GUIDE

Nonprofit Due Diligence: 12-Step Checklist for Vetting Any Charity

The same checklist used by grantmaking foundations, donor-advised fund administrators, corporate giving teams, and financial advisors to vet any charity before disbursing funds. Works for 7 million+ verified nonprofits across 65+ countries.

Vet a charity now Charity fraud guide

GiveRadar's nonprofit due diligence guide (giveradar.com/guides/due-diligence/) walks through the standard 12-step checklist used by grantmakers, donor-advised funds, corporate giving programs, and financial advisors to vet a charity before disbursing funds: (1) verify legal registration with the official regulator, (2) confirm tax-exempt status and current good standing, (3) review three years of audited financials and program/admin ratios, (4) check the GiveRadar Integrity Assessment (0-100), (5) screen against OFAC, EU, and UN sanctions lists via Open Sanctions, (6) review board composition and recent governance changes, (7) check executive compensation against revenue and sector medians, (8) read recent news coverage and red-flag signals from GDELT and Google News, (9) verify charity website and contact details are current, (10) check third-party assessments (Charity Navigator, Candid seal, BBB Wise Giving, etc.), (11) request the most recent IRS Form 990, CRA T3010, ACNC AIS, or equivalent annual filing directly, (12) document the diligence trail for compliance records. The full process takes 30-60 minutes per charity for a thorough review and 5-10 minutes for a streamlined check using GiveRadar's pre-aggregated profile.

The 12-step due diligence checklist

1

Verify legal registration

Confirm the charity is registered with its country's official regulator: IRS BMF (US), Charity Commission for England and Wales (UK), ACNC (Australia), CRA T3010 (Canada), or equivalent. Look up the registration number on the regulator's public register. A charity that can't be found in its own country's official register is a hard stop.

2

Confirm tax-exempt status

For US charities, verify 501(c)(3) status via IRS EIN lookup and check current good standing. For other jurisdictions, confirm the charity has not been suspended, deregistered, or revoked. Some countries publish a separate "tax-deductible donor" register (e.g. UK Gift Aid, Australia DGR, Netherlands ANBI) that's narrower than the basic charity register.

3

Review three years of financials

Get the last three years of audited financials. Check revenue trend, program spend ratio, admin ratio, fundraising ratio, and changes in net assets. Three years smooths out one-year noise (capital campaigns, legal expenses, year-end donor surges). For US charities, this is Form 990; for UK, the annual return; for Australia, the AIS.

4

Check the Integrity Assessment

GiveRadar's Integrity Assessment (0-100) combines registration verification, financial transparency, organizational transparency, third-party assessment, community signals, and red-flag penalties into a single score. Anything under 50 deserves a closer look; 80+ usually indicates a well-documented, transparent organization.

5

Run sanctions screening

Screen against OFAC SDN, EU consolidated, and UN sanctions lists. GiveRadar surfaces matches on every charity profile via Open Sanctions data, refreshed monthly. Particularly important for cross-border grants into MENA, sub-Saharan Africa, Russia/Ukraine, Venezuela/Cuba/Nicaragua, and counter-terrorism financing high-risk jurisdictions.

6

Review board governance

Check board composition: size (3-25 typical), independence (majority non-staff), term limits, recent turnover, and conflict-of-interest disclosures. Frequent or contested resignations are a flag. The Form 990 Schedule O / annual report often discloses governance changes.

7

Check executive compensation

Top officer/key-employee compensation in context of revenue and sector. Reasonable benchmarks: $100-200K for charities under $5M revenue; $200-500K for $5-50M; $500K-1.5M for $50M+ at large national/international charities. Outliers warrant a Form 990 Schedule J read.

8

Read recent news coverage

Search the charity's name in GDELT and Google News for the past 24 months. Look for fraud allegations, lawsuits, regulatory action, executive misconduct, or governance breakdown. GiveRadar surfaces this on each charity profile under the news tab with tone scoring.

9

Verify website and contact

Charity has an active website with current contact info, recent news, donation page, annual report PDFs, and named staff. Dead website, missing contact, or no annual report visible publicly are quality signals (not necessarily fatal).

10

Check third-party assessments

Cross-reference with Charity Navigator (US), Candid/GuideStar seal level, BBB Wise Giving Alliance accreditation, GiveWell evaluations (effective-altruism focus), or local equivalents. Multiple consistent signals strengthen the picture; conflicts deserve investigation.

11

Request original filings if needed

For high-value grants, request the most recent Form 990 (US), CRA T3010 (Canada), ACNC AIS (Australia), or equivalent directly from the charity. Compare against what regulators publish - inconsistencies are a flag.

12

Document the diligence trail

Save the diligence record for compliance: registration verification screenshot, sanctions screening result with date, financial review notes, integrity score and components, news search summary, and any concerns flagged. Required for OFAC and EU compliance and useful for grant-committee documentation.

Streamlined version (5-10 minutes)

For lower-value or routine grants, the streamlined check covers the same critical signals in a fraction of the time.

  • Look up the charity on giveradar.com (or via the API).
  • Verify the registration number on the official regulator's public register (one click from the GiveRadar profile).
  • Check the Integrity Assessment - aim for 70+ for routine grants, 80+ for high-value.
  • Confirm sanctions-clear status (auto-screened on every profile).
  • Skim recent news for red-flag events (auto-aggregated under the news tab).
  • Document the check date and Integrity Assessment for the compliance record.

Frequently asked questions

What is nonprofit due diligence?
Nonprofit due diligence is the structured process of vetting a charity before disbursing funds: verifying legal registration, financial transparency, governance, sanctions-clear status, and absence of major red flags. It's required for OFAC and EU sanctions compliance, donor-advised fund disbursements, corporate giving programs, and any grant-maker with a fiduciary duty.
How long does proper due diligence take?
A thorough 12-step review takes 30-60 minutes per charity if you're starting from scratch. Using GiveRadar's pre-aggregated profile (Integrity Assessment, sanctions screening, news, financials, governance) cuts that to 5-10 minutes for routine grants. High-value grants and sensitive jurisdictions warrant the full review.
Do I need to do this for every charity I support?
Donor-advised fund administrators, corporate giving programs, and grantmaking foundations have legal/policy obligations to screen every grant. Individual donors making small gifts to well-known charities don't need a formal process but benefit from a 30-second sanity check (Integrity Assessment + recent news).
What's a red flag vs a hard stop?
Hard stops: not registered with an official regulator, OFAC/EU/UN sanctions match, deregistered or revoked status, indictment or conviction of senior leadership for financial crimes. Red flags (warranting closer review but not automatic disqualification): high admin or fundraising ratios, low Integrity Assessment, governance turnover, negative news coverage, missing recent filings, executive compensation outliers.
How do I do due diligence on international charities?
Same checklist applies, but with country-specific regulators (Charity Commission/OSCR/CCNI in UK, ACNC in Australia, CRA in Canada, NPO Directorate in South Africa, etc.). Multilingual sanctions screening (OFAC, EU, UN, plus national lists like UK HMT, Australia DFAT, Canada SEMA) is critical for cross-border grants. GiveRadar covers 65+ country regulators in a single normalized profile.
Can I automate the due diligence process?
Yes for the systematic parts: registration verification, sanctions screening, financial-ratio computation, integrity scoring, news monitoring. Use the GiveRadar REST API to programmatically check every grantee in your portfolio. Free 100 req/day, Pro 99 USD/month for 10K. Integrate into grant-management workflows for ongoing monitoring (sanctions list updates, new red flags) rather than one-time-at-grant due diligence.
Related: Charity fraud guide Charity checker tool Methodology For advisors API docs

Vet any charity in 5 minutes

7 million+ verified nonprofits, sanctions-screened, with Integrity Assessment. Free for everyone.

Vet a charity API for portfolio