Governance — United Kingdom

Charities in England and Wales with financial years ending between 1 January and 31 December 2024 must complete the Charity Commission’s 2025 Annual Return by 1 July 2025 (or ten months after year-end if later). The return builds on the expanded 2023 question set, requiring granular disclosures on income streams, overseas activities, safeguarding, and serious incident management. Trustees are personally accountable for the accuracy of submissions. this analysis sets out the governance controls, evidence packs, and reporting workflows needed to deliver a complete return and withstand Commission scrutiny.

Trustee accountability and governance map

The board must approve the annual return before submission. Document a governance map assigning responsibility for financial reporting, safeguarding, fundraising, overseas programs, and serious incident reporting. Ensure committees such as audit and risk, safeguarding, and finance have updated terms of reference capturing annual return oversight. Maintain trustee declarations confirming understanding of duties under the Charities Act 2011 and the Charity Governance Code.

Data ownership and evidence management

Create a data responsibility matrix for each section of the return—financials, staffing, volunteers, grants, investments, property, and risk management. Identify data owners, source systems, validation checks, and sign-off requirements. Build an evidence room containing supporting documents: signed accounts, management letters, bank reconciliations, fundraising policies, safeguarding logs, risk registers, and overseas due diligence files. Version-control documents and record approval dates.

Financial and funding disclosures

The 2025 return asks charities earning over £500k to break down UK and overseas income, government grants, and restricted funds. Ensure finance teams reconcile return figures to audited accounts, management reports, and SORP note disclosures. Maintain workpapers showing calculations, exchange rates, and allocations between restricted and unrestricted funds. Capture trustee approval of funding mix analysis and plans to manage financial sustainability risks.

Safeguarding and serious incident reporting

Charities must confirm whether safeguarding policies meet Commission guidance and disclose serious incidents. Maintain up-to-date safeguarding policies, training records, DBS check logs, and incident registers. Document how the charity assessed which incidents were reportable, including legal advice, escalation to trustees, and notifications submitted. Provide the board with quarterly safeguarding dashboards summarizing incidents, investigations, and corrective actions.

Overseas activities and partner due diligence

The return requires detail on overseas programs, expenditure, partners, and controls over funds. Maintain due diligence files on overseas partners, including anti-money laundering checks, governance assessments, contracts, and monitoring reports. Store evidence of fund transfers, bank reconciliations, and programmatic impact reporting. Capture field visit notes, risk assessments, and mitigation plans for high-risk locations.

Staffing, volunteers, and governance questions

Document headcount, volunteer numbers, senior staff pay bands, and trustee recruitment processes. Maintain HR records showing job descriptions, pay decisions, and conflicts of interest registers. For volunteer management, retain safeguarding training logs, supervision plans, and recognition policies. Ensure trustee induction materials and annual appraisal summaries are accessible for evidence purposes.

Risk management and internal control

Charities must describe their approach to risk management. Update risk registers to align with categories in the return—financial sustainability, cyber security, safeguarding, fraud, and reputational risk. Document mitigation controls, assurance activities, and board reviews. Include internal audit reports, external reviews, or consultancy assessments that evaluate risk frameworks. Provide the board with annual risk deep dives and evidence of challenge.

Serious incident and regulator engagement

Maintain a log of all serious incident reports made to the Commission in the financial year, including outcome status. Document other regulator interactions (for example, Fundraising Regulator, Information Commissioner’s Office), responses, and remediation. Evidence board oversight of regulatory correspondence and ensure the annual return narrative aligns with previously submitted information.

Technology and reporting workflow

Configure project management tools to track annual return tasks, dependencies, and deadlines. Implement data validation scripts to check totals, currency conversions, and mandatory fields before submission. Use secure document collaboration platforms with audit trails. Assign a submission manager responsible for compiling data, coordinating reviews, and uploading evidence as needed. Conduct a rehearsal submission to identify technical issues with the Commission’s online portal.

Internal assurance and external audit linkage

Coordinate with external auditors to confirm alignment between audited accounts and annual return figures. Request management letters addressing control weaknesses, and document remediation progress. Internal audit or an independent reviewer should test selected data points (for example, overseas expenditure, safeguarding statistics) and report findings to the audit committee. Retain evidence of management responses and closure of recommendations.

Trustee communications and approvals

Schedule board meetings in May and June to review draft returns, challenge assumptions, and approve submission. Provide trustees with briefing packs summarizing key disclosures, variances from prior year, risk hotspots, and emerging regulatory themes. Capture questions asked, clarifications provided, and actions agreed. Obtain trustee sign-off minutes and include them in the evidence pack.

Public reporting and stakeholder engagement

The annual return feeds into the public register of charities. Align messaging across the trustees’ annual report, website updates, and supporter communications. Prepare Q&A materials addressing potential media or donor questions, especially if the return reveals financial pressures, safeguarding incidents, or governance changes. Document stakeholder engagement plans and monitor feedback.

Fundraising governance and regulatory alignment

Where the charity dos public fundraising, lotteries, or corporate partnerships, ensure the fundraising policy reflects Fundraising Regulator guidance, stewardship of supporters, and controls over third-party fundraisers. Maintain agreements, monitoring reports, and payment reconciliations. For corporate donations or sponsorships, document due diligence on donors, ethical screening outcomes, and trustee approval of higher-risk arrangements. Align annual return disclosures on fundraising agencies with evidence packs to avoid inconsistencies.

Digital and data protection considerations

Annual return questions on digital fundraising and online services require assurance over cyber security and data protection. Maintain GDPR compliance evidence—records of processing, DPIAs, breach logs, and ICO correspondence. Document cyber resilience measures such as MFA, backups, phishing training, and penetration tests. Link these controls to risk register entries and trustee oversight to show a coherent governance approach across digital operations and beneficiary data.

Next steps and timeline

By April 2025, finalize financial statements, reconcile data sources, and populate draft return templates. In May, complete safeguarding and overseas due diligence reviews, logging outstanding actions. June should focus on trustee review, internal assurance testing, and portal data entry. Submit the final return ahead of 1 July, retain confirmation receipts, and schedule a lessons-learned session to refine controls for the next cycle.

See also

Selected articles on related subjects.

Governance · Credibility 73/100 · March 7, 2024

Governance — United Kingdom

Phase two of the Charities Act 2022 startd, updating rules on charity land disposals, permanent endowment, and trustee payments in England and Wales.

Governance · Credibility 73/100 · February 15, 2022

Governance — United Kingdom

The UK Charities Act 2022 reshapes trustee powers, Commission enforcement, and fundraising compliance, demanding governance updates, refreshed risk controls, and new supplier terms before phased startment dates through…

Governance · Credibility 86/100 · January 1, 2025

UK Internal Controls Code

UK premium-listed companies face new internal control disclosure requirements under Provision 29. The 2025 reporting cycle is your build year—get control inventories, testing frameworks, and evidence management in place…

Governance · Credibility 73/100 · December 16, 2024

Governance — United Kingdom

Whitehall just got a governance upgrade. The Cabinet Office's 2024 Corporate Governance Code tightens board composition rules, audit committee mandates, and transparency requirements for all central government…

Governance · Credibility 73/100 · July 17, 2024

Governance — United Kingdom

The UK PRA finalized model risk management principles in July 2024. Banks need to show they have proper model governance—risk committees, inventories, independent challenge—by 2026. If you are in UK banking, this affects…

Continue in the Governance pillar

Return to the hub for curated research and deep-dive guides.

Visit pillar hub

Latest guides

• Board Oversight Governance Blueprint

  Unify Basel Committee, PRA, SEC, and ISSB oversight mandates into an auditable board governance operating model with data lineage, assurance cadences, and regulatory source packs.

• Third-Party Governance Control Blueprint

  Deliver OCC, Federal Reserve, PRA, EBA, DORA, MAS, and OSFI third-party governance requirements through board reporting, lifecycle controls, and resilience evidence.

• Public-Sector Governance Alignment Playbook

  Align OMB Circular A-123, GAO Green Book, OMB M-24-10 AI guidance, EU public sector directives, and UK Orange Book with digital accountability, risk management, and service…

Coverage intelligence

Published

July 1, 2025

Coverage pillar

Governance

Source credibility

86/100 — high confidence

Topics

United Kingdom · Nonprofit governance · Trustee oversight · Regulatory reporting

Sources cited

3 sources (gov.uk, iso.org)

Reading time

5 min

Cited sources

1. Charity Commission guidance: Complete the annual return — Charity Commission for England and Wales
2. Charity Commission news: Annual Return 2025 changes — Charity Commission for England and Wales
3. ISO 37000:2021 — Governance of Organizations — International Organization for Standardization