Skip to Content
TS-FS-02 Trust & Stewardship Financial Stewardship CORE Compliance v2.9.7

Banking, procurement & AML controls

This criterion evaluates whether the organization has established robust controls for banking operations, procurement processes, and anti-money laundering (AML) compliance. While most charities are not 'regulated persons' under the Money Laundering Regulations (MLR) 2017, they must strictly comply with the Proceeds of Crime Act 2002, Terrorism Act 2000, and UK Sanctions regimes. This criterion adopts MLR standards as a proportionate 'good-practice benchmark' to prevent fraud, ensure value for money, and safeguard assets. It covers the full procure-to-pay lifecycle, sanctions screening, and financial crime prevention.

Assessment Questions
  1. How does the organization ensure that banking operations are secure and that access to financial assets is appropriately controlled?
  2. What processes are in place to ensure procurement is transparent, provides value for money, and is free from conflicts of interest?
  3. How does the organization identify, assess, and mitigate the risks of being involved in money laundering or terrorist financing?
  4. Are financial control policies and procedures regularly reviewed, audited, and improved based on findings?
  5. How are the Islamic principles of Amānah (trust), Adl (justice), and accountability embedded into the organization's financial control culture?
  6. How are sanctions and PEP checks performed (including OFSI 'ownership and control' tests) and documented?
  7. What steps verify supplier bank detail changes (e.g., call-back, Confirmation of Payee)?
  8. Describe your SAR process, volumes, and Nominated Officer reporting to trustees.
  9. How is modern slavery risk assessed in procurement and contracts?
  10. What compensating controls operate where segregation of duties is limited (e.g., micro-charities)?
  11. How are related-party transactions identified, approved, and disclosed?
  12. What is your policy on interest (riba) and use of Shari'ah-compliant banking products where feasible?
  13. How do you conduct due diligence on downstream partners/grantees, especially those overseas?
Evidence Requirements
  • Documented Banking Controls Policy and current bank mandates.
  • Documented Procurement Policy covering full lifecycle (needs to contract close-out).
  • Documented AML/CFT Policy and Risk Assessment.
  • Segregation of Duties matrix or documented compensating controls.
  • Internal or external audit reports on financial controls.
  • Minutes from finance/audit committee meetings where controls are reviewed.
  • Training records for staff on procurement, financial controls, and AML compliance.
  • Monthly bank reconciliations with preparer/reviewer sign-off.
  • Sanctions screening logs (OFSI/UK lists) with documented resolutions.
  • Supplier/partner due diligence files (ID, beneficial ownership, financial health, modern slavery screening).
  • Conflicts of interest register and gifts/hospitality log.
  • SAR log and annual Nominated Officer/MLRO report to trustees.
  • System workflow screenshots/reports evidencing dual approvals, three-way match, and exception handling.
  • Sample of supplier bank change verifications (call-back records).
  • Fraud response playbook and Serious Incident Reporting log.
Scoring Guidelines
LevelRatingDescription
5 5/5 Automated workflow; quarterly control testing with <2% exceptions; KPIs meet targets for 4 consecutive quarters; independent internal audit annually; MLRO report reviewed by board; continuous improvements implemented
4 4/5 Documented controls; quarterly reviews; exceptions <5%; most KPIs on target; internal audit every 18–24 months; full procurement lifecycle evidenced
3 3/5 Controls implemented; monthly reconciliations; training coverage ≥80%; limited testing; exceptions 5–10%; compensating controls evidenced if segregation limited
2 2/5 Inconsistent application; reconciliations irregular; training <60%; no testing; basic policy exists but gaps in sanctions/waiver governance
1 1/5 No documented controls; high fraud/irregularity risk

Related Criteria

TS-FS-01 Trustees review management accounts TS-FS-03 Robust accounting system TS-FS-04 Segregate and control Zakat vs Sadaqah (ledgers, banking, donor intent) TS-FS-05 Fundraising costs fairly reported TS-FS-06 Statutory accounts externally audited/examined with clean outcome and filed on time (all applicable regulators)
Version
2.9.7 2025-11-05

Discussion (1)

Administrator 2026-03-07 11:07:46.700650

📋 **Version updated: 1.0.0 → 2.9.7** **Changes:** Updated islamic_references from mizan-297.json

Sign in to post a comment.

Back to Criteria