Handling of cash and other donations

Donation handling guidance is important

• To protect the organisation from fraud, theft or embezzlement
• To protect staff or volunteers from accusations of dishonesty or the temptation to commit fraud
• To assure donors that their donations and gifts are used for the purpose for which they were given

The need to handle donations, and particularly cash, arises throughout the fundraising sector and occurs in a number of areas, such as appeals, fundraising events, ticket sales, refreshment sales, programme sales, raffles and trading. These donations can be made in person, over the phone or online. The general guidance given here applies to the handling of donations in all situations.

It is important for fundraising organisations to have a procedure in place for handling cash and other donations.

It’s advisable for all cash handlers to have suitable banking bags for counting and cashing up money. Where cash is received in collection envelopes or collection boxes as part of a public charitable collection in Scotland, it must be counted and banked as soon as possible. Where substantial sums are being taken at an event, it is a good idea for cash to be banked in stages and by two individuals.

Cash should never be left unattended or in an unattended environment. Cash not banked immediately should be placed in a safe or other secure location.

It is important that any person accepting a cheque ensures that:

• The date is current (normally six months from the date of the cheque but this should be verified with the bank)
• The cheque is made out to the correct payee
• The words describing the amount on ‘pay’ lines matches the numbers in the ‘£’ box
• The cheque is not post-dated

It is important that fundraising organisations comply with the Payment Card Industry Data Security Standards (PCI-DSS). Although this is not a legal requirement, fundraising organisations will be required by payment card companies to comply with the PCI-DSS, and could be fined if they do not. PCI-DSS consists of 12 requirements that all organisations and businesses processing card payments have to meet.

• Ensure that third party card transaction processors are PCI-DSS compliant
• Ensure online donations are processed using a secure payment gateway which is PCI-DSS compliant. In some cases, a fundraising organisation’s bank may require the CSC (Card Security Code) – the three digit security number on the back of the card or for AMEX, the four digit number on the front of the card), to provide additional security. The CSC may need to be obtained for telephone donations/payments and if so, procedures will need to be in place to ensure the security of the card details during the transaction and after it has been processed

The procedures and rules surrounding direct debits will vary dependent on the bank used by the charity.

The Direct Debit Guarantee exists to provide unified standards and protection to customers, and charities must ensure compliance with the guarantee. Organisations which have signed up to the guarantee have a legal requirement to comply with it.