Nonprofits rely on funding support from the public. Fraud often starts as a tiny spark. Whether you serve as a board member or staff member, understanding common fraud schemes and internal risk areas is essential. Here are five red flags nonprofits can’t afford to ignore.
This article originally appeared on NonProfitPRO.
Nonprofits rely on funding support from the public. Those charged with governance are responsible for protecting those funds. Fraud often starts as a tiny spark. Ignore the warning signs, and it can quickly become an inferno.
Nonprofit fraud can take many forms, from external scams targeting staff to internal financial oversight failures. Whether you serve as a board member or staff member, understanding common fraud schemes and internal risk areas is essential. Here are five red flags nonprofits can’t afford to ignore.
A nonprofit staff member receives a text or email from a scammer posing as their boss. The fake boss asks the staff person to purchase a gift card for them with their personal account because, for whatever reason, the boss’ company card is not working. The fake boss indicates that it’s urgent and asks the employee to text or email the card number and PIN right away.
If the employee complies, the scammer has just made off with the money.
How to avoid this? Be on alert and always verify the request. If you receive an unusual financial request via text or email — even if it appears to come from your supervisor — pick up the phone and call them directly to confirm. Communicate this risk to all staff so they know these scams are common.
A potential new funder emails or calls a nonprofit with great news: They plan to fund your nonprofit and disclose the amount. When the check comes, the amount is much higher than discussed. Then the fraudster funder calls or emails claiming the higher amount was a mistake and requests that the nonprofit return the difference.
The original check from the fraudster is counterfeit and will never clear the bank, so if your organization conplies, you are out that amount of money.
If you receive such a check, don’t deposit it in your bank account. You could just send the check back. But better yet, report it to the authorities in your state.
Counterfeit check fraud is not new but is still being perpetrated. Once your organization issues a check, your bank account information — including routing and account numbers — is now out there. Counterfeiters can use that information to make fake checks.
Preventing this requires positive pay, a service many banks offer. With positive pay, the organization provides the bank with check numbers and amounts whenever it issues a check. The bank only clears checks that match that list. The only potential problem is forgetting to submit the listing, which would result in those checks being rejected. Ensure you have a system in place that includes all required steps on your end.
If you don’t have positive pay — and many nonprofits don’t — regular bank reconciliation is essential. This means a member of your accounting team must check the bank account at least weekly. Any checks that are not in sequential number order should be investigated right away.
Banks have time limits for reporting fraud. If suspicious activity isn’t reported promptly, the organization may be responsible for the loss.
There is always an inherent risk with cash at fundraising events. Cash at events is common, and volunteers or staff members are often entrusted to collect and distribute it. There is risk whenever one person handles cash alone, as it’s easy for them to pocket some cash.
The solution is to ensure that volunteers only handle the card transactions, and require two people to oversee cash transactions and safeguard funds at all times.
Executive director or CEO credit card misuse remains an overlooked internal fraud risk. If a member of the board is not reviewing the credit card activity at least monthly, this misuse of funds can go on for years unnoticed.
This oversight task should not be assigned to a bookkeeper or staff member, as they are less likely to report a superior for fear of losing their job. Monitoring executive spending is a core governance responsibility of the board of directors.
Strengthening internal controls and educating staff are essential components of effective nonprofit fraud prevention. Each of these fraud schemes can be prevented or detected if an organization takes a proactive approach. This means having written financial policies and procedures before a problem occurs. Drafting these policies may be time-consuming or require professional assistance, but prevention is always less costly than remediation.
Once fraud is discovered, it may be too late to recover the money. Worse yet, failing to remedy the issue after fraud occurs is improper oversight and sets the organization up for it to happen again.
As the classic proverb reminds us: Fool me once, shame on you. Fool me twice, shame on me.
