Financial monitoring in banking services for civil society organizations (CSOs): banks’ view

June 13, 2023

It is clear that every civil society organization registered as a legal entity needs access to basic payment services. At a minimum, they need current accounts that allow for payments, donor support, donations and fundraising.

Therefore, one of the first steps for CSOs to take after completing the registration formalities to establish a legal entity is to open current accounts with banks.

However, while using such payment services, each client in one way or another faces the requirements of the legislation in the field of financial monitoring.

For a long time, the financial monitoring system has been working to prevent and counteract legalization (laundering) of proceeds from crime, financing of terrorism and financing of the proliferation of weapons of mass destruction.

After Ukraine had finally defined its European course, the state assumed a number of international obligations to implement and comply with international standards in the sphere of financial monitoring.

This progress faces its own challenges, in particular banking issues. Thus, Ukrainian civil society organizations, despite their role in the development of a democratic state and overcoming the consequences of the war, have faced blocking of bank accounts and (sometimes) misunderstanding on the part of banking institutions.

At the same time, the current requirements in the area of preventing and combating money laundering, financing of terrorism and financing of proliferation of weapons of mass destruction require both adequate awareness and readiness of civil society organizations to respond to such challenges.

In April this year, CEDEM held a series of trainings to improve banking services for civil society organizations and mitigate legislative challenges in the field of combating money laundering and terrorist financing.

On April 24, 2023, online training “Peculiarities of Financial Monitoring in the Banking Services for NGOs and Charitable Organizations” was held, organized by CEDEM with the direct participation and support of the Independent Association of Banks of Ukraine. 

The speakers were representatives of the two largest Ukrainian banks, Oschadbank and PrivatBank. 

Here are the key documents in the field of financial monitoring:

Further, we will apply a number of acronyms and abbreviations, the list of which is given below:

 charitable organization

ML  money laundering

PA  public association

USR  Unified State Register of Legal Entities, Individual Entrepreneurs and Public Organizations

UBO ultimate beneficial owner

NOR-2022  2022 Report on independent risk assessment in the field of prevention and combating money laundering, financing of terrorism and proliferation of weapons of mass destruction

CDD  customer due diligence by banks

NPО  non-profit organization

CSO  civil society organization

Suspicion  a reasonable assumption that a financial transaction or its participants, their activities or the origin of their assets are linked to legalization of ML, FT and/or FPWMD, or to the commission of other criminal offence or act for which international sanctions are stipulated;

Regulation on Financial Monitoring Regulation on the Implementation of Financial Monitoring by Banks, approved by the Resolution of the Board of the National Bank of Ukraine No. 65 dated May 19, 2020 

FPWMD  financing of proliferation of weapons of mass destruction

FT  financing of terrorism

So, the first thing that you should understand when starting cooperation with a bank is as follows: When establishing a business relationship, the bank always uses the “Know Your Customer” approach.

Know Your Customer (KYC)  a set of statutory KYC measures that banks use to document the actual identity of the consumer/customer and their source of income in order to verify their legitimacy. Such information is collected and stored in a customer “profile”, which is updated on a regular basis.

The current legislation understands business relations as relations between the customer and the bank, which arise on the basis of a respective contract – for example, a bank account – and provide for certain duration. One-time transactions are not considered business relations.

So, before concluding a bank account agreement, the bank, following the principle of “know your client”, will take measures to obtain documentary information about the client, the legality of their income and sources and will also assess the potential risks of such cooperation. The information will be kept in the client’s file and will be updated on a regular basis.

In order to understand how the risk level of a client CSO is determined, it should be taken into account that each Ukrainian bank applies its own mechanisms. However, it necessarily takes into account and adheres to the legislation and requirements of the NBU.

Risk assessment of NPOs according to NOR-2022 (according to NBU data)

NGO Type

Risk Assessment













As can be seen from this table, the default risk of NGO and CO use in legalization of ML, FT and FPWMD is medium (and for COs it is also high in the context of FT).

However, this approach of the state to risk assessment does not rule out the obligation of the bank to conduct its own assessment, for which it, in turn, must conduct СDD.

CDD includes:

  • Identification and verification of the customer (their representative) 
  • Establishing the UBO (or lack thereof)
  • Establishing the purpose and nature of the future business relationship or the conduct of a financial transaction, and
  • Continuous monitoring of business relationships and financial transactions
  • Ensuring the relevance of received and valid documents, data and information about the client.

CDD is conducted in the case of:

  • Establishment of a business relationship (opening of an account)
  • Suspicion
  • Making payment transactions (including international ones) without opening an account
  • Financial transactions with virtual assets in the amount equal to or exceeding UAH 30,000
  • Doubts as to reliability or completeness of previously obtained identification data of the client
  • Conducting a one-time financial transaction without establishing business relations with clients, if the amount of the financial transaction is equal to or exceeds UAH 400,000.

So, in any case before the agreement conclusion and actual opening of the account, the bank has to identify its future client, i.e. obtain their documented identification data. 

During identification (verification) of legal entities, banks establish:

  • Full name 
  • Location 
  • Date and number of the record in the USR on state registration
  • Information on the executive body (management bodies) 
  • Identification data of persons authorized to dispose of accounts and/or property 
  • Identification code according to the USR 
  • Details of the bank where the account is opened and the current account number.

The bank shall obtain this information based on the analysis of the client’s statutory, registration and other documents.

If a legal entity representative (its manager or another person under a power of attorney) submits documents for account opening, information about him/her shall also be provided to the bank.

By virtue of the requirements of the legislation, the bank shall also establish the customer’s UBOs or the fact of their absence. At the same time, the bank is not limited to the information from the USR and always requires the ownership structure from the client.

In addition, the purpose and nature of further operations with the bank account must be established.

It should be noted that depending on how risky, in the bank’s opinion, a financial transaction is, CDD is also carried out in case of several financial transactions, which may be related to each other, for a total amount equal to or exceeding the amount of UAH 400,000.

The bank will also perform CDD if it has a reasonable suspicion that a financial transaction may be related to ML, FT, FPWMD.

In order to keep the data and documents obtained in the course of customer identification up-to-date, the bank continuously monitors business relations and financial transactions of all its customers without exceptions.

The bank shall ensure update of data on customer:

  • At least once a year when the risk of the business relationship is high
  • At least once every three years when the risk of the business relationship is medium
  • At least once every five years in other cases where there is no suspicion.

Taking into account the above risk assessment for NPOs specified in NOR-2022, it should be taken into account that for the update of data for COs is carried out at least once a year, and for NGOs – at least once every 3 years.

However, it should be taken into account that such a period may be (and, as a rule, is) shorter, and is established in the bank’s internal documents.

However, the Regulation on Financial Monitoring requires banks to establish additional data.

The Bank emphasizes the following aspects of NPO activity:

  • The main purpose (missions) of the establishment and activities
  • Founders of the organization
  • Assets of the organization
  • Main sources of funds and types of donors/persons transferring funds in its favor
  • Types of main expenses, proportions of items for NPO maintenance in such expenses
  • Beneficiaries – recipients of funds
  • Scale of activities (domestic or international)
  • Methods of searching for donors
  • Available achievements of the organization (implemented projects)
  • Transparency of the mechanisms of funds distribution and channels of funds transfer to the beneficiaries
  • Targeted use of funds
  • Share of cash in the organization’s income/expenditures (its reasonableness)
  • Compliance of the scope of information on the organization’s activities in open sources with the scope of such organization’s activities, etc.

As a rule, the bank receives such information when the client has filled in the questionnaire of the established form.

Bank employees recommend that when filling in the questionnaire clients should provide the most complete, detailed descriptive answers to the questions and avoid short and uninformative answers such as “in accordance with the articles of association”, “in accordance with the constituent documents”, “determined by the decision of the governing bodies”, etc.

Below is an example of poor quality (from the bank’s point of view) of completing the description of NPO activities in the bank’s questionnaire, where it is impossible to find answers to the questions established by the NBU.

  1. What is the main purpose (mission) of the organization?

specified in the articles of association

  1. Describe your vision of the organization’s activity (scope of activity, territory/region of activity, frequency of activities, number of regular participants, ultimate beneficiaries of aid in particular, legal entities/individuals)

scope of activities, territory and target groups defined in the Articles of Association

  1. Methods of searching for donors (sponsors) – charity events, information in open sources: website, Facebook, Instagram, etc.

participation in project proposal competitions

  1. Sponsors of the organization: legal entities/individuals (underline the correct option), specify the names and EDRPOU (Unified State Register of Enterprises and Organizations of Ukraine) number of the main sponsors of legal entities

the organization does not receive any sponsorship

  1. What are the purposes for which the funds are used? (specify for which goods / services / assistance, etc.) the conditions for the use of funds are determined by the budgets of grant agreements with each of the grantors


  1. What is the field/type of activity of companies/individuals from which you will order goods/services of the organization?

the organization orders various goods and services


  1. What is the mechanism of funds distribution and transfer channels to beneficiaries? (how the decision is made/approved as to how much money should be allocated to which project)

in accordance with the approved budgets



  1. Describe the completed/implemented projects/programs (if any):

programs to combat socially dangerous diseases (HIV, tuberculosis, viral hepatitis, drug addiction); social adaptation of persons released from prison



  1. Are there cash receipts/are the cash receipts planned in the organization’s activities, justify their origin

not planned



  1. Are there cash expenditures/are the cash expenditures planned in the organization’s activities, justify their purpose

not planned

An example of a qualitative description of the NPO’s activities in the bank questionnaire is the following.

  1. The main mission of the organization:

Provide charitable assistance in the field of military treatment

  1. Describe your vision for the organization’s activities:

Organizing the treatment of the military in the EU

  1. Methods of searching for sponsors:

Charity events, website, open sources, social media Facebook, Instagram, etc.

  1. Sponsors of the organization:

EU healthcare facilities

  1. The purposes for which the funds are used:

Transportation costs, purchase of medicines

  1. What is the field/type of activity of companies/individuals from which you will order goods/services of the organization?


  1. How is the decision made as to how much money should be allocated to which project?

Decision of the Board

  1. Describe the completed/implemented projects/programs (if any)

New organization no projects implemented yet

  1. Are there cash receipts/are the cash receipts planned in the organization’s activities?

Charitable donations are possible

  1. Are there cash expenditures/are the cash expenditures planned in the organization’s activities? NO

In addition, the banks provide a number of generalized examples, patterns or other risk factors that they believe can be identified when examining the NPO’s activities. 

Such factors serve as absolute grounds to terminate the business relationship or refuse to establish it

Example 1: Reputational risks in providing services to NPO

There is evidence suggesting that the founder of an international charitable organization was involved in wartime collaboration activities and may have been conducting pro-Russian propaganda in Ukraine. 

Further cooperation with such an organization carries high reputational risks for the bank, characterized by available negative information in public sources and indicating support of wartime collaboration and subversive activities against the sovereignty of Ukraine.

Example 2: Reasonable suspicion

There are reasons to believe that banking products were used in risky fraudulent activities for the benefit of the real sector of economy by attracting funds of citizens (donations) with subsequent withdrawalof such funds through accounts of controlled companies/individual entrepreneurs with signs of fictitiousness for the purpose of embezzlement.

Example 3: Use of charitable organizations for the purpose of terrorism financing

The law enforcement authorities found that the charitable organization, which was actually raising funds for charity, was used as a cover for accumulating funds for terrorism financing, and sent some of such funds to terrorists.

To sum up, it should be noted that banks in their work and customer service have a number of obligations established both by the current legislation and their regulator – the NBU. Non-compliance with such requirements carries potential risks of financial sanctions for banks.

We are sure that at least a generalized understanding of the purpose and functioning of the bank’s financial monitoring system will allow avoiding any misunderstandings.

At the same time, their employees recommend following the bank’s messages in customer service systems (e.g. Privat24, Oschad24, etc.), providing the bank with information in a timely manner so that the bank could update the information on the client, and in case of problematic situations, immediately contacting their authorized employees without delay.

The consultation was created as part of the Project Ukraine Civil Society Sectoral Support Activity implemented by the Initiative Center to Support Social Action “Ednannia” in partnership with the Ukrainian Center for Independent Political Research (UCIPR) and Centre for Democracy and Rule of Law (CEDEM) with the sincere support of the American people through United States Agency for International Development.