When a six-figure charity fraud appeared irreversible, careful governance and targeted legal pressure revealed that the money was never truly lost.
Charities depend on public trust, regulator confidence, and donor goodwill. Even where an organisation has acted responsibly, association with fraud or litigation can unfairly create reputational and fundraising challenges. For reasons that will be understood by those working in the voluntary and third sector, the charity at the centre of this case has chosen to remain anonymous.
This account is based on a real case and offers important lessons for trustees, charity leaders, and advisers dealing with fraud, banking responses, and governance obligations.
Authorised Push Payment fraud – a governance crisis for charities
In May 2024, a well-run UK charity fell victim to an authorised push payment (“APP”) fraud. Over £150,000 (funds earmarked for much needed programme delivery and staff costs) was transferred to accounts that appeared legitimate but were, in reality, mule accounts controlled by fraudsters impersonating bank representatives.
The charity acted swiftly. Within hours, staff identified the fraud and raised an urgent recall request through their own bank. Within days came a response that will be familiar to many organisations affected by APP fraud; the funds had “left the account” and nothing further could be done.
The impact was immediate and severe. Trustees faced the prospect of reporting a six-figure loss. Senior staff were devastated. The broader implications for the charity’s financial stability and public confidence were uncertain. Questions arose around compliance with the Charities Act 2011 and Charity Commission guidance, particularly CC8 on internal financial controls.
At that stage, the prevailing assumption (one shared by many fraud victims) was that the loss was irretrievable.
When banks say: “The funds have left the account.”
In APP fraud cases, communication between banks is often brief and opaque. The sending bank typically relies on updates from the receiving bank’s fraud team, relayed internally, and summarised to the customer. Phrases such as “funds not recoverable” or “funds no longer present” are common.
Those statements, however, can conceal important nuance.
In this case, months after the fraud, the charity was informed (by its own bank) that only a negligible sum had been recovered. The clear implication was that the remaining funds had passed irretrievably through the mule accounts and beyond reach.
What later emerged, told a quite different story.
Trustee duties after fraud – why ‘we asked the bank’ is not enough
Trustees are fiduciaries. Their duties extend beyond asking questions and recording responses; they must take reasonable and active steps to protect and apply charitable funds for their intended purposes. This principle, long established in charity law and reflected in Charity Commission guidance, applies as much after a fraud as it does before one.
In practice, this means that passively accepting a bank’s assurance that “nothing can be recovered” may not always be sufficient. Where legal or procedural avenues exist to verify (or challenge) that position, trustees may be expected to consider them carefully. Failure to do so can, in some circumstances, expose trustees to regulatory criticism, even where they were themselves victims of criminal activity.
In this case, that realisation marked a turning point. Rather than treating the fraud as a closed chapter, the trustees reframed it as a governance question; had they done enough to satisfy themselves that recovery was genuinely impossible?
Escalation as a governance response – instructing specialist lawyers
The charity did not rush to escalate matters. Like many organisations, it weighed cost, stress, and uncertainty, against the prospects of success.
Following attendance at the Fraud Advisory Panel’s Charity Fraud Awareness Week co-hosted by Edmonds Marshall McMahon (“EMM”) and BDO, the charity sought specialist advice from EMM to investigate this case and advise what, if any, options were open to them, in the face of what appeared to be a hopeless case.
Norwich Pharmacal Orders: A tool for transparency
Upon receiving that advice, Norwich Pharmacal Order (“NPO”) disclosure relief was obtained, which allowed the charity to compel a third party, namely the receiving bank (typically, innocently mixed up in wrongdoing) to provide information necessary to identify wrongdoers or trace property.
Although traditionally associated with complex commercial disputes, NPOs are increasingly used by SMEs and charities in fraud cases. They are not about assigning blame, but about obtaining information that would otherwise remain inaccessible.
Pre-action correspondence was commenced with the receiving bank, with this remedy in mind, seeking clarity on the movement and status of the funds. The bank responded, but did nothing to correct the charity’s mistaken belief, formed after the bank’s initial response, that the funds had in fact gone.
An unusual twist: When the fraud trail leads back to the bank
By mid-2025, upon a strategic application for a multi-party disclosure order against the bank and Person(s) unknown (being those parties who had received the money following the transfer out of the receiving bank), the High Court granted the relief sought.
English courts have repeatedly emphasised that NPOs against “persons unknown” must be approached with caution, particularly where orders risk affecting innocent third parties or engaging extra-territorial comity concerns. The strategy involved a belief that the “persons unknown” would reveal who the fraudster was or provide to information that would lead to their identification.
As disclosure unfolded, it became clear that the “second-tier recipient” was not an unknown fraudster but was the receiving bank itself. The funds had been transferred by the receiving bank into a separate internal fraud suspense account.
As a result, this targeted extension of disclosure, exposed the true location of the funds and eventually enabled their recovery.
Suspense accounts and the information gap in APP fraud recovery
Unknown to the charity at the time, the receiving bank had frozen the mule accounts shortly after the fraud, issued closure notices, and swept the remaining balances into an internal fraud suspense account. In other words, the bulk of the stolen funds had not vanished as the charity had been led to believe; they remained within the bank’s control.
Crucially, that fact was not disclosed to the charity or to its bank. From the charity’s perspective, recovery appeared impossible, for almost a year.
The Outcome: recovering APP fraud losses through legal pressure
Only after NPO disclosure and sustained follow-up did the receiving bank transfer the majority of the funds back to the sending bank, almost a year after the fraud was first reported.
Recovery was achieved not because the funds had reappeared, but because legal pressure compelled transparency.
Fraud is an unfortunate reality for the charitable sector. Charity Commission data consistently shows that a significant proportion of serious incident reports involve financial loss or cyber-enabled crime. Historically, the emphasis has been on prevention. This case demonstrates the equal importance of informed recovery.
APP fraud may be difficult to avoid entirely, but acceptance of the loss should not be the default response.
Conclusion: for trustees and charity leaders facing app fraud
Fraud in the charity sector is not just a financial problem; it is a test of governance, transparency, and stewardship. Trustees are entitled (and often required) to probe beyond initial assurances and satisfy themselves that all reasonable steps have been taken.
This anonymised case demonstrates that a bank’s initial response may not be the end of the story. With informed, proportionate, and specialist legal advice, charities can challenge assumptions, uncover hidden realities, and, in some cases, recover funds thought lost long ago.
Ashley Fairbrother is a Partner specialising in complex commercial disputes, fraud, and asset recovery, as well as being a highly experienced private criminal prosecutor.
Richard Doble is a senior lawyer and charity trustee, with experience in cross-border commercial and financial disputes, fraud, and regulatory investigations.
For more information and advice, contact Edmonds Marshall McMahon
