Philanthropic grantmaking carries real risks — financial, reputational, and legal. Grants can be misused; grantees can fail; funded programmes can produce unintended harms; and foundations that don't manage risk appropriately can face regulatory consequences and public damage. Building a robust compliance and risk management framework is not about distrust of grantees — it is about protecting philanthropic assets and maintaining the public trust that gives philanthropy its legitimacy.
Financial risk
The most obvious risk in grantmaking is that funds are misused — spent on purposes other than those for which the grant was made. This can range from simple financial mismanagement (poor accounting, budget overruns) to deliberate fraud (diverting funds for personal use).
Financial risk varies with grant size, grantee capacity, and the nature of the programme. A large grant to a small organisation with limited financial systems carries more financial risk than a small grant to a large organisation with strong financial controls.
Reputational risk
Being associated with an organisation or activity that generates public controversy or scandal can damage a foundation's reputation and its relationships with donors, grantees, and the public. Reputational risk arises from:
- Funding organisations later found to have acted unethically
- Funding programmes that produce unintended negative outcomes
- Associations with politically controversial activities or organisations
- Poor handling of complaints or problems
Programme risk
Funded programmes may not achieve their intended outcomes — because the theory of change was wrong, because implementation was poor, because the context changed, or because the problem was more complex than anticipated. Programme risk is inherent in philanthropy, but can be managed through better programme design, monitoring, and adaptive management.
Legal and regulatory risk
Foundations face legal obligations — to distribute funds to charitable purposes, to maintain governance requirements, to comply with reporting obligations, and to ensure grants don't flow to prohibited organisations (terrorist financing, sanctions violations). Failure to manage legal risk can result in regulatory action, loss of charitable status, or personal liability for trustees.
Safeguarding risk
Programmes that work with vulnerable people — children, people with disability, people in crisis — carry safeguarding risks. Grantees without adequate child protection, safeguarding, or conduct policies can expose vulnerable people to harm. Foundations that fund programmes involving children should require and verify appropriate safeguarding policies.
Due diligence is the systematic investigation of a potential grantee before making a funding decision. Proportionate due diligence — scaled to the size and risk of the grant — is a key risk management tool.
Organisational registration: Verify that the grantee is a registered charitable organisation, incorporated society, or other appropriate legal entity. Check registration with Charities Services (NZ) or ACNC (Australia).
Financial health: Review recent financial statements. Look for: adequate financial reserves, no unresolved audit qualifications, appropriate governance of finances, and financial systems proportionate to organisational scale.
Governance: Who is on the board? Is there a conflict of interest policy? Does the board meet regularly? Are board members elected or appointed appropriately? Governance documents (constitution, board minutes) can reveal much about organisational health.
Safeguarding: Does the organisation have appropriate child protection and safeguarding policies? Are police/working with children checks conducted for staff and volunteers in relevant roles?
Track record: Has the organisation delivered similar programmes before? Has it successfully acquitted previous grants? Are there any credible concerns about its reputation or practice?
Capacity: Does the organisation have the management and operational capacity to implement the proposed programme? Organisational capacity — finance, HR, project management — is as important as programme expertise.
Sanction and terrorism screening: For international grants, screening grantees and key personnel against sanction lists and terrorist financing databases is a legal obligation for many foundations.
A well-drafted grant agreement is a risk management tool. Grant conditions should:
Specify purpose: Exactly what the grant may be used for, and what it may not.
Require reporting: What reports are required (progress, financial, final), in what format, and by when.
Include acquittal requirements: How the grantee must demonstrate that funds were spent as intended.
Address variations: What happens if the programme needs to change? What variations require funder approval?
Provide for return of funds: Under what circumstances must unspent funds be returned?
Include safeguarding requirements: Relevant safeguarding, child protection, and conduct requirements.
Specify intellectual property: Who owns any materials, research, or products created with grant funds?
Include an audit right: The funder's right to review financial records and conduct site visits.
Grant conditions create obligations; monitoring is how you know whether they're being met.
Progress reports: Regular reports against milestones and outcomes — typically mid-project and at completion. Reports should include financial information (spend against budget) and programme information (activities delivered, outcomes achieved).
Site visits: Visiting grantees — seeing the programme in action and meeting staff and participants — provides understanding and evidence that written reports cannot convey.
Financial acquittals: Final grant acquittal — verifying that grant funds were spent on the specified purpose — is fundamental compliance assurance.
Exception-based monitoring: Not every grant requires the same level of monitoring. Scale monitoring intensity to grant size and risk — intensive monitoring for large, high-risk grants; lighter touch for small grants to well-established organisations.
Despite due diligence and monitoring, problems occur. How foundations respond matters as much as prevention.
Early reporting expectation: Encourage grantees to report problems early, before they escalate. Grantees that hide problems out of fear of funder reaction create bigger problems. Create a culture where honest early reporting is welcomed.
Proportionate response: Not every problem requires the same response. A budget underspend may need only a brief conversation; suspected fraud requires immediate, formal investigation.
Clear escalation paths: Know when to escalate — to the board, to legal counsel, to regulatory authorities. Have clear internal protocols for different types of problems.
Document everything: When problems arise, document all communications, decisions, and actions. Documentation protects the foundation and creates a record of appropriate response.
Learn from failures: After any significant problem, conduct a review. What went wrong? Could it have been caught earlier? What should change in due diligence or monitoring processes?
Tahua's grants management platform includes built-in compliance tools — grant agreement tracking, milestone and reporting reminders, acquittal checklists, and audit-trail documentation — that help foundations manage grant compliance effectively without creating excessive burden for grantees.