Fraud: Responsibility and culpability is changing

Under the current climate, with individuals struggling due to the cost of living crisis it is more important than ever for organisations to assess and manage their susceptibility to fraud. This could be seen as giving staff incentive to commit fraud.

Charities and NFP clients do tend to operate on a higher level of trust than their corporate counter parts.  If only I was given a pound for every time I was told as an auditor “we trust our staff”.  Such an attitude is not appropriate as it places undue pressure on the honesty of employees, and in situations of financial hardship can lead to a justification/rationalisation of taking a small amount that then cascades to more frequent or larger amounts. If appropriate control environment, checks and balances were in place then such temptation might never occur.

Organisations do have a duty of care to protect their employees from harm. This covers reasonably foreseen acts or omissions that are likely to harm employees. A lack of appropriate financial oversight and control would fall into this category, and give staff and fraudsters opportunity. Employers should have appropriate controls to protect their employees from temptation.  If your control environment is inappropriate and not robust, and an individual commits fraud, then are you complicit in the perpetrated fraud?

Fraud needs incentive, opportunity and rationalisation to take place. Employers have the ability to stop opportunity through effective controls.

2025 updates

Failure to prevent fraud

The Charity Commission has recently issued a regulatory alert regarding upcoming legislation changes on preventing fraud which will impact large charities.

From 1 September 2025, large charities will become targeted with the new ‘failure to prevent fraud’ offence. This update impacts charities which meet two of these three pieces of criteria:

• Charities with more than 250 employees
• Charities with an annual turnover exceeding £36 million
• Charities with total assets of over £18 million

Charities that meet this criteria must ensure they have reasonable fraud prevention procedures in place, otherwise, they may risk being criminally liable if an employee, agent, subsidiary, or other “associated person”, commits fraud which is intended to benefit the charity or their clients.

Economic Crime and Corporate Transparency Bill

This Bill received Royal Assent in October 2023, allowing the Government to move faster when imposing sanctions, provide the ability to cease crypto-assets, and creating a Register of Overseas Entities (ROE) so as to be able to target foreign criminals laundering money in the UK and reforms at Companies House – such as identity identification of all existing and new directors at Companies House.

One notable change since the Bill passed was the introduction of a new corporate criminal offence for failing to prevent fraud, false accounting or money laundering. This shifts responsibility onto the entity, and thus its key management, for failings in the internal control environment that have allowed fraud, false accounting or money launder to occur.

Prior to this Bill’s passage through Parliament, if there was a failure in the control environment that allowed a fraud to take place, there was a requirement for prosecution to demonstrate that management were fully aware of the weakness in order to be able to take proceedings.

Fraud assessment and controls

So, what should you be doing? Assess the ability of fraudsters to commit a fraud in your organisation and how to prevent it.

In order to demonstrate your duty of care as a responsible and caring employer you need to assess your fraud risk and have appropriate controls. The Economic Crime and Corporate Transparency Bill is driving the need for robust systems and controls to be able to demonstrate your defence if prosecuted in the future, should you be subject to a fraud. This fraud assessment needs to look at both external and internal fraud.

We have seen or heard about successful frauds perpetrated on clients by staff, but more commonly now fraud is instigated by outsiders who are able to circumvent controls and receive funds. The estimated fraud loss to the UK economy last year was £193bn and this figure is increasing.

When thinking about fraud, consider how funds and assets could be targeted. There are two types of controls – active and passive. Active controls look to prevent fraud occurring cover aspects such as segregation of duties, physical control over assets, sequential numbering for instance of sales invoices, signatures and counter signatures and passwords. Passive controls are looking to detect if fraud has occurred such as reviewing audit trails, internal or external audits, surveillance of personnel or controls and reviewing procedures.

Let’s consider an example:

Do you have effective procedures in place which prevent bank account changes occurring to suppliers and employees without appropriate checks and balances? We have all heard about supplier statement frauds, but the latest is changing employee bank details that only work for one month. Therefore, is every bank account change authorised by someone other than the person who initiated the change? Are the bank accounts verified by a named contact at the organisation, or directly with the employee, by telephone?  Sending emails is insufficient, fraudsters can intercept email traffic and have even diverted genuine supplier telephone numbers too, so that only direct contact with the named person would have prevented the fraud. How is this process documented and evidenced of having taken place? Do you review supplier and payroll audit trails to confirm all changes are authorised?

Next steps

Following the new “failure to prevent fraud” offence issued by The Charity Commission and the Economic Crime and Corporate Transparency Bill, we recommend that all organisations continually ensure they have an effective control environment in place. The consequences of not taking action could result in a criminal record and even imprisonment if it remains unchanged.

This article was written by Helena Wilkinson, a Corporate Partner within Price Bailey and Head of our Charities and Not For Profit team. If you have any questions relating to this topic, please contact Helena or another member of the Charities team using the form below.