This website uses cookies

This website uses cookies to ensure you get the best experience. By using our website, you agree to our Privacy Policy

Sophie Cameron

Features and Opinion Editor, Solicitors Journal

Charity Commission updates guidance on internal financial controls

Charity Commission updates guidance on internal financial controls


Updates include risks from new technology such as cryptoassets

The Charity Commission published updated guidance on internal financial controls on 26 April, amidst a call for charities to check that their financial controls protect against risks, including the risks presented by new technologies such as cryptoassets.  

The updated CC8 guidance, otherwise known as the ‘internal financial controls for charities’ guidance, now includes issues that were not in existence or relevant to the sector when first drafted. New sections in the guidance cover mobile payments systems, such as Google Pay and Apple Pay; and donations made in cryptoassets, such as cryptocurrency and non-fungible tokens (NFTs). The guidance also includes an updated checklist to help charities put the guidance into practice.

The Department for Science, Innovation and Technology published the latest cyber security breaches survey on 19 April, which finds that 24 per cent of charities experienced a cyber-attack in the last 12 months. The figures are higher, at 56 per cent, for high-income charities with £500,000 or more in annual income.

The guidance highlights the risks specific to cryptoassets, such as vulnerability to theft by hackers, sudden changes in value, difficulty in tracing donors, and a lack of protection from agencies such as the Financial Services Compensation Scheme or the Financial Conduct Authority. The existing advice on more traditional risks has also been updated, such as when fundraising and holding public collections, making payments to related parties and operating internationally.

Commenting on the updated guidance, Sam Jackson, Assistant Director of Policy at the Charity Commission said: “As more and more charities move to operate online and newer technologies are developed, such as the use of cryptocurrencies, trustees will need to navigate risks that might not have been previously considered. We have updated our guidance to reflect the digital age we all live in and worked hard to ensure it is clear and simple to use. We know there are many internal and external risks to consider which is why we have also updated our helpful checklist so that trustees can have informed discussions about the measures they need in order to best protect their charity’s assets and donations entrusted to them by the public.”