2019 – the year to rebuild trust

News

2019 – the year to rebuild trust

Following the various charity sector scandals on recent years we need to make 2019 the year that the sector rebuilds public trust. At SV, we are committing to play our part in working with our clients to achieve this.
 
We believe that transparent and meaningful financial information is one way to do that. By ‘meaningful’ financial information we mean much more than SORP compliant accounts. Charities need to be thinking of their audience and tailoring their information to tell the story of how they turn the financial resources available to them into social impact. We will be supporting our audit clients to find ways of telling this story.
 
We have written and spoken a lot about fraud in the charity sector over the last couple of years. Nothing destroys trust in the charity sector more than the thought that donated funds end up being lost to fraud. We will be continuing to advocate for greater fraud awareness and effective controls in charities.
 
Finally, smart risk management processes will help build more resilient charities better placed to absorb and adapt to external shocks. We will continue to work with our clients to improve the understanding of risk and to develop more risk intelligent organisational cultures.
 
What else will be doing in 2019?
 
We are delighted to start the new year welcoming Fleur Holden as a SV partner. As many will know Fleur has been hugely successful in building our presence in the Midlands and will continue to do that in her new role.
 
Our newsletters in 2019 will continue to bring you regular updates in tax, accounting, governance and risk matters. It is entirely possible (?) that we will have a clearer idea as the year progresses on how the charity sector will be impacted by Brexit and this will surely feature in 2019 newsletters too. We are looking forward to partnering with Russell Cooke for a Brexit discussion evening in February.
 
We will soon be announcing dates and locations for 2019’s Charity Accountants Conference. We look forward to seeing many of you there and at our various training days and seminars throughout the year.

Off-payroll working in the private sector

News

Off-payroll working in the private sector

The government has announced that off-payroll working rules, known as IR35, currently only in the public sector will be rolled out to the private sector as well.

This means that the responsibility for determining whether or not a person working for your organisation should be on the payroll, rather than freelance or contracted will fall to the organisation and not the individual even if the person is hired via a personal service company.

HMRC provide an online tool to help determine if any specific person or role would be considered to be employment. The Check Employment Status for Tax service (CEST) is available here.

If you find that you should have treated persons as employed, they may then be entitled to employment benefits and both your organisation and the individual might need to pay employment taxes (income tax and NICs). As such it is important that once these rules come into effect, you are satisfied of the status of any people hired via personal service companies working for your organisation. It is already important to check this for any individuals you hire as consultants rather than as employees.

The change to include personal service companies is due to come into force from April 2020 but helpfully this will only apply if your organisation is deemed ‘non-small’.

‘Non-small’ organisations are those with two of the following:
• Income over £10.2m
• Gross assets over £5.1m (fixed assets plus current assets)
• Over 50 employees

Further guidance is expected from HMRC in due course.

VAT and digital advertising

News

VAT and digital advertising

One of the few VAT reliefs available to charities is on advertising. Charities are able to ask their advertising suppliers to invoice them with VAT at the zero-rate rather than the standard rate. However, targeted advertising (e.g. direct mail) does not fall within HMRC’s definition of advertising. HMRC has also recently decided that adverts placed on social media platforms (e.g. Facebook and Instagram) do not qualify for the relief as they are targeted based on the individual’s browsing history. Charity Tax Group has spoken to HMRC about this, arguing that HMRC is not interpreting the legislation as it was intended. HMRC has so far refused to budge on their position. HMRC set their position out as follows:
 
We have identified four scenarios where advertising takes place online. We consider the VAT treatment to be as follows.
• ‘Natural hits’ – not supplies of advertising for the purposes of item 8 – standard rated
• Pay-per-click adverts – zero rated
• Direct placements on third party websites – zero rated
• Social media adverts – standard rated

 
HMRC say they cannot give any detail on what falls into each category. Being unable to claim the VAT relief on social media advertising will result in a significant increase in irrecoverable VAT for charities, and Charity Tax Group is continuing to campaign on this issue.

Technical updates – December 2018

News

Technical updates – December 2018

Review of charities’ reserves policies
The Charity Comission reviewed charity reserves policies from a sample of 106 accounts for charities with income over £500k. 64% fully met the requirements to explain the charity’s policy on reserves, state the level of reserves held and state why reserves are held. Only 22% correctly stated the level of reserves held. The CC will recommend to the charity SORP making body that guidance on the calculation of reserves is improved.
 
Change your charity’s financial year
New Charity Commission guidance on how to change a charity’s financial year and the restrictions on changes. There are two sets of rules (1) for CIOs and unincorporated charities (2) for incorporated charities.
 
Fraud Advisory Panel help sheet: Legacy fraud
Guide for charities on legacy fraud covering what it is (charities do not receive the correct amount due), who carries it out, how it is carried out, and the basic controls, checks and warning signs for charities.
 
NCVO: Brexit and the voluntary sector, preparing for change
Considers the risks and opportunities for charities of Brexit and includes a charity Brexit checklist. The main risks are identified as economic impact, employing EU27 nationals and EU funding. The main opportunities are reform of the VAT, state aid and public procurement rules.
 
OSCR: Changes to charity accounting requirements
The Scottish Government is to update the Charities Accounts (Scotland) Regulations 2006 to bring them into line with SORP update bulletin 2. The changes will affect larger charities (income ≥ £250,000), all charitable companies, and charities that use the Housing and Higher & Further Education SORPs. Once the changes have been made, OSCR will provide more guidance.

Charities and cyber security

News

Charities and cyber security

This summary covers the findings from qualitative research with UK registered charities exploring awareness, attitudes and experiences around cyber security. A total of 30 in-depth interviews were undertaken in February and March 2017 with a range of charities by income, location and charitable area. The research was commissioned by Department for Digital, Culture, Media and Sport (DCMS) as part of the National Cyber Security Programme and carried out by Ipsos MORI.

Awareness and attitudes
Pre-existing awareness and knowledge around cyber security varied considerably across the charities interviewed. Those in charge of cyber security, especially in smaller organisations, did not feel well informed about the topic, and several noted that they had not seriously considered it before or proactively sought out any information, often leaving it to an outsourced IT provider to deal with.
In this context, there was often a low awareness of the Government support available on cyber security. This was despite the fact that the Government and other public bodies were considered as trustworthy sources of information. Some participants assumed that if the issue was important enough for them to address, they would hear about it through their established communication channels, via the Charity Commission or voluntary support bodies, such as NCVO.

In some cases, participants assumed cyber security was more of an issue for businesses than for charities. These participant assumed that businesses would be more at risk as they would be more likely to hold customers’ financial details and generally be expected to have more cash in the bank.

On the other hand, there were several instances where charities recognised the relevance of cyber security for their organisations, and this prioritisation of the issue could be traced to many things:
• holding personal data on donors or service users
• having trustees or staff with private sector experience of the issue
• meeting the standards laid out by commissioning organisations (in cases where charities were involved in Government service provision).

Approaches to cyber security
Across the charities interviewed, it was typically the case that organisations did not have internal specialist staff with the technical skills to cover cyber security. Responsibility for cyber security internally was often held by someone with a different core role, or with multiple responsibilities, such as Chief Executives or finance staff. Competing demands on time and resources – with greater focus often given to areas such as fundraising and delivery – meant that cyber security was often deprioritised and could lack investment. As a result, there was often a reliance on outsourced IT providers, as well as informal sources of support such as friends, family or other local charities.

Various participants highlighted that more could be done to raise basic awareness of cyber security among staff and trustees. However, it was uncommon to find charities that had provided cyber security training to any of their staff or volunteers. This reflected the various barriers that charities faced to providing training. Many assumed training would be expensive, and did not prioritise spending on training above other areas that might need funding, such as IT equipment upgrades. Charities also lacked the expertise to put on training by themselves – those that had done so had typically worked with outsourced providers to run training. Smaller charities also found training hard in general given that many of their trustees and staff tended to work remotely. In this context, some were interested in free or low-cost online training options.

Cyber insurance was similarly often seen as too expensive to consider. Some charities noted that they had wider insurance policies such as public liability insurance or business continuity insurance, but were not clear on whether these would cover them in the result of a cyber attack.

Perceptions and experiences of breaches
Charities were often highly concerned with potential loss of funds or of personal data on donors or service users, and these were typically seen as existential threats that helped heighten the importance of being cyber secure. By contrast, the loss of day-to-day (non-personal data) files was less of a concern, with some charities not realising the potential implications for business continuity from losing non-personal data.

Indeed, the research came across examples of charities that had incurred cyber security breaches where non-personal data were lost, and where organisations spent considerable time getting their data restored. There were also examples where charities had incurred a sizable financial cost from a cyber security breach. In these cases, it is worth noting that the experiences of breaches often spurred charities into taking action and protecting themselves against further attacks.

Finally, the research also explored reporting of cyber security breaches. While participants were confident that they would report serious breaches with a financial impact internally to trustees and to any outsourced IT providers, they were less certain of where and when they might be required to report breaches outside of this. Some mentioned reporting breaches with a financial impact to organisations such as the Information Commissioner’s Office (highlighting again the importance placed on data protection). However, none of those interviewed had heard of the cyber crime body, Action Fraud.

Conclusions
This research has highlighted that charities often see cyber security as important, and are as susceptible to indiscriminate cyber attacks as businesses. These attacks can have serious implications for charity finances and for business or organisational continuity. However, the research also flags the many barriers that charities face when it comes to engaging with the issue, including competing priorities for time and resources, and staff not necessarily equipped with the knowledge and skills to deal with the issue.

There is a need for basic awareness raising among staff and trustees, and upskilling of those responsible for cyber security – so they know the basic technical controls they can put in place. It may also help to disseminate Government information and support via the organisations with which charities already have established relationships, such as the Charity Commission. Finally, making use of private sector expertise among trustees may also help individuals within charities to champion the issue.

New Charity Commission guidance on grant funding non-charities

News

New Charity Commission guidance on grant funding non-charities

Charities can fund private entities with grants, however doing so must further the charity’s objectives, and the CC expects the charity to have appropriate processes in place for awarding and monitoring grants. The revised guidance was originally published in draft in February 2016 and has been modified in a number of areas, including the removal of a statement that non-charity core costs cannot be met by charities.

Grant-funding can create opportunities for charities to further their purposes by reaching individuals or communities that they might not otherwise be able to reach. It can benefit causes or groups which may otherwise struggle to obtain the support they need.

This can include making grants to:
• other charities with similar or overlapping purposes
• organisations that aren’t charities including social enterprises, campaigning organisations, commercial companies or public sector bodies
• organisations based overseas

Making grants to organisations that aren’t charities may present new opportunities to further your charity’s purposes. Grants can be for specific activities or services or, in some cases, to develop the organisation’s capacity to deliver activities or outcomes that will further the charity’s own purposes. Remember though, that organisations which aren’t charities don’t have to deliver public benefit or comply with charitable purposes, and may be unfamiliar with charity law requirements.

You need to understand the relevant risks and boundaries, as well as the opportunities, before you start. Any grant your charity makes must only be used to further or support your charity’s purposes, and for no other purpose. This means there will always be limits and conditions on what you can fund.

Before you decide to make any grants, you should:
• make sure you understand your own charity’s purposes
• make sure you understand and follow trustee decision-making principles
• put in place appropriate systems and procedures for making decisions about grants

Before deciding to make a grant to a particular organisation, you should:
• consider whether that organisation is a charity or not
• take reasonable steps to assess risks and carry out appropriate checks on the organisation to ensure that it is suitable for your charity to work with
• be aware that trustees remain responsible for grant decisions even if decisions are delegated, and understand where extra care may be needed

When giving a grant to another organisation, you should:
• write appropriate terms and conditions to ensure that the grant can only be used in line with your charity’s purposes, and ensure that the organisation understands and accepts them
• put appropriate monitoring arrangements in place
• know what to do if things go wrong

Find out more in this guide to decision making.