Knowing your responsibilities to employees and third parties

The duties towards volunteers, employees and third parties are very similar. While obeying the relevant laws is important, trustees have a wider obligation to protect their organisation and anyone who works inside it, as well as anyone who has contact with it. 

Do we need to think about health and safety regulations? 

The simple answer is yes. All charities and businesses fall under the scope of the Health and Safety at Work Act 1974 and it applies to everyone who is present in the organisation, including paid employees, unpaid workers and volunteers. In fact, charities can be legally liable for injury or damage caused by employees or volunteers to others while working on behalf of the organisation. 

What can you do to avoid problems? 

Charities and not-for-profit organisations have a duty to use risk assessments to identify, assess and manage risk. When done correctly, these can help avoid many problems, for example, some of the typical duties include:

  • Minimising and managing the risk of accidents resulting from slips and trips in premises, e.g. customers and staff in charity shops
  • reducing the risk of injury from products supplied
  • managing the many risks associated with organised events, e.g. fundraising activities.

Broadly, the duty towards third parties, such as visitors, customers and people attending organised events, are similar to those relating to employees and volunteers. Make sure you have the correct policies and risk assessment to correctly manage these risks. 

You can find more information about your Health and Safety duties by reading our Knowledge Library factsheet, Understanding Health and Safety.

Keeping your organisation protected if something goes wrong

You’re legally required to have Employers’ Liability Insurance if you have paid employees, but even if you only have volunteers, Employers’ Liability insurance is recommended as it protects your organisation if an unpaid worker or volunteer suffered an accident and sued for damages (if found negligent and up to the limit of liability).

The same goes for Public and Products Liability insurance. It’s not compulsory for charities but is highly recommended as it will protect your organisation against negligence up to the limit of liability.  

You can learn more by reading our Knowledge Library factsheet, Do you need employers’ liability insurance for your volunteers?


Need some free risk management guidance?

Here’s how to access a wide range of services through Aviva Risk Management Solutions, completely free of charge:

Risk Helpline 

Get in touch for advice by calling 0345 366 6666 or emailing [email protected]   

Online resources

Access our online industry-specific risk management guidelines, and discover all our tips, tools and templates related to risk management.

Specialist Partner Network

We can offer Aviva customers risk management products and services at discounted prices through our trusted partners. With areas of expertise ranging from escape of water to health and safety, all our partners are well established with a pedigree in risk management.

And, of course, you can find more information on how to reduce the risks to your charity in our Knowledge Library. 

Protecting your assets

As a charity or not-for-profit organisation, it’s important that you take whatever steps are necessary to protect your assets. Let’s look at what assets you might have, why they might be at risk and what should you consider doing to protect them…

Employee dishonesty 

As a community-minded and no doubt trusting person, you’re more likely than most to underestimate the risk posed by employee or volunteer fraud. Yet workplace theft in the UK presents a serious threat to organisations – including, sadly, those in the charity sector – costing billions of pounds every year.

A solid reference procedure is your first line of defence. All new employees should be subject to reference checks, as well as any volunteers who are involved with cash handling, supervisory and management responsibilities or access to sensitive systems (like stock, IT or accounts). You should look for written references from employers, schools or a professional person, covering at least the previous two-year period (with no gaps), in order to confirm the honesty of the person. Please see a guide to handling cash safely.

It’s also vital that your organisation has a system of internal controls and checks that will minimise risk and help detect employee fraud. These include measures surrounding audit, cheque issuing, banking, stock control and computer security, among others. 

Fundraising activity 

A risk assessment should be carried out for any fundraising event, taking into account cash handling arrangements, security measures and safety of the fund collector. An example might be regularly removing takings during the event and finding a secure place to count takings before banking.

And don’t forget, if your fundraising activity includes collecting in the street or door-to-door, a licence is required from your local authority.

Property

Do you own or rent a building space? Have you considered what protection you need against loss from fire, flood or general building maintenance? Please see a link to helping with Maintenance Regimes  and Managing Contractors

Insurance isn’t an alternative to good risk management. Although it might seem obvious, remember general wear and tear is excluded from all insurance contracts and claims can be rejected on the basis that damage was caused by poor maintenance. So, it’s important to make time for regular and systematic building inspections to help identify any problems promptly. Look for weak spots in your building’s security, check for signs of water leaks and ensure the servicing of heating, gas and electrical items are maintained. 

One of the most significant causes of fires in the workplace is faulty electrical wiring – Don’t forget you may be responsible for the safety of the wiring and electrical installations in your charity’s offices or premises. We offer a range of detailed guidance on fire risk, electrical safety and electrical testing here. Please see a guide for Tree Management

Computer equipment 

Computer security measures should always be determined by considering the impact of possible computer crime – how would your everyday activities be affected by a loss of data? Would your fundraising potential be reduced? Would safety and security issues arise if your records are accessed? 

To protect against loss of data, backups should be undertaken daily with discs stored off-site. Other steps to take include periodic testing of your backup to ensure viability, while computers should not be left unattended and encryption and secure passwords should always be used. Read more in our article on cyber fraud and crime.

Motor vehicles

If any employees drive for your charity or organisation, don’t forget that you as an employer are legally responsible for them while they’re driving for work. In addition, trustees, employees and volunteers who use their own vehicles must make sure that their insurance covers them while they are on business for your charity or organisation. 


Free risk management guidance

While you’ll find lots of tips on how to reduce your risks within the Knowledge Library, you can also access a wide range of services, through Aviva Risk Management Solutions, completely free of charge.

Risk Helpline – a source of qualified advice that can help with all your risk management needs.

Call 0345 366 6666  

Email: [email protected]   

Aviva Risk Management Solutions online service

Instant access to industry-specific risk management guidelines, including Loss Prevention Standards, tools and templates: 

https://www.aviva.co.uk/risksolutions/

https://www.aviva.co.uk/risksolutions/knowledgestore/

Specialist Partner Network

We also have access to a range of products and services – available at discounted prices for Aviva customers – helping to create an environment with reduced risk. From fire to escape of water, security to motor, health and safety to business resilience – all our partners are well established with a pedigree in the risk management sector. https://www.aviva.co.uk/risksolutions/specialistpartners/ 

Good financial practice for trustees

Trustees are there to act in the best interests of a charity, its aims and its service users. Managing the charity’s resources responsibly and keeping it in good financial health is at the heart of this. So, trustees should be aware of their potential liability if things did go wrong and must be clear on the limits and restrictions of any indemnity insurance. 

As a trustee you should be regularly reviewing and agreeing the charity’s plan for achieving its goals, including how money is managed. It’s good to remind yourself that without a sound financial base it will be almost impossible for the charity to succeed in its aims. Financial management includes the money coming in and going out, as well as how resources are used. 

A good starting point for any trustee is to understand the filings requirements applicable to your charity’s size and structure. These can be quite different, although your overall duty to act in your charity’s best interest and take reasonable care remains unchanged. It’s best practice for trustees to: 

  1. Agree a clear reserves policy as part of its overall strategy. These reserves should come from unrestricted funds and are important to give your charity financial security and resilience.
  2. Understand whether and when it is possible for you to pay trustees and connected parties, and when Charity Commission permission will be required. Some circumstances, like struggling to recruit trustees, permit you with permission from the Charity Commission to pay a trustee for being a trustee or to compensate trustees for loss of earnings. When making payments to trustees or those connected to trustees, you must be mindful of conflicts and ensure decisions are taken in accordance with your governing document.
  3. Be aware of your charity’s solvency and make sure that, as a trustee, you ask probing questions as required. Trustees must be sufficiently informed regarding the charity’s finances to spot issues and manage risks early – appropriate financial management and controls will assist with this. If your charity is at risk of insolvency you should seek professional advice.
  4. Be aware of financial crime such as fraud, as well as anti-bribery and corruption laws – trustees must protect the assets of the charity. All charities should have robust procedures in place based on a risk-based approach. 
  5. Adapt your governance procedures to match requirements. For example, if the charity is experiencing significant growth or financial hardship, trustees may need to meet more often to deal with associated issues.
  6. Understand the Charity Commission’s ‘Serious Incident Reporting’. Trustees must decide when an incident requires reporting to the Charity Commission and provide sufficient information without delay – if you fail to report a serious incident the Charity Commission may take regulatory action.
  7. Ensure you have legal and financial advice where required – throughout the life of your charity you may need to seek professional advice on financial matters. It is important that trustees understand when professional advice should be sought. Trustees should be aware of their potential liability if things did go wrong, and must be clear on the limits and restrictions of any indemnity insurance.

You can find out more about managing a charity’s finances at the Charity Commission website 


This article was kindly contributed by Aviva’s international law firm partner DAC Beachcroft’s Charities & Not-for-Profit practice.

DAC Beachcroft publications are created on a general basis for information only and do not constitute legal or other professional advice. No liability is accepted to users or third parties for the use of the contents or any errors or inaccuracies therein. Professional advice should always be obtained before applying the information to particular circumstances. By reading this publication you confirm that you have read, understood and agree to the terms of this disclaimer. 

The copyright in this communication is retained by DAC Beachcroft © DAC Beachcroft

Making sure your building is adequately insured

Have you ever checked your charity’s building has the right level of insurance? If not, it’s time to speak to your insurance broker or a valuation expert to get professional advice on the amount of cover you need.

Our specialist valuer, Barrett Corp & Harrington, says that on average 77% of the commercial properties they survey are underinsured by 45% of the correct insurance. If the amount you’re insured for is wrong, it’s likely to impact the amount you’re paid for any claim you need to make.

Here’s a checklist to reduce the risk of that happening to your charity.

Top tips

  • Make sure that within the last three years your building has been professionally valued ‘for insurance purposes’.
  • If you’ve altered or extended the building, get the valuation done again.
  • Make sure your cover is based on the cost to rebuild the property, not the market value.
  • Check you’ve factored in the cost of any gates, fences or car parking areas into your calculations.
  • Consider increasing the amount of insurance you have if your charity uses a listed building – because repairs and rebuilding work are likely to be more expensive and take longer.
  • Don’t forget to factor in the cost of professional fees. For example, you might need an architect or surveyor in the event of a claim.
  • If your building would need a crane or heavy machinery to carry out work, make sure you factor in the cost of things like site clearance and special access.
  • The valuation will also need to consider VAT if your charity is VAT registered.

Free risk management guidance

Here’s how to access a wide range of services through Aviva Risk Management Solutions, completely free of charge:

Risk Helpline 

Get in touch for advice by calling 0345 366 6666 or emailing [email protected]   

Online resources

Access our online industry-specific risk management guidelines, and discover all our tips, tools and templates related to risk management.

Specialist Partner Network

We can offer Aviva customers risk management products and services at discounted prices through our trusted partners. With areas of expertise ranging from escape of water to health and safety, all our partners are well established with a pedigree in risk management.

And, of course, you can find more information on how to reduce the risks to your charity in our Knowledge Library. 

*Source: Barrett, Corp & Harrington

Key Person cover

Whether you work for a large charity with paid employees, or a small community group made up of volunteers, there will be certain people that you can’t imagine life without. The ones who keep the show on the road. So, have you ever thought how your cause would carry on if they couldn’t do their normal duties?

What is Key Person cover?

If a key person within your organisation dies or suffers a serious illness, it could have a devastating financial effect. So Key Person cover is simply a life insurance – or life and critical illness insurance – policy for that person vital to your organisation.

Does my charity need it?

A policy pay-out could help cover:

  • a loss of funds or profit
  • expensive recruitment costs
  • any penalties for the non-delivery of goods or services.

Which key person needs covering?

When assessing the risks and deciding who to cover, it’s important to consider these questions:

  • What’s the person’s impact on the profitability or fundraising abilities of your charity?
  • What’s the person’s job history and qualifications?
  • What are the person’s key skills?
  • Would it be difficult or expensive to replace them?
  • What’s their level of seniority within your organisation?
  • Are there other key people within your organisation you need to cover?

How much cover do we need?

Cover requirements will vary from one key person to another, depending on the impact of losing that person. Revisiting the questions above and trying to add a value to them will help with working this out.

You’ll also need to decide whether you need life insurance only (to cover the key person passing away unexpectedly) or critical illness cover too (for if the key person is diagnosed with a defined illness that affects their day-to-day duties).

Critical illness cover

Critical illness cover pays out on your insurer’s defined list of illnesses, often offering a primary level of cover and then an additional list. This varies from one insurance provider to another, and usually only covers the most serious and disabling illnesses and injuries.

What next?

If you’d like to know more about Key Person cover from Aviva or get a quote, please speak to your financial advisor.

How to create a risk assessment

Risk is an everyday part of running a charity or good cause. And although risk can never be eliminated completely, being prepared can help protect everything from your people and property, to your reputation and assets.

Which charities or not for profit organisations need risk assessments?

The simple answer is all of them. 

If you’re a smaller charity with a gross income of less than £250,000, you don’t have to report on risk management. But it’s still highly recommended you establish a documented risk assessment so you can demonstrate your accountability – for example to stakeholders, fund providers, those using your services or the general public.

And remember, any organisation that employs people or is responsible for non-domestic premises (like your charity’s office or headquarters), is legally required to carry out fire risk assessments. 

How do risk assessments work?

A risk assessment is an ongoing process that needs to be reviewed regularly and updated as things change. Here’s an overview of the steps involved: 

  1. Identify hazards 
  2. Assess the risks 
  3. Take suitable action to reduce the risks
  4. Record the risk assessment
  5. Continue to use the risk management process you’ve established on a regular basis – monitoring and updating it as you go

All areas of your charity’s workplace, inside and out, should be considered in your risk assessment. This includes any activities you take part in and equipment you use. 

And activities carried out away from your charity’s usual premises should also be risk assessed – like fundraising events, outings or overseas trips. 

Example – overseas trips

Here are some example considerations that would go in to a risk assessment if your employees or volunteers need to work overseas:

The people who are travelling must also be trained and prepared before they leave the UK. 

Your risk assessments should be specific to each individual trip, and consider any health risks associated with visiting certain parts of the world (for example, the need for vaccinations).

Before each trip, it would be important to contact the Foreign and Commonwealth Office for the most up-to-date guidelines, and then discuss your plans with your insurance provider.

Ready to get started?

Here are some handy resources to help you create your own risk assessments:

Charity Commission for England and Wales – Charities and Risk Management 

Sayer Vincent LLP Risk Assessment Guide

We also have many specific risk assessment templates ready for you to use on Risk Services Knowledge Store


Free risk management guidance

While you’ll find lots of tips on how to reduce your risks within the Knowledge Library, you can also contact our specialists:

Risk Helpline – a source of qualified advice that can help with all your risk management needs.

Call 0345 366 6666  

Email: [email protected]   

Specialist Partner Network

We also have access to a range of products and services – available at discounted prices for Aviva customers – helping to create an environment with reduced risk. From fire to escape of water, security to motor, health and safety to business resilience – all our partners are well established with a pedigree in the risk management sector. https://www.aviva.co.uk/risksolutions/specialistpartners/ 

Cyber security guidance and resources

Cybercrime is a serious threat to any organisation – and charities are no exception. The good news is, there’s a wealth of websites, reports, training materials and other resources available to help small charities and community organisations be better informed about cyber security.

To help you know where to go for advice and guidance, we’ve signposted some of the best cyber security resources below. These will help you understand what steps your organisation needs to put in place to minimise the risk of – and exposure to – cybercrime. 

Top tips to stay cyber-safe:

  1. The National Cyber Security Centre is the UK’s independent authority on cyber security. Their Small Charity guide has been produced to help charities protect themselves from the most common cyberattacks. This easy-to-understand guide covers five topics that cost little (or nothing) to implement: backing up your data; malware protection; keeping smartphones/tablets safe; using passwords; and avoiding phishing attacks. 
  2. Register for the free Charity Fraud Awareness Hub. This offers a wealth of free digital resources, including help sheets, case studies, webinars and tutorials, to help you better understand the mindset of fraudsters and how to beat them. Compiled by the Fraud Advisory Panel, the Charity Commission for England and Wales, and UK Finance. 
  3. The Charity Commission for England and Wales has a whole host of regularly updated, useful information about fraud and cybercrime, how to spot it, and what you can do to protect against it. If you’re based in Scotland, take a look here.
  4. Get your employees and volunteers trained up so they understand the crucial role they have to play. The National Cyber Security Centre has created a free-to-access e-learning package: ‘Stay Safe Online: Top Tips for Staff’. It’s easy to understand, easy to use, and takes less than 30 minutes to complete. For other, more specific free e-learning resources, visit https://www.fraudadvisorypanel.org/charity-fraud/resources/ – and for face-to-face training options, the Foundation for Social Improvement and NCVO often offer low-cost, if not free, events.
  5. Does your trustee board understand the criticality of cyber security and what questions to ask? The National Cyber Security Centre (NCSC) board toolkit covers a range of cyber security topics, including: an introduction to cyber security (specifically written for board members); understanding the threat; collaborating with suppliers and partners; and planning a response to a cyber incident. This straightforward guidance offers helpful questions that board members can ask those running the organisation. It can also be adapted to fit your own charity’s culture and priorities, and has been created using insights from boards about what they would like to know.
  6. Finally, cyber security doesn’t need to be expensive. Visit https://charitydigitalexchange.org/ for access to heavily discounted and donated software from the likes of Google, Microsoft, Adobe, Cisco and more.

Protection from cybercrime

Charities are a tempting target for fraudsters – not just because of the high degree of trust involved, but also because charitable organisations across England and Wales spend nearly £80bn a year. And with very little known about the nature and scale of charity fraud, the sector is very vulnerable indeed.

The Charity Commission for England and Wales (partnered by the Fraud Advisory Panel) conducted a study in October 2019. It contacted a representative sample of 15,000 registered charities across England and Wales, receiving a response rate of 22%. This made it the largest ever analysis of fraud committed against UK charities.

The study found that over two thirds of charities think fraud is a major risk. But worryingly, less than 9% have a fraud awareness training programme. How does your organisation stack up?

What to look out for

Cybercrime can take many forms. Here’s a reminder of how a data breach or unauthorised network intrusion can occur:

  • Staff receiving fraudulent emails
  • Viruses, spyware, malware
  • Impersonating organisation in email/online
  • Ransomware
  • Negligence of your own employees or volunteers.

What’s at stake? 

More than you might think. Typical losses include:

  • Forensic, legal and IT specialists’ expenses
  • PR Consultant expenses if your charity’s reputation is harmed
  • Data restoration
  • Business interruption
  • Notification expenses
  • Regulatory fines
  • 3rd Party liabilities.

10 steps to reduce the risk

There are many free and low-cost resources available to you as a charity to reduce your exposure to cybercrime. We’ve created an article to signpost you to these here.

In the meantime, here are 10 simple economical steps you can take to reduce your risk of falling victim to a costly cyber attack:

  1. Education and awareness – Train all employees and volunteers in cyber security principles
  2. Network security – Protect your networks from attack by using firewalls, antivirus software and…
  3. …ensuring the software and patches are kept up to date
  4. Incident management – Establish an incident response plan and disaster recovery capability
  5. Information risk management regime – e.g. formal cyber security policies or other documentation
  6. Monitoring – Establish a monitoring strategy and produce supporting policies
  7. Malware protection – Produce relevant policies and establish anti-malware defences
  8. Managing user privileges – Establish effective management processes
  9. Removable media controls – Produce a policy to control all access to removable media
  10. Keep up to date – Fraud is ever-evolving. To stay ahead of the latest threats, ensure you regularly visit https://www.gov.uk/guidance/protect-your-charity-from-fraud

Be covered against crime

It’s a difficult fact to come to terms with, but charities and good causes can be at risk from within, as well as from external crime. That’s why Crime Insurance, also known as Fidelity Guarantee Insurance, can be essential in protecting your organisation.

What is Crime Insurance?

Crime Insurance protects an organisation against theft, fraud or forgery by a third party and/or an employee.

Why do we need it? 

It’s sad but true – charities can be an easy target for criminals and fraudsters. They may go as far as targeting and exploiting your employees, or even securing positions within your organisation. The good news is, Crime Insurance gives you the peace of mind of knowing you’re covered should you experience any resulting crime loss.

What is a crime loss?

A crime loss occurs when an organisation suffers loss of money and/or securities by way of an external (3rd party) and/or internal (employee) theft. These losses could include:

Internal

  • Stealing cash, merchandise, equipment or materials
  • Charging inactive accounts
  • Paying bonuses to those who shouldn’t receive them
  • Increasing amounts on cheques and invoices after they’ve been paid
  • Paying invoices to companies that don’t exist
  • Padding payroll and cash expenditures
  • Not crediting cash payments

External

  • Using computers to hack into your system and transfer funds
  • Purchasing goods by way of identity and card fraud
  • Scamming your organisation using counterfeit money
  • Stealing property and money, either online or in person
  • Telecoms and utilities theft

The consequences of such crimes could be significant, leading to large financial losses, reputational damage and even bankruptcy. 

Top tips to reduce the risk

As well as having Crime Insurance in place, there are measures you can take to help reduce the risk to your organisation of both internal and external crime.

Internal crime safeguards:

  • Obtain employee references and DBS checks
  • Have the appropriate bank controls in place
  • If agency workers are used, check the employment agency has adequate insurance cover
  • Conduct regular audits
  • Establish a line of authority at your organisation, and ensure that everyone is acting responsibly
  • Create an ‘audit trail’ for each transaction

External crime safeguards

  • User education and awareness – train employees in cyber security principles
  • Lock shared documents with sensitive financial data to prevent thieves from accessing them
  • Undertake periodical crime risk assessments to uncover vulnerabilities
  • Managing user privileges – establish effective management processes

For an overview of cybersecurity, see our article and also this list of valuable cyber resources.

If you’re interested in getting a quote for Crime Insurance and finding out more about how it might offer your organisation protection, please speak to your broker.

The right start for your charity

Charities come in all shapes and sizes, from informal, local groups to national and international ventures. It’s important to make sure that your charitable goals are supported by the correct structure, documents, trustees and administrative expectations. These should help your charity achieve its goals as well as making sure that it operates within the relevant law. 

Charities: Starting out

1. Is a charity the correct structure?

Charities must have a “charitable purpose” for the public benefit. These are set out in law and not everything that will benefit the community will be charitable.

2. Which structure should be used?

Choosing the right structure will depend on a number of factors. Very small charities may be comfortable using a less formal, unincorporated structure, but those who wish to employ people or enter into dealings with third parties may find this problematic. Small charities may, however, find more formal structures an administrative burden.

3. What’s in a name?

Did you know that there are restrictions on what you may name your charity? You can’t use a name which could be misleading, and you need to make sure that your name isn’t too similar to that of another organisation. You also cannot infringe IP rights with your name, e.g. using a name which is a trademark. If you decide to have trading names these will need to be listed – please note trading names are not generally protected.

4. Who can run the charity?

Your charity will need individuals to run it, regardless of the structure selected. You must ensure that the individuals running the charity understand their duties and liabilities and have the appropriate skills mix to ensure that the charity is appropriately managed. Depending on your legal structure, trustees may need to comply with charity law and company law; this includes the rules on disqualification. If the charity is unincorporated you should still comply with disqualification criteria to avoid charity mismanagement.

5. Governing documents

All charities need a governing document. The structure selected will dictate what is legally required. For example, if you are a company you must have articles of association which comply with both charity and company law – the Charity Commission has model documents. If the charity is a CIO, the governing document will follow one of the Charity Commission model documents for either the association or foundation model. Unincorporated associations will have constitutions and trusts will have a trust deed or will.

6. Administrative obligations

Administration can be quite a burden for smaller charities, and obligations can vary based on your income. If you are a company of any size you need to comply with filing requirements for companies – you may be fined if you don’t comply. Companies may also need to register with the Charity Commission. CIOs always need to register with the Charity Commission. When the charitable structure is selected it is vital that those in charge understand their legal obligations and budget for these costs, which may include fees of financial and legal advisers.


This article was kindly contributed by Aviva’s international law firm partner DAC Beachcroft’s Charities & Not-for-Profit practice.

DAC Beachcroft publications are created on a general basis for information only and do not constitute legal or other professional advice. No liability is accepted to users or third parties for the use of the contents or any errors or inaccuracies therein. Professional advice should always be obtained before applying the information to particular circumstances. By reading this publication you confirm that you have read, understood and agree to the terms of this disclaimer. 

The copyright in this communication is retained by DAC Beachcroft © DAC Beachcroft