Why Schools Using Blackbaud and Flywire Still Need Sanctions Screening Controls
A software management system is not an institutional compliance program. Discover the OFAC risks hiding outside standard payment processor checks—especially for sponsors and donors.
Independent schools rely on powerful software ecosystems to manage operations. Blackbaud handles the enrollment data. Flywire clears the international tuition payments. The system works flawlessly—until an auditor asks a single, devastating question: "How do you know the person who wired this tuition wasn't on a sanctions list?"
When administrators hear that question, the instinct is to point at the software. "We process through Flywire," they say, assuming a major financial institution has handled the compliance requirements on their behalf. Or they point to Blackbaud, noting that the family profile is complete and verified.
This is a massive compliance blind spot.
While Blackbaud and Flywire are industry-leading platforms for data management and payment processing, neither system was designed to act as your institution’s proprietary sanctions screening and defense program.
Systems vs. Compliance Controls
A system of record (like Blackbaud) organizes what you know. A payment processor (like Flywire) moves funds from Point A to Point B. A compliance control (like SecurePoint USA) mathematically verifies that Point A is legally permitted to do business with you, and retains a timestamped audit log proving you checked.
The Payment Processor Misconception
Payment processors legally must screen transactions to protect their own money transmission licenses. However, a payment processor screens to ensure their business complies with regulators. They do not accept the strict liability for your business.
As we saw in the devastating IMG Academy $1.72M OFAC fine, accepting money from a sanctioned individual is a strict liability offense. You do not need to knowingly violate the law to be fined; the transaction itself is the violation. Relying on a processor to catch your compliance gaps means you have surrendered control of your liabilities.
Where the Risks Are Actually Hiding
Even the best-integrated Blackbaud and Flywire implementations routinely miss high-risk counterparties because the data isn't structured for continuous sanctions screening. Here is where the blind spots usually occur:
The "Ghost" Tuition Payer
The student lives in your dorms, but the tuition is wired from an overseas aunt or sponsor corporation you never formally screened.
Major Donors
Significant gifts flowing into development accounts. Accepting money from sanctioned entities triggers OFAC enforcement, regardless of donor intent.
Mid-Year Updates
A parent passes at enrollment, but is sanctioned by OFAC in November. Your billing system will still process their January payment.
The Missing Audit Trail
If an auditor asks for proof you screened a specific family three years ago, a payment receipt won't stop the investigation.
How SecurePoint Wraps Your Existing Systems
The solution is not to rip out Blackbaud or move away from Flywire. The solution is to introduce a dedicated compliance overlay.
SecurePoint USA is designed to consume your rosters (students, tuition payers, sponsors, donors) via simple CSV exports from your SIS. Once imported, SecurePoint handles the continuous re-screening every 24 hours against the latest global watchlists.
If there is a match, the file is routed for human-in-the-loop review. If the file is clear, the system generates an immutable, date-stamped compliance certificate. When the auditor knocks, you don't point to the payment processor. You point to the SecurePoint audit log.
Close Your Compliance Gaps Today
Our compliance experts will analyze your current Blackbaud and Flywire intake process, identify un-screened counterparties, and build a roadmap to audit readiness.
Request a Compliance Gap Review