With increased home working, like most sectors, charities have become increasingly susceptible to online fraud and cybercrime but charities often don’t have the resources of commercial businesses, making them easy targets. Smaller charities can be particularly vulnerable.
We don’t yet know the full scale of fraud during the pandemic but during the first six months the Charity Commission received the same number of reports as it would usually receive in a 12-month period. Many charities have been fire-fighting during the pandemic and their anti-fraud plans may have fallen off the radar.
What is clear is that existing charity procedures around fraud and financial controls are unlikely to have envisaged the scale of people working from home for extended periods of time during the pandemic, and so may not be fit for purpose. This increases the risks of both external cybercrime and internal fraud within an organisation.
Risk management strategy needs to be a live and ongoing process which is constantly under review as new risks are identified or the level of risk changes.
Charities need to clearly identify actions and who is responsible for them and by what date. In order to protect themselves in an increasingly digital market, charities must prioritise and commit funds to tightening cyber-security.
Charities need to take action by:
- Updating policies around financial controls, fraud and risk
- Communicating updated policies clearly to staff and providing training where necessary
- Checking that updated policies and procedures are being consistently applied and are effective
- Ensuring clear reporting procedures are in place in the event of fraud and equally clear whistleblowing procedures are in place for concerns to be raised. Employees and volunteers need to feel comfortable that they can challenge unusual activity or worrying behaviour
- Ensuring trustees are asking the right questions about the charity’s procedures and holding the executive to account
- Ensuring procedures cover reporting to Action Fraud and the Charity Commission under its serious incident reporting regime.
The Charity Commission has produced guidance on how to protect your charity from fraud and cyber-crime and is available here.