When Europe finances Ukraine, it does so through a complex web of institutions: the European Commission — via the Ukraine Facility, macro-financial assistance and potentially the new €90bn Ukraine Support Loan for 2026-2027 — the World Bank, the European Investment Bank and other multilateral partners, including once well-known USAID. These are not interchangeable channels. The European Commission and the World Bank operate under distinct mandates, yet their interaction in delivering direct budget support to Kyiv reveals the real risks at stake.

A joint oversight report released in January 2023 by the US Department of State Office of Inspector General and what was then the USAID Office of Inspector General makes this tension painfully clear. It is not a routine bureaucratic exercise. It is a warning that the mechanisms designed to protect taxpayer money were certified on paper but never truly tested in practice. As a former Governor of the Central Bank of Ukraine I know what I am talking about.

The scale of the assistance underscores why oversight matters. Under the Ukraine Supplemental Appropriations Act, 2023, the United States provided $4.5bn in direct budget support. At least $13bn has flowed through World Bank mechanisms, with $10.3bn routed through the Public Expenditures for Administrative Capacity Endurance (PEACE) fund.

These are not traditional development projects. They sustain the basic functions of the Ukrainian state: salaries for public employees, teachers and healthcare workers, pensions and social transfers. This is budget support for survival, not investment. Once disbursed, the money becomes part of Ukraine’s general budget. And there, visibility vanishes quickly.

At first glance, the joint inspectors general assessment in the report appears reassuring. It concludes that the seven key monitoring mechanisms and safeguards “align with” US federal internal control standards. Yet the report’s most important sentence is buried in the introduction: “Our evaluation did not assess the effectiveness of the key monitoring mechanisms and safeguards.”

The auditors explicitly state they could not determine whether the controls actually work in practice — because many had not yet taken effect at the time of their review. In plain language, the system exists on paper. Its real-world performance remains unproven. The report offers no assurance that the safeguards are functioning as intended. That is not a formality. That is a red flag. And this security gap helps Russian propaganda create a lot of myths about the necessity to stop aid for Ukraine. Thus, covering the gap, strengthening control over security of funds can help battle both the propaganda and corruption.

The control model itself is built on ex-post verification. Ukraine spends first, submits receipts and documentation, and only then receives reimbursement from the World Bank. The Bank conducts reviews for eligibility, performs spot checks, relies on external audits and receives periodic implementation reports. A third-party contractor, as, for instance, Deloitte, engaged by US authorities at the time, was supposed to monitor Ministry of Finance systems and conduct limited checks.

On paper, this multi-layered architecture looks robust. In reality, it is reactive. Money leaves American and European accounts before any independent verification occurs. Such systems are inherently weaker than controls applied at the point of disbursement. They leave room for delay, reinterpretation or circumvention.

This is not theoretical. In 2022, as Governor of the National Bank of Ukraine, I witnessed first-hand attempts to alter the architecture of international financial assistance, including funds linked to World Bank programs. There were concrete efforts to redirect assistance away from the central bank’s unified accounting, liquidity and transparency systems and place it instead on accounts in state-owned banks, including Ukreximbank. Officials presented these moves as technical adjustments. They were anything but.

The National Bank provides a single, consolidated view of Ukraine’s international reserves and foreign inflows. Shifting funds outside this perimeter fragments oversight, reduces real-time visibility and opens alternative channels of financial management. It was a dangerous precedent that risked undermining the very safeguards donors claimed to value.

When I read the 2023 joint report’s findings, the connection was immediate. It confirms that the control mechanisms had not been tested in practice and offered no assurance of effectiveness. At the very same moment, institutional actors in Kyiv were probing the boundaries of those controls.

The combination is critical: a system certified as adequate before it was operational, paired with documented attempts to bypass established transparency structures. Theory and practice collided before the ink on the certification was dry.

For Austria and other European donors, this is not an abstract policy debate. Austria participates in the same architecture — World Bank trust funds, European Commission instruments and layered external audits. Several hard conclusions follow.

First, formal compliance with international standards does not equal real control. Second, ex-post verification is limited by design and leaves space for manipulation. Third, institutional precedents matter: once the perimeter is tested, it can be tested again. Fourth, complexity does not guarantee reliability; multiple layers can diffuse responsibility rather than reinforce it.

Europe is not merely financing Ukraine. It is financing a system that manages tens of billions of euros in budget support. That system is formally well-designed. But its effectiveness remains unproven, and it has already shown signs of being challenged from within. This is a rare and uncomfortable combination. The issue is not political. It is financial. And it is precisely the kind of risk that European donors cannot afford to ignore.

 

Kyrylo Shevchenko is the former Head of the National Bank of Ukraine and a member of the National Security and Defence Council.