The Charity Commission has unveiled a refreshed suite of guidance
to help trustees protect their charities from fraud and cyber
crime.
This comes as the regulator reveals it opened 603 cases relating
to fraud and a further 99 cases relating to cyber crime issues in
the last year.
Launching in Charity Fraud Awareness Week, the charity regulator
has published bespoke guidance on
how trustees can protect their charity from cyber crime and a
separate shorter guide on
fraud. These guides, which replace the regulator's previous
guidance, are more concise and easier to use.
The fraud guide explains what to do if fraud or attempted fraud
is discovered at a charity and provides tips on how to reduce the
risk of fraud taking place. It explains the importance of having
robust internal financial controls and signposts to the
Commission's more detailed guide about this.
Cyber fraud is a key area of concern for many organisations that
handle money and personal data. Through its casework, the
regulator identified the most common type of cyber enabled fraud
experienced by charities is phishing attempts.
The Commission's cyber crime guidance seeks to help charities
protect themselves from this ongoing threat. It sets out the
importance of establishing an internal culture of fraud and cyber
crime awareness.
The guidance has been developed with the support of the National
Cyber Security Centre and their Small Charity Guide. It links to
several free online training modules designed for charities of
all sizes.
Both guides highlight the importance of reporting all fraud
attempts, including those that failed, to Action Fraud. Fraud is
underreported, with many hesitant to report incidents.
Reporting enables trustees to get the support they need and
means there is a more accurate picture of how fraud is affecting
the sector.
Mazeda Alam, Head of Guidance & Practice at the
Charity Commission, said:
Protecting your charity from fraud and cyber crime can
understandably seem daunting, but there are many small,
inexpensive steps charities can take to reduce the risk of any
potential internal or external fraudster being successful.
Introducing a simple measure such as having dual authorisation
for all financial transactions can help avoid these issues
arising – which are often opportunistic.
It is every trustee's responsibility to ensure they've done all
they reasonably can to protect their charity from harm – reading
our guidance is the best place to start.
Notes to editors:
-
The Charity Commission is the independent, non-ministerial
government department that registers and regulates charities
in England and Wales. Its ambition is to be an expert
regulator that is fair, balanced, and independent so that
charity can thrive. This ambition will help to create and
sustain an environment where charities further build public
trust and ultimately fulfil their essential role in enhancing
lives and strengthening society.
-
The 603 cases represent all cases opened between November
2023 and October 2024. Over the same period, the Commission
received 264 serious incident reports relating to fraud.
-
A guide
to help trustees decide what to report to the Charity
Commissioncan be found on GOV.UK. For example, the
Commission would expect a charity to report any loss of funds
as a result of a scam; if a treasurer produced false invoices
or if it uncovered a bogus fundraising scheme being promoted
using the charity's name. The regulator would not expect a
charity to report every cyber fraud attempt blocked by the
charity's computer security systems unless unusual in
nature.
-
Charity
Fraud Awareness Week runs from 25th – 29th November and
is led by the Fraud Advisory Panel and the Charity Commission
to improve fraud awareness and signpost events and resources
available to the sector.
-
NCSC's website includes resources on How to
improve cyber security within your charity.
