Indicators of suspicious activity relating to customers who are not for profit organisations

On this page

• Customer identification and behaviour
• Tax and fraud
• Terrorism financing
• Related pages

Customer identification and behaviour

Customer identification indicators

An NPO customer:

• provides identification information that is false, misleading, vague, or cannot be verified
• uses an unusually complex financial network for its operations
• has opaque beneficial ownership, leadership or decision-making structures 
• has sources of income that are unclear and/or confusing

A third party:

• opens an account on behalf of an NPO customer 
• uses an account belonging to an NPO customer 

Customer behaviour indicators 

An NPO customer:

• accepts anonymous donations
• uses cash-intensive businesses in their activities
• allows or has unusually large cash deposits
• uses personal bank accounts to receive donations
• stores funds outside mainstream financial channels 
• uses higher-risk channels to transfer funds
• has an employee or agent who withdraws unusually large amounts of cash
• has transactions to or from politically exposed persons’ personal bank accounts
• transfers funds out of Australia and into known tax haven jurisdictions
• has unreported activities, programs, or partners 
• requests to transfer funds with vague justification 
• structures transactions to avoid mandatory reporting requirements 
• makes payments that are inconsistent with their business programs and/or activities
• is unable to account for the final use of all business resources, and/or has inconsistencies in their accounting 
• operates in jurisdictions where the cultural and political values or customs view bribery and corruption as routine
• hires third parties who do not disclose their true activities or intentions to the reporting entity
• uses key personnel’s personal banking accounts instead of the NPO’s business accounts 
• engages in activity inconsistent with the NPO’s activities 
• has accounts that their bank is intending to close (also known as ‘de-risking’ or ‘de-banking’) 

Tax and fraud

Tax evasion indicators

An NPO customer:

• has fund flows to jurisdictions know as tax havens
• and their key personnel use travel and credit cards excessively
• closes banking accounts only to set them up again in different jurisdictions with no apparent economic rationale 
• has not filed their income tax return for an extended period

Fraud indicators

An NPO customer:

• has suspicious invoicing and billing provided by partners and sub-contractors
• uses multiple business structures with no apparent economic rationale

Cyber-enabled fraud indicators

An NPO customer:

• uses social media and online crowdfunding platforms to solicit donations and raise funds with no reasonable economic rationale 
• purchases unusually large amounts of stored value cards
• accepts payments in digital currency, especially if the transfer is from:
  • an unregistered virtual asset service provider
  • peer-to-peer network
  • cryptocurrency mixer/tumbler services or
  • higher-risk decentralised exchanges

Terrorism financing

Terrorism financing indicators

An NPO customer:

• operates in higher-risk jurisdictions, or jurisdictions with known terrorist activity
• uses a shell organisation as a funding conduit to jurisdictions with known terrorist activity
• attempts to make a funds transfer that is stopped by their bank
• transfers funds to third parties who are noticeably different to or not associated with their declared programs or activities
• procures or attempts to procure dual-use goods. Dual-use goods are goods that have both military utility and non-military or civilian utility
• whose identification checks indicate key personnel or agents are engaged in terrorism financing, or support terrorist activity
• is headquartered in a jurisdiction where terrorist entities are known to have a substantial presence 
• and their key personnel or representatives travel frequently into areas where terrorist entities are known to have a substantial presence
• transfers funds to organisations or persons known to be associated with terrorism financing, terrorist activities or terrorist entities
• is matched through screening against an Australian or international sanctions list

Open source information: 

• identifies a customer has links to known terrorist organisations or terrorism activities
• indicates that a customer displays extremist ideologies (social, political, environmental etc.).

Related pages

• Your Industry
• Suspicious matter reports (SMRs)
• Enhanced customer due diligence (ECDD) program

The Financial Action Task Force has published a typologies report on the risk of terrorist abuse in non-profit organisations, which examines in detail, how and where NPOs are at risk of terrorist abuse. 

The Australian Department of Foreign Affairs and Trade has a Factsheet: Arms or Related Matériel which will assist you in Identifying whether a good is arms or related materiel, and therefore whether it is a dual-used good.