The Real Cost of DIY Charitable Disbursements

Early in my career, I witnessed firsthand how a good person with too much access to financial data can make one bad decision and ruin everything. Someone I worked with had direct access to a holding account where charitable funds sat before being disbursed to charities. They allegedly made a choice with profound implications that left charities short. It was my first real lesson in system architecture — and not just character — as the actual line of defense. That person should never have been able to see the money, let alone move it.

Recently, my co-founder Daniel had his own version of this story, with a good friend doing critical work in overdose prevention then having their staff member embezzle funds.

The point isn't that bad people are everywhere. The point is that systems should be designed so that bad actors can't easily exploit them. Right now, most charitable disbursement systems aren't designed that way. They're built on trust. And trust is not a security model. It's an assumption — one that made sense 20 years ago, when the technology to do better didn't exist. But that era is over, and the model hasn't caught up.

Layer 1: Void cheques don't verify ownership

Here's the problem that sits underneath everything else: even when a void cheque is legitimate — no forgery, no interception, no errors — it only proves that someone has a chequebook. It does not prove the bank account belongs to the registered charity. A successfully processed void cheque tells you the account is real. It doesn't tell you it's the right one.

That's a fundamentally broken verification model. And it gets worse.

As an experiment, I asked Claude to generate a void cheque using my personal banking details and the name of a fictional charity. It took less than a minute. The result was extremely convincing — indistinguishable from the real thing to anyone reviewing it as part of a batch disbursement. No special tools. No technical skill. Just a prompt.

Now layer on the rest of the data handling reality. Void cheques emailed as attachments. Banking data stored in shared drives and spreadsheets. Account numbers accessible to anyone on the team with a login. When humans can see and access banking data — or worse, the funds themselves — the system depends entirely on the integrity of every individual in the chain. That's the lesson from my own experience, and from Daniel's.

This isn't a theoretical risk. Last summer in Richmond, BC, the Regional Animal Protection Society was hit by a sophisticated fraud scheme — a fake $95,000 estate donation complete with a counterfeit cheque appearing to come from the Ontario Ministry of Finance. RAPS began using the money for facility renovations before discovering the cheque was fraudulent. At least two other BC animal sanctuaries were targeted by the same scam. The charitable sector's systems aren't built to catch this kind of thing.

Layer 2: Human error

A wrong digit in an account number. A transposed transit number. When banking data is manually keyed from a scanned void cheque, errors are inevitable. Failed EFT transfers cost time, create delays, and erode trust between funders and charities.

For a small charity expecting a grant to cover next month's payroll, a bounced transfer isn't just an inconvenience — it's a crisis. And on the funder's side, chasing down the error, correcting the file, and resubmitting the batch means hours of staff time on a problem that shouldn't exist.

Layer 3: The trust gap

This is the one very few talk about. A DAF administrator calls a small charity to collect banking data for a grant. The charity has never heard of this DAF. They don't understand what a Donor Advised Fund is. Someone at a bank is asking for their void cheque, and they're suspicious.

The administrator now has to convince the charity they're legitimate. They're doing relationship work just to collect a transit number.

For small charities that receive infrequent grants — maybe one or two per year from a given DAF, then nothing for two years — these touchpoints are rare and unfamiliar. Individually, the interactions are infrequent. But collectively, across all DAFs, foundations, and corporate funders, they add up to thousands of these awkward, trust-deficient exchanges every year.

Layer 4: "We'll just send cheques"

Some organizations still default to mailing cheques. For a handful of grants per year to well-known recipients, it can feel manageable. But it's a workaround, not a solution.

Cheques carry real risk: they can be intercepted, altered, lost in transit, or deposited into the wrong account. There's no real-time audit trail and no confirmation of receipt until the charity calls to say thank you — or doesn't.

They're expensive on both sides. The funder pays for printing, postage, tracking, reconciliation, and staff time. The charity pays in wait time — weeks for funds to clear — plus their own staff time to process, deposit, and reconcile. Having run a small nonprofit, I can tell you: when you're a lean team working remotely across the country, receiving a cheque means someone has to physically go somewhere to deposit it. That's not a minor inconvenience. It's a workflow bottleneck for organizations already stretched thin.

Mail delivery is unreliable. Delays, lost mail, and service disruptions are a regular reality — not an edge case. Mailing a cheque for a $50,000 grant and hoping it arrives is not a serious infrastructure model.

The reason many organizations are still mailing cheques isn't because they prefer it — it's because the EFT alternatives take a percentage cut that's uneconomical for major giving. They're choosing the slow, manual, risky option because the "modern" option is too expensive. That's not a choice. That's a failure of the tools available.

Layer 5: Stale data and the frequency problem

A charity moves banks. They notify their primary funders. But what about the DAF that granted them once three years ago?

Mid-sized DAFs might process 3,000+ grants per year. A small charity might receive one or two of those. Then silence for two years. Then another grant. When it comes, the banking data on file might be years old. The first sign that something's wrong is a failed transfer — after the batch has already been submitted.

There's no proactive mechanism to keep data current between transactions. The system only discovers the problem when it's already too late.

Layer 6: The fee structure problem

Most disbursement tools take a percentage of the transaction. For small payments, this math works. For major giving, it falls apart.

It's no more work for a platform to process a $100,000 grant than a $100 one — especially when banking data is already verified. But a 1–2% fee on $100,000 is $1,000–$2,000. For a foundation disbursing $50 million a year, that's $500,000 to $1 million in platform fees.

The technology to verify banking data and reduce risk has advanced enormously in the last 20 years. But the fee structures haven't changed to reflect the reduced risk. This is why DAFs and foundations haven't widely adopted modern disbursement tools — the revenue model was built for retail transactions, not major giving.

Layer 7: The DIY problem the outside world solved decades ago

Step back and look at the full picture. Every DAF maintains its own charity banking database. Every foundation has its own spreadsheet. Every corporate funder has its own process. They're all independently collecting, storing, verifying, and maintaining the same banking data for the same charities.

This is the equivalent of every business in Canada maintaining its own postal system instead of using Canada Post.

The rest of the economy solved this with shared infrastructure — payment networks, clearing systems, centralized verification. The charitable sector is still DIY'ing it. The result is duplicated effort across hundreds of organizations, inconsistent data quality, no network effects, and every single one carrying the same fraud and error risk independently.

This isn't just inefficient. It's architecturally broken. And it's the root cause of every other problem on this list.

What this costs

Fraud is the sharpest edge of the DIY disbursement model. But the full cost is much broader: duplicated work across hundreds of organizations, stale data that causes failed transfers, trust gaps that slow down grants, and fee structures that punish major giving.

The outside world solved the "everyone building their own payment infrastructure" problem a long time ago. The charitable sector is overdue.

In the next post, we lay out what purpose-built shared infrastructure for charitable disbursements actually looks like.

---

WellFunded's Disbursement Hub eliminates every layer described above — zero transaction fees, institutional-grade bank account verification, and shared charity banking data that stays current because charities have a direct incentive to maintain it.

This is the second post in our series on charitable disbursement infrastructure in Canada. Read Part 1: How Charitable Dollars Actually Reach Charities and Part 3: Shared Infrastructure for Charitable Disbursements.