True level of fraud within the sector is at least £150m per year

As we find ourselves in the midst of Charity Fraud Awareness Week (CFAW), this is an ideal time for third sector organisations to take a close look at their operations to ensure they have appropriate systems and safeguards in place to reduce the risk of fraud.

According to the Charity Commission, acts of fraud affecting charities are often committed from within. The group says that in cases where the fraudster was identified, 29% of these acts were carried out by paid staff, with trustees and volunteers committing 28% and beneficiaries 13%.

Last year the commission released new figures showing that charities had reported almost £8.6 million in lost funds. This was the result of 1,059 separate incidents of fraud that were reported by third sector organisations. The pandemic is also considered to have increased incidences of fraud, and changes in working practices without appropriately revised financial controls have heightened the risk of cyber related crime.

There are countless examples of high-profile cases being reported in the media including the story of the former Autism East Midlands employee who was jailed earlier this year after admitting to spending nearly £150,000 of the charity’s funds on private holidays and days out.

As alarming as the stats and stories behind them may seem, the commission believes this is only the tip of the iceberg as many charities are reluctant to report such incidences due to the associated negative publicity. It estimates that the true level of fraud within the sector is at least £150m per year and could be significantly higher. Whatever statistics you apply, there is little doubt of the severity of the problem which has the prospect of getting even worse within an increasingly digitalised sector.

As charity advisers, we have in-depth experience working with clients to highlight some of the key potential fraud risk factors they might face. Supplier payment fraud, where bank account details are changed to channel money to an individual or group rather than a bona fide supplier, is common, as is amending personal bank account details to redirect salary payments. Other examples include double counting of expenditure on restricted funds being reported to funders, the raising of fictitious invoices as part of an insurance claim in collusion with a third party, and ransomware.

The responsibility for addressing fraud, including internal fraud and cybercrime, sits firmly with a charity’s board of trustees who are legally bound to understand where their organisation is vulnerable and effectively manage any identified risks. The charity is also liable for regulatory penalties for cyber or data breaches, and the Information Commissioner’s Office has increasingly applied fines to charities of all sizes.

CFAW is all about raising awareness and sharing good practice in tackling fraud and financial crime. If in doubt, scrutinise and review practices to protect your organisation, and take advice if you need an objective opinion.

Euan Morrison is head of charities at Chiene + Tait Chartered Accountants.