On 26 April 2023 the Charity Commission issued updated guidance to support charities against increased security risks, in light of new research showing that 24% of charities experienced a cyber attack in the last 24 months.
The guidance is substantially enhanced from its previous iteration in 2012, and calls for charities to check their financial controls to protect against risks, including those presented from technology including Google Pay, Apple Pay, and donations received via crypto-assets such as cryptocurrency and NFTs, in light of the digital era.
Risks from cryptoassets include vulnerabilities to theft by hackers, unpredictable changes in value, and a lack of regulation and protection from the Financial Services Compensation Scheme, or the Financial Conduct Authority in the event of financial mishap.
This should clearly be an area of focus for charities; per the Kreston Charities Report 2023, which revealed that whilst over 80% of charities surveyed are generally well equipped to deal with cyber security issues, only just over half of those have cyber insurance in place. The report also revealed that 58% of charities are taking steps to increase their cyber security training among staff to ensure they can safeguard against cyber threats.
Aside from the new risks, the regulator has also expanded its existing advice surrounding traditional risks, best practice guidance about internal financial controls for hospitality and gifts, and have also updated their checklist for reviewing a charity’s internal financial functions, including financial control best practice around audit functions, the use of audit committees, and preparing accounts and annual reports.
You can read the Charity Commission’s updated guidance in full here.
If you missed our webinar delivered by representatives from the Kreston Charities Group, you can catch up with it here.