Many nonprofits worry about stolen funds and ask how can embezzlement be prevented. Nonprofit embezzlement steals an estimated 7 to 13 percent of annual income, about $40 billion a year.
This post gives ten clear tips you can use now, from stronger oversight and insurance to locked cards, dual approvals, and background checks. Read on to protect your mission.
Key Takeaways
- Nonprofits lose an estimated 7–13% of annual income to embezzlement, roughly $40 billion a year, damaging donor trust and programs.
- Adopt strong financial oversight: written policies, whistleblower protections, quarterly reviews, dual approvals, signature limits, and annual asset inventories.
- Confirm theft coverage in insurance policies and report embezzlement quickly to preserve claims and, if needed, disclose excess benefit transactions on Form 990.
- Screen board members, staff, and key volunteers with background checks and references, revoke authorizations immediately on departure, and require MFA for digital access.
Nonprofit Embezzlement Statistics
Nonprofits lose an estimated 7% to 13% of annual income to theft, embezzlement, or fraud. That equals about $40 billion every year across the sector. Reports of non profit embezzlement appear regularly in news and audit findings.
Research shows most embezzlement comes from trusted individuals. Up to 15% of offenders have a prior conviction for similar crimes. I saw this in person at a small charity where a longtime bookkeeper skimmed funds.
Cases like that erode donor confidence and harm programs.
Risks of Not Reporting Embezzlement
I saw a small charity lose insurance coverage after it failed to report theft. Not reporting embezzlement can void crime and employee dishonesty policies. It can send a negative message to donors, volunteers, and grantmakers.
If an individual with significant influence over finances is involved, you may need to report the loss as an excess benefit transaction on Form 990.
Many organizations hesitate to report out of fear of reputation damage. This hesitation cost one group my friend worked with their grant renewal. Board members then faced legal and financial scrutiny.
Acting fast protects insurance rights and preserves stakeholder trust.
Top 10 Tips for Preventing Embezzlement
I lay out ten simple steps you can start using today to protect your nonprofit’s money — read on to learn more.
Institute Strong Financial Oversight Policies
Develop and maintain comprehensive financial oversight and control policies aligned with your organization’s needs. I worked with a small food bank that cut fraud risk after we wrote clear approval limits, bank reconciliation steps, and audit procedures.
Include a strong whistleblower policy as part of financial oversight so staff and volunteers can report concerns without fear. Board members must approve the policy and staff must get routine training.
Regularly review financial management practices to ensure both the Board and employees follow the policies, at least quarterly. My team ran quarterly reviews and found three authorization gaps in year one, which we closed within 30 days.
Check your insurance next to make sure theft is covered.
Ensure Theft is Covered by Insurance Policies
After tightening financial oversight, check your insurance to close any gaps. Nonprofits should secure a general liability policy that includes coverage for employee theft and embezzlement.
This coverage protects donated funds and program assets if a staff member steals.
Organizations that possess significant assets must make this a priority. Speak with your insurer about policy limits, deductibles, and specific embezzlement clauses to ensure adequate protection.
Educate Staff on Online Fraud Scams
I trained staff to spot phishing emails and fake invoices during a workshop last year. The session used real examples and hands-on exercises. Staff learned to flag suspicious links, check sender addresses, and confirm requests by phone.
Training covered financial scams and social engineering tactics, and we fostered responsibility by making everyone report odd transactions.
Managers set clear steps for reporting and followed up on every alert. This built awareness and cut risky behavior in my team.
Have More Than One Set of Eyes on Finances
Require a review of all financial transactions by someone other than the signer. Balance the books at least monthly to spot oddities, since audits may not detect embezzlement unless specifically requested.
Review original invoices before signing checks, and accept only original receipts for reimbursements.
Set up dual authorizations for administrative changes and online transactions to cut exposure to asset loss. Rotate reviewers and separate duties among staff and board members. Train reviewers to compare bank activity to ledgers during each review.
Implement a Signature Authority Policy
After adding more eyes to accounts, set clear limits on who can sign checks and contracts. I wrote a policy that ties approval levels to dollar amounts and to contract length. Small purchases need a manager sign off.
Large payments require the CEO or a board member, or a formal Board resolution.
In my experience, staff follow rules better when roles stay clear. The policy lists each signer, the amount they may approve, and how long contracts may run. Auditors like the written rules and they spot fewer odd transactions.
Such rules cut down fraud and speed up reviews.
Know Your Team
Screen board members, staff, and key volunteers who handle funds or assets. Run background checks that include criminal history checks to reveal convictions and other records. Ask for references from at least three individuals and call each reference.
Write a policy that requires these checks before hiring or appointment. Train leaders to review results, document findings, and act on red flags.
Keep Authorizations Up to Date
I handled access changes at a midsize nonprofit and saw how small lapses cost money. Immediately notify banks when an authorized approver leaves the organization to remove their access.
Collect credit cards and keys from departing staff and shred outdated cards and stamps. Remove digital access and keep antivirus software consistently updated to block credential theft.
Update signature rosters and authorization lists after any staff change. Call banks the same day you learn of a departure. I once stopped a fraud by acting within 24 hours. These steps prepare you to lock up assets.
Lock Up Assets
After updating authorizations, lock down physical and digital assets. Put credit cards, check stock, and signature stamps in a locked location. Limit who can reach that lock box. Store spare keys separately and log each access.
Protect cloud data with strong passwords and multi factor authentication. Assign access based on job need and review permissions monthly. Train staff to report odd access or missing items.
Set a Schedule to Conduct Fixed Asset Inventories
Nonprofits should schedule fixed asset inventories each year if the organization holds substantial equipment or other fixed assets. Annual checks help track location, condition, and ownership.
Regular inventories help monitor and verify asset status and reveal missing items early. Next, learn the signs of potential embezzlement.
Know the Signs of Potential Embezzlement
Watch for staff who avoid time off or who work late when others leave. They may hide action by giving excessive technical excuses or by filing late reports. Also spot irregular financial reporting or sudden changes in submission habits.
Late reconciliations and repeated explanations about software errors deserve a closer look.
I once oversaw a case where an assistant director in a trusted role used overtime to cover theft. That person had a gambling problem and slipped into embezzlement. Most schemes start with someone in a highly trusted position, so act fast if you see these signs.
Conclusion
Protecting your nonprofit starts with simple habits. Train staff, lock assets, and check records often. Run background checks and set dual authorizations to cut risk. Report theft quickly so insurance stays valid and donors stay confident.
Act now to keep your mission safe.
FAQs
1. How can nonprofits prevent embezzlement using the Top 10 Tips?
Use clear policies, strong internal controls, and regular audits. Segregate duties so no one person handles records, payments, and bank access. Do background checks on staff and volunteers. Reconcile financial records each month and require dual approvals for big payments. Train people and keep good oversight by the board.
2. What internal controls should a small charity start with?
Start with segregation of duties, written approval rules, locked access to funds, and a simple ledger that shows every transaction. Do monthly reconciliations and spot checks. Use an external accountant for an annual review. These steps make a big difference.
3. How often should nonprofits review finances and run audits?
Do bank and ledger reconciliations every month. Hold budget reviews every quarter. Ask for a formal audit or review by an outside accountant each year. Regular checks catch problems early and protect donor trust.
4. How can staff spot and report possible embezzlement?
Watch for missing receipts, late reconciliations, unexplained vendor payments, or changed records. Keep a clear whistleblower policy and a safe way to report concerns to the board or an external reviewer. Act fast, document what you find, and get help from an accountant or law enforcement if needed.
Ellis Carter is a nonprofit lawyer with Caritas Law Group, P.C. licensed to practice in Washington and Arizona. Ellis advises nonprofit and socially responsible businesses on corporate, tax, and fundraising regulations nationwide. Ellis also advises donors concerning major gifts. To schedule a consultation with Ellis, call 602-456-0071 or email us through our contact form.