It’s not unreasonable to see the occasional headline about fraud at a nonprofit. What’s not nearly as common is that headline being on the charity’s own website.
GiveDirectly, a New York-based charity that sends direct payments to some of the poorest regions of the world via mobile money accounts, apologized and explained in a blog post (https://bit.ly/47pzIyd) how it was defrauded of almost $1 million. It also outlined how the organization is responding to avoid future fraud.
A spokesman for GiveDirectly said leaders isn’t planning to make further comments beyond the blog post. The story was proactively shared with Vox (https://bit.ly/452w6R0), Devex (https://bit.ly/3DWPYJk), and The New Humanitarian (https://bit.ly/3KFNNhj) ahead of publishing the blog post, according to a spokesperson for the organization.
GiveDirectly was transparent about what happened, front running any information about it, whereas what you more commonly see is disclosing the bare minimum and being much more defensive about it, said Brian Mittendorf, an accounting professor at the Fisher College of Business at The Ohio State University. The “extreme transparency” by GiveDirectly, explaining the missteps and how the fraud was perpetrated, could engender more trust in donors, he said.
“The old school of thought was always, any sort of disclosure of this bad news is magnified and it’s hard to get your reputation back. But organizations whose reputation is complete transparency might just not fit the old mold,” Mittendorf said.
According to the organization’s posting, members of GiveDirectly’s team in Democratic Republic of Congo (DRC) “conspired with others outside the organization” to divert mobile money payments, defrauding the cash transfer program of at least $900,000 over six months. “Upon discovering this fraud in January we immediately paused operations to prevent further losses.” The investigation is ongoing.
About 1.1% of the money delivered by GiveDirectly last year was lost to fraud, its highest amount to date. In a December 2021 blog post (https://bit.ly/47HxEBQ), GiveDirectly estimated some $242,000 was lost to fraud that year – “that’s about what we expect.” GiveDirectly also cited a former head of counter-fraud for Oxfam GB who estimated the scale of loss to fraud in global development to be between 2% and 5%. The organization estimates its annual losses to fraud are “consistently at or under 1% even including this recent case.”
GiveDirectly funds reach people in poverty through money sent and received with a SIM (Subscriber Identity Module) card that the charity issues to recipients. SIMs are registered to government IDs and protected with a PIN. GiveDirectly checks multiple times in the process, including a separate census, registration, pre-pay audit, post-pay audit, and follow-up call, to ensure the SIM reaches the correct recipient.
Due to regional violence in Eastern DRC, GiveDirectly allowed its enrollment team to register new SIMs for recipients instead of sending them to agents because the closest agent can be a long distance in the remote region. “We continue to believe cash transfers are a highly effective, transparent, and safe form of aid,” GiveDirectly officials wrote in the post, adding that it will use this incident to further improve its controls.
“While simple on the surface, this scheme involved corrupting our fraud prevention system at many levels,” according to a GiveDirectly statement. Fraud checks are done by an enrollment team and further validated during visits from a separate internal audit team and follow-ups from its call center – all supported by the back-office team. The conspirators recruited local staff in every layer of the system to suppress evidence of the fraud, including complaints from families who had not received funds, according to GiveDirectly, and conspired with third-party mobile money agents to transfer funds from stolen SIMs.
To protect recipients in other ongoing programs, GiveDirectly promised the following steps:
- Further firewall different departments to prevent collusion and adding additional audits and checks to identify potential corruption sooner.
- Implement automated data checks organization-wide that would allow them to detect such fraud more rapidly.
- One central error was the SIM registration exception GiveDirectly made in the DRC, which it said it will not make again without additional controls.
“We’ve always had this question in the sector about how will it be perceived about organizations that are more upfront about their failures,” Mittendorf said. “I think this is like an extreme case because it’s a sort of failure that’s perhaps most damaging to reputations. These financial frauds and failures that expose mistakes in governance and internal controls, are in many ways the hardest to get the reputation back,” he said.
GiveDirectly’s efforts also might be working to adjust expectations in an organization dealing with circumstances they’re dealing in, “to expect there never be any instances of fraud would be maybe too fanciful,” Mittendorf said. “It helps set the stage for what people should expect. Not that it’s excusable or the norm but to think when dealing with a variety of local circumstances, you’re constantly having to be on guard for internal control issues. The narrative is: they were on guard, it could’ve been much worse had they not been paying close attention,” he said.
