Skip to Content
TS-FS-02 Trust & Stewardship Financial Stewardship CORE Compliance v2.9.7

Banking, procurement & AML controls

This criterion evaluates whether the organization has established robust controls for banking operations, procurement processes, and anti-money laundering (AML) compliance. While most charities are not 'regulated persons' under the Money Laundering Regulations (MLR) 2017, they must strictly comply with the Proceeds of Crime Act 2002, Terrorism Act 2000, and UK Sanctions regimes. This criterion adopts MLR standards as a proportionate 'good-practice benchmark' to prevent fraud, ensure value for money, and safeguard assets. It covers the full procure-to-pay lifecycle, sanctions screening, and financial crime prevention.

Compliance 9
  • Anti-money laundering (AML) policy adopting a risk-based approach (mandatory for regulated activities; good practice otherwise)
    Compliance Essential
  • Financial records retention: retain accounting and bank records for at least 6 years (CC8/Companies Act) with secure storage
    Compliance Essential
  • AML/CTF & sanctions records retention: retain risk assessments, screening results, and due diligence files for 5 years (good practice/MLR alignment)
    Compliance Essential
  • Sanctions screening SOP covering: (i) pre-onboarding/pre-payment checks; (ii) OFSI Consolidated & UK Sanctions Lists; (iii) fuzzy-matching thresholds; (iv) immediate payment holds/escalation; (v) documented resolution; (vi) OFSI reporting
    Compliance Essential
  • Conflicts of interest management for all procurement (declarations, recusals, register updates per CC29)
    Compliance Essential
  • Related-party procurement controls aligned to Charities SORP (FRS 102) with disclosure and approval
    Compliance Essential
  • Partner/Grantee due diligence: specific checks for downstream partners (especially overseas) covering governance, financial health, and end-use monitoring (CC Compliance Toolkit)
    Compliance Essential
  • Fraud response playbook: procedures to preserve evidence, notify bank/Action Fraud, and file Serious Incident Reports (RSI) to Charity Commission
    Process Essential
  • Staff training on financial procedures, AML/CTF, sanctions, anti-bribery, and fraud risks (annual refreshers for high-risk roles)
    Training Essential
Basic 3
  • Segregation of duties in financial processes (or documented compensating controls for smaller entities, e.g., trustee review)
    Process Essential
  • Monthly bank reconciliations prepared and independently reviewed
    Process Essential
  • Cash handling controls (two-person counts, secure storage, prompt banking)
    Process High
Good 14
  • Documented banking procedures with appropriate authorization levels, including monthly review of online banking access rights
    Documentation Essential
  • Formal procurement policy covering the full lifecycle: needs assessment, written specifications, competitive evaluation criteria, award approval, contract/PO before spend, and waiver governance
    Documentation Essential
  • Appoint a Nominated Officer/MLRO with governance outputs: annual report to trustees, quarterly risk dashboard, and documented deputy/cover
    Compliance Essential
  • Gifts and hospitality policy/log with thresholds and procurement prohibitions
    Compliance Essential
  • Modern Slavery Act (s.54) supply-chain due diligence proportionate to risk (e.g., supplier tiering, contract clauses, audits)
    Compliance Essential
  • Online banking dual authorisation with MFA/SCA for set-up and payments
    Process Essential
  • Supplier bank detail changes verified via independent call-back to known contacts and Confirmation of Payee (CoP) checks
    Process Essential
  • Payment run summary report reviewed/approved by a budget holder separate from the processor
    Process Essential
  • Multiple signatories required for significant transactions
    Leadership High
  • Documented procurement thresholds with escalating approval requirements
    Leadership High
  • Regular supplier reviews and due diligence
    Continuous Improvement Medium
  • Whistleblowing mechanism (confidential, accessible, independent) aligned to PIDA 1998
    Transparency High
  • Three-way match (PO, goods receipt, invoice) prior to payment
    Process High
  • No PO, No Pay policy
    Process High
Better 5
  • Quarterly controls testing pack: defined test scripts (sample size ~10% or 25 items) for bank recs, dual auth, supplier changes, and sanctions screening
    Continuous Improvement High
  • Automated systems for procurement and payment approvals
    Technology High
  • Regular internal audits of financial controls
    Continuous Improvement High
  • Vendor master data governance (maker-checker for new/changed suppliers, periodic dormant supplier review)
    Process High
  • Confirmation of Payee and positive pay/whitelisting controls
    Technology High

Related Criteria

TS-FS-01 Trustees review management accounts TS-FS-03 Robust accounting system TS-FS-04 Segregate and control Zakat vs Sadaqah (ledgers, banking, donor intent) TS-FS-05 Fundraising costs fairly reported TS-FS-06 Statutory accounts externally audited/examined with clean outcome and filed on time (all applicable regulators)
Version
2.9.7 2025-11-05

Discussion (1)

Administrator 2026-03-07 11:07:46.700650

📋 **Version updated: 1.0.0 → 2.9.7** **Changes:** Updated islamic_references from mizan-297.json

Sign in to post a comment.

Back to Criteria