Charities are as susceptible to fraud as anyone else, but good policies can help protect your organisation. Wendy Cotton discusses the best practice.
Like all sectors, charities are susceptible to fraud and can be a target for criminals. The repercussions of fraud can have a vast impact on a charity, not only does it cause a financial loss, it can also have an effect on a charity’s good work and reputation.
A recent report by the Charity Commission showed there were 178 fraud incidents reported during the financial year 2015/16. A review of the type of fraud showed a third of these were classified as ‘internal’ fraud.
Internal fraud
Whilst you may not expect people working in charities to commit fraud, the reality is that more and more organisations are suffering as a result of fraudulent actions by trustees, staff or volunteers. It can happen in a number of ways such as misuse of funds, pocketing of donations or claiming false expenses.
In a recent report by civil society, a finance director of a learning difficulties charity based in London committed a series of frauds amounting to more than £800,000.
Fortunately this charity was able to work with the Charity Commission to strengthen their governance and financial procedures, but this example highlights how things can easily escalate without the right financial controls in place.
Tips to manage internal fraud
Regularly review accounting and audit procedures
Ask questions such as: Are there any areas where financial controls are weak? Are audits thorough enough? Are the dates of audits too predictable? Is access to sensitive areas of the charity tightly monitored?
Ensure that even those in senior positions are subject to checks
All staff with access to money or those who handle finances should be audited regularly; basic principles such as double verification of cash collected and outgoing payments can prevent problems.
Have a whistleblowing policy in place
Fraud is detected largely through others voicing concern, so make sure that employees have guidance and clear procedures to follow regarding who they can talk to in strict confidence. A whistleblowing policy template can be found on the charities against fraud website.
Have an ‘action plan’ in place for how to deal with fraud if it arises
This means thinking about how you would report fraud to the Charity Commission, Action Fraud (the UK’s national fraud reporting centre) and, of course, the police. The plan should also involve HR who would play a vital part in the event of fraud – they would ensure all legalities are in place and interview potential witnesses.
Emerging fraud risks
Another area highlighted in the Charity Commission report was cyber-enabled fraud; this is a growing risk as the sector becomes more reliant on technology. Cyber-enabled crime is traditional crime such as theft which can be increased in scale or reach by use of computers. A statistic from Action Fraud showed that 70 per cent of fraud is now cyber-enabled. This can include; fraudulent donations through bogus websites, email and social media, impersonating senior members of a charity to trick staff into making payments to the fraudsters bank account and also credit card scams.
In January this year the Charity Commission issued a public alert to raise awareness of sham charity appeals after email and social media were used to encourage the public to donate to fake appeals. As these risks become increasingly common, it is important for charities to consider their own practices and look at cyber in risk management exercises.
Tips to manage cyber-enabled fraud
Raise staff awareness of cyber-enabled fraud
Ensure all staff are aware of the risks and know to look out for suspicious websites and emails. Have a process in place to report concerns and remind staff not to click on any links or download files they are not sure are genuine.
Check all payment requests are from a genuine source
Challenge payments made to unknown bank accounts even when requests are made from senior staff, follow up with a phone call to confirm the payment is genuine.
Become familiar with the government’s ‘Cyber Essentials’ Toolkit
Developed by the government and industry experts, the Cyber Essentials scheme provides guidance on the controls you can put in place to mitigate cyber risks.
Report any suspicious activity to Action Fraud
Action Fraud is the national fraud and cyber crime reporting centre that can provide a point of contact if you think your charity has been a victim of fraud or cyber crime. They also have a range of resources available to assist with preventing fraud.
Insuring for the worst
Of course not all fraud risks can be anticipated or prevented, but having an effective insurance policy can help respond to and minimise the financial impact of fraudulent incidents. Fidelity guarantee is an insurance cover that protects against the loss of money or goods arising from dishonest or fraudulent acts by volunteers or employees as well as third party computer and funds transfer fraud.
Wendy Cotton is technical line manager - social welfare at Markel
Civil Society Media would like to thank Markel for its support with this article.
