Charities 'more exposed than ever' to fraud

Charities are “more exposed than ever” to fraud and need to steal some time to improve fraud risk management, the sector has been warned.

Charity insurance specialist, Ascend Broking, has said the delayed lifting of restrictions on 19 July, as well as reticence to return to work from offices, means charity teams have largely continued to work remotely, increasing exposure to both external and internal fraud.

Ascend Broking’s head of charities, Stuart Belbin, said: “Fraud leads to severe business disruption, in one form or another. It needs to be stamped out and the best way to do that is through a combination of training, heightened awareness, vigilance and reporting. A robust risk management approach encompasses all of these. Charity bosses need to steal some time to develop it, as being unprepared, unaware of the risks or too trusting with regard to colleagues’ actions, can all be a charity’s undoing, causing major issues for its operation, fundraising and ongoing work.”

The insurer suggested that if furloughed staff are now returning to work, fraud refresher training may be necessary and if they will now be working from home, new fraud and cyber risk assessments will be required.

If new employees and volunteers are now joining, pre-employment checks on those individuals are vital and charities should also ensure fraud training is delivered to all new starters.

Regular fraud risk assessments are also recommended, as 26% of charities identified cyber breaches in the 12 months to March 2021 and there were 645 instances of fraud or cybercrime against charities between March and October 2020.

Scams and phishing attempts are the most common, but mandate or CEO fraud, where someone impersonates a manager or someone in authority, requesting transfer of funds into a fraudulent account, is also on the rise. It claims this is becoming easier-to-do thanks to Artificial Intelligence.

The internal threat is seen as just as significant, it’s reported that more than half of charities (53%) know the person that commits fraud against them. Whilst around a third of these internal perpetrators are paid staff, almost the same proportion are volunteers or trustees.

Belbin concluded that all employees require training in cyber crime tactics. Various layers of financial check should also operate, so no one person ever solely governs finance. Having a second payments’ signatory is important and requests to change a payee’s bank details should flag up the need for a verification check.