Good Governance – Decision-making Principles that PBOs should follow

In our first article in this series, the moral imperative for good governance of public benefit organisations (PBOs) was spelt out. In the second article, we looked at the legal imperatives and fiduciary duty for your board to always keep in mind whenever it makes decisions. In this, the third and last article in the series, we explore a few (and by no means all) potential blind spots which your PBO should watch out for.

Mere compliance with the Income Tax Act No. 58 of 1962 (ITA) is not sufficient to ensure long-term sustainability of your PBO. PBO status gets you the license to run the race, but you still have to get out there and pound the asphalt. As with marathon running, the success of your run depends on numerous factors: how fit your body is, who you may have chosen to partner with on the run and your mindset.

The way you are set up to govern your run is probably more important than all the practice you have put in before the race. You can never fully prepare for every moment of the race; what will eventually happen on race day is unknown. Each marathon race has its risks, and every PBO faces things that put its long-term sustainability at risk.

Two of the known risks that every PBO faces, and which could be lurking in your board’s ‘blind spot’ are:

  • embezzlement, money laundering, fraud, corruption, tax evasion and terrorist financing; and
  • non-compliance with statutory requirements, such as FICA and POPIA.

In terms of the first, we suggest that there are five categories of abuse facing a PBO. These are:

  • Diversion of funds by people within your PBO or by external actors (such as a foreign partner or a third-party fundraiser);
  • Your PBO’s staff or board members knowingly or unknowingly maintaining an affiliation with a complex syndicate or terrorist entity which may result in your PBO being abused for multiple purposes, including general logistical support (this might sound like something out of the movies, but there are cases of PBOs unwittingly transporting contraband in their emergency food parcel runs);
  • Abuse of programming – the flow of resources is legitimate, but your PBO’s programmes are abused at the point of delivery (donated bread ends up going to the salaried driver, at the expense of one of the families for whom the bread was intended);
  • Supporting others’ recruitment efforts (while facilitating a secular support group for teenagers, your field worker invites attendees to attend her church’s revival meeting on the weekend) or mobilisation for illicit activity (your peer educator approaches the strongest young men in a peer-education group with a view to recruiting them to join a local gang); or
  • Abuse through false representation in which other entities in your community start a “sham” PBO or falsely represent themselves as the agents of “good works” in order to deceive your staff, or even your board, into providing them support. They could relatively easily conceal or obscure their clandestine diversion of funds or goods intended for legitimate purposes, and divert these for illicit means (they promise to help cover the ‘last mile’ in distributing food parcels to needy families in a distant settlement, but actually divert them to a private hostel where residents pay for ‘bed and a meal’; or, in conflict zones, food for starving families is diverted to feed rebel soldiers instead).

The public expects your PBO’s board to protect your legitimate activities from these sorts of nefarious agendas. A few of our clients are now asking applicant PBOs how they are monitoring and mitigating against these risks. We expect this trend to only grow in importance.

When it comes to non-compliance risk, the two key laws we would like to highlight, and which every board needs to ensure its PBO is adequately capacitated to comply with, are FICA and POPIA.

The Protection of Personal Information Act No. 4 of 2013 (POPIA) is now very topical as all PBOs have to be compliant as of 1 July 2021. There are a lot of provisions included in POPIA which directly challenge established practices in day-to-day life in South Africa. One example is that POPIA effectively prohibits open ‘entrance register books’ in which many establishments require each visitor to record their ID and telephone numbers, and which each successive visitor can see (or even take a photograph of).

Your organisation would need a very specific reason for requesting and storing the biometric details of your clients/beneficiaries. Indeed, you may have to ask for special permission from the Information Regulator to do so. This means that you cannot readily take a photocopy of your beneficiary’s ID and keep it on record – this is because their ID includes a picture of their face, which is considered biometric information.

Not many PBOs are aware that they also must comply with the Financial Intelligence Centre Act 38 of 2001 (FICA). While not designated as an accountable or reporting institutions under FICA, PBOs and their fundraisers are holders of the public trust, and so the Financial Intelligence Centre (FIC) does expect PBO’s full support and collaboration in relation to two scenarios:

  • PBOs that become aware or suspect that they are being abused for terrorist financing and/or money laundering purposes are strongly encouraged to notify the FIC following its Voluntary Disclosure Reporting process; and
  • Section 26B of FICA sets out the prohibition relating to persons and entities identified by the United Nations Security Council resolutions (UNSC resolutions) as “any person who acquires any property, provides financing, and/or other services and/or benefits to a person or entity listed in terms of section 25 of POCDATARA[1]”. Supporting such a person may result in your PBO being found guilty of an offence under FICA.

While we would like to believe that both of these scenarios are rare, it is clear that the negative impact could be quite severe. We flag them here as potential ‘blind spots’ for your board to be aware of. The last thing your board needs while trying to rapidly respond to an emergency situation, is to be confronted with a non-compliance notice from the Information Regulator or FIC!

We have only outlined some of the less well-known governance risks that face local PBOs. This is certainly not a comprehensive list. It serves only to demonstrate that the risks have to be systematically itemised and worked through by each PBO’s board. It is imperative that your board takes these risks into consideration and has developed plans to mitigate their effects on your organisation. Your organisation will then be better placed to manage the unknown eventualities that its future might hold.

This concludes our short series on the importance of good governance of PBOs. We hope that at least some of what we have shared has provoked deeper appreciation for the importance of good governance and elicited some curiosity around what else your board could be doing to ensure your PBO’s long-term sustainability.


[1] POCDATARA refers to another South African law, called the Protection of Constitutional Democracy against Terrorist and Related Activities Act, 2004 (Act 33 of 2004). You can read more information about this on the FIC’s website.