The Charity Commission has recently updated its guidance on Serious Incident Reports (SIRs) and when to report these. So what are they, and when exactly should a charity report incidents?
This area usually fills charity managers and trustees with dread but it is important to understand when you have a duty to report, as failure to do so could result in a Charity Commission investigation into your charity and a declaration of ‘mismanagement’.
Charities must report serious incidents as soon as practicable when they occur. Charities with an annual income above £25,000 also have a legal duty to confirm in their Annual Return whether they have or have not had any serious incidents that could have adversely affected the charity in that financial year.
When is an incident ‘serious’?
The Charity Commission defines a serious incident as:
“An adverse event, whether actual or alleged, which results in or risks significant loss of your charity’s money or assets; damage to your charity’s property; or harm to your charity’s work, beneficiaries or reputation”.
There has been a move towards a more objective test of ‘incidents that appear to be serious’ as opposed to a subjective test of whether the trustees consider the incident to be serious. This has largely arisen due to the Commission being concerned that too many incidents go unreported.
The most common types are frauds, thefts, significant financial losses, criminal breaches, terrorism or extremism allegations, and safeguarding issues.
Some incidents, however, will not be considered serious enough to report to the Commission (you would of course still need to address them internally and possibly report them to the police)
For example, under the category of data breaches:
- Duty to report: a charity laptop, containing personal details of beneficiaries or staff, has been stolen
- But no need to report: a charity laptop or mobile phone (not containing confidential data) has gone missing and it’s been reported to the police
How to report? Is there anything you should do first as a Trustee Board?
A charity is more likely to elicit a positive response from the Charity Commisson if the charity has conducted a timely investigation of the matter first and then made a report to the Charity Commission, which would include:
- Nature of the incident and details
- Steps the Trustees have taken to deal with the incident
- An action plan going forward on how to avoid this in the future (including possible revision of procedures)
However if the incident is very serious or high profile, then a charity must report without any delay (on the same day).
What is the likely response from the Commission?
The Commission will normally recommend the following steps:
- What the charity can do to minimise any further harm, loss or damage
- That the charity should report the matter to the police and other regulators, as necessary
- Plan what the Trustees should say to the staff, volunteers, beneficiaries and members of the public
- Review what happened and implement safeguards to prevent it from happening again
Could the report go public?
The Charity Commission is a non-ministerial government department and therefore it is subject to the Freedom of Information and Data Protection legislation. Therefore the Commission would only disclose information you report if unlawful not to do so. You can always mark your report as ‘confidential’.
Preventing and managing the risk of serious incidents occurring is a key element of good governance. Many charities are making healthy strides in tightening up their governance practices. Reading now has 10 charities that have satisfactorily completed the Safe and Sound quality award, with many others in the process. If you have not yet commenced this process or would like to find out more, please contact us for information.
Top tips for reducing risk to your charity:
- Review your governance and work towards Safe and Sound
- Adding ‘serious incidents’ as a standing item to your Trustee meetings
- Ensuring Trustees have up-to-date training on their roles and responsibilities – RVA Trustee Training on 23 January 2017
- Ensuring you are up to date on relevant legislation and practices, such as Data Protection – GDPR Data Protections workshops
- Develop a risk management strategy and review it annually
- If your charity is unincorporated, consider transferring to an incorporated structure such as a CIO
Further information and support:
Contact Herjeet, RVA Advice Worker
Phone: 0118 937 2104