Outdated browser

You are using an outdated browser. DNB.nl works best with:

01 July 2015 Supervision Supervision label Q&A


How should financial institutions perform customer due diligence (CDD) on foundations with respect to mitigating the risks related to terrorist financing?


Terrorist attacks have led to large-scale unrest in society. As a result, terrorist financing is becoming an even more prominent item on the agendas of supervisory authorities such as DNB. Abuse of financial institutions to finance terrorist organisations or attacks must be prevented, so financial institutions must always be alert to customers and financial flows that could indicate terrorist financing.

Charity foundations are crucial for providing humanitarian help to people in need. There are strong indications that terrorists and terrorist organisations are abusing these organisations to finance their activities. Gaining an understanding of the risks and adequately monitoring the financial flows of such organisations is not only essential, but should be a regular component of an institution's sound and ethical operational management.

Pursuant to Sections 3(1) and 3(2) of the Anti-Money Laundering and Anti-Terrorist Financing Act (Wet ter voorkoming van witwassen en financieren van terrorisme – Wwft), financial institutions must carry out customer due diligence and identify the customer and the ultimate beneficial owners (UBOs). In the case of foundations, identification and verification are relevant (1) if the customer is a foundation, (2) if the customer's ultimate beneficial owner is a foundation, or (3) if a representative acts on a foudation's behalf (and the foundation is the customer). As a minimum, institutions should use the following information to perform CDD on foundations. Regularly updating this information will enable institutions to establish the integrity risks related to foundations:

  • Name of the foundation.
  • Date of establishment and country of registration (also for foreign foundations or a legal entity comparable to a foundation).
  • Official identity code (e.g. Chamber of Commerce registration number).
  • Registered business address.
  • Postal address (if different).
  • Head office (if different).
  • Control structure and information on the UBOs (in practice this will most often be the board members, but it could also be senior staff or representatives. For example, a treasurer with control over the foundation's financial flows. The foundation's articles of association are a key instrument in charting such information).
  • Documentary evidence establishing and verifying the identity of the foundation's board members who are authorised to represent the foundation or to transfer funds or assets of the foundation (control).
  • Type of foundation – charitable or other. Nature of the foundation's activities.
  • Foundation's geographical area of operation.

Depending on the foundation's risk profile, it may be necessary to request additional information, e.g. about influential staff. This will allow the institution to carry out a risk assessment of foundations and to take further mitigation measures in case of heightened risk. Such measures may include adjusting the frequency of monitoring and updating the CDD information, but may also pertain to the intensity of transaction monitoring. It is the institution's responsibility to take measures that match its customers' risk profiles.

An integrity risk analysis based on the risk profiles of the foundations in the institution's customer base must be part of the institution's systematic integrity risk analysis (SIRA).

More information

International organisations such as the Basel Committee on Banking Supervision (BCBS) and the Financial Action Task Force (FATF) have issued guidelines on customer due diligence procedures, including for foundations, and on adequately assessing risks. In February 2016 for example, the BCBS published guidelines on the Sound management of risks related to money laundering and financing of terrorism. The FATF published a best practices document about dealing with non-profit organisations (NPOs) including foundations, with a description of the types of NPOs that are likely to be abused for terrorist financing purposes.

Click here to consult the best practices document.

Gerelateerde wet- en regelgeving


  • Banks
  • Electronic money institutions
  • Insurers
  • Payment institutions
  • Trust offices