Fraud
is on the increase and fraudsters are resorting to increasingly
sophisticated means in their efforts to gain illegally. Charities
appear to be no less at risk than any other sector of society
– if criminals were ever minded to exempt them because
they are non-profit entities, any such ‘gentleman’s
agreement’ no longer applies. And, unfortunately, charities
are regarded as a soft target.
“There is the perception among fraudsters that individuals
who opt to work for a charity instead of pursuing a more remunerative
career in the commercial sector must be less intelligent and
less professional,” observes David Dearman, partner,
forensic services at accountancy firm PKF. “It is, of
course, a total misconception given the very talented people
who work for charities, but one that nonetheless persists.”
He adds that although fraud has always been around, the types
of fraud perpetrated are becoming more sophisticated, so the
issue is moving steadily up the boardroom agenda for both
commercial and non-profit organisations.
A survey of charities conducted by PKF with the CFDG found
25 per cent of respondents reporting they had been victims
of fraud within the past three years. Of those, charities
with international activities, those specialising in health
and medicine and those involved in culture, sport and recreation
were the hardest hit, with money laundering and terrorism
having moved up the agenda for charity risk managers, adds
Keith Hickey, chief executive of the CFDG.
The onus has been placed on them to ensure that money is not
being siphoned off and their organisation is not being used
as a vehicle for illegal activities. The controls predate
the increased attention to terrorism of recent years, but
governments have become increasingly prescriptive in the checks
they require charities to carry out.
Estimates vary considerably on the true economic cost of fraud.
The government has suggested that annual cost to the UK economy
is somewhere between £14bn and £20bn, but other
sources claim that a figure of up to £70bn is more realistic.
The discrepancy is due largely to the fact that many incidents
of fraud go unnoticed, while others are detected but not reported
to the authorities. It would be understandable if charities
chose to keep silent; if they have detected a fraud, quantified
it and taken action to prevent a reoccurrence then going public
with the news only risks damage to its reputation and could
deter potential supporters.
It can also expose a lack of preparedness. Three in four charities
still lack a formalised fraud policy and 30 per cent do not
have any formal risk policy, according to research published
by business adviser and auditor Baker Tilly early this year.
This is despite the proposed requirement that will oblige
charities to record instances of fraud on their annual return.
At present, any fraud detected within a charity places a requirement
on its professional advisers to report the activity to the
National Criminal Intelligence Service under the
provisions of the Proceeds of Crime Act. The charity’s
trustees have a duty to protect its assets and the Charity
Commission must be informed.
The government has also recognised that the law needs to be
updated, to reflect the increasing sophistication of fraud
and to also improve the chances of securing convictions. In
January, the long anticipated Fraud Act 2006 finally passed
into law, replacing a range of overlapping deception offences
with a single offence of fraud, which can be committed by
false representation, failing to disclose information and
abuse of position.
A positive development has been the improved protection afforded
to whistleblowers, since the formation of the organisation
Public Concern at Work and the subsequent introduction of
The Public Disclosure Information Act in 1999. Charity workers
and trustees who suspect colleagues may be siphoning off money
now have a greater incentive to express their concerns.
Charities should also be aware of the Payment Card Industry
Data Security Standard that takes effect from the end of June
2007. The Standard affects any organisation that deals with
card payment transactions, including charities that accept
online donations. The compliance requirements are demanding
and include financial penalties for organisations that lose
card payment data due to an attack on their IT system.
Top
A question of trust
For charities with international operations, overt corruption
may be an equal or greater concern than fraud. The organisation
Transparency International publishes an annual index; with
a league table of those deemed to be the most corrupt, which
include Haiti, Iraq and several African states.
In a number of these countries, aid efforts are hampered
by the problems of ensuring that food and other supplies
are not diverted away from the needy. This has proved a
problem in Africa, where shipments often go through local
governments and are loaded on to army lorries.
“Africa is bound to rank high on the list, simply
because the number of charities operating there is so large,”
says Ian Young, head of internal audit at Save the Children.
“But a number of countries in the Far East, such as
Indonesia and the Philippines, also rank quite highly.”
Other examples include North Korea, where past aid efforts
have reportedly seen food supplies keeping members of the
army fed but not getting through to civilians. Closer to
home, eastern Europe has also gained an unenviable reputation
as a centre for corruption and fraud. In Romania, government
and local officials were found to be siphoning off aid and
some members of the UK’s rescue team were exposed
as involved in the activities.
Charity officials suggest that their organisations are more
accountable than organisations such as the United Nations,
which are vulnerable to quite large scale siphoning off
of supplies or finance and may not notice the loss.
But they are not immune. It is often observed that while
people are a charity’s biggest asset, they potentially
also represent its biggest threat. In some cases of fraud,
the fraudster is an individual who has worked for the organisation
for years.
“Charities, which rely on volunteer staff and their
goodwill, have to be trusting,” observes Nigel Jones,
European practice leader of the IT risk consultancy at Aon
Consulting. “That said, they must recognise that there
are always individuals ready to exploit that trust. So checks
on staff are now being tightened, having been minimal or
even non-existent in the past.”
Guarding against the problem of bogus charities –
and bogus collectors who claim to represent a reputable
charity – is less easy. The advances in information
technology have been accompanied by a rise in opportunistic
online fraud.
Last year, Christian Aid alerted supporters to ‘phishing’
e-mails, purporting to come from charities, aid agencies
and churches. These advised recipients that they were eligible
for a cash award through a lottery process and instructed
them to register their bank details in order to collect
it. Other scams have included e-mails supposedly from a
charity that advises supporters of problems in processing
their donation and inviting them to either submit their
bank details or re-register.
The phishing episode is still causing problems for Christian
Aid, says its head of audit, Patrick Kirwan. “It’s
difficult to keep track of the ISP (internet service providers)
e-mail addresses used by the fraudsters, which are continually
evolving and changing.
“And the police can only deal with cases originating
from the UK, whereas it’s pretty international,”
he says.
Specific events have triggered similar bogus communications;
several took advantage of the appeals for aid after hurricane
Katrina devastated New Orleans in 2005, while the abduction
last month of toddler Madeleine McCann from a Portuguese
holiday resort saw an official website for assistance and
funding established, but also several unofficial sites.
Choosing carefully
How can charities limit their exposure to fraud? An important
factor, that is too often overlooked, is the organisation’s
recruitment policy and procedures, says CFDG’s Hickey.
“If those that you employ are in tune with the organisation’s
values and have the necessary skills that, combined with
the appropriate culture, will minimise the opportunity for
fraud,” he says. “There is less chance of a
fraudster inadvertently being recruited and it’s also
more likely that other members of staff will pick up any
attempt at fraud.”
Charities with international operations need to select a
partner with the appropriate capacity and capabilities,
he adds. They should also conduct a risk assessment at the
outset of a project, as well as a sign-off audit. Christian
Aid’s Kirwan says the charity carries out the latter
for all grants of £50,000 and above.
The Charities Internal Audit Network (CIAN) is a valuable
resource for the sharing of best practice and training,
suggests James Baker, a senior partner in the forensic practice
at KPMG.
Charities, which may well have good internal controls in
place to guard against fraud, should check that they are
actually being used, he adds. And those that can stay one
step ahead will improve their chances significantly. “Fraud
is continually evolving and so are the means of catching
it. Charities need to understand the nature and scale of
the problem before embarking on an appropriate strategy
– and developing a system that stays ahead of the
fraudster.”
Top
To return to the June 07 features list click here
|
