It is common for ministries to focus on impacting communities outside our U.S. borders. Often, in order to accomplish this, funds need to be moved across our borders to fund these ministry activities.
One area ministries need to be aware of when funding ministry internationally is compliance with U.S trade regulations. It seems strange to think that U.S. ministries have to worry about regulations from a counterterrorism agency. Yet, the Office of Foreign Assets Control (OFAC), which is under the Office of Terrorism and Financial Intelligence in the Department of the Treasury, enforces sanctions on trade between U.S. organizations and foreign nationals and entities that could be viewed as unstable. All U.S. individuals and companies must comply with OFAC regulations. Non-compliance can result in penalties and fines as well as personal imprisonment.
So what does it take to comply with these regulations? Here are five steps to ensure your ministry follows these rules when sending funds internationally:
- Know the rules and regulations established by OFAC. You can learn about OFAC and its regulations from its website.
- Understand the risks identified by OFAC for charitable organizations in delivering aid and accomplishing ministry objectives internationally. A risk matrix has been developed by OFAC which describes higher risk factors that ministry organizations need to be aware of.
- Check individuals and entities that you are working with and sending funds to against OFAC’s Specially Designated Nationals and Blocked Persons (SDN) list to ensure they are not prohibited from engagement.
- Refer to OFAC’s Country Sanctions which are red-flagged for having terrorism and drug trafficking ties. Know that it is okay to fund ministry activities in these countries when you receive an approved license to do so.
- Develop policies and procedures to comply with OFAC rules and regulations. Since the SDN list and Country Sanctions are being updated constantly, continual checking is required.
As co-laborers for Christ, we should do everything in our power to protect our brothers and sisters serving internationally. Many of them put their lives at risk daily while spreading the gospel.
Recently, the Internal Revenue Service (IRS) solicited the help of the Evangelical Council for Financial Accountability (ECFA) to gather comments to determine if reporting international activity on Form 990 is a concern for organizations. In response, ECFA will issue a letter to the IRS with signatures from organizations who are opposed to the reporting.
Follow this link for more information or to sign the letter.
I posted a blog on May 3 about a serious form of online fraud called account takeover fraud. An Iowa church appears to be one of the latest victims, to the tune of $660,000.
In a Your Church blog post titled Cyber Crime: Coming to a Church Near You, Matt Brannaugh tells the story, then offers six tips for avoiding a similar attack on your church. One that bears special mention is dual controls. From my earlier post, “This means that if one person authorizes creation of a payment file, a second person must authorize release of that file.”
At ECCU, we feel so strongly about the importance of dual controls that we require ministries to implement it when they set up their online banking.
For more information about how to protect your ministry’s information and funds, you can read our white paper Handling Cash: A Common-Sense Approach to Securing Your Ministry’s Most Liquid Asset.
I know it seems like we keep talking about fraud in the church. You’re probably thinking, “Can we move on to something more…positive?” Well, addressing fraud in the church, while never fun, is beneficial.
Vonna Laue of CapinCrouse LLP just blogged “The Top Three Reasons Fraud Happens in the Church.” She credits lack of segregation of duties, misplaced trust, and rapid change as catalysts for fraud.
Laue states, “Trust is not a sufficient strategy for protecting the church’s assets.”
Do any of these reasons surprise you? What best practices do you have in place at your ministry to prevent fraud?
Most everyone knows that an ounce of prevention is worth a pound of cure. This adage is certainly true when combating banking fraud. Prevention is especially important when dealing with a type of fraud known as “corporate account takeover.” Ignore prevention and your ministry could end up dealing with financial loss, negative publicity, and recovery efforts that divert time from kingdom work.
Corporate account takeover occurs when cyber criminals gain control of an organization’s bank account. This commonly happens when malicious software (malware) infects the organization’s computers. This malware is often delivered through very legitimate looking emails with infected links or attachments. Once embedded in a computer, this malware captures personal information and log-on credentials to online banking applications, allowing fraudsters to electronically pilfer money from the unsuspecting organization. It is because of threats like this that ECCU incorporated state-of-the-art security into its new online banking system.
When the Association for Financial Professionals (AFP) conducted a survey in 2010, 14 percent of the respondents had experienced corporate account takeover fraud. While only 2 percent suffered a financial loss, the time wasted to investigate and restore security diverted those organizations from the work they are called to do.
To prevent this kind of fraud, NACHA – The Electronic Payments Association, recommends the following steps:
- Require dual control for ACH and wire transfer payments. This means that if one person authorizes creation of a payment file, a second person must authorize release of that file.
- Ensure that all antivirus and security software and hardware for all computers (including laptops) used for online banking and payments are up-to-date.
- Require that any computers used for online banking and payments are dedicated solely to those activities. This means they are not used for web browsing or social networking and are not connected to an internal network.
- Monitor and reconcile accounts daily so you can spot fraudulent activity in time to take action.
- Utilize routine and “red-flag” reporting (i.e., alerts about unusual activity) for transactions.
If your ministry’s bank account falls victim to corporate account takeover, contact your financial institution immediately so they can:
- Disable online access to accounts
- Change online banking passwords
- Open new account(s) as appropriate
Your financial institution should also review all recent transactions and any authorizations on file. Anything suspicious should be cancelled immediately.
What steps has your ministry taken to prevent fraud like corporate account takeover?