Compliance, Governance & Risk

Which Policies Might Funders Ask For? A Due-Diligence Checklist For Small UK Charities

Grant funders usually do not want a pile of documents for its own sake. They want evidence that the organisation can use money responsibly, protect people, manage conflicts and keep records. The exact policy…

Grant funders usually do not want a pile of documents for its own sake. They want evidence that the organisation can use money responsibly, protect people, manage conflicts and keep records. The exact policy set depends on the funder, the programme and what your organisation actually does.

So the useful question is not "what policies does every charity legally need?" The useful question is "what policies are likely to be relevant to this application, and can the board show they are current and adopted?"

Common Policy Areas

The list below is a due-diligence prompt, not a legal checklist.

Safeguarding

Where a charity's work involves children, adults at risk, beneficiaries, volunteers or public contact, funders often look closely at safeguarding. Charity Commission guidance says trustees must take reasonable steps to protect people who come into contact with the charity from harm. Safeguarding policies and procedures should be reviewed at least annually and after serious incidents.

Data Protection And Privacy

If you hold personal data, you need to understand your UK GDPR and Data Protection Act 2018 responsibilities. That may include a privacy policy, data security controls, retention rules, breach procedures and, where applicable, checks against ICO fee requirements.

Financial Controls

Financial controls explain who can authorise spending, how payments are approved, how income is handled, how restricted funds are tracked, and what evidence is retained. Charity Commission CC8 guidance says all charities need appropriate internal financial controls, scaled to their size and activities.

Conflicts Of Interest

Trustees need a clear way to identify, record and manage conflicts of interest and loyalty. A simple policy plus a conflicts register is often enough for a small charity, but it has to be used.

Reserves

Charity Commission guidance expects trustees to consider and explain their reserves policy. A charity with low or no reserves can still have a policy; the point is that trustees have made and recorded a decision.

Risk, Complaints, Whistleblowing And Social Media

These policies help show how the board handles operational risk, feedback, serious concerns and public communications. They may be more or less important depending on your activities.

Technology And AI Use

The voluntary 2025 Charity Governance Code includes a policy for technology and AI tools as suggested evidence under managing resources and risk. If your charity uses AI assistants, automated tools or sensitive digital systems, a short board-approved policy can clarify approved uses, personal-data rules, human review and accountability.

Do Not Adopt Everything Blindly

Adopting too many policies can create its own maintenance burden. A document that is never reviewed, never owned and never used can look worse than a clear note explaining why a topic is not applicable.

Before adopting anything, decide:

  • what your governing document requires
  • which regulator or legal form applies
  • what your funder asks for
  • whether you work with children or adults at risk
  • whether you process personal or special-category data
  • whether you employ staff or use volunteers
  • whether you fundraise, hold reserves, make grants or handle restricted funds
  • whether you use technology or AI tools in charity work

Present The Evidence Clearly

The simplest due-diligence artefact is a one-page policy register:

| Policy | Version | Adopted | Next review | Owner | Notes | |---|---:|---:|---:|---|---| | Safeguarding | 1.0 | [date] | [date] | [role] | reviewed by [name/role] | | Conflicts of interest | 1.0 | [date] | [date] | [role] | conflicts register attached | | Financial controls | 1.0 | [date] | [date] | [role] | approval limits checked |

Attach that register to a funding application only where the funder asks for policy evidence. Keep the underlying policies ready, dated and board-adopted.

A Faster Starting Point

The Charity Governance Pack gives trustees a coherent starting folder: editable policies, a policy-priority selector, a due-diligence register, trustee induction notes and working registers for policy adoption, conflicts and risk.

It is designed for review and adaptation. It is not legal advice, it does not certify compliance, and it does not guarantee that a funder will accept an application. It helps you start from a more coherent folder than a collection of mismatched downloads.

Not sure where your gaps are? Start with the free Governance Gap Finder: Run the gap finder.


This article is general guidance for UK charities and CICs. It is not legal, regulated, accountancy or financial advice and it does not guarantee compliance with any regulator or funder. Confirm each funder's exact requirements directly.