With a total annual income of over £69 billion, charities have always been a popular target for fraud and financial abuse. However, with the rise of digital technology, a sharp increase in the number of fraud cases rocking the non-for-profit sector has taken place, having a seismic impact on a diverse range of charity organisations.
Just last year, for example, Bury Hospice lost just over £235,000 when fraudsters pulled off a sophisticated telephone banking scam. Similarly, Highland Hospice lost a staggering £500,000 in a ‘vishing & spoofing’ fraud case.
In 2017, the Annual Fraud Indicator revealed the staggering presence of fraud in the non-for-profit sector, with incidents of fraud rising by £400m over the year, costing charities approximately £2.3bn. Advances in technology, outdated systems, unskilled staff and weak financial controls were identified to as key contributing factors in this unprecedented increase. No matter how you frame it, it’s clear that charities can no longer afford to ignore the issue.
Between October 22nd and October 25th, the international community celebrates Charity Fraud Awareness Week, celebrating 20 years of fighting fraud, and supporting NFP’s globally. Tackling fraud requires an ongoing commitment, but identifying the key risks and understanding good counter-fraud practices are both sure fire ways to avoid becoming the next headline on the red tops
Telephone & Online Banking Fraud
Data from the Annual Fraud Indicator shows that fraud affecting charities accounts for 1.2 percent of total fraud in the UK. Naturally, criminal opportunities born from new technology-driven solutions have grown steadily alongside our digital evolution, with online banking fraud having grown by 226 per cent and telephone banking fraud by 178 per cent in the past year. In the case of Bury Hospice, fraudsters contacted one of the hospice’s major suppliers using their bank’s telephone number on the caller display.
Of course, scams such as these can be prevented – in fact, when Bolton Hospice was targeted with the same scam the very next day, the charity did not fall victim to the crime thanks to an increased level of vigilance from staff and robust financial control systems.
Not all cases of fraud come from external sources: unfortunately, employees as well as high-ranking members of staff within third sector organisations are often found to be conducting fraudulent activity for their own financial gain.
2017 saw the amount of payroll fraud incidents in the third sector rise by £4m to £990m, making it one of the fastest growing type of fraud in the industry. According to The Association of Certified Fraud Examiners, payroll fraud can be described as “any scheme in which an employee causes his or her employer to issue a payment by making false claims for compensation.”
This can range from falsified timesheets of employees to accountancy staff taking advantage of their access to the payroll system to give themselves bonuses. A recent victim of payroll fraud, the British Red Cross lost £360,000 in the space of two years, a sum of money that payroll manager Mary Booth embezzled from the charity during her time in the role.
Mitigating the risk of payroll fraud demands trustees to enforce strict processes and protections within this area of the business: this could mean executive approval of all pay checks and bonuses, manager approval of timesheets or the addition of sophisticated technology that requires a unique employee passcode to be entered when clocking in.
In 2017, the NHS and several other world-renowned organisations had their internal systems compromised by the WannaCry ransomware virus. The virus took control of their data, allowing cybercriminals to hold the organisations to ransom for staggering sums of money. It may seem easy to prevent, but it’s the level of sophistication in these attacks that leads innocent employees within organisations to inadvertently grant a criminal access to sensitive financial information.
Ransomware can be delivered in various ways; for example, via attachments in authentic looking emails purporting to be from legitimate, trusted companies It may have gone under the radar in the news cycle, but many charities worldwide also fell victim to this virus, serving to prove that there are no boundaries to the dangers that cyber-criminal groups pose.
Keeping staff up to date with data security, internet safety and up to date systems are not measures that third sector organisations should ignore: raising and sustaining awareness on the growing cyber-threat is critical in establishing best practice throughout the workforce.
For information on what you need to do to protect your charity, contact us on firstname.lastname@example.org