Fraud in the charity sector: the role of trustees
Following Charity Fraud Awareness Week 2021 [1] , we felt it important to provide guidance about the role of Charity Trustees. A trustee of a charity is a custodian of that charity and legally responsible for the proper use of charity funds. They have legal duties under charity law to safeguard charity assets. In circumstances where the charity sector is seeing an increase in fraud, it is therefore, becoming even more essential for trustees to take steps to protect their charity and its assets from fraud.
Summary
- Fraud against charities has risen considerably as a result of the COVID-19 pandemic.
- Trustees are legally responsible for the proper use of charity funds.
- Now, more than ever, charities need to raise awareness of the most common types of fraud and ensure procedures are in place and are fit for purpose given the changing landscape brough about by the pandemic.
- Charities are at particular risk of internal fraud as a result of the high degree of trust operating within charitable organisations.
- It is important for trustees to be engaged with the charity helping to develop a strong ethos and culture where everyone feels part of the same team.
Fraud in the charity sector
According to the latest data from Action Fraud, almost £8.6m has been lost to fraud in the charity sector in the last financial year. [2] The same data recorded 1,059 separate incidents of fraud reported by charities in one year from April 2020 to March 2021. The true figure is likely to be much higher as fraud is generally under reported.
More generally, England and Wales saw a 19.8% increase in fraud as a result of the pandemic. [3] According to research undertaken by Ecclesiastical Insurance, a third of charities suffered a cyber-attack during the coronavirus pandemic. And yet, despite a huge shift to remote working in the sector, almost half (45%) had not taken any steps at all to increase protection for staff working from home.
[1] https://preventcharityfraud.org.uk/
[2] https://www.gov.uk/government/news/take-action-on-fraud-regulator-warns-charities-as-new-figures-show-over-8-million-reported-lost-to-crime-last-year
[3] Report by Crowe and University of Portsmouth – “The financial cost of fraud 2021” https://f.datasrvr.com/fr1/521/90994/0031_Financial_Cost_of_Fraud_2021_v5.pdf
Trustee’s duties
A trustee has six main duties and these are:
- Ensure your charity is carrying out its purposes for the public benefit
- Comply with your charity’s governing document and the law
- Act in your charity’s best interests
- Manage your charity’s resources responsibly
- Act with reasonable care and skill
- Ensure your charity is accountable
Fraud prevention comes under the duty to manage your charity’s resources responsibly. The Charity Commission guidance states that in order to comply with this duty it is vital that trustees implement appropriate financial controls and manage risks. The guidance goes on to explain that trustees who act in breach of their legal duties can be held responsible for consequences that flow from such a breach and for any loss the charity incurs as a result.
When the Commission looks into cases of a potential breach of trust or duty or other misconduct or mismanagement, it may take account of evidence that trustees have exposed the charity, its assets or its beneficiaries to harm or undue risk by not following good practice. Therefore, it is essential that trustees ensure that adequate governance and controls are in place to minimise the risk of fraud. The onus is on avoiding exposing the charity’s assets to undue risk.
The Commission’s guidance on risk management sets out the basics of dealing with risks and includes a risk management model, made up of the following steps:
- Establish a risk policy.
- Identify risks (what could go wrong).
- Assess risks (how likely is it, and how serious would it be).
- Evaluate what action to take (eg avoid it, transfer it, insure against it, accept it).
- Review, monitor and assess periodically.
Prevention is better than cure
A 2019 report entitled ‘Preventing Charity Fraud – Insights & Action’ [4] suggested that 8 out of 10 frauds are identified as a result of financial controls at the charity, by audit or whistleblowing. (Only 1% of frauds were identified by bank notification.) The same report identified that charities who have suffered fraud typically go on to review financial and internal controls, or their physical security.
Clearly, it would be ideal to put the financial controls and policies in place before falling victim to fraud. However, in 2019, less than a third of charities had a whistleblowing policy, and less than a tenth of charities had a fraud awareness training programme.
Raising awareness of common types of fraud affecting charities amongst staff, trustees and volunteers is one of the best ways of tackling fraud. One of the most common frauds affecting charities is mandate/CEO fraud. This is a type of social engineering which involves the impersonation of legitimate organisations that the charity deals with, or senior executives within the charity itself. Such fraud is usually perpetrated through the use of hoax emails. Staff awareness training will assist in stopping such fraud in its tracks by helping staff to identify hoax emails and ensure that extra checks are taken when staff are asked to change protocol, provide information or make unusual payments.
The 2019 report identified that in relation to fraud in the charity sector, only 14% of fraudsters had no previous connection to the charity. This indicates a high prevalence of internal fraud. Charities are at particular risk of internal fraud as a result of the high degree of trust operating within charitable organisations. The risk of internal fraud has increased significantly during the pandemic and will remain a significant risk as long as remote working continues. Charities therefore need to revise and enhance their financial policies and protocols in light of remote working to ensure that such procedures are fit for purpose in the “new normal”. Additional authorisation and spot check auditing are just a couple of ways that financial procedures can be made more robust. Technology can be utilised to provide monitoring of financial transactions and internal communications. The use of online payment systems rather than cash or cheques is also advisable. A strong whistleblowing policy is essential to allow for staff members to report suspicions or concerns without fear of retribution.
It is important for charities to establish and encourage staff loyalty. One of the ways they can do this is by creating a strong ethos and culture where everyone feels part of the same team. It is important for the board of trustees to be fully engaged with the charity to ensure the right culture filters from the top down.
[4] https://assets.publishing.service.gov.uk/government/uploads/system/uploads/attachment_data/file/841403/Web_CC_Fraud.pdf
“Stop Fraud Pledge”
As part of this year’s Charity Fraud Awareness Week (18 – 22 October 2021) [5] charities are being encouraged to sign up to a new “Stop Fraud Pledge” which involves charities committing to 6 practical prevention measures as follows:
- Appoint a suitable person (staff member, volunteer or trustee) to champion counter fraud work throughout the organisation
- Ensure that all trustees are aware of their legal duty to protect the charity’s assets
- Consult with staff, volunteers and trustees to identify the types of fraud that threaten us and the ways we can prevent them.
- Create a written fraud policy and share it regularly – with staff, volunteers and trustees – so that everyone understands what fraud is and how they can help prevent it.
- Perform checks on the individuals and organisations with whom we have a financial relationship.
- Assess each year how well our fraud controls are working, taking into account new risks and making improvements as needed.
[5] https://www.gov.uk/government/news/charity-fraud-awareness-week-2021
If you discover fraud, what are the first steps you should take?
- Preserve potential evidence – electronic evidence may be key to uncovering what has happened
- Deal with any involved employees – restrict their access to company data and suspend them (if appropriate) while the charity investigates the fraud
- Establish an investigative team – this may require the assistance of third-party advisors
- Notify your insurance provider
- Submit a serious incident report to the Charity Commission
Tenet advocates a “prevention is better than cure” approach and can assist with reviewing or drafting internal policies and procedures. Tenet also provides fraud awareness training across a diverse range of sectors.
If we can assist with fraud awareness and prevention in your charity, then please do not hesitate to get in touch at hello@tenetlaw.co.uk