In this three-part series, TechSoup's General Counsel provides an overview of "due diligence" in the grantmaking context. Part II is intended to serve as a resource guide for grantmakers seeking guidance on starting and maintaining a basic due diligence program.
Part II: A Due Diligence Toolkit for Grantmakers
In Part I of this series – What is Due Diligence? – we summarized the purpose and function of due diligence exercises undertaken by grantmaking entities. We noted that, in the charitable sector, due diligence is primarily used to address one of four risks: (i) legal risks, (ii) mission alignment (or lack thereof), (iii) financial security, and (iv) reputational risk. In this Part II, we'll provide sample resources to address each of these risks. This list is far from exhaustive. We encourage readers to think of it as a starting point for a more tailored and robust due diligence program that takes into consideration each grantmaker's unique grant portfolio and risk tolerance.
A good due diligence program that is specific to an individual grantmaker combines standardized processes with flexibility. For example, a basic checklist may be employed for all grantees; however, additional measures may be required for certain grantees based on a variety of factors, including past experience with the grantee, the grantee's geography, existing safeguards (such as local grantmaker staff or partners on-site), and the current political climate in both the grantmaker's country and the grantee's. A due diligence program should be nimble, allowing the grantmaker to balance competing priorities of risk and impact. For this reason, a grantmaker must have a good understanding of its own risk tolerance before it can construct an effective due diligence program with respect to its grantees. An excellent place to start is the creation of a risk profile, meaning a statement of a grantmaker’s understanding of, and tolerance for, specific situations of risk. One of the foremost experts on formulating and addressing risk, including through the creation of risk profile statements, is the Open Road Alliance (cited below for additional resources on risk management).
Once a grantmaker has an understanding of its own risk tolerance, it can better plan to manage the risks identified in its risk profile through due diligence, contingency planning, and continuous, adaptable learning. This article focuses solely on the due diligence aspect of risk management, and primarily on the upfront due diligence that is conducted before a particular grant is executed. A due diligence program may be conducted partially or wholly by the grantmaking organization or outsourced to a third-party professional. Because due diligence requires that informed decisions be made by the grantmaker itself, the task may never be outsourced entirely; some portion of the judgments necessarily rest with the grantmaker.
In-house vs. Outsourced Due Diligence
There are several advantages to using third parties to conduct aspects of one's due diligence program. For example, third-party evaluators are more likely to approach potential grantees with objectivity, thereby creating more neutral assessments of the grantees. Third parties are also more likely to have specialized expertise and streamlined tools like watchlist screening applications. In some cases, a third-party evaluator may even be willing to shoulder a portion of the liability should something go wrong, though this is uncommon. In most cases, the greatest benefit of outsourcing some aspects of due diligence is the ability to delegate the task to a party with specialized expertise. Most grantmakers do not have the necessary resources or in-house expertise to conduct every kind of applicable due diligence.
The resources provided below include both freely available tools as well as tools offered by third-party providers. Many audit and accounting firms, as well as law firms, will conduct the due diligence exercises referenced below on behalf of a grantmaker. Because there are numerous options available in terms of a commercial audit or legal services, we have not listed any by name here. It is also important to note that, while such services may be both valuable and convenient, they are typically the costliest of options for due diligence exercises.
(i) Legal compliance
As described in Part I, U.S. grantmakers are legally required to undertake a number of steps before transferring funds to a grantee. These steps are principally driven by national and international laws, a few key examples of which we've highlighted below.
U.S. tax law
When granting to U.S. grantees, a private foundation or donor-advised fund (DAF) will typically begin by ensuring that the grantee is a 501(c)(3) public charity. The following free online sites allow you to do so:
- IRS Tax Exempt Organization Search (formerly known as "Select Check")
- Charity Navigator
For U.S. grantees that are not charities, private foundations and DAFs are required to exercise expenditure responsibility. For guidance on whether, when, and how to appropriately exercise expenditure responsibility, the following sites are a good place to start:
- Grants by Private Foundations: Expenditure Responsibility (IRS)
- Learn Foundation Law: Expenditure Responsibility Rules for Private Foundations
- Expenditure Responsibility: Step by Step (Council on Foundations)
- Expenditure Responsibility: Grantee Resources (Gordon and Betty Moore Foundation)
For eligible non-U.S. grantees, private foundations and DAFs may choose to forego expenditure responsibility by obtaining an equivalency determination. An equivalency determination is a written opinion by a "qualified tax practitioner" (essentially an attorney or CPA licensed to practice in the U.S.) confirming that a non-U.S. entity is the equivalent of a U.S. public charity. Equivalency determinations may be conducted in-house or be outsourced. The foremost external provider and repository of equivalency determinations is NGOsource. NGOsource was developed as a project of TechSoup and the Council on Foundations; it is currently operated as a permanent program of TechSoup, a 501(c)(3) public charity. Its repository model allows multiple grantmakers to obtain an equivalency determination for the same non-U.S. grantee once it is certified as equivalent to a U.S. public charity. This means that a non-U.S. grantee needs to complete the due diligence requirements only once, rather than having to undergo the process multiple times for multiple grantmakers.
Finally, with respect to non-U.S. grantees, we strongly advise grantmakers to review the legal landscape within the grantee's home country. Local legal constraints may impact grantmaking in various ways, from a grantee's ability to receive the funds to the grantmaker's ability to maintain a presence in that region. For local laws impacting your grantees, the International Center for Not-for-Profit Law (ICNL) maintains a robust and up-to-date description of the laws impacting civil society around the globe. ICNL's Civic Freedom Monitor focuses in particular on freedoms of association, expression, and peaceful assembly in fifty-four countries, including an overview of key legal issues relating to civic freedoms and legal barriers to civil society activity. Understanding these baseline laws can also help grantmakers ensure that their grants will not unknowingly create additional reporting obligations for their grantees or endanger their grantees in countries where foreign funding is considered suspicious.
Counterterrorism laws and regulations
As described in Part I, counterterrorism laws are one of the more difficult aspects of a due diligence program for several reasons. First, these laws have continued to grow in number and scope since the 9/11 terror attacks, making them increasingly arduous to follow without the aid of expert advisors. Second, no matter how many steps a grantmaker takes to avoid potentially funding terrorist individuals and activities, there is never a guarantee that funds will not be diverted, despite one's best efforts. In other words, unlike equivalency determinations or expenditure responsibility, following a legally mandated process cannot provide complete protection against regulatory penalties. Most of these regulations impose strict liability, meaning that, regardless the intent or degree of effort to mitigate harm, a violation of the regulation will still result in penalties. However, it is important to note that the Office of Foreign Assets Control (OFAC) will consider reducing penalties if there is evidence that the grantmaker is adhering to a strong sanctions compliance program.
All of these elements have unfortunately created grave constraints on grantmakers funding in conflict zones and other places where sanctions are currently in place.
There are essential steps a grantmaker can and should take to protect its funds from potential diversion to terrorist actors. These include screening the names of the organization, its board members, and key executives against terrorist watchlists maintained by the U.S. Treasury, via OFAC. Grantmakers may also choose to screen against other international lists maintained by bodies such as the United Nations and the European Union.
For an understanding of current U.S. sanctions and counterterrorism laws, the best places to start are the U.S. Treasury and OFAC websites, and in particular the following pages:
- U.S. Treasury Resource Center: Protecting Charitable Organizations
- OFAC Sanctions Programs and Country Information
- OFAC's Frequently Asked Questions
For building your own sanctions compliance program, good overviews and examples may be found via the following:
- Handbook on Counter-Terrorism Measures: What U.S. Nonprofits and Grantmakers Need to Know (Council on Foundations)
- Our Response to Anti-Terrorism Financing Guidelines (MacArthur Foundation)
- Cross-Border Philanthropy and Counterterrorism Regulations: Guidance for U.S. Grantmakers (PEAK Grantmaking)
A grantmaker may also manually screen individuals and entities to determine if they are currently listed on any terrorist watchlists on OFAC's Sanctions List Search Tool. For grantmakers with large numbers of grantees, it may be worthwhile to subscribe to sanctions databases offered by companies like Thomson Reuters and LexisNexis.
ABC and AML compliance and related sanctions
Anti-Bribery and Corruption (ABC) and Anti-Money Laundering (AML) regulations exist to help prevent diversion of funds for criminal purposes, including terrorism. Similar to counterterrorism legislation, ABC and AML laws are enforced at both national and international levels (as well as at the local level, such as through state regulators in the U.S.). A few useful primers on building ABC and AML compliance may be found below:
- Financial Action Task Force (FATF): Best Practices: Combating the Abuse of Non-Profit Organisations (Recommendation 8)
- Financial Industry Regulatory Authority (FINRA): FINRA Anti-Money Laundering (AML) Overview
- Steptoe: Anti-Corruption Compliance for Charitable Donations—The Basics
Similar to counterterrorism due diligence, one way to reduce the risk of ABC or AML violations is to screen grantees for past violations, through OFAC lists or subscription-based services. Grantmakers may also consider asking grantees whether they have existing policies in place aimed at preventing corruption, bribery, and money laundering.
(ii) Mission alignment
Determining whether a grantee's mission aligns with a grantmaker's is one of the easier aspects of grantee due diligence and the one in which grantmakers often have the most internal expertise. This due diligence process is also the least uniform of those described here, given the wide variance in mission types as well as priorities around choosing whom and where to fund. In addition, some grantmakers may prefer to award grants to organizations with a particular kind of track record, such as minority-led organizations, or those with commitments to transparency or diversity. An excellent primer on philanthropic giving, with a whole chapter dedicated to "Due Diligence: Vetting and Evaluating Organizations," is the Stanford PACS Guide to Effective Philanthropy. As Chapter 8 of the Stanford PACS guide points out, good places to begin this kind of due diligence are the grantees' own annual reports, Google searches, and, for U.S. grantees, annual IRS information returns (Forms 990), available via Guidestar.org.
(iii) Financial security
In Part I we discussed when financial security is of most interest to grantmakers, including: (1) when grantmakers want to ensure their money is being used in the most effective and impactful ways, and (2) when grantmakers want to ensure that their funds are not being diverted for inappropriate purposes, whether that be for criminal purposes or for purposes inconsistent with their charitable status. Because these concerns line up directly with concerns around mission alignment and asset diversion, the same resources provided in the sections above are useful mechanisms to vet a grantee for financial security. In particular, reviewing a U.S. grantee's Form 990 annual IRS return can provide a picture of an organization's asset to debt ratio and long-term sustainability. Charity Navigator also rates organizations based on "financial health," which includes measurements related to both financial efficiency and financial capacity. A full breakdown of its methodology around evaluating financial health may be found here.
Another key resource in a grantmaker's financial review process is the Open Road Alliance, mentioned above. This organization helps grantmakers budget for contingencies, works with grantees to evaluate risk, and develops plans to mitigate those risks.
(iv) Reputational risk
As noted in Part I, the kind of due diligence a grantmaker might undertake to mitigate reputational risk include adverse media searches, conversations with other actors in the field, and reviews of the grantee's own safeguards to prevent fraud or abuse. Many watchlist screening services, like Thomson Reuters and LexisNexis, also offer databases of adverse media alerts. However, grantmakers should be cautious of relying on results that may be easily swayed by local politics or other factors beyond the control or fault of the grantee.
Issues around the politics of grantee vetting, bank de-risking, and the role that due diligence plays within the sector – as both a facilitator and a blocker – will be the subject of the third and final installment of this series.