YouGov stats1 showed that during 2020/2021 there were approximately 16 million volunteers in the UK. When you know that volunteers are giving up their own time to support your charity, it can be a very sensitive topic to talk about the insider threat and the need to keep your organisation safe from those few individuals who may be dishonest for their own benefit, when the majority will be trustworthy.
There will be a mixture of paid employees and volunteers who can abuse their position for their own gain within the charity sector and some charities may rely on volunteers to fulfil all roles – which is why it is even more important to ensure that charities are protected against volunteer fraud.
Why is it important to protect the charity sector against volunteer insider threats?
It was estimated that during 2020, kind-hearted people in the UK gave £11.3 billion to charity2. There can be many reasons that encourage an individual to donate to charity – whether supporting the cause and wanting to make a difference or simply doing something that makes themselves feel better. Those who support charities want to believe that their donations are going straight to the heart of the charity, to help a specific cause. And, they would think twice about donating if they thought their donation was going to end up lining the pockets of a dishonest individual or was not going to make the societal impact they expected.
The benefits of keeping insider threats out of the charity sector
Without question, the public are much more likely to continue supporting charities where they feel their contributions are making a difference. If there were suggestions that a lack of controls had allowed volunteers to embezzle funds meant to benefit society, then this could significantly impact the goodwill of those who support the charity. Reputational damage can cost charities tens of millions of pounds in regular donations as well as grants and other sources of income. Maintaining a strong reputation is therefore vital in order to continue having the support of the public.
How can I balance keeping my charity safe against the insider threat whilst ensuring that volunteers do not feel they are not trusted?
- Enhance a zero tolerance policy. Do not be afraid to talk about the insider threat. Regardless of sector, there will always be those who attempt to obtain a benefit dishonestly. Talking about it enables open, clear communication so volunteers know that controls are in place, that the charity does not tolerate dishonesty, and there are severe consequences – for example police involvement and seeking to be reimbursed for theft of cash.
- Emphasise that it is only a small minority who will be dishonest. Let volunteers know this too so they are aware of the controls in place, and that it does not mean the charity is suspicious of all volunteers.
- Educate volunteers on what constitutes an insider threat. Whilst activity like theft of cash and assets are well-known insider threats, are your volunteers aware that other activity, such as divulging confidential personal or commercial data, can be just as damaging, if not more so?
What are some best practice tips to keep charities safe against the insider threat?
- All volunteers should receive sufficient, relevant checks based on the role they are applying for before being accepted as a volunteer. Any changes to the role of the volunteer should generate a check to make sure that they are screened to the sufficient standard for their role. Charities should explore organisations that offer high-quality screening checks that can be undertaken throughout the entire employee and volunteer lifecycle.
- In small charities, roles such as reviewing donation fraud, awarding contracts and applying for grants may be undertaken by a volunteer. It is important to ensure that the processes are ethical and legal in accordance with the charity’s donation, grant, procurement and gifts and hospitality policies as well as anti-bribery and corruption laws. Where possible, the procurement and gifts and hospitality policies should not be written by the volunteer who is responsible for contracts and grants.
- If you do not have the resource to undertake full audit checks against expenses, then a dip sample should be carried out as a minimum, ensuring that any expenses submitted are genuine.
- Educate volunteers so they are aware of cyber security and the consequences of opening unverified links on emails. Volunteers should receive sufficient training so they can understand the importance of cyber security.
- Volunteers must be encouraged to raise any insider threat concerns, whether via an established whistleblowing policy or by raising an issue with an appropriate contact at the charity.
- Review invoices regularly and cross-reference with bank statements to ensure payments have been made into the charity’s account, and not diverted elsewhere.
- Charities should regularly monitor the media to review industry frauds and trends that have been identified, to ensure they have sufficient controls in place to combat against the threat.
This helpsheet was kindly prepared by Tracey Carpenter from Cifas.
© Fraud Advisory Panel and Charity Commission for England and Wales, 2023. Fraud Advisory Panel and Charity Commission for England and Wales will not be liable for any reliance you place on the information in this material. You should seek independent advice.
This work is licensed under a Creative Commons Attribution-NonCommercial-NoDerivatives 4.0 International License.Published 2018. Last updated August 2021.