Watch out for CEO/BEC fraud


CEO fraud, also known as Business Email Compromise (BEC), is a type of fraud that is enabled via social engineering. Social engineering is the manipulation of situations and people that results in the targeted individuals divulging confidential information.

CEO fraud involves the impersonation of a senior figure (usually the Chief Executive Officer) with subsequent requests for transfers of funds.

How does CEO fraud happen? 

CEO fraud is a request, often made via email, purporting to come from a senior person in the company, normally to the finance officer, requesting an urgent payment. 

The request may outline that the transaction is confidential and sensitive in order to discourage further verification. The fraudster may pick occasions when the real CEO is out of the office, or on holiday, preventing the financial officer from checking the validity of the request.

How can I help to prevent CEO fraud? A checklist: 

  • Any payment requests with new or amended bank details received by email, letter or phone should be independently verified. This includes internal emails from senior management that contain payment requests. Fraudsters can spoof email addresses to make them appear to be from a genuine contact, including someone from your own organisation.
  • Don’t be pressured by urgent requests, even if they appear to originate from someone senior – remember this is a common tactic adopted by fraudsters.
  • Be cautious of how much information you reveal about your company and key officials via social media platforms and out-of-office automatic replies.
  • Consider removing information such as testimonials from your own or your suppliers’ websites or social media channels that could lead fraudsters to knowing who your suppliers are.
  • Regularly conduct audits on your accounts
  • Make all staff aware of this type of fraud, particularly those that make payments.  
  • Ensure warning messages are understood and that appropriate checks, actions and processes are followed to ensure requests are genuine.
  • Sensitive information you post publicly, or dispose of incorrectly, can be used by fraudsters to perpetrate fraud against you. The more information they have about you, the more convincingly they can purport to be one of your legitimate suppliers or employees. Always shred confidential documents before throwing them away
 What to do if you suspect you’ve fallen victim to impersonation fraud 
  • If you believe you’ve fallen victim to a CEO fraud attack, contact your bank immediately. They will try to recover the money from the fraudster’s bank account. The quicker you alert your bank, the greater the chance of recovering the funds. 
  • Report it to ActionFraud – the police’s national fraud and cyber crime reporting centre. Even if you’ve not suffered any financial loss, this will allow the police to analyse trends and help them to prevent fraudsters exploiting other companies. You can file a report via their website at
  • Charities affected by fraud should also report it to the Charity Commission as a serious incident.
  • Where appropriate, the Charity Commission can also provide timely advice and guidance.

Fit Note

The fit note – the basics

Fit NoteGeneral rules of the fit note

People can only be given a fit note if their doctor considers their fitness for work is impaired.  If someone is fit for work, they will not be given a fit note.

Doctors cannot issue fit notes during the first 7 calendar days of sickness absence. Employees can self-certify for this time, visit Employee’s statement of sickness to claim Statutory Sick Pay for a template form.  If your organisation requires medical evidence for the first 7 days of sickness absence, it is your responsibility to arrange and pay for this.

Fit notes can be handwritten or printed, but must always be signed by a doctor. If they are printed, you can scan the barcode using a 2D matrix scanner so that you can add it to your sickness records.  It also confirms that the fit note is genuine.

If a GP has issued a fit note, it should include the address of the practice.  If a hospital doctor has issued the fit note, you may also receive a yellow Med 10 form stating the time your employee has spent as a hospital inpatient.

5 things to do if you’re given a fit note BY AN EMPLOYEE

  1. Check whether your employee’s doctor has assessed that they are not fit for work, or may be fit for work.
  2. Check how long your employee’s fit note applies for, and whether they are expected to be fit for work when their fit note expires.
  3. If your employee may be fit for work, discuss their fit note with them and see if you can agree any changes to help them come back to work while it lasts.
  4. If your employee is not fit for work, or if they may be fit for work but you can’t agree any changes, use the fit note as evidence for your sick pay procedures.
  5. Consider taking a copy of the fit note for your records (your employee should keep the original).

More details of Fit Notes can be found here

Tax Codes

taxcodesYour tax code is used by your employer or pension provider to work out how much Income Tax to take from your pay or pension. HM Revenue and Customs (HMRC) will tell them which code to use.

Find your tax code

Use the check your Income Tax online service within your Personal Tax Account to find your tax code for the current year. You can also view your tax code for:

  • a previous tax year
  • the next tax year

You’ll be asked to sign in with Government Gateway or create an account if you do not already have one.

Once signed in, you can also see:

  • if your tax code has changed
  • how much tax you’re likely to pay

You can also find your tax code on your payslip or tax code letter from HMRC.

If you think your tax code is wrong

If you think your tax code is wrong, you can update your employment details using the check your Income Tax online service.

You can also tell HMRC about a change in income that may have affected your tax code.

Why your tax code might change

HMRC may update your tax code if:

You may also be put on an emergency tax code if you change jobs.

How To Convert a Community Interest Company to a CIO

Charity Commission LogoIf you are a Community Interest Company (CIC) you can apply to the Charity Commission to convert directly to a Charitable Incorporated Organisation (CIO).

Step 1: Prepare a conversion resolution

The directors of the CIC will need to produce a conversion resolution which confirms that the members of the CIC wish to convert the CIC into a CIO under the Charitable Incorporated Organisations (Conversion) Regulations which came into force on 1 September 2018.

Step 2: Adopt Charity Commission model CIO constitution

Adopt and complete one of the model CIO constitutions found here

Replace ‘CIC’ with ‘CIO’ in the name to reflect that the organisation has converted.

Section 8 of the model CIO constitution covers if members would be liable to contribute to the assets of the CIO if it is wound up.

If the amount each member would be liable for is more than £10, you must select option 2 to confirm:

  • the CIO’s members will be liable to contribute to its assets if it is wound up
  • the amount up to which they will be liable for

The amount you enter in section 2(i) must not be less than the amount up to which the CIC’s members were liable to contribute to the assets of the CIC if it were wound up.

If the amount each member of the CIC is liable to contribute to its assets if it winds up is £10 or less, you can select option 1.

Step 3: Prepare a resolution adopting the CIO constitution

Prepare a resolution adopting the proposed constitution of the CIO. The resolution must confirm that the members of the CIC have adopted the proposed constitution of the CIO.

Step 4: Apply for charitable status

To apply for charitable status as a CIO, you will need to apply to register as a charity and also submit:

  • the resolution of conversion of the CIC to a CIO
  • the proposed constitution of the CIO
  • the resolution of the CIC adopting the proposed constitution of the CIO
  • a completed Trustee Declaration Form

In the ‘Special Circumstances’ section of your application, write that you are a CIC wishing to apply for charitable status as a CIO. Tell us the name of the CIC.

More help can be found here

After you have applied

The Charity Commission will check that you can register as a charity.

If you can they will give Companies House what they need to confirm to the Regulator of Community Interest Companies that you wish to convert your CIC to a CIO.

Once approved, Companies House will cancel the registration of the CIC and the Charity Commission will then register the CIO as a charity and let the trustees know.