Summer Risk Update for Charities
Our quarterly newsletter of charity regulatory updates, risk insights and guidance. News from Access, ways of working, technology risk trends.
Welcome to our quarterly update from Access Insurance. This time we cover:
- News from Access: Part of the Benefact Group
- Cyber risk
- Change management & risk assessment
- Ways of working
- Risk Updates across the sector
- New from charities.network
News
NEWS FROM ACCESS
Nominations for Charity Heroes Awards and Movement for Good
At the beginning of the year we joined the Benefact Group. Whilst there are no changes for customers as a result, there are several initiatives that the Benefact Group has that may be beneficial for our clients and the wider charity sector.
Who are the Benefact Group?
Owned by Benefact Trust, Benefact Group is an international group of financial services businesses that gives all available profits to charities and good causes. They have given over £200 million to charities since 2014, and give much of it through the annual giving programme — Movement for Good.
Movement for Good
Many charities will be familiar with the Movement for Good campaign, a giving programme run by the Group, where anyone can nominate a charity to receive a donation of £1000.
Charity Heroes Awards — NEW for 2024
A new initiative from the Benefact Group, sees a new awards ceremony that celebrates charities and their leaders’ amazing work. We are supporting the Charity Leader of the Year Award Category. You can find more about how to enter here. Entries close 26th July 2024.
Charity & Fundraising Support Hub
The Group runs webinars throughout the year in addition to creating guides and templates to help charities with fundraising, funding bid writing and much more. You can view the Charity Support hub here.
Ecclesiastical Free Risk Maturity tool
Ecclesiastical has launched a new Risk Maturity Assessment tool aimed at helping organisations improve their risk maturity — their ability to manage risk effectively.
The tool is free for any organisation to use and is designed to help them understand where improvements can be made in their risk management approach.
It involves completing a series of questions across ‘3 pillars’: Governance, Processes, and Resources. These cover risk management areas such as policies, processes, culture, training, and insurance, among others.
Once completed, a maturity risk score is generated, which could be ‘developing’, ‘integrating’, ’embedding’ or ‘optimising’. Additionally, it provides a bespoke action plan that lists the areas of improvement to move towards the higher risk maturity levels.
Sign up to use the free tool here: https://www.ecclesiastical.com/risk-management/enterprise-risk-management/risk-maturity-assessment/
Risk Insights
CYBER
What risk does AI pose to your charity?
AI is becoming more prevalent in the tools and software organisations use. The use of AI Chatbots has become something of a trending topic.
Whilst AI presents opportunities to increase productivity for the individual and the organisation, due to the early nature of regulation and governance it does pose a number of risks. The same technology is unfortunately being used to exploit vulnerabilities and increase cyber attacks, both new and old.
One issue is the problem of unauthorised AI use within charities and businesses, as highlighted in CSO’s article “Unauthorised AI is eating your company data, thanks to your employees”. Many employees, in their pursuit for efficiency, are turning to publicly available AI tools without proper due diligence as to what data is being exposed or input.
Another newer concern is the threat of AI system poisoning, as discussed in the CSO article “AI poisoning is a growing threat — is your security regime ready?”. This emerging risk involves malicious actors manipulating the data used to train AI models, potentially leading to biased or harmful outputs. As organisations increasingly use AI for decision-making and automation, the integrity of these systems becomes crucial.
These AI-specific challenges are exacerbated by longstanding cybersecurity issues such as poor password management, lack of employee training, and failure to keep software updated. These basic security steps can provide entry points for attackers looking to exploit systems and accounts.
Its more important than ever for leaders to look at AI and cyber-risk together as it is very much a governance issue and not just an IT one.
CHANGE MANAGEMENT
Managing the risks of change
Adapting to change is hard for any organisation, as we tend to be averse to change due to the risk involved. Yet, as we’ve seen in the last few years, necessity can force big changes that we must navigate to survive and thrive. Change not only poses risk for charities though, but opens up many opportunities.
Managing change usually comes down to 4 key points. Reasoning why. Then, planning, implementation and communication. The latter is a component of every stage to be effective.
Risk management is also a key facet of every stage. It tackles the risks head-on that could later be the cause for resistance. So, including risk management at each stage of the process can help foster a better culture of change.
The primary risk considerations are:
- Acting in the best interests of the charity.
- Performing a thorough risk assessment in consultation with key stakeholders.
- Developing a contingency plan should things not go as expected.
- Supporting the people and systems affected by the change.
- Implementing financial controls so you don’t expose the charity’s assets or reputation to undue risk.
This article will go through the risk considerations involved at each step of the change management process.
WAYS OF WORKING
Risks of sharing offices
We shared some of the risks with ACEVO to be assessed when considering sharing an office.
Hybrid working
An interesting piece by Zoe Amar for Third Sector on how hybrid working is going for charities.
Updates across the web
We’ve curated some recent updates and resources from around the web that will be useful for charity risk managers, trustees and leaders.
LEGAL
New guidance, regulation, laws and bills
The new Procurement Act 2023: Bates Wells Roundup
What’s new in employment law 2024: Bates Wells Roundup
Accepting, refusing and returning donations: Charities Commission guidance
Compliance for churches
Edward Connor have put together a comprehensive compliance checklist for churches so you can work your way through the different areas of law that apply to churches and make sure you’re complying where you need to.
SAFEGUARDING
Safeguarding for trustees
ThirtyOneEight on safeguarding for trustees: Read the guide
FINANCIAL
Fraud risk
Protecting your charity from fraud: ACEVO article
Update on construction material costs and underinsurance
Construction material costs have stabilised since 2023, with overall inflation rates easing. The latest forecasts predict building costs will rise by approximately 3% in 2024, a significant decrease from the double-digit inflation rates seen in previous years. Read more here.
POLICIES & PROCEDURES
Cookies
Using advertising cookies? Read this ICO guidance
CYBER & DIGITAL RISKS
Data Protection and Digital Information Bill
This bill has been dropped entirely as a consequence of the announcement of the general election.
Ensuring your bulk email senders are secure
This update is about making your email domain for bulk sending/newsletters more secure; something that Gmail and Yahoo email inboxes have started to require. This article by Dmarcian explains. Dmarcian have a free checker tool to see if you have the domain records required/advised for a secure email sending domain.
SECURITY
Closure of BT Redcare
Some of our large charity clients will know that BT Redcare has announced earlier this year the closure of all Redcare operations from 1st August 2025. An update at the beginning of June, announced that AddSecure will step in as a partner to take on the responsibility of managing customer relationships with alarm receiving centres currently using BT Redcare’s Next Generation portfolio of alarm signalling devices. This collaboration with AddSecure will continue support for BT Redcare Next Generation fire and security alarm signalling services in the UK. Also, BT Redcare customers using legacy products will have the option to upgrade to the next gen portfolio with AddSecure.
Customers of Redcare, particularly those who have policies that stipulate using Redcare, will need to act sooner rather than later to check whether any proposed alternative signalling alarm systems are acceptable under their policy. Please speak to us and we will check with your specific insurer’s stance.
TERRORISM RISK
Update on Martyn’s Law — Terrorism (Protection of Premises) Bill:
After revising their approach for Standard Tier venues (capacity of 100–799 people), which likely will include many churches, places of worship, education & childcare venues, conference centres, theatres and community halls, the government consulted the public earlier this year on their current proposals for Standard Tier venues.
The current revised proposals remove the focus from an evaluation form completion and formal mandatory training to putting in place proportionate procedures for the following:
- Evacuation — how to get people out of the building.
- Invacuation — how to bring people into the premises to keep them safe, or move them to safe parts of the building.
- Lockdown — how to secure the premises against attackers, e.g. locking doors, closing shutters and using barriers to prevent access.
- Communication — how to alert staff and customers and move people away from danger.
We will wait to see how this Bill moves forward. See our updated blog here.
Charities Network
CHARITIES NETWORK ISSUE 26
Our latest issue looks at how charities can address financial literacy among trustees and charities, as well as looking at the risks and benefits of alternative funding streams.
CHARITIES NETWORK ISSUE 25
A look at avoiding vanity metrics in reporting impact, as well as case studies and examples of impact reports.
We hope you will find these insights useful. Get in touch with our team at accessinsurance.co.uk if you would like to speak to one of our charity specialist insurance advisers.