This browser is not actively supported anymore. For the best passle experience, we strongly recommend you upgrade your browser.


| 3 minutes read

Charities – do you have cyber-security sense?

Recently, the Charity Commission published updated guidance in relation to internal financial controls for charities. The purpose of the guidance is to ensure that charities implement a robust set of controls to minimise the risks of fraud and financial mismanagement occurring. By failing to adopt and implement such controls, a charity could detrimentally impact its finances and reputation.

The guidance has been updated to bring it in line with technological developments that have now resulted in charities handling donations of cryptoassets, which are particularly susceptible to instances of cybercrime, such as hacking. This issue in particular is something that charities should be cognisant to when handling such donations, particularly as the cyber security breaches survey 2023 reported that UK charities have experienced an estimated 785,000 instances of cybercrimes.

Updated guidance – important takeaways

Handling cryptoassets

Cryptoassets are a digital representation of value, with cryptocurrency being an example of this. Cryptocurrency is a type of digital or virtual currency that can be used when entering into transactions which are then recorded on a public ledger known as a blockchain. Save the Children and Edinburgh Dog and Cat Home are examples of charities that accept cryptocurrency donations.

For charities, the risks of handling and accepting cryptoassets stems from the issues that come with tracing donors due to being able to anonymise donations. In addition, the lack of regulation that governs dealing with cryptocurrency means that charities are less likely to be able to access support from the financial conduct authority to rectify problems that may arise.

To this end, some key recommendations from the guidance that charities should adopt include:

  • implementing a policy on handling (accepting, refusing and using) cryptoassets;
  • if a cryptowallet is used to receive donations, ensure that this system is compliant with UK regulations and appropriately registered with the Financial Conduct Authority (FCA) where required;
  • ensuring adherence to HMRC’s guidance on the taxation of cryptoassets; and
  • ensuring that accurate records of donations, storage and use of cryptoassets are maintained.

The Fundraising Regulator issued a statement on cryptocurrencies and Non-Fungible Tokens (NFTs) last year. The statement highlighted the relevant aspects of the Code of Fundraising Practice which provided a useful framework for considering whether the acceptance of cryptocurrencies or engaging with NFTs is in the interests of your charity.

Accepting and providing hospitality

Whilst not related to cryptocurrency a further new section has been added to the guidance in relation to hospitality. The new guidance as a whole deals with financial controls more generally.

Charities need to justify instances of hospitality, whether it is given or received and hospitality cannot be detrimental to the beneficiaries or reputation of the charity.

The guidance notes that when faced with situations involving hospitality, charities need to consider how the hospitality will assist in delivering their work, whether it is reasonable, whether there is potential for more than an incidental personal benefit to arise and finally whether it could create any reputational risks for the charity.

The Charity Commission notes that charities should implement a policy in relation to hospitality that applies to and is understood by everyone and provides for:

  • a scope of acceptable limits on hospitality;
  • ensuring that records are maintained for hospitality that is given, accepted, or refused, which also should be noted on the charity’s register of interests if this is in relation to trustees; and
  • a prohibition on accepting hospitality which is or could be viewed as a bribe, a corrupt payment or securing preferential treatment.

Public collections and fundraisers

Again, not relating to cryptocurrencies, the guidance has also been updated regarding the handling of donations at fundraisers or collections. Where possible, charities are encouraged to process card payments rather than accept cash payments to minimise theft or fraud risks. However, if cash payments are collected at fundraisers, some of the Charity Commission’s recommendations include:

  • keeping records of when the collection boxes are given out and handed back in;
  • ensuring at least two people handle and record cash payments;
  • banking the payments as soon as possible; and
  • regularly opening and counting the contents of the collection box.

Charity trustees should have regard to the updated checklist provided by the Charity Commission to review the current internal financial controls they have in place and identify where further measures should be implemented in order to minimise risk

For more information

For more information on cryptocurrency within charities, please contact Natalie Barbosa.