Giving activities escalate during the busy grantmaking season, and unfortunately, this means risk can too. Philanthropists give because they are trying to do good in the world, but in today’s landscape, there are essential steps to take to ensure that your donations are going where they should to make an impact. Scammers, fraudsters, disgruntled employees and cyber-criminals take advantage of this time of year when you’re likely most vulnerable—after all, you’re thinking of a zillion things to do in order to get grant dollars out the door. In this edition of our Tech For Good Series, we’re focusing on one area of risk: fraud prevention. Unfortunately, grantmaking organizations are just as susceptible to fraud as any other institution that moves money. This means being aware of what to look for and implementing best practices for prevention.
Examples of these types of risks include:
- Embezzlement
- Theft or bribery, particularly concerning programs receiving federal funds
- False statements
- False claims
- Mail fraud and wire fraud
- Cyberattacks
- Social engineering
3 Things Private Foundations Can Do To Help Avoid Fraud
The technology you use will help you implement many of the fraud prevention best practices. We caught up with our Chief Technology Officer Pascal Vincent to get his philosophy about security. “A couple of key areas of focus for us are cybersecurity and refining our program,” said Pascal. “As the “bad guys” adapt, so do we—it’s a very dynamic environment, so we have to adjust constantly. Social engineering and specifically phishing are other key focuses for us, and we are leveraging top guidelines and software to protect us and our users. With cybersecurity, we constantly have to evolve as the bad guys keep getting creative.”
We also spoke with our Director of Customer Experience, Ted Stenger, who echoed Pascal’s sentiments on technology and security. “The steps involved in preventing bad actors from getting grant funding intended for good works can be daunting,” said Ted. “However, the right technology can not only automate much of this work, but alleviate risk associated with human error.” He also shared a few key features to look for—including accounts locking after a certain number of failed attempts. “Sometimes the number of failed attempts before lockout is determined according to an algorithm that’s looking at various factors like location or device,” he said. “With Impactfully, which is our proprietary, cloud-based SaaS platform built as an essential software solution for grantmakers, one of the included features is an email notification that alerts someone when their contact information has changed.”
There are also “watchdog” organizations like CharityWatch, Charity Navigator, Give, and GiveWell, which can help you beware of scams, fraudsters and fake charities trying to trick well-intentioned donors. Please note that it’s important when considering these tips that if you’re managing grant disbursements using your in-house staff, they should check the process they’re using with their legal counsel. If you’re already outsourcing these tasks or planning to, ensure they’re following these best practices.
1. Use multiple authentication methods.
a. Verify the sender and recipient’s identity. This process is called multi-factor authentication or MFA. MFA combines more than one identity-based security measure (e.g., knowledge, possession, and/or biometric factors) to provide multiple layers of assurance. All money transfer requests should be verified using MFA. This includes instructions received by phone, mail or email. The identity of both the sender and the recipient needs to be verified. Identification can be verified in a few ways, such as asking specific security questions, calling a prescreened number to reach them or sending a text message with a specific code that they need to enter. Specific authentication protocols will be set by the legal team either at your foundation or the company you’re using for check disbursement.
b. Verify that the instructions are correct. A fraudster could put in the wrong wire instructions or information so that the funds never reach the intended recipient. You can verify this information by calling the receiving bank or calling the organization to double check the address details are correct.
2. Be aware of cash disbursement fraud.
a. Review your procedures. “It is important for foundations to review their cash disbursement procedures to determine whether sufficient oversight exists over the process,” explained Christopher D. Petermann, who is the managing partner of the accounting and advisory firm PKF O’Connor Davies. Proper due diligence over the cash disbursement cycle can help prevent potential risks and protect the foundation’s available funds that can be utilized for its mission-related activities.
b. Communicate with your bank. There are many programs that will assist you in notifying your bank of all checks that are processed. “If someone other than the intended recipient attempts to deposit or cash your check, the check will be flagged by your financial institution as a Positive Pay exception and once reviewed and deemed fraudulent, it will be rejected for payment,” explained Foundation Source’s Director of Client Operations and Payables Jennifer Yoguez.
c. As noted above, verify that the instructions are correct.
3. Know the warning signs of possible fraud and the different types.
Here are some of the key signs of possible fraud:
- Email
- Whenever transfer instructions are received via email, keep an eye out for:
- Obvious errors in grammar, punctuation, diction, etc.
- Subtle errors in the client’s email address (For example, (legitimate) versus or (both fraudulent).
- Whenever transfer instructions are received via email, keep an eye out for:
- Email & Phone
- Change in ACH or wire instructions from previous transfer.
- A sense of urgency or secrecy, using words or phrases like “confidential,” “secret,” “time sensitive,” or “urgent.” The payee’s urgency or secrecy is a glaring red flag.
- Anything that just doesn’t seem right.
- Physical interception
- If you’re mailing checks, be aware that fraudsters have been known to intercept the donation. Mailing the checks in an inconspicuous envelope and making sure the checks cannot be seen through the envelopes are two prevention methods.
- In addition, if you’re having the checks hand-delivered, make sure that the person delivering the check can verify the recipient. Checks should only be handed off to the direct recipient.
Here is a quick list of tips you can start taking today to make sure that your foundation is preventing bad actors from intercepting your good works.
Top-Line Fraud Prevention for Private Foundations
- Collect and store grantee information separately from bank information
- Verify all bank information
- Verify all address information
- Keep the bank informed of checks
- Keep track of all receipts
- Trust your gut – if something seems off, double check it
For additional resources on grant fraud prevention, click here.
Want More Tips On Managing Risk?
Check out these tips from our Chief Legal Officer and this chart for a quick overview on six common approaches to managing a private foundation and the advantages and disadvantages of each.
Have a Question?
Schedule a call with us or reach us at 800-839-0054. Together, let’s #begiving.