Introduction
This document sets out the policy and procedures of the Anaphylaxis Campaign against fraud and other forms of dishonesty, together with the steps that must be taken where any of these practices is suspected or discovered.
It applies to Trustees Directors, staff and volunteers. Anybody associated with the Campaign who commits fraud, theft or any other dishonesty, or who becomes aware of it and does not report it, will be subject to appropriate action.
Statement of intent
The Anaphylaxis Campaign will continually strive to ensure that all its financial and administrative processes are carried out and reported honestly, accurately, transparently and accountably and that all decisions are taken objectively and free of personal interest. We will not condone any behaviour that falls short of these principles.
All members of the organisation have a responsibility for putting these principles into practice and for reporting any breaches they discover.
Definitions
Fraud:
A deliberate intent to acquire money or goods dishonestly through the falsification of records or documents. The deliberate changing of financial statements or other records by either; a member of the public, someone who works or is a volunteer for the Campaign. The criminal act is the attempt to deceive and attempted fraud is therefore treated as seriously as accomplished fraud.
Theft:
Dishonestly acquiring, suing or disposing of physical or intellectual property belonging to the Campaign or to individual members, supporters or clients of the Campaign.
Misuse of Equipment:
Deliberately misusing materials or equipment belonging to the Campaign.
Abuse of Position:
Exploiting a position of trust within the organisation.
Culture
Anaphylaxis Campaign fosters honesty and integrity in its entire staff. Directors, staff and volunteers are expected to lead by example in adhering to policies, procedures and practices. Equally, members of the public, service users and external organisations (such as suppliers and contractors) are expected to act with integrity and without intent to commit fraud against the Campaign.
As part of the culture, the Campaign will provide clear routes by which concerns can be raised by Trustees Directors, staff and volunteers and by those outside of the Charity. A copy of the Campaign’s whistleblowing policy is available to Trustees, staff and volunteers, and to service users, suppliers and other third parties on request.
Senior management are expected to deal promptly, firmly and fairly with suspicions and allegations of fraud or corrupt practice
Responsibilities
In relation to the prevention of fraud, theft, misuse of equipment and abuse of position, specific responsibilities are as follows:
Trustee Directors:
The Trustee Directors are responsible for establishing and maintaining a sound system of internal control that supports the achievement of the Campaign’s policies, aims and objectives.
The system of internal control is designed to respond to and manage the whole range of risks that the Campaign faces.
The system of internal control is based on an on-going process designed to identify the principal risks, to evaluate the nature and extent of those risks and to manage them effectively. Managing fraud risk is seen in the context of the management of this wider range of risks.
The Chief Executive Officer (CEO):
Overall responsibility for managing the risk of fraud has been delegated to the CEO. The responsibilities include:
- Undertaking a regular review of the fraud risks associated with each of the key organizational objectives.
- Establishing an effective anti-fraud response plan, in proportion to the level of fraud risk identified (see p4).
- The design of an effective control environment to prevent fraud.
- Establishing appropriate mechanisms for: o reporting fraud risk issues o reporting significant incidents of fraud or attempted fraud to the Board of Trustee Directors;
- Liaising with the Treasurer and if appropriate Auditors.
- Making sure that all staff are aware of the Charities Anti-Fraud Policy and know what their responsibilities are in relation to combating fraud.
- Ensuring that appropriate anti-fraud training is made available to Trustee Directors, staff and volunteers as required; and
- Ensuring that appropriate action is taken to minimize the risk of previous frauds occurring in future.
Senior Management Team:
The Senior Management Team is responsible for:
- Ensuring that an adequate system of internal control exists within their areas of responsibility and that controls operate effectively;
- Preventing and detecting fraud as far as possible;
- Assessing the types of risk involved in the operations for which they are responsible;
- Reviewing the control systems for which they are responsible regularly;
- Ensuring that controls are being complied with and their systems continue to operate effectively; and
- Implementing new controls to reduce the risk of similar fraud occurring where frauds have taken place.
Staff and Volunteers:
Every member of staff or volunteer is responsible for:
- Acting with propriety in the use of Campaign’s resources and the handling and use of funds whether they are involved with cash, receipts, payments or dealing with suppliers;
- Conducting themselves in accordance with the values and behavior principles set out above;
- Being alert to the possibility that unusual events or transactions could be indicators of fraud;
- Alerting their manager when they believe the opportunity for fraud exists e.g. because of poor procedures or lack of effective oversight;
- Reporting details immediately if they suspect that a fraud has been committed or see any suspicious acts or events; and
- Cooperating fully with whoever is conducting internal checks or reviews or fraud investigations.
Detection and Investigation
Whilst having regard to the requirements of the Data Protection legislation, the Campaign actively participates in an exchange of information with external agencies on fraud and corruption. It is often the alertness of Directors, staff or volunteers and the general public to the possibility of fraud and corruption that leads to detection of financial irregularity.
The Chair of the Board of Trustee Directors and Treasurer must be notified immediately of all financial or accounting irregularities or suspected irregularities or of any circumstances which may suggest the possibility of irregularities including those affecting cash, stores, property, remuneration or allowances.
Reporting of suspected irregularities is essential as it:
- Facilitates a proper investigation by experienced staff, and ensures the consistent treatment of information regarding fraud and corruption.
- When so notified, the Chair/Treasurer will instigate an investigation by appointing a designated officer, auditor or other adviser.
- The designated officer, auditor or other advisor will:
- deal promptly with the matter
- record evidence received
- ensure the security and confidentiality of evidence
Work closely with senior managers of the Campaign and other agencies, such as the Police and Courts to ensure that all issues are properly investigated and reported upon.
Ensure maximum recoveries are made on behalf of the Campaign, and assist the senior managers to implement the Campaign’s disciplinary procedures where considered appropriate (referral to the Police will not prohibit or restrict action under the Disciplinary Procedure).
In cases of suspected payroll irregularities where a fraud investigation may be possible, discussion will occur between the Chair and the CEO if it is thought a disciplinary investigation is more appropriate . Malicious accusations may be the subject of disciplinary action.
Awareness/Training
An important contribution to the continuing success of an anti-fraud strategy, and its general credibility, lies in the effectiveness of programmed awareness/training, of Directors staff and volunteers throughout the organization.
This will be achieved through the development of both induction and awareness training for all personnel involved in internal control systems to ensure that their responsibilities and duties in this respect are regularly highlighted and reinforced.
Review
This policy will be reviewed every 3 years.
Some examples of the types of fraud and financial crime to which charities may be susceptible include:
- misuse of the charity’s bank account
- fraudulent credit or debit card transactions or charges
- stealing or ‘skimming-off’ money from cash collections
- fake fundraising events and requests for donations
- fake grant applications
- the creation of false invoices or purchase orders
- falsely claiming for the provision of services to beneficiaries who do not exist
- using the charity’s databases or inventories for personal profit or unauthorised private commercial use
- the creation of false employees or inflated expenses, overtime or other claims
- other forms of identity fraud
All charities must, as a minimum:
- Have some form of appropriate internal and financial controls in place to ensure that all their funds are fully accounted for and are spent in a manner that is consistent with the purpose of the charity.
- Keep proper and adequate financial records for both the receipt and use of all funds together with audit trails of decisions made. Records of both domestic and international transactions must be sufficiently detailed to verify that funds have been spent properly as intended and in a manner consistent with the purpose and objectives of the organisation.
- Deal responsibly with incidents when they occur, including prompt reporting to the relevant authorities and ensuring the charity’s funds are secure
The Campaign has a system of financial controls which should minimise the risk of fraud. In addition to the annual auditing of the Campaign’s accounts, the Business Manager and Hon. Treasurer undertake the Charity Commission’s internal financial controls checklist annually.
e-Crime
There are various forms of financial fraud that staff may need to be aware of:
Using charities to validate stolen or cloned credit cards
Fraudsters may use stolen or cloned credit cards to make small online donations through charity websites. Their purpose in doing this is to check whether a stolen card has been blocked or cancelled. If the ‘test’ donation works the card will be used for more widespread fraud.
To help prevent this, charity staff may be able to identify some of the following patterns:
- fraudsters typically donate a small, token amount, eg £1. (Note, however, that there might be a large number of relatively small donations during appeals for humanitarian disaster relief or in the approach to Christmas)
- one card may be used a number of times in succession, to check it is still unblocked
- the name of the donor may not match the cardholder’s name. Some fraudsters will put random characters into mandatory name and address fields
On identifying this kind of risk it may be possible to take some preventive measures, such as:
- carrying out address checks for large donations
- checking that the CVC number (last 3 digits on the back of the card) tallies with the individual’s details
- checking the internet provider address from where the donation is being attempted. Suspicious or problematic internet provider addresses can be blocked and blacklisted
- using systems such as ‘Capture’ which require the donor to manually input details
- reporting suspected fraudulent activity to the police and bank immediately
- having an anti-fraud email address in place so that donors can report direct to the charity any suspicious activity and possible scam emails
- ensuring that all emails sent to donors direct them to the charity’s website, without using a link if possible
Fraudsters have been known to set up false charity websites, with the appearance of genuine ones, in order to obtain credit card and personal details of unwitting donors. In doing so they frequently infringe trademark, logos and UK copyright laws in addition to financial crime. The Commission advises charities to provide the following advice to donors or customers who are proposing to make donations through websites, and this is also good advice for staff as well, in spotting potential scam emails / websites:
Practical advice
Avoiding e-crime and spoof websites:
- always update your information online by using the process you have used before, or open a new browser window and type in the website address of the legitimate organisation’s account maintenance page
- be wary of unfamiliar website addresses, as they may not be genuine. Only use the address that you have used before, or start at your normal homepage. Avoid unfamiliar links or popup screens always report fraudulent or suspicious emails to your Internet Service Provider (ISP). This will help to ensure that bogus websites are shut down before they can do further harm
- take note of the header address on the website. Spoof sites are more likely to have an excessively long line of characters in the header, with the business name somewhere in the string.
- Many secure sites have padlock symbols and other secure technology to look out for
- if you have any doubts about an email or website, make a copy of its address and send it to the legitimate business to check whether it is genuine
If you discover, or suspect, that the Campaign may be a victim of this type of scam, the Commission recommends that we contact the ISP which is hosting the spoof website and request that the site be taken down as quickly as possible
Phishing fraud
‘Phishing’ is a type of e-crime which involves fraudsters sending emails to many, sometimes thousands, of recipients asking them to disclose sensitive or confidential information. The fraudsters are usually based overseas and may be almost impossible for the UK authorities to trace. Typically, the phishing email is made to look like a genuine email from a bank, and it may ask the recipient to confirm information such as account usernames or passwords because, it claims, there has been a security problem with the bank’s computer system. In many cases the phishing email will contain a link to another website into which the recipient is asked to enter the confidential information. Phishing scams cost fraudsters very little to set up, and they can make a profit if only a few people in every thousand actually provide information that then results in their bank accounts being emptied.
Further information is available from: https://www.gov.uk/government/uploads/system/uploads/attachment_data/file/571159/Chapter3.pdf