Category : Corporate News

When starting out in business there are many decisions to be made, some of which can have a significant impact on the success of the new venture. Legal issues are particularly important, and entrepreneurs should spend some time considering this aspect. In this post, we will examine some of the legal decisions facing new businesses and provide a few legal tips for startups.

Choose The Correct Business Type

One of the first steps of setting up a business is deciding on its legal operating structure. The vast majority of businesses in the UK fall under one of the following models:

1. Sole trader

If an individual starts carrying out business activities on their own, without setting up a formal business structure such as a limited company, they will automatically be classed as a sole trader. In this case, there is no legal distinction between the individual and their business. Sole traders are therefore entirely responsible for the legal aspects of their business, notably any debts incurred.

2. Limited company

Anyone starting a business on their own or jointly with other entrepreneurs can choose to set up a limited company. This puts the business on a more formal footing and requires registration with Companies House along with a range of annual filings. Crucially, a limited company is considered to be a legal entity in its own right and essentially protects the business owners from debts built up by the company (beyond their initial capital investment). The business owners of a limited company will hold shares and will often also be company directors.

3. Partnership

If two or more people set up a business together without registering it as a limited company or LLP (see below), they will automatically be classed as an ordinary partnership. Partners are considered to be jointly and severally liable for any debts and obligations of their business; each and every partner is responsible for the acts, omissions, and debts of the partnership. There is therefore no protection from liability, as would be the case with a limited company.

4. Limited liability partnership (LLP)

A relatively new type of business structure which has become increasingly popular, especially amongst professional services providers such as lawyers and accountants, is the Limited Liability Partnership (LLP). An LLP needs to be registered with Companies House and combines the benefits of limited liability for business owners with the flexibility of ordinary partnerships.

Simply-Docs has a range of documents which can help with starting a business and company formation.

Distinguish Your Employee Types

When a business requires extra resources, it will need to decide whether to subcontract out the work, bring in temps or agency workers, or take the step of employing new members of staff. It is vital to determine the status of each individual who carries out work for the business, namely whether they are:

• a contractor;
• a worker; or
• an employee.

In the case of employees and, to some extent, workers, the business will have extensive legal responsibilities including:

• national minimum wage;
• sick pay and annual leave;
• maternity and paternity rights;
• protection from discrimination; and
• health and safety duties.

Employees are entitled to receive a “written statement of employment particulars” on the first day that they start work. It’s best practice to include this as part of a more comprehensive employment contract, which outlines the various rights and responsibilities of both the employee and employer.

Simply-Docs has a variety of employment contract templates and related documentation.

Ensure The Right Agreements Are in Place

Where two or more people start a business together, they should consider putting in place relevant agreements to set out the basis of their business relationship, such as a:

• shareholders agreement – in the case of a limited company; or
• partnership agreement – in the case of a business partnership.

Although these agreements are not mandatory, they help to ensure that each party knows where they stand and can avoid potential disputes arising further down the line.

Protect Your Intellectual Property

Although intellectual property (IP) is typically associated with creative industries, most businesses have IP of one form or another, such as:

• copyright – this covers literary, dramatic, musical, and artistic works, as well as computer software and databases;
• design rights – IP can include both registered and unregistered designs;
• patents – this is a highly specialised form of IP which covers inventions;
• trade marks – these include logos, slogans, and symbols which help to build a business’s brand and distinguish their products and services from those of competitors; and
• trade secrets – although it’s not possible to register a trade secret as a form of IP, non-disclosure agreements (NDAs) can help provide protection.

It’s vital that a business understands its IP and protects it where possible to ensure that competitors don’t capitalise on, or misappropriate its work. Although some forms of IP such as copyright do not require registration, it may become necessary to enforce such IP rights using infringement notices or a cease and desist letter.

Ensure You Have the Correct Legal Support

Depending on the nature of the business, different levels of legal support may be required. Heavily regulated sectors will often need substantial advice from a law firm, particularly when starting out, and larger organisations may even have an in-house legal team. Most SMEs, however, will be able to prevent many legal headaches by putting in place suitable documentation.

Simply-Docs has a wide range of legal document templates which can help many different types of business get on top of key legal issues and avoid disputes.

FAQs

What Legal Documents Are Needed to Start a Business?

This entirely depends on the legal framework of the business, whether it has any employees or valuable IP, and the sector in which it operates. It’s worth perusing the range of legal documents available from Simply-Docs to find out if any are suitable for your particular business.

What Are Legal Issues in Business?

Legal issues in business generally involve rules and regulations set out by a range of government legislation, as well as a number of important aspects involving contracts and terms & conditions. We stay on top of the latest regulatory updates so you can rest assured that our legal documents will have you covered.

What Legal Issues Do Small Businesses Face?

Although larger companies tend to face more regulatory hurdles, SMEs are also exposed to the full gamut of business legislation, from the Companies Act 2006 to the Equality Act 2010.

What Legal Services Do Businesses Need?

The legal support requirements of each organisation are unique, depending on their size, sector, and nature of their business. Although most SMEs will require advice from a solicitor at some point, many will be able to avoid legal issues from arising, particularly if they put the right documentation in place.

New Registration Requirements for Overseas Entities Buying Land in the UK

For several years, the UK government has sought to cut property fraud and money laundering activity in the UK. One key element they have focused on is making the ownership of property in the UK more transparent. Overseas entities have sought to invest in property in UK, but the ultimate beneficial owners of these overseas entities are often not known. The proposals for an overseas entities register were put forward in a government bill in 2018, but have now been passed into law under the Economic Crime (Transparency and Enforcement) Act 2022 (“the Act”).

The Act, (which, for the main part, is not yet in force) creates a new registration requirement at Companies House for any overseas entity who:

• Is buying a freehold property or a lease (with a term of more than 7 years) in the UK; or
• Owns a freehold property or a lease (with a term of more than 7 years) in the UK, which was purchased on or after 01 January 1999.

Once the relevant provisions of the Act are in force, an overseas entity will be required to register at Companies House and provide the required information about their beneficial owners.

A beneficial owner is anyone who holds:

• More than 25% of the shares or voting rights in the overseas entity;
• Has the right to exercise, or actually exercises, significant influence or control over the overseas entity;
• Holds the right to appoint or remove a majority of the board of directors of the overseas entity.

This works on the same principle as the PSC register (people with significant control).

Once registered at Companies House, the overseas entity will be issued an overseas entity ID number. This ID will then be provided to HM Land Registry to enable land transactions to be registered.

There will be a six month transitional period from the date the Act commences for overseas entities to register at Companies House.

During this six month window, HM Land Registry will register a restriction on the registered title of land owned by an overseas entity. This restriction will limit the overseas entity’s ability to transfer, let (for more than 7 years) or charge the property unless they have complied with the registration requirements. Some exceptions will apply, but these are beyond the scope of this post.

There is a further obligation on overseas entities to ensure that the register at Companies House is up-to-date, and they will be required to update this information annually.

Failing to comply with the registration requirements under the Act can result in a criminal offence, with the penalties for non-compliance of the Act including fines and imprisonment.

We will continue to monitor this and update our portfolios if and when necessary, once the implementation dates are known and if any supporting legislation is passed following the Act receiving Royal Assent.

What is ESG About?

“ESG” stands for “Environmental, Social and Governance”. The ESG acronym is being increasingly used as a shorthand term for a wide range of issues relevant to how a business can have a net positive impact on the world and how it can demonstrate that it is having that impact.

All ESG issues relate in some way to the running and resilience of a business and what that business must do to be a “good corporate citizen”. ESG issues are usually listed under three broad headings: “Environmental”, “Social”, and “Governance”, but there is a degree of overlap between issues that fall under each of those headings.

Origin of ESG

There is a growing body of standards and requirements that regulate this area, some legally binding, others not. ESG did not come from any single source, but rather it was a development sparked by institutional investors demanding that if they are to invest in a business, it must meet certain standards in a variety of areas, depending on the type of business in question.

Being a Good Corporate Citizen

ESG establishes what a business needs to do to be a “good corporate citizen”.

A business firstly needs to comply with all measures having the force of law that are applicable to it, including statute and common law, regulatory rules, and other legal obligations or duties (see “Legal Compliance”, below). Increasingly though, legal compliance alone is regarded as insufficient, and the ESG concept embraces a good deal more.

ESG secondly recognizes that, in the interests of stakeholders (such as suppliers, customers, tenants, employees, shareholders, investors, suppliers of finance, neighbours, and the community at large), businesses should, in relation to their activities and conduct, also meet other relevant domestic (and often international) codes, standards, and behaviours, including appropriate standards of business ethics and morality, as well as others’ reasonable requirements and expectations. More widely, it also embraces “sustainability”, i.e., a business’s efforts to reduce its negative impacts and increase its positive impacts on the world around it.

Resilience

The “good corporate citizen” and sustainability aims are important aspects of ESG, but ESG is ultimately about resilience of businesses. The Covid-19 pandemic has led to an increased focus on business resilience. If a business complies with ESG “good corporate citizen” and sustainability principles, laws, and behaviours, it not only benefits stakeholders and the environment, but it also renders it more resilient, i.e., more likely to survive and succeed. In contrast, failure to comply can ultimately damage the business, its goodwill and reputation, or it can prevent it from meeting its maximum potential (see “Why should you take ESG on board?”, below).

Legal Compliance

As to ESG-related standards, codes, behaviours and other requirements which do not have the force of law, these are so numerous and wide-ranging that it would not be practicable to set out here even a small portion of them as examples. Whether any particular requirements of that nature are relevant to a business will depend on many factors including the size and type of business.

As to ESG-related obligations and regulation of businesses which do have the force of law, although they are only a part of the totality of ESG requirements, standards, codes, and behaviours, they are set to keep increasing. Such legal measures are already considerable and wide-ranging, and the following offers no more than a flavour of just a few of them that might be relevant to businesses. Such legal measures include:

• Companies Acts requirements for certain companies to issue statements and reports on dealing with various ESG issues (including climate-related, environmental, and other non-financial matters such as social and employee-related matters disclosures, as well as financial matters);
• Bribery Act;
• Modern Slavery Act;
• Equality Act;
• Health & Safety at Work Act;
• Common law obligations and duties, e.g., the law relating to negligence, nuisance;
• Consumer Protection Act (product liability);
• Environment Act, Environmental Permitting (England and Wales) Regulations, Environmental Damage (Prevention and Remediation) Regulations, Water Resources Act, and various other environment law statutes.

What is the Subject Matter of ESG?

ESG brings together disparate elements, a number of which are outlined below. The following lists include some key ESG areas, but are by no means a comprehensive listing of ESG elements. However, this does illustrate the breadth of topics falling under the ESG umbrella. Whilst a variety of separate issues fall under that umbrella, those issues are increasingly linked to each other.

It should be emphasized though that not all of the following elements of ESG will be applicable to all businesses. Whether any particular ESG element, issue, or risk is relevant to a particular business will depend on various factors including the type of business, its size, whether it is a company or is in unincorporated form, whether it has shares that are publicly traded, whether it is engaged in an activity that is highly regulated, whether it operates outside the UK, or whether it has dealings with anyone outside the UK.

Environmental Elements of ESG

This aspect of ESG focuses on improving the environmental performance of a business. It measures a business’s impact on the natural environment and the natural environment’s impact on the business, for instance, through physical climate risks. It takes into account factors including a business’s carbon footprint, its impact on biodiversity, and its production of waste and pollution. It includes the following topics:

• climate change;
• greenhouse gas emissions (in particular carbon dioxide);
• emissions to air, water, and land;
• product carbon footprint;
• pollution and waste (toxic emissions and waste, packaging material and waste, electronic waste);
• biodiversity;
• deforestation and land use;
• treatment of animals;
• energy efficiency;
• raw material sourcing;
• resource depletion (including water);
• recycling;
• environmental opportunities (clean tech, green building, renewable energy).

Social Elements of ESG

This aspect of ESG focuses on a business’s impact on people. It measures how a business treats people such as employees, customers, and the communities in which it operates. It includes the following topics:

• human resources and hiring;
• human rights (including modern slavery and child labour);
• supply chain labour standards;
• health and safety;
• product safety, quality, and liability;
• chemical safety;
• financial product safety;
• wide ranging diversity and inclusion requirements, including anti-discrimination and anti-harassment (D&I);
• equal pay;
• privacy and data security;
• conflict zones and conflict minerals;
• controversial sourcing;
• stakeholder/community relations and engagement;
• customer satisfaction;
• company cultures;
• employee advancement opportunities;
• employee education and welfare;
• philanthropy (e.g., donations to local community, employee volunteering programmes).

Governance Elements of ESG

This aspect of ESG focuses on a business’s leadership and structure. It measures how a business operates in terms of audits, board diversity, internal controls, and shareholder rights. It includes the following topics:

• bribery and corruption;
• executive pay;
• board independence;
• business ethics;
• board composition and audit committee diversity and structure;
• financial system instability;
• tax transparency;
• political contributions;
• whistleblowing;
• conflicts of interest;
• anti-money laundering;
• anti-competitive practice.

Why Should You Take ESG on Board?

ESG is inevitably relevant to larger businesses, but it is also increasingly becoming more material to start ups and smaller organizations. Businesses should be seriously considering ESG in view of the potential positive impact on it of taking ESG on board on the one hand and the potential negative impact of not doing so on the other.

What, then, might such positive and negative impacts be?

Positive impacts of adopting ESG

• meeting shareholder activists’ expectations or requirements so that they are kept “on-side” and supportive of the business;
• encouraging potential investors to invest in the business. Many major banks and investors include ESG investing criteria in their processes and products;
• improving relations with regulators/government;
• enabling the business to contract with those suppliers and customers who require their business partners to adhere to ESG standards;
• attracting and retaining employee or volunteer talent;
• better productivity;
• positively influencing customer sentiment;
• achieving costs savings (e.g., reduced waste or energy consumption).

Negative impacts of not adopting ESG

• harming or failing to improve reputation or morale of staff;
• failing to realize full potential sales turnover;
• dissuading potential investors from taking, retaining, or increasing a stake in that business;
• loss of opportunities to tender for contracts due to failure to meet ESG standards required by tender conditions;
• failing to attract investment or to meet qualifying conditions for grants or other financing;
• incurring additional costs, expenses, fines, or other penalties;
• incurring additional legal liabilities.

Adopting an ESG Policy and ESG Strategy

Adopting, publishing, and implementing an appropriate ESG policy can assist a business to identify and state clearly those factors that pose a risk to the business, i.e., factors that can directly or indirectly harm the business in any way. Such risks include the risk of litigation or liability; regulatory enforcement; risk of physical damage, loss, personal injury, or harm to health; commercial risk; and reputational risk. Identifying risks is the first step to minimizing them and planning for the eventuality that they materialize.

If a business additionally includes in its ESG policy a commitment to measure its degree of compliance with the policy (and report to its board or publicly on its compliance), it will not only have a basis for informing stakeholders and others about the extent of that compliance, but it will also highlight for itself and others how it is mitigating risks. In short, adoption, publication, and implementation of an ESG policy can aid business resilience.

Once a business has formulated an ESG policy, it needs to work out and document a strategy for implementing it. This will entail creating processes for doing so, including the means for measuring and reporting periodically on progress in implementing its ESG policy. In that connection, it should specify – using clear metrics – what will be achieved and when it will be achieved.

Prudence dictates that a business firstly ensures that the ESG policy that it formulates is consistent with its culture and values. Secondly, it must be realistic: a business may be tempted to cover a very wide range of matters, but should only say what it can realistically do, only set targets and timescales that it reasonably expects to achieve, and be prepared to report on why it has not achieved them. Otherwise, it will have failed to comply with its own ESG policy, producing a damaging effect to its reputation and its success.

Supply Chain

For many businesses and other organizations, being able to meet some of the aims set out in their ESG policy depends to a significant extent on taking steps to ensure that companies in their supply chain comply with aspects of their customer’s ESG policy.

A business might carry out due diligence checks or take other steps to assess prospective suppliers’ management of ESG issues. Some businesses have a supplier code of conduct (covering a range of ESG criteria) to which they require suppliers to sign up. Many businesses include a standard “compliance with ESG and other policies” clause in their contracts with suppliers that obliges suppliers to comply with ESG-related policies which the business lists in a schedule attached to the contract. This might be combined with a “self-certification” clause whereby the supplier certifies periodically that it and its subcontractors are meeting the compliance requirements. Some businesses include an audit clause in their supply agreements giving them a right to audit aspects of the supplier’s provision of the goods or services under the contract. In each case, the contract can specify the consequences (e.g., termination, remediation) of the supplier’s non-compliance with ESG clauses in the contract.

Conclusion

It can be seen from the above that ESG is not, and should not be treated as, just a “box-ticking” or “flavour-of-the month” topic. In the interests of the long-term survival and success of any business, it should be seriously considering how ESG is relevant to it.

Simply-Docs ESG Materials

There are currently a number of template environmental policies and environmental policy statements available to download. Whilst these specifically cover environmental matters and can assist with implementation of some environmental aspects of ESG, those templates are not designed to cover other ESG issues as well. However, from time to time, templates and checklists will be added to the website to deal with Social and Governance issues as well as Environmental issues. The first of these, a template set of Company Directors’ Board Minutes adopting an ESG strategy, is available here.

Overview

The Corporate Insolvency and Governance Act (CIG) received Royal Assent on 26 June 2020. The CIG is expected to improve the ability of companies to be efficiently restructured, reinvigorate UK rescue culture, and support the UK’s economic recovery.

It also includes temporary corporate governance changes to shareholder meetings, AGMs, and Companies House filing deadlines.

The following is a brief summary of the main provisions. These are specialist areas of the law and will require specialist advice.

Restructuring Plan

The CIG introduces a new flexible restructuring plan, similar to the existing scheme of arrangement. Under the plan, a company that has encountered, or is likely to encounter, financial difficulties that are affecting, or will or may affect, its ability to carry on its business as a going concern has the ability to enter into a compromise or arrangement with its creditors/members in order to restructure its debts.

It will be inserted into the Companies Act 2006 with the aim of achieving a compromise with dissenting secured creditors by the addition of a “class cram down”. This particular feature draws inspiration from US Chapter 11 proceedings.

The aim is to make it easier to pass a restructuring plan by dividing creditors/members into classes based on the similarity of their rights and each class/member given the opportunity to vote on the plan. The new restructuring plan enables a court to sanction a plan that binds dissenting classes of creditors/members. A plan will be passed if it is approved by 75% in value of the creditors/members or class of creditors/members and importantly, unlike a scheme of arrangement, there is no requirement for a majority (over 50%) in number of each class to vote in favour.

Moratorium

The CIG introduces a new, stand-alone moratorium procedure designed to provide breathing space to companies in financial distress. The moratorium provides a payment holiday for certain types of pre- and post-moratorium debts without requiring leave of the court and will prevent creditors from taking enforcement action against a company. Companies will qualify if they are, or are likely to become, unable to pay their debts when they fall due. A company does not have to be solvent to be eligible.

A fundamental requirement of the process is that it must be likely to result in the rescue of the company as a going concern. It is a director-driven process, and the directors retain full management and control of the company throughout. The regime requires the appointment of a monitor, who must be a qualified insolvency practitioner, and whose role it is to oversee the company’s affairs with a view as to whether it remains likely that the moratorium will result in the rescue of the company as a going concern.

Ipso Facto (Termination) Clauses

Contracts for the supply of goods or services contain clauses which allow a supplier to terminate or threaten to terminate or vary the supply when the counterparty to the contract enters into an insolvency or restructuring process. This is known as an ipso facto clause. The CIG contains a provision, to be inserted into the Insolvency Act 1986, to prohibit suppliers from relying on such clauses. Therefore, subject to certain exceptions, suppliers will be required to continue to supply goods or services to a company in a restructuring or insolvency process. The aim is to protect a company’s supply chain and enable the company to continue to trade.

Temporary suspension of winding up petitions, statutory demands and wrongful trading

The Government announced on 28 March 2020, plans to amend the wrongful trading provisions to remove the potential liability for directors in situations where a company’s financial position has worsened during the COVID-19 pandemic. This was an attempt to prevent directors from placing a company into administration prematurely as a result of concern for their exposure to personal liability for wrongful trading.

The relevant period is between 1 March 2020 and one month after the CIG is enacted.

Likewise, it was announced in April 2020 that statutory demands and winding up petitions would be temporarily banned where a debtor company cannot pay its debts as a result of the COVID-19 pandemic. The hope is that this process will enable companies in financial distress to enter into compromises/arrangements with their creditors without the need for formal insolvency processes to be commenced.

Under the CIG, all statutory demands will be void if served on a company during the period between 1 March 2020 and one month after the CIG comes into force.

Flexibility for Holding Shareholder’s Meetings and AGMs

The rules around shareholder meetings will be temporarily relaxed. This period of relaxation began on 26 March 2020 and ends on 30 September 2020, subject to a possible extension until April 2021.

During this period, overriding anything in the company’s constitution, the provisions allow for general meetings to be held on a virtual basis and for votes to be cast by electronic means, and that quorum requirements can be met without any members being together at the same place.

Companies required to hold their AGMs during the period from March to September 2020, can hold their meeting at any time before 30 September 2020 (again with a possible extension).

Temporary Extension of Companies House Filings

Temporary easements will be introduced regarding filing requirements. They include extensions to deadlines for:

• confirmation statements;
• accounts (Companies House has already made arrangements for companies to apply for a three-month extension to their accounts filing deadline if they are unable to meet the deadline owing to COVID-19);
• registrations of charges (mortgage); and
• event-driven filings, such as changes to company directors, people with significant control, or a change of registered office.

Where the existing filing period is 21 days or less, the extended filing period will not exceed 42 days. Where the existing filing period is between three and nine months, the extended filing period will not exceed 12 months.

This is a very brief overview of the CIG and more information can be found here.

Introduction

The outbreak of COVID-19 and the ensuing pandemic is unprecedented in recent times and its economic impact is similarly unheard of. The Office for Budget Responsibility recently warned that the pandemic could lead to the UK economy shrinking by 35% by June 2020.

For many businesses of all shapes and sizes, in a variety of sectors, the pandemic has, at the very least, necessitated changes and, in more serious circumstances, poses a threat to their survival.

There is, however, plenty of cause for optimism. The government has introduced a range of measures to help support struggling businesses and there are a number of things that businesses of all size, SMEs in particular, can do to weather the storm of the pandemic. Above all else, it is important to stay calm and organised. A clear head and an efficient approach to business will make everything else that much easier.

Dealing with your Staff

We have covered flexible and home working in a number of other articles here at Simply-Docs (check out our Working from Home with Children blog post and our recent newsletter on Home Working). We also offer a range of documents specifically designed to facilitate such arrangements. Flexible working is a boon to employers and employees alike, particularly in such challenging times. It may not be suitable in all sectors, but if the nature of your business permits it, it is most definitely worth considering if you are not already doing so.

Implementing the right policies is an important element of flexible and home working. Without the structure of a normal working day, productivity and adherence to procedures can quickly deteriorate. Nevertheless, it is also important to understand that many staff, particularly parents or those with other dependents, will be facing considerably more responsibilities at home at present. Cultivating an understanding of such pressures and offering as much flexibility as you can will be appreciated by your staff and ideally enable them to be more productive.

Technology can be a great help. Investing in the right software and hardware can make it much easier for your business to operate as close to normal as possible, enabling your staff to easily keep in touch with each other, to hold meetings, to deal with customers, business partners, and the like. It can also be easier to implement security controls on company-owned technology such as laptops and smartphones, meaning that your business is less likely to fall victim to hacking, malware, or the perils of a data breach and the potentially crippling fines that can follow.

If you find that your resources are stretched, consider weighing up the costs of training existing staff for new or expanded roles instead of recruiting new people or taking on contractors. This opens up new opportunities and the possibility of a very welcome pay increase for your existing employees while avoiding the higher expense and complications of taking on new people.

Not all businesses are suited to home working, whether partially or fully. If your staff still need to come into work, keeping the workplace clean and safe is of paramount importance. The normal health and safety rules continue to apply, but when it comes to keeping things clean and hygienic, now is the time to go above and beyond. Equipment and surfaces should be cleaned more often than normal, with “high-touch” objects and areas receiving particular attention. Where supplies permit, provide cleaning materials for your staff to use, such as alcohol wipes for keyboards, mice, telephones, and other objects that are regularly handled. Ensure a plentiful supply of soap and hand sanitiser and ensure that your staff are reminded to use them frequently. Most important of all – if any of your staff are ill, however minor it may be, and whether or not they think it may be the coronavirus, ensure they stay at home and self-isolate in line with government and NHS guidelines.

If revenue declines to the point at which your options are limited financially, there are a range of options open. What is very important is that you communicate with your staff. Do not keep them in the dark. Consult with them and, where appropriate, involve them in planning. If possible, take advantage of the Coronavirus Job Retention Scheme and place your employees on furlough leave. Simply-Docs has a range of templates and guidance designed to assist with this. Further choices include reduced pay, reduced hours, and, if all else fails, redundancy. When considering any such plans, it is vitally important to take professional advice.

Reduce Your Outgoings

If possible, look to re-negotiate contracts. Many of those businesses you are contracting with will be in similarly difficult positions and it may well be preferable to agree to reduced payments, orders, and so forth rather than to risk losing them completely. We offer a range of templates designed to assist in amending contracts in our Business document folder.

When it comes to property, particularly if you are not using your premises (or not using it to its normal capacity), consider negotiating with your landlord and look into the possibility of options such as discounted rent, rent deferment, rent-free periods, and/or a reduction on service charges. Find out more about managing property during the pandemic in our April 2020 property newsletter.

Whatever accommodations are agreed, and however renegotiations proceed, do not let the sense of urgency tempt you into informal agreements. Whenever possible, ensure that everything is documented and legally formalised.

Looking for New Financing Solutions

As revenue falls, debt becomes harder to pay. It is important to remember, however, that those to whom you owe money should hopefully want to receive it than risk missing out. Communication is, once again, key. Discuss your situation with banks and other lenders and look to renegotiate agreements or even take out new finance to help bridge the gap until normal trading begins to resume. The government’s Coronavirus Business Interruption Loan Scheme is of particular relevance under this heading.

If you are a company, be particularly careful about giving personal guarantees. Always remember that a company is a legal entity of its own. Shareholders are protected and have limited liability. By giving a personal guarantee, the so-called “corporate veil” is pierced and the guarantor’s personal assets (including, potentially, their home) will be at risk. Once again, the importance of taking professional advice cannot be overstated.

VAT

Paying VAT can be a tremendous source of pressure and, if your revenue is on the decline, it will be even more so. Look to set up a quarterly payment plan for VAT and talk to HMRC about other assistance or concessions that may be available.

The government has also announced a VAT payment deferral scheme under which payments due between 20 March 2020 and 30 June 2020 will not need to be made until 31 March 2021. Returns must, however, be filed on time. Also ensure that any direct debits are cancelled.

Take Care of Your Duties to the Company

If your business is a company, it is important to remember that directors must still comply with their statutory duties as set out in the Companies Act 2006:

• Act within their powers
• Promote the success of the company
• Exercise independent judgement
• Exercise reasonable care, skill, and diligence
• Avoid conflicts of interest
• Not accept benefits from third parties
• Declare any interest in a proposed transaction or arrangement

The second of these is particularly important, and directors must act in a way that they consider (in good faith) to be most likely to benefit the company’s shareholders as a whole.

It is also, however, important to keep in mind solvency and wrongful trading. If your company’s solvency is in doubt, a director’s first duty is to creditors, not shareholders. That being said, companies in trouble have been given more breathing room with the recent announcement of changes with respect to wrongful trading.

Under normal circumstances, directors may incur personal liability if they allow a company to continue trading beyond the point at which they should have decided it wasn’t reasonably possible to save it. New measures, however, allow directors to continue trading even if there are reasonable grounds to think that the company may become insolvent, without incurring personal liability. This applies to actions taken after 1 March 2020. There will also be a temporary moratorium to prevent creditors seeking to wind up companies seeking rescue or restructuring, but at the time of writing, this is yet to be introduced.

Ensure that the normal procedures for running your business are adhered to, at least as much as the situation permits. If a decision needs to be made that requires shareholder or board approval, conduct things online using tools such as Zoom or Microsoft Teams (the same applies to meeting with your staff). Ensure that your articles of association permit this, however, and keep to the established processes. Do not succumb to the temptation to let things slide into informality. In particular, if you hold a virtual shareholders’ meeting, ensure that you adhere to the Companies Act 2006 and all required formalities.

Fail to Plan; Plan to Fail

Planning is always important in business, but all the more so now as there is less margin for error. A good starting point is to prepare a cashflow forecast to cover the next two to three months. This should be followed by planning and forecasting for the next couple of years as, even once lockdown restrictions begin to lift, it is likely to take the economy quite some time to stabilise and rebuild.

Organisation is vital. Ensure that your books and management accounts are up-to-date and review everything regularly. All meetings, at whatever level and however formal, should be documented, in accordance with legal requirements where applicable.

Concerns, whether they are of the gravest or most easily dismissed, should all be taken seriously and considered at the appropriate levels within your business, leaving nothing to chance. Changing circumstances could easily turn paranoia into reality on the one hand, and render a significant worry unwarranted on the other. Bury nothing!

Diversify and Grow

Yes – grow! As counterintuitive as it may first appear, such seismic changes to the economic landscape also present opportunities for those businesses ready and willing to adapt. One opportunity is to expand online, particularly if your business has remained predominantly (or entirely) brick-and-mortar in the past. This will not, of course, work for all, but in some cases a move online could not only keep your business afloat during the COVID-19 pandemic, but also benefit it immensely afterward.

It may also be a good time to explore diversification. Perhaps there are new avenues that you have been keen to explore or some that are a natural next step that could be easily accommodated within your existing business model and by your existing staff.

Now is not the time for complacency. Businesses that have built up goodwill and nurtured customer relationships over many years may not, until now, have considered advertising and marketing particularly important. If finances permit, however, now may be an ideal time to consider casting a wider net. Online advertising, particularly on social media, can be an extremely productive investment if done correctly. Similarly, for those businesses already established online, consider your current SEO strategy. Is your website performing at its best? Could you make some changes to it that might move you up a peg or two in the search engine rankings? The internet is key to doing business under normal circumstances and even more so with the vast majority of the population quarantined in their homes.

You CAN Make It!

We keep being assured that there is light at the end of the tunnel. Meanwhile, numerous commentators caution us that we can’t see that light yet. It is certain that the toll that COVID-19 will take on the world will be huge, both in terms of the human cost and economically. Nevertheless, it is vital to persevere, and not surrender to the assumption that your business will fail just because it is facing difficulties.

To wrap up, some key points:

• Stay up-to-date with the news (but don’t overdo it) and look out for announcements from the government that relate to your business affairs.
• Document everything, whether required to by statute or not.
• Avoid informal agreements at all costs.
• When negotiating or re-negotiating contracts, be sure to cover the important points. Be specific about numbers, dates, review periods, termination, and other key provisions such as force majeure.
• Communicate with your board, your shareholders, your staff, your suppliers, your customers, your bank, HMRC, and anyone else with whom your business deals. A problem is much harder to solve if those affected by it don’t know about it!
• Be realistic and act accordingly. Don’t hide from your problems. Be proactive, be honest, be transparent, and be positive!

Being positive may sound awfully trite; but it is vitally important to remain as positive as you can. Looking after yourself as well as your business should be a key priority. Exhaustion and stress will not help keep your business going and could well end up costing you dearly if a lack of focus, physical, or mental illness stop you from performing at your best. Take time for exercise and for rest. Look after your mental health during these difficult times and ask yourself whether doing something really will make a difference. Will sweating over work until 11pm actually result in anything, or would your mind and work fare better with a fresh start in the morning if you took the evening to relax with your family or catch up with a friend over the phone or online?

Plan for the worst, hope for the best, and take steps now to keep your business going. In the words of President Barack Obama in his 2009 inaugural address: “With hope and virtue, let us brave once more the icy currents, and endure what storms may come.”

Are you a freelancer who works through a Personal Services Company (“PSC”), or do you engage freelancers who do so? If so, you need to be aware that the tax position will be changing in April 2020.

Proposed Changes to Off-Payroll Working Rules (IR35)

The Government issued a Policy Paper and Consultation Document on 5 March 2019 (“Off-Payroll Working Rules From April 2020”). If you would like to read the paper in full, you can find it by clicking here. The consultation runs until 28 May 2019, but it is clear that the Government does not intend to make any significant changes to its proposals as a result of feedback it receives to this consultation.

A Finance Bill will be published in the summer and, once it is passed into law, it will implement changes to how the IR35 regime works. Although details of the proposed changes will not be known until the Bill is published, the points covered in the Government’s March 2019 consultation indicate the nature of the changes that will come into effect in April 2020. In this post, we consider some of the proposed April 2020 changes set out in the consultation.

Background to the Changes

Working via a PSC (or some other form of intermediary) is often referred to as “off-payroll working”, and the tax rules that apply to it are usually referred to collectively as “IR35”. IR35 does not alter or dictate the employment law position either as to workers’ rights or as to whether someone is employed as opposed to self-employed. Nor does IR35 alter the general tax law establishing the amount of tax liability.

As it currently operates, and as it will operate from April 2020, IR35 is only, in effect, a means to aid collection of the full and correct amount of tax and National Insurance (“NI”) to be paid in respect of certain payments where a freelancer works through a PSC. To find out more about IR35, check out our guidance notes IR35 as background to the latest changes to IR35 being proposed by HMG. You can find our guidance notes here and our information pages here.

Operation of IR35 from 2000, and Recent Developments

The operation of IR35 depends on identifying where a freelancer working for a client through a PSC is, in substance not form, an employee of that client. When IR35 was originally introduced, the rules required the PSC itself to identify whether use of the PSC to receive gross payments from a client in any instance was “disguised employment” by the client and to arrange payment of tax and NI under PAYE if that was the case.

Freelancers (and sometimes family members) are usually the only directors and/or shareholders of a PSC. Perhaps unsurprisingly, the Government found that PSCs could not be relied upon to implement the IR35 rules. PSCs commonly paid dividends to the freelancer (as a shareholder of the PSC) rather than a full (or any) salary to the freelancer. As a result, PSCs did not pay the tax or NI that would have been paid had they paid a salary derived from the gross payments made by clients.

Consequently, under a change in the law in 2017, the Government began to implement anti-avoidance measures. Since April 2017, where the client is a public sector entity, the burden of assessing the tax status of freelancers shifted on to the public body concerned, so that it, not the PSC, is responsible for identifying such “disguised employment” situations. Where the public sector body does so in any case, it must operate PAYE and make net payments to the PSC. Many, including IPSE (the Association of Independent Professionals and the Self Employed), think that these changes have had damaging effects on the public sector, and that any extension of these changes to the private sector will be also be damaging for all concerned.

The April 2020 Changes to IR35

Since late 2017, the Government has indicated its intention to extend similar changes to the private sector, although the April 2020 changes will differ in some respects from the measures that currently apply to the public sector. From April 2020, the private sector client will be responsible for determining whether the freelancer is a “disguised employee” and therefore to be treated as if an employee. If the entity in the labour supply chain which pays the fees to the PSC is not also the client of the PSC, then the fee payer will be responsible for operating PAYE. If the client determines that IR35 does not apply, then the client or the fee payer will pay the PSC gross.

However, these new rules will not apply to all private sector clients. The legislation will provide that clients which are “small” entities will not be involved in having to determine freelancers’ status and, whether or not the client is also the fee payer, the fee payer will not need to operate PAYE. For this purpose, “small” means that if the client is corporate, the rules will not apply to it if it falls within at least two of the following:

• Its annual turnover does not exceed £10.2 million;
• Its balance sheet total does not exceed £5.1 million;
• The number of its employees does not exceed an average of 50 in the year.

If the client is non-corporate and it is “small”, the rules will similarly not apply to it. The criteria for “small” have not yet been made clear, but they will fairly closely follow the criteria for corporate entities.

This means that where a client in the private sector is “small”, the responsibility for determining the freelancer’s status will remain with the PSC as at present.

Before deciding whether IR35 rules apply, are they even relevant to you?

These 2017 and 2020 changes to how IR35 operates only impact on any case where IR35 is relevant, i.e. where a PSC is involved. If a freelancer does not work through a PSC but through some other type of entity (e.g. an agency or managed service company), then other rules will or might apply, so it is important to understand what amounts to a PSC for the purposes of IR35.

So, if you engage a freelancer working for you directly as opposed to working through a PSC, you will not be affected by IR35. However, as a consequence of normal tax law (not IR35 rules) applicable in these cases, you will still need to decide whether they are an employee rather than a sole trader or contractor. If they are an employee, you will have to operate PAYE.

Determination of a Freelancer’s Status

Although clients will need to apply the normal employment status tests (based on case law – see our helpful tips, here) to decide whether someone is a “disguised employee”, it can be difficult to do so, and that difficulty is aggravated by the fact that HMRC’s view of status in a case cannot necessarily be regarded as correct. Where HMRC has contested the status of contractors in tax tribunals, it has lost a large percentage of them.  HMRC provide a tool, the Check Employment Status Tool (“CEST”), which clients may (but do not have to) use to assess employment status. CEST’s reputation has unfortunately become somewhat sullied due to many public sector clients finding that it is biased towards finding that an individual is an employee. This has not inspired confidence amongst freelancers or their clients. HMRC has said that it will enhance CEST to make it more suited to the private sector.

New Information Requirements

Currently, where the client is in the public sector, it must tell the entity it contracts with of its determination of the freelancer’s status. From April 2020, the Government intends to introduce new IR35 rules that will require private sector and public sector clients to inform both the entity they contract with and the freelancer or PSC of their determination and, if requested, the client’s reasons for it.

HMRC also intends the rules to require all intermediary recipients of the determination (i.e. those in the chain other than the client and the freelancer or PSC) to pass it and, if requested, the reasons for it, to the person with whom they contract.

Status Determination Disputes and Anti-Avoidance Measures

The proposed new rules for the private sector are likely to include mechanisms for challenging decisions as to whether or not a freelancer is within IR35, and a means for resolving such disputes. Where a party is initially liable to determine status and does not do so, or does so without reasonable care, or if it does not fulfil any other IR35 obligation, it will be made liable for tax and NI even if it is not the fee payer. Where a party is liable for tax and NI but in the event it cannot be collected from that party, the rules are likely to have the effect of moving liability to the next entity in the labour supply chain.

Impact of Changes on Your Business and Action Needed Now

The changes might have an effect on you if you are a freelance business or your business engages freelancers. The effects might include an increase in the burden of administration work, the cost of that extra work, practical difficulties in operating within the changed rules, and the commercial and financial impact on your business.

With less than a year to go before new rules come into effect, it is very important that you start now to take steps to prepare for the new IR35 rules if you do engage any freelancers through intermediaries. There are numerous steps that should be considered. It is recommended that you begin by identifying those freelancers working for you through intermediaries and the labour supply chain in each case, and then implementing processes to determine freelancers’ status. Further steps are likely to be advisable, and we recommend that you seek advice or guidance on these from suitable advisers or sources.

As always, if you would like to share your thoughts as to whether and how you think these proposed changes will impact you or others with whom you deal, we would be glad to hear from you in the comments, below.

The UK is scheduled to leave the European Union on 29 March 2019 by virtue of having served a formal notice under Article 50 of the Treaty on European Union to terminate its membership of the EU.

At the time of writing, it is still not clear whether this departure will be delayed, accompanied by a ‘deal’ smoothing the exit through a transition period or whether the UK will leave the EU in a ‘no-deal’ scenario.

This note focuses on the potential company law impact to UK private limited companies of exiting the EU in a no-deal scenario. It is important to remember that this is a fluid situation with events changing rapidly; however, the good news for UK incorporated private limited companies is that whilst many other legal areas may be subject to quite significant change, UK company law is not expected to be immediately affected even in the event of a no-deal exit.

The Companies Act 2006

The key legislation governing and regulating English and Welsh companies is the Companies Act 2006. This includes the types of companies that can be incorporated, their liability, the role of Companies House, directors’ duties, and the rules on accounts and audit. Whilst some parts of the Companies Act 2006 are derived from EU Directives such as shareholder rights, the majority of English company law is not derived from EU legislation. The Companies Act 2006 will, therefore, continue in force as at present and no-deal will not of itself change the legal status of UK incorporated companies. However, the company law form of a European Company (‘Societas Europaea’) will no longer be available in the UK.

Third Country Companies

Notwithstanding the expected limited effect on private limited companies, it is worth noting that following Brexit, UK incorporated companies will become ‘third country’ entities as far as European law is concerned. The significance of this is that Member States will not be obliged to recognise the legal personality and limited liability of companies which are incorporated in the UK but have their central administration or principal place of business in another EU Member State. There may be recognition by individual Member State’s national laws or under international law, but this is a point of uncertainty.

UK companies being considered third country entities will also affect a UK company’s ability to undertake a cross-border merger within the EU and rely on group company account exemptions if it has an EU parent. Similarly, UK incorporated companies with branches in other EU Member States will no longer benefit from favourable rules applicable to branches of third country companies. These are, however, issues that will most likely affect large companies or listed PLCs, rather than SMEs operating solely within the UK.

Trading and Commercial Impact

As the legal impact (at least initially) is expected to be limited, probably the biggest issue that UK private limited companies face is the commercial uncertainty that Brexit and particularly a no-deal Brexit may bring.

As yet, no one knows the trading terms that will take effect post-Brexit, and this could lead to both broader economic uncertainty within the UK as well as specifically impacting certain companies whose business model and strategy is more vulnerable to certain goods and exchange rate fluctuations. This is of course not something that anyone can yet predict with any certainty.

UK companies can therefore only adopt a ‘wait and see’ approach whilst trying to be aware of the vulnerabilities that their companies may face in the light of a potential no-deal Brexit.

Recent High-Profile Safeguarding Incidents

This month we consider the important and sensitive issue for charities of safeguarding. There have been a number of fairly recent high-profile failures by charities to ensure adequate safeguarding. In early 2018, the Department for International Development called for assurances from aid charities in the light of the Oxfam scandal relating to its work in Haiti. In response, charities reported over 80 serious safeguarding incidents to the Charity Commission. Overall, in the weeks after the Oxfam scandal broke, more than 500 reports of serious incidents involving safeguarding were received by the Commission.

What is Safeguarding?

“Safeguarding” means taking a range of measures to protect people in a charity, or those it comes into contact with, from abuse, maltreatment or other harm of any kind. (This includes physical, sexual, emotional, discriminatory, institutional or organisational, financial or material abuse, neglect, or impairment of the health or development.) For a full definition of safeguarding, see The Care and Support Statutory Guidance issued under the Care Act 2014.

Charity Trustees’ Legal Duty

All charity trustees have a legal duty (“safeguarding duty”) to take reasonable steps to protect their charity’s beneficiaries, staff, volunteers, and those connected with the activities of the charity from harm. The Charity Commission has stated that safeguarding should be a key governance priority for all charities, regardless of size, type, or income, not just those charities working with children or vulnerable adults.

Adopting a Safeguarding Policy and Other Steps

The Commission has also stated that it is essential for charity trustees to have and implement a safeguarding policy and procedure.  Adopting and implementing a safeguarding policy and procedure assists charity trustees in discharging their safeguarding duty. With this in mind, we maintain a template Safeguarding Policy in our Charity & Non-Profit Group. In any event it is good practice to have such a policy.

Adopting such a policy is one of ten action points which the Commission recommends to ensure good safeguarding governance. The other action points include identifying possible risks, improvement of safety culture, communicating within a charity how to follow up any safeguarding concern, keeping safeguarding training current and relevant, and carrying out risk assessments. The Commission sets out these action points in more detail here, and we urge you to implement them if you are a charity trustee.

Safeguarding also entails other actions, including ensuring that trustees and others recruited to the charity are not disqualified from being appointed to the role in question, and that DBS checks (and enhanced checks) are carried out as appropriate.

More generally, trustees must make sure that their charity’s assets are used only to support or carry out the charity’s purposes. Trustees must not expose the charity’s assets, beneficiaries or reputation to undue risk.

Children and Vulnerable People

Safeguarding is a particularly important and sensitive issue for you as a charity trustee if your charity works with children or vulnerable people. People may use your charity to get to children, vulnerable people, or their records for inappropriate or illegal purposes. You must be alert to this and actively manage the risk that your charity may be deliberately targeted, that its culture may allow poor behaviour to take place, or that people in a position of trust may abuse this. It is also important to carry out checks on any organisation, including an overseas organisation, that has contact with children or adults at risk before your charity gives them funding.

What is Your Risk as a Trustee?

You can be held responsible for any consequences or loss that your charity incurs if you do not discharge your safeguarding duty. When the Charity Commission looks into whether there has been a breach of trust or duty, or other misconduct or mismanagement by trustees, it can take into account whether they followed safeguarding practice.

Prevention, Not Cure

Safeguarding failures can adversely affect a charity’s reputation but there is a built-in conflict of interest for charities in that they are bound to properly report serious incidents to the Charity Commission. However, if they do so and the full nature of the incident only becomes public knowledge because of that reporting, their reputation may be sullied and they can lose grant, donor, and other funding as a result.

Our message, therefore, is that prevention is better than damage limitation: if robust policies and procedures are implemented, the occurrence of such incidents is more likely to be deterred. This should produce, in terms of morality, the most important consequence, i.e. improvement in the behaviour of all connected with the charity. As a by-product, a charity’s reputation is preserved and its funding is not adversely affected.

The Law Commission published a Report on 14 September 2017 on various technical issues in charity law, focussing on areas where there is inappropriate regulation of charities and any unnecessary legal complexity and inconsistency. It aims to remove or adjust the legal and regulatory burden on charities, whilst still safeguarding the public interest in ensuring that charities are properly run. (It does not also address high profile issues such as the law of public benefit, the charitable status of independent schools, or fundraising practices.)

The Report proposes a number of important changes to charity law. The draft Bill appended to the Report, when enacted, will bring those changes into effect. We have reviewed the Report and set out below a summary of those of its recommendations likely to be of interest to small and medium sized charities. For details of those recommendations, please see the Report (or a summary of it) on the Law Commission’s website.

Making it Easier to Make Ex Gratia Payments

The Report considers ex gratia payments out of charity funds. As we explain in our Guidance Note, Ex Gratia Payments by a Charity, an “ex gratia” payment is one which the trustees of a charity feel morally obliged to make, but which they have no legal power to make. For example, it might be clear from the circumstances that a testator intended to include in his Will a legacy to a family member but did not live long enough to amend his Will. In such a case, the charity’s legal entitlement to the residue under the Will would be greater than intended, and the trustees might therefore wish to pay such a legacy on a voluntary basis. The Guidance Note also details various other circumstances in which trustees might wish to make an ex gratia payment. (“Payment” for present purposes, includes a transfer, waiver or release of any property or rights.)

Charity trustees can currently ask the Charity Commission to authorise an ex gratia payment but if it is a small ex gratia payment, the costs of obtaining authorisation and the resulting delay before making the payment may be disproportionate to its value. The Report proposes amending the law to give trustees the power to make ex gratia payments that are small relative to the income of the charity without their having to obtain Charity Commission authorisation. Any payment is deemed “small” for this purpose under the Bill if it is no more than a certain amount and its gross income in its last financial year is no more than a certain amount, as follows:

• ● £1,000, where gross income is up to £25,000;
• ● £2,500, where gross income is more than £25,000 and up to £250,000;
• ● £10,000, where gross income is more than £250,000 and up to £1 million; and
• ● £20,000, where gross income is more than £1 million.

Trustees currently must personally take any particular decision to make an ex gratia payment, and they must only make a payment if they personally “regard themselves as being under a moral obligation” to do so; a subjective test. The Report proposes an objective test instead, namely that an ex gratia payment may be made if trustees “could reasonably be regarded as being under a moral obligation” to make the payment.

The Report proposes that, to ensure efficiency in charity administration, trustees should in future have power to delegate any decision to make an ex gratia payment wherever they wish to do so. With that power, they could then decide to make all such decisions personally or delegate any or all such decisions. Where any officer of the charity (e.g. the chief executive or a legacy officer) is delegated to make any such decision, the officer could then decide on behalf of the trustees if the objective test has been met. Where the test is met in any case, the trustees will have power (but not a duty) to make a payment.

For further guidance about ex gratia payments, see our Guidance Note, Ex Gratia Payments by a Charity.

Fundraising Appeals

Our Guidance Note, Fundraising Appeals By Charities – Suitable Wording for Appeals explains the current legal position where too much, or too little, money is raised by a charity in response to a fundraising appeal.

At present, where too much is raised, the Charity Commission can direct that the surplus is applied cy-près (“Cy-près” means “as near as possible”.); when too little is raised, the funds cannot usually be applied cy-près and the trustees must try to contact donors to offer a refund.

For small donations, the cost of contacting donors will often be disproportionate to the value of the donations. Where too little is raised, there needs to be a balance between protecting donors’ wishes and the administrative inconvenience and expense of contacting donors. The Report recommends reduction of that expense by amending current law such that the law does not require trustees to offer a refund of any donation of £120 or less in a year, and such that such donations can be applied cy-près. Trustees would only then have to try to contact a donor if he requested that when making the donation.

When funds raised are to be applied cy-près (because too much or too little has been raised by the appeal), trustees can currently ask the Charity Commission to make a scheme authorising the funds to be used for other similar purposes. In the case of small amounts, the charity’s and the Commission’s associated costs may be disproportionate to the amount in question. The Report therefore recommends amending the law so that, if a fund does not exceed £1,000, the trustees may apply it to new purposes without Charity Commission consent, provided that they first consider the desirability of securing that the fund is used for similar purposes.

Changing Purposes, Amending Governing Documents

The Report notes the importance of the ability to make changes to a charity’s governing document quickly and efficiently, whilst retaining safeguards so that any such changes are in the best interests of the charity and its beneficiaries. It concludes that greater alignment of the procedures currently available to corporate and unincorporated charities when altering their governing documents would be beneficial to create legal simplicity and consistency. It consequently recommends new powers for unincorporated charities to be able to make changes to their governing documents so that those powers are brought into line with those of charitable companies and CIOs. The Report also recommends that the same requirements for Charity Commission consent should apply to all charities, whatever their legal form, when they alter their purposes.

Your Experience

Will any of these proposed reforms be relevant to your charity? Do you think they will be beneficial for your charity or for other charities? As ever, we would like to hear from you.

One of the major risks faced by UK charities is loss of data. “Loss” includes wrongful transfer, disclosure, corruption, or deletion of data, or wrongful access to data. Charities often hold large amounts of personal data, some of which is particularly sensitive. It may relate to donors or supporters, beneficiaries or service users (including children and vulnerable adults) and their families, carers, staff, or volunteers of the charity. The range of personal data held by charities is often very broad. For example, it often includes bank details, details of donations made, contact details (home or email addresses, phone numbers), dates of birth, information about mental or physical health, or care needs.

How Does Loss of Data Occur?

There are numerous ways in which data may be lost. For example:

• ● loss or theft of a laptop or memory stick containing unencrypted personal details;
• ● hacking into IT systems to obtain such details;
• ● hacking or a virus attack which corrupts or erases data, e.g. ransomware which in effect locks up data until a ransom is paid;
• ● leaving paper documents in places accessible to thieves;
• ● unauthorised disclosure by staff or volunteers;
• ● IT system breakdown or destruction where there is no data backup or disaster recovery facility;
• ● staff responding to forged emails purporting to come from a legitimate source.

High-Profile Examples

There have been some high-profile cases of personal data loss. A break-in took place at the premises of the children’s charity Plan UK in November 2015, when five servers containing data including supporters’ contact and bank information were stolen, although in this case it would have been very difficult for the thieves to extract that data. In March 2012, a hacker broke into the IT systems of the British Pregnancy Advisory Service and obtained sensitive personal data about their clients. In January 2016, volunteers at The Alzheimer’s Society used personal email addresses to receive and share sensitive information about clients of the charity, stored unencrypted data on their home computers, and failed to keep paper records locked away. The Society’s volunteers had not been trained in data protection, did not understand charity policies and procedures, and had little supervision. The Society also suffered a hacking incident in 2015, and in 2010 unencrypted laptops were stolen from its premises. In 2011, a social worker at the charity Norwood Ravenswood left a detailed paper report about four children at the side of a house in London after attempting to deliver them to the children’s prospective adoptive parents, and the report was stolen.

What Are the Consequences of Data Loss?

Loss may impact the charity’s own activities, for example, where a database of individuals’ details is deleted or corrupted, and the charity has no other record of them to use as a backup. Alternatively, loss may adversely impact the individuals who are the subject of data held by the charity, for example, where an unauthorized third party gains possession of the data. Apart from the direct financial cost (and other effects) of recovering from its data security being compromised, a charity is likely to suffer damage to its reputation and that may have an adverse impact on the level of donations and trust of donors, supporters, volunteers, and beneficiaries. Indirect possible effects include substantial fines being imposed by the Information Commissioner’s Office (ICO) where the charity is in breach of data protection legislation – the ICO is no longer reluctant to issue substantial fines to charities just because they are charities.

Increasing Risk of Data Security Breaches

It is clear that the risk of data falling into the wrong hands is prevalent and has been rising significantly over the past few years, both for charities as well as other organisations. Although the ransomware attacks in 2017 did not appear to target charities, experts think they could well be prime targets in future because of the large amount of sensitive stakeholder data that they hold – they often hold more sensitive data than other organisations, and personal data is often a saleable commodity. Charities are often seen as easy targets partly because they, more than larger commercial organisations, often lack the resources and expertise to guard against security breaches.

Tighter Regulation

The new requirements of the General Data Protection Regulation (GDPR), which comes into force in May 2018, reflect the degree to which a data breach is now regarded as a very serious issue. In particular the GDPR will require any organisation suffering a breach of personal data to report it to the ICO without undue delay unless it is unlikely to result in a risk to the rights of individuals.

How Can My Charity Prevent Data Loss?

It appears from a Third Sector Insight survey, conducted in 2016, that the majority of charities are not sufficiently well protected against loss of personal data. So, what steps do charity trustees need to take to improve the security of personal data? Here are some measures that might be implemented:

• ● Review (“audit”) the activities of your organisation, identify weak spots, assess the risks and take steps to mitigate them.
• ● Adopt a data protection and handling policy. Not only will this assist your charity to comply with the law, it will also confer a range of other benefits: adopting and implementing an effective data policy within a charity will protect your charity’s reputation, while also increasing donor, supporter, and volunteer confidence in the running of the charity. It will also, by making sure all information is kept accurate, save your charity time and money when you market to your fundraising base.
• ● Appoint a Data Protection Officer to take responsibility for GDPR compliance.
• ● Have procedures to detect, report, and investigate a personal data breach.
• ● Make sure that all charity staff and volunteers are fully trained so that they understand their legal obligations (i.e. under the Data Protection Act (DPA), and, when the GDPR comes into force, both the GDPR and the parts of the DPA not repealed at that time). Training should be appropriate to ensure that they know in practical terms what they must do to comply with the law. For this purpose, you should adopt and implement procedures and organisational measures designed to meet the requirements of the legislation. New employees and volunteers should receive data protection training to explain how they should handle, store and transfer personal data. Existing employees and volunteers should be provided with refresher training every couple of years.
• ● Make sure you use strong passwords on files and portable devices: a weak password, easily guessable, is very poor protection for personal information. Use combinations of upper and lower-case letters, numbers and (where possible) symbols in passwords (If you want to see how long it would take a computer to crack your password, try it out at How Secure Is My Password?).
• ● Encrypt laptops, backup discs, USB memory sticks, and any other portable devices or media. Also consider installing a remote ‘wiping’ solution that will delete your hard drive in the event it is stolen.
• ● Consider whether your IT servers (including email) and connected devices (on or off site) are as secure from unauthorised access as they reasonably can be.
• ● Look at what data (in electronic or hard copy form) might be lost in transit or when staff and volunteers work remotely (e.g. at home), and ensure that your data policy and procedures extend to how they should deal with data not kept at all times within the charity’s office.
• ● Ensure that when data leaves your charity, the most secure means is used (for example, use VPNs for electronic data and couriers for hard copies).
• ● Only keep data for as long as necessary. Make sure your charity has established retention periods and has put a process in place whereby personal information is deleted when it is no longer required.
• ● Implement a system to update information. If you can, ask those whose details are on your database to check and update those details. You can do this via email or by checking their details if they telephone you.
• ● Make sure that your premises (and physical records and IT equipment there) are secure, that there are proper controls over who comes into the building, and that you know who (including staff, volunteers, cleaners, visitors) is able to and does enter your premises.
• ● If you outsource data storage to specialists (larger charities may need to do so) then first check their data protection policies and credentials to ensure that they are trustworthy.
• ● If you store personal or other data on your own systems (i.e. you do not use third party systems), then you would be well advised to frequently backup your data on separate media or secure cloud storage.
• ● Adopt a data and/or disaster recovery plan, and consider including, as part of that plan, arranging for third party backup data centre facilities to be available so that you can recover data if you suffer an IT failure, data corruption, or a hacking incident.

What Are Your Experiences?

Are you a trustee or employee of a UK charity? Do you think your charity is well protected from a potential data breach? Does your charity follow the recommendations we have set out above? Has your organization suffered a loss of data, and what was the result? What should have been done to prevent that loss?

We are, as always, keen to hear your views.