Banking, procurement & AML controls
This criterion evaluates whether the organization has established robust controls for banking operations, procurement processes, and anti-money laundering (AML) compliance. While most charities are not 'regulated persons' under the Money Laundering Regulations (MLR) 2017, they must strictly comply with the Proceeds of Crime Act 2002, Terrorism Act 2000, and UK Sanctions regimes. This criterion adopts MLR standards as a proportionate 'good-practice benchmark' to prevent fraud, ensure value for money, and safeguard assets. It covers the full procure-to-pay lifecycle, sanctions screening, and financial crime prevention.
| Metric | Financial control effectiveness KPIs |
|---|---|
| Target | See KPI targets in Criterion KPI/Measure |
| Frequency | Quarterly (report), Annual (assurance) |
| Method | Extract system reports and logs; sample-based testing quarterly; audit verification annually |
| Unit | % / count / days |
Level 1: Initial/Ad-hoc
Basic, informal controls are in place. Procurement is ad-hoc, and banking access is restricted to a few individuals but not formally documented. There is no awareness of AML.
Level 2: Developing
Formal policies for procurement (e.g., requiring multiple quotes) and banking (e.g., dual signatories) are documented. Basic AML awareness exists. Monthly bank reconciliations performed; basic sanctions checks on payees; appointment of a Nominated Officer. Where segregation of duties is limited, compensating controls (e.g., trustee review) are informal.
Level 3: Established
Standardized procedures for procurement, banking, and AML are consistently implemented. Staff are trained. Three-way match in place for non-PO-exempt spend; supplier onboarding includes identity, beneficial ownership, sanctions/adverse media checks. Compensating controls for segregation of duties are formally documented and evidenced.
Level 4: Advanced
Financial controls are regularly audited, and their effectiveness is measured against key risk indicators. A proactive risk management framework is used. Procurement covers full lifecycle including contract management and waiver governance.
Level 5: Optimizing
The financial control system is fully integrated, technology-enabled, and continuously improved. The system is a model of Amānah and Itqān, actively preventing waste. Transactions are ethically sound and Shari'ah-aligned: documented policy on interest (riba) handling; procurement avoids prohibited elements; decisions evidence ʿadl (justice) and iḥsān (excellence).
Organisation Types
By Organisation Size
| Size | Applicability | Notes |
|---|---|---|
| Micro | partial | Formal procurement lifecycle and AML policies are disproportionate for <£10k income; only basic dual-authorization banking controls apply. |
| Small | partial | Requires basic banking controls and simple quote rules; full procurement lifecycle (POs/waivers) and formal AML policies are too heavy. |
| Medium | partial | Banking and AML policies apply fully, but the formal procurement lifecycle (e.g., strict POs before every spend) can be scaled down for lower values. |
| Large | full | |
| Major | full |
Applicable When
- Organization handles financial transactions
- Organization receives or disburses funds
- Organization engages in procurement of goods or services
Not Applicable When
- The organization is a non-financial entity (e.g., a working group, sub-committee) whose parent organization exclusively manages all financial transactions, banking, and procurement on its behalf.
- The organization is officially dormant or inactive, with no financial transactions, bank accounts, or procurement activities during the assessment period.
- The organization operates exclusively on a non-monetary, in-kind basis, with all resources (goods, services, facilities) being donated directly and no cash or financial instruments being received, held, or disbursed.
Related Criteria
Discussion (1)
📋 **Version updated: 1.0.0 → 2.9.7** **Changes:** Updated islamic_references from mizan-297.json
Sign in to post a comment.