Charity Commission issues regulatory alert and updates guidance on fraud

The Charity Commission has published a regulatory alert to flag that some charities could be subject to upcoming changes in the law around preventing fraud. The new offence (under the Economic Crime and Corporate Transparency Act 2023) will come into force on 1 September 2025 and will affect large, incorporated charities meeting at least two of the following criteria:

• More than 250 employees
• £36m income
• £18m in total assets

An organisation may be criminally liable when an employee, agent, subsidiary or other “associated person” commits a fraud intending to benefit the organisation, or its clients, and the organisation did not have in place reasonable fraud prevention procedures. The Home Office has issued guidance which can be found here.

The Commission has also updated its guidance for charities on how to protect themselves against fraud. It says that, in the past year, it has opened 603 cases relating to fraud and an additional 99 cases relating to cyber crimes. The Commission has published guidance called ‘Protect your charity from Fraud’, and separate guidance on how to keep your charity cyber secure, respond to cyber attacks and report cyber crime, which can be found here. The guidance reinforces the importance of having strong internal financial controls in place and provides guidance on mitigation of risk around fraud. It should be read alongside the Commission’s guidance on financial controls (CC8). The Commission states that cyber fraud poses a significant threat to charities which handle personal and financial data.