Top tips to prevent fraud

First published on: 29th October 2020

Whilst fraud is still a rare occurrence it can still happen and church members need to be aware of what to look for and how to prevent it. So we have published some top tips for churches on how to spot and prevent fraud.

We recommend you read them as checklist for what you are doing in your context and to see what you can do to prevent fraud.


Even now, in our current climate, ‘the church’ is still one of the most trusted organisations in the country.  As disciples of Christ – and in general terms – we mostly look to see the best in people and try to be open and honest in all our dealings.  We also tend to trust each other and assume that everyone in our church community will always operate with honesty and integrity too.  But sadly, fraud will always happen and simply being the church will not protect us.  We have had instances across the diocese of churches being defrauded out of money – often running into tens of thousands of pounds – either through the actions of external fraudsters or by church officers and members.  There haven’t been many of these instances – they are generally few and far between; but there have been enough and they have been serious enough to prompt us to issue some reminder guidance.

We may be seen as a soft or easy target as fraudsters and thieves will exploit our trust.  It is everyone’s responsibility to be on the lookout for fraud and be a part of preventing and fighting against it.  Looking out for fraud and theft is not just up to the Clergy, Churchwardens, or other PCC members.]

Charity Commission Guiding Principles
The Charity Commission has published 8 guiding principles to help all charities tackle fraud

Read them here www.gov.uk/guidance/protect-your-charity-from-fraud.

Top ten tips to prevent fraud

1. Introduce Dual Authorisations for all financial transactions:
No one person should be able to authorise the spending of church money.  While most church’s bank accounts will require two signatures on each cheque, it is still not uncommon for one signatory ‘to be helpful’ by pre-signing a handful of cheques in advance; especially if they are about to go off on holiday. 

You must never pre-sign any payment authorisation or cheque  There is never any circumstance that justifies this as it is opening the door wide to fraudsters and tricksters.

Each authorising signatory must check the payment details and reason before authorisation.
 

2. Review your internal financial controls at least once a year:

As times, technology and people change, the financial controls that were previously perfectly adequate may no longer be so.  It is the responsibility of every member of the PCC, both clergy and lay, to review critically their own church’s procedures to ensure that they are appropriate and being followed.

It is pointless to have the best procedures in the world, if your people are not following them.
 

3. Ensure your anti-virus & malware protection is up to date:
There are various hidden ways web pages, emails and ‘free’ apps can place unwanted and damaging programs on to your computer or smartphone that will steal identity and bank information.  There is a constant battle going on as fraudsters are regularly finding new ways to get the information they want, without you knowing or even with your [unsuspecting] complicit agreement.

Everyone should also ensure that their computer or smartphone operating system software is kept up to date too, and latest patches/fixes installed.
 

4. Don’t rush to respond to an unsolicited request:
Fraudsters don’t want you to think about your response/reply for too long, as you may realise it’s a scam.  Their message or request may try to instil a sense of panic or emergency to get you to react quickly and without checking.  It is common for names of people you know to be used, this information has often been separately phished** or stolen from elsewhere.

If the content of an email is suspicious, or uses words/phrases that the supposed sender would not normally use/say, then do not click on the email ‘reply’ button.  Your reply might not be going to the person or company you think it is going to.  Open a new email message and type in the email address you already have for them manually, do not copy and paste from the suspect email.  Alternatively, pick up your phone and speak with them directly.

(** phishing is the fraudulent practice of sending emails purporting to be from a reputable company or individual with the aim of collecting personal or financial information.)
 

5. Be alert to scam email and web page links:
Never click on an email or web page link unless you are wholly and totally sure it is genuinely from a safe source.  Cyber fraud can be difficult to detect as it can be so convincing in its appearance.

If you get an email from an internet supplier you do sometimes use, do not use the helpful link within the email.  Connect to their website independently and login to your account that way to check the information given.
 

6. If an offer sounds too good to be true, it probably is:
It is very easy for anyone to find your contact details from the internet and produce a professional looking website, email or letter.  Always verify information from an independent source and do not just rely on a web search.

One place to check company information is the Companies House web page https://www.gov.uk/government/organisations/companies-house.
 

7. Passwords and Online Authorisations:
Don’t use simple passwords that use just one type of character. Wherever possible, use a mixture of upper and lowercase letters, include numbers within the body of the password and if allowed include a ‘special’ character like ‘*’, ‘#’ and ‘!’ etc. 

The National Cyber Security Centre also provide guidance about good passwords.

For significant bank accounts make sure you enable ‘two-factor’ authentication.  This is where, after submitting the correct password, a text or email is sent to a predefined mobile number or email account to provide a random code that confirms you as authorised to use login to the account.
 

8. Make sure you know who your volunteers are:
One of the main sources of fraud and theft from churches is sadly from our own volunteers and members.  It is not unusual for what is called ‘Volunteer Fraud’ to start small and grow, sometimes starting with a simple act of ‘borrowing’ with every intension to return or repay.  But a repayment never happens.

In filling all volunteer roles, the good practice guidelines of ‘safer recruitment’ should always be followed. (Charity Commission helpsheet)
 

9. Carry out good Internal Financial Audits:
There is a famous statement “In God we trust, everyone else we audit”.  Locally within the church, internal financial audits are normally about building trust and confidence, rather than about looking for suspicious activities.  That said, a properly undertaken internal financial audit (usually carried out by members of the PCC who are not normally involved in the regular financial authorisation procedures) should be open to finding fraudulent transactions.
 

10. Report all instances of fraud:
In order to prevent fraud in the future it is important to report current occurrences.  Especially if you are caught out, do not try and hide the fact, it is much better and far more helpful to others to report it.  The police have their own fraud reporting web page https://www.actionfraud.police.uk/, which churches can use.

 

Need help or advice

If you have any queries please contact the Resources Team at St James’ House. 

You can leave a voice message on 0151 705 2180

Or email  resources.team@liverpool.anglican.org

Powered by Church Edit