We all learn from our mistakes, but perhaps it’s better if we can learn from the mistakes of others without having to experience them ourselves first hand. Two major frauds involving charities have been in the news recently.
The first involved the British Society of Echocardiography, where the charity’s finance officer stole over £200,000 of the charity’s funds to support his gambling addiction. For a charity with incoming resources of £926,760 according to its latest accounts this is a considerable sum of money. Following conviction the finance officer was sentenced to three years in prison.
A similar sentence was handed down to a former manager at the charity Autism East Midlands who stole more than £145,000 from her employer over a seven year period, spending the money on holidays for friends and family, electrical goods, days out and concert tickets. The fraud involved the creation of false invoices and fabricating the number of hours delivered to local authorities resulting in them being overcharged.
What both of these instances have in common is the level of trust placed in a single individual in a small charity, without adequate controls in place to prevent and detect fraudulent activity.
The actual level of fraud in the charity sector according to the latest data published by Action Fraud showed 1,059 separate incidents reported by charities during the year to March 2021 with over £8.5 million of funds being lost. Much of this will have arisen as a result of payment diversion fraud and the National Crime Agency (NCA) has recently repeated its warnings in this area, producing a one page summary setting out the warning signs that charities may find useful in highlighting the issue across their organisation.
Separately, the National Cyber Security Centre (NCSC) has developed a free online training tool for small organisations and charities to guide users through the actions that need to be taken to reduce the likelihood of becoming a victim of the most common cyber attacks.