Through their Annual Fraud Indicator, the National Fraud Agency estimate that fraud costs the charity sector alone £147.3million, with 9.2% of charities across the UK indicating that they had identified fraud in 2013.
These crimes were orchestrated both internally and externally, through cyber crime, and employment gained through false pretences – and these types of instances are on the rise in the least likely of places.
Who would commit fraud against a charity or care organisation?
Unfortunately, more people than you might think. In fact, it’s precisely the assumption that these types of organisations should be immune from these crimes, because of the nature of their work, which makes them all the more vulnerable.
How do these organisations allow for fraud?
Resources in third sector and care organisations are commonly stretched, which means that invoices from fake suppliers can be overlooked, and computer security left neglected. With bank account details from every regular charity donor, or relatives paying towards care home costs, and an organisation whose attention is perhaps otherwise diverted on more important matters, there is a mass of personal data just waiting to be stolen.
What does this fraud look like?
Often the simplest tactics are the most popular. A building company may have a plaque on a care home where they’re carrying out work. A fraudster will then call the care home pretending to be the building company about a change of bank details.
Internally, a staff member may have set up a fake supplier, siphoning off invoice payments – something that can take a long time to detect when those signing off invoices are preoccupied in their work.
And of course there is the more modern-day cyber crime pandemic, which every day is adding more SME, not-for-profit and care organisations to its list of victims.
What you can do to help prevent it
Timeframes for getting back up and running will depend entirely on your business, but could be determined by how sponsors, local authorities or service users are willing to wait before going elsewhere.
Threats
There’s no way to ensure that you’re completely immune to fraud, but there are certainly things you can do which will lessen the chances.
Structure your company culture – Push a ‘no blame’ policy and protect whistleblowers so that staff members and volunteers can flag-up suspicious behaviour without fear or being vindicated.
Set up financial controls – This includes keeping records of any cash or cheques coming in, reviewing this against bank statements and paying in books, creating a clear banking policy, and making sure that signing off or completing transactions is not the sole responsibility of one person.
Online banking – Specialist charity insurer Ecclesiastical estimates that while 79% of charities are now using online banking, 10% of these have made at least one payment which has been the incorrect amount, while 8% have sent money to the wrong place. Dual authorisation for online payments, as with cheques, is one way of helping prevent this mistake, and any existing security procedures also need to comply with online banking activity.
Assess the risks – Look at your activities and how these might open you up to fraud specifically. For a charity this might be the use of volunteers and invoicing, whereas for a care home it could mean remaining vigilant for suspicious activity of third parties, visitors or staff.
Create an anti-fraud policy – Stipulate what constitutes fraud in the context of your organisation, and how you’ll respond.
Stay safe online – Make sure your staff and volunteers are alert to suspicious activity, such as emails from unverified senders, and encourage them to change their password on a regular basis. In the absence of an IT department, you can make sure that any security software is up to date, and all personal data held, such as that of regular donors must be securely stored and encrypted if sent via email.
Can insurance protect you against fraud?
There are insurance covers which can protect your organisation financially in the wake of fraudulent activity, including:
Fidelity Insurance – This type of insurance is taken out by an employer and covers against losses incurred through dishonesty of employees. Often this will only cover a loss of company money via internal fraud.
Cyber crime and financial loss insurance – This provides cover for external losses of company money or data from external fraudulent activity. Policies in this area can vary in coverage and some may exclude when money is voluntarily handed over by the company – unaware that they’ve fallen victim to a scam.
If you would like to discuss your voluntary or care organisation’s insurance requirements and how you can protect your business against fraud, contact our Care and Social Welfare team on 01653 697055 or by emailing care@networkportfolio.co.uk/mcclarroninsurance.com.
