Business and charity

How to protect your charity from fraud

With fraud costing UK charities up to £2 billion a year*, it’s becoming increasingly important for charities to protect themselves against both internal and external risks. Unfortunately, despite all the good they do for the community, charities can be particularly vulnerable to fraudulent behaviour, and as a result can suffer from loss of funds and reputational damage.

Fraudulent activity can take many forms, including the following:

  • False representation

  • Failing to disclose information

  • Abuse of position to make a gain or cause loss to another

If you think that your organisation may have fallen victim to fraud, report it by visiting, or calling 0300 123 2040. The Charity Commission should also be made aware if there is any evidence of fraud that could seriously harm the charity, its beneficiaries or assets. Reporting serious incidents (including fraud) to the Charity Commission is a requirement for trustees.

Protecting against internal fraud

Whilst charities thrive due to the passion of their staff and volunteers, they also tend to have a slightly higher staff and volunteer turnover. Charities may also find that staff levels increase exponentially over short periods for key campaigns or events. Whilst having short term staff is largely beneficial for a not-for-profit organisation, it may also increase the risk of internal fraud from unknown or short-term employees. It’s important that steps are taken to protect against this increased risk.

  1. Have a clear zero tolerance fraud policy, and a process to follow should fraud be uncovered. This should be circulated amongst your staff and stored centrally. It’s likely that, if you were to uncover internal fraud, you may have a strong emotional response, and so it’s important to have a strict process in place that can be followed under stressful circumstances.

  2. Have a whistle blowing process in place. If someone in your organisation were to uncover internal fraud, they may not feel comfortable naming them publicly, so your organisation should have a way for them to report this anonymously.

  3. Ensure you conduct regular audits, as this will help you to uncover any instances (or potential instances) of fraud as soon as possible.

  4. Consider how you would manage and phrase internal communications in the event of internal fraud, as this can be a sensitive subject for staff.

Protecting against external fraud

As well as internal fraud, charities should also be aware of the risk of external fraud, which could include false invoicing, unauthorised fundraising and credit card scams. There are a number of ways in which external fraud can be mitigated:

  1. Have robust financial controls, and a strict invoicing process in place. Assign an invoice owner who can verify that the services or goods have actually been received. The invoice owner should be consulted before the invoice is paid.

  2. Take appropriate steps to prevent any unauthorised fundraising, and ensure that all donations are then passed on to the charity.

  3. Have an internal communication process to keep staff informed of potential cyber attacks, such as phishing emails.

  4. Have strong passwords that are difficult to decipher. Change them regularly, and store them in a secure location.

  5. Monitor donations for large amounts, and be wary if a large number of transactions are made in a short timeframe as this can be a sign of credit card fraud. Be vigilant if the address of the transaction is different from the cardholder’s billing address, or where a single IP address is used to make multiple donations from various payment cards.

  6. Have an internal reporting process to share any concerns. It’s important for employees and volunteers to understand the importance of reporting even suspected cases of fraud.



Read our disclaimer.