Tag Archives

Charitable company conversion to charitable incorporated organisation (CIO)

Five years after the new charitable incorporated organisation (CIO) structure became available for unincorporated charities in England and Wales, it is finally!!! also available for charitable companies.

CIOs have all the advantages of incorporation, in particular protection from personal liability, in most situations, for trustees and members. But unlike charitable companies, which have to register with both Companies House and the Charity Commission, CIOs are registered only with the Charity Commission.

The conversion process
Charitable companies and CIOs are both incorporated, so the process of changing from one to the other is relatively straightforward, involving passing the relevant resolutions, agreeing the CIO constitution, ensuring the rules on use of certain words in CIO names are met, and making an online application to the Commission for conversion. The CIO will be able to keep the same charity number that the charitable company had, and probably also the same bank accounts.

Community interest company (CIC) conversion to CIO
Community interest companies (CICs) are by definition not charities, even if their objects are legally charitable. CICs with charitable objects which have realised they are losing out on the advantages enjoyed by charities (such as not having to pay corporation tax on profits, and getting rate relief on property rates) have in the past been able to convert to charitable companies. The Charity Commission is now drawing up procedures for CICs with charitable objects to convert to CIOs. These are expected to come into effect from 1 September 2018.

Click here for further information

Bitesize GDPR Guidance for Fundraisers Published

The Institute of Fundraising (IoF) and the Fundraising Regulator, have released joint guidance on GDPR which has been reviewed and co-badged by the Information Commissioner’s Office.

The guidance – which can be downloaded here – is based on the questions that charities have asked and provides clear and practical answers. It gives an overview of GDPR for charities and fundraisers, looks at different fundraising methods, and identifies ways in which personal data is likely to be used in each case. The material signposts to more detailed guidance from key sources to fully equip fundraisers ahead of 25 May 2018.

By working together to produce this guidance, fundraisers and charities can be confident of a consistent approach that will help them as they plan their future work. The guidance is designed specifically for fundraisers and those in smaller organisations, and focuses on practical application of the law to real life scenarios.

The guidance will be available for free and is supported by regulators and membership bodies across the UK, including the Charity Commission, NCVO and WCVA; the Charity Commission Northern Ireland and NICVA; and the Scottish Independent Fundraising Panel.

Daniel Fluskey, Head of Policy and External Affairs, Institute of Fundraising, said: “We are delighted to have been able to work with the Fundraising Regulator and ICO to produce these new resources. It’s essential that fundraisers get GDPR right. We know that fundraisers have had questions over how the law will apply in practice and hope that these new guidance pieces help to demystify GDPR and enable fundraisers to plan their work to give supporters the best experience of fundraising.”

Gerald Oppenheim, Head of Policy at the Fundraising Regulator, commented: “These ‘bite-size’ documents address questions we have received from fundraisers struggling to ensure their methods are GDPR compliant. We hope the new guidance will help fundraisers to feel confident in their practices in the lead up to May.”

Source: Charity Digital News

Research Reveals GDPR Could Leave Charities at Risk

More than a third of smaller charities do not know that the General Data Protection Regulation (GDPR) will be enforced from May 2018, leaving them potentially exposed in the event of a data breach.

A survey carried out by specialist charity insurer, Ecclesiastical, revealed that while awareness of the new data protection regulation is almost universal among charities with a turnover over £1.5m – only 4% are unaware of the forthcoming changes – that figure stands at an alarming 36% for charities with a turnover of less than £500,000. A quarter (24%) of mid-size charities are unaware of GDPR.

The low level of awareness of GDPR by charities was also recently highlighted in a Cyber Security Breaches survey by the Department for Digital, Culture, Media and Sport (DCMS).

Among wide ranging changes to data protection legislation that cover how personal data is processed, the GDPR introduces a duty on all organisations to report certain data breaches. When enforcement of the GDPR starts on 25 May, not only could charities face major fines for data breaches, they will be required to notify the Information Commissioners Office (ICO) within 72 hours following a breach that puts personal data at risk. They will also need to notify individuals, including potentially donors and service users, if there is a high-risk breach.

Worrying lack of awareness

David Britton, charity director at Ecclesiastical Insurance, said: “The lack of awareness about GDPR by smaller charities is worrying because it is precisely these organisations who are the least likely to be able to deal with the fall-out of a data breach; from paying the potential fine to resourcing the legal notification of those whose data has been breached and recovering from the long-term reputational damage.

“The charities I have spoken to that are aware of GDPR are taking steps to prepare but many are unsure where to focus first and what essential information they need to inform trustees about. There’s also low awareness of some of the specifics, such as the new data breach notification requirements.”

In Ecclesiastical’s survey, a third of smaller charities admitted they have very little or no knowledge about the impact GDPR will have on their charity (compared to 5% of mid-sized and 4% of large charities), and 47% of all charities feel they still need to know more about how the new regulation will impact on them.

Larger and mid-sized charities are much more confident they will ready to comply when GDPR becomes law in May – 92% and 97% respectively, compared to 80% of smaller charities.

Although many of the GDPR’s main concepts and principles are aligned to the current Data Protection Act (DPA), charities should not automatically assume their current processes are robust enough to comply with the new legislation.

To read the full Charity Digital News article click here.

Organisations Plan Bold Steps in Creating a Culture of GDPR Compliance

A study from Veritas Technologies has found that the General Data Protection Regulation (GDPR) has the potential to drive major cultural changes in businesses worldwide.

Nearly three in four  respondents plan to incentivise employees to improve data hygiene and take accountability for data compliance.

According to The Veritas 2017 GDPR Report, 88% of organisations around the world plan to drive employee GDPR behavioural changes through training, rewards, penalties and contracts. Almost half (47%) of businesses will go so far as to add mandatory GDPR policy adherence into employment agreements.

Failure to adhere to contractual guidelines could have significant implications. Nearly half (41%) of respondents also plan to implement employee disciplinary procedures if GDPR policies are violated.  A quarter of businesses (25%) would consider withholding benefits—including bonuses—from employees found to be non-compliant. At the same time, 34% say they will reward employees for complying with GDPR policies, as those employees are helping to promote proper data governance within their organisations, which can lead to better business outcomes.

Cultural Changes
The report found that the vast majority of respondents (91%) admit that their organisation does not currently hold a culture of good data governance or GDPR compliance. However, as indicated above, companies understand that training is critical to driving cultural changes within their organisations.

The majority (63%) of companies believe all employees must receive mandatory training on GDPR policies. However, respondents were also quick to identify the types of employees that should be trained: 86% believe the IT department must be prioritised, closely followed by business direction and strategy employees (85%), business development/sales/channel employees (84%), legal employees (82%) and finance employees (82%).

“Data is one of the most critical assets within an organisation, yet many businesses are struggling to implement good data hygiene practices—and that often starts with employees,” said Mike Palmer, executive vice president and chief product officer, Veritas. “However, our research shows that businesses are getting serious about driving cultural change within their organisations.”

“As businesses consider deploying new processes and policies including training, rewards and updated contracts in support of GDPR compliance, more employees will understand the role they play in protecting their organisation’s data. And, for employees that fail to take matters seriously, their bonuses and benefits may be negatively impacted.”

To read the full Charity Digital News article click here.

Over 7,500 Charities Miss Deadline to File With the Regulator

Just over 7,500 charities missed last week’s deadline to file their annual accounts or annual return with the Charity Commission.

Charities with financial years ending on 31 March – the majority of the sector – needed to file their accounts and annual return with the Commission by 31 January.

Currently 7,198 charities with a year end of 31 March are overdue, while approximately 400 missed the deadline but have filed within the last week.

This is an improvement on last year when 10,818 missed the deadline.

Of those, over 2,000 have still not filed accounts.

Over half of those that missed this year’s deadline are charities with a legal requirement to file annual reports or accounts – those with an income over more than £10,000 and all charitable incorporated organisations.

Charities which are in administration, such as Kids Company, also show up in the figures, but they are not able to file.

Late filers highlighted on register
Every year the Commission runs a public campaign to encourage charities to file on time and tried to contact all charities with a filing day of 31 January ahead of the deadline. The Commission highlights any charity with overdue accounts on its public register.

At the moment the register reports that there are 16,000 charities that have out of date documents. This includes charities for whom the deadline is not 31 January. Of these, 244 have incomes over £1m. The vast majority – over 14,000 – are those with incomes of under £100,000.

There are 20 charities with incomes over £10m, which have overdue documents. Fourteen of these had filing dates of 31 January 2017.

Among the largest charities not filing accounts are Lifeline Project and Broadcasting Support Services, which are in administration, and the Garden Bridge Trust, which has said it will close.

Source: Civil Society

Charity Commission to Hold Summit On Safeguarding in UK

The Charity Commission has announced a summit on safeguarding for UK charities, to accompany one for international charities which was announced by the Department for International Development last week.

The summit, to be co-chaired by Tracey Crouch, minister for civil society, is one of several measures announced by the regulator to ensure charities put sufficient focus on protecting beneficiaries and other vulnerable people their staff and volunteers come into contact with.

The regulator is also launching a new safeguarding task force, recruiting additional safeguarding expertise, and changing the way it communicates with whistle blowers.

The Commission said both summits would:

  • Establish a shared understanding of the safeguarding challenges facing charities working in the UK and emphasise the importance of maintaining public trust in the sector.
  • Hear the sector’s ideas for solutions and what actions they are taking and will take.
  • Agree and commit to actions jointly and individually to strengthen the safeguarding capability and capacity of charities working across the UK.

Both summits will involve charity regulators in Scotland and Northern Ireland to ensure a coordinated approach across borders.
The new Commission task force will:

  • Deal with a significant increase in safeguarding incidents being reported to the regulator.
  • Do proactive work to promote the reporting of safeguarding incidents.
  • Give advice to charities reporting serious incidents.
  • Study existing reports to identify gaps in disclosure

Safeguarding ‘should be a top priority’
Helen Stephenson, chief executive of the Charity Commission said: “The Commission’s actions and messages over the past few years demonstrate the top priority we expect charities to give to safeguarding, and the priority we place on ensuring trustees meet their legal duties, and public expectations, around this.

“But recent revelations have shocked us all and brought a new focus on how charities deal with these issues. We want to do everything we can, using our authority as regulator, to ensure that safeguarding is prioritised in all charities – not just those working with groups traditionally considered at risk. That’s what these two summits are about.

“At the heart of all this lies culture, governance and leadership in charities. Policies, procedures and formal systems – vital as they are – do not alone prevent safeguarding incidents, or ensure charities respond appropriately when incidents occur. The public rightly expect charities to be safe places, and for charity leaders to ensure their organisation lives its values, in everything they do.”

Stephenson said the Commission has not done enough to inform whistle blowers of the difference their contributions made.

To read the full Civil Society article click here. 

People with Significant Control (PSC): Who Controls your Company?

How to identify and record the people who own or control your company.

A person with significant control (PSC) is someone who owns or controls your company. They’re sometimes called ‘beneficial owners’.

You must identify your PSC and tell us who they are. This might be you, or someone associated with your company. A company can have one or more PSC.

You must record their details on your company’s PSC register and send us this information. If you can’t identify your PSC, or believe you don’t have one, you need to tell us why. The easiest way to do this is online.

To access the full Gov.UK publication from Companies House on People with Significant Control click here.

Daniel Fluskey: Why There are Some Donations That You Just Don’t Want

Earlier this month the Presidents Club came under fire for hosting an all-male fundraising dinner where hostesses were said to have been sexually harassed. Dan Fluskey, head of policy and external affairs at the Institute of Fundraising, looks at why charities should sometimes decline gifts.

You’re a charity. Your only reason to exist is to make a positive difference in the world. To do that, you need money – to fund your services, pay your staff (if you have them), to host a website. So when someone gives you a donation, the first thing you think about is how you can use that money to do something good for your cause and beneficiaries. The last thing you want to do is refuse that money, or give it back.

But, of course, nothing is that simple. What if accepting that money, which you can put to such valuable use, has a knock on impact and leads to consequences which could seriously affect your charity. What if accepting the donation, and because of the association of who’s donated it, or how it was raised, means that two of your long term major donors (who give more than the value of the particular donation you’ve accepted) decides they no longer want to be involved with you. Or the commercial partnership you’ve been working on with a company suddenly falls through. And after the weekend you come back to the office and realise that a number of your volunteers don’t want to come back, and some of your regular supporters have cancelled their direct debits.

How do you weigh up the benefits?
These considerations (and many more!) will have been going through the heads of trustees, CEOs, fundraising directors and staff at the charities who had received money from the Presidents Club. Quick decisions were needed, the media spotlight was firmly on them. But how do you go about making that decision? How can you weigh up the benefit of the money received which is tangible (a real amount, in your bank account) while playing through the hypothetical (but possible) scenarios?

Well, you know what – it is not easy. And, part of why it’s tricky is because, at the end there is no definitive right or wrong answer. There is a trustee board, supported by their teams, trying to make the right decision for their charity. Other people – commentators, tweeters, TV presenters – might have a view, but the only people that make the decision are in that charity, and their only duty is to the best interests of the charity and cause.

I’ve spoken to a number of charities over the last week or so, and we’ve all done the ‘what would you have done in their position’ game. I think nearly all said they would have refused a donation from the Presidents Club, but not all would have returned past ones – mainly because the money would have been spent and isn’t there to return! It was interesting to see the results of the public poll from Yougov commissioned by NCVO with Peter Kellner discussing the results here Just 20 per cent of the public think the charities should give the money back. A sizeable majority, 67 per cent say they should keep the donations. (The remaining 13 per cent don’t know.) So, it seems that two thirds of people would back charities if they didn’t return the donations. That’s useful to know as a gauge of public opinion, but it is not necessarily the determining factor. Public polling informs what charities do, but shouldn’t dictate it. It will be one of the things that charities think about as they consider what’s in their overall best interests.

To read the full Civil Society article click here.

Automatic Disqualification of Trustees – Part 2

Here is part 2 of the NCVO’s blog on Automatic Disqualification of Trustees.

The bigger issue is probably that senior managers as well as trustees will become subject to automatic disqualification.

Who counts as a senior manager?

The first type of senior management function relates to the overall management of the charity. The person holding that function can only be responsible to a trustee. This person, if anyone, would probably be your chief executive (they might be called your director).

The second involves control over money. The person holding this function can only be responsible to a trustee or another employee with senior management functions that don’t involve control over money.

How large the charity is, whether a person is paid and whether their contract is permanent doesn’t matter here. The key questions are:

  • what kind of responsibility does the person have?
  • where in the organisational structure does the person fit?

Exceptions that prove the rule? Applying for waivers

The new rules come into force on 1 August 2018. However, from 1 February 2018 people who are affected by the new rules can apply for an advance waiver.

Individuals, not charities, apply for waivers. The Commission will decide whether to grant one based on individual circumstances and:

  • the level of risk they present to the best interests of charities to which the waiver would apply
  • whether giving a waiver is likely to damage public trust and confidence in a charity or charities.

There are a number of more specific factors. The Commission will want the information from the trustees of the charity or charities as part of the process.

Where can I find out more?

NCVO has put together a longer piece on Knowhow Nonprofit.

The Commission has published guidance for individuals, for charities and how it decides about waivers. Unlock, the charity working on behalf of people with criminal records, will also be publishing guidance on 1 February.

Source: NCVO

Marketing and IT: The GDPR Dream Team?

Nigel Crockford, Business Development Manager at data security specialist eSpida, explains how marketing and IT departments can work together to prepare for the GDPR.

Giving greater rights to individuals across the European Union (EU), the GDPR states that, as of May 2018, businesses must obtain explicit consent from consumers to use and process their data. How the data will be used, and for what purpose, must be clearly outlined to the consumer before signing up and must not be written into the terms and conditions as is currently common practice.

The ways in which the GDPR will affect how current operations are conducted will vary from business to business and marketing is just one department that needs to be aligned with the regulation. To achieve compliance, businesses can streamline their processes by having departments work together simultaneously.

With the increased use of social media and other digital platforms, a lot of the marketing role involves working with online assets. Businesses should therefore look to have marketing departments work collaboratively with their company’s IT department. In fact, a survey from Econsultancy found that 78% of IT professionals believe they should work closely with marketing teams to meet business objectives.

We are already seeing this collaboration between marketers and IT staff begin to take shape. For example, an increasing number of marketers are producing downloadable assets that, with the help of IT departments, are locked behind subscription walls. Marketers use this to capture contacts and add them to e-mail marketing lists — a practice that will need to change in light of GDPR.

Despite marketing and IT departments both playing pivotal roles in a business’s success, there is often a disconnect between the two. For example, if a marketing team is operating on an online platform without the IT department knowing and no security measures are in place, the company could encounter several cyber-threats.

If an IT security team knows what assets are being used by the company’s marketing team, then it can be vigilant and prepare against common and recorded attacks that have occurred in those areas. Businesses can then consider taking additional steps to avoid the detrimental impact cyber breaches can have on reputation and customers.

To read the full Charity Digital News article click here.

Page 1 of 9123...Last