Sector Faces Increased Regulatory Scrutiny and Investigations
The Charity Commission’s recent decision to open a statutory inquiry into the Matt 6.3 Charitable Trust is more than just another regulatory case file; it is a clear signal of a broader, more intense climate of oversight facing the entire UK third sector. The Grimsby-based Christian charity is being investigated over a raft of serious governance concerns, including alleged unauthorised payments to connected parties, a persistent failure to appoint independent trustees, and the submission of late, qualified accounts. While the specifics are concerning, the real story for charity leaders lies in what this inquiry represents: a domestic manifestation of a global shift towards more aggressive regulatory enforcement. This shift is not accidental, but a direct response to a confluence of powerful forces: the speed of technological change, a post-pandemic demand for accountability over public and donated funds, and a wider breakdown of institutional trust. Across governance, financial crime, data privacy, and environmental claims, UK charities are facing an unprecedented wave of scrutiny. The era of assumed goodwill is ending, forcing every organisation to ask why this is happening now and what it means for its operational reality.
At the heart of this new environment is a zero-tolerance approach to foundational governance failures. Recent regulatory actions demonstrate that robust governance is no longer a matter of best practice, but the primary battleground for compliance. The Matt 6.3 Charitable Trust provides a potent case study. The regulator’s inquiry, opened on 25 September 2025, was escalated after the charity allegedly continued making unauthorised payments even after being explicitly told to cease by its own professional advisers. This was compounded by its failure to recruit independent trustees and by its submission of accounts over 100 days late—like the previous year’s—a pattern of repeated failure that was subsequently qualified by an auditor’s concerns over its governance. The Commission’s investigation will now examine the extent to which trustees complied with their legal duties regarding conflicts of interest and the prevention of private benefit. Tellingly, the charity itself submitted a serious incident report on legal advice. This specific UK case, however, is not happening in a vacuum; it is being shaped by a powerful tide of international enforcement.
Enforcement priorities set by major international bodies, particularly in the United States, often create ripples that shape the climate of scrutiny in the UK. On May 12, 2025, the US Department of Justice (DOJ) announced a new white-collar enforcement plan, declaring its intention to combat “rampant health care fraud,” “procurement fraud,” and “schemes that defraud… investors and consumers, especially the most vulnerable.” For a UK charity, this signals that regulators are increasingly adopting the language and mindset of prosecutors, viewing governance failures not just as administrative lapses but as actions that directly harm vulnerable beneficiaries, a perspective that dramatically raises the stakes. This global shift is amplified by the expanding landscape of whistleblowing. The DOJ has launched a new Corporate Whistleblower Pilot Program targeting areas not traditionally covered by other initiatives, such as violations of the Foreign Corrupt Practices Act and private healthcare fraud. This complements the established SEC programme, which has already paid out over $2.2 billion in awards. These initiatives create powerful financial incentives for individuals to report wrongdoing externally, especially if they lack trust in internal systems or fear retaliation. Crucially, these powerful incentives are not limited to financial misconduct; they are just as likely to be used by employees who witness the misuse of personal data in AI systems or the deliberate exaggeration of environmental credentials in fundraising appeals. The pressure is now immense for all organisations, including charities, to strengthen internal reporting systems and conduct prompt investigations to resolve issues before they escalate.
As charities adopt new digital tools to enhance their operations, they are inheriting a complex layer of compliance obligations. The risks to data privacy are severe, with a DLA Piper survey revealing that EUR 1.2 billion in fines were issued across Europe under the GDPR in 2024 alone. The most significant trend here is the move towards personal liability for senior leadership. In a landmark development, the Dutch Data Protection Commission announced it is investigating whether it can hold the directors of Clearview AI personally liable for GDPR breaches. The implications for charity trustees in the UK, who hold ultimate responsibility for their organisation’s compliance, are profound, potentially exposing their personal assets to regulatory penalties. While the UK’s Information Commissioner has stated that fines are not always the most impactful tool, this does not signal a lack of vigilance. Beyond data, the regulation of Artificial Intelligence (AI) is a new frontier. Regulators are now intensely scrutinising AI governance, its alignment with data protection laws, and its potential to concentrate market power, as evidenced by recent antitrust probes by the US Federal Trade Commission (FTC) and the Department of Justice (DOJ) into Microsoft, OpenAI, and Nvidia. For charities using AI for fundraising or service delivery, this is a significant forward-looking risk. Furthermore, the use of generative AI to create marketing copy presents a novel risk: unsubstantiated environmental claims could be generated and disseminated at a scale that manual oversight is ill-equipped to handle, creating a direct link between poor AI governance and the greenwashing trap.
Arguably, the most challenging new front for charities, however, is not in code but in communication. As donor interest in sustainability grows, so does regulatory oversight of the claims charities make, creating a significant reputational and legal risk of greenwashing. Defined as making unsubstantiated or misleading claims about environmental credentials, the scale of the problem is vast. A global sweep coordinated by international consumer protection authorities, including the UK’s CMA, found that 40% of firms’ green claims could be misleading, while a separate EU study found that 53% of such claims were “vague, misleading or unfounded.” The regulatory response is gathering pace, with the EU proposing a Green Claims Directive and the UK’s Competition and Markets Authority (CMA) actively pursuing investigations under its Green Claims Code, which should now be a core reference document for any charity’s fundraising and communications team. The implication is clear: any materials using terms like “sustainable,” “carbon neutral,” or “net-zero” must be robustly substantiated to avoid damaging accusations of deception.
These are not isolated challenges; they are interconnected fronts in a new, more adversarial regulatory landscape for UK charities. The era of light-touch oversight is definitively ending, replaced by intense scrutiny on governance, a global trend of aggressive enforcement, empowered whistleblowers, and new compliance frontiers in data, AI, and environmental claims. A proactive, board-level commitment to compliance is no longer optional but is now a fundamental requirement for survival and for maintaining precious public trust. Trustees must now move beyond asking ‘Are we compliant?’ to asking ‘Can we prove our compliance under intense, external scrutiny?’ and ‘Is our risk register a historical document or a live tool for navigating these emerging threats?’ As the sector navigates this new reality, all eyes should be on the rising threat of personal liability for the trustee board, the first significant regulatory actions related to AI in the charity world, and the formalisation of anti-greenwashing rules into UK law.
