Guidance

Protect your charity from fraud

Information about fraud, how to spot it and what you can do to protect against it.

Introduction

Like any other sector, charities are not immune to criminal abuse from fraudsters. Fraud poses a serious risk to valuable funds and sensitive data, and can damage the good reputation of charities, affecting public trust and confidence in the sector as a whole.

Fraud is dishonesty, involving either:

  • false representation, for example identity fraud
  • failing to disclose information
  • abuse of position to make a gain or cause loss to another

Fraud is the most reported crime in the UK. According to the Office for National Statistics, an individual in the UK is 10 times more likely to be a victim of fraud than theft. The charity sector is no different.

Fraud statistics

Estimates of the scale of charity fraud in recent years have varied between nearly £150 million and almost £2 billion per year. It is clear that the loss to fraud has a significant impact on the good work that charities do.

Insider fraud

Fraud can come from internal sources (insider fraud), for example by employees and volunteers, or from external sources such as fake emails set up by hoaxers.

You can find out more about preventing insider fraud through this e-learning video on the Fraud Advisory Panel website.

We have also published a research report about insider fraud and how it is affecting charities. The report includes wider lessons, case studies and tips to help you prevent insider fraud.

Reporting fraud

If your charity has been the victim of fraud, it’s important to report it to the relevant authorities. Reporting can help you access essential advice to get your charity back on track, but will also build a clearer picture of the scale of fraud affecting the wider sector.

You should report attempted or actual fraud to Action Fraud or call them on 0300 123 2040.

Action Fraud is a national reporting centre specifically for reporting frauds and has an online fraud reporting service, available 24 hours a day. The website includes an A to Z of fraud types.

Also report serious fraud incidents to us at the Commission, stating what happened and the steps you’re taking to deal with it. Email RSI@charitycommission.gsi.gov.uk

For essential advice on why, what and how to report, see our guidance on reporting serious incidents, which includes a new table of examples and a fraud/theft checklist.

This short e-learning video on the Fraud Advisory Panel website explains why it’s important to speak out and report fraud.

Responding to fraud infographic

Our infographic gives you some top tips on how to respond to fraud when things go wrong. If in doubt, take action and report it.

Responding to fraud when things go wrong

How to protect against fraud

Fraud is a serious problem that you can’t afford to ignore. Charities can, and should do more, to be fraud-aware.

Charity trustees have a duty to manage their charity’s resources responsibly and ensure that funds are protected, applied and accounted for.

With a total annual income of over £69 billion, the charity sector is vulnerable to fraud and financial crime. It’s essential that trustees put in place suitable counter-fraud measures – even small changes can help protect charities from harm.

It’s vital that all money given to charities is used for legitimate and lawful purposes.

You can watch this YouTube video to help you spot the signs of fraud and scams.

Spot the warning signs of fraud and scams - Operation Signature

Financial fraud

Fraud and financial crime is one of the most common types of abuse for charities. These are highlighted in our tackling abuse and mis-management reports.

Charity trustees can avoid basic mistakes and make sure their charity is well protected by:

Some charities, such as shops or trading outlets, have a higher risk of financial loss or falling victim to fraud, due to the nature of their activities.

If your charity relies upon cash-based fund raising, it may be more vulnerable to opportunist and organised fraudsters. For advice on protecting your charity from fraud and financial crime, see Chapter 3 of the Charity Commission’s Compliance Toolkit.

Charities should take a proactive approach to reducing fraud risk by following best practice advice and practical tips, such as those outlined in Charity Finance Group’s Countering Fraud Manual (PDF, 858KB, 35 pages) .

The Fraud advisory Panel website has useful e-learning videos to help you prevent:

Counter fraud best practice: templates for charity trustees

We have a developed a range of best-practice templates for you to use when protecting your charity against fraud. All of the following can be adapted to suit the needs of your charity:

Anti Fraud and Corruption Policy (MS Word Document, 48.3KB)

Anti fraud policy 1 (MS Word Document, 45KB)

Anti fraud policy 2 (MS Word Document, 18.7KB)

Fraud investigation plan (MS Word Document, 24.9KB)

Quick guide to investigative interviews (MS Word Document, 28.2KB)

Terms of Reference for investigations (MS Word Document, 25.8KB)

Whistleblowing policy template (MS Word Document, 17.4KB)

Counter fraud questions infographic

Our infographic highlights the questions you should be asking to help protect your charity against fraud.

10 questions trustees should ask...

Cyber fraud

The risks to your charity from cyber-fraud are increasing all the time. It’s a huge problem, which all organisations need to be aware of and guard against. Around 70% of all fraud is now committed online and it has been described as ‘the crime of our times’.

Cyber crimes can be quite complex and difficult to detect, often involving data breaches or identity fraud. It’s important that you consider how best to protect your charity’s valuable assets from harm online.

For advice on guarding against cyber-crime visit the following websites:

The Cyber aware website has an online assessment tool so you can check how cyber secure your charity is. Advice and guidance is provided after the assessment to help you meet the standard. You can also download Cyber Essentials documents to help you put essential security controls in place.

For an insight into the mindset of cyber hackers, you can read about the human side of cybercrime in the journal ‘Nature’.

You can learn more about protecting your charity against cyber fraud in this e-learning video on the Fraud advisory Panel website.

Taking a few simple actions today is a good start - you don’t need to be a technology expert to protect your charity.

Cyber security research

The Department for Digital, Culture, Media & Sport has carried out research with UK registered charities to explore their awareness, attitudes and experiences around cyber security.

This is part of the government’s National Cyber Security Strategy which aims to make the UK the safest place to live and work online.

You can read the cyber security in charities research on the GOV.UK website. This will help you to review and assess your cyber security processes, to help keep your charity safe.

Get help if experiencing a live cyber-attack

Action Fraud has launched a 24/7 live cyber-attack helpline. In the event of a live cyber-attack, this helpline gives access to specialist advisors who can offer advice and support to charities or other organisations in reporting the attack. These reports are immediately sent to the National Fraud Intelligence Bureau (NFIB).

To prevent cyber criminals from operating, the NFIB will then assess whether there are any websites, bank accounts or phone numbers that can be closed down. The reports are also sent to the relevant law enforcement agency for investigation if necessary.

Regulatory alerts about fraud

We publish timely alerts and warnings to inform trustees about particular risks or vulnerabilities which could affect charities and their operations.

You can read our most recent alerts issued about fraud:

Organisations that combat fraud in charities

The following organisations carry out vital work to help combat fraud in charities.

Many of these belong to the ‘Charities against Fraud’ coalition, which is a cross-sector group of nearly 40 organisations who work together to fight fraud in charities.

Regulators

Charity Commission for England and Wales

Registers and regulates charities in England and Wales, to ensure that the public can support charities with confidence.

Office of the Scottish Charity Regulator

The independent regulator and registrar for Scottish charities, supporting public confidence in charities and their work.

Charity Commission Northern Ireland

The independent regulator of charities in Northern Ireland, ensuring charities meet their legal requirements and obligations.

The Fundraising Regulator

The independent regulator of charitable fundraising, established in 2015 to strengthen the system of charity regulation and restore public trust in fundraising.

Information Commissioner’s Office

Upholds information rights in the public interest, promoting openness by public bodies and data privacy for individuals.

National Trading Standards

NTS Scams team provides advice and guidance to charities to ensure that charities and their donors are protected from fraud.

Police and crime prevention

Action Fraud

The National Fraud Intelligence Bureau (NFIB) sits alongside Action Fraud within the City of London Police, which is the national policing lead for fraud.

Operation Signature

Operation Signature (West Sussex Police) is the force campaign to identify and support vulnerable victims of fraud within Sussex.

Operation Falcon

FALCON stands for ‘Fraud and Linked Crime Online’ and is part of London’s Metropolitan Police Service.

Sector organisations and initiatives

Fraud Advisory Panel

The Fraud Advisory Panel is an independent voice of the counter-fraud community. It champions best practice and works to improve fraud awareness, and build sector resilience.

Get Safe Online

Get Safe Online is a public/private sector partnership supported by HM Government and comprising leading organisations across banking, retail, internet security and other sectors. It provides factual and easy-to-understand information about online safety.

Credit Industry Fraud Avoidance Service (CIFAS)

CIFAS is a not-for-profit organisation working to protect businesses, charities, public bodies and individuals from financial crime.

Small Charities Coalition

A national umbrella and capacity-building organisation with over 7,000 members UK-wide. It helps trustees, staff and volunteers of small charities access the skills, tools, and information they need.

Foundation for Social Improvement

Builds and shares knowledge across the sector, representing small charities with policy makers and the public. FSI provides vital leadership and supports small charities to raise funds to serve their beneficiaries.

Charity Finance Group

CFG champions best practice in financial management within the charity and voluntary sector. It provides guidance to its charity members and the wider sector at large on the best practice for countering fraud.

UCL

The Information Security Research Group at UCL works to understand how people become victims of cybercrime, and to identify realistic measures they can take to protect themselves.

Government departments and agencies

National Cyber Security Centre (NCSC)

The NCSC is the official government lead on cyber security. Its stated mission is to make the UK the safest place to live and do business online. It has a division which is directly responsible for charities and the wider public.

DCMS

The Department for Digital, Culture, Media & Sport helps to drive growth, enrich lives and promote Britain abroad. It protects and promotes cultural and artistic heritage, helping businesses and communities to grow. It also plays a vital role in making Britain a safe place to be online.

HMRC

HM Revenue & Customs (HMRC) is responsible for administering the UK’s tax system, including the management and reduction of risks to tax revenue. HMRC’s compliance and enforcement work includes tax fraud (where the law has been broken) and tax avoidance (where rules of the tax system have been misused to gain a tax advantage, but not illegally).

Published 10 October 2016
Last updated 2 March 2018 + show all updates
  1. Updated the cyber-security section with a link to the new NCSC guidance for charities.
  2. A responding to fraud infographic has been added to the 'Reporting fraud' section of the guide.
  3. Cyber-fraud section has been updated to include details about Action Fraud's 24/7 live cyber-attack helpline.
  4. Added a series of links to e-learning videos to help you prevent different types of fraud.
  5. Guidance has been updated to help you protect your charity against fraud.
  6. First published.