Ask a Manager: our board member got scammed

[minoanmiss]

What’s our responsibility when a board member gets scammed?

I just joined the board of a nonprofit and at my very first meeting today learned about a mess that we’re in. There are about a dozen members of the board and I’m coming in as an executive member, of which there are four. Apparently, one of the “at large” members of the board received some emails about six weeks ago from the outgoing president about two urgent invoices that needed to be paid, had to happen today, had to be paid online and won’t accept a check, can you please pay it immediately, I’m cc’ing the treasurer who will reimburse you in three business days, etc. The total was just under $3,000.

Apparently this board member went ahead and immediately paid both invoices with personal funds (even though they were a PayPal invoice to a random gmail account!) and is finally speaking up wanting to know why it’s taking so long to get reimbursed, very irritated, this is a hardship for her, etc. When it was explained that the email addresses (“boardpresident9999@gmail”) were obviously spoofed and this was clearly a scam, she was very embarrassed and apologized, and made no further mention of reimbursement.

I do not know why she thought it was appropriate to pay these using her personal funds, as I’m new to the board. It does seem like there’s been a practice of board members covering expenses on a smaller scale and being reimbursed by check within a few weeks (think paying for catering for a meeting, to the tune of a few hundred dollars). There are no written policies or guidelines about reimbursement or payment of expenses. Obviously, that’s the first thing I will be putting on the agenda for our next board meeting!

But now the current incoming president and the treasurer have started a private email conversation with me and the outgoing president saying how bad they feel for her, and that the organization needs to reimburse her as soon as possible. I wrote back immediately saying, “Um, no? She needs to pursue getting the charges reversed by her bank, but the organization is not responsible for paying this.”

I think if she had spent the organization’s funds while being scammed, we wouldn’t be going after her to reimburse the organization, although I would think at the very least we’d need to mandate that she do some training about not falling for scams. But since it was her own personal finances, I do not think we have any obligation to put things right for her personally. The treasurer and the president seem to think we do, since “she was targeted because she’s on the board, so she wouldn’t have been scammed if it weren’t for us” and because they think it’s likely that she won’t be able to recover the money through her bank. The org has just over $20,000 in the bank, and annual budget is mostly focused on a one-day event we put on, which is less than $10,000, so $3,000 is a significant amount for the organization. What do you think?

Yeah, it would be a really big deal to spend 15% of the organization’s finances on this. If the organization had a multimillion dollar budget, it might be different. But you’ve got $20,000 in the bank and want to give a sizable chunk of that away? I don’t see how you can fundraise from donors in good faith after that.

To be clear, this is awful! But the board has a fiduciary duty to protect the organization’s finances, not an individual board member’s. At an absolute minimum, she needs to start by pursuing this with her bank and see what happens there before there’s any discussion of organizational funds being used on it.

(There also need to be immediate policies about spending personal money and what kind of paper trail needs to be in place for expense authorization, as well as some board-wide fraud awareness training.)

Comments

[mrissa]

Good answer, AAM. I understand how small groups can wind up in the situation where board members pay for random stuff out of personal funds and get reimbursed--it's very easy to think "Oh, this is $40 for meeting snacks, it's not a big deal for me to pay it and get the money back later," and that grows into a mindset. But it can't. Or at least it shouldn't. Among other things scams are not the only place where "one person used their personal judgment badly and now it is the group's problem" can come up.

[topaz_eyes]

Excellent advice from AAM. Imho an "at-large" board member should not have to be involved in spending money; that should imho be the exclusive purview of the executive members. If there is a need for an at-large member to spend money, then perhaps 2 signatures should be required for expenditures over a certain amount before the money is paid out; the at-large member and an executive member (treasurer or president).

[jadelennox]

It might not even be legal for a non-profit to reimburse her in this circumstance, and also for a casual culture around non-petty cash invoice payments. I know nobody cares and audits are rare, but there are actual laws around how non profits spend their money.

[katiedid717]

100% agree with LW that this is between board member and their bank, but also understand why some of the board members may want to help out. If the organization has a Directors and Officers insurance policy - which they should! - they should see if this is covered under the policy at all.

[gingicat]

I an going to send this to my supervisor as an example of why board members need to be included in cybersecurity training.

[minoanmiss]

Woot woot!