The trustees' role in managing charity risk
30/10/2019 » download PDF copy for later
The Charity Commission provides not only regulation but also guidance on the role and responsibilities of trustees in its overview document ‘The Essential Trustee’ (CC3). The document highlights 6 main trustee duties represented in this simple jigsaw graphic:
You should familiarise yourself with this document - trustees who act in breach of their legal duties can be held responsible for the consequences that follow and any costs incurred by the charity as a result.
What’s clear from reading the guidance is that the assessment and management of risk, together with taking external advice where appropriate, is viewed seriously by the Commission.
So let’s look at how trustees are expected to deal with risk – something that is consistently woven through these main trustee duties…
It’s fairly obvious from the jigsaw graphic which 3 headline duties cover the trustees’ role in risk assessment/management:
- Act in your charity’s best interests
- Manage your charity’s resources responsibly
- Act with reasonable care and skill
The Commission has broken these down further to show exactly what they mean. There’s plenty of detail in the CC3 document but below is an at-a-glance version they’ve created for ease.
You can see what the Commission defines as the trustee’s obligations under each duty. How many do you identify as relating directly to the assessment and management of charity risk? Hover over for answers..
Act in your charity’s best interests
Make balanced and informed decisions
This is an over-arching principle when we consider the trustee’s wider governance role.
The Commission expects trustees to act in good faith; to ensure you are sufficiently informed; to take any advice you need; and to take account of all the relevant factors you’re aware of, before making decisions.
You’re aiming to collectively decide on what is best to do to enable your charity to “carry out its purposes both now and for the future”.
This duty is about being open to challenge the status quo and not simply carry on doing what you’ve always done just because that may be the easiest route.
It requires fresh thinking or regular analysis so that conscious decision-making happens and means identifying when external advice is needed to help you get there.
It also means long-term planning, not just looking at the immediate future.
In relation to your insurance provision that consideration might simply be ‘Do we save £*** here when it could cost us £xx,xxx there?’.
As things stand, do you automatically renew your insurance cover year-in-year-out or do you make sure that you take advice on your needs periodically? Are you aware of the extent of your protection and where any gaps are?
Manage your charity’s resources responsibly
The first responsibility the Commission highlights under this duty is managing risks, protecting assets (reputation) and people. This is further defined in the guidance - “avoid exposing the charity’s assets, beneficiaries or reputation to undue risk”.
All charities face risks of one kind or another – potential perils that may or may not occur, with different degrees of harm attached. Don’t forget some risks are worth taking because the potential gains outweigh their likelihood or seriousness. Emphasis here is on the word “undue” – meaning disproportionate or excessive.
The key is not to avoid risk altogether but to recognise it (identification), consider the probability versus the impact or cost (analysis) and put management controls or remedies in place (treatment).
The treatment options are one or more of: avoid the risk, mitigate/reduce the risk, transfer the risk, accept the risk.
Deciding to transfer risk usually means arranging charity insurance so that the effects of a failure are covered – the losses, legal defence costs and resulting awards.
Protecting assets and reputation
Protecting your assets, which may be property or money (or something intangible such as your reputation), marries with getting the resources your charity needs.
Essentially, charity insurance provides practical, financial and reputational help for insured incidents thus protecting your finances from losses or increased costs, ensuring the survival of your organisation and safeguarding your assets so they can continue to work for you.
If you’ve decided to transfer some risk in this way you’ll want to be sure that your cover:
1) has adequate financial limits to cover the size of your financial risks (costs and losses);
2) provides all the replacement, repair, reimbursement, restitution you’ve identified you’ll need; and
3) represents value for money with the premium ie. quality versus cheapness (better stewardship of charity funds).
Budgeting is important too – a charity can only succeed in meeting its aims if it manages its money and other resources properly. Aside from the statutory insurance requirements if you’re engaging staff and/or volunteers, choosing insurance for some risks is purely a cost versus benefit judgment decision for trustees to make.
In deliberating the efficacy of insuring against the effects of some risks remember that insurance provides some additional practical help in certain scenarios. Your insurance advisor can explain this as it applies to your own situation, but cover can include (among other things) some reputational assistance too.
“It takes 20 years to build a reputation and five minutes to ruin it.
If you think about that you’ll do things differently”.
If you find yourself on the end of financial fraud or a data security breach or an abuse claim, for example, you will be concerned about the effects on donor, beneficiary and public trust in your work. The good news here is that your insurance programme can be structured to include PR & reputational assistance to help manage communications following such an event.
Charities must ensure their beneficiaries and others who come into contact with the organisation do not, as a result, come to harm.
We tend to think of severe physical/mental/emotional harm but of course there are different degrees of harm and the Commission would expect you to consider all those you interact with and what risks may exist.
If you are working with young people or vulnerable adults - they may or may not be experiencing, or are at risk of, abuse or neglect - there is specific additional guidance available from the Charity Commission and you’ll need to have robust policies and procedures in place if that’s what you do.
It’s more likely however, that as part of its activities, your charity is offering advice of one kind or another which could result in financial or other harm to somebody relying on that advice. Trustees should make a clear assessment of this risk and decide whether further protections are needed.
Should an allegation be made against the organisation or a staff member your charity is going to incur defence costs before liability is even proven. Could charity funds support these legal fees without having a detrimental effect on your work?
You can make provision for all of this in your insurance cover and therefore responsibly manage these risks further – insurance alone won’t protect you from the likelihood of an incident but it will protect you from many of the resulting effects.
Getting the resources your charity needs
Sound financial planning includes consideration of the likelihood and impact of financial loss or increased costs and links closely therefore to risk transfer decisions.
You’d be surprised how often we hear the argument “We’re too small to need insurance”. Now, that may be the case with regard to employer’s liability cover and if your activities are so straightforward that there’s no public liability exposure and you’re doing nothing more than signposting users to the available resources (without offering any advice).
However, if the “We’re too small…” argument is your collective position after having identified risks that you can’t avoid or reduce, you could be seen to be acting against a number of these principles. It would be prudent to document your decision and rationale in case that’s ever challenged as part of an investigation.
Remember, insurance and other financial matters are not solely the treasurer’s domain either. All trustees should be involved as all are responsible for the charity’s money.
Having and following appropriate controls and procedures
You should have robust and effective controls in place to protect the charity, including from financial crime such as theft and fraud. You can insure against the effects of many things but insurers will expect you to have preventative measures in place too. Insurance augments your risk management - it is not intended as a substitute for good and safe practice.
Managing property (land & buildings)
This is an obvious one and the Charity Commission is explicit in its guidance that if your charity owns or rents land or buildings you and your co-trustees should make sure the charity has sufficient insurance – and that’s the qualifier! How can you know whether the insurance is sufficient unless you review it from time to time?
If your property is the vehicle for generating charity income (eg. village halls, community centres, community land, charity spaces, rental properties/portfolios, etc.) that’s doubly important as not only would you have to find an alternative location if something happened but there’d also be lost income to consider. Speak to your insurance provider about Business Interruption cover in any case as the protections provided against disruption are wider than just the loss of rent.
Responsibility for, and to, staff & volunteers
You and your fellow trustees have a duty of care for your people – you must comply with relevant laws including Employment, Pension, Equality, Health & Safety.
If you’re engaging workers you should also check whether you are obliged to have Employers’ Liability Insurance. This is a mandatory legal requirement in many cases and is not dependent on remuneration ie. even if using volunteers you may still be within scope. We strongly advise you to take professional advice on this from your insurance provider. Hopefully they’ve already advised you and made you compliant if that’s where you need to be.
Arguably, you and your board colleagues are your charity’s most valuable volunteers, so you should include yourselves in any considerations involving ‘people issues’.
For example, the Commission recommends that you don’t rely too heavily on individuals or leave them to their own devices for too long. This is an area of risk for your organisation, particularly because over-worked, under-valued or disconnected personnel are easier for fraudsters or cyber criminals to manipulate and socially engineer. There is also a higher risk that internal fraud could occur and, horrifically, abuse in all its forms can go unchecked. As we’ve already discovered together, these kinds of events typically cause major reputational and financial damage to charities. Some never recover!
Within boards, depending too much on an individual trustee, their skills or experience can carry risk as well - not least because something could happen to them and the charity would be stuck. There are also pitfalls if that expertise or knowledge is not particularly current or if it’s held by trustees with strong characters who are not open to challenge or appropriate questioning.
Act with reasonable care and skill
The CC3 document says trustees “must use reasonable care and skill, making use of your skills and experience and taking advice when necessary”.
Deciding when you need advice
There will be cases when it’s absolutely obvious that you need outside help. However, sometimes in the day-to-day routine of your trustee role it’s tempting to make decisions by consensus amongst yourselves without stopping to think “Actually, would it be wise to take specific advice on this, even just to protect ourselves?”.
The Charity Commission takes a dim view of organisations run in a gung-ho, devil-may-care fashion. They suggest that trustees should “recognise and acknowledge when you need advice. This is particularly important if the charity or its property may be at risk”. If ever there was a glaring endorsement that charities should take advice and review their insurance programmes periodically, this is it.
A board member may possess the specialist skills required to take care of this for you. In fact, we sometimes hear of a trustee who “used to work in insurance” and that may be fine to accept. You’ll want to just satisfy yourselves that their experience is recent and their knowledge is up-to-date. Could the industry have changed since they left it? Have the risks changed since they retired – for example, cyber crime and abuse claims are fairly new perils? Policy types and wordings are many and varied. You need someone who’s switched-on to navigate you through these waters.
Even if the trustee is currently working in insurance it’s prudent to assess whether there is potential for a conflict of interest.
You may decide on balance that it’s not fair on that individual to be responsible for advising the charity on its exposures and needs. That’s not to say you exclude them from the process altogether but perhaps you let someone else have ultimate oversight of this area. More on the Commission’s expectations on trustees acting in a professional capacity later.
The Charity Commission recognises that “most charities are more likely to obtain advice externally.” (CC3 8.2).
Being prepared in case something does go wrong
In CC3 8.3, the regulator refers to the actions you take following a problem but from these you can draw accurate conclusions concerning the goals that any advance preparations, such as insurance cover, should be designed to achieve.
Your charity insurance can be structured to deal with most of the perils/exposures you face. The right cover will prevent or minimise the overall loss and damage.
Liability policies provide defence costs and legal representation if you’re subject to court proceedings or while you go through a Charity Commission (or other statutory body’s) investigation. Remember, you’ll incur legal costs even where you’re absolutely innocent, or a claim is spurious, just to prove that there’s no case to answer.
Some policies include PR assistance post-incident to help you manage the messages to staff, volunteers, members, the public and the media to limit the impact on the charity’s reputation.
The Commission wants trustees to take reasonable steps to prevent incidents from recurring but, as you’ve seen, they’d prefer it if the incidents didn’t occur in the first place. Both your preventative and remedial measures may include reviewing your cover levels to ensure protection is there going forwards.
In the Cyber Security Breaches Survey 2019, commissioned by the Department for Culture, Media & Sport, 22% of charities (it was 52% for larger ones!) said they had been subjected to a cyber attack in the preceding 12 months. Yet, despite £9,470 being the average cost of dealing with a data loss, 29% of those chose to take no further action following their most disruptive incident (p58).
Knowing what you do now, does that sound like it meets the Commission’s guidelines on ‘review & repair’?
As a side note, the survey found that just 6% of smaller charities (but 45% of larger organisations) have specific cyber insurance in place to protect themselves from the associated costs and losses of a breach. Of the charities with the cover, 12% had needed to claim on their policy.
A mention of trustees’ personal liability
Whatever your charity’s legal form, your trustees can be held liable for any financial loss they cause or contribute to cause. Generally, the law protects trustees who have acted honestly and reasonably. However the Commission and the courts expect higher standards from trustees who act in a professional capacity. So this is an area for discussion as we highlighted earlier on – whether boards should give trustees ultimate oversight or responsibility for functions that fall within their area of professional expertise.
In relation to making insurance arrangements you might decide that independent advice is preferable.
Your charity’s Governing Document may offer some indemnity to trustees who’ve made an honest mistake but if the loss is greater than the value of the charity’s assets you could be liable for any shortfall. Your charity insurers will be able to offer you specific advice as part of your regular cover review.
To avoid personal liability the Commission reiterates that trustees should, amongst other things, take appropriate advice from a suitably qualified person when they need to and “consider whether the charity needs additional insurance” or needs to change its legal form.
Trustees Indemnity Cover is available to protect you as you carry out your duties and, as long as your Governing Document allows, can be paid for out of charity funds without being seen as a trustee benefit. Another plus is that charities can assure potential new trustees that their personal liability has been considered and catered for.
We’ve shown you how the Charity Commission is keen for trustees to ensure their charities are well-run and protected from unnecessary risk. In some cases, the Commission specifically recommends suitable insurance cover as the remedy. Carrying out an annual charity cover review to ensure that your programme is adequate, suitable and represents value for money is therefore a clear demonstration of good governance.
But it’s not all for show, arranging the right cover will prove to be a real benefit for the charity and its beneficiaries if something untoward does happen.
Trustees without the necessary in-house expertise should take advice on their organisation’s needs from a qualified insurance expert, preferably one who specifically works in the charity field.
A professional will walk you through a comprehensive review and design an appropriate solution based on your individual charity’s needs. They’ll explain your cover to you and show you how it addresses the specific risks you face as you operate. If that process doesn’t leave you absolutely confident in your protection it might be time to seek alternative advice.
To be the first to receive information like this in the future, plus occasional offers from UKCI, please subscribe to our updates - we promise not to overdo it and you can unsubscribe again at any time.