Florida’s State Board of Missions heard a report from the subcommittee tasked with providing oversight and next steps regarding the investigation into the financial fraud discovered by the Florida Baptist Convention in May. The report was shared during the board’s Aug. 24–25 meeting at at their building in Jacksonville.
The subcommittee worked with federal and state investigators, internal and external auditors and cyber forensics experts in their investigation into the more than $700,000 in funds stolen from the convention through “cybertargeting.”
The investigation revealed no criminal activity on the part of any Florida Baptist Convention staff. Investigators concluded that the crime was the result of sophisticated financial fraud by, at this point, unknown perpetrators.
The subcommittee’s work culminated in the recommendation for strengthened financial protocols and ongoing training for convention staff.
Among the efforts to prevent such a crime from occurring in the future, the convention is exercising heightened awareness when carrying out financial duties, implementing appropriate data security controls and completing the process to become accredited by the Evangelical Council for Financial Accountability.
The convention is still making efforts to recover the stolen funds.
‘We’ll continue to get better’
Tommy Green, Florida Baptists’ executive director-treasurer, acknowledged that this is the first time he has dealt with a crime of this nature in his more than four decades of ministry.
“Everything we do is built on trust,” he said. “I’m sorry. We will move forward. We are better, and we’ll continue to get better.”
Green noted “churches are learning from the convention’s fraudulent experience.”
Recommendations
The convention recommends these best practices to help churches protect their financial assets:
— Provide staff training on recognizing suspicious emails and other sophisticated cyberattacks.
— Enable multifactor authentication logins when available.
— Verbally verify any changes to payment instructions requested by a vendor related to accounts payable or an employee related to payroll.
— Discuss with the church’s insurance agent the programs and levels of coverage available to help the church in the event of a cyberfraud experience.
— Engage a cybersecurity professional to provide analysis of information technology infrastructure and security.
EDITOR’S NOTE — This story was written by Margaret Colson and originally published by the Florida Baptist Witness, news service of the Florida Baptist Convention.