Understanding Risks and Responsibilities: A Director’s Guide for Australian Charities

Introduction

Serving as a director or ‘responsible person’ for an Australian charity involves significant responsibilities, particularly concerning the identification and management of organisational risks. Compliance with legal obligations, including the Australian Charities and Not-for-profits Commission (ACNC) Governance Standards, is essential not only for regulatory adherence but also for safeguarding the organisation’s mission and reputation. Understanding these duties ensures the charity operates effectively and ethically.

This guide focuses specifically on the key risks faced by Australian charities and the crucial role directors play in overseeing risk control. It provides practical insights to help responsible persons to navigate their obligations, implement effective compliance measures, and foster a risk-aware culture within their organisation. Mastering these responsibilities is fundamental to sustainable and impactful charitable work.

Understanding Director Obligations and the Importance of Risk Management

Defining the Responsible Person Role and Key Obligations in a Charity Organisation

In a charity organisation, the term ‘Responsible Person’ refers to individuals entrusted with the governance and strategic direction. These individuals are crucial as they make the key decisions about how the charity operates. Generally, a charity’s Responsible People are its board members, committee members, or trustees.

The specific title for a Responsible Person can vary depending on the charity’s legal structure:

• Companies limited by guarantee: Each director is a Responsible Person.
• Incorporated associations: Each member of the management committee holds this role.
• Trusts: Each trustee is considered a Responsible Person; if a corporate trustee exists, its directors are the Responsible People.

It’s important to note that roles like ‘company secretary’ or ‘public officer’, while significant operationally, do not automatically qualify someone as a Responsible Person unless they are part of the governing body, such as the board or committee.

The governing body, regardless of title, must comply with specific legal duties. These obligations ensure accountability and proper management within the organisation.

The Legal Duty for Directors to Oversee Risk Management Compliance

Charity governing bodies, including directors, have a fundamental legal obligation to manage the organisation’s risks appropriately. This duty stems from the position of trust directors hold; they are entrusted with steering the organisation and making decisions on its behalf.

Effective risk management is not merely about having policies or registers; it requires careful planning and ongoing commitment.

Directors hold a fiduciary duty to act in the best interests of their organisation. Fulfilling this requires them to understand and assess the nature and magnitude of risks the charity faces.

Overseeing risk management compliance is therefore a core responsibility, ensuring the organisation operates soundly and achieves its objectives while safeguarding its assets and reputation. The law imposes these duties because committee members and directors wield significant power within the organisation.

Connecting Director Duties and Australian Charities and Not-for-profits Commission Governance Standards to Risk Control

The duties of Responsible Persons are closely linked to the ACNC Governance Standards, particularly concerning risk control. Registered charities must comply with these standards.

The ACNC Governance Standard 5 specifically outlines the duties that Responsible People must understand and adhere to, forming a key part of risk management compliance.

These core duties mandate that Responsible Persons:

• Act with reasonable care and diligence: This involves staying informed and putting adequate effort into overseeing the charity’s activities and financial health.
• Act honestly and fairly in the best interests of the charity and for its charitable purposes: Decisions must prioritise the charity’s mission and benefit the organisation as a whole.
• Not misuse their position or information: Responsible Persons cannot use their role or access to information for personal gain or to the detriment of the charity.
• Disclose actual or potential conflicts of interest: Transparency regarding conflicts is crucial for maintaining integrity.
• Ensure responsible financial management: This includes overseeing budgets, financial reporting, and protecting assets.
• Not allow the charity to operate while insolvent: Directors have a critical obligation to prevent the charity from incurring debts it cannot pay.

Meeting these duties, as outlined in ACNC Governance Standard 5, inherently requires active risk oversight and control. By understanding and managing risks related to finances, operations, compliance, and reputation, directors fulfil their obligations and ensure the charity adheres to ACNC standards.

Identifying Key Risk Areas for Australian Charities

Governance Risks and Compliance Failures

Charity directors must prioritise compliance with the ACNC Governance Standards and the organisation’s own governing documents. Failing to meet these standards or adhere to the charity’s stated objectives represents a significant governance risk.

Identifying operational risks that could lead to breaches of these standards is a crucial compliance obligation for every director and responsible person. Additionally, poor governance practices generally can create substantial risks for the organisation.

Financial Management and Insolvent Trading Risk Obligations

Responsible persons, including directors, hold a legal obligation to prevent their charity from operating whilst insolvent. This makes managing financial risks a high priority for any charity board.

Several factors can severely jeopardise an organisation’s ability to meet its commitments:

• Inadequate financial controls
• Poor reporting
• Insufficient reserves
• Lack of diversification in funding sources

Essential financial management strategies include:

• Careful planning and management of liquidity requirements to ensure funds are available when needed
• Building reserves during periods of surplus to cover future commitments and unexpected contingencies
• Understanding financial dependencies, such as reliance on a small number of donors, compared to financial commitments
• Being aware of any guarantees given to third parties that could impact finances

Allowing a charity to incur debts when it cannot pay existing ones constitutes insolvent trading. This represents a serious breach of director obligations under ACNC Governance Standard 5 and other laws, potentially leading to personal liability.

Fraud and Financial Crime Risk Control

Charities face the risk of both internal and external fraud, as well as the theft of resources. Effective financial controls and clear delegations of authority are necessary to manage the risk associated with collecting and distributing charitable funds.

Without these controls, the organisation is vulnerable to financial crime, which can divert essential resources from its charitable purpose. The criminal threat environment includes opportunistic fraud committed by personnel and affiliates.

Anti Money Laundering and Counterterrorism Financing Compliance Risk

Charities must take steps to avoid breaching anti-money laundering and counter-terrorism financing (AML/CTF) laws. This involves a compliance risk related to the potential misuse of the organisation, knowingly or unknowingly, to launder criminal proceeds or finance terrorism.

Key mitigation strategies include:

• Properly identifying and screening donors and partners
• Understanding the source of funds
• Conducting due diligence, particularly when dealing with third parties

While proven instances are low, the consequences of AML/CTF breaches can be severe for the organisation’s reputation and public trust.

Managing Risks Associated with Vulnerable Persons

Working with vulnerable beneficiaries, staff, or volunteers presents heightened risks for charities. Organisations have an obligation to implement strategies to manage the risk of harm, exploitation, and abuse affecting these individuals.

This includes risks related to workplace health and safety, such as:

• Ensuring physical safety
• Supporting psychosocial wellbeing
• Preventing harassment and discrimination

Directors must ensure adequate safeguards are in place to protect vulnerable persons connected with the charity’s activities.

Controlling Risks in Overseas Operations

Charities operating internationally or relying on third parties overseas face magnified and more complex risks. These include challenges in governance, financial control, and managing reputational risk across different legal and cultural contexts.

Links to high-risk countries, particularly those with weak AML/CTF regimes or experiencing conflict, further increase vulnerability. Effective control measures and thorough due diligence on overseas partners are essential to mitigate these risks.

Addressing Technology and Cybersecurity Risk Challenges

The increasing reliance on technology exposes charities to significant risks, including system failures, data breaches, and cyber-attacks. Directors have an oversight responsibility to ensure these technology risks are managed effectively.

This includes understanding the potential impact on:

• Organisational performance
• Customer experience
• Reputation

A robust cyber risk management approach, potentially guided by frameworks like the Australian Cybersecurity Centre’s Essential Eight, is crucial for organisational resilience.

Understanding Environmental Social and Governance Risk Factors

Environmental, Social, and Governance (ESG) factors represent a growing area of risk for charities. Directors need to understand and oversee these risks, which encompass a wide range of issues.

Key Environmental, Social, and Governance risk factors include:

• Environmental: Climate change impacts (such as drought and bushfires exacerbated by climate change) and nature loss
• Social: Modern slavery in supply chains, human rights impacts, poor labour standards, workplace safety (physical and psychosocial), diversity, and inclusion
• Governance: Risks arising from poor governance practices, lack of transparency, inadequate accountability, and failure to act with integrity

Stakeholders increasingly expect organisations to manage and disclose their ESG risks effectively.

Consequences of Failing Risk Management Obligations

Potential Legal and Financial Penalties for Compliance Breaches

When a director or responsible person breaches their legal duties concerning risk management and compliance, several consequences can follow. Legal action might be initiated against the individual committee member by various parties, including:

• Regulators
• Creditors
• The organisation itself

If a breach of duty is established, a court may impose various penalties on the responsible person. These can include:

• Fines or compensation: The court might order the individual director to pay a fine or compensate the organisation for any financial loss incurred due to the breach.
• Disqualification: A director found in breach may be disqualified from holding a committee or director position for a specified period.
• Criminal penalties: In cases involving deliberate dishonesty, recklessness, or significant fraud, criminal charges could lead to more substantial fines or, in severe instances, imprisonment.

It is important for every director and responsible person to understand these potential personal liabilities associated with failing their risk oversight obligations.

Reputational Damage and Loss of Stakeholder Trust from Poor Risk Control

Failures in risk management can extend beyond legal penalties, significantly impacting the charity organisation’s standing and viability. Poor risk control can severely damage the organisation’s reputation among the public, donors, and other stakeholders.

This erosion of trust and confidence often leads to tangible consequences, such as:

• Reduced donor support and funding difficulties
• Loss of confidence from beneficiaries and the wider community
• Negative attention from media and regulators, like the ACNC

Maintaining effective risk control is therefore crucial not just for compliance, but for safeguarding the organisation’s mission, reputation, and long-term sustainability. A failure in risk management oversight can ultimately harm the charity’s ability to achieve its objectives.

Conclusion

As a director or responsible person within a charity organisation, fulfilling obligations under the ACNC Governance Standards requires diligent oversight of diverse risks, from governance and financial control to operational and compliance challenges. Proactive risk management, embedded in the organisational culture and supported by effective controls, is therefore fundamental for achieving the charity’s purpose and ensuring its long-term viability.

Effectively navigating the complexities of director obligations and risk control requires informed strategies and robust processes. For trusted expertise tailored to the unique needs of your charity organisation, contact the specialists at LawBridge today to discuss how the expertise of our not-for-profit lawyers can help ensure compliance and safeguard your mission.

Frequently Asked Questions