David Dunsire warns that vigilance against specific types of fraud should not blind you to other risks
This week is Charity Fraud Awareness Week, and it’s an excellent initiative. The plan to highlight different types of fraud each day of the week illustrates the scale of the problem: cyber-fraud, grant fraud, donation and legacy fraud, insider fraud, and risks around moving money.
The latest Annual Fraud Indicator estimated fraud against charities in the UK at £2.3 billion in 2017. Against this backdrop, OSCR’s recent guidance on reducing fraud risks is welcome. Practical and clear in its approach, it helpfully flags up trustees’ requirement to ‘act with a higher level of care than they do with their own finances and affairs’ – something many trustees may not realise.
The guidance is also good on the risks around internal fraud. Too many charities still leave themselves vulnerable to this – having weak or poorly applied financial controls, or placing excessive trust in key individuals.
While I agree with the need for vigilance against internal fraud, this shouldn’t come at the expense of countering external fraud. Bank transfer fraud and mandate fraud have been huge stories in the media this year but other common types include false invoicing; cyberfraud, such as ransoming of data, phishing or hacking attacks; and setting up fake websites with donation links.
That’s just a few of them. For a wake-up call about the many types of external fraud your charity may face, take a look at ActionFraud’s A-Z of Fraud. Of course, by the time you’ve read it, there’ll be new examples you haven’t been warned about. The creativity of fraudsters knows no bounds.
That’s the key point in all this. Rather than look out for specific types of fraud, charities need anti-fraud policies and procedures, financial controls and organisational cultures that are ready for anything.
Charities are not alone in needing all this, but there may be great urgency in their need for it, given the sector’s particular vulnerabilities.
Firstly, financial pressures are squeezing the administrative resources available to prevent or monitor fraud.
Secondly, dependent on volunteers and trustees giving their time for free, some charities are reluctant to embrace the culture of ‘professional scepticism and appropriate challenge’ recommended by the Charities Commission.
Thirdly, the consequences from loss of reputation, future income or morale can go much further than the actual amount lost.
It’s easier said than done to institute anti-fraud policies and a culture of scepticism that encourages transparency rather than distrust. The guidance and advice generally available caters for the entire spectrum of charity types and sizes, so you may need tailored governance advice to develop anti-fraud policies, procedures and training that work for you.
You will also need regular checks to see whether procedures are being applied properly or need updating.
All this may sound laborious, but as too many charities have found out, and as Charity Fraud Awareness Week will highlight, frauds don’t just happen to other people. No charity is too big or too small.
David Dunsire is charities and social enterprises consultant for Lindsays.