Fraud Prevention for Nonprofit Organizations

Fraud can have a devastating impact on organizations, particularly nonprofits, which often have limited resources to prevent or recover from losses. As financial transactions and fraud schemes become more complex, recognizing and addressing various internal and external fraud threats is critical.

Business Email Compromise (BEC)

BEC schemes often involve emails that appear to come from trusted sources, such as vendors or recipients of nonprofit funds. These emails may provide altered payment instructions or request updates to remittance details due to alleged issues with previous accounts.

Types of BEC to watch for include:

  • Spoofed emails: These mimic legitimate emails with minor changes.
  • Hacked emails: These use an actual compromised email address.

Prevention Tips:

  • Verify the legitimacy of emails:
    • Check for proper grammar and an absence of typos or slang.
    • Call the sender using a known number to confirm instructions.
    • Ensure the sender understands prior conversations and current needs.
  • Implement procedural safeguards:
    • Dual Control: Require two individuals to authorize wires or ACH transactions, independently verifying transaction details.
    • Written Authorization: Maintain documentation for remittance instructions and verification efforts.

Remember: Fraud is a real threat. Once funds are sent via ACH or wire, recovery is not guaranteed.

Check/ACH Fraud

Despite being an older fraud method, check/ACH fraud continues to rise. Fraudsters may steal mail to alter checks or use account details to create counterfeit checks or unauthorized ACH debits.

Prevention Tool: Positive Pay

This tool allows organizations to flag unauthorized transactions for review via online banking. Transactions can be manually approved or set to default decisions (e.g., “Pay” or “Return”).

Embezzlement

Embezzlement involves internal fraud, often due to excessive autonomy or lack of oversight within an organization. Rotating staff may inadvertently increase vulnerability by being unfamiliar with standard procedures.

Prevention Strategies:

  1. Establish Dual Control: Separate duties so no single individual completes an entire transaction. For example:
    • One person issues checks, and another signs them.
    • One person creates online transactions, and another verifies them.

    Ensure a separate individual reviews and balances bank statements, documenting and reporting findings regularly to the Board or a higher authority not involved in transactions.

  2. Promote Transparency: Foster a culture where no one is above verification. Encourage collaborative decision-making and transaction oversight.

For more tips and resources to protect your nonprofit from fraud, visit Heritage Bank of Commerce’s Fraud Awareness Page.

Download PDF