02.28.2024 | Linda J. Rosenthal, JD
Averting Charity Fraud: Tips and Actions
Late last week, in the third post of our four-part series on Charity Fraud Awareness Week 2023 (November 27 – December 1), we reviewed the just-released 2023 Charity Fraud Report by sponsors BDO UK and the Fraud Advisory Panel. See New Charity Fraud Awareness Survey 2023 is Out (November 30, 2023).
The Week’s festivities kicked off on November 27th with an in-person conference in London. Eight years ago, the sponsors began this #StopCharityFraud campaign as a U.K. event, but it has since expanded globally to include the participation in, and support by, charity regulators from around the Commonwealth and the United States. See also: Charity Fraud Awareness Week Begins November 27th (November 21, 2023) and Charity-Fraud Learning Opportunities This Week and Beyond (November 27, 2023).
Among the key takeaways in the Report is the need for continued – indeed, heightened – vigilance against this critical danger to the charitable community and the general public. Charity fraud is a huge problem that is morphing regularly by creative con artists who seem always to be one step ahead of the organizations they victimize.
A Huge and Growing Problem
“This year’s Charity Fraud Report underlines the need for charities of all sizes to cooperate in the fight against the threats posed by fraud….” And it “shows that we are now looking at the issue of fraud through new and increasingly complex lenses….”
Cyber crime is a huge and growing problem, but it’s not the only – or the primary – danger spot. While “… the majority of charities perceive cyber-related fraud to be the biggest risk over the next 12 months,” it is “… only the third most common overall fraud.”
“Conversely, only 7% of charities considered misappropriation of assets or cash to be a significant risk in the future, yet this is by far the most common type of fraud in the past year.” For 2023, some “42% of respondents reported misappropriation of cash or assets as the most common type of fraud experienced over the year, followed by staff expenses fraud, with 35% of respondents.”
In addition – and correlating with the actual rather than perceived top-ranked category of charity fraud – respondents acknowledged that “… 50% of detected frauds were perpetrated by staff members, volunteers, or trustees ….. That astonishing figure is more than double the number – 23% – of frauds “… perpetrated by a person with no connection to the charity.”
Top Tips for Preventing Fraud
The key message of the 2023 Charity Fraud Awareness Week (and the results of this year’s Fraud Awareness Survey) is the need to understand the current and evolving dangers, to “raise awareness amongst staff, volunteers and trustees,” and be “proactive and continually monitor new trends and your responses to them so you know what you are up against. And finally, have a plan so that you are prepared, should the worst happen.”
To that end, the authors include at the end of the 2023 Charity Fraud Report several pages of advice and tips; first up is “Top tips for preventing fraud” at pp. 20-21.
This section opens with a reminder that 2023 saw “an increase in the volume of reported frauds and financial losses….: “[F]raud is an inherent risk that is not going anywhere.” It requires a “renewed emphasis and focus on counter-fraud measures, including investment in fraud risk management.”
Survey respondents had acknowledged that they were not necessarily the victims of a single instance of fraud. Several reported they had experienced multiple – and different types of – incidents during the year. That’s just one of the reasons that anticipating fraud and trying to avert it is “exceptionally challenging.”
The “top tips” section is a combination of broad-brush recommendations along with discrete tasks. There are seven subsections, correlating with the major types of fraud reported in the most recent years: Insider Fraud, Payment Diversion Fraud, Cyber Fraud, Expenses Fraud, Donation Fraud, Grant Fraud, Procurement Fraud.
The first topic, Insider Fraud, illustrates this approach with its six points:
- “Conduct thorough hiring processes that include due diligence, background checks and checking references (from junior members of staff up to senior executive level)
- Perform rigorous agency checks – you might also want to consider the types of roles that are suitable for temp employees and permissions (ie. access to key systems or bank accounts)
- Have a clear whistleblowing policy through which members of staff, volunteers and trustees can confidently report concerns
- Carry out exit interviews to understand the real reason that someone might be leaving the organisation
- Perform a thorough risk assessment to identify any new weaknesses which have arisen because of hybrid working and put a plan in place to mitigate those risks
- Consider offering financial and mental health well-being sessions, whether through an independent party or simply a conversation with colleagues (ie. with a manager or HR team).”
Some of these points involve major undertakings; for instance, revamping an organization’s hiring practices for all employees from top to bottom (to screen out possible future wrongdoers) is no small task.
Similarly, performing a “thorough risk assessment to identify any new weaknesses which have arisen because of hybrid working” presupposes that each organization already has in place a comprehensive risk-assessment process. That’s unlikely to be the case, particularly for small and mid-size nonprofits.
“Given that nonprofit-focused fraud schemes aren’t going out of style anytime soon, organizations must have an operational, concrete fraud risk assessment process in place….” according to Matt Duvall, CPA, in The Importance of Assessing Fraud Risk for Nonprofits (October 23, 2023) Marcum LLP. He adds: “The goal of a fraud risk assessment is to identify and rectify the vulnerabilities and gaps in internal control systems that could leave the organization exposed to both financial and reputational damage. Developing a proper fraud risk assessment requires input from all members who have a hand in managing the organization’s finances, from the board of directors to the staff accountant.”
And a point about whistleblower policies: Over the years, we’ve written quite a few posts on their importance, beginning with Whistleblower Policy for Nonprofits (August 13, 2015). The data in the 2023 Charity Fraud Report (based on the 2023 Charity Fraud Awareness Survey) underscores that the true and alarming level of insider fraud is widely misperceived even by charity staff like finance directors who are directly tasked with knowing about these dangers. We’ll update this whistleblower-policy topic soon.
Fraud Response Plan
Following the “Top tips” pages is a “template” (on page 22) for a “fraud response plan,” described by the report authors as “an essential checklist to ensure that charities are prepared, should the worst happen.” After all, when “the worst happens” – that is, the discovery of the fraud – the fallout is often immediate and severe.
Trimmed down just a bit, this checklist is:
- Establish a Fraud Response Group (with contact details); report all allegations of fraud to that Group. Establish a “safe list” if others brought into the Group and brief on confidentiality;
- Establish a list of other relevant external parties: (e.g., banks, auditor, legal counsel, police, etc.)
- Secure access to key systems, bank accounts and other assets, as appropriate
- Carry out searches (in accordance with law) to secure information and documents, including assets (laptops, mobile phones etc) and other evidence (emails, chat etc).
- Investigate – prepare fraud investigation strategy and timetable. Revisit and amend the strategy as the case develops. Keep key stakeholders up-to-date. Involve external experts as required. Do not limit the investigation – there may be multiple types of fraud
- Take appropriate action and recovery (e.g., civil, criminal, internal disciplinary, team restructuring)
- Case closure, follow up and review including prepare report for Board/Audit committee (e.g., details of fraud, actions taken, outcomes, follow-up action, lessons learned). Review reasons for loss and prevent reoccurrence (e.g., risk assessment, training, implement additional controls). Quantify the loss
- Manage reputation and PR. Manage internal communications (i.e., manage morale)
- Learn from the incident and move on.
Another highly recommended course of action in these final pages of the 2023 Charity Fraud Report is adoption of an anti-fraud policy.
That, of course, is fodder for a separate future post. In the meantime, take a peek at co-sponsor Fraud Advisory Panel’s sample Anti-Fraud Policy. See also, for instance, the Sample Fraud Policy by the Nonprofit Risk Management Center.
– Linda J. Rosenthal, J.D., FPLG Information & Research Director