pulse on the risk profile of your donors.
Solutions like the Kroll Compliance Portal can help maintain an ongoing screen of donors and alert you when a donor’s risk profile changes, allowing you to reassess the relationship. This kind of maintenance due diligence or risk monitoring can be automated so as to help your nonprofit organization save time and resources.
Donation compliance and due diligence programs are an investment in supporting not only your core mission, but also your organization’s ongoing ability to carry out that mission. Ultimately, a strong risk-based due diligence program can help ensure your nonprofit organization “knows its donors” and feels comfortable having a relationship with them.