The Charity Commission is calling on charities to be alert to the threat posed by insider fraudsters and cyber criminals, after concerns were raised by the National Fraud Intelligence Bureau (NFIB).
The regulator said that the NFIB has highlighted that insider fraud, in all types of organisations, poses a greater threat than external fraud due to the access that insiders have to knowledge and data.
The regulator said that its research had found that crimes are enabled where there is poor challenge and oversight; no internal controls or, where controls did exist, not applying them consistently; and too much trust and responsibility placed in one person.
It warned that insiders with access to confidential data can utilise basic operating system functions to steal data from organisational systems. Incidents sometimes go undetected due to lack of proper auditing or data control measures.
Michelle Russell, director of investigations, monitoring and enforcement, said: “Our casework and research highlights that charities are as vulnerable to insider threats as the private or public sector. However, charitable funds and resources are there to do good and help people in need so when things go wrong the impact is particularly damaging.
“Whilst the vast majority of charity workers and volunteers are passionate and driven by the right intentions, we have sadly seen examples of fraudsters abusing the inside access they have for their own personal gain.
“Today’s alert is about making sure charities are fully alive to the risks and equipped to defend their charity against fraud. We want to see organisational cultures in charities that actively promote accountability and checks, and encourage staff and all those involved to come forward if they have concerns.”
Advice for charities
Advice from the NFIB for organisations to protect themselves against fraud incudes monitoring employees for abuse of IT systems, and restricting access to sensitive files to relevant staff only.
It said charities should have “clear policies and procedures in place for dealing with fraud and ensure that that all of your staff are familiar with them,” and should “make it clear that any criminal breaches of your policies will be reported to the police and other relevant authorities.”
The regulator said that if your charity has fallen victim to insider fraud, or any other type of fraud, you should report it to Action Fraud by calling 0300 123 2040, or visiting the Action Fraud website.
Charities affected by fraud should also report it to the Charity Commission as a serious incident, using the dedicated email address [email protected]