BDO Insights - Fraud risks across the sports sector

Fraud.

A word we’re all familiar with but convince ourselves that it won’t happen to us. We hear the word used when we switch the news on or read the papers without considering how it happened or the implications it can have on an organisation financially or reputationally. Or, more importantly, whether our organisations could be vulnerable to fraud. 

It is a natural human instinct to trust those we interact with, and that is important for developing a strong organisational culture. However, having controls in place to prevent or detect fraud adds a layer of assurance that you will not be the victim. It may not be perfect but helps to mitigate the risk. 

What is fraud?

Fraud is complex, can take many forms, and can be hard to define. Put simply, there is no strict legal definition for fraud but it is generally understood as ‘behaving dishonestly with the intention of making a gain for yourself and/or causing a loss for another’. 

But, more importantly, why do people commit fraud? It is a criminal offence with severe penalties, so what drives an individual to dishonestly and intentionally commit a criminal act that could result in significant implications?

US-based sociologists, Edwin Sutherland and Donald Cressey, researched this question in the 1950s and their conclusions were termed the triangle model. This is that there are three main reasons why people are driven to commit fraud:

Motivation There has to be an ultimate reason or benefit that the individual will gain by committing fraud. These could be to financially enrich themselves or to get help in a desperate situation.

Opportunity The higher the likelihood that the fraud will go undetected, the higher the likelihood that an individual may commit it. This could be because an organisation has poor financial controls (i.e. no separation of duties or reconciliations) so they feel that the fraud won’t be identified.

Rationalisation When the opportunity arises and a motivation exists, the third element of the triangle is that an individual may rationalise that their behaviour is acceptable. They could think that they deserve to be paid more and therefore, defrauding their employer is making up for that.

Research by the National Crime Agency identifies that fraud is the most common crime committed in the UK, accounting for around 40% of crimes in England and Wales.[1] Broadly, among fraud prevention professionals, it is broadly estimated that there is a 10-80-10 ratio of those that would commit fraud. This is that: 10% of people would never commit fraud regardless of the circumstances as they believe it is morally and ethically wrong, 10% of people would commit fraud for their own gain if the opportunity arose, and the remaining 80% could swing in either direction depending on their personal circumstances at the time.

Beyond fraud, there is broader legislation around bribery and corruption which are external threats facing sports organisations. Sports events or opportunities are lucrative, therefore, there are inherent risks that organisations must be aware of to mitigate the risk of staff being bribed. We will talk further about some of these risks later in this article, but primarily, these would be gifts and hospitality.

 

The fraud threat landscape in the UK

As noted earlier, fraud is the most common crime in the UK, and that’s just the fraud we know about. The Iceberg Model breaks down fraud between the detected, estimated and unknown fraud. In 2020, it was estimated that there was between £33.2bn and £58.8bn of public money lost to fraud.

Of this, £10.8bn of fraud was detected, it sat above the water’s surface and was found; £30.3bn is the estimated figure for total fraud losses; but there is a further 0.5% to 5% of public expenditure lost to fraud that is simply unknown. This equated to between £2.9bn and £28bn.

In its election manifesto, the Government committed to introducing a new and expanded fraud strategy to tackle the full range of threats, including online, public sector and serious fraud. In the 2024 Autumn Budget, the Government announced that additional funding and resources would be provided to the Serious Fraud Office as part of a crackdown on fraud.

 

Why does this matter to the sport sector?

So, the overarching question is: why is this relevant to the sport sector?

National governing bodies (NGBs), Active Partnerships and charities promoting sport or physical activity often receive funding from UK Sport, Sport England, sportscotland, Sport Wales or Sport NI. These sports bodies have fraud policies that declare a zero-tolerance approach to fraud. Some of your organisations are wholly or substantially funded by these bodies, so while you may not be legally public sector organisations, a lot of your income is from the public purse and therefore there is a responsibility to manage these funds prudently and to prevent or mitigate fraud.

In our Risk management across the sports sector article, we reported our findings from the Sports Governance Academy’s Conference that the highest risk reported by those that attended was financial pressures and funding. It is not inconceivable that such pressures could create a motivation for fraud and lead to it being a heightened risk. Furthermore, the past few years have seen cost-of-living challenges driven by higher levels of inflation, which may also result in individuals that rest in the 80% to rationalise committing fraud. According to Cifas, fraud has risen recently and the cost-of-living pressures have been a factor contributing to this.

 

What are the main fraud risks we have seen in the sports sector?

Over the past six years we have worked with the sports sector delivering finance and governance reviews, covering almost all NGBs in that period. Our finance reviews assess the design and effectiveness of financial controls which, while not focusing exclusively on fraud, consider whether they are suitable to reduce the opportunity for fraud. From our observations and experience, plus our wider understanding of fraud in other sectors, we have identified three key risk areas where fraud could occur and these link back to the three main offences for fraud. These are:

1. Credit Cards - These are often held by senior staff who may use their credit cards for personal or inappropriate purchases, especially if there are insufficient controls in place to monitor the spend, thereby creating the opportunity for fraud. Unlike expenses, credit card usage is usually monitored retrospectively after the spend has been incurred which does create a heightened fraud risk.
2. Payments and Banking - The payments and banking process naturally has a higher level of risk as cash is leaving the organisation, where it may be difficult to recover if it is fraudulently transferred out. Particularly for small partners where there are few staff, there is a higher risk if there are insufficient resources for independent reconciliations.
3. Procurement - The sport sector is a tight-knit community so purchasing is a high-risk area for fraud if conflicts of interest are not declared, or there is a sole decision-maker. Contracts may be given to partners, relatives or friends if a proper procurement process is not followed, with the organisation not necessarily getting value for money. 

Similarly, there are wider risks relating to bribery and corruption that link closely with these fraud risks, particularly the final point relating to procurement. For example, key decision-makers could be given a bribe, gift or hospitality (e.g. tickets for a prime seat at a significant event) to impact their decision over the awarding of a contract. The bribe may not always be obvious. 

 

What can organisations do to mitigate this?

If we revert to the Fraud Triangle Model that was discussed earlier, this can help us to understand what sports organisations can do to reduce the risk that you may be a victim of fraud (or bribery and corruption). The answer… opportunity. It is the responsibility of all organisations, particularly those managing public money to have robust policies and controls to reduce the likelihood of fraud or bribery.

Policies

These start with policies. Policies underpin your control environment so should establish clear requirements of your staff. Policies that we’d typically see in this area are:

• Financial Regulations - The Financial Regulations or policies should underpin your processes and provide a robust framework for preventing fraud. It will often be split into different areas setting out the requirements of staff for each process. For example, in the purchasing section, it will set out the authorisation levels for spend incurred. Similarly, the procurement section will identify thresholds for spend where quotes or full tenders will be needed.
• Counter Fraud Policy - To establish the organisation’s approach to fraud, how it will be investigated and managed, and the responsibilities of certain individuals or committees in overseeing fraud controls.
• Gifts and Hospitality Policy - To set clear processes in place for how staff should report and record gifts or hospitality received from other parties. It should also provide clear thresholds for the value of gifts that may be accepted and give examples for what will not be appropriate. 
• Conflicts of Interest Policy - To outline where staff and Board members must declare other interests they hold and how these should be recorded on a Register of Interests. See here for more on conflicts of interest. 

These would usually be supported by a disciplinary policy setting out the implications of non-compliance.

Controls

However, while policies establish a framework, if someone is planning to commit fraud, they are likely to be willing to not comply with policies. Therefore, a robust system of internal controls must be embedded to reduce an individual's opportunity to commit fraud. If we refer back to the three key fraud risk areas we highlighted earlier, there are certain manual or automatic controls which could be implemented that may reduce the risk.

• Credit cards
  • Credit card statements to be accessible by the Finance team to oversee and monitor spend on the credit cards.
  • Require all credit card receipts to be sent to the cardholder’s line manager or to the Finance team within two weeks of the month-end to review and approve. A stronger control would be for these to be uploaded through a system with automatic workflows so that the Finance team can more easily monitor non-compliance. 
  • Require all cardholders to sign a Cardholder Agreement Form to confirm they understand the policy and the requirements.
• Payments and banking
  • There should be dual authorisations on the online banking system. Preferably, no individual would have the access to upload and approve payments generally, but at a minimum, there would be at least two authorisers to maintain a separation of duties before payments are released.
  • Bank reconciliations are conducted and reviewed by individuals that don’t have access to upload or authorise payments to maintain independence.
• Procurement
  
  • A contracts register would be maintained with a list of all contracts and suppliers.
  • Where thresholds are met, quotes or tender exercises are undertaken in accordance with the policy requirements.
  • Multiple individuals are part of the evaluation process for suppliers to mitigate the risk of a sole decision-maker. 

While the risk of fraud cannot be completely removed, as there may always be a way to collude with others or override controls, these significantly reduce the opportunity for fraud, which may impact an individual’s rationalisation to commit it. 

More on financial controls

 

What the sports sector has told us

We hosted a fraud training session with UK Sport in December 2024 for NGBs where we collected survey responses from attendees about the fraud risks facing their organisations.

Interestingly, when asked whether fraud was considered a high, medium or low risk for the organisation, 81% of respondents stated that it was either low or medium as it was unlikely to happen and they were confident that their controls were strong enough to prevent it. In reality, while it is positive to see that NGBs are confident in their financial controls, we see significant variances in the controls across our work, particularly the application of a separation of duties. 

We also asked NGBs ‘Who is responsible for preventing and mitigating fraud in your organisation?’ which received varied results. The breakdown was: 

The Board and the Senior Management team set the culture and environment for fraud prevention through the tone from the top and the policies; the Finance team often operate and implement the financial controls to reduce the opportunity for fraud; and all staff have the responsibility to follow policies and report fraud if it is detected. 

What was interesting was the responses to what NGBs felt were the activities that were most vulnerable to fraud. Over 80% of respondents said either procurement or credit card carried the highest level of fraud risk, which aligns with our observations from working with NGBs. Therefore, this suggests that there may be some work to do on ensuring that controls are implemented. 

 

Conclusion

Overall, while this article should not be considered as formal advice for organisations as every organisation is unique and different, this summarises the general landscape and our observations for what we have seen in the sector and potential fraud risks, combined with the perspectives of NGBs. 

We are also happy to discuss your fraud risk management arrangements. If you are interested in speaking then please contact us.

---

Gurpreet is a partner in BDO's public sector internal audit practice, leading on corporate governance and risk management solutions to a range of public sector clients. Max is a Manager based in BDO’s Birmingham office, managing engagements across the public sector and the Non-Governmental Departmental Bodies (NGDB) sector. They can be contacted as follows:

Gurpreet Dulay – BDO Partner

Max Armstrong – BDO Manager