Serious Incident Reporting for Academies

In recent years, schools have become increasingly reliant on computers and connectivity, putting them at increased risk of becoming targeted by cybercriminals. With crime survey statistics also revealing an estimated 3.6 million cases of fraud in the year ending December 2018, schools increasingly need to be aware of this potential threat and prepare for it.  If the worst should happen, what if anything do academy trusts have to tell the ESFA; and do they also have to tell the Charity Commission?

The Charity Commission has recently updated its guidance on “How to report a serious incident in your charity” as part of its broader guidance on “Protecting Charities from Harm”.

This guidance is relevant to academy trusts even though they are exempt charities rather than registered charities.  The key difference is that academy trusts need to report serious incidents to the Secretary of State for Education (as their “Principal Regulator” for charity law purposes) instead of reporting to the Charity Commission.  In practice reports are made to the ESFA.

This requirement for academy trusts to comply with the obligations set out in Charity Commission guidance is contained in the DfE model funding agreement.  (NB individual trusts should always check the terms of their own specific funding agreements, as their terms can vary from the latest DfE model).

In the guidance, the Charity Commission defines a serious incident as an adverse event, whether actual or alleged, which results in or risks:

  • significant loss of the charity’s money or assets;
  • damage to the charity’s property; or
  • harm to the charity’s work, beneficiaries or reputation.

Fraud, thefts and significant financial losses are listed as some of the most common types of serious incidents. Safeguarding issues could also amount to serious incidents.  It some cases it may be appropriate for trusts to seek legal advice as to whether or not a particular incident should be reported, as well as to obtain support in making a report and dealing with any repercussions from the incident. 

The guidance states that an actual or suspected incident should be reported promptly: meaning as soon as reasonably possible after it happens or immediately after the academy trust becomes aware of it.  A report must be made to the Secretary of State (via the ESFA) even if the academy trust has also reported the incident to the police or another body.

Whilst it may be tempting to avoid reporting and hope that an incident will ‘blow over’, the guidance notes that by reporting a serious incident the trustees demonstrate that they have identified a risk and are taking appropriate action. Proactive management can also assist in lessening potential reputational damage.  

In addition to the Charity Commission guidance, academy trusts also have a direct obligation under the Academies Financial Handbook (Section 6.10) to notify the ESFA of instances of fraud, theft and/or irregularity exceeding £5,000 individually or £5,000 cumulatively in any academy financial year, as well as any unusual or systematic fraud, regardless of value. 

A trust needs to have both a strategy in place to reduce the risk of falling victim to fraud and a response plan to take prompt and appropriate action if an incident occurs.  The ESFA has published a guide for academies, including an anti-fraud checklist, which trusts should review and act upon. 

Given the potential repercussions of any serious incident, academy trusts in any doubt as to their legal obligations should seek professional advice at the earliest opportunity.

The law and practice referred to in this article or webinar has been paraphrased or summarised. It might not be up-to-date with changes in the law and we do not guarantee the accuracy of any information provided at the time of reading. It should not be construed or relied upon as legal advice in relation to a specific set of circumstances.

The Legal 500 - The Clients Guide to Law Firms

UK Chambers logo

Best Companies - One to watch logo

Cyber Essentials Certification Logo