This snapshot, taken on
, shows web content acquired for preservation by The National Archives. External links, forms and search may not work in archived websites and contact details are likely to be out of date.
The UK Government Web Archive does not use cookies but some may be left in your browser from archived websites.

In this section

What's New

Reporting Serious Incidents - guidance for trustees

December 2012

You can also view a PDF version of Reporting Serious Incidents - guidance for trustees.


A. Introduction

The Charity Commission is the independent regulator of charities in England and Wales. We aim to provide the best possible regulation to increase charities' effectiveness and the public's confidence and trust in them.

The Commission's statutory objectives include to promote compliance by charity trustees with their legal obligations in exercising control and management in the administration of charities, and to increase public trust and confidence in charities. Since the Charities Act 2006, we have a specific statutory function to identify as well as investigate apparent misconduct or mismanagement in the administration of charities.

The vast majority of charities encounter few problems. However, where there is a serious threat or risk to a charity's beneficiaries, services, assets or reputation we can help resolve this either by providing regulatory advice and guidance to the trustees or where necessary, by using our legal powers to help the charity and its trustees get back on track.

We aim to ensure that our regulation of charities is proportionate, focused on risk and takes account of our potential impact. Serious incident reporting by charity trustees is one of our key compliance and monitoring tools. It ensures that we can provide assistance at the earliest opportunity, targeting our resources where the risks are highest and helping to put charities back on a secure footing where necessary.

The responsibility for reporting serious incidents to the Commission rests with the charity's trustees, even if they delegate work to others.

This guidance helps trustees determine which incidents are serious and when and what you need to report to us. Confining proactive reporting to serious incidents ensures that this is a proportionate, risk based and targeted measure in accordance with our obligations and responsibilities in the Charities Act 2011.

You can find more information on how we assess risk and issues of concerns in a charity in our Risk Framework and summarised in Section C of this guidance.

Top of page

B. Duty of trustees

Trustees must comply with the legal duties of charity trustees in the administration of a charity. Trustees have a general duty to take reasonable steps to assess and manage risks to their charity's activities, beneficiaries, property, work or reputation. For further information see our guidance Charities and Risk Management (CC26) and The Essential Trustee: what you need to know (CC3).

Declaration in Annual Return

Charity law requires trustees to submit, as part of the Annual Return, information specified by the Charity Commission in its regulations. If your charity has an income over £25,000 you must, as part of the Annual Return, sign a declaration that there are no serious incidents or other matters relating to your charity over the previous financial year that you should have brought to our attention but have not. If an incident has taken place but you have not reported this to us, you should do so when you submit the Annual Return.

If you are unable to make this declaration then the Annual Return will not be complete and you will have defaulted on your statutory requirement under section 169 of the Charities Act 2011. It is an offence under section 60 of the Charities Act 2011 to provide false or misleading information to the Commission. If you sign the declaration on the Annual Return we will take this as your confirmation that there have been no serious incidents that you should have reported to us.

Our role as regulator

Part of our role as regulator is to ensure that the trustees are discharging their legal duties and responsibilities as trustees, including responding appropriately to and effectively managing any serious incidents that arise in their charity.

Reporting serious incidents demonstrates to us that you have identified a risk to the charity and that you are taking appropriate action to deal with it. This is very important because safeguarding the assets of the charity and the charity's beneficiaries are key trustee responsibilities.

Where it is clear that trustees are handling serious incidents appropriately and the risks are being managed by them, we are unlikely to take further action. If it is not clear that the incident and risks arising from it are being dealt with and that the trustees are acting responsibly, we will need to engage further with you. In some cases, we may need to use our legal powers to protect the charity. If a serious incident that has not been reported becomes known to us at a later date, we may consider taking regulatory action against the trustees, particularly if further abuse or damage has arisen.

Good practice

As a matter of good practice, any serious incident that has resulted or could result in a significant loss of funds or a significant risk to a charity's property, work, beneficiaries or reputation should be reported to us immediately, not just on completion of the Annual Return. This will enable us to offer you guidance as soon as possible and help protect the charity and its beneficiaries.

Top of page

C. Charity Commission Risk Framework

Our overarching Risk Framework explains our regulatory approach, including how we assess risk. It is the tool we use to determine when and how we should become involved in proactive programmes of work or react to individual cases. Our internal guidance for our staff - Application of the Charity Commission's Risk Framework - provides more information about how our approach is applied practically when dealing with individual charities and sets out those issues that we have identified as being higher risk. These are, in no particular order:

  • significant financial loss to a charity
  • serious harm to beneficiaries and, in particular, vulnerable beneficiaries
  • misuse of a charity for terrorist purposes (including charity links with or support for terrorism, financial or otherwise, connections to proscribed organisations, misuse of a charity to foster criminal extremism)
  • serious criminality and/or illegal activity within or involving a charity (including fraud and money laundering)
  • charities set up for an illegal or improper purpose
  • charities deliberately being used for significant private advantage
  • where a charity's independence is seriously called into question
  • other significant non-compliance, breaches of trust or abuse that otherwise impact significantly on public trust and confidence in the charity and charities generally

We may, however, not always engage on these issues, if for example, we are satisfied that the trustees have already taken appropriate steps to address points of concern. More information on how and when we decide to engage is provided in Section H - What will we do next? 

Top of page

D. What is a serious incident and how should you report it?

Arising out of these higher risk issues, we have identified areas, listed in sections 1-9, where the matter in question causes such serious concern that we will always give it our immediate attention because of the impact on the charity if true, and on the reputation of the charity, even if not true. Where such high risk issues arise in charities, we would always regard them as serious incidents that you should report to us. This list is not exhaustive and if you consider that a serious incident has occurred in your charity, you should report this to us.

In addition, we also expect trustees to report an incident if:

  • the incident is also reported to the police or other statutory agencies (unless it is a technical or minor issue that poses little or no risk)
  • the charity, or individuals associated with the charity and in connection with their role within it, are the subject of a police or other statutory agency investigation
  • you decide that the incident presents a serious or significant risk to the charity, its beneficiaries, reputation or assets
  • the internal risk assessment of the incident concludes that the charity should act to avoid a serious or significant risk to the charity, its beneficiaries, reputation, services or assets or
  • your professional advisers have advised you to notify us of the incident

Also, charities above the statutory audit threshold must report on their risk management arrangements in their Annual Report.

If you are unsure whether an incident is serious or significant, we recommend you report it to us anyway.

Criminal activity

You should inform us of any actual or suspected criminal activity within or involving the charity as soon as possible after the incident. You must do so where an individual may have committed an offence that calls into question their suitability to be involved in or connected to a charity, whether as a trustee, member of staff or volunteer.

You should report crime, or suspected crime, to the police and obtain a crime reference number. In some cases you must do so, as the more serious the crime, the more difficult it is to see how trustees could discharge their duties to act in the best interests of the charity and their duty of care to protect the charity, its assets and beneficiaries if they did not. Where there is evidence or reasonable grounds to believe that criminality has taken place, and the trustees have failed to report this to the police, then the Commission has a duty to do so.

What if I have already reported an incident?

If you have already reported it to us, you can make the declaration in the Annual Return. However, if you have already reported a serious incident to the police or another regulator or agency, this will not meet your responsibilities to report serious incidents to us.

We liaise and work closely with other agencies in order to fulfil our statutory objectives and, where appropriate, to assist those agencies in fulfilling theirs. The role and remit of each agency and regulator differs. The police investigate criminal matters. Other regulators and agencies have specific roles relevant to the activities of the charity or to the issue, for example, standards of domiciliary care or health and safety.

Our regulatory interest focuses on charity trustees and in ensuring that they properly discharge their legal duties. To do this, they must protect its property, work, beneficiaries and reputation by dealing responsibly and appropriately with any serious incident that occurs and take reasonable action to prevent it happening again. This means that our regulatory interest will be different from that of other agencies and this is why you need to report incidents to us as well as to them. In areas of high and serious risk we cannot rely on other agencies contacting the Commission to let us know they are engaged. Sometimes they may be prohibited from contacting us because legal processes have started. Therefore it is important that trustees make contact with us direct.

To minimise work for the charity, if you prefer, you can simply forward us a copy of your report to another agency or your internal report to your Board. Where our regulatory interest overlaps with that of other agencies we will identify this and ensure that we do not duplicate work or increase the burden on you. This may mean that we agree with the other agency that they will take the lead on the issue, without the Commission needing to take further action.

What if it is just an allegation or suspicion?

You should still report this to us if you have received information that leads you to believe or suspect that a serious incident has happened and you have reasonable grounds for the suspicion. Trustees are responsible for taking appropriate action in response to a suspicion or allegation in order to protect their charity from harm, and we will expect to know what you have done. One of our statutory functions is to identify and investigate apparent misconduct or mismanagement in the administration of charities. We decide our regulatory response, if any, on the basis of evidence.

The guidance states that serious incidents should, as a matter of good practice, be reported to us immediately. However, it is commonsense that trustees will need some time to gather information to establish the facts following an allegation or incident before reporting to us, but we would still expect a report as soon as is reasonably possible. Clearly there is a balance to be struck between fact finding and timely reporting and trustees will need to exercise their discretion and judgment in the circumstances. When an incident is very serious, we expect this to be reported to us immediately.

1. Fraud and theft

What do we mean by ‘Fraud' and ‘Theft'?

Fraud is a form of dishonesty, involving either false representation, failing to disclose information or abuse of position, undertaken in order to make a gain or cause loss to another.

Theft is dishonestly appropriating property belonging to another with the intention of permanently depriving the other of it.

Fraud and theft are separate criminal offences. They may relate not just to a charity's funds and financial assets, but also to its other assets, such as databases and the information it holds. Their impact on a charity can be significant, going beyond financial loss and the impact on the financing of a charity's planned activities. These crimes cause distress to trustees, staff, volunteers and beneficiaries. They may bring adverse publicity to the charity and damage the good reputation the charity has with its donors, beneficiaries and the public as well as that of the charity sector more generally. It is vital that the public has trust and confidence that the money they donate to charity is used properly and goes to the cause for which it is intended. It is therefore important that trustees deal properly with these incidents and take reasonable steps to ensure that such events do not happen again.

You need to report to us any actual or suspected serious incidents of fraud, theft and other financial crimes. You should report incidents if you know an event has taken place or where you reasonably suspect that it has. Further information on how and where to report these incidents is set out in How to report.

We recognise that some instances of fraud or theft that may occur in a charity might be of a relatively low value and part of the normal risks all organisations face. There is no minimum figure that should or must be reported. You need to decide whether these incidents are serious or significant enough to report in the context of your charity and the circumstances of the incident, taking account of the actual harm and potential risks to the charity posed by the incident.

The circumstances of low value incidents can pose serious risks. Repeated or frequent incidents may be symptomatic of weak financial controls and poor oversight, which may allow individuals to deprive a charity of significant sums over a period of time. Such incidents may also be indicative of individuals deliberately keeping the sums they take at a low level to avoid them being detected or action being taken by the charity, the Commission or police. Therefore, if there have been several incidents of low value fraud or theft in your charity we would expect you to report this to us, particularly if the cumulative effect during the year results in a significant loss.

We also recognise that for some charities, due to the nature of their activities (for example running shops or trading), the risks of some losses or being the victim of a crime may increase. Further advice on reporting multiple incidents to us in these circumstances is provided in Section E.

The higher the value of the loss, the more serious the incident will be, indicating it should be reported. Other factors that are likely to indicate seriousness include:

  • if the person accused of taking the funds/ assets is involved in the charity
  • if the person accused of taking the funds/assets is in a senior position (for example the Chief Executive) or holds a position of special responsibility for safeguarding the finances (for example a Treasurer, or employee working in the Finance team)
  • numerous incidents have taken place that are connected
  • the charity has been subject to a number of separate incidents over a period of time
  • the funds are from a public appeal or collection or from grant funding
  • there are signs of public interest, for example media reporting
  • if the charity has had to take serious action against an individual, for example disciplinary procedures or suspension
  • if the person accused of taking the funds/assets is involved with any other charities

No fraud relating to or theft from a charity is acceptable. Therefore, even if an incident is not serious enough to report to us, because you believe it is so minor, you must still ensure you handle the incident responsibly and appropriately and that you take reasonable steps to ensure it does not happen again. We may be notified about the incident, for example as a result of a complaint or concern by a member of the public, and if we decide to check this, we would expect the trustees to be able to show they have acted appropriately.

We would always expect instances of high value fraud or theft, and/or where there is public or media interest, to be reported immediately.

We know that some trustees, as part of their processes for dealing with incidents, want to report all incidents to us regardless of the size of the loss. We will handle and deal with those minor reports in the same way as other incidents that should be reported to us. Providing there are no concerns about the way the charity is handling the incident, the action we take will be to log the report and use it as part of our wider monitoring and analysis of the impact of losses on the whole sector.

Reporting an incident to the Commission, the police or Action Fraud (see below) is one way to evidence that the trustees are acting appropriately in handling the incident.

How to report:

Trustees should report incidents of fraud that take place in their charity to Action Fraud and ensure they obtain a crime reference number. Action Fraud is the national reporting centre for fraud and for information relating to fraud. It has an online fraud reporting service which is available 24 hours a day, and their website includes a comprehensive A to Z of fraud types, providing information about how these frauds operate and how to report them.

Trustees should also make a serious incident report to the Commission.


Trustees should reports incidents of theft to the police and obtain a crime reference number. They should also report the incident to the Commission.

2. Other significant loss

You should also report to us any significant loss due to other causes, such as fire, flood or storm damage or having to abandon property, for example in a war zone. As a guide for this type of incident, we would expect you to report any loss of funds or other property with a value of 20% or more of the charity's income, or £25,000, whichever is the smaller amount. For amounts lower than that, you should decide if they are significant for your charity and should be reported, taking the charity's income, work and other factors into account.

Such significant losses will not include a decrease in the value of investment funds occurring in the ordinary course of investment business or losses such as impairments, asset write downs, pension deficits and bad debts.

What we need to know

When you report the incident to us, please let us know:

  • the amount involved
  • how it was discovered (for example by the charity through internal controls, by the charity's auditors or professional advisers or its bank)
  • a summary of the circumstances of the theft/fraud with enough details to enable us to be clear about the risks and be satisfied that you are dealing with them responsibly
  • if you have a policy or procedure for dealing with these types of incidents and confirm it has been followed in this case
  • what action you have taken to deal with it; confirming whether you have reported the fraud or theft to Action Fraud or the police respectively, providing us with the crime reference number
  • if you have recovered the money/ goods or are taking steps to do so
  • whether or not losses are covered by insurance

3. Significant sums of money or other property donated to the charity from an unknown or unverified source

This could mean an unusually large one-off donation or a series of smaller donations from a source you cannot identify or check. Donations may take forms other than money, for example, shares or goods.

We would expect you to report any such payment (or payments) totalling £25,000 or more. The risks of accepting a donation from an unknown or unverified source may be greater when the donor attaches specific conditions (for example, to apply the funds through a particular group or organisation). You should be able to verify the source and ultimate destination of charity funds, to comply with your general legal duties. You do not need to report a donation where you know the source of the donation represents the proceeds of a collection.

Our Compliance Toolkit Protecting Charities From Harm, chapter 2- Due Diligence, Monitoring and Verification of End Use of Charitable Funds, Section E provides advice on receiving donations from unknown sources, or with particular conditions attached, to minimise the risk of charities being used for money laundering.

Legal requirement

The Finance Act 2011 section 27 requires trustees to consider from 1 April 2011, whether the charity is in receipt of tainted charity donations. Prior to the Finance Act 2011, the Finance Act 2006, section 54, means that a charity should keep records of substantial donors and transactions with those donors.This is to avoid a tax liability. Trustees' general legal duties mean that they must act with due diligence in the receipt (and expenditure) of funds.

4. The charity (including any individual staff, trustees or volunteers) has any known or alleged link to a proscribed (banned) organisation or to terrorist or other unlawful activity

Under section 19 of the Terrorism Act 2000 there is a duty to disclose a belief or suspicion that a terrorism offence has been committed when the information comes to your attention through trade, profession, business or employment. Non-disclosure may result in an offence being committed. This is relevant for trustees of charities, as ‘employment' has been amended to specifically include voluntary work. If it comes to your attention or you suspect that another trustee, member of staff, volunteer or anyone associated with the charity has any such links, you must immediately inform the police and should also inform us. It is a criminal offence not to report the matter to the police. Included within ‘links' is making facilitation payments (bribes or inducements) or paying protection money or ransoms to suspected terrorist, criminal or proscribed (banned) organisations.

You can find our policy and approach on charities and terrorism in our Counter-Terrorism Strategy. This, and our Compliance Toolkit, Protecting Charities From Harm explain more about how we handle allegations of charities' involvement in terrorism, the duties of trustees and the reporting of suspicions.

You can find a list of proscribed organisations on the Home Office website.

A consolidated list of all designated persons and entities whose assets have been frozen in the UK (under the Anti-Terrorism, Crime and Security Act 2001, the Terrorist Asset-Freezing Etc Act 2010, The Afghanistan (Asset-Freezing) Regulations 2011 (SI 2011/1893) and The Al-Qaida (Asset-Freezing) Regulations 2011 (SI 2011/2742)) is maintained by HM Treasury and is available on the financial sanctions pages of HM Treasury's website Consolidated List of Financial Sanctions Targets in the UK.

5. A person disqualified from acting as a trustee has been or is currently acting as a trustee of the charity

How you handle this kind of incident and the two incidents that follow will show whether you have proper systems in place to check the eligibility of trustees and to safeguard children and other vulnerable beneficiaries.

Legal requirement

Some people are disqualified by law from acting as trustees, including anyone described in section 178 of the Charities Act 2011. This includes individuals who:

  • have been convicted of any offence involving dishonesty or deception which is ‘unspent'
  • are undischarged bankrupts
  • have made an arrangement with creditors and have not been discharged (this will include an Individual Voluntary Arrangement (IVA))
  • have been removed from the office of charity trustee by an order made by the Commission or the High Court
  • have been removed under section 34(5)(e) of the Charities and Trustee Investment (Scotland) Act 2005 or relevant earlier legislation, from being concerned in the management or control of any body
  • have been the subject of a disqualification order or disqualification undertaking under the Company Directors Disqualification Act 1986 or the Company Directors Disqualification (Northern Ireland) Order 2002
  • are subject to an order made under section 429(2) of the Insolvency Act 1986

You can obtain more details in our publication Finding New Trustees: What charities need to know (CC30).

It is normally an offence to act as a trustee while disqualified unless we have given a waiver under section 181 of the Charities Act 2011 (or in relation to charitable companies, permission has been given by the court).

There may also be restrictions in the charity's governing document which must be followed.

You can find out more on disqualifications and waivers of disqualification in section E of our publication Finding New Trustees: What charities need to know (CC30).

6. The charity has no vetting procedure to ensure that a trustee or member of staff is eligible to act in the position he or she is being appointed to

Charity law does not require charities to ask prospective new trustees to sign a declaration of their eligibility to act but we consider that it is good practice to do so. It shows that the trustees are discharging their legal duties and responsibilities as trustees. We have produced a model declaration.

There are legal restrictions on who can be a trustee, which are set out in our guidance Finding New Trustees: What charities need to know (CC30). We would have a serious regulatory concern if you failed to put systems in place to make the necessary checks to vet trustees, staff and volunteers in order to protect vulnerable beneficiaries. These include CRB (DBS) checks and where they must or should be carried out because of the activities that the charity undertakes. In some circumstances we may regard failure to conduct suitable checks as evidence of misconduct, mismanagement or both, in the administration of the charity.

7. The charity does not have a policy for safeguarding its vulnerable beneficiaries (eg children and young people under 18 years of age, or adults who are vulnerable at a particular time because they are in receipt of a regulated activity1 )

Trustees of charities have a duty of care to their charity which, if they work with children and vulnerable adults will include taking the necessary steps to safeguard and take responsibility for those children and vulnerable adults. So it is vital that they develop, implement and monitor effective safeguarding policies and procedures to protect these vulnerable beneficiaries.

The Commission's regulatory role is in ensuring that trustees comply with their legal duties and responsibilities in managing their charity. This includes making sure that trustees take appropriate steps to protect their charity and its beneficiaries from harm. The Commission is not responsible for safeguarding matters or dealing with incidents of actual abuse and we do not administer the legislation on safeguarding children and vulnerable adults. Our strategy for Dealing with Safeguarding Children and Vulnerable Adults Issues in Charities sets out in more detail our role and approach to safeguarding issues.

The Department for Education is responsible for government policy on child safeguarding and protection in England. You can obtain more information at

The Department of Health is responsible for government policy on safeguarding vulnerable adults in England. There is more information at

In Wales, the Welsh Government is responsible for safeguarding children and vulnerable adults. There is more information on the Welsh Government website.

The provisions of the Protection of Freedoms Act 2012 introduce a range of key changes to disclosure and barring services, including from 1 December 2012 the merger of the Independent Safeguarding Authority and the Criminal Records Bureau creating a single, new, non-departmental public body - the Disclosure and Barring Service (DBS). There is more information at

The DBS is responsible for criminal records disclosures and for making barring decisions. The DBS also manages the Children's Barred List and the Vulnerable Adults' Barred List.

The Protection of Freedoms Act 2012 - future changes to the law

The Protection of Freedoms Act 2012 introduces a range of key changes affecting criminal records checks and disclosure and barring arrangements.

These changes are being phased and the following changes came into force on 10 September 2012:

  • new definition of regulated activity
  • repeal of controlled activity
  • repeal of registration and continuous monitoring
  • repeal of additional (brown envelope) information
  • minimum age of 16 at which someone can apply for a CRB (DBS) check
  • more rigorous relevancy test for when the police release information held locally on an enhanced CRB (DBS) check

However, not everything is changing. The following requirements that were introduced in October 2009 still apply:

  • an organisation must not engage someone in regulated activity whom it knows has been barred by the ISA (DBS)
  • if an organisation that works with children or vulnerable adults dismisses a member of staff or a volunteer because they have harmed a child or vulnerable adult, or it would have done so if they had not left, it must refer this information to the ISA (DBS)
  • everybody within the pre-September definition of regulated activity will remain eligible for enhanced CRB (DBS) checks, whether or not they fall within the post-September definition of regulated activity. However, they will only be eligible for a barred list check as part of their enhanced disclosure application if they fall within the ‘new' definition of regulated activity.
  • a person who is barred by the ISA (DBS) from working with children or vulnerable adults will be breaking the law if they work or volunteer, or try to work or volunteer with those groups

From early 2013 a new Update Service will be introduced by DBS. For a small fee an individual will be able to subscribe to the service to apply once for a criminal records check and then, if they need a similar check again, they can reuse their existing certificate with their organisation checking online to see if it is still up to date.

We advise trustees to ensure they are aware of the changes and updates in this area through the DBS website. The legislation is complex: trustees should consider taking professional advice where necessary.

It is important to remember that disclosure and barring services are all part of a safer recruitment regime and do not remove the need for charities to develop and apply robust recruitment procedures, including checking identity, qualifications and references and enquiring into career history.

8. Suspicions, allegations and incidents of abuse or mistreatment of vulnerable beneficiaries

You should report this if any one or more of the following things occur:

  • there has been an incident where the beneficiaries of your charity have been or are being abused or mistreated while under the care of your charity or by someone connected with your charity such as a trustee, member of staff or volunteer
  • there has been an incident where someone has been abused or mistreated and this is connected with the activities of the charity
  • allegations have been made that such an incident may have happened, regardless of when the alleged abuse or mistreatment took place
  • you have grounds to suspect that such an incident may have occurred

As well as reporting to us, you should also notify the police, local authority and/or relevant regulator or statutory agency responsible for dealing with such incidents.

In the context of safeguarding issues, we have a limited and very specific regulatory role which is focused on the conduct of the trustees and the steps they take to protect the charity and its beneficiaries now and in the future. We cannot prosecute or bring criminal proceedings, although we can and do refer any serious concerns we have to other agencies and the police. We do not investigate the actual abuse - investigations of physical or sexual harm against individuals are matters for the police and/or local authority social services. Other authorities that regulate particular activities of charities are likely to lead on safeguarding matters.

Where incidents of abuse are alleged, it is the role of the police to investigate concerns that a criminal offence may have been committed. Local authorities investigate reports of abuse. In practice, multi-agency panels/ strategy meetings are set up which consider each case and the needs of the vulnerable people. These strategy meetings usually comprise a range of practitioners and can include education welfare officers, health visitors, youth workers, police, social workers, doctors and family support workers. If these cases are related to charities, the Commission may be asked by these organisations to attend to ensure a joined-up approach.

Where we do engage, our focus is on the trustees and what they have done to ensure they have complied with their legal duties and responsibilities towards the charity in managing allegations of this nature. Our concern is ensuring that individual incidents are being properly dealt with. This includes making sure that trustees have proper systems and procedures in place to handle allegations, are dealing with them responsibly, and reporting incidents where appropriate to the police, social services and other agencies. We also expect them to manage the risks of the incidents happening again as far as this is reasonably possible, by making any necessary changes to systems, procedures and work practices.

In some instances the police or another agency may decide not to pursue a case. However there may still be serious concerns about the charity, the conduct of its trustees or its systems to safeguard beneficiaries at the charity that the Commission needs to look into. On some occasions we are the only agency that can take action, especially if the concerns centre on the conduct of the trustees.

We realise that the sector is diverse and that defining the beneficiaries and people connected to the charity may not be straightforward. If you are not sure whether to report an incident, please contact us.

9. The charity has been subject to a criminal investigation, or an investigation by another regulator or agency; or sanctions have been imposed or concerns raised by another regulator or agency such as the Health and Safety Executive, the Care Quality Commission or Ofsted

You should inform us if the charity has been the subject of any criminal investigation or if another regulator or agency has imposed any formal sanction on it. We would also want to be advised of significant developments and notified of the outcome of the investigation by other agencies and the outcome of criminal court proceedings.

Top of page

E. Reporting multiple incidents

How should trustees report when serious incidents occur regularly?

We recognise that some serious incidents may occur more frequently in some charities because of the scope and nature of their activities and work. For example, a charity may be more vulnerable to the risk of being a victim of fraud where it undertakes a lot of complex financial trading. It may be more likely that for some charities, in regular contact with the public and vulnerable beneficiaries in sensitive situations, that the risk of allegations being made and incidents occurring is higher.

If you have decided that incidents are serious or significant enough to report to us, in these instances we are happy to accept periodic summary reports rather than separate reports for each incident, and for these to be based on the internal monitoring and reporting that we expect the trustees to already have in place.

In these circumstances, the key information we are likely to need is how many incidents have occurred in the period and what the issues of concern were. Also, tell us which of these incidents, if any, you have identified as higher risk. If any incidents involve financial loss we will need to know the total amount of the loss, or at least an estimate of this. You will need to confirm whether you have dealt with the incidents in line with your charity's established policies and procedures and identify any exceptions to this. Where incidents have involved actual or suspected criminal activity, you will need to tell us if you have reported them to the police or Action Fraud (as appropriate) and if not, why this is the case.

Larger and well established charities in particular are likely to have good systems in place for periodic reporting to their own Boards. We will expect them to be able to evidence this to us, where necessary. However, to minimise the burden, we are happy for a charity to use its own reporting information to send to us or use this as the basis for submitting a report to us.

When a serious incident has an immediate and significant impact on a charity or its services (for example, high value fraud), it is likely to attract immediate and negative media coverage or to raise serious public concerns in the competency or credibility of the charity. In these circumstances we would always expect this to be reported to us in more detail and as soon as possible.

If you think you will need to make multiple reports, then contact us first so that we can agree how this may best be done for your charity.

Top of page

F. Questions we may ask

When you report a serious incident to us, you should provide enough information to help us decide what, if any, action is appropriate. We need to understand what has happened, the nature of the risk and we are looking for assurance that you are handling the incident properly. If you are able to provide us with this information when first reporting the serious incident, it is less likely that we will need to ask you further questions. For any incident, it would be helpful to tell us:

  • whether the incident has happened or whether there have been serious allegations or suspicions that it has happened
  • when the incident happened and who was involved, including their position in the charity
  • if this person is still involved with the charity
  • the effect of the incident on the charity or its beneficiaries or both
  • what action, if any, has been taken since the incident
  • if there has been any publicity about the incident
  • if the charity has conducted its own inquiry or investigation into the incident and what was the outcome
  • if the police, another regulator or law enforcement or government agency is involved, the name of the agency and what action it has taken, if any. Where relevant, provide us with the reference number
  • confirmation that the trustees have reported the incident to their local Safeguarding Board if it involves abuse or welfare concerns about vulnerable beneficiaries
  • whether the charity has any policies or procedures that apply to the incident in question, confirming they were followed, and if not why. If it is the first time you submit a report, or there have been substantive changes since a previous submission to the Commission, you may need to explain your procedures and/or send us a copy of your policy  
  • whether as a result the trustees have determined that current policies or procedures need to be revised, or new ones put in place if they do not already exist 

The best way to contact us is by email at

Top of page

G. Confidential or sensitive information

We appreciate some of the information provided may be of a sensitive nature and undertake to treat and handle this appropriately and with care. We ask for this information only to fulfil our statutory functions as the regulator of charities.

As a public authority, the Freedom of Information Act applies to us. However, a range of exemptions may apply to this kind of information, for example data protection, commercially sensitive information and information that the law gives a quality of confidentiality. Our ability to share information with other regulators and agencies is also restricted under sections 54-59 of the Charities Act 2011. If the information you provide is particularly sensitive or confidential and this is not likely to be evident to us, you will need to tell us and explain why this is so.

The Data Protection Act 1998 regulates the use of ‘personal data', which is essentially any information, however stored, about identifiable living individuals. As a ‘data controller' under the Act, the Commission must comply with that Act's requirements.

Any information you give us will be held securely and processed only in accordance with the rules on data protection. We will not disclose your personal details to anyone unconnected to the Charity Commission unless:

  • you have consented to their release; or
  • we are legally obliged to disclose them; or
  • we regard disclosure as necessary so that we can properly carry out our statutory functions.

We may also disclose information about you to another relevant public authority but only where we can lawfully do so, and we determine that for purposes of national security, law enforcement, or other issues of overriding public interest, such disclosure is necessary or appropriate.

We will ensure that any such disclosure is proportionate; considers your right to respect for your private life; and is done fairly and lawfully in accordance with the data protection principles of the Data Protection Act.

A significant event in a charity is likely to attract press interest. If you have let us know in advance about the serious incident, then we are better placed to deal with media enquiries without causing unnecessary damage to the charity and its action in resolving the problem. It will also reassure the public to know that the charity has already been in contact with us. We can confirm the trustees have acted responsibly by informing and involving the regulator.

We will not disclose to the media or the public a charity's serious incident report, nor disclose the names of charities that have made serious incident reports. It is important that charities have confidence to report sensitive information to us and know that it will be handled properly and carefully. However, public trust and confidence in charities is crucial. Trustees have certain legal duties and are publicly accountable. We will therefore disclose general statistical data during the year about numbers and categories of reports made. We will not proactively issue press releases on receipt of a report. However, serious incidents within a charity may generate media attention and result in the media contacting the Commission directly. We will handle any contact with the media and issue any press statements or releases regarding concerns about charities in accordance with our public statement Public statements about investigations and other regulatory work.

Top of page

H. What will we do next?

We take a risk-based and proportionate approach to regulation and aim to target our resources and action where the risks are highest and where we can have greatest impact. Our approach to issues of serious concern takes into account the severity of the issue and the degree of risk it poses to the charity and to its assets, beneficiaries, integrity and reputation; as well as the risk to the public and to the reputation of the charity sector in general.

The Commission's Risk Framework, is the common basis we use for determining when and how to act in individual cases. A specialist trained team in our First Contact function will immediately assess all serious incident reports to identify what the key regulatory issues are and to objectively decide the most proportionate and effective response. This means we decide whether we need to get further involved with the issue, the level of priority and attention we will give it, and where in the Commission it will be dealt with. This depends on the particular circumstances, the seriousness and scale of the problem, and the strength of the available evidence.

We treat each case individually to determine the overall level of risk, considering factors that may increase or decrease the risks to the charity. Here are a few examples of the factors we take into account:

  • scale of assets alleged to be at risk or already misapplied
  • impact on beneficiaries or charitable assets
  • risk of further harm to the charity or its beneficiaries
  • risk to public safety
  • risk of curtailment or withdrawal of services as a result of the serious incident
  • whether this is an isolated incident or there is a series of issues or a history of complaints
  • public profile of the charity (for example, is it a small local charity or well-known household name)
  • the charity's case history - including whether it has previously been investigated by us or given advice and guidance on the issue
  • existing or potential involvement of the police or another regulator
  • risk to the charity's reputation and to the charity sector as a whole

To assess each case and decide on the most appropriate and proportionate course of action to take may involve:

  • obtaining more information, where necessary, using our information-gathering powers under the Charities Act 2011
  • testing any allegations
  • contacting other regulators or the police

We cannot say what our action will be for any given issue, as our response will depend on:

  • the charity and its willingness and ability to comply with legal requirements and best-practice recommendations
  • actions that you may already have taken to protect the charity
  • whether our involvement will help the situation
  • the actions or involvement of another regulator

Our response may be that:

  • regulatory issues do not arise, or they are not sufficient to justify further engagement or action by us
  • regulatory issues do arise, and are likely to be best resolved through regulatory advice and assistance
  • regulatory issues have arisen in the past, but you have taken appropriate steps to deal with them and we will take no further action
  • the police or another agency are best placed to deal with the issues
  • we have a concern, but rather than take action we will monitor the charity through closer oversight for a time
  • issues arise that are sufficiently serious or complex that require our Operations function to deal with them as a regulatory case. In cases of regulatory concern that we consider the most serious, our Investigations and Enforcement function will decide whether to open a Statutory Inquiry under section 46 of the Charities Act 2011. If we open a regulatory case or Statutory Inquiry, we will write to explain our reasons and provide you with guidance on the process

As a modern regulator, our overall approach focuses on preventing problems by providing support and guidance and promoting good practice as well as ensuring that charities comply with their legal obligations. Where we can, we aim to encourage and support charities to improve their performance by working in partnership with them. Our concern is always to protect the charity and promote public confidence and trust in charities generally.

Still not sure?

If you have any concerns or questions about what to report or how we will handle information you provide, the best way to contact us is by email at

Top of page


1. The definition of Regulated Activity for adults defines the activities provided to any adult as those which, if any adult requires them, will mean that the adult will be considered vulnerable at that particular time. These activities are: the provision of healthcare, personal care, and/ or social work; assistance with general household matters and/ or in the conduct of the adult's own affairs; and/or an adult who is conveyed to, from, or between places, where they receive healthcare, relevant personal care or social work because of their age, illness or disability. Please refer to Department of Health factual note ‘Regulated activity (adults)' published on its website.

© 2012 Crown Copyright          Copyright Notice | Disclaimer and Privacy Statement | Cookies