To coincide with Charity Fraud Awareness Week, this webinar examined aspects of charity fraud, and provided provide practical guidance on how people can protect their charity from this type of wrongdoing.
Webinar transcript
Matt Crichton
Hello, everyone. Thanks for joining us for today’s webinar, which is about charity fraud. As you can see here, the title on the screen, ‘Protecting Your Charity Against Fraud.’
My name is Matt Crichton, and I’m from the ACNC’s Education team. And joining me to present today’s webinar is Jess Horey. Hello, Jess.
Jess Horey
Hey, Matt. Hi, everyone.
Matt Crichton
We’ve got a fair bit to get through, so we’ll just move straight into it. Actually, before we do this, there’s a little bit of housekeeping to cover.
If you have any questions throughout the webinar, feel free to ask them in the control panel of the GoToWebinar system there. There’s a little box in which you can ask questions. We’ve got a few colleagues helping us out with answering your questions. That's Alana, Michael, and Bree. So, send them through as they pop into your mind, and we’ll do our best to answer them. If we don’t get around to your question, we will endeavour to send you an email response later on.
We have a bit of a question and answer section at the end too, so we’ll take some of the select questions that we do receive that we think may be of use to everyone in the audience, and we’ll address those at the end of the formal presentation.
Also, if you're having trouble with the audio, it may be worth dialling the number to listen in to the webinar as if it were a phone call. When you registered, you would’ve received a confirmation email, and that has some instructions for calling a number and entering a code, and then you can listen to the webinar that way.
So if you are having some audio troubles, that is often a fairly effective solution.
Okie dokie. Let’s get on to the topic proper. So we’ve got a few things to get through. Number one, we’ll talk about different types of fraud.
We’ll talk about charities’ vulnerability to fraud. We’ll go over some of the duties and obligations for charities and the responsible people that charities have to the ACNC. We’ll go through some ways to protect your charities. There’s some helpful measures and some things that you should keep in mind in thinking about how to protect your charity from fraud.
And we’ll wrap things up with a few quick tips at the end, the sort of important takeaways that will be useful to jot down. And of course a question and answer session as well.
Now, that’s enough for my voice for the moment. So, I’ll pass on to Jess to just give a bit of the context to this topic at this time, which as you can see on the screen is coinciding with Charity Fraud Awareness Week.
Jess, can you just give us a little bit of an overview of what this is?
Jess Horey
Yeah, sure. It’s an initiative that came out of the UK, and it is more than 40 different charity regulators, charities, not-for-profits, and other professional bodies working together to really promote the anti-fraud message out there.
So, making sure that charities and not-for-profits are prepared to deal with fraud, and it's a great opportunity. If you look at the bottom of our screen here, you can see a link to the hub there, which has some amazing materials.
So I’d highly recommend getting on, checking it out, because it's a good opportunity to get perspective from a whole range of different regulators on ways you can prevent, identify, and mitigate fraud against charities. Definitely worth checking out.
Matt Crichton
And that link is - that URL is quite a long one there, so if you don’t have time to scribble that one down quickly, never mind.
We are going to send a follow-up email to everyone who’s registered for the webinar, and that’ll include all the links that we mention in this webinar anyway. So you can jot it down if you want, but of course, you can leave it for later.
Yeah, it is definitely worth checking out.
Charity Fraud Awareness Week has a few aims - to raise awareness of charity fraud. Importantly, to share good practice.
And that’s where the relevance of all the different types of stakeholders comes into it because you can really learn some important things from people in other but related fields, helps charities understand risks.
An important one there, Jess.
Jess Horey
Yeah, that’s exactly right. I think understanding risks - and particularly as life is changing at the moment, particularly with COVID and the way the world is operating, the risks are changing.
So being on top of that and being aware of what's going on, this is a good opportunity for us all to get together and talk about how that might be affecting the charity sector.
Matt Crichton
For sure. And of course, to promote honesty and openness is important. And it's based on three core messages this year. Be fraud-aware. Take time -
Jess Horey
Yeah, take -
Matt Crichton
Yeah, go ahead, Jess.
Jess Horey
Sorry, Matt. Take time to check, and keep your charity safe.
Matt Crichton
That second one is particularly important because we’re all busy and we all have lots of things to do, particularly people in charities that have taken on many roles and doing lots of things at once, that taking time to check is a good reminder for everyone.
Jess Horey
Absolutely.
Matt Crichton
And before we do move on, I think it is worth - I’ve got a definition of fraud here, but Jess, you touched on the effects of the pandemic and you mentioned how everything has changed.
And it certainly has, and we’re all feeling it in a number of ways. I think it's important just to take a moment at the beginning to talk about how this affects fraud in particular and some of the practical applications, I suppose, for people working in charities.
Jess Horey
Yeah. I guess one of the things we have to think about when we do have such big changes - and the pandemic is obviously changing - it's changing not just obviously how people are interacting but how we work.
So now, lots of people are working from home, working remotely. So that will change how we identify types of risks, how we interact, how we keep records.
But also, there’s a lot of pressure on charities to pivot and change to adapt to the pandemic.
What kind of outputs are they putting, contributing? The pressure of losing volunteer workforce, all those kind of different things will change how you are able to cope or manage the fort in your organisation.
So I think it's a good opportunity with a week like Charity Fraud Awareness Week for us all to kind of reflect on those changes in our organisations and how we’re managing fraud now in the changing environment.
So that for me I think is kind of key. This is a really good opportunity for us to also take that time and review what we’re doing and how we could improve things to make sure that we’re not subject to fraud in the future.
Matt Crichton
Exactly. And it's not that the pandemic itself presents any particular vulnerabilities for fraud, but it is the mass disruption, I suppose.
Stability is a great environment in which to make sure everything’s right and be on top of all your risks and all of that sort of thing, but something like this and all the knock-on effects that you have just pointed out point to quite a lot of disruption for charities.
And that’s where some gaps can appear or you can lose sight of some of the important processes and checks that you need to do to keep on top of risks and vulnerabilities.
Jess Horey
Yeah, it can be as simple as requiring a signature. Often, charities will often have double signatures on papers to make sure that things are approved at multiple levels.
Now you’ll have electronic signatures running around because there’s no one there in the office. How are you keeping track of who signed what, where the approvals are? There’s all kinds of complications that come from these type of changes.
Matt Crichton
All right. Now, we did that context. Let’s have a look at some of the other broader foundational stuff to do with charity fraud. Jess, this is I guess from a fraud guide that we’ve got.
A fairly decent, succinct definition of what we’re talking about today.
Jess Horey
Yeah. As everyone can see on the screen, fraud is a form of dishonesty, where someone acts in a dishonest way so that they can receive a benefit, or someone else experiences a loss.
And that other person could be the charity itself or a beneficiary or someone - an individual inside the charity.
Matt Crichton
And there are a few ways this can happen.
Jess Horey
Yeah, there’s a variety of different ways. We can see people commit fraud in different ways - making false representations, abusing their position, failing to disclose information, or using other forms of deception.
Matt Crichton
Sorry, I might just go back there and just stop on a couple of these, because I think we have a common view of fraud in all our minds, but sometimes some of these less obvious ones may slip our minds when we’re thinking about this, particularly if you're involved in a charity.
Something like failing to disclose information is one that people may not necessarily connect with their typical idea of fraud. Isn’t that right, Jess?
Jess Horey
Yeah, I think that’s one of those ones that people don’t understand might be ways that people can get a benefit without failing to disclose certain information about related parties that are involved and what's their actual interest, and failing to provide information is a good way of deceiving people, so - of deceiving them by omission.
Matt Crichton
Yeah, right. And of course, fraud can have a negative effect on a charity’s reputation and profoundly affect staff, volunteers, and board or committee members.
So it's one thing, Jess, to think about the bottom line and maybe some money that went missing as part of fraud, but also that longer-term knock-on effect of reputation damage.
Jess Horey
Absolutely. I mean, we’ve seen it time and time again with the charity sector and I’m sure across other sectors where it's the main headline that gets the big flash, and that’s what people remember.
They don’t remember the work that was done to fix the problem or all the other aspects of it, and having that kind of association of fraud associated with your charity does impact on what kind of donations you're going to get into the future.
So it can have a really broad impact on how a charity can operate long-term.
Matt Crichton
Yeah. It’s one that can take a long time to recover from because people do - if you do have that negative connotation with the charity name, as you point out, that’s the headline. And that’s often the thing that sticks.
So despite the great work a charity might do to identify the fraud, fix it, flush it out and all of that, in some respects, it still doesn't quite live up to the main negative headline that hit at the beginning.
So it's really important to think about the long-term consequences of this beyond just the single incident, and maybe in this case a good example of prevention being far, far better than cure.
Jess Horey
Yeah, always.
Matt Crichton
And fraud and other types of financial crime, I suppose, as it says here, can be classed as either internal or external. Go over both of these classifications, I suppose, in the next couple of slides. First, Jess, can you give us an overview of internal fraud, what we mean by that?
Jess Horey
Well, that really is talking about someone inside or connected within the charity that is committing the fraud. So someone, a staff member, a board member, someone inside the charity is actually stealing the money.
Matt Crichton
Right, right. Yeah. And that can happen in a variety of ways. We’re not thinking about someone robbing the place, of course. It’s someone with access to systems and files and whatnot.
Jess Horey
That's right. Maybe they put a few extra bucks from their control of the payroll and they're putting money into their accounts.
They're creating false invoices I think is on the side there. Maybe they've decided to put their company - related company on the payroll without letting anyone know. So there’s all kind of different ways that that can happen.
Matt Crichton
External fraud. And the difference to internal fraud with this one, Jess, can you just give us an overview?
Jess Horey
Yeah. External fraud is more where it's someone outside of the charity who might be making a fraud against the charity. So, false invoices, trying to obtain money. It can be cyber fraud, so cyberattacks. With identity fraud.
So what we saw sometimes with the bushfires and the droughts, where people are making false claims for charity funds, and the charity is not aware that they're not who they say they are.
Matt Crichton
Right, right. And I suppose just turning back to the current situation and everyone working remotely with the pandemic still prevalent, this is something - this is I suppose a vulnerability, as you mentioned.
There may be fewer people, fewer resources, people aren't in the office together to talk about different things or have invoices or financial statements checked over by another. Sometimes, these situations can lead to vulnerabilities that allow some external fraud to slip through.
Jess Horey
Yeah, exactly. And I think in a situation like the pandemic, the type of beneficiaries who might be coming to you are going to be different to who was there in the past, people who previously were well-employed and had lots of money and now suddenly are unemployed or don’t have access to any income.
You suddenly are going to get a different type of beneficiary as well. So it does kind of put strains on how you verify that information in circumstances where people are all online as well.
So there’s very different ways that this is going to impact on - and as you say, exposes vulnerabilities for charities.
Matt Crichton
And just before we do move on just on the external, it's important for charities to remember that this can come from a number of fronts too.
So as Jess mentioned, the beneficiaries aspect and maybe people making false claims on grants or funds that they're not really entitled to but nonetheless they're having a go at, there’s also things like contract, as in third parties, and your charity’s supplier line.
Along that line too, there may be vulnerabilities that you need to keep in mind.
So it is a difficult one in that sometimes, the vulnerabilities are quite a few different - coming from quite a few different areas.
Jess Horey
Absolutely.
Matt Crichton
Now, this is an interesting question. Charities are unique in many ways. But they're not necessarily more vulnerable to fraud or financial crime than others.
However, there are some aspects that makes a charity I suppose more attractive to these sorts of attacks and this sort of vulnerability.
We’re going through a few of those. Jess, do you want to take on the first one here that sort of leaves charities in a particularly vulnerable position, I suppose?
Jess Horey
Yeah. I think there’s a - within the public, there is a high level of trust and confidence in the charity sector.
And that can sometimes lead to people making certain assumptions that everyone in the charity is also trustworthy, and that charitable organisations themselves or - potentially not - you don’t want to ask the questions that you might have asked if it was in a commercial setting.
So people sometimes get offended if you say, “Oh, what are you actually going to do with this money?” you know, “Don’t you trust me?” is the answer.
Don’t you trust that I’m - I have work and I do all this for this charity, but really, it does mean that because there is sometimes a resistance to asking those questions, it can leave them a bit more exposed.
Matt Crichton
A second one here, the culture too. So of course, all organisations have culture, whether that be a private commercial enterprise or a charity. But you just touched on it in your last comment, Jess. The culture’s an important aspect of this as well.
Jess Horey
Yeah, absolutely. And we definitely see it. Charities and organisations that are open and honest and are happy to be scrutinised are less likely to be subject to fraud.
So where there is a culture of trust, that’s great in some ways. But you also have to be - the trust has to be that you're happy to answer questions when they're asked about why decisions are made, why money is spent, how it's being used.
And I think sometimes in these - particularly charities where everyone’s working on a - you know, the smell of an oily rag, you can really find that that has a big impact on how willing people are to scrutinise those kind of decisions.
And I think that does leave some of those organisations more vulnerable to fraud.
Matt Crichton
Which touches on this one. And again, it seems to be a running theme through today’s webinar, I suppose, given the context of the pandemic, but this one here, a small number of people involved.
How does that make a charity particularly vulnerable, Jess?
Jess Horey
Well, yeah. As I mentioned before, we know that people in charities are often carrying multiple hats, doing multiple roles, and that can sometimes leave - it's like one person who’s making all the financial decisions.
And we know that fraud - and often people who make decisions to commit fraud are people who are in financially pressured situations, and they might make decisions that they normally wouldn’t. And it's often about opportunity.
So if you have one person who’s making all the financial decisions, has all the access to all the finances, it becomes much easier for them to commit fraud, and it gives them the opportunity.
So one of those things that we have to keep an eye on is making sure that you do have that multiple sign-off, and it's not just the person next to you, but actually having clear guidelines on who can sign off on what kind of decisions, making sure that we know where funds are being spent and we’re tracking and monitoring those.
So I think that’s really important for making sure that fraud doesn't occur.
Matt Crichton
And at a time like this, it's really important to not succumb to that very easy temptation to write it off as an extraordinary time and we’ll get back to normal later, so we’ll turn a blind eye to some of the shortcuts we’re taking at the moment just to get through while we’re low on staff and funding’s low and that sort of thing.
Because that’s a very easy way to do things in this sort of situation.
So, it is important to recognise where you may be lacking in resources to be able to do things as you may have done previously, and take the time to figure out ways to still put those checks and balances in place with the current resourcing that you've got.
And that means there’s less likelihood that you're going to leave those vulnerabilities vulnerable for a long time just to get through this time now to get through until we’re back to a normal state of affairs.
Jess Horey
Yeah, absolutely. I think one of the things that is the key with people particularly working from home - and you are making changes to processes because you've had to adapt to the new environment - is keeping records of all of these decisions that are being made and why you're making them.
So, obviously, we’re all working online a lot more, so that means more emails, and keeping track of those emails and keeping those records is going to be extremely important to kind of make sure that you can keep track of why decisions are made, and as Matt said, keep checking.
Don’t think that this is an opportunity to stop checking. This is an opportunity to make sure that you are checking and that you've got ways to keep checking.
Matt Crichton
Yeah. Now, funding’s something that’s probably unique to the charity sector. Well, in the types of funding challenges that it has. And this poses some vulnerabilities.
Jess Horey
Yeah. Irregular cash flow, it means that it is difficult to be able to identify where funds go missing here and there, because that becomes - it is part of the pattern of particularly a small charity, where there’s lots of irregular payments and different types of revenue coming in and out.
Obviously, in other sectors, you don’t necessarily have so much variation in how much income or output is going through. So it just does make it a bit more difficult for charities to pick up or to identify where something off has happened.
And again, not to harp on about the pandemic, but prior to the pandemic, we had the bushfires, we had record amount of money was coming into the sector. Then we had the pandemic, and then obviously, that has caused big impact on a large range of charities.
So you can see even that in itself, those kind of ups and downs of disasters, have a great impact on the charity sector than others, and that can make it really difficult to pick up where there has been maybe some funny business in the financial actions.
Matt Crichton
Okay. We’ll move on to some responsibilities now and duties and certain obligations that charities and the people involved in charities have. And before we get on to some obligations specific to the ACNC, we will touch on some other bodies, because Jess, of course, the ACNC can do some things, but it can’t do everything. And there are other agencies or bodies that are involved in certain actions.
Jess Horey
Yeah. So obviously, fraud is a criminal offense. So the first place you need to go is to the police, and making sure that you're lodging that with the police is the important thing at this point to stop that activity occurring into the future.
So, that’s the first point of call. As is on the slide, you can also talk to your bank to make sure that funds aren’t being misused that way, and that charity bank accounts have the right signatures on them to stop credit cards and other accounts being misused in that way.
So there’s some really practical things I would get straight onto as soon as you know or even suspect that there could be some fraud occurring in your charity.
Matt Crichton
Yeah. And there are other -
Jess Horey
Yeah. So - sorry, Matt. Go.
Matt Crichton
No, yeah. That's all right. So once you've done those immediate things, if it's to the point where you have to contact the police - also, you may want to think about the government bodies that cover certain actions such as the ACCC’s program Scamwatch.
And reporting fraudulent behaviour to state or territory consumers regulators. And that differs in each state, and they may have different jurisdictions.
The actions and the wrongdoing that it can look at may differ between each state and territory, but certainly, it's worth looking at those government agencies as well.
Jess Horey
Yeah, I was just going to say that Scamwatch is a great resource, particularly for cybercrime. If you're experiencing those kind of phishing activities, make sure you get those reported to Scamwatch, because they're actually doing - they're in the background being able to alert people to the type of schemes that are going on out there, so check -
Matt Crichton
Yeah, absolutely. It acts as sort of a public service announcement too. So if it's happened to your charity and it's reported to Scamwatch, it's likely to show up there on the Scamwatch website, and other people can learn from it and look out for some of the indicators that it may be happening to them as well.
Okay. Now, the ACNC’s obligations, Jess. Do you want to quickly run over some of these?
Jess Horey
Yeah. So I think we’re just starting off here with the obligation to notify the ACNC where a breach has occurred. I guess if you have had experienced fraud in your organisation, potentially that was because there has been a failure in some aspect of your governance.
There might be a policy that wasn’t really up to date, or maybe a procedure that wasn’t working, or some decisions were being made that weren't really in the best interests of the charity.
So those are all indicators that there might be a breach of obligation to the ACNC, and the best thing you can do is notify us as soon as possible or within 28 days of becoming aware of the breach.
That allows us to keep on top or make sure that if we’re finding out about the fraud in the newspaper, we already know that you're on top of what you're doing, that you know that there’s problems in your governance and taking steps to fix it. It’s a really good way of keeping us in the front foot rather than us having to react to a bad media report.
So, I really recommend if you are or do find that you have experienced fraud in your organisation, get online and let us know by submitting the Form 3C.
Matt Crichton
And just to, I suppose, allay some fears that that may foster in some people, doing so doesn't necessarily put a big black mark next to your charity or a line through it on a list or something like that, does it, Jess?
Jess Horey
No, not at all. In fact, it's probably more like a tick against your name. If we think that people are being proactive with their obligations, the ACNC have recognised - because you know, no fraud policy is ever going to be 100%. You need to be able to adapt and change, as we said.
And for us, a charity knowing that they need to let us know where things have gone wrong is often an opportunity for us to know that you're on the right track. So from a compliance point of view - and that’s where I view all these issues - that’s really for us a positive step the charity’s taking.
Because they are aware that there have been mistakes made, and that means that they're at least ready to fix those mistakes.
Matt Crichton
Yeah. Okay. Reporting an incident, as it says here, is one of the ways to demonstrate that your charity’s board or committee members are dealing with the issue appropriately.
That's what that notification is, is really getting at the heart of. Okay. We’ll move on to some of the protections now for charities. Sorry. My voice caught up there.
And so we’ve got a number of things to get through here, some tips and practical steps to help people protect their charity from fraud. Let’s set the context. It's important to consider three things here, Jess. We’ve got them listed on the screen. Do you want to take us through these?
Jess Horey
Yeah, sure. So what we think is really important is having an ethical culture, ensuring that there’s good communication flow, and that you really have those policies and procedures in place to build it all together.
Matt Crichton
We say an ethical culture, and one of the things is to be clear about a charity’s values. And that means not just knowing them and having them passively exist somewhere, maybe in the constitution, in a folder, in a cupboard collecting dust.
But talk about them often, and model them in your behaviour. And that doesn't have to be in big actions, in big projects all the time. It can be just the daily stuff that helps set the culture within the organisation.
There are a few key points to doing this, Jess.
Jess Horey
Yeah. So I think as you said, excuse me, it's about modelling them, so setting the tone from the top, making sure you have clear expectations for everyone within the charity - what's expected in regards to the disclosures, the behaviours, things like that, what your charity is working towards.
A no-blame culture. That allows people to raise their hand when things go wrong or they've made a mistake, and that allows charities to fix them before things - rather than people trying to hide their mistakes.
And that’s really an important way of improving your governance.
Promote fairness. So that means that people don’t feel like they're going to be - Joe Blow’s going to get a job over Joe - next guy because of who he knows or because he’s being - he goes for drinks with somebody else.
That changes - then that can build resentment within an organisation. And also, promote and protect - excuse me, sorry - protect whistle-blowers.
So there’s obviously legislation out there about whistle-blowers, but it's really important that people feel that they can raise concerns, that that can go - you know, to be protected and they're not going to be impacted by that.
Matt Crichton
Yeah. I’ll let you get yourself a drink of water there, Jess. And of course, actually, there is - Jess mentioned the legislation about whistle-blowers. We will include a link to some information about that in the follow-up email to this one.
Important for a charity to be open about the possibility of fraud, even if the risk is low. So the people involved in the charity should know what fraud is, know how it can occur, know how it typically does occur, particularly with charities and the unique vulnerabilities that we went through earlier will be a good starting point for this.
And it's important to realise that although you may be confident in your organisation’s ability to prevent fraud and even deal with it if it may pop up in small cases, it's important to know that your charity isn’t immune to it, and it needs - the people involved need to take the threat seriously even if they think it's highly unlikely.
Jess Horey
Yeah. I think this is where risk assessments are really important, you know, understanding what are the risks that your charity faces. And then you can become confident that you have mitigations and things in place to protect it.
But you can never have zero risk of fraud. It’s just not possible. There’s always ways that people can get around various policies, procedures, protections.
But it's good to be aware where your vulnerabilities are so you can put in place the necessary protections to make sure that you are less likely to be subject to fraud.
Matt Crichton
And this is a real practical point here. So just bringing the abstract and the good ideas into something that charities can and should actually do, two points here. Jess just mentioned one with the risk assessment. And then regular reviews. So what does this mean, Jess, in practice for a charity, the risk assessment? How often? How many topics? How should it look? And then the regular reviews. Is it weekly? And what sort of procedures? What are we talking about here?
Jess Horey
Yeah. It really depends on the type of charity that you have and your size and complexity. I would expect that you would have a risk assessment in place for all charities, and that doesn't have to be a major, big document.
It can be as small as one page and getting everyone to sit down, if it's your small organisation, or if you're larger, maybe just those in the finance and from different departments, and going through and testing what are the risks of fraud, where are the touchpoints where that could occur.
Brainstorming those out and making sure you have thought through all those risks. And thinking about ways you can prevent that happening. So it's a fairly - it doesn't have to be a big, complicated document. It can be just quite simple, and then you can find where there are gaps. And that will help you fix those gaps in the future.
The other side of how regular, again, it does depend on your size and complexity. I think we’ve already mentioned a number of times, with the current changes in place - and I know that obviously charities are probably stretched at the moment, but it is a good time to be thinking about reviewing your risk assessments because there are changes that you need to be considering now that we’re - obviously, most people are working online or remotely.
I think how regular that is, you wouldn’t be wanting to leave it for too long, because obviously you’d need to keep adapting to the changing circumstances.
So things that might require you to change your risk assessment is suddenly an increase in income or decrease in income. You take on a new activity, you might want to review your risk assessment then. So it does really depend on your charity and what kind of activities, actions, and size you are.
But you need to be thinking when was the last time we looked at our risks, have we done anything different or new since we last did it, and then considering well, if those are yeses, then you need to be looking at reviewing your risk assessment.
Matt Crichton
Absolutely. I think that point, it sort of sums it up, in a way. Are you doing anything new, or has something in the environment changed that may cause a need to look at a particular or policy again?
No doubt, charities would have lots of procedures and policies that don’t say anything about working from home in a pandemic and all that sort of thing.
So that’s a good example of - of course this is a major global event, but nonetheless, it's an event that has caused changes within a charity that should prompt it to just think about the processes by which they operate and how they stand up to the demands of the current working environment.
Okay. Now, identifying the types of fraud, this is sort of the idea of the red flag. And charities should think about if they're even trying to get their head around this from step one.
Jess Horey
Yeah. So what they really need to do is look at their different risks that they present from, firstly, the activities, those roles and people inside that charity, and what are their banking procedures and fundraising methods.
How do they make decisions about who gets paid? Who has access to the charity’s credit card? Are there controls in place for how that money is used?
So I guess it's looking at what your charity does, who does what, and then what are the money - and how is money used inside the charity. Those are the three things.
Matt Crichton
Yeah. Understanding the red flags comes in different, I suppose, sections or different working areas for a charity. And we’ll have a look at stuff for finances now.
So these may be some of the red flags, and these are the sorts of things that we may see or other agencies may see in investigating issues.
Jess Horey
Yeah. So the first there is altered, deleted, or missing records. I’ve already kind of touched on the importance of recordkeeping, but that is a really - kind of a red flag.
But if you suddenly realise that there are records missing, that might suggest that there’s something going wrong. Duplicate payments or unexplained or unusual transactions.
And we talked previously about the fact that charities do have this irregular kind of - often have irregular payment structures, but if you're seeing something that doesn't make sense, then you should be asking questions.
Unexpected invoice or budget variances. So, obviously most charities are putting in place a budget. There’s going to be variances because of changes to the environment, but you should also be taking steps to make sure that those variances are appropriate. Irregularities identified through an audit.
So yeah, your auditors are a great source of picking up potential issues. Obviously, a lot of people rely on the auditors as they're for prevention. And I just would make the point that that’s just one way and it's not necessarily the best way of preventing fraud.
They're just - they have one job to do, and that’s to make sure that the money is spent as the charity intended. But it doesn't mean that it'll necessarily pick up fraud.
And the last is reconciliation. Not completing regular or check for discrepancies. So those - making sure that those money that went out is reconciled, and that people are doing that checking, as we said, very important.
Matt Crichton
Yeah, great point about the audits. It definitely isn’t - if your sole defence against fraud and don’t think of it like that, it's another layer, in some cases maybe the final layer before getting stuff signed off.
But certainly, not the only thing your charity should be relying on.
And now, moving on from finances, some of the red flags are behaviour.
And this, in some respects, can be much more difficult to pinpoint because you don’t have line items to add up to make sure they equal the total and all that sort of thing. It’s much more abstract.
Jess Horey
Yeah, absolutely. I think what you see when fraud has happened in charities is often there’s someone inside the charity who may even have been there for years and years, and suddenly they come across a hard time, and they have the means and opportunity to solve their financial personal problems by putting some money aside for themselves.
And that kind of is a real way that charities can get into trouble.
Matt Crichton
And it touches on that point we made earlier about, I suppose, what are the particular vulnerabilities of a charity given the nature of the work and, in some respects, the pattern involved in the people taking on the work means that there may be this level of trust that I suppose prevents some of the more critical or the scrutiny that may come in other contexts.
So, here are some examples. One person with full control of financial processes. Jess, for this one, I’d imagine there are a lot of smaller charities that do have this setup exactly as we’ve described.
But we’ve called it a red flag here.
Jess Horey
Yeah. I think it's one of those things where you find that that person is in charge of all the decisions, because they're probably the person with the best experience in finances.
But I think it really is best practice for all charities to have someone else who actually at least understands the financial systems that you’ve got in place. Relying on one person to make all those decisions, while it might be the most cost-effective way, is not necessarily the best way for ensuring charities are protected from fraud.
So even though you might trust that person implicitly, it's good to have someone else who at least understands how the financial systems work and can go in and check and take over where that person is on leave or if something happens to them.
It’s good to have another person who at least understands those systems.
Matt Crichton
Yeah. The second one, I think we’re all familiar with in our daily life, our experiences. Vague responses to legitimate queries is often a red flag.
Jess Horey
Yeah, absolutely.
Matt Crichton
Now the third one, actually, because I think we’ve got an innate understanding of why that would be a red flag, that second one, but the third one here is curious. Reluctance to accept help or take holidays as a red flag.
Jess Horey
Yeah. I think this is - I guess going back to the first point, where you have a sole person in charge, if that person just is not wanting to take holidays, it might be because they don’t want to hand over or show someone else how to use the financial system because they want to hide the behaviour that they're doing.
So it's a good way - if someone is refusing holidays and they have that sole charge, then I would be really making sure that you have someone else come in and understand how the system works, because that’s the kind of way that people can hide fraud quite significantly.
Matt Crichton
And the last one, I suppose, is an extension of that in many respects. Delays to work reviews or audits.
Jess Horey
Yeah, that’s right.
Matt Crichton
Okay. When looking at the risk indicators, there are some things that we think is really important for people involved in charities to remember. And the typical fraud perpetrator is a paid employee. Now, that’s interesting. I think we think of fraud as an external problem. We’re not thinking of it as occurring within the organisation. But reality suggests that’s not the case, Jess.
Jess Horey
Yeah. I think - and we’ve touched on a few different types of examples of that, where people inside the charity have the access, the means, and it doesn't take much for them to make some wrong decisions and end up being a perpetrator of fraud.
Matt Crichton
Yeah, that’s right. I suppose if you've got all the access and you know everything, it is the easiest path, isn’t it? Not that we’re trying to lull people into this sense of paranoia, whereby they distrust all their colleagues.
I think it's just common sense to employ some element of critical assessment or scrutiny to the processes of the workplace. And the most common types of fraud, cash theft, payroll, or credit card fraud.
And we’ve touched on a fair bit of how this can happen so far, particularly with records. And if we’re thinking about prevention rather than cure, Jess, then recordkeeping is hard to understate when thinking about the payroll and credit card type theft.
Jess Horey
Yeah, absolutely. And I think having policies on how you use credit cards is crucial for that kind of thing. I think cash theft is a really difficult one for charities, where you are involved in collecting cash and dealing with cash. It’s really hard to put appropriate controls in place.
Obviously, you can do things like having two people there, so there’s not just one person with all the cash. Counting, double counting, and things like that.
But I mean, probably less of a problem in today’s world, where we’re not doing so much face-to-face fundraising. But yeah, each of those have their ways you can control, but recordkeeping is number one, always.
Matt Crichton
Yeah. And the third one here, it may sound almost glib, but it really is true. Having internal financial control is one of the most effective ways.
And the funny thing with this is it's so easy in one respect because you just have to just take the time as one of the core tenets of this is Charity Fraud Awareness Week suggests, take the time to set up the right steps or processes or controls, and then they should go a long way to protect your organisation from fraud.
Jess Horey
Yeah. I mean, we hear it a bit in compliance, “Oh, that’s just paperwork. What's the value when we’ve got other more important work to do?” And I guess what we always say is it's crucially important, because you don’t want really hard-earned charity funds to be put into someone else’s private pocket and not going towards the beneficiaries.
They don’t have to be complicated. In fact, better if they're not. The more simple the policy, the better or more effective it probably is. You need to have policies and procedures that people are actually following. And those are the best ways to stop your charity being misused.
Matt Crichton
Okay. As we say here, develop sound written policies and procedures. As Jess points out, these don’t need to be novels, and in fact it's better if they're not, because that last point Jess made, people need to be following these.
They need to know where they are, read them and understand them easily, and refer to them when carrying out their daily duties. So, detailed and robust financial procedures, a fraud prevention policy, and human resources procedures.
It may sound intimidating, these sorts of documents, but Jess, they really don’t have to be as complicated as the words make them sound.
Jess Horey
No, absolutely. I mean, we say detailed and robust, but what we’re talking about is so people know where things are recorded, when money can come out, who can make decisions. Those are the details that really matter.
And making sure you have - when we’re talking about robust, we’re talking about checks and balances put in place so that people are checking on those financial transactions, they are monitoring to make sure things don’t go wrong.
It doesn't have to be a complicated process. It just has to be that you have thought through what are each of the steps for financial transactions or financial payments that your charity makes, and how are you making sure that the money is going to the right place.
So it doesn't have to be complicated. And really, as I said before, really, it's better that you are using them, that they're usable policies.
Anything that is too detailed, too long, people are going to ignore it, and they're going to skip steps and they're not going to do it right. So better to do something that’s effective than something that is perfect, I guess.
So don’t write big, long policies and then put them in the shelf and never look at them again. But the main thing is to make sure that you have something in place that is something that your charity will actually use, and it's fit for purpose for your charity.
Matt Crichton
Yeah, exactly. That brings us to - I suppose, most of the formal content today being done, we’ll just kind of run through some steps to remember, some key points to take away.
So Jess, I’ll get you to take us through the first two. If people haven't been paying as much attention so far, they can switch on now and get some of the most important takeaways from today’s webinar. Numbers one and two, Jess.
Jess Horey
Yeah. So number one, keep those clear written financial procedures and delegations. And when we’re talking about delegations as who can spend how much and when, and what for.
So, pretty straightforward stuff, but if you don’t have them in place, it's easy for people to bend the rules a little bit, and before you know, you're in big trouble.
Matt Crichton
Absolutely. Really, just to - before we get to number two, that’s a really important point, because it might say the process is so and so has to sign off on this and so and so has to use this credit card for this type of thing.
You get into the details about at what level can what amounts of funds be processed by this person, and who needs to sign off on more funds and that sort of thing can often be missed. But they are really important to have in clear, written procedures.
Sorry, move on to number two.
Jess Horey
No, that’s all right. Thanks, Matt. Okay.
Next is robust human resources procedures. So that is giving people an opportunity to know when they see something wrong, who do they report it to, how do they report it. What's the impact if they don’t - they do do something wrong like spend money on a credit card for personal use, what's the impact of all those different decisions? What's the charity’s code of conduct for - what are their expectations of how those employees or volunteers should behave?
And those kind of protections will allow you to protect your charity from people making bad decisions and you feeling like you've endorsed it by not giving them a clear instruction.
Matt Crichton
Yeah, exactly. The code of conduct thing, display it and embody it. And this is really important in embedding the culture that you want in your charity. And doing this is an easy way of having it run right through your organisation.
As we said earlier in the webinar though, it is important that it starts at the top, and the embody part of this is really crucial. Putting up posters is one good way, but if the people aren't going to follow the code of conduct and the values that your charity stands for, then the posters and the slogans aren't going to go as far as they should.
Number four, financial responsibility. Make sure it's shared and transparent. And this does even apply to smaller charities. We know that many smaller charities lack the resources that larger charities have, so it's hard to share some of the responsibilities. But within your capability to do so, it's worth sharing them around so that there are protections in place on the use of funds and the procedures that control the charity’s funds and resources.
And the last one here, just the transparency’s important, because people should know what the processes are and should be able to - should have ready access to policies and procedures that explain to them what they are, so if they need to find out, they can. There’s no hiding.
Numbers five and six, Jess?
Jess Horey
Yeah. So limit staff and volunteers’ cash handling. As I mentioned before, it's really - cash is a hard way - hard to manage fraud for because you can’t - the recordkeeping is less available because you're dealing with cash. So if we can limit how much staff and volunteers have access to cash, that’s always going to be a good way to go.
Six is monitor the charity’s budget and bank accounts, and keep track of grant funding. So, making sure that you are seeing the ins and outs, both in your budget, your accounts - and so you can account for the grant’s funding and how you've used it is really important.
That way, you can pick up something early rather than waiting till the end of a project and finding out that all these funds have gone to the wrong area.
Matt Crichton
And just finally, number seven, take the time to check. So even though we’re in an environment where everyone’s busy, everyone’s doing multiple things at the same time and struggling to find the time to get lots of things done, it really is important to take the time to check.
Ask questions, and don’t take anything for granted. And encourage the culture of asking at your organisation, at your charity.
Number eight, understand the importance of reporting fraud.
As Jess mentioned earlier, there is a duty to notify the ACNC in certain circumstances, and that doesn't necessarily put a black mark against the charity’s name. It actually indicates that the charity is taking its governance processes seriously, and it's something that they should do.
And it's not just to the ACNC. It’s any instance of fraud that can be reported to other authorities as well. Whether that be as serious as the police or to another government agency at state level, it's important to do so.
Okay. We have had a few good questions coming our way. I know that we are sort of running out of time, so we’ll get through a couple of quick ones. Oops. That’s the end. I’ve got a couple here, Jess, that you may be able to help us out with.
There’s a question that may be useful for everyone. Someone’s asking if it's still fraud to use charity credit cards or funds, for that matter, I suppose, for personal purposes if there’s a promise to pay the charity back.
I’m not sure if the promise would be in writing or of a verbal promise, but nonetheless, the concept there. Is that still fraud?
Jess Horey
It really does depend on the context, but if you have a credit card policy where staff are given personal credit cards that they can use for the charity purposes but they have to pay for their own funds in the end, so they have to account for it, that could be a way that you say is a promise that you will pay it back, so that clearly, in the credit card policy that you can buy some personal expenses but you will reimburse the charity, that is potentially not fraud.
I think it's a really dangerous area to go down because obviously, credit cards have interest rates, and you're getting pretty much a free loan from the charity by not having to pay for the credit card fees and all the other things.
So you need to be careful about making those kind of expenses. I think even paying it back is not necessarily going to stop you from being subject to fraud.
So you need to follow the policies, make sure you have policies in place about how credit cards can be used and who can get paid when, and how much they can use for personal expenses.
Matt Crichton
There’s one here that’s sort of on a similar note, I suppose. You’ve sort of just touched on the answer.
Is it fraud - someone’s asked if it's fraud if a charity approves something that it shouldn’t, an example being maybe a board or committee collectively approves spending on something that it really shouldn’t, because it's for the benefit of the board.
Jess Horey
Yeah. This is a tricky one. I think you may not find that it's fraud against the charity itself because the board is making the decision. It may be private benefit, and therefore not charitable decision making, and definitely not good governance.
Where it could be potentially fraud is where it's relating to a government funding agreement or something like that, where the funds are actually provided to the charity for another purpose.
If it's inside the charity, whether it falls under the definition of fraud or not is a little bit more complicated if the board has approved it, but then the question comes down, are the board misusing charity funds for private benefit, and therefore are they not actually acting charitably or in the best interests of the charity.
And that for us would be a significant, serious issue that we would be taking serious action for.
Matt Crichton
Yeah, right. So even if it doesn't necessarily fit a strict legal definition of fraud, for the purposes of low enforcement, it certainly is a problem for governance and something that the ACNC would be concerned about.
Jess Horey
Absolutely.
Matt Crichton
And we’ve got time for one more, I suppose. This is an interesting one, just moving from those examples to things we’ve spoken about today with regards to the current environment. But can charities have different approaches to fraud in different situations?
So for example, it may be harder to be right on top of all fraud in the midst of an emerging disaster. They can shift their fraud protection up and down according to the environment?
Jess Horey
It’s a complicated one, I think, because say, for example, you're in the middle of a disaster and you need to get funds out to people quickly. You might need to be a little bit more flexible in your fraud procedures at that point, just for the speed of getting money to people in need.
You need to really understand in those circumstances what is the tolerance for fraud in those kind of situations for your charity, and you need to have that clearly documented.
I think in most circumstances, you need to make sure that the fraud prevention is in place, but there can be circumstances I can see where it's an emerging disaster, and you need to get money out quick or there’s some kind of urgent decisions that need to be made.
But really, this is where recordkeeping is 100% required because you need to be making sure that those decisions are accounted for, you're keeping records of why you're making those decisions, why you're deciding to take a different approach to fraud in those circumstances.
I think it's really important that charities have a very clear indication of how much fraud they're prepared - what's their fraud tolerance, and how that’s impacted by things like emergency disasters and things like that.
This is, I think, an area that is complicated. I wish I could give a more straightforward answer, but I do think it does come down to being clear about what's your sense of fraud tolerance in your charity and keeping records of why you're making those decisions if you are deciding to be a bit more lax on your fraud policies.
Matt Crichton
And that’s the important thing in recordkeeping. And just to clarify, when we say fraud tolerance, we’re not talking about willingly seeing fraud and not reporting it. We’re talking about tolerance for the risk that fraud could come about, right?
Jess Horey
Yeah, what we’re talking about is that, yeah, you're prepared to risk more that fraud could be occurring because you are more focused on ensuring that those in need get the money or the resources that they need at that point in time.
So, that’s I think the differentiation there.
Matt Crichton
Yeah, yeah. And recordkeeping, recordkeeping, if you've got the documents, then that goes a long way. Okay.
Jess Horey
And it might be that you - sorry, Matt. Just one more point to that. I just want to clarify also, it might be something that you're prepared to wear the risk at the front end but go back to try and recover or check later on.
So it might be okay, we’ll wear this risk now with the idea that we’re going to go back and recheck this later on when the need isn’t so great, and take the necessary actions at that point, report it to the police, whatever you think is necessary if you think you have been subject to a fraudulent claim.
Matt Crichton
Great. Well, that brings us to the end of today’s webinar. Thank you very much, everyone who’s hung around this far and still with us. We hope you got a lot out of it.
If you have a few moments at the end of the webinar to complete a very, very short survey - I think it's only three questions - so if you've got 25 seconds to do that, we get a lot out of that survey at the end, that will be appreciated.
Also, we’ve got lots of web guidance on a range of topics, particularly the ones that we touched on today, on our website.
Sign up for the Charitable Purpose e-monthly newsletter if you're on the website. That's a great way to hear about news in the sector and the ACNC and - or a range of things to do with charities.
Our webinars are all on the website if you've missed a few previously. You can go watch videos there. The podcast has chats with experts about some important topics for charities. And of course, if you've got any queries, send us an email, advice@acnc.gov.au. And we’re fairly active on social media too. There are our main channels there.
So thanks very much for hanging around, everyone. Thanks to everyone who - thanks to our colleagues who were able to answer the questions for everyone, and we hope you got a lot out of it today, and we hope that you take on some of the resources for Charity Fraud Awareness Week and use them for your charity.
Thanks for presenting today, Jess.
Jess Horey
My pleasure. Everyone, check out the hashtag, charity fraud out. Thanks.
Matt Crichton
Yes, please do. Okay. Well, that concludes our session today. We will be closing off the webinar, and we hope you have a good day. Thanks for joining us.
Jess Horey
Bye-bye, everyone.