“You can’t build a profile of this kind of offender in the same way you can with other types of crime,” says Bob Browell, counterfraud manager at Macmillan Cancer Support.
“This kind of offender” is someone who organises fundraising events for Macmillan, a coffee morning or a cake sale, and then keeps all the money raised for themselves – a type of fraud known in the trade as a ‘victim donation case’. “They’re male, female, black, white, all ages, serial offender, opportunist,” says Browell. “We’ve had a vicar, a funeral director, a woman who shaved her head three times – you name it, anyone will try it.”
But since Macmillan hired Browell two years ago as its first dedicated counter-fraud employee, the charity has recovered nearly ￡169,000 from such fraudsters, through a civil recovery process. Browell says fraudsters are often more afraid of having a county court judgment registered against them than they are of a criminal prosecution and suspended sentence, so seeking redress can be effective.
Browell’s work at Macmillan to raise awareness of different types of fraud and how to spot them has also resulted in a sharp rise in the numbers of fraud referrals and cases at the charity. According to Alan Bryce, the Charity Commission’s head of development and operational intelligence, this is hugely important in tackling fraud.
Bryce says: “Reporting fraud is a crucial element of stopping fraud happening. Current regulation does not require charities to report to us frauds that have happened to them; although they are encouraged to under the serious incident reporting regime. But charities have a moral obligation to report frauds.
“One of the myths in tackling fraud is that if you have no cases of reported fraud, you have no fraud. In my 20 years’ experience in the charity and public sectors, most of the organisations that are at highest risk of fraud generally tend to be those who have never reported any. Fraud does occur, even with the best defences, and it’s those charities who are willing to recognise and report it and learn the lessons from it that are tackling fraud most effectively.”
Macmillan’s commitment to addressing fraud led it to win the Large Charity Award for Excellence at the inaugural Charities Against Fraud Awards last month. The awards, hosted by accountancy firm Moore Stephens and supported by the Charity Commission, the Fraud Advisory Panel and Governance & Leadership, also recognised Saga Charitable Trust as winner of the Small Charities category. Saga Charitable Trust won for the rigorous due diligence process it deploys to examine prospective grant recipients overseas. Saga gives away around ￡120,000 a year to small local NGOs, often in high-risk countries. Before agreeing grants, the charity applies a cross-team three-stage approach to due diligence, ranging from basic checks through to audited accounts and use of in-house financial crime expertise.
Bryce is at pains to emphasise the scale and prevalence of fraud in the sector. He cites the recent British Crime Survey which showed that 10.8 million crimes were committed last year under the Computer Fraud and Misuse Act, and that computer-based crimes such as phishing now account for more than half of all crimes committed. “There is no reason that this does not apply to the charity sector,” says Bryce. “Cyber has completely changed the way criminals operate – it offers a simple, cheap and low-risk way of defrauding organisations of millions of pounds.”
Charities must be aware of the risks of both internal and external frauds, says Bryce. While the risks from internal fraud have not really changed in the last 20 years, around a third of all frauds reported to the Charity Commission are still suspected to involve insiders – staff, volunteers or trustees.
Around 200 frauds are reported to the Commission each year through the serious incident reporting regime, but Bryce believes this is just the tip of the iceberg.
New City of London Police figures on fraud against charities announced last month reveal that in the last six months, police investigated 298 victim donation cases which resulted in losses of ￡200,000 each month. In the same period there were also 823 cases of employee fraud, including one where a trustee stole ￡1.2m. Yet the police are also sure there is significant under-reporting.
Bryce warns that one of the most common frauds charities face is ‘CEO fraud’ or ‘mandate fraud’ – where money transfer requests are received from fraudsters purporting to be senior members of staff or legitimate organisations such as banks. Fraudsters expert in ‘social engineering’ (using internet research and social media to develop a profile of a real person) have been known to spend months developing an online relationship with a charity’s employee, pretending to be a bona fide contact.
In one recent case, a charity’s treasurer received a phone call from someone purporting to be a staff member from the charity’s bank’s fraud team. The number the fraudster called from was the correct number for the bank and the person he claimed to be did work for the bank’s fraud team. So even though the treasurer made some checks, he still fell victim to fraud.
Bryce says this is far from an unusual case. He recommends all charities should take steps to improve their in-house fraud knowledge, either by hiring a dedicated counter-fraud operative, as Macmillan did, training existing staff, or appointing a trustee with specialist knowledge.
He concludes: “Charities face a big and growing threat and it is only through sharing best practice that we can get two or three steps ahead of the fraudsters.”