Joan M. Renner, CPA, CGMA, Director 501(c)(fit!)

I wasn’t sure how to introduce this FIT! TIP.  Then I thought about spare change, that dish of coins on the bureau, and the good that it could do.  What would you do with a little spare change?  Would you hire some extra help with programs or maybe fundraising?  Most nonprofits would have no trouble putting a little extra money to good use. 

Now, what would you do if you found out that someone could be short-changing your nonprofit right now, without your knowing it?  I’m not talking about a big splashy fraud scheme, just a quiet little bit here and there that goes unnoticed.  Many haven’t considered this to be a big risk, but I just came across some new information that’s hard to ignore:  one in five nonprofit frauds involves theft of incoming checks.* 

Nonprofits are familiar with ways to control outgoing payments.  Many require two levels of permission to release a payment or review their account activity online to prevent or catch fraudulent payments.  But why would anyone take the risk of creating fraudulent disbursements if he could just lift some incoming money before anyone else knew it was there?  Skimming is the fifth most common fraud in nonprofits today*—and those are the ones that get caught.

No nonprofit leader would knowingly leave money unprotected.  People just don’t think it can happen in their organization.  Actually, skimming can happen anywhere income that hasn’t been billed in advance arrives at your office.  Some checks are expected.  You are waiting for a recipient to send a check to pay for services, but contribution checks just show up.  Who’s to know what contributions came in and what contributions didn’t? 

To see what real nonprofits have experienced, I did some research and here’s what I found:

  • Just last month in Charleston, WV, a former nonprofit employee pleaded guilty to embezzling about $1.5 million over nearly 12 years by stealing incoming checks and directing them to a secret account she opened in the organization’s name. As the office manager of a legal aid nonprofit, she opened the mail, kept a check log and made the bank deposits.  She kept a few checks for herself here and there, deposited those checks in the secret account and paid them out for personal expenses.
  • This month in New York, a former college athletics official was arrested for allegedly skimming about $600,000 of facility rental fees intended for the college. According to the allegations filed in Manhattan federal court, he controlled the facility, rented the facility to outsiders, collected the money and apparently kept it.
  • In another case in Eagle, CO, a County employee admitted stealing incoming tax payments totaling about $150,000. She was the only one handling the incoming checks for vehicle rental tax payments.  She stole incoming checks and converted them to cash.

These cases and others show how easily nonprofits can be victims of skimming, although the average nonprofit skimming fraud only nets about $50,000 over a 18-24 month period.*  Look how easy it is to say “only about $50,000” making it sound like spare change.  Wouldn’t it be a waste for a nonprofit to leave $50,000 or more at risk, when safeguarding it wouldn’t cost anything close to $50,000?

Most people are surprised to learn that perpetrators can cash checks made out to the nonprofit.  Well, that office manager in West Virginia just opened another bank account in the organization’s name without telling anyone.  She might have known that everything you need to know to open a bank account is on Form 990 including your ID number and officers. 

An easier way to cash stolen checks would be to rely on the organization’s acronym.  Many nonprofits go by their initials.  There’s nothing to say a perpetrator can’t start a business using those same initials, open a bank account that bears the same initials as the nonprofit, and proceed to deposit stolen checks.  Anyway, there goes the myth that stolen incoming checks can’t be cashed.

Wouldn’t the donors know their checks were stolen?  Probably not.  They’d see a familiar name on the endorsement and their canceled check wouldn’t appear altered in any way.  In many small nonprofit offices, the perpetrator could probably even generate a normal thank you letter.

What can we learn?

Locate your spare change.  Identify what income you have coming into your office that doesn’t relate to an invoice or other expectation.  Ask:  if one of these checks fell on the floor, who would know?  If the answer is no one, then don’t leave your spare change at risk.

Keep your spare change safe.  Try not to direct contribution checks to your office.  Address your reply envelopes to a bank lock box.  Request that checks be payable to your organization’s full name rather than your initials.  Even better, encourage donors to give online.  Of course there are service fees involved, but they don’t come close to the average loss from a skimming fraud.

To learn more about fraud prevention, check out our 501(c)(fit!) PLUS webinar, You Just Lost $1 Million—fraud prevention for CEOs.

Conclusion.  Theft of incoming checks really happens, and when it does, it costs more than a little spare change.  We know you can use all the spare change you can get, so see what steps you can take to keep your donations safe.  This is why we believe that nonprofit education matters and that’s why we’re passionate about empowering nonprofits.

To learn more about nonprofit finance, check out our 501(c)(fit!) live seminars, 501(c)(fit!)—Financial Intensive Training for the Nonprofit Executive.

Click here to join our 501(c)(fit!) community.

*yes, it’s true, per the Association of Certified Fraud Examiners Report to the Nations on Occupational Fraud and Abuse 2016 Global Fraud Study.

© 2017 501(c)(fit!) All Rights Reserved.