← Back to all briefings
Governance 5 min read Published Updated Credibility 40/100

Governance Briefing — July 1, 2025

Charities with FY2024 year-ends must submit the Charity Commission’s 2025 annual return by 1 July, showing trusteeship governance, risk controls, and evidence-backed reporting on beneficiaries, funding, and safeguarding.

Zeph Tech Research Lead

Research lead, Zeph Tech

Timeline plotting source publication cadence sized by credibility.
2 publication timestamps supporting this briefing. Source data (JSON)

Executive briefing: Charities in England and Wales with financial years ending between 1 January and 31 December 2024 must complete the Charity Commission’s 2025 Annual Return by 1 July 2025 (or ten months after year-end if later). The return builds on the expanded 2023 question set, requiring granular disclosures on income streams, overseas activities, safeguarding, and serious incident management. Trustees are personally accountable for the accuracy of submissions. This briefing sets out the governance controls, evidence packs, and reporting workflows needed to deliver a complete return and withstand Commission scrutiny.

Trustee accountability and governance map

The board must approve the annual return before submission. Document a governance map assigning responsibility for financial reporting, safeguarding, fundraising, overseas programmes, and serious incident reporting. Ensure committees such as audit and risk, safeguarding, and finance have updated terms of reference capturing annual return oversight. Maintain trustee declarations confirming understanding of duties under the Charities Act 2011 and the Charity Governance Code.

Data ownership and evidence management

Create a data responsibility matrix for each section of the return—financials, staffing, volunteers, grants, investments, property, and risk management. Identify data owners, source systems, validation checks, and sign-off requirements. Build an evidence room containing supporting documents: signed accounts, management letters, bank reconciliations, fundraising policies, safeguarding logs, risk registers, and overseas due diligence files. Version-control documents and record approval dates.

Financial and funding disclosures

The 2025 return asks charities earning over £500k to break down UK and overseas income, government grants, and restricted funds. Ensure finance teams reconcile return figures to audited accounts, management reports, and SORP note disclosures. Maintain workpapers showing calculations, exchange rates, and allocations between restricted and unrestricted funds. Capture trustee approval of funding mix analysis and plans to manage financial sustainability risks.

Safeguarding and serious incident reporting

Charities must confirm whether safeguarding policies meet Commission guidance and disclose serious incidents. Maintain up-to-date safeguarding policies, training records, DBS check logs, and incident registers. Document how the charity assessed which incidents were reportable, including legal advice, escalation to trustees, and notifications submitted. Provide the board with quarterly safeguarding dashboards summarising incidents, investigations, and corrective actions.

Overseas activities and partner due diligence

The return requires detail on overseas programmes, expenditure, partners, and controls over funds. Maintain due diligence files on overseas partners, including anti-money laundering checks, governance assessments, contracts, and monitoring reports. Store evidence of fund transfers, bank reconciliations, and programmatic impact reporting. Capture field visit notes, risk assessments, and mitigation plans for high-risk locations.

Staffing, volunteers, and governance questions

Document headcount, volunteer numbers, senior staff pay bands, and trustee recruitment processes. Maintain HR records showing job descriptions, pay decisions, and conflicts of interest registers. For volunteer management, retain safeguarding training logs, supervision plans, and recognition policies. Ensure trustee induction materials and annual appraisal summaries are accessible for evidence purposes.

Risk management and internal control

Charities must describe their approach to risk management. Update risk registers to align with categories in the return—financial sustainability, cyber security, safeguarding, fraud, and reputational risk. Document mitigation controls, assurance activities, and board reviews. Include internal audit reports, external reviews, or consultancy assessments that evaluate risk frameworks. Provide the board with annual risk deep dives and evidence of challenge.

Serious incident and regulator engagement

Maintain a log of all serious incident reports made to the Commission in the financial year, including outcome status. Document other regulator interactions (e.g., Fundraising Regulator, Information Commissioner’s Office), responses, and remediation. Evidence board oversight of regulatory correspondence and ensure the annual return narrative aligns with previously submitted information.

Technology and reporting workflow

Configure project management tools to track annual return tasks, dependencies, and deadlines. Implement data validation scripts to check totals, currency conversions, and mandatory fields before submission. Use secure document collaboration platforms with audit trails. Assign a submission manager responsible for compiling data, coordinating reviews, and uploading evidence as needed. Conduct a rehearsal submission to identify technical issues with the Commission’s online portal.

Internal assurance and external audit linkage

Coordinate with external auditors to confirm alignment between audited accounts and annual return figures. Request management letters addressing control weaknesses, and document remediation progress. Internal audit or an independent reviewer should test selected data points (e.g., overseas expenditure, safeguarding statistics) and report findings to the audit committee. Retain evidence of management responses and closure of recommendations.

Trustee communications and approvals

Schedule board meetings in May and June to review draft returns, challenge assumptions, and approve submission. Provide trustees with briefing packs summarising key disclosures, variances from prior year, risk hotspots, and emerging regulatory themes. Capture questions asked, clarifications provided, and actions agreed. Obtain trustee sign-off minutes and include them in the evidence pack.

Public reporting and stakeholder engagement

The annual return feeds into the public register of charities. Align messaging across the trustees’ annual report, website updates, and supporter communications. Prepare Q&A materials addressing potential media or donor questions, especially if the return reveals financial pressures, safeguarding incidents, or governance changes. Document stakeholder engagement plans and monitor feedback.

Fundraising governance and regulatory alignment

Where the charity undertakes public fundraising, lotteries, or corporate partnerships, ensure the fundraising policy reflects Fundraising Regulator guidance, stewardship of supporters, and controls over third-party fundraisers. Maintain agreements, monitoring reports, and payment reconciliations. For corporate donations or sponsorships, document due diligence on donors, ethical screening outcomes, and trustee approval of higher-risk arrangements. Align annual return disclosures on fundraising agencies with evidence packs to avoid inconsistencies.

Digital and data protection considerations

Annual return questions on digital fundraising and online services require assurance over cyber security and data protection. Maintain GDPR compliance evidence—records of processing, DPIAs, breach logs, and ICO correspondence. Document cyber resilience measures such as MFA, backups, phishing training, and penetration tests. Link these controls to risk register entries and trustee oversight to demonstrate a coherent governance approach across digital operations and beneficiary data.

Next steps and timeline

By April 2025, finalise financial statements, reconcile data sources, and populate draft return templates. In May, complete safeguarding and overseas due diligence reviews, logging outstanding actions. June should focus on trustee review, internal assurance testing, and portal data entry. Submit the final return ahead of 1 July, retain confirmation receipts, and schedule a lessons-learned session to refine controls for the next cycle.

Timeline plotting source publication cadence sized by credibility.
2 publication timestamps supporting this briefing. Source data (JSON)
Horizontal bar chart of credibility scores per cited source.
Credibility scores for every source cited in this briefing. Source data (JSON)

Related briefings

Curated signals from the same pillar or overlapping topics.

Continue in the Governance pillar

Return to the hub for curated research and deep-dive guides.

Visit pillar hub

Latest guides

  • United Kingdom
  • Nonprofit governance
  • Trustee oversight
  • Regulatory reporting
Back to curated briefings