Statistics published by the Charity Commission during Charity Fraud Awareness Week recently (18 to 22 October 2021) suggests that charities lost almost £8.6 million to cybercrime and fraud in the last financial year alone.
This highlights that the sector is a prominent target for fraudsters, and a shift to remote working practices during the pandemic has left the sector more vulnerable to exploitation than ever.
The key message coming out Charity Fraud Awareness Week is that there needs to be more awareness within the sector. In particular, charities are encouraged to monitor risk and risk management, due diligence and counter-fraud initiatives, and to champion counter-fraud messages within an organisation.
In this article, we explore fraud prevention and responses to instances of fraud to enable charities to take all necessary steps to protect themselves from falling victim to it.
Whilst no organisation is completely immune from fraud and cybercrime, a charity can take steps to ensure that it has a "zero tolerance" attitude and fundamental fraud prevention initiatives embedded within its core. For example, conducting a risk assessment to identify the key areas of a charity that are most vulnerable to fraud and cybercrime is essential so that a tailored fraud prevention programme can be prepared and, most importantly, delivered. Part of that programme will include fraud and cybercrime prevention policies to be complied with by all staff including trustees and volunteers as well as delivering a regular and mandatory training and development programme to create a "zero tolerance" culture to fraud and cybercrime.
As part of a fraud prevention programme for colleagues who wish to report misconduct or suspicious behaviour, a charity should consider setting up a whistleblowing hotline or online portal (governed by a whistleblowing policy and procedure) which provides a confidential platform for reporting wrongdoing within the organisation.
A charity can also ensure that there is segregation of key duties, meaning that no one individual is responsible for financial transactions. This helps to curb the power, influence and control that one individual may have in conducting the required authorisation process, which creates opportunities to commit fraud. The most effective way of segregating duties is by setting up dual authorisation, which requires at least 2 people to review and sign off on a transaction. With cutbacks in recent years many charities have dispensed with this requirement. Reinstating this process may feel unattainable for some charities, however, these measures add a layer of protection against misconduct, particularly internally, as unscrupulous behaviour can more easily be deterred by colleagues and/or picked up at an earlier stage. This could result in long term cost savings as fraud prevention is more cost effective than reacting to and seeking recovery following an instance of fraud.
Unfortunately, despite a charity's best efforts, there may be circumstances where fraud and/or cybercrime infiltrate the organisation. In such circumstances, it is vital that a charity has an effective and reactive fraud and cybercrime response plan in place.
A charity response plan will need to set out how a suspected fraud will be investigated. If an internal investigation is initially conducted by the charity, in order to be protected by litigation privilege (and, therefore, have the right to resist disclosure of confidential and sensitive material), it will need to show that the dominant purpose of various communications being created during the investigation e.g. notes of interviews and forensic accounting materials is because of adversarial litigation that is in progress or reasonably in contemplation.
It is, therefore, important to instruct legal advisors at the outset of any investigation, internal or external, to ensure investigation materials are privileged as well as obtaining advice on and assistance with the conduct of the investigation in general to reduce the potential loss suffered by a charity following the suspected fraud. The involvement of a charity's legal advisors will attract legal advice privilege, which protects (written or oral) confidential communications between a legal advisor and a client.
Our Commercial Litigation team specialise in fraud and cybercrime investigations as well as whistleblowing and frequently act for charities on such matters. If you would like to find out more about how we can assist your organisation, please contact Helen Briant, Elizabeth Mulley or Jamie De Souza for a confidential discussion.