Charity Commission issues fresh warning on risks of insider fraud

The Charity Commission has issued a fresh warning, urging charities to put preventative measures in place to avoid falling victim to insider fraud.

The regulator’s warning comes after the National Fraud Intelligence Bureau (NFIB) released a national alert highlighting the insider threat from fraudsters and cyber criminals.

NFIB’s alert revealed that over 50 per cent of organisations have suffered an insider threat attack in the previous year and 90 per cent of businesses feel vulnerable to a cyber-attack from within their own organisation. The Charity Commission said charities are just “as vulnerable” to insider threats as the private or public sector.

The NFIB warned insiders with access to confidential data can utilise basic operating system functions to steal data from organisational systems. Additionally, it said incidents sometimes go undetected due to a lack of proper auditing or data control measures.

In light of the research, the Charity Commission said charities must consider the following prevention measures:

• When stored electronically, access to sensitive files should be restricted to relevant staff only. You should also consider encrypting the documents.

• Monitor your employees for abuse of IT systems. Minor misdemeanours have the potential to escalate to serious frauds if they go undetected.

• Have clear policies and procedures in place for dealing with fraud and ensure that that all of your staff are familiar with them. Make it clear that any criminal breaches of your policies will be reported to the police and other relevant authorities.

Previous Charity Commission research about insider fraud found crimes were enabled because of poor challenge and oversight; no internal controls or, where controls did exist, not applying them consistently; and too much trust and responsibility placed in one person.

“The crucial lesson for charities isn’t about introducing lengthy counter-fraud policies. It’s about changing people’s behaviours and encouraging staff and all those involved in charities to be vigilant and speak out when things don’t seem right. This must be demonstrated by everyone in an organisation to be truly effective,” Charity Commission director of investigations, monitoring and enforcement, Michelle Russell said.

“The vast majority of charity workers do incredible work but, as we’ve seen in some troubling cases recently, sadly charities aren’t immune to fraud. A dangerous combination of a lack of accountability and controls not being consistently applied can make any charity – big or small – vulnerable, and create opportunities for fraudsters that will have devastating effects.

“Everybody has a part to play in the fight against charity fraud to ensure the public’s generous donations reach those who need them most."