Being compliant with the new fraud prevention rules

The new legislation, applicable to larger charities which meet the specific criteria outlined below, has introduced changes to the measures charities must implement to prevent fraud and avoid liability if anyone associated with the charity commits fraud for the charity's benefit.

The keyword is "reasonable". The law recognises that no system can be perfect, but it requires charities to demonstrate genuine effort in fraud prevention. This shift has moved the burden from the current approach of reactive investigations to a more proactive protection strategy.

The criteria

The new legislation applies to charities meeting at least two of the following three criteria:

• More than 250 employees.
• Annual turnover exceeding £36 million.
• Assets totalling £18 million or more.

The approach of the legislation is to intentionally target larger charities with greater resources and a more public impact. However, the ripple effect is already influencing standards in fraud prevention across the entire charity sector.

Beyond legal compliance

Fraud can affect charities far more than just financially. It can also:

• Devastate donor confidence.
• Trigger regulatory investigation and intervention.
• Demoralise staff and volunteers.

Charities hold a position of trust with the public. Every pound lost to fraud is a pound not spent on the beneficiaries, which impacts the brand and reputation and, ultimately, the charity's purpose.

Systems and culture

Individual trustees are unlikely to face personal liability unless they commit fraud themselves, but a charity can now face liability if it doesn't have appropriate fraud prevention procedures, systems and policies in place.

This should be viewed as both an opportunity and a challenge; trustees should not view fraud prevention as merely a compliance task but rather as a fundamental aspect of good governance.

Ensuring compliance

To successfully maintain compliance with the new requirements, trustees should ensure their strategic risk assessment remains current and should undertake regular and detailed reviews of the fraud risks that exist within their charity's operations. It is advisable to focus on higher-risk areas such as grant distribution, procurement and fundraising activities.

As part of any ongoing assessment, trustees should consider both the likelihood of fraud and the potential impact on beneficiaries and reputation when completing any reviews.

The law requires "reasonable" procedures, not perfection. This can mean different things to different charities. The key is to demonstrate that your approach aligns with your risk profile.

An effective fraud prevention strategy must extend beyond just policies and procedures. The strategy should include your culture. A culture where people feel they can raise concerns and where ethical behaviour is recognised and rewarded is needed. For some charities, changes to the culture may be necessary, which can be more challenging to implement than introducing new policies and procedures.

Fraud risks change at a rapid pace, so staying ahead requires regular reviews and updates of prevention measures, not just for compliance but for genuine protection.

Appropriate fraud prevention

While the new legislation targets larger charities, it is already having a broader impact across the entire sector. Smaller charities should view this as an opportunity to strengthen their own practices.

Also of course, the Charity Commission already expects all charities to have appropriate fraud prevention measures in place, regardless of their size.

Protecting charitable purposes

Combating economic crime is part of a broader government initiative aimed at addressing financial crime. For charities, it represents both increased scrutiny and enhanced protection. Raising standards across the sector will ultimately protect the charitable purposes that charities all serve.

This law encourages trustees to demonstrate commitment through concrete action, which should be welcomed.

Common failings in fraud prevention

The Charity Commission offers useful guidance for charities, and it is important that trustees are aware of this and what they need to do to protect their charities. Sadly, vulnerabilities do persist, and there are some common failings which trustees can easily address to strengthen their defences against fraud.

One area of weakness is around internal financial controls.  For example, charities utilising single authorisation for payments, even high-value transactions. One often sees charities where payment approvals lack adequate segregation of duties, allowing one individual too much control over the financial process.

Another issue that can be equally problematic is the failure to ensure that invoices are received and verified before payment is authorised. Without timely documentation, spotting duplicate or fraudulent invoices is a challenge.

A further area of concern is around procurement processes. Too often, charities fail to obtain sufficient competitive quotes, relying instead on established relationships or convenience. This not only increases the risk of fraud but can also result in poor value for money. Once contracts are awarded, failing to monitor the quality and delivery of goods and services only increases the issues and risk.

For charities operating internationally, particularly those delivering overseas aid, the challenges amplify. Distance and different regulatory environments create opportunities for fraud that require preventive measures. Common failings include inadequate due diligence on local partners and implementing organisations.

There are situations where charities have insufficient oversight of how funds are actually used on the ground, with monitoring visits too infrequent or trustees failing to verify that reported activities genuinely took place.

Another widespread failing is treating fraud prevention as a one-off exercise rather than an ongoing commitment. Boards often fail to maintain fraud prevention as a standing agenda item, only addressing it reactively when problems emerge.

Sadly, many charities underestimate the importance of creating an environment where concerns can be raised. Without effective whistleblowing procedures and a culture that genuinely encourages speaking up, fraud can remain undetected for years, causing devastating damage to the charity's finances, reputation and, ultimately, its beneficiaries.

Embedding fraud prevention

Now that the legislation is in force, charity leaders must ensure they remain compliant. It cannot be about reactive measures taken only when problems arise. The approach needs to be about embedding fraud prevention into the heart of the charity.

Those who have embraced this change and see it as a catalyst for strengthening operations will be the charities which will thrive in 2025 and beyond.

To assess whether you are compliant, consider first these questions:

• Could you demonstrate to regulators that your fraud prevention measures are reasonable?
• Do your employees and volunteers understand their role in preventing fraud?
• When was the last time you reviewed your fraud risks?
• Is fraud prevention a standing item on your board agenda?

The highest standards

This is proving to be a pivotal moment for the charity sector. It is a real opportunity for charities to enhance public trust, safeguard resources and showcase a commitment to the highest standards of governance.

The law is now in effect, and effective fraud prevention requires ongoing attention to remain properly embedded. Those who continue to act proactively will find themselves not just compliant but genuinely protected.

The question isn't whether fraud could happen in your charity. It is whether you have adequately prepared to prevent it.

END OF ARTICLE

Return to top of page

NEXT ARTICLE