OSSIG delegates were treated to a wide-ranging presentation, looking at the risks of fraud and cyber-crime, and where they intersect with bullying, harassment and safeguarding risk.
One thing which emerged strongly from the discussion was that where a charity is at risk of one of these, they are likely to be at risk of others. And the common factor, it appears, is culture.
If you don’t have any whistleblowing, you have a cultural problem
To address issues such as fraud and safeguarding failure, staff had to feel empowered to report wrongdoing or raise concerns, we heard. Otherwise senior management will not learn of issues until they were too late.
“If no one in your charity is whistleblowing, it means you have a problem, but you don’t know what it is,” one delegate said.
“If you’ve got a safeguarding problem, the chances are higher you’ve got a fraud problem too,” another said.
Another spoke of a phishing fraud in which an employee was ordered by a senior manager to transfer a significant sum to a fraudulent account. He identified one reason why the fraud was successful: “The thing I’ve noticed in common in all these issues,” he said, “is that they are more likely where the chief executive is a bully.”
In other words, a cultural problem at the top prevents reporting of problems from the front line, so the problems do not get addressed.
Think about detecting problem individuals
At previous conferences, I’ve been told that up to 3 per cent of the population could pose a safeguarding risk, although the figure is potentially much higher for vulnerable adults. (The true figures are very hard to identify. See this Full Fact analysis for an idea.
This is a worrying number, especially because these individuals are likely to be attracted to charity work, with its vulnerable beneficiaries, lack of independent safeguarding inspection, and relatively low spend on HR.
Another theme that surfaced is that opportunistic individuals, who show a disregard for the welfare of others in one area, are likely to show the same in others.
“When we were investigating safeguarding issues, we found those involved were almost always found to be fiddling their expenses, as well,” one delegate said.
The greatest threat, one speaker said, always came from within the charity. Despite his organisation’s high level of exposure to cybercrime threats from rogue states, it was still a disgruntled or malevolent individual working in the organisation who worried him most.
(This idea, and many other themes, appear in this fascinating but disturbing Atlantic piece)
Strong systems and the right training are key
A familiar mantra with fraud and safeguarding is that the correct time to address an issue is before the problem occurs, not afterwards, and that the key to this is to build strong systems, with the right technology. One problem, we were told, is that many organisations have separate entry points, for example to CRM and finance systems. Ideally, we heard, you should have one set of controls.
Another point, made by several delegates, was the importance of having leaders within your organisation on these issues and ensuring they had the power to be heard. The discussion centred around the need to make sure knowledge and information flowed freely to those who needed it.
Delegates spoke of the importance of communities of practice - peer groups for staff tackling fraud and abuse - and reverse mentoring, to ensure that senior individuals kept in touch with juniors who were more conversant with the latest technology and practice.
This last seems particularly crucial. If power resides with the board and SMT, but expertise resides elsewhere, communication becomes a problem. The history of failed organisations is full of junior staff who knew there was a problem.
Let's say you know all of the above, and have all the proper procedures in place. Something could still go wrong. Indeed it's likely to. When it does, how a charity reacts is vital. The most important question, it appears, is whether your first instinct is to solve the problem, or cover it up. But the meeting also threw up other questions.
For example, let’s say you discover fraud. Do you immediately suspend the individual, or watch them to gather more evidence. What if you can’t dismiss them based on the evidence you have?
And what about the people who raise the problem? Several delegates put an emphasis on the need to “close the loop” with staff – particularly whistleblowers – and help them understand what happened after an incident occurred.
I’ve previously engaged with whistleblowers who felt abandoned for weeks or months at a time. They feel angry and alienated. And it’s worth thinking what they will do in the meantime. What are they telling their colleagues? What are they telling the press?
The meeting also heard of the importance of the right investigators. We heard that sending auditors to investigate safeguarding issues, or lawyers to investigate forensic accounting issues, may not end well.
Another thing to be aware of is that the investigation will cost more than the crime. We heard of one £80,000 fraud that cost £250,000 to investigate.
The sector is not being helped by its partners
More broadly, there is a significant question over the relationships charities have with external parties, and whether these are helpful when it comes to handling these issues. Are charities getting the right incentives?
One tension is who pays for all this. Several delegates spoke of how their funders wanted them to spend heavily on prevention and investigation, but stipulated that their own cash should not be used to do it.
Delegates also said that funders sought and expected full disclosure on issues such as fraud and safeguarding, but were often reluctant to work with charities which disclosed.
Charities are also believed to be coming under pressure from funders to disclose the names of whistleblowers – a very worrying trend which, thankfully, has so far been resisted by the individual staff involved, and which CFG will be watching closely.
A final issue is the level of regulatory and governmental support, particularly on safeguarding. The current approach involves asking charities to tackle these issues individually, with limited central backing, but there are doubts over whether this will prove a strong enough system.
And with £2m so far earmarked for safeguarding in charities, compared to tens of millions in education and health, perhaps delegates have a point.
Overseas Special Interest Group is open to all international charities headquartered in the UK.
Run in collaboration with Humentum, a global membership association offering training, convening, and support in compliance, financial management, program management, and HR & Learning.
As well as its regular meetings, OSSIG has a LinkedIn group. Join and to stay up to date and get information on upcoming meetings
« Back to all blog posts