This comes as the regulator reveals it opened 603 cases relating to fraud and a further 99 cases relating to cyber crime issues in the last year.
Launching in Charity Fraud Awareness Week, the charity regulator has published bespoke guidance on how trustees can protect their charity from cyber crime and a separate shorter guide on fraud. These guides, which replace the regulator’s previous guidance, are more concise and easier to use.
The fraud guide explains what to do if fraud or attempted fraud is discovered at a charity and provides tips on how to reduce the risk of fraud taking place. It explains the importance of having robust internal financial controls and signposts to the Commission’s more detailed guide about this.
Cyber fraud is a key area of concern for many organisations that handle money and personal data. Through its casework, the regulator identified the most common type of cyber enabled fraud experienced by charities is phishing attempts.
The Commission’s cyber crime guidance seeks to help charities protect themselves from this ongoing threat. It sets out the importance of establishing an internal culture of fraud and cyber crime awareness.
The guidance has been developed with the support of the National Cyber Security Centre and their Small Charity Guide. It links to several free online training modules designed for charities of all sizes.
Both guides highlight the importance of reporting all fraud attempts, including those that failed, to Action Fraud. Fraud is underreported, with many hesitant to report incidents. Reporting enables trustees to get the support they need and means there is a more accurate picture of how fraud is affecting the sector.
Mazeda Alam, Head of Guidance & Practice at the Charity Commission, said
Protecting your charity from fraud and cyber crime can understandably seem daunting, but there are many small, inexpensive steps charities can take to reduce the risk of any potential internal or external fraudster being successful.
Introducing a simple measure such as having dual authorisation for all financial transactions can help avoid these issues arising – which are often opportunistic.
It is every trustee’s responsibility to ensure they’ve done all they reasonably can to protect their charity from harm – reading our guidance is the best place to start.
Notes to editors
-
The Charity Commission is the independent, non-ministerial government department that registers and regulates charities in England and Wales. Its ambition is to be an expert regulator that is fair, balanced, and independent so that charity can thrive. This ambition will help to create and sustain an environment where charities further build public trust and ultimately fulfil their essential role in enhancing lives and strengthening society.
-
The 603 cases represent all cases opened between November 2023 and October 2024. Over the same period, the Commission received 264 serious incident reports relating to fraud.
-
A guide to help trustees decide what to report to the Charity Commission can be found on GOV.UK. For example, the Commission would expect a charity to report any loss of funds as a result of a scam; if a treasurer produced false invoices or if it uncovered a bogus fundraising scheme being promoted using the charity’s name. The regulator would not expect a charity to report every cyber fraud attempt blocked by the charity’s computer security systems unless unusual in nature.
-
Charity Fraud Awareness Week runs from 25th – 29th November and is led by the Fraud Advisory Panel and the Charity Commission to improve fraud awareness and signpost events and resources available to the sector.
-
NCSC’s website includes resources on How to improve cyber security within your charity.
