Safeguarding Basics for the Charity Sector

TL;DR Safeguarding is the responsibility of every charity that works with people — not just those working with children or vulnerable adults. The Charity Commission expects all charities to have safeguarding policies proportionate to their activities, to report serious safeguarding incidents promptly, and to take reasonable steps to prevent harm. The Oxfam scandal in 2018 fundamentally changed sector expectations: safeguarding is now treated as a governance priority, not an operational afterthought. Getting it wrong can destroy a charity's reputation and, more importantly, cause real harm to the people it exists to serve.

Why this matters

Charities exist to do good. But the power dynamics inherent in charitable work — between service providers and beneficiaries, between staff and volunteers, between organisations and the communities they serve — create opportunities for abuse, exploitation, and harm. Safeguarding is about recognising those risks and taking systematic steps to prevent and respond to them.

This is not a niche compliance topic. Safeguarding failures have brought down major organisations, triggered sector-wide inquiries, and caused immense harm to individuals. The Charity Commission now treats safeguarding as one of its top regulatory priorities, and funders increasingly require evidence of robust safeguarding arrangements as a condition of grants.

The 5 things to know

1. Safeguarding means protecting people from harm

In a charity context, safeguarding means taking reasonable steps to protect people — particularly children, young people, and adults at risk — from abuse, neglect, exploitation, and other forms of harm. But the concept extends beyond work with traditionally "vulnerable" groups. Any charity where staff, volunteers, or representatives interact with people has safeguarding responsibilities.

The main categories of harm that safeguarding addresses include:

• Physical abuse: Hitting, restraining, or otherwise causing physical harm.
• Sexual abuse and exploitation: Any form of sexual activity or exploitation involving someone in a position of power or trust.
• Emotional or psychological abuse: Intimidation, bullying, controlling behaviour, or persistent undermining.
• Neglect: Failing to provide appropriate care, support, or supervision.
• Financial exploitation: Misusing someone's money or assets, particularly where they are in a dependent relationship with the charity.

Safeguarding also covers the conduct of the charity's own people — staff, volunteers, and trustees — and their behaviour both within and outside the organisation where it is relevant to their role.

2. The Charity Commission expects safeguarding policies and serious incident reporting

The Charity Commission's safeguarding guidance makes clear that all charities working with people who may be at risk of harm should have safeguarding policies and procedures proportionate to the nature of their work. This includes:

• A written safeguarding policy, reviewed regularly.
• Clear procedures for reporting concerns, both internally and to external authorities.
• A designated safeguarding lead with appropriate training and authority.
• Training for all staff and volunteers who have contact with beneficiaries.

Critically, charities are required to report serious safeguarding incidents to the Charity Commission. A serious incident includes any safeguarding concern that has resulted in or risks significant harm to people who come into contact with the charity, or that has resulted in or risks significant damage to the charity's property, assets, or reputation. Reports must be made promptly — the Commission expects to hear about incidents as they arise, not after they have been resolved.

Failure to report serious incidents is itself a regulatory concern. The Charity Commission has been clear that it treats non-reporting as seriously as the underlying incident in some cases.

3. DBS checks are required for specific roles, not all roles

Disclosure and Barring Service (DBS) checks are a key part of safeguarding, but they are not a blanket requirement for everyone who works or volunteers with a charity. The rules on who is eligible for a DBS check — and at what level — depend on the role and the people the role involves contact with.

There are three levels of DBS check:

• Basic check: Shows unspent convictions only. Available for any role.
• Standard check: Shows spent and unspent convictions, cautions, reprimands, and final warnings. Available for roles listed in the Rehabilitation of Offenders Act 1974 (Exceptions) Order.
• Enhanced check: Includes everything in the standard check plus any relevant information held by local police. Available for roles involving regular contact with children or vulnerable adults. An enhanced check with barred list check also confirms whether the individual is barred from working with these groups.

Charities must ensure they are requesting the right level of check for each role and not requesting checks they are not entitled to. A DBS check is a snapshot in time, not a guarantee of safety — it must be part of a broader approach to safer recruitment that includes references, interviews, and ongoing supervision.

4. The Oxfam scandal changed the sector's approach to safeguarding

In February 2018, The Times reported that Oxfam staff had used prostitutes during the 2010 Haiti earthquake relief operation and that the charity had failed to adequately investigate or report the incidents. The scandal triggered a sector-wide crisis of confidence and a fundamental reassessment of how charities handle safeguarding.

The fallout included:

• A Charity Commission inquiry into Oxfam that found a "culture of poor behaviour" and criticised the charity for failing to report the incidents as serious incidents.
• A parliamentary inquiry by the International Development Committee that examined safeguarding across the international development sector.
• The creation of the Safeguarding Resource and Support Hub (RSH) for the aid sector.
• A significant increase in serious incident reports to the Charity Commission — from around 2,000 in 2016/17 to around 2,800 in 2017/18, and consistently higher numbers in subsequent years, suggesting that previous figures reflected under-reporting rather than low incidence.

The lasting impact has been to elevate safeguarding from an operational procedure to a governance priority. Trustees are now expected to have oversight of safeguarding, to receive regular reports, and to assure themselves that arrangements are adequate. Funders — particularly government departments and institutional funders — now require detailed safeguarding assurances as standard.

5. Safeguarding is a governance responsibility, not just an operational one

The Charity Commission is unambiguous: safeguarding is a trustee responsibility. The board must ensure that the charity has appropriate safeguarding policies, that those policies are implemented effectively, that serious incidents are reported, and that the charity's culture supports safe behaviour.

This means safeguarding should be a standing item on board agendas, not something that only comes up when there is a problem. Trustees should receive regular reports on safeguarding activity — including concerns raised, how they were handled, and any patterns or trends. At least one trustee should have specific responsibility for safeguarding oversight, though the whole board shares collective accountability.

The Charity Governance Code (2025) reinforces this, including safeguarding within its expectations on ethics and culture and managing resources and risks. Charities that treat safeguarding as purely the responsibility of the operations team, with no board engagement, are not meeting current governance standards.

Common misunderstandings

"We don't work with children or vulnerable adults, so safeguarding doesn't apply to us." Safeguarding applies to any charity that works with people. Even charities whose primary beneficiaries are not in traditional "vulnerable" categories may have staff, volunteers, or supporters who are at risk. The Charity Commission's expectation is that all charities consider whether safeguarding risks exist in their work.

"We do DBS checks, so we've got safeguarding covered." DBS checks are one tool in a toolkit, not a safeguarding strategy. They only reveal past recorded offences and are not a predictor of future behaviour. Effective safeguarding requires policies, training, supervision, a culture of openness, and systems for reporting and responding to concerns.

"Reporting a safeguarding incident to the Charity Commission will get us into trouble." The Charity Commission has been clear that it views reporting positively — it shows the charity is taking safeguarding seriously. What gets charities into trouble is failing to report, covering up incidents, or not having adequate policies in the first place.

"Safeguarding is about catching bad people." Safeguarding is primarily about creating environments where harm is less likely to occur and where concerns are identified and addressed quickly. It is a systems issue, not just an individual one.

How it works in practice

In a well-safeguarded charity, the approach starts with prevention. The charity has a written safeguarding policy that is reviewed annually, covers all relevant activities, and is accessible to staff, volunteers, and beneficiaries. All staff and volunteers receive safeguarding training appropriate to their role, with refreshers at regular intervals.

Safer recruitment practices are followed for all roles that involve contact with people at risk: role descriptions are clear about safeguarding responsibilities, references are taken up and verified, DBS checks are obtained where eligible, and there is a probationary period with appropriate supervision.

When a concern arises, there is a clear reporting pathway. Staff and volunteers know who to tell and how. The designated safeguarding lead assesses the concern, involves external authorities (police, local authority safeguarding teams) where appropriate, and ensures the person at risk is supported. The charity reports the incident to the Charity Commission if it meets the serious incident threshold.

The board receives a safeguarding report at every meeting — not just when things go wrong, but as routine assurance that the system is working. The charity learns from incidents and near-misses, and updates its policies and training accordingly.

What people disagree about

The extent to which safeguarding procedures should be standardised across the sector is contested. Some argue that a uniform approach — with mandatory training standards, prescribed policies, and sector-wide reporting mechanisms — is necessary to prevent the kind of failures seen at Oxfam and elsewhere. Others worry that one-size-fits-all approaches can be disproportionate for smaller organisations and can create a compliance culture that focuses on paperwork rather than genuine safety. See Safeguarding After Oxfam for more on how the sector has responded.

There is also a real tension between safeguarding and trust-based working. Charities that adopt trust-based approaches — reducing monitoring requirements, giving more autonomy to frontline workers, building less hierarchical relationships with beneficiaries — must reconcile this with the need for oversight and accountability that safeguarding demands. This is not a simple trade-off, and the sector has not yet found a settled answer. See Safeguarding vs Trust.

What to read next

• Governance and Trustee Duties — safeguarding as a core governance responsibility.
• Reporting, Annual Returns, and Impact — serious incident reporting as part of the charity's regulatory obligations.
• What Trustees, Executives, and Staff Do — understanding the roles involved in safeguarding oversight.

FAQs

What counts as a serious safeguarding incident that must be reported to the Charity Commission?

Any incident that has resulted in or risks significant harm to beneficiaries, staff, volunteers, or others who come into contact with the charity. This includes allegations of abuse by someone connected to the charity, failures in safeguarding procedures that expose people to risk, and incidents that could damage public trust in the charity. When in doubt, report — the Charity Commission would rather receive a report that turns out to be minor than not receive one that turns out to be serious.

How often should safeguarding training be refreshed?

There is no single legal requirement, but good practice is to provide refresher training at least every two to three years for all staff and volunteers, with more frequent updates for those in high-risk roles or designated safeguarding leads. Training should also be updated whenever there are significant changes to policy, legislation, or the charity's activities.

Can a charity be held responsible for the actions of a volunteer?

Yes. Charities have a duty of care to the people they work with, and this extends to harm caused by volunteers acting in the course of their role with the charity. This is why safer recruitment, training, and supervision apply to volunteers as well as paid staff — particularly where volunteers have contact with people at risk.

What is the difference between safeguarding and duty of care?

Duty of care is a broader legal concept — the obligation to take reasonable steps to avoid causing harm to others. Safeguarding is a specific framework within that broader duty, focused on protecting people (especially those at risk of abuse or exploitation) through policies, procedures, and organisational culture. All charities have a duty of care; safeguarding is how that duty is operationalised for the people the charity works with.