Charity Policies for the Annual Return - A Trustee Checklist

If you are a charity trustee in England and Wales, the Charity Commission expects you to have a working set of policies in place. These policies are not decoration. They are the practical evidence that you are governing your charity well.

Each year, the Commission's annual return asks trustees a series of questions about how the charity is run, and some of these questions ask directly whether key policies exist. Holding and following the right policies is part of good governance, and it is reflected in the Charity Governance Code, a sector standard rather than a piece of law.

The headline point is simple. Trustees are responsible for their charity's governance and for compliance with charity law, and a clear set of policies is how you demonstrate that responsibility in practice.

This pillar page sets out the full set of policies that trustees are commonly expected to have. For each one, it explains briefly what the policy covers and which Charity Commission guidance underpins it, then links to a dedicated guide where you can go deeper.

Throughout, we point you to the relevant Charity Commission guidance so you can check the source for yourself. The full list of guidance is available in the Charity Commission guidance collection.

Why the Commission expects these policies

Charity law places the running of a charity squarely with its trustees. That means trustees must make decisions in the charity's best interests, manage its resources responsibly and protect the people the charity works with.

Policies turn those duties into repeatable practice. They tell trustees, staff and volunteers how decisions are made, who can authorise what, and how problems are handled when they arise.

When the Commission asks about policies on the annual return, it is checking that this governance is real and not just assumed. A policy that exists on paper but is never followed offers little protection, so the expectation is that you adopt, use and review each one.

The 2026 trustee policy checklist

The sections below run through the core policies in turn. They are grouped loosely by theme, starting with the duties that protect people, then money, then governance and conduct.

1. Safeguarding

Trustees have a duty to take reasonable steps to protect from harm everyone who comes into contact with the charity, including beneficiaries, staff, volunteers and the wider public. A safeguarding policy and supporting procedures appropriate to the charity's activities are expected.

Where roles are eligible, this includes carrying out DBS checks. The policy should set out how concerns are raised, who is responsible and how the charity responds.

Read more in our charity safeguarding policy guide.

2. Serious incident reporting

A serious incident is an adverse event, whether actual or alleged, that results in or risks significant harm to people connected with the charity, or significant loss of its money or assets, or significant damage to its property or reputation. Trustees should report serious incidents to the Commission promptly and explain how they are handling them.

Where the incident involves safeguarding, it should also be reported to the police, obtaining a crime reference number. The Commission's guidance on how to report a serious incident sets out the process.

Our serious incident reporting policy guide explains how to build this into your governance.

3. Internal financial controls (CC8)

Internal financial controls protect charity funds and reduce the risk of fraud and error. They include measures such as segregation of duties, authorisation limits, dual authorisation of payments, bank reconciliations and trustee oversight of income and expenditure.

These controls are underpinned by the Commission's guidance on internal financial controls for charities (CC8). See our internal financial controls policy guide for the detail.

4. Reserves (CC19)

Trustees should set, document and explain a reserves policy that suits the charity's circumstances. The trustees' annual report should state the reserves policy, the level of reserves held and why that level is appropriate.

This is set out in the Commission's guidance on charities and reserves (CC19). Our charity reserves policy guide walks through how to write and justify yours.

5. Risk management (CC26)

Trustees should identify and assess the major risks the charity faces and decide how to manage them, commonly using a risk register that is reviewed regularly. Larger charities must include a risk management statement in their trustees' annual report.

For more, see our risk management policy guide.

6. Complaints

A complaints policy gives beneficiaries, supporters and the public a clear route to raise concerns and have them dealt with fairly. Handling complaints well is part of good governance and helps trustees spot problems early, before they become serious incidents.

Our complaints policy guide explains what a workable procedure looks like.

7. Conflicts of interest (CC29)

Trustees must identify, declare and manage conflicts of interest. Where needed, a conflicted trustee should be removed from the relevant decision, and what happened must be recorded. Keeping a register of interests is good practice.

This duty is set out in the Commission's guidance on conflicts of interest (CC29). Our trustee conflicts of interest policy guide covers how to manage them in meetings.

8. Trustee expenses and payments (CC11)

Charities can reimburse trustees' genuine, reasonable out-of-pocket expenses, and a clear expenses policy keeps that transparent. Paying a trustee for services, or as an employee, is restricted and depends on the governing document and the law.

See our trustee expenses policy guide for what you can and cannot reimburse.

9. Investing charity funds (CC14)

Trustees who hold funds for investment should have an investment policy. Charities can make financial and social investments, and may adopt responsible or ethical investment approaches that are consistent with their charitable purposes.

Our investing funds policy guide explains how to document your approach.

10. Campaigning and political activity (CC9)

A charity may campaign to further its charitable purposes, but it must never support a political party and cannot make political donations. A policy here helps trustees stay within the rules while still speaking out on the issues that matter to the charity.

The Commission's guidance on campaigning and political activity (CC9) sets the boundaries. See our campaigning and political activity policy guide.

11. Social media

A social media policy gives staff, volunteers and trustees clear ground rules for posting on the charity's behalf and protects its reputation. It links closely to safeguarding, campaigning rules and data protection, so it is worth treating as part of the wider set rather than an afterthought.

Our social media policy guide shows what to include.

12. Engaging external speakers

Charities that host events or invite guests may adopt a policy for engaging external speakers. It helps trustees manage reputational risk, stay within the campaigning and political activity rules, and protect those attending.

See our external speakers policy guide for a practical approach.

The data protection gap (UK GDPR and the ICO)

The Charity Commission's core policy expectations do not centre on a standalone data protection policy, so it can be easy to overlook. That is the gap worth flagging in any honest checklist.

Any charity that processes personal data must comply with UK GDPR and the Data Protection Act 2018, which are regulated by the Information Commissioner's Office (ICO), not the Commission. Most charities hold data on donors, beneficiaries, staff or volunteers, so this obligation almost always applies even though the annual return does not lead with it.

Quick-reference table

Policy	What it covers	Underpinning guidance
Safeguarding	Protecting everyone in contact with the charity, including DBS checks for eligible roles	Charity Commission safeguarding duty
Serious incident reporting	Reporting significant harm, loss or damage promptly to the Commission	How to report a serious incident
Internal financial controls	Segregation of duties, authorisation limits, dual authorisation, reconciliations	CC8
Reserves	Setting, documenting and explaining the level of reserves held	CC19
Risk management	Identifying and managing major risks, often via a risk register	CC26
Complaints	A fair route for raising and resolving concerns	Good governance practice
Conflicts of interest	Declaring, managing and recording conflicts; register of interests	CC29
Trustee expenses and payments	Reimbursing genuine expenses; rules on paying trustees	CC11
Investing funds	Financial and social investment, including ethical approaches	CC14
Campaigning and political activity	Campaigning within the rules; no party support or political donations	CC9
Social media	Ground rules for posting and protecting reputation	Good governance practice
External speakers	Managing reputational and safeguarding risk at events	Good governance practice
Data protection	UK GDPR and Data Protection Act 2018 compliance	ICO (not the Commission)

What trustees must do

• Review your current policies against this checklist and note which ones are missing or out of date.
• Adopt each policy formally at a trustee meeting and record the decision in the minutes.
• Follow the policies in practice, because a policy that is never used offers little protection.
• Record conflicts of interest, financial authorisations and incidents as they happen.
• Report serious incidents to the Commission promptly, and safeguarding matters to the police as well.
• Refresh your policies on a regular cycle and after any significant change to the charity's activities.
• Check your data protection obligations under UK GDPR even though the annual return does not lead with them.

Common mistakes

• Treating policies as a filing exercise and never actually following them.
• Copying a generic template that does not match the charity's real activities.
• Leaving the reserves policy out of the trustees' annual report, or failing to explain the level held.
• Recording conflicts of interest informally, or not removing a conflicted trustee from the relevant decision.
• Delaying a serious incident report, or forgetting to obtain a crime reference number for safeguarding matters.
• Assuming the Commission covers data protection, when UK GDPR is regulated by the ICO.
• Writing policies once and never reviewing them as the charity grows or changes.

How Policy Pros can help

Policy Pros writes bespoke charity policies that match how your charity actually operates, rather than off-the-shelf templates that gather dust. We map each policy back to the relevant Charity Commission guidance so trustees can answer the annual return with confidence.

Explore our full charity policies and procedures service to see how we can build your complete set. If you are setting up, our policies for new charities guide shows where to start.

You can also dig into the individual policies, including our charity safeguarding policy guide, charity reserves policy guide and trustee conflicts of interest policy guide, each with practical, trustee-ready detail.