Grantmaking in an Age of Terrorism: Compliance Strategies

Since the November 7, 2002 publication by the United States Department of the Treasury of its “Anti-Terrorist Financing Guidelines: Voluntary Best Practices for U.S.-based Charities,”¹ grantmakers have grappled with the problem of how to comply with their legal obligations under Executive Order 13224, the USA Patriot Act, and other laws and regulations that prohibit financial transactions with terrorists and their supporters.² The Treasury Guidelines map out one route to compliance, but both grantmakers and operating charities have criticized them for failing to take into account existing IRS rules that require grantmakers to exercise responsible oversight of their international grants, the extensive experience of U.S. charities in making grants and conducting operations overseas, and for being unworkable in several respects. Extensive comments filed by the Council on Foundations,³ by Independent Sector with InterAction,⁴ by the Exempt Organizations Committee of the American Bar Association Tax Section, ⁵ and by Grantmakers Without Borders⁶ discussed the shortcomings of the voluntary guidelines and proposed alternatives for the government’s consideration. But, with little additional guidance emerging from the Treasury Department, grantmakers are left to their best judgment in devising compliance plans.

The Terrorism Lists

Executive Order 13224, issued shortly after September 11, blocks the assets of persons⁷designated in an annex to the order as foreign terrorists and prohibits U.S. persons from engaging in transactions with them, or for their benefit. The ban explicitly includes charitable contributions of funds, goods, or services. The Executive Order also bars transactions with additional persons identified by either the Secretary of State or the Secretary of the Treasury, and, most sweepingly, with persons who are “otherwise associated” with listed persons. This comprehensive ban, and particularly its extension to encompass persons not themselves listed by the Executive Order, the Secretary of State or the Secretary of the Treasury, has been the source of considerable confusion and uncertainty about which governmental lists need to be checked by grantmakers seeking to comply with the ban.

Several U.S. government agencies have created lists of known or suspected terrorists, as has the United Nations and the European Union. The Treasury Department’s Office of Foreign Assets Control maintains the Specially Designated Nationals (SDN) list. ⁸ The SDN list is the most comprehensive of the U.S. lists. On December 31, 2003, this list included 345 individuals and entities identified as “Specially Designated Global Terrorists” (SDGTs); fourteen organizations and 27 individuals named as “Specially Designated Terrorists” (SDTs); and 36 organizations identified as “Foreign Terrorist Organizations” (FTOs). There is considerable overlap in these classifications: twelve of the SDTs are also FTOs and all 36 FTOs have been designated as SDGTs. Reportedly, there is also considerable overlap between the SDN list and those maintained by the United Nations and the European Union. As of March 1, 2004, the SDN list included four U.S. public charities: The Holy Land Foundation for Relief and Development, Richardson, TX [SDT/SDGT], the Benevolence International Foundation, Oak Lawn, IL [SDGT], the Global Relief Foundation, Bridgeview, IL [SDGT] and the Al Haramain Islamic Foundation, Ashland, OR [assets blocked pending investigation].⁹

The SDN list can be downloaded in several formats. Some grantmakers have found ways to integrate list checking directly into their grants management software. Others have turned to external providers. The USIG website lists several such vendors and provides a brief explanation of their capabilities.¹⁰

In addition to the concerns raised by Executive Order 13224, the USA Patriot Act expanded the scope of existing criminal prohibitions on providing support to terrorist organizations and increased the penalties for noncompliance. However, the specter of a possible Patriot Act prosecution is considerably more remote than asset blocking under the Executive Order, as the relevant provisions require a defendant to have acted willfully¹¹or at least knowing or intending that they are to be used in terrorist acts or by designated foreign terrorist organizations.¹²

What should a concerned grantmaker do? The author recommends four steps: first, assess the risk that your grants will wind up in the hands of terrorists; second, based on the outcome of that risk assessment, decide whether you need an anti-terrorism compliance program; third, if you decide a compliance program is needed, devise and implement a program that is appropriate to your grantmaking; fourth, document the steps you have taken. One thing not to do – don’t let fear of these new rules discourage you from international grantmaking.

Assessing Risk

The elements of a good risk assessment will vary from grantmaker to grantmaker depending on a variety of factors, including the grantmaker’s size and staffing, the number, size, and type of grants it makes, the identity and location of its grantees, the extent of its normal due diligence and the adequacy of its existing internal controls. The Council on Foundations comments on the Treasury Guidelines focus on how well a grantmaker knows its grantees. The more a grantmaker knows about its grantees and their activities, the less likely it is that a grantee will be misusing funds for any purpose, including support for terrorism. With no suggestion that the list was exclusive, the comment identified 11 factors that take into account the grantmaker’s knowledge of the grantee and its track record, whether the grantee is known to other reliable sources (or accredited by a governmental agency or a third-party), the type of grant, and the part of the world in which the grantee operates. The comments filed by the American Bar Association Tax Section¹³ also discuss risk analysis and risk assessment in substantial detail and offer a very helpful matrix table that illustrates a continuum of risk factors.

Practicality and reasonableness should play a role in risk assessment. While a number of small grants could be combined to fund inappropriate activity, the risk that a single small

grant might be diverted seems less than if significant amounts of funds are involved. Each diversion carries with it a chance of discovery by the grantmaker or law enforcement, and a terrorist would want to minimize the risk of discovery. The author believes that it is reasonable to take the size of the grant into account in determining the depth and extent of the compliance steps taken in connection with that grant.

Risk assessment is a useful tool to help an organization decide whether it needs a compliance program and what kind of program it needs. However, it is only a tool. A risky situation does not equate with a risky grant and risk assessment should not be a basis for denying funding or avoiding difficult situations. A previously unknown grantee, with no official status with its government, operating in a conflict area, may be precisely the grantee to undertake a particular program of work. Careful preliminary investigation, prior to the transfer of any funds, may provide the information a funder needs to make a judgment that its grant funds will be employed as intended and not diverted to any improper purpose.

Establishing a Compliance Program

Once a grantmaker has completed its risk assessment, the next step is to decide whether to establish an anti-terrorism compliance program. Ultimately, each grantmaker will have to decide for itself whether it needs a compliance program and how complex and expensive that compliance program needs to be. The balance of this article discusses considerations that grantors may want to bear in mind as they make these decisions.

In making compliance decisions, grantmakers should bear in mind one critical difference between the anti-terrorism laws and the more familiar tax laws that govern their day-today operations. Compliance with the tax laws, particularly for private foundations, often requires detailed attention to a prescribed process. A process failure – for example, failing to list an expenditure responsibility grant on Form 990-PF – leads to the imposition of penalties under the tax code even if the failure caused no harm to the public or the foundation. While process also is important to anti-terrorism compliance, the focus is on results. A grantmaker that does not institute a compliance program designed to prevent funds from being diverted will not be penalized as long as its funds are not, in fact, diverted. Conversely, a grantmaker that does have the misfortune to make a grant that winds up in the hands of terrorists will be at risk of asset-blocking or prosecution, but will have more credibility with law enforcement authorities if the grantmaker had instituted and followed an adequate compliance program.

Some funders will reasonably conclude that the nature and extent of their grantmaking and their existing due diligence are such that they do not need to establish a special compliance program to address anti-terrorism concerns. These funders should carefully document that decision. Documentation should include all of the factors that the funder considered and the reasons why, after weighing those factors, it decided not to institute a compliance program. Funders should revisit this decision whenever they make significant changes to their grantmaking programs.

Funders that do decide to institute or augment a compliance program should be equally careful in their documentation. Record the factors that the grantmaker considered, and the reasons why the funder selected the compliance measures it did. These grantmakers also should revisit their compliance decisions when making significant changes to their grantmaking programs.

Grantmakers that make grants only in the United States

Although discussions about the Treasury Guidelines and how to comply with the Patriot Act and Executive Order 13224 have focused on international grantmakers, the prohibition on funding terrorism applies to all U.S. grantmakers and includes domestic grants as well as those made overseas. Despite this, many domestic grantmakers may decide, quite reasonably, that they do not need an anti-terrorism compliance program. Funders that make grants entirely within the United States, to grantees that they know well and monitor regularly, may conclude that their normal due diligence procedures already provide adequate information from which they can conclude that the grantees are not themselves terrorists or likely to be supporting those who are. However, even these grantmakers should bear in mind the deficiencies of the official IRS list of approved charitable organizations – Publication 78 – and check new or unfamiliar grantees against the GuideStar database, www.guidestar.org. GuideStar immediately posts information about blocking orders applied to U.S. public charities, information that takes far longer to appear in Publication 78.

There are at least three types of U.S. grantmaking that merit further attention. Some funders make large numbers of relatively small grants that are donor-advised or part of a matching gift program. Many of these funders rely on the donor or employee to be knowledgeable about the charity to which the grant is directed and themselves do little due diligence beyond verifying the proposed grantee’s status as a public charity. Funders that follow this practice should weigh the desirability of additional compliance steps. List checking, in particular, may be a necessary part of this plan, especially if the grant process is largely automated.

The second issue that has arisen is what due diligence is required of funders that make grants to U.S. public charities with the expectation that the grantee will regrant the funds to other U.S. charitable entities. For example, a private foundation may make a grant to a community foundation to support local economic development. The community foundation, in turn, uses the gift to make grants and program-related investments that help carry out the development program. The community foundation knows its grantees and the recipients of its loans and loan guarantees and is confident that none have links to terrorism. Must the community foundation check the terrorist lists before each transaction? Should the original foundation require it to do so?

This is the type of situation where the lack of government guidance is extremely frustrating. The open-ended nature of the Executive Order’s prohibitions and the information requirements of the Treasury Guidelines both suggest that the government will hold a grantmaker responsible for its grant dollar until it has been expended by the ultimate grantee. Practicality and common sense, however, dictate the need for a reasonable stopping point, particularly in situations where the likelihood of diversion is remote. Assuming the original grantmaker has done a due diligence check on its grantee sufficient to enable it to reach the conclusion that the grantee lacks ties to terrorists, and that the grantmaker is not deliberately blinding itself to evidence to the contrary, the author believes that it is reasonable to assume that the original grantmaker has fulfilled its responsibilities. However, grantmakers will have to weigh the lack of any governmental guidance on this point in determining whether a compliance program is nonetheless warranted.

The final U.S. special case is grants to U.S. public charities with the expectation that the funds will be regranted to foreign governments or nongovernmental organizations. The author believes that these funders should weigh the risk that a grant may be diverted to terrorism and should, in riskier situations, seek assurances from the U.S. grantee that it has implemented a reasonable anti-terrorism compliance plan.

International Grantmaking

Notwithstanding the fact that domestic grantmaking can violate the funding prohibitions, the government’s primary concern has been with grants to foreign organizations. The section of the Treasury Guidelines that addresses grantmaking focuses solely on the distribution of funds to foreign recipient organizations. Internal Revenue Service Announcement 2003-29¹⁴ asked for public comment on the need to implement and augment existing rules governing international grantmaking. Given the weight of government concern, grantmakers that are making grants in countries other than the United States should consider the need to implement additional controls to prevent grants from being diverted for improper purposes.

Grantmakers considering compliance programs should bear in mind that the tax laws and regulations already require funders, both public and private, to undertake extensive due diligence when making grants to foreign nongovernmental organizations. Pre-grant inquiries, written grant agreements, segregation of grant funds, and periodic reporting by the grantee – all elements of the private foundation expenditure responsibility rules – provide safeguards against misdirection of grant funds. While these requirements do not apply explicitly to other grantmakers, many use the expenditure responsibility rules as a guide in order to create and retain the documentation necessary to establish that grant dollars given to organizations not recognized as charities were used for charitable purposes.

Depending on the outcome of their risk assessments, grantmakers may need to add list checking to their existing control programs. Even so, reasonable due diligence checks are far more likely to detect and prevent any diversion of funds, whether for terrorism or simply for personal gain. The Council on Foundations comment suggested the following as one approach to due diligence:

Review the organizational documents and financial statements of the FRO [foreign recipient organization], if available.
Obtain information about the FRO’s involvement with prior charitable programs, including references from reliable sources (including advisory boards and other nongovernmental organizations).
Identify the person who will administer the grant and obtain information on his/her qualifications (or the CEO of the FRO, in the case of a general support grant).
Obtain information about the FRO’s internal controls and accounting procedures for grant funds, including oversight mechanisms for charitable projects.
Enter into a written grant agreement with the FRO restricting the use of grant funds for charitable purposes.
Require periodic narrative and financial reports on the FRO’s use of grant funds.
In the case of multi-year grants, disburse grant funds on a periodic basis, requiring a report on the use of funds already granted before making the next disbursement.
Where practicable, identify a reliable in-country party that could assist with grant administration and on-site monitoring, if necessary.
Conduct a site visit (by the grantmaker or a person acting at the grantmaker’s request) when reasonably justified by the circumstances of the grant, the size of the disbursement, and the cost of a visit.

These are suggestions, not an exclusive list. Grantmakers have a variety of effective methods for obtaining information and verifying that grant funds are used for their intended purpose. The informal systems that characterize some smaller grantmakers may be as effective as, or more effective than, a more formal program to gather information. But all international funders should review their procedures, consider the possibility that their grants could be diverted, and decide whether additional safeguards are needed either in general or in the case of particular grants.

Funders that either are new to international grantmaking or that make international grants only infrequently should weigh the desirability of collaborating with U.S. public charities that specialize in international grants and that have retooled their due diligence procedures to include an anti-terrorism compliance program. Another option is to partner with another funder that is familiar with the target country or region and is knowledgeable about the nongovernmental organizations that conduct activities there.

Funders that make grants to foreign organizations with the expectation that the funds will be regranted to others face the same issue as funders of domestic regranters. Does the need for due diligence stop at the level of the grantee or must the funder conduct additional checks of the secondary grantees or insist that the original grantee do so? The author believes that these funders should assess the intermediary’s existing due diligence procedures, its knowledge of its grantees, its understanding of U.S. requirements and legal limitations, and make a determination whether additional steps are required. Funders should keep in mind that some nongovernmental organizations listed by the United States government as supporters of terrorism continue to function lawfully in other parts of the world because they provide some services that are humanitarian in character. Grant agreements should expressly prohibit regranting to any such organizations.

The Treasury Department’s 2002 publication of what it termed voluntary best practices for U.S. based charities¹⁵ focused the attention of grantmakers on the requirements of Executive Order 13224. Since that time, many funders have reviewed, and, in some cases, augmented their grantmaking procedures to take the Executive Order into account. Funders that are new to this issue should not be intimidated. Rather, they should assess the risk that their grant dollars might be diverted to the support of terrorism, assess whether they need to make cha nges to their existing due diligence steps, and document their decisions. Above all, funders should not let fear of the new rules discourage them from international grantmaking.

¹http://www.treas.gov/press/releases /docs/tocc.pdf

² The principal authority for Executive Order 13224 was the International Emergency Economic Powers Act. The subsequently-enacted USA Patriot Act expanded the scope of existing prohibitions on providing support to terrorist organizations and increased the penalties for noncompliance. The Handbook on Counter-Terrorism Measures: What U.S. Nonprofits and Grantmakers Need to Know describes the legal underpinnings of the Executive Order and analyzes the most critical counter-terrorism measures in effect as of March 15, 2004.

³ Council on Foundations, Comments on U.S. Department of the Treasury Anti-Terrorist Financing Guidelines: Voluntary Best Practices for U.S.-Based Charities (June 20, 2003), available at /files/Documents/Legal/Treasury_Comments_06.03.pdf. See also, Council on Foundations, Comments in Response to Announcement 2002-29 (August 5, 2003), available at /files/Documents/Legal/COF%20Comments/ZIRSCommentsLetter8.05.03.pdf.

⁴ Public Comment on “International Grantmaking and International Activities by Domestic 501(c) (3) Organizations” Submitted Jointly by Interaction and Independent Sector, July 18, 2003, available at http://www.independentsector.org/programs/gr/intlactivities.html.

⁵ American Bar Association, Comments in Response to Internal Revenue Service Announcement 2003-29, 2003-20 I.R.B. 928 Regarding International Grant-making and International Activities by Domestic 501(c)(3) organizations(July 14, 2003) available at http://www.abanet.org/tax/pubpolicy/2003/030714exo.pdf.

⁶http://www.internationaldonors.org/pdf/treasury.pdf

⁷ A “person” can be an individual, a business, a nongovernmental organization or a government.

⁸http://www.treas.gov/offices/eotffc/ofac/sdn/index.html.

⁹ The Internal Revenue Service has suspended the tax-exempt status of the first three of these organizations.

¹⁰http://www.usig.org/TechnologyandCompliance.asp.

¹¹ Terrorist Bombings Convention Implementation Act of 2002 § 202(a), 18 U.S.C. § 2339C.

¹² 18 U.S.C. §§ 2339A(a) and 2339B(a)(1).

¹³ Supra, note 3.

¹⁴ 2003-20 I.R.B. 928.

¹⁵ See footnote 1.