RA vertical color logo
Nonprofit Compliance

Unfortunately, stories abound of nonprofits that commit employment law violations, allow impermissible conflicts of interest, or violate fundraising law. Every time one of these reports surfaces, the nonprofit sector suffers another black eye, and public confidence erodes.

Most of these issues could have been avoided by proper nonprofit compliance.

But many nonprofit leaders continue to ask: What is nonprofit compliance? What areas of my organization does it impact? How can I ensure compliance with a minimum of distraction and expense? This post answers those questions.


Definition of Nonprofit Compliance

Nonprofit compliance is the process of providing reasonable assurance that your organization obeys applicable laws, contracts, and commitments. As the Standards for Excellence put it, “nonprofits must be aware of and comply with all federal, state, and local laws.” As a result, they “should periodically conduct an internal review of the organization’s compliance with known existing legal, regulatory and financial reporting requirements, and should provide a summary of the results to the Board of Directors.”

The Standard compliance provision is absolutely right, but it may not go far enough. In addition to legal, regulatory, and financial reporting requirements, a nonprofit organization should account for obligations it has made to other organizations and stakeholders. This may include funders, staff, clients, and volunteers.


Nonprofit Compliance Checklist

Many resources are available to help nonprofits identify areas of potential compliance requirements. Labyrinth, Inc., a company that helps nonprofits with state registration, includes the following areas in its helpful compliance checklist:

Nonprofit Corporate Requirements, including business licenses, annual reports, and registered agent requirements;

Nonprofit Fundraising Requirements, including solicitation registration, disclosure statements, and annual reporting;

Nonprofit Operational Requirements, including having current bylaws, complying with those bylaws, ensuring board members comply with fiduciary duties, regular board meetings, and other issues;

Nonprofit Accounting Requirements, including tax-exempt status, filing of IRS form 990, documenting income from unrelated business activity, federal and state grant requirements, and accurate books and records.

Proper Classification of Employees, including filings relating to employees and contractors.

Nonprofit Record-Keeping Requirements, including required state and federal records, what records need to be available to the public, copies of federal and state tax returns for three years, and a records retention process.

In addition about list, successful nonprofit compliance also requires attention to the following:

Private Grant Compliance. Nonprofits must comply with reporting and other obligations in any private grant received.

Restricted Funds Compliance. If your nonprofit receives restricted donations, it must comply with those restrictions.

Workforce Health and Safety. Federal and state health and safety regulations likely apply to your nonprofit. SafetyCulture.com provides an excellent checklist, and ProBonoPartner.org has a useful OSHA guide for nonprofits.

Data Security and Privacy. As noted by the National Council on Nonprofits, any nonprofit that conducts e-commerce on its website (like donations or event registrations), stores or transfers personally identifiable information, or collects electronic information about the habits of its donors, stakeholders, or clients must also account for data security and privacy requirements.

Employment Compliance, including Non-Discrimination, Harassment, and Whistleblower Issues. Nonprofits often make employment mistakes. As a result, it is important for nonprofits to be aware of employment issues.

Local and State Zoning and Licensure Compliance. Certain activities require permits, and many services require licensure.

Compliance with Self-Imposed Requirements. If your organization has adopted protocols or procedures to address volunteers, clients, or others, you should provide reasonable assurance that you are in fact meeting those obligations.

Nonprofits Build Strength Together (BeST)

Risk Alternatives sponsors and curates an online group for nonprofit leaders who want to build resilient organizations.

To stay informed about this group, called Nonprofits Build Strength Together (BeST), click the button below.

What should you do now?

The list above may give you heartburn. It can feel overwhelming. Nonprofits do so much good in the world: why did they have to comply with all of these rules? How does compliance leave time to actually perform services for those in need?

The emotion is understandable, but the answer is clear. Nonprofits have an obligation to abide by the rules, just like anyone else. In fact, compliance is more important in the nonprofit sector. Nonprofits perform critical functions in our society. They can’t afford costly, unforced errors.

Furthermore, with slow and steady work, you can ensure smooth compliance in your organization without undue burden. Here is an nine-step approach:

  1. Have your board set the tone at the top. One of the most important functions of a board of directors is to set the tone at the top. Make sure that your board emphasizes the priority of compliance measures.
  2. Assess your current status. Use the list above and linked nonprofit resources to identify a list of what you need to comply with. Be aware that in this first step you will find areas of noncompliance. No organization is perfect, and any organization that has not evaluated its compliance status in the past is going to find issues. As a result, prepare to find issues in need of attention.
  3. Delegate, and ask people to be devil’s advocates. Don’t try to do this all on your own. Instead, create a task force and assign staff members to look at different areas. Ask them to err on the side of reporting. In this initial stage, you want to identify potential issues, not sweep them under the rug.
  4. Prioritize and perform ongoing remediation. If you have a nonprofit risk management process, add problem areas to your risk register and prioritize relative to other issues. If you don’t, prioritize in the following manner:

– Issues creating potential risks and legal liability;

– Health and safety of employees and clients;

– Violations of policies or ethical practices;

– Ambiguity about legal obligations;

– Everything else

  1. Name, claim, record, and celebrate successes. As you confirm compliance in an area or take steps to remediate, celebrate those wins. This will create ongoing momentum and provide staff and board with assurance that the organization intends to pay attention to its obligations.
  2. Outsource where you can do that cost-effectively. Your accountant may be able to cover many compliance issues. Your attorney may be able to address others. Organizations exist that can help with fundraising registration compliance. Don’t do it on your own where someone else can do it better and less expensively.
  3. Provide targeted training. As you work through compliance, identify risks and areas where your staff needs guidance. Get them the nonprofit training they need.
  4. Document and systematize. Capture your compliance requirements in simple protocols that people can follow to avoid compliance challenges down the road.
  5. Don’t just talk — do. As Nancy Bacon notes in her excellent post on the subject, “You don’t get compliance by” simply “talking about compliance.” 


If you would like to schedule a complimentary strategy session with the Risk Alternatives team, please email info@riskalts.com!