Fraud in Charities – Push Payment Fraud
Continuing in our series of blogs for Charity Fraud Awareness Week, our Head of Charities and member of the Charity SORP Committee, Jenny Simpson, is giving examples of frauds perpetuated against charities and what you can do to protect your charity. Today she looks at push payment fraud;
The circumstances surrounding the fraud
The Chief executive of a charity travelled widely as part of their role. One Friday, before a bank holiday weekend, a member of the finance team received an email from the Chief executive explaining that they had forgotten to authorise payment of a grant to a partner organisation and asking them to make an immediate bank transfer. The email gave the bank account details of where the payment was to be sent.
The finance team member made the payment and it transpired that the email had not come from the Chief Executive and the account details were not those of the partner organisation.
What you can do to protect your charity
This is a common type of fraud that we’ve probably all seen at some point. The fraudster is relying on catching someone out, perhaps because they’re busy with other tasks. Your defence against such frauds relies to an extent on educating all members of the team to be vigilant and sceptical. There are a number of training resources available, some of which are free. It’s also possible to ‘test’ staff by sending dummy phishing emails and confirming that they don’t respond, click on links or open attachments which could be harmful.
Segregation of duties is also an important internal control. Wherever possible, one person should not be able to instigate and release a payment. The payment should be set up by one person, and approved and released by another, who checks that it is valid by reference to supporting authorised documents.
This blog is intended as a general overview and discussion of the subjects dealt with. It is not intended to be, and should not be used as a substitute for taking professional advice in any specific situation. Wylie & Bisset LLP (and its subsidiary Wylie & Bisset (Audit) Limited) will accept no responsibility for any actions taken or not taken on the basis of this blog. If you would like further advice or would like to discuss any of the issues raised in the blog then please get in touch with your regular Wylie & Bisset contact or use the contact form on our website.