Press release

Regulator delivers updated guidance to help sector protect £80bn income

The Charity Commission is calling on charities to check their internal financial controls with the help of its redesigned guidance.

The Charity Commission is calling on charities to check their financial controls protect against risks, including those from newer technology such as cryptoassets, with the help of its redesigned guidance.

Published today (Wednesday 26th April 2023), the updated guidance (known as ‘CC8’) explains the role strong internal financial controls play in ensuring trustees can safeguard their charity’s resources. The restructured guidance is now more concise, clearer and covers issues that were not in existence or widely relevant to the sector when first drafted. The guidance also includes an updated checklist to help the charity sector–which generates an income of £80 billion a year in England and Wales–put it into practice.

Last week, the Department for Science, Innovation and Technology published research which reported that 24% of charities experienced a cyber-attack in the last 12 months. New sections of the regulator’s guidance cover issues including using mobile payments systems, such as Google Pay and Apple Pay; and considering donations of cryptoassets, such as cryptocurrency and NFTs.

Risks from cryptoassets highlighted include vulnerability to theft by hackers; potential sudden changes in value; difficulty in tracing donors, and a lack of protection from agencies such as the Financial Services Compensation Scheme (FSCS) or the Financial Conduct Authority (FCA) if something goes wrong.

The regulator has also refreshed existing advice on more traditional risks, such as when fundraising and holding public collections; making payments to related parties; and operating internationally; and added a section on accepting hospitality.

Sam Jackson, Assistant Director of Policy at the Charity Commission said:

As more and more charities move to operate online and newer technologies are developed, such as the use of cryptocurrencies, trustees will need to navigate risks that might not have been previously considered. We have updated our guidance to reflect the digital age we all live in and worked hard to ensure it is clear and simple to use.

We know there are many internal and external risks to consider which is why we have also updated our helpful checklist so that trustees can have informed discussions about the measures they need in order to best protect their charity’s assets and donations entrusted to them by the public.

The Charity Commission carried out user testing on the redesigned CC8 guidance with a sample of 1000 charities who were each sent the draft guidance. 90% of respondents said they would recommend the new guidance to other trustees and 93% felt confident that they knew what internal financial controls they needed for their charity.

The full guidance can be found on our gov.uk page.

Notes to editor:

  1. The Charity Commission is the independent, non-ministerial government department that registers and regulates charities in England and Wales. Its purpose is to ensure charity can thrive and inspire trust so that people can improve lives and strengthen society.

  2. The Department for Science, Innovation and Technology research referenced is the ‘Cyber security breaches survey 2023’ which can be accessed via this link: https://www.gov.uk/government/statistics/cyber-security-breaches-survey-2023/cyber-security-breaches-survey-2023#chapter-4-prevalence-and-impact-of-breaches-or-attacks

  3. Cryptoassets are digital representations of value or rights that use blockchain technology. Cryptoassets include cryptocurrencies such as Bitcoin or Ethereum, and non-fungible tokens (NFTs). NFTs are unique and irreplaceable digital assets that link ownership to unique physical or digital items, such as works of art, real estate, music, or videos.

Press office

Email pressenquiries@charitycommission.gov.uk

Out of hours press office contact number: 07785 748787

Published 26 April 2023