Charity fraud is a persistent sector-wide risk, with substantial financial loss when it occurs.
The Charity Commission opened 603 cases relating to fraud and 99 cases relating to cybercrime between November 2023 and October 2024 and noted that fraud is likely underreported.
Common types of charity fraud include misappropriation of cash or assets, payment diversion/authorised push payment fraud, expenses fraud, and phishing-related cyber fraud.
The BBC has reported two recent prosecutions relating to charity fraud. The first one concerns a £700K gift aid scam and the second concerns a financial advisor who defrauded a charity, plus friends and neighbours out of almost £2m.
Full details of both cases are at:
Chelmsford fraudster who stole Gift Aid worth £700k is jailed – BBC News
Droitwich financial advisor jailed after £2m fraud spree – BBC News
How to reduce fraud risks
- Check donation and Gift Aid claims carefully
Verify donor details, eligibility, and supporting records before submitting Gift Aid claims. - Separate financial duties
Avoid one person having full control over payments, bank access, record-keeping, and approvals. - Use dual authorisation for payments
Require at least two approved people to authorise bank transfers, supplier payments, refunds, and large expenses. - Verify payment changes independently
If a supplier, donor, trustee, or staff member requests new bank details, confirm using a trusted phone number—not the details in the email. - Keep strong records
Maintain clear records of donations, expenditure, invoices, grants, restricted funds, and trustee decisions. - Train staff, trustees, and volunteers
Make sure people can recognise phishing emails, fake donation requests, suspicious invoices, and pressure tactics. - Monitor accounts regularly
Reconcile bank accounts often and review unusual transactions, duplicate payments, or unexpected withdrawals. - Protect online systems
Use strong passwords, multi-factor authentication, up-to-date software, and restricted access to finance systems. - Carry out due diligence
Check partners, fundraisers, grant recipients, suppliers, and overseas projects before sending money or sharing data. - Encourage reporting
Create a clear route for staff, volunteers, trustees, and the public to report concerns confidentially. - Report fraud promptly
Report suspected fraud to the charity’s trustees, bank, Report Fraud (previously Action Fraud), and the Charity Commission where appropriate.
If you would like assistance on completing fraud risk work including reviewing fraud prevention procedures for the failure to prevent fraud offence, completion of a fraud risk assessment or fraud awareness training, contact TIAA’s Director of Governance, Risk & Compliance, Nick MacBeath at nick.macbeath@tiaa.co.uk