By their very nature, nonprofits embrace risk. They start with little more than a bold dream and desire to make a difference. But risk has a way of blindsiding unwary nonprofits. Consider these seven key areas of risk — and ways to protect your nonprofit:
A lack of appreciation of fraud risk can leave nonprofits exposed to devastating losses, both in terms of financial loss and negative publicity/loss of reputation. For example, allowing a leader, staff member or volunteer to be “above suspicion” can be a recipe for disaster. Likewise, permitting basic financial checks and balances to fall through the cracks can have disastrous consequences.
At the very least, segregate financial duties. For example, do not permit the same employee to originate and approve purchases, and separate the invoice approval function from the payment and receiving function.
There is risk any time an organization uses the intellectual property of another. It could be that energetic new volunteer who cuts and pastes copyrighted material onto your organization’s website. Or, perhaps it’s the freelance graphic designer who uses copyrighted imagery in your new brochure without permission.
Establish standards for publications, both written and electronic. These should include proper use of attribution/citing and disclaimers and guidelines for use of intellectual property.
In today’s wired world, bad news travels fast — whether it’s a disgruntled employee or a donor with an axe to grind. Under the legal doctrine of “vicarious liability,” an organization can be held liable for an employee’s defaming media posts, whether the social media use is for official or personal purposes.
Keep abreast of ever-changing legal developments surrounding social media. Create written guidelines for employees, volunteers and members, and designate a point person to monitor social media. Have a formal crisis communication plan in place to respond quickly to conflicts, crises and bad news.
Managing the typical 403(b) plan is incredibly complex, and penalties for noncompliance — even unintentional errors — can be severe. Outsourcing operation of your retirement plan to a third party provider does not relieve your organization of liability for noncompliance.
Understand how to detect — and correct — errors in plan administration. Start with the IRS’s comprehensive 403(b) Fix-It Guide, which delves into common compliance errors and solutions.
Ignoring compliance issues can seriously jeopardize your organization’s tax-exempt status. These issues run the gamut from the obvious (failure to file Form 990 and any required schedules) to the more complex (excess benefit transactions and issues with unrelated business income).
Notify the IRS if your organization experiences “material changes in its form, activities or sources of support,” and know the red flags for violations. The IRS has become increasingly pro-active in helping nonprofits avoid losing their exempt status, including creating a variety of informative online training tools at www.stayexempt.org.
Under the legal concept of “apparent authority,” a vendor who reasonably perceives that a volunteer or staffer has the authority to act on behalf of the organization may enter into a contract with your organization — even if that volunteer or staff member didn’t have such authority.
Develop a simple policy that spells out who has authority to enter into legal contracts, and run contracts by your attorney — especially complex agreements, like those for technology purchases and software development.
It is incredibly easy to run afoul of the registration requirements that many states, counties and municipalities require in order for charities to solicit funds in their territories. Organizations that fail to register can be subject to fines and civil suits, and even have their right to solicit contributions revoked. Complicating matters further is the issue of fundraising over the Internet.
In an effort to streamline the registration process, the National Association of Attorneys General and The National Association of State Charity Officials jointly developed a standardized registration form called the “Unified Registration Statement,” or URS.
Finally, make sure you protect your directors and officers. Many nonprofits assume that state immunity laws and a general liability insurance policy will provide all the protection they need. But immunity from liability doesn’t stop someone from filing a claim and forcing you to incur expenses defending your organization.
Therefore, you should consider a directors and officers (D&O) liability policy that protects your organization and its directors, officers, employees and volunteers against losses due to “wrongful acts” in governing and managing the organization.
For more information on this topic or to learn how Baker Tilly specialists can help, contact our team.