Charities are not immune from the risk of malicious attacks from fraudsters and, worse still, the risk can even present itself from within the organisation.

The impact of fraud on a charitable organisation is not limited to loss of funds or purely financial damage. The impact to the overall governance and reputation of an organisation can be fatal to its future. The start of a year is always a good time to take stock and set goals for the year ahead and we recommend putting charity fraud on your agenda for 2024. Here are our top recommendations to protect your organisation:

Create an anti-fraud policy

As with safeguarding policies, or a trustee code of conduct, an anti-fraud policy will help to cement awareness of the risks within your organisation and will, in tandem, draw attention to the best ways of being vigilant to the risks posed. An anti-fraud policy should clearly set out what fraud is and how it might manifest in your organisation. It will also set out a clear reporting protocol which can be followed by anyone in the organisation if and when a fraud situation arises, and detail the consequences (including capacity for disciplinary action) if fraudulent activity is identified. As well as creating the policy, it is important that this is communicated to any staff or volunteers within your organisation, and any relevant stakeholders or third parties. It is also recommended that the policy is included is regularly reviewed going forward - to ensure that the policy is kept up-to-date and fit for purpose.

Ensure appropriate internal financial controls are in place

Organisations should also ensure that appropriate internal financial controls are in place and that they monitor the application of those controls. This includes the high-level financial controls - such as reviewing annual accounts and budgets - and specific financial controls - such as access to bank accounts and the methods by which the organisation carries out any transactions (including both sending and receiving of funds).Although there may be a designated person with day-to-day responsibility for financial matters – a treasurer, for instance – it is worth remembering that all of the charity trustees are collectively responsible for the ensuring that financial records of an organisation are accurate and up to date. Each charity trustee should, therefore, have an awareness of the financial position of the organisation and we would expect this to be included as a standing agenda item at board meetings.

Take the time to consider your organisation’s cyber security

Recent years have seen a significant rise in the number of cyber attacks. In late 2023, a number of UK charities were impacted by an attack on one of their suppliers - highlighting that even where a charity was not the primary target, they were still affected by the attack on their supplier. The volume of high-profile attacks shows that this threat continues to evolve, and the number and sophistication of attacks will likely continue to increase over the year ahead. Often there can be a fraudulent angle associated with a cyber attack.

This is a very complex and ever-evolving area. We will shortly publish a more detailed blog with our recommendations on steps which an organisation can take to mitigate those risks.

Finally, it is worth mentioning the role of the sector’s regulator, OSCR, when fraud is identified in relation to a charity. OSCR monitors compliance with the requirements of Scottish charity law and charity trustees’ compliance with their duties.

OSCR will not have a role in any investigation or prosecution of suspected criminal activity, such as fraud. This will be a matter for the police and Crown Office or Procurator Fiscal. However, the Notifiable Events regime requires that charity trustees report events which are likely to have a significant impact on their charity. Given the severity of the matter, a fraud or suspected fraud is likely to have a significant impact on any charity and therefore, when fraud is detected or suspected, it is recommended that this is reported to OSCR in accordance with the regime.

Related News, Insights & Events