Running a charity in the UK comes with significant legal and regulatory responsibilities. While the primary focus is always on delivering the charitable mission, neglecting compliance can lead to reputational damage, loss of funding, and even personal liability for trustees. This guide walks through the core obligations and provides practical steps to keep your charity on the right side of the law.
Charities operate within a framework designed to protect beneficiaries, donors, and the public interest. Meeting these standards is not just a box-ticking exercise—it directly influences your ability to attract grants, corporate partnerships, and public support. Whether you are setting up a new Charitable Incorporated Organisation (CIO) or reviewing an established charitable company, a clear operational guide helps everyone involved understand their duties.
Understanding the UK Charity Legal Framework
The Charity Commission for England and Wales is the principal regulator. Its guidance sets out what is expected of every registered charity. The core piece of legislation is the Charities Act 2011 (as amended), which consolidates much of charity law. In Scotland, the regulator is OSCR, and in Northern Ireland, the Charity Commission for Northern Ireland—each with equivalent rules.
For wider context, read How To Set Up Corporate Volunteering Scheme Sme, Local Csr Strategies How Smes Can Support Community Non Profits, How To Organise A Successful Workplace Fundraising Event Tips For Uk Employers, How to Organise a Charity Event in the UK: A Step-by-Step Guide.
A charity must be established with exclusively charitable purposes that fall within the list defined by law. The governing document—whether it is a constitution, trust deed, or articles of association—must clearly state those purposes and outline how the charity will be run. Registration is compulsory once annual income exceeds £5,000, though smaller charities can register voluntarily. Even unregistered charities must comply with many of the same legal principles, including acting in accordance with their governing document and ensuring funds are used for charitable purposes only.
Key structural options include:
- Charitable Incorporated Organisation (CIO): A corporate body with limited liability, designed specifically for charities. Offers a simpler filing regime than a company.
- Charitable Company Limited by Guarantee: A company registered with Companies House and the Charity Commission. Subject to both company and charity law.
- Unincorporated Association: A traditional structure for smaller, membership-based groups, but trustees may face personal liability for contracts.
- Charitable Trust: Governed by a trust deed, common for grant-making foundations.
Choosing the right structure affects reporting duties, liability, and how you can enter contracts. It is worth reviewing your structure if your charity has grown or changed activity.
Key Compliance Areas for Charity Operations
Financial Reporting and Annual Returns
All registered charities must prepare annual accounts and a trustees’ annual report. The format depends on income and whether the charity is a company. Charities with gross income over £25,000 must have their accounts independently examined or audited (thresholds rise for larger charities and those with assets). The annual return—a separate online filing to the Charity Commission—must be completed within ten months of the financial year-end.
Accurate financial reporting demonstrates transparency. Errors or late filing are red flags for regulators and can discourage donors. Even smaller charities should adopt basic bookkeeping discipline from the start. Use designated charity bank accounts, keep receipts, and reconcile accounts monthly. Many charities engage a specialist charity accountant or use cloud accounting software with charity-specific templates.
Fundraising Regulation
Fundraising is heavily regulated to protect the public from undue pressure and to ensure funds are used properly. The Code of Fundraising Practice applies to all forms of fundraising, from street collections to online crowdfunding. The Fundraising Regulator oversees compliance and handles complaints. Charities must also follow rules set by the Advertising Standards Authority if they run promotional campaigns.
Specific compliance points include:
- Licensing: House-to-house collections and street collections usually require a licence from the local authority.
- Commercial Participators and Professional Fundraisers: If you use an external agency, there must be a written agreement meeting statutory requirements. These agreements must state how much of the donation goes to the charity.
- Gift Aid: Ensure you understand the rules for claiming Gift Aid, including donor declarations and record-keeping. HMRC can claw back incorrect claims.
- Online platforms: JustGiving, GoFundMe, and similar platforms have their own terms, but the responsibility for compliance remains with the charity.
Regular trustee oversight of fundraising methods and returns is essential. A fundraising sub-committee that reports to the board can help manage the detail.
Data Protection and GDPR
Charities hold sensitive personal data about donors, beneficiaries, staff, and volunteers. UK GDPR and the Data Protection Act 2018 impose strict obligations. The Information Commissioner’s Office (ICO) has fined charities in the past for misusing donor data and sending unlawful direct marketing. Key requirements:
- Register with the ICO if you process personal data (most charities must, and the fee is tiered by size).
- Have a clear privacy notice explaining what data you collect and why.
- Obtain valid consent for email and telephone marketing; rely on legitimate interests only after careful balancing.
- Keep data secure with appropriate technical measures (encryption, access controls, staff training).
- Report data breaches to the ICO within 72 hours where there is a risk to individuals.
Data protection should be a standing agenda item at trustee meetings. Assign a data protection lead, even if it is not a full-time role.
Safeguarding and Duty of Care
Any charity working with children, young people, or vulnerable adults must have robust safeguarding policies in place. The Charity Commission expects trustees to ensure that adequate procedures exist, even if the charity does not directly deliver frontline services. This includes safe recruitment, training, and clear reporting lines for concerns.
Beyond legal liability, safeguarding failures cause immense reputational harm. Insurers often require evidence of policies and training before providing cover.
Trustee Duties and Governance Best Practice
Trustees are the charity’s decision-makers and bear ultimate responsibility for compliance. Under charity law, trustees have six core duties:
- Ensure the charity is carrying out its purposes for the public benefit.
- Comply with the charity’s governing document and the law.
- Act in the charity’s best interests.
- Manage the charity’s resources responsibly.
- Act with reasonable care and skill.
- Ensure the charity is accountable.
In practice, this means holding regular board meetings, keeping minutes, managing conflicts of interest, and reviewing risks. The Charity Governance Code provides a framework for good practice, covering areas such as board composition, effectiveness, and integrity. While the Code is voluntary, following it can help demonstrate to the Commission that governance is taken seriously.
Trustees should also be aware of the disqualification rules. Certain criminal convictions, bankruptcy, or removal from a company directorship can automatically disqualify someone from acting as a trustee. The Commission can issue waivers in some circumstances, but acting while disqualified is a criminal offence.
Practical Steps to Maintain Ongoing Compliance
Compliance is not a one-off project. Embedding it into the operational rhythm of the charity avoids last-minute panic. Consider these steps:
- Create a compliance calendar: Map key deadlines—annual return, accounts filing, ICO renewal, licence renewals—and assign ownership to a named person or committee.
- Schedule regular trustee training: Trustees should receive induction training and updates on legal responsibilities. Many local infrastructure organisations offer low-cost sessions.
- Conduct an annual governance review: Use the Charity Governance Code self-assessment to identify gaps.
- Document policies and procedures: Even a small charity should have written policies for conflicts of interest, data protection, safeguarding, and reserves. These documents protect trustees and provide clarity for staff.
- Seek independent review: Rotate independent examiners or auditors periodically. Fresh eyes can spot issues early.
Engaging a part-time or shared compliance resource, such as a charity solicitor or governance consultant, can be cost-effective. For larger charities, a dedicated governance manager may be justified.
The Business Case for Robust Compliance
Beyond avoiding regulatory action, strong compliance makes commercial sense. Grant-making bodies and corporate partners increasingly demand evidence of good governance before committing funds. Many councils and NHS commissioners require charities to demonstrate compliance as part of procurement processes. An
Practical takeaway
UK organisations should compare options against their own buyers, budgets and operating priorities. A clear brief, a realistic implementation plan and regular review will usually matter more than chasing novelty.