Small charities play a vital role in our communities—but their limited resources and lean governance structures often leave them vulnerable to fraud. The Charity Commission’s updated guidance in December 2024 provides essential tools for trustees to detect, prevent, and respond to fraud and cybercrime. Here’s a breakdown of the key takeaways and practical steps every small charity should act on.
- Clear, Accessible Guidance for All Charity Sizes
In late November and early December 2024, the Charity Commission released two streamlined guides—“Protect your charity from fraud” and “Protect your charity from cyber‑crime”—written with smaller charities in mind. These replace the older, more complex versions, making action easier for small trustee teams. - Implement Basic but Robust Internal Controls
The fraud guide emphasises practical measures that don’t have to be costly:
- Dual authorisation on all payment
- Routine reconciliation of accounts and banking
- Segregation of duties, even among volunteer teams. These are simple, cost-effective defences acknowledged and recommended by the Commission.
- Cyber‑Threats Are Real and Rising
Phishing remains the top cyber‑fraud threat to charities. The cyber‑crime guide, developed with the National Cyber Security Centre, provides free training links and helps promote a culture of cybersecurity awareness. - Report All Fraud Attempts
Trustees are encouraged to report both successful and attempted fraud to Action Fraud. Not only does this give access to statutory support—it helps build reliable sector‑wide intelligence. The Charity Commission has previously stressed that fraud is often under‑reported. - Responding Appropriately if Fraud Happens
If fraud is suspected or confirmed, the guidance advises:
- Acting promptly to contain harm
- Engaging independent expertise (legal, IT, forensic)
- Updating your trustees and documenting investigative steps
- Communicating appropriately with staff, supporters, and regulators.
- The Numbers Tell the Story
In the year to October/November 2024, the Charity Commission opened 603 fraud‑related investigations and 99 cyber‑crime cases. Nearly half of charities have experienced fraud in the past year, often with financial consequences.The guidance “Protect your charity from fraud” includes a comprehensive checklist of best-practice actions, and these can be condensed into the following practical summary:
Practical Checklist for Small Charities
|
Area |
Action |
|
Financial Controls |
Introduce dual‑authorisation and regular reconciliations |
|
Governance |
Set clear financial roles and ensure fraud awareness training |
|
Cybersecurity |
Complete free NCSC‑linked modules; promote phishing awareness |
|
Reporting |
Log every incident (even failed attempts) with Action Fraud |
|
Incident Response |
Develop a clear fraud‑response plan with roles and escalation steps |
Final Thoughts
The Charity Commission’s December 2024 guidance is a wake‑up call: you don’t need major funding to build effective fraud protections. By applying simple internal controls, fostering a vigilant organisational culture, and addressing incidents decisively, small charities can safeguard their mission, finances and public trust.
If you’re a trustee or finance lead, now is the moment to review your fraud defences. Even basic changes—like dual authorisation on payments—can make a significant difference.
Share this guidance with your team and trustees and make safeguarding against fraud part of your ongoing agenda.
