Charity Fraud update
The Charity Commission has released the results of a research exercise in which over 3,000 charities took part. The subject was fraud awareness, resilience and cyber security. For a topic that seems to crop up all too frequently, it is perhaps surprising that the study carried out suggests that many charities are not doing the very basics to protect themselves.
It is not a matter of charities being unaware of the threats, in fact a large percentage of charities (85%) think they are doing all that they can in terms of prevention. The Commission says that here lies the problem: charities are not recognising their own vulnerabilities, and this poses a threat to charity funds and confidence in the sector. As part of this study, the Commission have suggested steps to think about when protecting charity funds:
- introduce and enforce basic financial controls (for example have at least two signatories to bank accounts and cheques, undertaking regular bank reconciliations);
- make sure no one single individual has oversight or control of financial arrangements – effective segregation of duties is a crucial method of preventing and detecting fraud; and
- encourage staff, volunteers and trustees to speak out when they see something, they feel uncomfortable about.
The steps above all relate to the internal functioning of a charity because the study showed that perpetrators of fraud are very likely to be someone known to the charity. However, there are many other steps that charities can take to prevent insider fraud, including:
- ensuring you have a work place culture that makes known that fraud is never acceptable, this means it is a subject that is clearly explained to employees and built into the charity’s anti-fraud, bribery and corruption policies and training;
- offering employees support if they are in difficulty (a common cause of fraud); and
- sharing knowledge with other organisations to avoid fraudsters hopping between jobs.
Cyber security is another threat that charities need to be more aware of, as statistics suggest that one in five charities were targets of cyber-attacks in the last year. Fraud tends to be the most common type of cybercrime, however cyber threats go beyond fraud alone and can include virus, malware and cyber attacks that can risk charities’ data. The Commission’s research study found that only 29% of charities reported cybercrimes to the police. The Commission recognises that the challenges faced by fraud are often related to cyber security and so have worked with the National Cyber Security Centre (NCSC) to develop cyber security guidance relevant to charities of all sizes, accessible here.
Here are some simple ways in which we think you can improve cyber security within your charity:
- Back up data regularly, especially important files. It is wise to use an external hard drive, online storage provider or memory stick, to attempt to limit the impact of malware infection.
- Educate staff regarding cyber-crime, as employees are often the ones that create security breaches by clicking on links or emails that they are uncertain about. Training on how to spot if something doesn’t look right can help to prevent security breaches. Initiatives such as International Charity Fraud Awareness Week (which took place recently between 21 and 25 October 2019) try to bring about more awareness of the risks and how to prevent them. Getting your charity involved can help raise awareness.
- Keep smartphones safe by developing a policy on how to use them.
- Use strong passwords and change passwords regularly, as well as not using the same password for different sites.
Contact our charity law experts today
For more information on how we can support your charity, social enterprise or other organisation, please contact one of our charity solicitors today on 01895 207862 or email firstname.lastname@example.org. Alternatively please visit www.ibblaw.co.uk/service/charities.
Contact our office
Make an enquiry