Navigating the evolving landscape of fraud - what charities need to know

Charity Fraud Awareness Week - Day 5

We are eagerly anticipating the publication of BDO's 2025 Charity Fraud Report, which is expected to be released soon.

In this article we explore key developments and trends that charities need to be aware of in order to stay ahead in the fight against fraud. From legislative changes to the growing risks posed by AI-driven fraud, understanding these developments, and adapting accordingly, is essential for building robust fraud prevention strategies.

The Economic Crime and Corporate Transparency Act 2023: a quick look back

The Economic Crime and Corporate Transparency Act 2023 ("ECCTA") introduced two key new fraud offences. Under the section 199 failure to prevent fraud offence, which went live on 1 September 2025, large incorporated charities can be found criminally liable if they fail to prevent fraud by an associated person, in circumstances where the fraud was intended to benefit the charity. Organisations will have a defence, however, if they can show that they had 'reasonable fraud prevention measures' in place at the time the offence was committed.

Under the lesser-known corporate attribution offence introduced by section 196 of ECCTA, which went live on Boxing Day 2023, charities of any size can be found criminally liable if a senior manager commits one of the economic crimes listed in schedule 12 of ECCTA while acting within the scope of their authority. Unlike under the failure to prevent fraud offence, there is no defence of having had 'reasonable fraud prevention measures'.

Please see our previous article here for further details.

The s199 offence only applies to large organisations / charities and so, in all likelihood, charities that do not meet the large organisation definition will not necessarily implement fraud prevention measures to the same extent as a large organisation might. The perennial concern with s199 only biting on large organisations has been that this could have the effect of pushing fraud risk from large organisations (where they are better equipped to mitigate their fraud risk) on to smaller organisations and charities instead (because they do not have the same degree of counter-fraud measures in place and make easier targets). We are only a few months in to s199 being in force and so only time will tell whether fraud statistics start to show a change in which types of organisations are targeted. Best practice though would be for charities (especially those that do not satisfy the large organisation threshold) to make sure that they have measures in place to reduce their fraud risk.

The Crime and Policing Bill 2025: the expansion of the corporate attribution regime

The Crime and Policing Bill 2025 (the "Crime and Policing Bill"), which is currently progressing through parliament and at the committee stage in the House of Lords, proposes to expand the scope of the corporate attribution offence under ECCTA to all criminal offences (i.e. not just the economic crimes listed at schedule 12 of ECCTA).

Section 196(1) of the current draft of the Crime and Policing Bill provides that where a senior manager of an organisation acting within the actual or apparent scope of their authority commits an offence under the law of England and Wales, Scotland or Northern Ireland, the organisation also commits the offence.

There is again no defence of having reasonable prevention measures in place, the only exception outlined under s196(2) being where (a) the conduct constituting the offence occurs outside of the UK and (b) the organisation would not commit the offence if that conduct were the organisation’s (rather than the senior manager’s).

The proposed expansion of the corporate attribution regime signals that charities are likely to face further increased accountability for the actions of their senior managers. Embedding good governance and oversight practices, as well as fostering a culture which prioritises ethical conduct, will continue to play a key role in helping charities (i) minimise the risk of fraud (and other criminal conduct) occurring within their organisation, and (ii) ensure that they do not fall foul to evolving legislation.

The Office of the Whistleblowing Bill: supporting fraud detection

In addition to the Crime and Policing Bill, the Office of the Whistleblower Bill (the "Whistleblower Bill") is progressing through parliament and is at its second reading in the House of Commons.

The stated aims of the Whistleblower Bill are to:

"establish an independent Office of the Whistleblower to protect whistleblowers and whistleblowing; to make provision for the Office of the Whistleblower to set, monitor and enforce standards for the management of whistleblowing cases, to provide disclosure and advice services, to direct whistleblowing investigations and to order redress of detriment suffered by whistleblowers; and for connected purposes".

Fraud is a key area where whistleblowers play a vital role in uncovering misconduct that might otherwise remain hidden. Charities should therefore be taking steps now to implement clear whistleblowing policies (or review the effectiveness of existing policies and make necessary changes) to ensure that charity staff are aware of how whistleblowing supports counter-fraud and that they may raise concerns without facing retaliation.

Taking these steps will help support fraud detection, and help charities identify and address issues at the earliest possible stage.

Emerging trends: the role of AI and cyber attacks

Artificial intelligence ("AI") is transforming the fraud landscape, both as a tool for prevention and as a new avenue for exploitation. On the one hand, AI-powered systems are increasingly being deployed to detect fraudulent activity, including identifying unusual patterns in transactions and behaviour.

Conversely, fraudsters are also using AI to perpetrate increasingly sophisticated frauds, and charities are not immune to this and will likely be targeted by fraudsters. In its 2024 Charity Fraud Report, BDO cited an increase in the use of cyber and AI-driven tactics in payment diversion and authorised push payment frauds, with charities identifying cyber-enabled fraud (including phishing) and cybersecurity as their most significant fraud risk.

Charities should consider whether they have appropriate procedures in place to stop, for example, the classic CEO/ CFO impersonation scam where a fraudster posing as the CEO or CFO requests that funds are urgently transferred to a third party bank account. This scam used to be perpetrated by phone call or email but AI and deep fake technology makes this type of fraud more difficult to detect.

Whilst not charity related, the cyber-attacks on Jaguar Land Rover and Marks & Spencer this year also show us that sophisticated organisations struggle with their cyber security and can have their systems compromised and confidential data stolen. Charities are similarly at risk particularly if donor data can be stolen and donors then targeted as part of fraudulent activity.

As rapid AI advancement continues and the cyber threat remains, charities should be proactive and agile in their approach to fraud detection and prevention. This means regularly assessing and updating fraud policies, response plans and training to ensure they remain fit for purpose in the light of emerging threats, as well as being vigilant of more traditional frauds (which remain prevalent).

Emerging trends: insider fraud and ongoing cost of living

Whilst wages have grown faster than inflation this year, many are still feeling the impact of the cost of living crisis. Inflation has reduced markedly over the last year or so but prices are still rising at a faster rate than the Government's inflation target of 2%.

However, families are still struggling with debt and, consequently, this feeds in to a heightened risk of insider fraud i.e. the possibility that someone working for a charity might identify an opportunity to commit fraud undetected and therefore take that risk.

The cost of living crisis seems to be easing (particularly as inflation has somewhat stabilised and we no longer have inflation in double digits) but the heightened risk of insider fraud (which will always exist but has been exacerbated by external financial pressures) has not gone away.

Conclusion

The developments outlined in this article demonstrate the growing complexity of the fraud landscape in the UK. While fraudsters have more tools at their disposal than ever, businesses in the UK, including charities, face increased scrutiny and accountability for their actions in failing to prevent fraud.

By embedding good governance and oversight practices, fostering a positive and open culture, keeping policies and training under continuous review and adapting to emerging trends, charities can mitigate the risks of fraud to ensure compliance with new legislation and, importantly, to protect their hard-earned reputations.