Risks of Fraud: Safeguarding Church Funds

A controller at a Church Extension Fund gets an email that looks legitimate. The sender name matches a pastor she knows. The message says a construction vendor changed banks and needs the next draw sent that afternoon. The amount is routine enough not to shock anyone. The timing is tight. The request feels pastoral, urgent, and plausible.

That is how many fraud losses start. Not with a masked hacker in a movie scene, but with a normal business process, a trusted relationship, and one person trying to keep ministry moving.

If you're a new executive director, this is one lesson to learn early. Fraud control is not back-office bureaucracy. It is stewardship. When your fund manages investor notes, church loans, ACH activity, cash transfers, statements, and reporting across disconnected systems, small control weaknesses can turn into real losses quickly. And in a ministry setting, the reputational damage often hurts longer than the dollars do.

Stewardship in an Age of Increasing Risk

Most CEF leaders still think of fraud as a bank problem, a retail problem, or a cyber problem for large corporations. That's too narrow. Your investors and borrowers live in the same threat environment as everyone else, and the pressure lands on your institution when their trust is shaken.

In 2024, the FTC reported $12.5 billion in consumer fraud losses in the U.S., a 25% year-over-year increase, and nearly 1 in 5 people who report an imposter scam said they suffered a financial loss according to John Marshall Bank's summary of FTC fraud statistics. That matters to a CEF because your organization sits in the middle of relationships built on trust, service, and often long-standing church connections.

A lot of leaders still ask the wrong question. They ask, "Could fraud happen here?" The better question is, "Where are we easiest to manipulate?"

Trust is an asset and a vulnerability

Faith-based organizations operate on relationship capital. That's a strength in lending and investor retention. It's also exactly what fraudsters exploit.

Older investors may be especially vulnerable to scams designed around personal relevance and emotional framing, which is one reason your duty of care is higher than it looks on paper. If you want a plain-language resource you can share with concerned members and families, this guide for investors on protecting assets gives a useful overview of how deceptive schemes often work.

Board-level truth: Every dollar lost to fraud is a ministry dollar that can't fund a church project, support liquidity, or strengthen investor confidence.

What stewardship requires now

Stewardship used to mean locked file cabinets, dual signatures, and month-end review. Those still matter, but they aren't enough. Fraud now moves through email, ACH files, login resets, vendor changes, investor self-service requests, and construction draw approvals.

If your process depends on one experienced employee "spotting something odd," you don't have a control framework. You have a near miss waiting to become a loss.

The Fraud Landscape for Church Extension Funds

CEFs have a distinctive fraud profile because they blend three functions under one roof. You hold investor money. You service loans. You run accounting and payment operations. That combination creates attack paths that don't exist in a simpler nonprofit.

The easiest way to think about the risks of fraud in a CEF is to separate them into internal fraud, external fraud, and cyber-enabled fraud. In practice, these categories overlap. A phishing email can lead to an internal approval mistake. A dishonest employee can exploit poor system permissions. A fake borrower can hide behind weak onboarding records.

Internal fraud inside trusted processes

Internal fraud isn't only theft from the cash drawer. In a CEF, it often hides inside routine work:

Payment initiation abuse where the same person sets up and releases an ACH or wire
Vendor manipulation through a changed mailing address or bank account without independent confirmation
Journal entry concealment used to delay recognition of a posting problem or cover unauthorized activity
Loan servicing overrides such as fee waivers, payoff adjustments, or off-cycle changes without review

Culture can blind leaders. Ministry organizations often assume loyalty equals control. It doesn't. If you want a simple primer for non-technical leaders, this article on understanding insider threats is a useful reminder that trusted access always needs boundaries.

External fraud aimed at your staff and members

External fraud usually arrives disguised as a normal business request. A fake construction draw. An investor asking to redirect interest payments. A caller impersonating a pastor, board chair, or bank representative. A borrower submitting altered financials during underwriting.

Because many CEF investors are older adults, your risk is not abstract. Research on fraud in aging shows vulnerability is influenced by the fraud's design, including personal relevance and emotional framing, as discussed in this NIH-hosted paper on financial fraud in aging. That fits the exact playbook used in scams targeting faith communities.

Cyber-enabled fraud that turns speed against you

Cyber-enabled fraud is traditional fraud moving through digital channels faster than your manual controls can keep up. Business email compromise, account takeover, malware, and credential theft all belong here.

A CEF is particularly exposed when email approvals, spreadsheet trackers, and bank portal credentials sit in separate hands with weak reconciliation between them. The attacker doesn't need to break your whole environment. He just needs one convincing message and one rushed approval.

Fraud Type	Description	Red Flag Example
Internal fraud	Abuse of authorized access inside finance, servicing, or operations	Employee both creates and approves a payment change
External fraud	Deception by someone outside the organization posing as a trusted party	Vendor banking instructions changed by email only
Cyber-enabled fraud	Fraud carried out through compromised credentials, phishing, or digital manipulation	Login from an unusual device followed by payout redirection

Fraud in a CEF rarely starts where the loss is recorded. It starts where process discipline is weakest.

Conducting a Practical Fraud Risk Assessment

A fraud risk assessment sounds formal, but it doesn't need to be complicated. You don't need a consultant to begin. You need a room, the right people, and enough honesty to admit where your workflows are soft.

Start with your actual operations. Investor onboarding. ACH setup. loan origination. Construction draws. Payment processing. Statement generation. Journal entries. Bank reconciliation. User access changes. Then ask one question for each area: How could someone steal money, redirect money, or hide money here?

A five-step infographic titled Practical Fraud Risk Assessment detailing the process for identifying and mitigating organizational fraud.

Put real scenarios on paper

Don't write abstract risks like "cyber incident" or "fraud event." Write concrete scenarios:

A fraudulent ACH transfer is initiated after bank instructions are changed without verbal confirmation.
An investor account is altered using a spoofed email that looks like a legitimate request.
A construction draw is released on forged approval documentation.
A staff user posts manual entries that conceal unauthorized activity.
A terminated employee retains access to a banking or servicing function.

That level of specificity changes the conversation. It forces leadership to test real workflows, not theoretical policies.

Score what matters first

The Association of Certified Fraud Examiners has long estimated that organizations lose about 5% of annual revenue to fraud, and Thomson Reuters notes that for a business with $5 million in annual revenue, that implies a potential loss of $250,000 in its overview of fraud risk fundamentals. For many CEFs, that's not a rounding error. That's a material hit to operations, liquidity, and board confidence.

Use a simple matrix:

Likelihood asks how easily the scenario could happen under your current process.
Impact asks what the financial, operational, legal, and reputational consequences would be.
Control strength asks whether your current safeguards would stop it or merely document it after the fact.

Practical rule: If a risk touches cash movement, investor records, or borrower disbursements, treat it as high priority until proven otherwise.

End with owners and deadlines

A risk assessment fails when it becomes a memo. Assign an owner to each major gap. Set a deadline. Bring it back to the finance committee and board. If a control change affects bank access, statements, user roles, or approval workflows, test it before declaring victory.

Building Your First Line of Defense with Internal Controls

Most fraud losses I've seen in ministry finance were preventable. The organization had honest people, decent intentions, and weak execution. That's why internal controls matter. They protect good staff from bad situations, and they make misconduct harder to hide.

Modern fraud defense is a real-time problem. IBM notes that effective systems analyze activity as it happens, rather than waiting for month-end review, in its discussion of real-time fraud detection practices. For a CEF, that means your controls can't live only in policy binders and audit prep folders. They need to sit inside daily workflows.

A technician using a screwdriver to perform maintenance on a secure server cabinet in a data center.

Separate authority before you automate anything

Start with the basics. If one person can create a payee, change bank instructions, originate a payment, and reconcile the account, your problem isn't software. It's governance.

Your essential control set should include:

Segregation of duties so initiation, approval, release, and reconciliation sit with different people whenever possible
Maker-checker approval for every movement of funds, every bank change, and every sensitive record update
Out-of-band verification such as a phone call to a known number before changing payment instructions
Role-based permissions so users only access the functions they need
Independent review of manual journal entries, exception reports, and off-cycle transactions

If your team is small, you may not have perfect segregation. That's common. Then use compensating controls. Involve the executive director or board treasurer in selected approvals. Review bank activity daily. Require independent approval for any change tied to cash destination.

Stop trusting spreadsheets to enforce control

Spreadsheets are useful analysis tools. They are poor control systems. They don't enforce permissions well, don't reliably preserve decision context, and don't give you a complete audit trail when something changes hands across email and shared drives.

That is why many CEFs struggle with fraud prevention even when they have documented procedures. The workflow lives in too many places. Loan data sits in one system. Investor notes in another. General ledger entries in a separate process. Cash movement in a bank portal. Approvals in inboxes.

A more defensible model is to use a system that enforces permissions and captures approvals inside the transaction flow itself. If you're reviewing system design, this piece on role-based access control best practices is worth sharing with finance and IT together.

Build controls around your actual fraud points

CEFs should focus controls where money and identity intersect:

Investor note operations need strict verification for address changes, redemption requests, ACH changes, and beneficiary updates.
Loan servicing needs dual review for payoff figures, disbursements, construction draws, escrow releases, and loan maintenance overrides.
Accounting and treasury need approval chains for wires, ACH files, manual GL entries, and suspense clearing.
User administration needs documented approval for access changes, prompt removal of terminated users, and periodic access review.

One platform option in this space is CEFCore, which centralizes loans, investor notes, GL, cash and ACH workflows, and audit trails in one environment. The point isn't brand preference. The point is control integrity. If your process still depends on copying data across systems and proving approval history after the fact, you're carrying unnecessary risk.

Good controls don't slow ministry down. They keep one bad transaction from draining time, money, and trust for months.

Monitoring and Reporting Key Risk Indicators

Most leadership teams get plenty of reports and not enough warning. Financial statements tell you what already happened. Key Risk Indicators, or KRIs, help you see pressure building before it becomes a loss.

A useful KRI has three qualities. It connects to a known fraud scenario. Someone can act on it. And it changes quickly enough to matter. If a metric is interesting but doesn't trigger a decision, leave it off the dashboard.

A dashboard showing four key risk indicators for internal fraud prevention including employee turnover and inventory shrinkage.

What boards should actually watch

For a CEF, I'd rather see a tight dashboard of operational risk signals than another stack of summary reports with no exceptions highlighted.

Strong KRIs often include:

Manual journal activity with focus on unusual timing, repeat reversals, and entries posted outside normal close routines
Bank instruction changes especially those followed quickly by redemptions, disbursements, or ACH activity
Exception volume such as overridden approvals, backdated transactions, or off-cycle payments
After-hours access to systems that handle cash movement or sensitive record changes
Returned or rejected payment patterns by reason and account type
Dormant account reactivation followed by immediate transaction requests
Construction draw anomalies including repeated documentation issues or last-minute approval pressure

The audit trail matters more than the dashboard design

When a KRI turns red, leadership needs to drill into who did what, when, and under whose authority. That requires a clean event history, not just a summary tile. If your system can't answer those questions quickly, your monitoring is weaker than it appears.

Disciplined logging moves beyond a technical task to become operational. A practical reference on audit trail best practices can help finance leaders define what should be retained, reviewed, and escalated.

If a dashboard shows anomalies but no one owns the follow-up, you've created theater, not oversight.

Set thresholds before emotions get involved

Don't wait for an incident to decide what counts as unusual. Set thresholds in advance. Decide which exceptions require same-day review, which go to management weekly, and which rise to the board or audit committee. Predefined escalation keeps people from talking themselves out of action when the source seems familiar or well-intentioned.

Responding When Fraud Occurs

Sooner or later, every leader asks the same question after an incident. "What do we do right now?" If the answer depends on who happens to be in the office, you're not prepared.

How an institution handles a fraud incident directly affects the final loss. A credit-union analysis found that the difference between a 25% loss rate and a 6% loss rate in certain fraud scenarios came down largely to execution, including clear investigation and remediation processes, as described in this discussion of auditable fraud-response execution. That lesson applies directly to CEFs.

A checklist infographic detailing five essential steps to take when responding to corporate fraud incidents.

Contain first, ask broader questions second

The first hours matter. Your priority is to stop further loss and preserve evidence.

Use a simple response sequence:

Contain the exposure by freezing affected accounts, suspending user access, stopping pending payments, and alerting the bank.
Preserve evidence including emails, approval logs, bank records, screenshots, call notes, and system access history.
Lock the timeline so staff record what they observed before memories shift.
Assign one incident lead who coordinates actions and communication.

Do not let well-meaning staff "clean up" records before you know what happened. That ruins evidence and weakens recovery efforts.

Investigate with discipline

Many internal teams can identify what broke in the process. Fewer can perform a defensible fraud investigation. Bring in outside help when the facts are disputed, the loss is material, or legal exposure is possible. If you need a general overview of what external specialists do, this explanation of forensic accounting by Bookkeeping and Accounting provides a useful summary for leadership teams.

Your investigation should answer five questions:

Entry point where the fraud began
Control failure that allowed it through
Scope of affected accounts, users, or transactions
Recovery options through bank action, insurance, or legal channels
Remediation steps to prevent recurrence

For teams formalizing this process, a practical resource on fraud management workflows can help frame responsibilities and escalation paths.

Write the response plan before the incident. During a live fraud event, nobody thinks more clearly under pressure than they do in advance.

Notify the right people in the right order

Your list may include executive leadership, board officers, legal counsel, insurers, auditors, banking partners, and law enforcement. The order matters. So does message control. Staff should know who is authorized to communicate externally and what facts are confirmed.

A ministry organization must protect truth and trust at the same time. Be transparent, but don't speculate.

Weaving Security into Your Ministry's Fabric

The risks of fraud aren't separate from your mission. They sit inside it. Every investor account you protect, every disbursement you verify, every access right you tighten, and every exception you review supports the same objective. Faithful stewardship of funds entrusted for ministry.

That is why mature fraud management doesn't look paranoid. It looks orderly. Clear approvals. Clean audit history. Defined authority. Timely review. Respectful verification, even when the requester is well known. Especially when the requester is well known.

If you're a new executive director, take one step in the next month that changes behavior, not just policy. Review who can change bank instructions. Test whether every fund movement has maker-checker approval. Ask for a dashboard of exceptions, not just balances. Pick one workflow where trust currently substitutes for control, and fix it.

Security becomes sustainable when it is built into normal operations. Not as a special project. Not as a reaction to a close call. Just part of how the ministry handles money, decisions, and accountability every day.

If your team is tired of managing fraud risk across spreadsheets, inboxes, and disconnected systems, take a serious look at CEFCore. It was built for Church Extension Fund operations, including loans, investor notes, GL, cash, ACH, approvals, and auditability, so your controls can live inside the work instead of around it.