Moving money safely

Published by Kelly Goodwin on 26 October 2018

Share this article

Fraud costs the third sector £2.3bn annually. This is equivalent to 22% of the £10.3bn people in the UK donated to (UK) charities in 2017, making it one of the most significant expenses facing charities today.

With the growing sophistication of cybercrime techniques, it can easily be forgotten that the most common forms of bank fraud are very simply executed. It could be a letter or email from a purported supplier requesting payment for a genuine invoice, but with false bank details inserted. Or a ‘vishing’ attack where a caller pretends to be a senior member of the charity, or bank staff, attempting to gain the receiver’s trust in order to obtain confidential information or induce the victim to make a payment. According to the Met Police, the average loss from an individual attack of this kind is in the tens of thousands. So, although it’s important to invest in adequate cybersecurity software; it’s critical that fundamental banking safeguards are in place and consistently monitored.

Charity trustees have a legal and moral responsibility to ensure their charity’s money is safeguarded from loss. A key part of this responsibility is putting in place controls and procedures to help protect the charity from the most common forms of bank fraud.

Some simple controls that should always be in place include:

  • If new bank details are provided by a payee in the form of an email or letter, or from a phone call with a person you do not know well; call the entity using a known contact number to confirm the details are accurate before making any payments.
  • Agree purchase invoices to the original purchase order before the payment is authorised.
  • Have dual authorisation of online banking payments in place, ensuring that all authorisers are aware of the checks to be completed before making payment.
  • Inform suppliers whenever a payment has been made to them.

These technical system controls are important safeguards, but the most effective measure is the education of staff. Criminals are able to target charities when sensitive information is leaked: it’s this privileged information about a supplier or members within the organisation that allows the fraudster to attempt to gain the trust of the person making payment. 21% of charitable organisations data breaches come from loss or theft of paperwork; 11% from improper use of the email Bcc function; and 10% from mail or post misdirections – all of these can be prevented or reduced with effective controls.

To mitigate the risk of data breaches, send out regular updates and reminders to staff on best practise. It’s also useful to introduce a formal system for reporting data breaches. This not only allows for the containment of any leaked information, but will also highlight frequently occurring breaches so that action can be taken to prevent them in future.
As the technological rate of change in our working environment continues to accelerate, and the associated risks intensify, it’s vital that the simpler elements of protecting ourselves from fraud are not overlooked.

Make sure you pre-order your complimentary copy of Kreston’s Academies Benchmark Report 2019 here

This year the report includes over 350 Trusts representing nearly 1000 schools and is based on those Academies that prepared financial statements for the period ended 31 August 2018 and which were audited by member firms of Kreston UK.

Share this article

Email Kelly

    • yes I have read the privacy notice and am happy for Kreston Reeves to use my information

    View teamSubscribe

    Subscribe to our newsletters

    Our complimentary newsletters and event invitations are designed to provide you with regular updates, insight and guidance.

      • Business, finance and tax issuesPersonal finance, tax, legal and wealth management issuesInternational business issuesCharity and not-for-profit issues

      • Academies and educationAgricultureFinancial servicesLife sciencesManufacturingProfessional practicesProperty and constructionTechnology

      • yes I agree I have read and accept the privacy policy and am happy for Kreston Reeves email communications I have selected above

      You can unsubscribe from our email communications at any time by emailing [email protected] or by clicking the 'unsubscribe' link found on all our email newsletters and event invitations.