CHD ¦ Bill 8447 on the Financial Governance of Organizations and Foundations that Manage Public Funds

Luxembourg’s proposed anti-fraud shift for charities and foundations

Luxembourg’s draft bill No. 8447 is a clear attempt to respond to one of the most damaging financial crime cases to hit the country’s nonprofit sector in recent years. The text was introduced after the Caritas affair revealed how vulnerable associations and foundations can be to large-scale diversion of funds. According to the explanatory note, the goal is to strengthen financial governance in organizations that collect public donations or receive public funding, and to restore confidence in a sector that depends heavily on trust.

That trust was badly shaken when a reported €61 million misappropriation came to light in July 2024. The fallout was not limited to one organization. It raised broader concerns about internal controls, cyber risk, and the ability of volunteer-led boards to detect and prevent fraud in time. The proposal makes one thing obvious: ex post audits alone are not enough when the threat comes from insiders or cybercriminals acting fast and quietly.

A stronger approval model for payments and commitments

At the heart of the bill is a new ex ante approval system for certain financial actions. The proposal would apply to associations and foundations collecting public donations or benefiting from public funding. For transactions of €10,000 or more, approval would require two administrators or one administrator plus a person responsible for day-to-day management. For transactions of €100,000 or more, the approval threshold would rise to four administrators, or two administrators, two day-to-day managers, and an expert accountant or statutory auditor in charge of the entity’s accounts. If a series of operations would push commitments beyond €500,000 within four weeks, the full board would have to deliberate on the matter.

The stated logic is simple: the larger the exposure, the more signatures and the more structured the internal challenge. The bill also requires that approval be preceded by a documented exchange in a physical meeting, phone call, or video conference. The intention is to create a real decision trail before money leaves the organization.

Bastian Schwind-Wagner _Follow

"Luxembourg’s draft bill 8447 marks a strong policy reaction to the Caritas fraud case and the wider risks facing organizations that handle public money. Its core idea is clear: tighter internal approval rules and greater transparency should make it harder for large-scale misuse of funds to go unnoticed.

At the same time, the draft shows how difficult it is to design anti-fraud controls that are both effective and workable. The criticisms from the Council of State and the Chamber of Commerce point to the same issue: without clear definitions and proportionate rules, a well-meant reform can create confusion, conflict of interest, and administrative strain."

Why the proposal matters for financial crime risk

From a financial crime perspective, the bill is built around one core assumption: standard audit mechanisms often fail to catch fraud in real time. That is particularly true when the fraud is committed by an insider who knows the controls, or when a cyberattack hijacks internal processes and mimics legitimate payment instructions. A reactive audit may identify the loss later, but it cannot prevent the transfer itself.

The proposal therefore tries to move the control point earlier in the process. It borrows from familiar “four eyes” and “eight eyes” logic, using layered approval to reduce the chance that one person, or a small colluding group, can move funds without challenge. In theory, this can help against payment fraud, unauthorized guarantees, and classic CEO-style impersonation scams.

But the bill also reveals a difficult tension that is common in anti-fraud policy. The same controls that block criminals can also slow down legitimate operations, especially in organizations that pay salaries, rent, suppliers, and project costs on a recurring basis. The more rigid the rule, the more likely it is to create operational friction.

The legal debate over scope and proportionality

The Council of State does not reject the aim of the bill, but it raises serious concerns about its scope. Its main criticism is that the wording may be too broad. The bill refers to associations and foundations “collecting public donations” or “benefiting from public funding”, but those expressions are not defined with enough precision. That creates uncertainty over whether the rules would apply only to large, regularly funded entities or also to small organizations that merely run an occasional fundraising campaign.

That distinction matters. If a one-off appeal for donations is enough to trigger the full regime, the rule may become disproportionate and burdensome for small and medium-sized organizations. The Council of State also invokes constitutional principles, including proportionality and freedom of association, and says the legislature must be clearer if it wants such intrusive controls to stand.

This is not a minor technical issue. In financial crime law, vague scope can turn a targeted safeguard into a broad compliance burden. That can weaken the policy by making it harder to enforce and easier to challenge.

The problem with involving the auditor in approvals

One of the most striking parts of the draft is the requirement that, for larger transactions, an expert accountant or statutory auditor be part of the approval process. That element drew criticism from both the Council of State and the Chamber of Commerce.

The objection is straightforward. The auditor is supposed to review the accounts after the fact, not to co-author the decisions being audited. If the auditor participates in approving the transaction, that creates a conflict between the control role and the management role. It also risks undermining the independence of the later audit.

This point is important in any anti-fraud framework. Independence is a control asset. Once the reviewer becomes a participant, the control line blurs. The bill’s instinct is understandable, but the execution risks weakening the very assurance function it wants to strengthen.

Transparency through publication of funding agreements

The bill also seeks to amend Luxembourg’s company and accounting legislation to require publication of funding agreements between the State and these associations or foundations in the register of commerce and companies. The stated aim is transparency. If an organization receives public money, the public should be able to see the basic terms of that funding.

Here too, however, the draft faces criticism. The Council of State argues that the proposed placement in the register law is not ideal, because that article concerns information required at registration rather than ongoing publication duties. It also questions whether the obligation is targeted enough, since the wording could capture entities beyond those actually contracted by the State.

The Chamber of Commerce goes further and suggests the publication obligation should be removed altogether. It argues that transparency over public spending should primarily be the State’s responsibility, not that of private associations and foundations. It also warns that the register could become cluttered and less practical if it starts hosting more and more contractual documents.

What this draft says about the future of nonprofit compliance

Even with its drafting problems, proposal 8447 sends a strong signal. Luxembourg is moving toward a more suspicious and more structured view of financial governance in the nonprofit sector. That change is not limited to charities. It reflects a wider trend in financial crime prevention: institutions that handle public money are increasingly expected to prove, not merely assert, that controls are in place.

For associations and foundations, the message is that basic governance models may no longer be enough. Internal approvals, documented discussions, and clear separation between management and oversight are becoming central themes. For policymakers, the challenge is to design controls that are strong enough to stop fraud but precise enough to avoid paralyzing legitimate work.

The Caritas case has made one thing clear. In this sector, the cost of weak controls can be catastrophic. The next test is whether Luxembourg can build a framework that reduces fraud risk without turning good actors into compliance casualties.

Dive deeper

• Chambre des Députés (CHD) ¦ 8447, Proposition de loi concernant la gouvernance financière d’organisations et fondations gérant des deniers publics, A propos du dossier ¦ Link