Regulatory and Risk Framework
Updated 29 April 2020
Applies to England and Wales
1. Introduction
1.1 The purpose of this document
This document outlines how the Charity Commission operates as a risk-led regulator, and in particular:
- how we identify and assess risks
- how we respond to risks
- how we review and adapt our approach
While this document is written for the benefit of the public, we also expect charity trustees and their professional advisers; auditors and independent examiners; and charity employees and volunteers to find it particularly helpful.
1.2 The role of the Charity Commission
We are the registrar and regulator of charities in England and Wales. We are an independent, non-ministerial government department with quasi-judicial powers. We are responsible for identifying if organisations are charitable and meet the requirements to be added to the register of charities.
Some of our decisions are appealable to the First-Tier Tribunal (Charity) or the High Court. As a public body, certain decisions we make are also open to Judicial Review.
1.3 Why is the Charity Commission a risk-led regulator?
Our purpose is: to ensure charity can thrive and inspire trust, so that people can improve lives and strengthen society. We have committed in our five-year strategy to being driven by that purpose in all we do. Our purpose reflects our commitment to regulating on behalf of the public and to ensuring we uphold that which is special about charity in the eyes of the public.
To be the effective regulator that the public demands and the sector requires, we must ensure that charities show they are being true to their purposes, can demonstrate the difference they are making, and meet the high expectations demanded by the public in the way they operate. Therefore, our regulatory approach is about how we contribute to the sector’s success and to meeting its responsibility to the public.
To achieve maximum impact, we are risk-led in calibrating our response to issues that come into us. This approach ensures that no issue or complaint is overlooked, whilst at the same time making sure we are proportionate, prioritise the most serious issues and identify what action is right against identified risks of harm. In cases of severe harm, we will act robustly and quickly, intervene assertively and, if appropriate, communicate our engagement to the wider public to demonstrate how things can and do go wrong.
Therefore, to achieve our purpose and fulfil our statutory functions, we are risk-led in our regulation, which means:
- being proactive in identifying risks and intervening, where possible, to prevent harm before it occurs
- addressing harm effectively where it occurs
- focusing our resources effectively on the highest risks
2. Our regulatory role
2.1 Our statutory objectives, functions and duties
Parliament has given us five statutory objectives. These are to:
- increase public trust and confidence in charities
- promote awareness and understanding of the operation of the public benefit requirement (the requirement that charitable purposes must be for the public benefit)
- promote compliance by charity trustees with their legal obligations in exercising control and management of their charities
- promote the effective use of charitable resources
- enhance the accountability of charities to donors, beneficiaries and the general public
We have some general statutory functions, which include:
- determining whether institutions are charities
- encouraging and facilitating the better administration of charities
- identifying and investigating apparent misconduct or mismanagement in the administration of charities and taking remedial or protective action in connection with such misconduct or mismanagement
We also have general statutory duties when performing our functions, which include duties to:
- so far as is reasonably practicable, act in a way which is compatible with our objectives
- so far as is reasonably practicable, act in a way which is compatible with the encouragement of all forms of charitable giving, and voluntary participation in charity work
- have regard to the need to use our resources in the most efficient, effective and economic way
We are required by the Charities Act 2011 to ensure our regulatory engagement with charities is proportionate, accountable, consistent, transparent and targeted.
As a public body, we must also have regard to best regulatory practice and a number of wider public law and statutory duties.
We work with other agencies, regulators and government departments to help achieve our statutory objectives, to complement our work and to minimise dual regulation. Where there is a problem within a charity that is being adequately addressed by another agency (or agencies), we may work with them to increase effective regulation.
2.2 Limitations to our role
Although our objectives and functions are wide-ranging, there are limitations to our role as a regulator:
- we are not a prosecuting authority, although we may ask others to prosecute offences on our behalf. The investigation of alleged criminal offences is the responsibility of law enforcement agencies
- we ordinarily cannot act as a trustee or be directly involved in the administration of a charity, unless particular circumstances apply. This means we can’t tell trustees what decisions to make, although we do seek to provide appropriate and accessible guidance to support them with their decisions to ensure they can comply with their duties and responsibilities
- we also have no power to overturn trustees’ decisions if they are lawful and reasonable, even if these decisions may be unpopular. However, where trustees’ decisions result in significant harm, for example loss or damage to a charity’s assets, which could relate to finance or reputation, we will intervene to ensure public trust and confidence in charity as a whole is maintained
- except in limited circumstances where there are indicators of underlying risks (see also section 4.2 below), it is not within our remit to examine complaints about the following:
- poor service from a charity
- employment issues, for example, unfair dismissal
- internal disputes
- contractual disputes
3. How we identify and assess risks
3.1 How we identify risks
We identify risks from a wide range of sources including, but not limited to:
- information charities include in their annual return and accounts
- serious incident reports from trustees
- reporting by auditors and independent examiners
- reports of serious wrongdoing in charities from employees and volunteers, including whistleblowing
- complaints from the public or public sources
- our engagement with charities
- our work with other bodies, departments and agencies
- concerns raised in the media and by members of parliament
We place an emphasis on being proactive and identifying risks as soon as possible. To achieve this we:
- identify trends to get a better understanding of the evolving threats and risks to the ability of charity to thrive and inspire trust and confidence
- analyse the data, information and knowledge that we gather from the sources mentioned above
- use our awareness of changes to the environment in which charities are operating and the main challenges facing the charity sector
3.2 How we assess risks
When we have identified a risk, we will assess it to enable us to decide the level of priority that should be applied and the action we should take in responding to it. This assessment takes account of the following:
- the impact of the risk (the harm)
- the likelihood of the risk materialising
In assessing the impact, we focus on the type and level of harm that may result if the risk materialises. This includes taking account of the size, profile and activities of the charity concerned.
Our assessment of the impact and likelihood of the risk materialising will also take account of other relevant factors. These might include, for example:
- the reliability of the evidence that is available
- any current or recent regulatory engagement with the charity, including whether we have previously given regulatory advice to the charity about a similar type of risk
- action that a charity may have already taken to manage the risk
- involvement of other agencies and regulators in managing the risk
We are often alerted to incidents where harm has already occurred. In these cases, we will assess the actual harm of the incident and the risk of future harm.
4. How we respond to risks
4.1 Our general approach
Our approach is underlined by our general functions as set out above, which include:
- determining whether institutions are charities
- encouraging and facilitating the better administration of charities
- identifying and investigating apparent misconduct or mismanagement in the administration of charities and taking corresponding remedial or protective action
We will prioritise our casework resources towards addressing the highest risks, those which have the potential to cause the highest level of harm to public trust and confidence, or which may affect trustees’ ability to comply with their duties.
The level and nature of some risks will be such that it would not be proportionate to use our resources to undertake direct regulatory action or engagement with the charity. However, this does not mean that we do not want to be notified of these risks. Whilst we may not take regulatory action, we may still contact a charity’s trustees to alert them to the concerns raised with us. We may keep such information in our records and reassess our response if further information comes to light. We will also use the information to inform our wider understanding of risks. This may result in actions that deal with risk in a thematic way, for example publishing a report of our overall findings or issuing a regulatory alert to all or a relevant category of charities.
There will be some limited cases where the level and nature of risk identified means that another regulator or agency is better placed to respond, for example serious criminal matters. In such cases, we will work with the other regulator or agency to ensure the appropriate response.
An increased level of Commission involvement with a charity or on an issue does not necessarily mean that something has already gone wrong. It may simply mean that a risk requires a greater regulatory involvement or scrutiny.
Since the nature and level of a risk may change during the course of a particular case, we may need to periodically review our response.
4.2 Trustee conduct and response
Trustees are the first line of defence in managing risks and dealing with harm relating to their charities. The role of the Commission as regulator is to ensure that trustees are actively and effectively doing this. When we are considering how to respond to a risk or actual harm to a charity, the conduct and response of the trustees will affect our approach. We will consider whether:
- the trustees have acted honestly and reasonably
- there are indications that they have been careless or reckless
- there has been deliberate or wilful wrongdoing
We will also consider whether the trustees:
- are willing and able to act to manage the risk and/or deal with the harm
- are willing to act but are unable to manage the risk and/or deal with the harm themselves
- are unwilling to act
If we are satisfied that the trustees have already taken appropriate steps to address risks or harms, we may decide to take no further action. However, where the nature and level of the risk demands it, we will take strong and effective action.
4.3 Options for response
In our work to identify if organisations are charitable and meet the requirements to be added to the register of charities, the outcomes will be one of the following:
- a decision to register an organisation as a charity
- a decision to register an organisation as a charity on the basis of assurances given by the trustees
- a decision not to register an organisation as a charity
- a decision to remove an organisation from the register
In our other regulatory work, we have a range of possible responses including:
- giving permissions to charities to help promote the effective use of their resources
- updating the register to reflect changes or removing a charity from the register if it has ceased to exist or operate
- producing new or updated guidance to give trustees the knowledge and tools they need to run their charities well
- providing regulatory advice and guidance to trustees to ensure they address regulatory concerns, including in an action plan
- issuing alerts to trustees and the public about the particular risks that charities face and the actions they can take to respond
- highlighting on the register charities that do not meet their reporting requirements
- monitoring charities with identified risk factors
- exercising our statutory powers to disqualify trustees or issue an official warning where this is justified
- seeking restitution or recovery of funds that have been misappropriated or lost to charity in breach of trust
- in serious cases, the opening of a statutory inquiry and the exercise of our statutory powers, for example, appointing an interim manager to act in the administration of a charity or removing trustees
- publishing reports on inquiries or other cases
5. How we review and adapt our approach
Risks to the ability of charity to thrive and inspire trust and confidence are evolving and we will therefore continue to review and adapt our risk-led approach based on what we learn about the charity sector. This might mean, for example, that we will change our assessment of a risk as new information arises.
Our continual learning about the sector will be supported by:
- our analysis of the information we gather and receive from and about charities, including information held by other agencies
- our awareness of the changes to the environment in which charities are operating
In order to support this approach, we may from time to time request that charities provide additional information (for example, as part of the annual return or at registration).