Over half (53%) of charities affected by fraud over the past two years knew the perpetrator, according to new research into the fraud and cybercrime risks facing charities.
The research suggests over a third of those committing fraud were the charity’s own staff members; trustees and volunteers together were responsible for 28%; beneficiaries were identified in 13% of known frauds.
The Commission says charities can be at particular risk of insider fraud, because they often rely excessively on goodwill and trust in single individuals.
The findings are based on the largest-ever survey of charities’ attitude towards fraud and cybercrime, commissioned by the charity regulator, the Charity Commission and in partnership with the Fraud Advisory Panel, and are launched on Monday 21st October and Wednesday 23 October 2019.
While there is no evidence that charities are at greater risk of fraud or financial crime than other types of organisation, the risk of fraud in charities appears to be growing, costing the sector millions – and potentially billions – of pounds each year. The potential impact of this on the reputation of charity and charities’ ability to deliver maximum benefit in pursuit of their causes cannot be ignored.
Gap between awareness and action on fraud
The new research indicates that charities are increasingly aware of the wider risk of fraud. Over two thirds of charities (69%) think fraud is major risk to the charity sector and insider fraud is recognised as among the greatest threats to charities.
But the findings show that charities are not always recognising how vulnerable their own organisations are, and are not consistently putting basic checks and balances in place:
- over a third (34%) think their organisation is not vulnerable to any of the most common types of charity fraud;
- 85% of charities think they’re doing everything they can to prevent fraud, but
- almost half don’t have any good-practice protections in place.
The Commission is concerned about this gap between awareness and practical action because it poses a threat to a charity’s ability to deliver for beneficiaries if donors cannot be confident in charities’ stewardship of the money it receives. The Commission is calling on charities to take simple steps, including to:
- introduce and enforce basic financial controls [ e.g. having at least two signatories to bank accounts and cheques, undertaking regular bank reconciliations]
- ensure no one single individual has oversight or control of financial arrangements; effective segregation of duties is a crucial method of preventing, and detecting fraud.
- encourage staff, volunteers and trustees to speak out when they see something they feel uncomfortable about.
Helen Stephenson CBE, chief executive of the Charity Commission, says it is vital that the regulator helps charities tackle fraud effectively:
We want to help charities maximise the positive impact they have in the lives of those they exist to serve, and in society as a whole. Preventing and tackling fraud against charities is a vital part of that.
While the majority of those involved in charity are honest, passionate, and committed, charities can unfortunately be vulnerable to exploitation and abuse by those intent on personal gain. And when a charity does fall victim to fraud, more is lost than money. Fraud can have a hugely detrimental impact on morale in a charity, and on public trust.
The good news is that it’s possible to disrupt and prevent fraud, if charities put basic measures in place. That starts with charities acknowledging that they’re vulnerable to abuse and being determined to prevent people taking advantage of their good name and the generosity of those who support their cause. We therefore applaud charities that are open about the steps they’re taking to identify and tackle fraud and call on all charities to put protective steps in place to keep their charity safe from harm. Zero tolerance of fraud is an important element of sound financial stewardship which is vital to public trust and confidence in charities.
The steps we are recommending are simple because we know that smaller charities in particular don’t need or want lots of bureaucracy – just the tools they need to deliver as much benefit as possible.
Growing risk of cybercrime against charities
The new research indicates that charities are increasingly aware of the risks of cybercrime, which is a term that describes crimes that exploit or attack a charity’s digital presence, data or systems, such as phishing and malicious emails, hacking and extortion.
The survey shows that more than half (58%) of charities think cybercrime is a major risk to the charity sector and almost a quarter (22%) believe cybercrime is a greater risk to the charity sector than other sectors. Larger charities are generally more likely to appreciate the risk of cybercrime and take action to prevent it.
Helen Stephenson said:
Charities, like other organisations, rely increasingly on digital technology to deliver on their purposes. It is therefore vital that charities take reasonable steps to strengthen their systems against those intent on causing harm. Protecting a charity in this area is not just about systems or financial assets, but also about people: charities hold sensitive data on beneficiaries, staff and volunteers, and have a responsibility to keep that data safe.
I hope the findings of our research, and the tools we and others have made available to charities, help trustees and other leaders in charities of all sizes protect their organisations against the key risks.
Case study: leading the fight against fraud – Macmillan Cancer Support
Since establishing its dedicated resource for counteracting and better protecting itself against fraud in 2015, Macmillan Cancer Support has recovered nearly £400,000. In addition to an award-winning specialist counter-fraud team, who investigate and resolve fraud cases, the charity has introduced robust fraud reporting processes and has rolled out counter-fraud training to frontline staff. Guidance on spotting and reporting fraud is available to all staff and is regularly featured in internal news and updates.
Bob Browell, Counter-fraud manager at Macmillan Cancer Support says:
“Macmillan relies almost entirely on public donations to provide vital support for the growing number of people living with cancer in the UK and the money we have been able to recover will make a huge difference. Any pound lost to fraud is a pound too many and our vital counter-fraud processes enable us to identify, prevent and stop fraud quickly and effectively.”
New pledge to help charities tackle fraud
Alongside the findings of the surveys, the Commission is launching a new pledge designed to help charities protect themselves. All charities, regardless of size or type, are encouraged to adopt ‘Tackling Charity Fraud - Eight Guiding Principles’, a collective mission statement which the Commission has developed in partnership with the Fraud Advisory Panel. The pledge is also endorsed by international charity regulators from USA, Australia, New Zealand, Scotland and Northern Ireland.
Notes to Editors:
- The two reports, Preventing Charity Fraud and Preventing Charity Cybercrime are available to download on GOV.UK.
- Red flags for insider fraud include people being:
- All Fraud Awareness Week campaign materials, including free webinars and help sheets, are available on the new Fraud Awareness Hub.
- The National Cyber Security Centre and the Charity Commission have worked together to develop several resources relevant to charities of all sizes. Cyber Security: Small Charity Guide - This guide provides simple, free or low-cost steps to improve cyber security. The Board Toolkit - Relevant for larger charities, this guidance helps boards and senior managers understand cyber security from a governance perspective, making it easier to have productive conversations with technical colleagues.