Central Bank, NGO Secretariat and weaponisation of Financial Action Task Force

As FATF has pointed out, blanket and arbitrary measures can drive financial flows underground, thereby undermining the entire purpose of the FATF standards and instead increase terror financing risks

Two entities play a visible and critical role in State attempts to place repressive controls on CSOs; the NGO Secretariat and the CBSL. The third entity that is the driver of these attempts but has largely operated in the shadows is the Ministry of Defence (MOD). The issuance of the 12 December instructions by the NGO Secretariat, indicates the MOD is slowly becoming visible and its role in State attempts to control CSOs/NGOs is being legitimised

Historically, practically every Sri Lankan Government has attempted to enact repressive legislation to control civil society organisations/non-governmental organisations (CSOs/NGOs). The most recent iteration of this is the notice issued by the NGO Secretariat (hereinafter the Secretariat) on 12 December 2024 instructing all CSOs/NGOs, including those registered under other laws, such as the Companies Act, to register with the Secretariat under the Voluntary Social Services Organisations Act. 

The stage for the issuance of these instructions was set over a couple of months through the publication of several articles, all quoting the same statistics and using more or less the same language, and claiming that close to a Rs. 100 billion was being spent by CSOs. The articles implied the activities of CSOs were illegal and therefore had to be monitored and controlled by the Government. 

This was followed by the signing of a memorandum of understanding between the Central Bank of Sri Lanka (CBSL) and the NGO Secretariat to exchange information for the purpose of investigation and prosecution of money laundering and financing terrorism by NGOs. The accompanying statement by the CBSL, which said that “Non-Governmental Organisations (NGOs) could be misused for Money Laundering/Terrorism Financing and related crimes, and thereby could threaten the stability of the national and global economic and financial systems” demonstrates the hostility and suspicion with which the State views CSOs/NGOs.

The Ministry of Defence: the invisible driver?

Two entities play a visible and critical role in State attempts to place repressive controls on CSOs; the NGO Secretariat and the CBSL. The third entity that is the driver of these attempts but has largely operated in the shadows is the Ministry of Defence (MOD). The issuance of the 12 December instructions by the NGO Secretariat, indicates the MOD is slowly becoming visible and its role in State attempts to control CSOs/NGOs is being legitimised. For instance, the instructions, which call on all NGOs, local and international, to register with the NGO Secretariat, state that once an application for registration is made by a CSO, the application will be sent to the MOD “for clearance”. Upon receipt of the “clearance reports’ from the MOD, if the NGO Secretariat finds “there is a problem in the clearance reports, the registration will be rejected”. 

“A problem” is not defined and there are no stipulated objective criteria based on which the MOD or NGO Secretariat conducts the assessment and arrives at the conclusion “a problem” exists. Avenues to appeal the rejection of the application for registration are not mentioned. Nor is the status of the organisation following the rejection of the application for registration stated, particularly if it is already registered under a different law.

At present, banks in Sri Lanka are misinterpreting a 2019 circular issued by CBSL, which only requests banks to undertake enhanced due diligence of an NGO that is not registered with the NGO Secretariat if it receives foreign funds. In practice, banks are refusing to credit funds received by NGOs if they are not registered with the NGO Secretariat. Furthermore, banks often refuse to allow NGOs to open bank accounts unless they are registered with the Secretariat. Although the CBSL is aware its circular is being misinterpreted to curtail the legitimate activities of CSOs, it has not taken any action to rectify the problem. 

How is FATF being weaponised?

The Financial Action Task Force (FATF) is an intergovernmental body established to tackle money laundering and financing terrorism, which evaluates countries to assess the implementation of its standards. Since 2019 Sri Lanka has weaponised the FATF to justify its actions to curtail and control the activities of CSOs. The two key actors in the weaponisation of FATF, the Central Bank and the NGO Secretariat, entered into an MoU in November 2024, to share information “relevant to money, terrorist financing and related crimes under the Financial Transactions Reporting Act of 2006” in NGOs. 

While, prima facie, the MoU appears to be a positive development, it has to be viewed in the context of a hostile environment for CSOs, which includes a myriad forms of surveillance, intimidation and harassment, particularly of CSOs in the North and East. To date, despite numerous CSOs being summoned for inquiry by the Terrorism Investigation Division (TID), the investigative arm of the Financial Investigation Unit (FIU) of the CBSL, no legal action has been taken against a single CSO related to financing terrorism or money laundering. This demonstrates that the default position of the State, especially the FIU, is that CSOs engage in terror financing and must prove they are innocent. 

A review of FATF standards and best practices demonstrate that the CBSL and NGO Secretariat, amongst others, are contravening FATF standards. For instance, FATF requires governments to undertake risk assessments to ascertain whether CSOs, or non-profit organisations (NPOs) as FATF refers to them, are at risk of terror financing. The State has to take action according to the level of risk posed, instead of adopting blanket measures that impact all CSOs. These need to be “focused, proportionate and risk-based measures, without unduly disrupting or discouraging legitimate NPO activities”. 

According to FATF’s best practices guide, non-focused, disproportionate and non-risk-based measures include many measures, to which the NGO Secretariat currently requires CSOs to adhere, such as the provision of information on beneficiaries of their projects and the provision of information on all donors or local partners. Other requirements such as financial reporting should be proportionate. Blanket measures have led to CSOs in the war-affected North and East, particularly those working on accountability issues and with groups such as the families of the disappeared and former combatants, being ethnically profiled and deemed a threat en masse.

In July 2024, the NGO Secretariat emailed several CSOs/NGOs with a questionnaire at the behest of the FIU of the CBSL to gather information as part of the risk assessment of NPOs for Sri Lanka’s mutual evaluation by FATF in 2025. There was no advance notice provided to the CSOs/NGOs, nor were there consultations or provision of information or the creation of awareness about the risk assessment process. It was a top down, non-transparent process with no public consultation, and hence bad practice. 

In November 2024, the Director General of the NGO Secretariat, Sanjeewa Wimalagunarathna, said a law titled NGOs (Registration and Supervision) Act was being drafted to give effect to FATF standards. This is despite the term “supervision” being removed by FATF in November 2023, which now requires states to only have “oversight” of or “monitor” NPOs. This is because NPOs are not designated as reporting entities by FATF, i.e. they are not viewed as gatekeepers, such as banks and casinos, that are required to report suspicious transactions to the Financial Intelligence Unit. 

FATF clearly states that any measures that are overly burdensome or restrictive contravene Recommendation 8 of FATF, which sets out how NPOs should be dealt with when implementing the FATF standards. According to FATF, many NPOs are low risk, due to the fact they may have adequate internal controls and self-regulatory measures that mitigate such risks, or may already be subject to regulatory controls. In these instances FATF states “there may be no need for additional measures.” 

Disregarding these FATF recommendations, the Sri Lankan State appears to be obsessed with forcing CSOs that are registered under laws other than the Voluntary Social Service Organisations Act to register with the NGO Secretariat. In particular, there seem to be concerns about CSOs registered under the Companies Act as a company limited by guarantee, although matters related to their financial integrity are already subject to oversight by the Registrar of Companies. 

It should be noted that while the State appears to consider the oversight provided by the Registrar of Companies inadequate where CSOs/NGOs are considered, it does not seem to be concerned about the Registrar’s oversight of for-profit companies, which can also be used to launder money and finance terrorism. The fact the State’s focus is only on not-for-profit entities registered under the Companies Act demonstrates that their concern is not that CSOs will be used to launder money or finance terrorism, but about the content of their programs. This has to be viewed along with remarks by “sources” from the NGO Secretariat, who claim, “It is important to have the new bill enacted to bind them for registration. Otherwise, there is no control and supervision over their activities”. 

This leads to the reasonable conclusion that FATF is being used as an excuse to curtail the activities of CSOs which challenge the Government, and bring these entities within the supervision of the NGO Secretariat under the pretext of countering financing terrorism.

At present most, if not all, NPOs, are registered under a law, have internal oversight mechanisms and report to the relevant State entity. Such general oversight is adequate for the vast majority of NPOs, which are anyway at low risk for potential terror financing abuse. Following an inclusive Risk Assessment process, if there is a small number that may be deemed high risk, the oversight and monitoring system must aim to assist mitigate that risk for the subset of NPOs, and not use that as a ploy to control and restrict the activities of all CSOs. 

The better option: follow best practices

FATF reiterates the importance of “cooperative relationships among the public and private sectors and with NPOs” to discuss the unintended consequences of the incorrect implementation of Recommendation 8, and understand and mitigate risks of financing terrorism and money laundering. Hence, dialogue is imperative to implementing the FATF standards as well and conducting a risk assessment. 

FATF also recognises that arbitrary and blanket measures will undermine efforts at financial inclusion of small organisations, which in turn will have an adverse impact on the work they do to protect human rights and further development. As FATF has pointed out, blanket and arbitrary measures can drive financial flows underground, thereby undermining the entire purpose of the FATF standards and instead increase terror financing risks. 

Where banks are concerned, FATF states they should take into account any regulatory requirements, self-regulatory or other risk mitigation measures and due diligence procedures that the NPO has in place to manage risk across their organisations and operations when assessing the risk of a NPO. Even in instances a “residual risk” is found FATF states that “the financial institution should first assess whether that risk can be sufficiently mitigated by proper safeguards and measures so as to allow legitimate NPO activities to continue”. In this regard, civil society should explore establishing collective means of self-regulation, which include voluntary sector standards, sector codes with independent verification of compliance, certification, or accreditation.