The Charity Commission is calling on charities to check their
financial controls protect against risks, including those from
newer technology such as cryptoassets, with the help of its
redesigned guidance.
Published today (Wednesday 26th April 2023), the updated guidance(known
as ‘CC8’) explains the role strong internal financial controls
play in ensuring trustees can safeguard their charity’s
resources. The restructured guidance is now more concise, clearer
and covers issues that were not in existence or widely relevant
to the sector when first drafted. The guidance also includes an
updated checklist to help the charity sector–which generates an
income of £80 billion a year in England and Wales–put it into
practice.
Last week, the Department for Science, Innovation and Technology
published research which reported that 24% of charities
experienced a cyber-attack in the last 12 months. New sections of
the regulator’s guidance cover issues including using mobile
payments systems, such as Google Pay and Apple Pay; and
considering donations of cryptoassets, such as cryptocurrency and
NFTs.
Risks from cryptoassets highlighted include vulnerability to
theft by hackers; potential sudden changes in value; difficulty
in tracing donors, and a lack of protection from agencies such as
the Financial Services Compensation Scheme (FSCS) or the
Financial Conduct Authority (FCA) if something goes wrong.
The regulator has also refreshed existing advice on more
traditional risks, such as when fundraising and holding public
collections; making payments to related parties; and operating
internationally; and added a section on accepting hospitality.
Sam Jackson, Assistant Director of Policy at the Charity
Commission said:
As more and more charities move to operate online and newer
technologies are developed, such as the use of cryptocurrencies,
trustees will need to navigate risks that might not have been
previously considered. We have updated our guidance to reflect
the digital age we all live in and worked hard to ensure it is
clear and simple to use.
We know there are many internal and external risks to consider
which is why we have also updated our helpful checklist so that
trustees can have informed discussions about the measures they
need in order to best protect their charity’s assets and
donations entrusted to them by the public.
The Charity Commission carried out user testing on the redesigned
CC8 guidance with a sample of 1000 charities who were each sent
the draft guidance. 90% of respondents said they would recommend
the new guidance to other trustees and 93% felt confident that
they knew what internal financial controls they needed for their
charity.
The full guidance can be found on our gov.uk page.
Notes to editor:
-
The Charity Commission is the independent, non-ministerial
government department that registers and regulates charities
in England and Wales. Its purpose is to ensure charity can
thrive and inspire trust so that people can improve lives and
strengthen society.
-
The Department for Science, Innovation and Technology
research referenced is the ‘Cyber security breaches survey
2023’ which can be accessed via this link: https://www.gov.uk/government/statistics/cyber-security-breaches-survey-2023/cyber-security-breaches-survey-2023#chapter-4-prevalence-and-impact-of-breaches-or-attacks
-
Cryptoassets are digital representations of value or rights
that use blockchain technology. Cryptoassets include
cryptocurrencies such as Bitcoin or Ethereum, and
non-fungible tokens (NFTs). NFTs are unique and irreplaceable
digital assets that link ownership to unique physical or
digital items, such as works of art, real estate, music, or
videos.