In 2017 the Annual Fraud Indicator estimated that charity fraud costs the sector £2.3 billion a year. A figure that has now risen to £2.5 billion in the 2019 report...
Unfortunately this indicator doesn’t include potential funds meant for the third sector that are sent elsewhere – the impact of the “fraud of diversion” is a figure that hasn’t been quantified, meaning the £2.5 billion is likely on the conservative side.
So what are the common ways that Charites are subjected to fraud?
- Ransomware is where weaknesses in a charities network is exploited by cyber criminals. Hackers use ransomware to access data and hold it to ransom.
- Shoplifting from charity shops is also considered an easy target and not just from the general public but staff and volunteers.
- A more traditional method of fraud occurs from the inside of a charity, where money transfers are made to personal bank accounts on the back of fraudulent invoices.
- Also from the inside, but where the inside is the innocent party, is the increasingly prevalent 'push payment' scams. Criminals encourage and convince employees to send money to them by pretending to be from within the organisation and make an instruction to pay someone or pretend to be from a legitimate supplier and requesting payment.
- Then there are those frauds where the funds fail to make it into the charity – the “fraud of diversion”. This is where money intended for a charity is sent elsewhere and is a method of fraud that is also on the increase, for example via the impersonation of charity fundraisers.
The one thing we do know for sure about charity fraud is that it is ever-evolving and developing. Just when we think we have put the controls in place to protect ourselves there comes something new to fight against.
But what can we do to protect charities?
It is crucial to be vigilant and educate staff, trustees, volunteers and benefactors to the potential risks. Internal controls are also essential but these also need constant review and refining. Technology is our friend and enemy, you need to ensure controls evolve with technology; remember how you had two signatories on the cheque book? That control is useless in today’s world of online payments!
Finally consider insurance. While prevention is the best policy, adding in an extra layer of protection may be of great benefit should a fraud occur.