Charities, NGOs and not-for-profit organisations are an attractive target for fraudsters, from organised crime to insider fraud, and the current economic climate looks to be increasing the sector’s risk.

In times of recession or economic uncertainty, the risk of fraud typically rises. For charities already operating against a backdrop of higher operating costs and a reduction in donor activity, this risk should be taken seriously.

From January to November 2022, 408 reports of charity fraud in the UK were made to Action Fraud, with a combined reported loss of £2.3 million.i This was a 44% increase from the same period in the previous year.ii

Furthermore, the Fraud Advisory Panel’s 2022 report stated that over a third (36%) of UK charities said they had been the victim of fraud or attempted fraud last year, and 58% believe the risk of fraud is going to increase over the next 12 months. iii

What are the different types of charity fraud?

Charity fraud comes in many guises, from fundraising scams and cyber-attacks to deceitful acts from within the organisation.


  • Charity scams: Carried out by fake charities defrauding the public or illegitimate companies defrauding the charity.
  • Unauthorised funding: Fraudsters pretend to be fundraisers for the charity, duping donors into giving them money.
  • ‘Personal cause’ fundraising: Raising money via crowdsurfing for personal causes is not regulated by the Charity Commission or the Fundraising Regulator, and there is no way of knowing if such requests are legitimate.
  • Invoice fraud: Where fraudsters pose as suppliers and send invoices to the organisation. This can result in the charity unknowingly paying the fraudster.

Cyber fraud

  • Phishing emails containing a link that goes to a fraudulent website where the employee is asked to provide sensitive information, such as login or bank account details.
  • Email impersonation where an attacker sets up an email account that looks like a legitimate business email account and requests sensitive information to use fraudulently. Online invoice fraud is an example of this.
  • Hacking a computer or network to obtain sensitive data or access funds.

Insider fraud

  • Money laundering or embezzlement.
  • Misuse of funds, for example, by making unauthorised credit card payments or altering the name or amount on a cheque.
  • False expense claims—a type of payroll fraud whereby expenses are incorrectly claimed for personal gain.

According to the Fraud Advisory Panel, 52% of charities believe over-reliance on trust to be the most common obstacle in preventing fraud, and an astounding 55% of reported frauds last year were perpetrated by staff or volunteers.iii

Weak internal processes can increase vulnerability, for example, bypassing reference checks for new employees or having ambiguous cybersecurity guidelines.

A sign of the times?

Another major factor to consider is that with the economic hardships many people are facing today, ordinarily law-abiding people may feel pressure to carry out fraudulent activity simply to make ends meet. This, unfortunately, can mean stealing from the organisation they work for—even if this is a charity.

Career criminals too will likely be feeling the pinch, and are constantly looking for new and creative ways to scam, deceive and steal, including through cybercrime. According to the Fraud Advisory Panel’s 2022 report, 41% of charities cited cyber as the biggest fraud risk over the next 12 months.iii

Charities who may need to reduce headcount in this challenging climate may unwittingly increase their risk by letting go of talent in finance, compliance or internal auditing, further compounding their vulnerabilities.

How to improve your counter-fraud defences

Prevention is better than cure, and there are many ways you can reduce your fraud risk:

  • Conduct a fraud risk assessment to identify where your organisation is vulnerable to the risk of fraud, and develop an anti-fraud policy.
  • Implement robust financial controls, such as spot checks, maintaining up-to-date asset registers and inventory logs, and double-checking invoices.
  • Verify all external touchpoints:
    • Check employee and volunteer references.
    • Verify beneficiaries.
    • Conduct due diligence on suppliers.
  • Ensure you have sufficient insurances against external and internal fraud.
  • Raise awareness among staff and volunteers so that you have as many eyes and ears as possible to recognise the warning signs of fraudulent activity.
  • Ensure all employees are aware of—and confident to use—the organisation’s whistleblowing process.
  • Strengthen your organisation’s cyber resilience through proactive risk management, including a cybersecurity policy, employee training and a cyber response plan.

We are here to support you

If you would like to speak to a member of our Charities team about your fraud risk, please get in touch. We can talk you through the specific insurance products available to protect your organisation against the financial impact of external and internal fraud, as well as introducing you to the services offered by Gallagher’s specialist Cyber Risk Management team.


The sole purpose of this article is to provide guidance on the issues covered. This article is not intended to give legal advice, and, accordingly, it should not be relied upon. It should not be regarded as a comprehensive statement of the law and/or market practice in this area. We make no claims as to the completeness or accuracy of the information contained herein or in the links which were live at the date of publication. You should not act upon (or should refrain from acting upon) information in this publication without first seeking specific legal and/or specialist advice. Arthur J. Gallagher Insurance Brokers Limited accepts no liability for any inaccuracy, omission or mistake in this publication, nor will we be responsible for any loss which may be suffered as a result of any person relying on the information contained herein.