NGO Safeguarding Due Diligence: Pre-Selection Vetting Guide

What to do if this appears in your review

Use this as a practical response guide when a public-source issue appears during selection-stage review.

Situation	What to do	Evidence to keep	Escalate when
A search reveals a news article from a local outlet alleging a sexual harassment cover-up by a branch director two years ago.	Document the article's source, date, and specific allegations. Check if the organization issued a public response or if a regulatory investigation was initiated. Draft a clarification query to the partner regarding the status of the investigation and the implementation of corrective actions.	PDF copy of the article, search date, any published organizational responses, and a copy of the written clarification request sent to the partner.	Escalate to the Safeguarding Focal Point and Legal Counsel if the partner refuses to provide a status update or denies the occurrence of a documented regulatory inquiry.
The organization's name matches an entry on a national registry of suspended NGOs, but the partner claims it is a different entity with a similar name.	Cross-reference the registration number, tax ID, and registered address on the official registry with the partner's submitted application. Verify the distinct identities of both organizations.	Registry search screenshot showing both names/numbers, the partner's registration document, and a dated comparison file note.	Escalate to Procurement and Finance leads if the registration number matches or if the partner cannot provide current, verified registration credentials.
An executive director named in the proposal is mentioned in an older civil society blog post regarding alleged financial misconduct and related safeguarding lapses at a previous NG	Search for corroborating reports from reputable journalists, court filings, or official donor audit reports. Request the individual's employment history and verify references from their previous employer specifically covering safeguarding compliance.	Screenshots of the blog post, search history showing the presence/absence of other corroborative public records, and reference check logs.	Escalate to Senior Management and Human Resources if corroborating official documentation of misconduct is found, or if reference checks return unsatisfactory or evasive responses.
Search shows that the proposed local sub-grantee was suspended by a major bilateral donor under a former entity name.	Research the details of the suspension to determine if it was related to safeguarding, compliance, or financial management. Request information from the sub-grantee regarding the suspension, their reorganization, and whether they have been formally reinstated or cleared by the donor.	Donor debarment database exports, structural comparison of the old and new entity, and the sub-grantee's written explanatory statement.	Escalate to Donor Compliance and Legal leads, as using a suspended downstream partner can violate core grant terms and conditions.
No negative search results appear, but the organization's website has no published PSEA policy, code of conduct, or community reporting mechanism.	Note the absence of public policies in the compliance file. This is an operational gap rather than an active risk finding. Request copies of internal policies and operational manuals as part of the standard pre-award documentation review.	Screenshots of the partner's public-facing site, the completed policy checklist, and the request for internal documents.	Escalate to the Grants Officer if the partner cannot provide internal policies that meet the donor's minimum safeguarding standards prior to contract drafting.

Search terms to use

Adapt these examples to the legal name, acronym, country, local-language name, former names, directors, signatories and project locations.

[Organization Name] AND (safeguarding OR SEAH OR PSEA OR abuse OR allegation) [Executive Director Name] AND (charity OR NGO OR foundation) AND (resigned OR investigation OR suspension) [Organization Name] [Country Office Location] AND (regulatory action OR warning OR sanction OR 'charity commission') [Organization Acronym] AND ('whistleblower' OR 'code of conduct' OR 'child protection' OR 'exploitation') [Former Organization Name] AND (psea OR misconduct OR 'donor suspension') [Local Sub-grantee Name] AND (investigation OR 'Office of Inspector General' OR OIG OR 'alleged') [Organization Name] AND (lawsuit OR 'court case' OR 'wrongful termination' OR 'sexual harassment') [Key Director Name] AND ('safeguarding failure' OR 'breach of duty' OR 'disciplinary')

What teams often miss

Failing to check the previous employment histories of newly hired key personnel, who may have left prior organizations due to unpublicized safeguarding investigations.
Searching only the English translation of an NGO's name, missing local-language media coverage or regulatory warnings in the primary operating country.
Overlooking localized country-office registrations and sub-entities, which may be suspended or under investigation while the international headquarters remains in good standing.
Excluding proposed downstream sub-grantees from the vetting process, despite them having direct and frequent contact with project participants on the ground.
Neglecting to check former organizational names, acronyms, or recent merger entities that may have been rebranded specifically to distance themselves from past scandals.
Assuming a 'clean' search on standard commercial search engines is sufficient, thereby missing specialized regulatory databases, NGO coordination board registries, or donor debarment lists.
Disregarding localized blogs, whistleblower portals, or local civil society networks, which often document safeguarding allegations long before they reach mainstream international media.

Realistic review scenarios

An international donor finalized a grant with a national health NGO. Three months into implementation, a local journalist republished an old regulatory report showing the NGO's previous regional office had been shut down by local authorities due to systemic failure to report child abuse allegations.Risk: The vetting team only searched the global parent organization's name in English, missing the localized regulatory archive in the local language. This led to reputational damage, donor inquiries, and a temporary suspension of activities.Reviewer response: The compliance reviewer must structure future searches to include regional offices and local language terms. For the current partner, the team must halt funds to the affected region, initiate a third-party safeguarding audit, and request a detailed corrective action plan.

A procurement team selected a logistics vendor for a refugee camp distribution contract. A post-selection audit revealed that the vendor's operations manager had been dismissed from a UN agency two years prior for sexual exploitation, a fact documented in a public civil society whistleblower database.Risk: The team only screened the vendor entity's corporate registration and did not perform purpose-limited, open-source searches on key personnel assigned to direct beneficiary contact.Reviewer response: The reviewer must document the finding, verify the identity match, and immediately notify the vendor that the named operations manager cannot be assigned to any donor-funded program. Request written confirmation of personnel replacement and update the compliance file.

A grants officer cleared a sub-grantee based on an uploaded PSEA policy document. Six months later, a beneficiary filed an abuse complaint, and it was discovered that the sub-grantee had no actual reporting channels or trained staff on the ground-the policy was simply plagiarized from another NGO to pass the checklist.Risk: Relying on a static document check without verifying operational history or searching public forums for local community feedback on the sub-grantee's field presence.Reviewer response: The reviewer should note this failure in the lessons-learned log. For the active project, coordinate with the safeguarding lead to implement immediate community-based reporting mechanisms, conduct staff training, and run targeted public-source searches on the sub-grantee's field operations.

Sample file-ready language

Use wording like this in the partner, vendor, grant or procurement file, then tailor it to the source, identity match and internal policy.

No relevant findingsA public-source safeguarding review was conducted on [Date] for [Partner Name] and its key personnel using specified search strings across regional regulatory registries, donor databases, and open-source media. No active or historical safeguarding, PSEA, or regulatory signals were identified. This search is documented as complete; final selection decisions remain with the program committee.

Possible finding requiring clarificationA public-source safeguarding review conducted on [Date] identified a [Year] news report alleging [summarize allegation, e.g., safeguarding policy lapses at a regional office] involving [Partner Name]. A finding is not a conclusion but a signal for review. This signal has been documented in the file. A formal clarification request has been sent to the partner regarding their response, investigation outcomes, and current mitigation frameworks. The file will be updated upon receipt of their response.

False positive resolvedInitial open-source screening identified an administrative warning issued to an entity named [Similar Name] in [Country]. Cross-reference of the registration ID and physical address confirmed that this is a distinct entity unrelated to the applicant [Partner Name]. This signal has been dismissed as a false positive. The file shows what was checked, what was found, what was dismissed, and the justification for this dismissal.

Escalation to specialized reviewA public-source safeguarding review conducted on [Date] identified multiple, credible reports of unresolved [specify, e.g., child safety allegations] involving key executives of [Partner/Vendor Name]. In accordance with compliance procedures, this signal has been escalated to [Legal/Safeguarding/Senior Management] for specialized evaluation. No programmatic commitments should be made, and the final decision remains with the organization's authorized leadership.

Lessons learned for stronger files

Documenting the exact date and search strings used is critical, as public-source search results and web indexes change constantly.
A partner's self-attestation or policy upload must never be accepted as a substitute for an independent, open-source vetting check.
Vetting must be treated as an ongoing risk-monitoring process rather than a one-time gatekeeper check, especially for long-term multi-year programs.
Reviewers must avoid subjective or speculative language in compliance notes; document only verifiable facts, source URLs, and official communications.
Coordinating search criteria between headquarters and field offices ensures that localized regulatory actions and local-language media are not missed.

Overview of Safeguarding Due Diligence

Unlike routine financial or sanctions vetting, safeguarding due diligence requires analyzing regional regulatory findings, news reports, independent inquiry results, and civil society registries to identify behavioral and operational risk signals.

This review serves as a pre-selection baseline. It examines whether an organization, its key executives, board members, or high-risk sub-grantees have been associated with systemic safeguarding failures, regulatory censures, donor suspensions, or critical policy breaches in public records.

Active or historic allegations of SEAH involving the entity's personnel or downstream partners [1.3.1].
Censures or formal investigations by national charity regulators regarding duty of care failures.
Media-reported whistleblower disclosures concerning systemic cover-ups of safeguarding failures.

Why Public Vetting Matters in Grant and Procurement Workflows

For instance, the United Nations Protocol on Allegations of Sexual Exploitation and Abuse Involving Implementing Partners requires partners to have robust preventive, reporting, and corrective measures. Relying solely on a partner's self-attestation or policy upload leaves an organization vulnerable to undisclosed historic issues that are already visible in public sources.

A comprehensive public-source check acts as an independent verification step. It ensures that the team has checked for external signals before committing funds, protecting vulnerable project participants and preserving donor trust. If a public signal exists, the team can address it transparently during negotiation rather than reacting after a public scandal.

Prevents partnering with entities currently under donor suspension or active regulatory sanction for safeguarding negligence.
Informs the design of targeted risk mitigation measures in the final grant or sub-contract agreement.

Determining the Timing and Scope of the Check

Running checks too early in a broad procurement call consumes unnecessary resources, while running them post-award prevents the organization from structuring appropriate risk mitigations or selecting an alternative partner if critical risks are identified.

Vetting must extend beyond the primary legal name of the organization. A thorough review checks the legal entity name, any registered operating aliases ('Doing Business As' or DBA names), local-language names, former institutional names, key executive leaders, and proposed high-risk downstream partners or sub-grantees.

Check exact legal name and common acronyms of the partner entity.
Check names of key officers, including the Executive Director, Country Director, and Safeguarding/PSEA Focal Point [1.1.3].
Review the specific geographic operating divisions or local country offices where the activities will take place.

Primary Public Repositories and Regulatory Sources

Reviewers should systematically consult public, authoritative databases and regional regulatory archives rather than relying solely on commercial search engines [1.1.9]. Regulators and donor oversight bodies maintain registries of compliance failures, administrative decisions, and formal warnings that may not rank highly on standard web search results.

By checking regional registries, national NGO databases, and international humanitarian portals, reviewers can gather objective, source-documented facts regarding past organizational interventions, governance disputes, or safeguarding compliance actions.

National NGO Registries: Look for active registration status and historical regulatory actions or suspensions (e.g., UK Charity Commission, Kenya NGO Coordination Board) [1.1.2].
Donor Inspector General and Oversight Archives: Search publication lists from the USAID Office of Inspector General (OIG), the Global Fund's Office of the Inspector General, or the World Bank Integrity Vice Presidency.
Humanitarian and Safeguarding Repositories: Consult civil society tracking platforms, CHS Alliance self-assessments, and ReliefWeb for localized field reports and organizational news.

Analyzing Search Signals: A Signal is Not a Conclusion

When a public-source search reveals a negative report or allegation, the reviewer must apply a core principle: 'A finding is not a conclusion. It is a signal for review.' The presence of a public allegation does not prove misconduct, nor does it mean the partner must be automatically excluded. Instead, it serves as an indicator that requires systematic review, documentation, and further direct inquiry [1.1.6].

The objective of the compliance file is to demonstrate that the organization did not ignore a public risk indicator. 'The file should show what was checked, what was found, what was dismissed, and what follow-up was taken.' This record-keeping ensures a clear audit trail that justifies the selection or mitigation decisions made by management.

Analyze the credibility, date, and source of the public report or allegation [1.1.6].
Determine whether the organization has already acknowledged, investigated, and addressed the issue internally.
Ensure that findings are documented without speculative or accusatory language in the compliance file.

Addressing False Positives in Name-Based Searches

Name-based screening often generates false positives, particularly when searching for individuals with common names or organizations with generic titles (e.g., 'Community Development Association') [1.1.9]. Reviewers must verify identifiers such as geographic location, operating sector, registration numbers, and dates of birth/employment before linking a negative finding to a candidate partner or executive.

Common false positives also arise from regional political disputes, where localized NGO leaders are targeted by smear campaigns or politically motivated regulatory actions. Cross-referencing findings with reputable international news and civil society monitors is essential to separate genuine risk signals from noise.

Verify name spelling variations, including local transliterations and regional naming orders.
Compare the operating location of the entity in the search result with the target partner's physical offices.
Document the specific criteria used to dismiss a false positive to prevent re-review during audits.

Vetting Downstream Partners and Sub-Grantees

Safeguarding failures frequently occur at these localized levels, where capacity may be limited and direct supervision is reduced. Vetting procedures must systematically extend to these downstream entities before they are authorized to engage with project participants.

A public-source review of a sub-grantee follows the same rigorous standards as the primary partner review. The primary recipient must document the search strings, registries checked, and findings for every downstream partner, maintaining these files as part of the overall program compliance record.

Require primary partners to submit the legal names and key officials of all planned sub-grantees [1.2.2].
Incorporate sub-grantee open-source checks into the standard pre-selection compliance file.
Use localized search terms to identify regional regulatory or community safety concerns associated with downstream workers.

Operational Limits and the Human Review Mandate

Public-source reviews are an essential component of due diligence, but they have distinct limits [1.1.6]. An open-source search only identifies issues that have been publicly reported, investigated, or registered. It does not replace internal operational reviews, field-level safeguarding assessments, or direct reference checks.

This check is not a guarantee of future compliance, nor does it automatically prove an organization's suitability. Human review, context-sensitive analysis, and active risk mitigation remain the final and necessary steps before selecting any partner or grantee.

Open-source vetting does not replace formal reference checks with previous donors or networks [1.1.2].
The absence of a public signal does not guarantee the existence of robust safeguarding practices on the ground.
All decisions regarding partner suitability, risk tolerance, and selection are the responsibility of the organization's management.

Standardizing Compliance Workflows with IntegrityFile

Establishing a repeatable, auditable vetting process across global teams requires standardized tools and centralized record-keeping [1.1.3]. IntegrityFile supports this workflow by enabling compliance officers to systematically document open-source checks, compile search histories, and organize reviewer notes in a secure, central repository.

By maintaining a consistent and structured record of all public-source searches, organizations can easily demonstrate compliance to auditors and institutional donors. IntegrityFile provides the documentation framework that ensures every partner file is complete, structured, and ready for regulatory review.

Provides a centralized platform for documenting and storing open-source due diligence files.
Helps teams maintain a clear audit trail of search queries, dates, and reviewer determinations.
Simplifies reporting to institutional donors by keeping all partner compliance records organized and accessible [1.1.3].

Useful public sources

Source availability varies by country and entity type. These references are starting points for building a documented review file, not substitutes for internal approval or legal review.

Sample follow-up questions

Does your organization have a documented history of safeguarding or PSEA investigations over the past five years, and if so, how were they resolved?
What specific channels do community members and project participants use to report safeguarding concerns, and how are these reports logged?
How are new employees, volunteers, and sub-grantees vetted for historical safeguarding misconduct prior to deployment?
Can you provide documentation regarding the resolution of the [specific regulatory inquiry/news allegation] identified in public sources?
How does your board of directors oversee safeguarding compliance, and what is your protocol for reporting allegations to institutional donors?

False-positive handling

Always cross-reference the unique national tax or registration number rather than relying on the name of the organization alone.
Check the operating sectors of identically named entities; many commercial businesses share names with local civil society groups.
Verify the timeline of events; an allegation against an individual with a similar name may predate your candidate's professional career.

What this does not replace

This public-source review does not replace sanctions screening, vendor eligibility checks, legal review, safeguarding investigation, procurement approval, donor clearance, or any required internal decision process. It helps create a documented record for human review.

Frequently asked questions

Does a negative public-source finding mean we must automatically reject the partner?

No. A finding is not a conclusion; it is a signal for review. The presence of an allegation or regulatory action requires investigation, written clarification from the partner, and a documented assessment of their corrective actions. The final selection decision remains with the organization's authorized committee based on a balanced risk assessment.

What should we do if the partner refuses to answer our follow-up questions regarding a public allegation?

A partner's refusal to provide transparent clarification regarding a documented public allegation is a significant risk signal. This situation should be formally escalated to Legal, Safeguarding, or Procurement leads. Transparency is a core donor expectation, and evasiveness itself is a ground for assessing the partner as high-risk.

How do we handle public allegations that occurred several years ago?

Review the historical context, the severity of the issue, and the partner's documented response. Determine if the partner conducted an independent investigation, terminated responsible parties, updated their policies, and successfully completed any regulatory remediation. Document these corrective actions in the compliance file to show how the historical signal was handled.