Resource Centre


How to minimise the risk of fraud for your charity

Fraud is the most reported crime in the UK, and the National Crime Agency says, “Individuals, the private sector and the charity sector lose billions of pounds each year to fraud.”

The Charity Commission recommends that Trustees take steps to reduce the risk of fraud, and has published guidance on tackling abuse and mismanagement.

Trustees can help minimise risk by:

  • ensuring their organisation has financial controls in place;
  • ensuring their financial controls are consistently applied;
  • ensuring good governance and effective financial management; and
  • reading the Charity Commission’s Internal Financial Controls for Charities (CC8).

Organisations of all sizes can fall victim to different kinds of fraud, and new threats and frauds are constantly emerging, so it is important to regularly review your controls and preventative measures. Some charitable organisations are more exposed to risk because of the nature of their activities, for example cash-based fundraising or running shops.

There are two main areas of fraud:

  • internal fraud (committed by employees and volunteers); and
  • external fraud (committed by fraudsters not directly involved with the organisation).

Internal fraud

Misuse of charity money

It is never pleasant to think that people who are employed by your organisation may be capable of fraud, but unfortunately it does happen. Misuse of charity money can come in various forms, from stealing cash to misusing credit cards. Finance departments should be audited regularly in order to prevent this.

False expenses

Another common method of internal fraud is by submitting false expense claims including those that are over-inflated, non-existent or inappropriate. Having an expenses policy is good practice, and you need to ensure all expense claims are checked. Claims should always be accompanied by receipts, and submitted within a reasonable period.

External fraud

Telephone hacking:

Telephone systems are increasing at risk at being hacked by a third party.   Your charity could end up bearing the cost of unauthorised calls or unauthorised use of your bandwidth.

Phishing scams:

Fraudsters can use false invoicing in order to try to obtain money from a charity. These false invoices typically contain fake supplier identities and purchase order details in order to obtain payment for goods or services or impersonate you.  These goods will not have been received. Organisations of all sizes can be vulnerable to this type of fraud and, in some cases, these invoices are paid because employees assume they must have received the services or goods.

To prevent false invoicing fraud, ensure someone who can confirm that the services or goods have been received authorises all invoices, and invoices are not paid without this authorisation. Charities should note that invoice fraud could also be an internal risk as dishonest employees could create and pay their own fraudulent invoices. Employees dealing with payment of invoices should be encouraged to check with their senior managemcent if they are uncertain or have doubts that an invoice is legitimate.

Cyber threats:

Cyber fraud is a growing concern for charities, as hackers stay one step ahead of the most sophisticated I.T security systems and are capable of holding systems to ransom.   Just one email attachment opened carelessly could result in whole systems being affected by any one of the ransomware viruses.   The rogue virus software finds its way into a host computer through an array of vectors and encrypts files, folders and individual areas denying you access to the target regions. Typically, users are directed to a ransom note with a timer and asked to pay a sum of bitcoin so the files can be decrypted. The National Cyber Security Centre encourages organisations not to pay the ransom, and says “there is no guarantee that you will get access to your data”.


This fraud takes advantage of people’s goodwill by asking them to make a donation to a cause; typically this will be linked to a recent disaster and they often misuse the names of other charities.

Fraudsters will ask people to donate by email or a collection box in a public place, and then pocket the money. The Charity Commission recommends that trustees should take appropriate steps to stop unauthorised fundraising (including legal action if necessary) and ensure that all donations are passed on to their charity.

Credit card scams

Previously the Charity Commission has alerted charities to a credit card fraud where fraudsters approach a charity saying they wish to donate a large sum of money, but only if the charity sends a large proportion (usually half) of this money to their other favourite charity. The “donation” is made using a stolen credit card, and the bank details provided for the other charity will belong to the fraudster. Charities must be aware of unusual requests by donors, or offers of large sums.

The charities against fraud website contains useful resources and further guidance on how to minimise the risks of fraud. If you uncover an incident of fraud you should report it to the police immediately, and also inform the Charity Commission via its dedicated reporting facility at


Request a call

Thank you for your request, we will be in touch shortly