The US Department of Treasury has rules in place that affect the work you do as a fundraiser. Specifically, the Customer Due Diligence Requirements for Financial Institutions, also known as the CDD Rule, directly impacts your ability to process payments with merchant processors like Stripe, Worldpay, and others. We understand how difficult it can be to wade through the legalese, so this article will walk you through the important stuff you need to know to help prevent fraud and other illegal activities.
What Is the CDD Rule and how does it affect nonprofits?
The Customer Due Diligence Requirements for Financial Institutions rule, as it pertains to nonprofit organizations, has two parts:
- All financial institutions, including merchant processors, are required to identify a “responsible individual” for any account they open.
- The responsible individual’s identity must be verified with their birth date and a government-issued form of ID.
So, in the simplest language possible, merchant processors, including the ones we use at Qgiv, are required to list a name and birth date for the person responsible for the account. While the regulation requires organizations to collect information from government-issued IDs, our preferred merchant processor Worldpay requires us to collect Social Security numbers.
What does it mean for me?
If your nonprofit signs up with Qgiv, an independent merchant processor, or any other online fundraising platform, you’ll have to:
- Establish someone as the signer or “owner” of the account.
- Provide a birth date and Social Security number for that person during the setup process.
According to the Financial Crimes Enforcement Network (FinCEN), a branch of the Department of Treasury, the person who provides this information must be “an individual with significant responsibility to control, manage, or direct the organization.” Practically, that means the signer must be a director-level staff member, executive team member, or board member.
You don’t have to provide that information for everyone who uses the account. All FinCEN requires is that the person responsible for the account has verified their identity. FinCEN stated that, even though nonprofits don’t legally have “ownership,” they do have individuals who “control responsibility” for the organization. That means nonprofits are required to follow this rule, too.
Why Is FinCEN requiring this information?
This rule establishes a safeguard that can help prevent enabling fraudulent nonprofits, nonprofits that fund terrorist organizations, or nonprofits that launder money. Establishing an individual as a signer on a merchant account is a preventative measure passed by a body of people who want to prevent crimes.
It’s important to note that providing this information is not a personal guarantee or a statement of financial liability. FinCEN collects this information so financial institutions can validate that the person or entity is not sanctioned by the federal government due to involvement in money laundering, terrorist activities, trafficking, or other crimes.
What does this look like in action?
When you raise money online (or even on-site, if you’re using digital payment methods), you use a merchant processor to handle the transaction. FinCEN requires the merchant processor to collect a birth date and other identifying information for every organization it serves. When you sign up with Qgiv, we’ll ask you for a birth date and Social Security number during the sign-up process. That information fulfills FinCEN’s requirements.
We collect this information for identification purposes only. We won’t use that information anywhere else.
It’s also important to remember that this information needs to be updated and confirmed annually.
Where can I find more information?
More information on the regulation can be found in this document. Nonprofit organizations are specifically addressed in Question 23, and the full regulations are linked at the beginning of the document.
Final thoughts
Federal regulations are never fun to wade through, but FinCEN’s CDD Rule is an essential one. It’s extremely important that you ensure your organization is in compliance with this rule. We strongly encourage you to proactively review and confirm this information annually.