Ahead of Charity Fraud Awareness Week, the Charity Commission has published guidance on protecting your charity against Fraud and Cybercrime, a copy of which can be read here.
Fraud and cybercrime are serious issues for all organisations and with charities likely to be high on the target list for fraudsters, it is therefore not surprising that the Charity Commission has seen fit to issue the guidance that it has.
The guidance has some useful headlines/mantras, as follows:
“If in doubt, take action and report it.
Act quickly. This will minimise harm done and maximise your legal options.
Do not panic, stay calm and follow procedure (wherever you can).
Find out in advance who needs to be informed (both inside and outside the charity).
Have a ‘fraud response plan’ ready so that everyone knows what to do and when.
Take steps to preserve evidence. You may need this for investigative or legal proceedings.
Seek professional legal advice, especially if you think you might take action in the civil Courts.
Report serious incidents to the Charity Commission.
Read the full guide ‘Tackling fraud in the charity sector’.”
As a trustee of a charity, you have an obligation to act in the best interests of the charity. With this duty in mind, it is not an option for trustees to simply ignore the risk of fraud/cybercrime and the effects it may have on the charity and to do so could well result in the charity being able to take action against you for breaching your duty to the charity.
A cyberattack, in particular, could have serious implications for the longevity of a charity and it is therefore essential that appropriate safeguards are put in place. The Charity Commission has referenced further guidance on cybersecurity in the National Cyber Security Centre (NCSC) board toolkit.
Should the worst happen and your charity falls victim to a cyber-incident or other serious fraud, as the guidance points set out above state, it is essential to act quickly. It may be that if appropriate legal advice is sought quickly, it may be possible to recover any assets lost. Further, from a data protection perspective, if data that your charity is holding as a data controller is compromised, not dealing with that issue in a proactive way could have serious civil ramifications for the charity. It is therefore essential that advice is sought as soon as possible.
How can we help
Kevin Modiri is a Partner in our expert Dispute Resolution team.
If you have any questions concerning the subjects discussed in this article, please do not hesitate to contact Kevin or another member of the team in Derby, Leicester, or Nottingham on 0800 024 1976 or via our online enquiry form.
Contact us