The extent of charity fraud is startling. According to figures released by the National Fraud Authority in January, the sector loses £1.3bn a year to fraud, equivalent to 2.4 per cent of its income. It estimated that 11 per cent of charities have been victims of fraud in the past five years, although the authority concedes that it is difficult to put a precise figure on the size of the problem.
Any commentary on the extent of fraudulent activity is likely to have similarities to the much-lampooned "known unknowns" speech of the former US Secretary of Defense, Donald Rumsfeld. There is no doubt that it happens, but its frequency remains shrouded in mystery. Successful fraud, by its nature, is not known about.
There are two main types of fraud: internal fraud, committed by someone within an organisation, and external fraud, such as third parties setting up false fundraising websites or misusing a charity's name to gain funds. Left undetected, fraud can cost charities dearly, as the jailing of former London Philharmonic Orchestra finance director Cameron Poole last year showed. Poole redirected about £645,000 to himself between 2005 and 2009, mainly by forging signatures on cheques. A Charity Commission report into the case, published in January 2011, estimated that Poole's actions had cost the orchestra about £2.3m because his attempt to conceal the fraud led to him overstating its income and understating its forecast expenditure.
There are steps charities can take to guard against fraud. According to Paul Huck, senior associate at corporate advisory company Zolfo Cooper, the first step is to recognise that you are vulnerable. "There is this overriding belief in some people that no one would defraud a charity - but that is not the case," says Huck, who has estimated that fraud against charities costs up to £2.6bn a year.
Research carried out in 2009 by the Fraud Advisory Panel into charity fraud found that more than half of victims thought they had been too trusting. "We don't have the same controls, checks and policies you have in a bank," says Stephen Hill, director of fraud protection at Snowdrop Consulting. "But we're dealing with sensitive data."
The National Fraud Authority estimates that nearly half of all fraud against charities is perpetrated by employees or volunteers, yet research by the Fraud Advisory Panel found that 60 per cent of charities have no significant anti-fraud policies. Alan Sharpe, director of finance and information services at the wildlife charity the RSPB, says that charities need to ensure they're vetting new employees and volunteers properly. "The defence against fraud starts with who you employ and making sure you are doing the proper checks - taking references, taking qualifications," says Sharpe. "Right at the outset, you are making it difficult for perpetrators to join your organisation."
Charities should also separate duties so that, for example, one person alone is not responsible for the collection and paying in of cheques. A charity can make it a rule that two signatures are required for authorising expenditure. If it's a small charity, the rule can apply to spending anything more than £250, for example.
According to Hill, the finance department of a charity needs most attention. "If you are dealing with payments, that's the golden key that could lead to a charity being exploited," he says. When fraud is examined, it is often the finance directors who are responsible. "The reason for this is that they had total control," says Hill. "No one else knew what they were doing."
The outside job
External fraud committed by individuals or organisations not connected with a charity can be even harder to spot than internal fraud.
According to the National Fraud Authority, the unauthorised use of a charity's name to collect funds is considered by charities to be the most significant external fraud risk.
But other types of external fraud include people impersonating suppliers and asking for a charity's bank details, and organisations making fraudulent grant applications. In 2005, the National Audit Office estimated that lottery grants worth more than £6m were paid to fraudulent applicants between 1999 and 2004.
Stephen Hill, director of Snowdrop Consulting, says it can be all too easy for third parties to pass themselves off as legitimate charities. "It's very easy to get a vest that says 'Unicef' and simply wear it," he says. "You are not operating on behalf of Unicef, but you have a fake ID and a clipboard."
Phishing scams - involving fake donation websites or emails that claim to be collecting for humanitarian appeals - are a burgeoning menace to charities. "There are a whole series of tricks to make the public believe it's real," says Hill.
Software programs exist to monitor websites with names that are identical or similar to those of charities. But charities otherwise rely on the public reporting abuse to them.
Oxfam GB, for example, has a distinct "abuse" email address where members of the public can report fraudulent emails or donation sites. The "appropriate authorities" are always notified, says a spokesman for the charity. "We also follow up with the hosting providers where we can identify them."