Nonprofit 411: 5 IT Risks Every Organization Should Be Aware Of

Nonprofit 411 BerryDunn-minby Chris Ellingwood, BerryDunn

Technology: we all love it and we all immerse ourselves in it from every fashion of our daily lives. These emerging IT security risks are not overly technical in nature and are things you likely have heard before. Reflecting on a strong economy and a changing business environment, knowing these risks will help empower nonprofits to consider the controls needed to enhance their controls while they implement new, high demand technology and software to allow their organizations to thrive and grow.

1. Third-party Risk Management – It’s Still Your Fault

Daily, we rely on our business partners and vendors to make the work we do happen. Third-party vendors are a potential weak link in the information security chain and may expose your organization to risk. At the end of the day, though a data breach may have been the fault of a third-party, you are still responsible for it. It is paramount that all organizations (no matter their size) have a comprehensive vendor management program in place to defend themselves against third-party risk.

2. Regulation and Privacy Laws – They are Coming

2018 saw the implementation of the European Union’s General Data Privacy Regulation (GDPR) which was the first major data privacy law pushed onto any organization who possesses, handles, or has access to any citizen of EU’s personal information. Enforcement has started and the Information Commissioner’s Office has begun fining some of the world’s most famous companies. All organizations must be aware of and understand current laws and proposed legislation. The good news is that there are a lot of resources out there and, in most cases, legislative requirements allow for grace periods to allow organizations to develop a complete understanding of proposed laws and implement needed controls.

3. Data Management – Time to Cut Through the Jungle

We all work with people who have thousands of emails in their inbox (that date back several years in some cases). Those users’ biggest fears may start to come to fruition – that their organizational approach of not deleting anything may come to an end with a simple email and data retention policy. Organizations should first complete a full data inventory and understand what types of data they maintain and handle, and where and how that data is stored. Next, organizations should develop a data retention policy that meets their needs. Utilizing backup storage media may be a solution that helps reduce the need to store and maintain a large amount of data on internal systems.

4. Doing the Basics Right – Sometimes the Simple Things Work

Across industries and organization size, the one common factor we see is that basic controls for IT security are not in place. Every organization, no matter their size, should work to ensure that they have controls in place. These include:

  • Established IT Security policies
  • Anti-virus/malware on all servers and workstations
  • System logging and monitoring
  • Employee security training

5. Employee Retention and Training

Organizations should be highly focused on employee retention and training to keep current employees up-to-speed on technology and security trends. A culture of security needs to be created and fostered from the top down. Making the effort to empower and train all employees is a powerful way to demonstrate your appreciation and support of the employees within your organization—and keep your data more secure in the process.

Ensuring that you have a stable and established IT security program in place by considering the above risks will help your organization adapt to technology changes and create more than just an IT security program, but a culture of security-minded employees. Our team of security and control experts can help your organization create and implement controls needed to consider emerging IT risks. You may contact me at for more information.

Our Shared Sector: What Every Nonprofit Should Know About the Acronym “DE&I”

by YW Boston

Diversity, Equity, and Inclusion, or “DE&I” as it is commonly referred to, is a phrase that broadly outlines the efforts an organization takes to create a more welcoming environment for people of less-privileged identities. Diversity, Equity, and Inclusion can include any number of interventions and can feel daunting for nonprofits as it requires time, resources, and organizational buy-in. Once a nonprofit has identified that it wants to promote more diverse, inclusive, and equitable spaces, a good starting point is gaining clarity on what diversity, equity, and inclusion is and isn’t.

But Diversity, Equity, and Inclusion is referred to as “DE&I” so often that many individuals may not know what each letter refers to. One barrier nonprofits may face in getting started building a strategy is not knowing the difference between these three concepts and how to address each.

To get started, each part of the acronym is defined below.

What is diversity? What is equity? What is inclusion?

Independent Sector’s definitions of each of these terms are helpful to understanding their differences:

Diversity “includes all the ways in which people differ, encompassing the different characteristics that make one individual or group different from another,” including identity markers such as race, ethnicity, gender, differing abilities, sexual orientation, religion, and more. It also takes intersectional diversity into account, when people’s identity is made of a number of underrepresented identities.

Equity is “the fair treatment, access, opportunity, and advancement for all people, while at the same time striving to identify and eliminate barriers that have prevented the full participation of some groups. Improving equity involves increasing justice and fairness within the procedures and processes of institutions or systems, as well as in their distribution of resources.”

Inclusion is “the act of creating environments in which any individual or group can be and feel welcomed, respected, supported, and valued to fully participate. An inclusive and welcoming climate embraces differences and offers respect in words and actions for all people.” Inclusion goes beyond diversity, because once you have a diverse staff, organizations must focus on retention.

YW Boston often uses inclusion strategist Vernā Myers’ analogy: “Diversity is being invited to the party. Inclusion is being asked to dance.” Diversity is often thought of as being quantifiable by measuring who is represented in an institution. Inclusion is measured through qualifiable data, looking at attitudes and people’s perceptions of how welcoming an organization.

Why can it be unhelpful to boil it all down to “DE&I” acronym?

While goal setting is an important aspect of this work, diversity, equity, and inclusion each require different methods of intervention, different resources, and different tools for measurement.

When Diversity, Equity, and Inclusion are boiled down to the acronym DE&I, diversity often becomes the focus. Because racial, ethnic, and/or gender diversity can sometimes (but not always) be determined by visually scanning an organization, nonprofits may feel it is the easiest to measure and therefore tackle. Diversifying the workforce is important, but that doesn’t directly lead to those new hires feeling welcomed or supported in the organization.

To be able to move beyond diversity, YW Boston’s InclusionBoston team explains, an organization must work with “an understanding that the systems they are working in, especially when they think about institutions, are not equal and are not equitable. They need to recognize that they have to move beyond just having people in the room or at the table.” Organizations often assume that diversity equals inclusivity. While that is not necessarily the case, oftentimes if you are truly inclusive, diversity will follow along.

In addition, many people assume that DE&I work refers specifically to race and gender, but it can address any or all systemic issues of inequity. By looking deeper than the DE&I acronym, an organization can determine whether there is a particular systemic inequity it must address.

The next edition of Our Shared Sector will help nonprofits begin to address each part of the DE&I acronym within their organizations.

About YW Boston

As the first YWCA in the nation, YW Boston has been at the forefront of advancing equity for over 150 years. Through our DE&I services—InclusionBoston and LeadBoston—as well as our advocacy work and youth programming, we help individuals and organizations change policies, practices, attitudes, and behaviors with a goal of creating more inclusive environments where women, people of color, and especially women of color can succeed.

Nonprofit 411: MA Paid Family and Medical Leave: What Do Nonprofits Need to Do For the October 1 Deadline?

Nonprofit 411 Insource-minby Saleha Walsh, Insource Services

Massachusetts provided us with a summer break in delaying the implementation of the payroll taxes that will fund the new state paid leave program. Now it’s time to prepare to meet the upcoming deadlines that require employers to notify their employees of program benefits and to begin employer contributions and employee deductions.

As a reminder, key provisions of this new program include:

  • Paid state-administered medical leave (up to 20 weeks) and family leave (up to 12 weeks, and more for covered service members) beginning in January of 2012. Leave is capped at 26 weeks per year.
  • All Massachusetts workers (as defined in the law – employees and in some cases 1099 contractors) who work for covered entities are eligible for paid leave, limited exceptions exist.
  • A payroll tax payable through MassTaxConnect beginning effective 10/1/19 and paid quarterly. The initial tax contribution rates is 0.75% of a worker’s wages (up to $132,900 of wages).
  • To be eligible for benefits, an employee must have received earnings from present or former Massachusetts employers that are (1) at least 30 times his/her weekly benefit amount, and (2) at least $4,700 over the past 12 months.
  • Former employees meeting this financial eligibility test are also eligible if the leave begins within twenty-six (26) weeks after employment termination.

To meet the October deadline, employers should:

  • Determine if they are a covered business entity. While all employers must participate in the program, a covered business entity is one in which more than fifty percent of a business’s workforce is comprised of self-employed individuals (1099-eligible). A covered business entity is required to include all of the covered employees and contractors in the program.
  • Determine the size of the workforce. Those organizations with fewer than 25 eligible workers must transmit the taxes deducted through payroll deduction on behalf of their employees, but are not required to contribute to the tax. Those organizations with 25 or more employees are required to contribute a portion of the tax for their employees.
  • Consider seeking state approval of a private plan offering identical benefits and protections.
  • Begin to plan for policy changes, if needed, to provide time off and job protection in accordance with the leave act.
  • Submit quarterly wage reports on their workforce including 1099 contractors beginning in January 2020 for the last quarter of 2019.
  • Begin employee payroll deductions effective 10/1/19 and transmit by January of 2020 for the 4th quarter of 2019. For those employers with 25 or more covered workers, the state guidelines require employers to pay 60% of the medical leave share of the tax and employees to pay the remaining 40% through payroll deduction (the medical contribution represents 0.62 of the 0.75 tax).  Employers are not required to contribute to the family leave tax.  (Employers with under 25 workers are not required to contribute at all but must collect and transmit employee deductions for both family and medical leave.)
  • Display the MA Medical and Family leave poster where other employment posters are displayed, in multiple languages in some cases.
  • Distribute workforce notices (by 10/1/19 and upon hire thereafter).

For more information or to obtain sample notices and templates, go to and/or contact Insource Services (


Our Shared Sector: Four Ways to Become a More Inclusive Nonprofit Leader

by YW Boston

YW Boston 1-min

Studies have found that nonprofit organizations are suffering from racial and gender leadership gaps. Research shows that people of color have similar qualifications as white respondents and are more likely to aspire to nonprofit leadership positions, yet people of color are severely underrepresented in leadership positions within the nonprofit sector. This has left many nonprofits wondering how they can develop more inclusive leadership in order to successfully support diversity and inclusion within their organization.

We know that improving diversity and inclusion within an organization requires a team effort. DE&I experts stress the importance of organizational buy-in. Leadership, in particular, should be open to changes within the organization. Executive leadership and management can sometimes pose as gatekeepers to organizational change. Therefore, it’s essential for influential leaders to assess the inclusivity of their leadership. Inclusive leaders can become change agents and are a key element of successful diversity, equity, and inclusion efforts. Fostering inclusive leadership means that your organization is committed to seeking diverse viewpoints, particularly when it comes to decision making.

But what exactly is an inclusive leader? How does one become an inclusive leader and how can individuals assess their own leadership skills?

1. Value and leverage all points of view in order to make better decisions

Groupthink can stifle innovation, decision making, and hurt a company’s bottom line. A leader’s ability to leverage diverse viewpoints can become one of their most critical skills. Through improved collaboration and strategic decision making, inclusive leaders can positively impact business performance, professional development, and employee engagement within their organizations. Not only do diverse teams perform better, but there is also a penalty for less diverse companies.

2. Build the courage to challenge assumptions and practice accountability

Inclusive leaders tolerate risk and are willing to be the first to speak up in favor of changes within an organization. It takes courage to challenge the status quo and hold the organization, others, and ourselves accountable. Courageous leaders should practice self-awareness and regulation in order to lean into discomfort and address their own biases and limitations.

3. Are committed to intentionally creating more inclusive spaces

When an organization is inclusive, all members feel valued, respected, and confident in speaking up and being heard. An inclusive space makes everyone feel like they belong. Improving inclusivity requires a long-term commitment and intentional effort. This means that inclusive leaders should adapt their practices and allocate resources towards improving diversity and inclusion. By aligning DE&I efforts to personal values and business priorities, inclusive leaders can ensure lasting impact.

4. Analyze root causes before taking action

A systems approach, such as the iceberg model, can allow leaders to be more effective and inclusive problem solvers. The iceberg model looks at the various elements within a system that can influence each other. During YW Boston’s LeadBoston program, we challenge participants to critically assess challenges in order to differentiate between symptoms and root cause. This approach provides both the knowledge and the tools that allow leaders to identify attitudes, beliefs, and behaviors that may be reinforcing barriers to diversity, equity, and inclusion.


YW Boston 2-min


This article appeared originally on the YW Boston blog.

About YW Boston

As the first YWCA in the nation, YW Boston has been at the forefront of advancing equity for over 150 years. Through our DE&I services—InclusionBoston and LeadBoston—as well as our advocacy work and youth programming, we help individuals and organizations change policies, practices, attitudes, and behaviors with a goal of creating more inclusive environments where women, people of color, and especially women of color can succeed.


Nonprofit 411: How to Prepare for Having Your 990 Prepared

Nonprofit 411 Jitasa-minBy Jeremy Cork, Jitasa

Whether you prepare your own Form 990 or outsource it, you can make the process less painful by following some simple steps and gathering certain information well-before prep begins. There are (2) variations of Form 990: Form 990 (12 pages) long form or Form 990-EZ (4 pages) short-form.  The gross receipts of your organization are usually what determines which Form 990 you are required to file.

If your fiscal year ends on December 31, your Form 990 is due by May 15.  You do have the option to file a 6-month extension giving you a new/final due date of November 15.  The month following your fiscal year end is usually very busy; preparing and filing employee W2s and contractor 1099’s, preparing various reports, etc. By the time you are finished with those tasks, you’re now a month closer (or more) to your Form 990 due date.  The Form 990 has as nearly as many additional schedules as there are letters in the alphabet.  Knowing ahead of time which schedules may be required can save time, effort and reduce stress.  To see a list of additional schedules and instructions, visit the IRS link here:

Some of these steps can only be done after your fiscal year ends, however, by understanding each step and being proactive, your 990-filing experience can come and go with ease. This list is not all-inclusive as each organization is different, however, many steps are common for all organizations. So here they are!

Steps for making 990 Prep less complicated and less stressful:

  • BE PROACTIVE: discuss with your team ahead of time rather than just before the due date.
  • Financial Review or Audit: Review the audit requirements for your state.
  • IRS Extension: Consider ahead of time if you think you’ll need to file an extension.
  • Review Prior-year Form 990: This will provide insight into what will be required for the current year.
  • Close Books for Year-End:
    • Reconcile ALL bank/checking/savings/investment accounts, etc…
    • Record any journal entries necessary; accruals, AR, AP, prepaids, depreciation, etc…
    • Perform year-end Book Review: Review all activity for all accounts.
  • Gather Financial Information:
    • Financial Reports.
    • Copies of W2’s and 1099’s.
    • Review list of Form 990 Schedules – compare to prior-year Form 990.
  • Non-financial Information:
    • Organization details; Name, Address, Phone #, Board of Directors.
    • Review Parts IV – VII on the 990 to determine which other information may be required.
    • Who will review and sign your 990 internally before the deadline?
    • May need to consider additional as well.
    • Timing: Provide ample time for Board Review and any comments or changes before the filing deadline. A board review is not required but is strongly encouraged.

It may seem like it takes more time to gather information than to prepare the 990, but the extra time spent before prep will pay-off in the end.  Whether your file a Form 990 long form or Form 990-EZ short-form, prep time can be drastically reduced by following the steps outlined above.  Understanding that preparing and filing Form 990 is extremely important to your organization and should not be an after-thought. Your mission, and the cause it supports, is much too important not to consider the importance of your Form 990.

Nonprofit 411: How Does the New Transportation Benefits Tax Impact Nonprofits?

Nonprofit 411 HemBar-minBy Brad Bedingfield, Hemenway & Barnes LLP

To the dismay of charities across the country, costs incurred in providing certain commuting and parking benefits to employees now result in a tax payable by the charity (or other tax-exempt organization).  This odd tax (for expenses incurred after December 31, 2017) can be found in section 512(a)(7) of the Internal Revenue Code.  The tax is framed as a deemed “unrelated business income tax” (or “UBIT”), and the costs that trigger this tax are treated as deemed “unrelated business taxable income” (or “UBTI”).  Treatment of these costs as deemed UBTI affects how the taxes are calculated, and what options an organization may have for avoiding or minimizing the tax.

What costs are taxable? 

For purposes of determining the amount subject to tax, we must focus on costs to the employer, not benefits to the employee.  Costs to provide commuter rail or subway passes, and for certain kinds of bus or van transportation, generally count as deemed UBTI only up to $265 per month (in 2019), whether those costs are incurred directly or by way of pre-compensation reduction arrangements.  Commuter parking benefits provided by way of payments to third-party parking vendors generally work the same way, with a similar effective $265 per employee per month cap in many cases.

However, things get much more complicated when a tax-exempt employer owns and operates its own parking lot or garage.  Countable costs may include a range of things, including employee costs, maintenance, snow and leaf removal, cleanup, insurance, real estate taxes, and so forth (although depreciation on the parking facility does not count as a cost for this purpose).  Once the aggregate costs for parking are tallied, the employer has to find a reasonable way to allocate those costs to employee use.  IRS Notice 2018-99 provides one method of doing that, but each organization should consult with its tax advisors to determine a reasonable method for that organization.

Does Massachusetts impose UBIT?

Massachusetts imposes its own UBIT as well.  Because of the way the Massachusetts tax code references the federal UBIT provisions, it appears that this deemed UBTI for the cost of commuting and parking benefits will be subject to Massachusetts tax for employers in corporate form, but not for employers in trust form.  Like the federal government, Massachusetts requires quarterly estimated payments in advance, although the schedules for payment are not identical.  Other states may have a separate UBIT as well, which may or may not incorporate this new 512(a)(7) tax.

Can the tax be avoided or minimized?

One way to avoid or minimize the tax would be to stop providing commuting or parking benefits (perhaps instead increasing compensation), but that may not be practical.  An organization that has certain kinds of losses attributable to unrelated businesses may be able to use those losses to offset this deemed UBTI, although other changes in the rules have made that more difficult, especially with regard to new (post 2017) losses.  Charitable contributions may be an elegant way to avoid or limit this tax.  Charities in corporate form can generally deduct up to 10 percent of their UBTI for charitable contributions, and those in trust form can generally deduct up to 50 percent.  However, for certain very limited kinds of disaster relief, Congress (by special legislation) allows deductions of up to 100 percent of UBTI.  The organization will still have to file the federal Form 990-T to report the deemed UBTI and claim any deduction, but this can be a handy way to turn a tax into a mission-furthering grant.

Possible repeal of the tax?

Given its bipartisan unpopularity, this tax may be repealed at some point.  For now, however, nonprofits need to be tracking and paying taxes on costs to provide their employees with commuting and parking benefits.

For an in-depth review of the new transportation benefits tax on nonprofits, MNN members can watch my April 19th webinar, “New Transportation Benefits Tax on Nonprofits,” in MNN’s Webinar Archives.

Brad Bedingfield is Co-Chair of the Nonprofit Group at Hemenway & Barnes LLP. Brad assists private foundations and public charities with navigating complex tax regulations and procedures, including receipt and disposition of complex charitable gifts and participation in innovative forms of impactful philanthropy.

Nonprofit 411: Improving Board Performance

Nonprofit 411 Clark-minby Sarah Lange, Clark University School of Professional Studies

Executive directors and directors of development often cite under-performing boards as one of the top challenges they face. In addition, board members cite meetings, paperwork and minutia as the things they enjoy least. But change is possible. An engaged board of directors can help nonprofits fulfill their mission in new and surprising ways. Good boards don’t materialize out of thin air: they are the result of strategic, thoughtful work, and a year-round investment in recruitment and education.

However, most of the methods, processes, and structures that some nonprofits use are outdated. Given this, it’s no wonder that boards sometimes fail to fulfill their duties and not realize their potential.


An active, engaged board results from proper recruitment. Create a Board Development Committee (BDC) comprised of 3-4 people willing to take charge of the development of your board. Next, collect a list of 25-100 names of potential board members: be sure to consider diversity in all its forms. A diverse board provides you with access to multiple perspectives, skills, attitudes, and cultures. Channeled properly, this will lead to more creativity and innovation.

Be strategic when selecting board members. The #1 selection criteria for any new board member should be a passion for your organization’s mission, because they’ll go the extra mile. Look at where the organization is in terms of its stage of development. You’ll need a different type of board for each stage: Start-up, Stabilization, and Continued Growth. Regardless of the stage, it’s important to have board members and/or staff with the opposite personality type that stage requires, as these people will help nudge you to the next stage of development.


Orientation and activation are the job of the Board Development Committee. At the very least, orientation should consist of a tour of the organization and a review of the board manual. Ensure that the expectations, duties and responsibilities are clear to everyone involved. People perform better when they have a clear understanding of what it is they’re supposed to do. Engage new members immediately by assigning them to a committee. The BDC should check in with new members before and after each meeting to get their feedback about their experience and offer guidance or support as needed.


Investing in the growth and development of board members is essential to improving board performance. The best way to identify the strengths and growing edges of a board is to conduct an assessment, and then develop a plan for addressing identified needs. It’s also a good idea to conduct a skills and interest inventory so you know which gifts board members are bringing to the party. Ongoing education should be a regular part of board meetings.

And don’t forget to celebrate. Be sure to integrate fun and celebration into the life of the board. Sharing updates and accomplishments at the beginning of each meeting can set the tone and be uplifting to the overall attitude and moral of the members.

These are just a few tips to help you improve board performance. Remember: board members want to help, but it’s our job to show them how to support the work of the organization.

Nonprofit 411: Are You Still Living in the 1980s?

By Barry MacQuarrie, CPA, Director, Business Automation Solutions, Kevin P. Martin & Associates, P.C

Ever feel like your nonprofit organization is operating the same way it did in the 1980s? Yes, the 1980s, a decade that brought us the ‘Miracle on Ice,’ the Celtics dynasty and, of course, the first laptop. Who can forget the laptops from such memorable companies as Osborne, Compaq and Kaypro? Although the 80s was a great decade, it’s also when we started to spend time keying and rekeying data into our new desktop accounting applications.

Sadly, many of these time intensive activities continue today. Let’s look a simple sale transaction. You place your order, the vendor enters the information and mails a paper copy of their bill. You rekey the data into accounts payable and process your payment. They receive your check and rekey the same data into their billing app. There must be a better way!

The impact of new technologies during the past decade has been nothing short of amazing. We share our lives on social media, depend on our mobile devices for everything and have moved to the cloud. Developers are constantly building new apps that can radically change the world of business.

By embracing these radical new technologies, we can break old habits and build organizations that are more efficient and reliable. Image a day when your order from that vendor sets off a series of financial transactions that don’t require a single person to manually rekey data. Here a few areas that you can explore to make your organization more efficient:

  • Processing Vendor Bills – There are new apps that can fetch your vendor bills, analyze the bills using OCR and create usable data that can be automatically posted to your accounts payable app. No more rekeying data!
  • Expense Reporting – In a similar fashion, these apps digitally capture receipts, create expense reports, automate the approval process, provide reimbursement and automatically sync the data to your accounting app. Rekeying data is one again eliminated!
  • Time Tracking – Anyone using manual time cards or spreadsheets to track time? Today’s time tracking apps allow employees to clock in and track their time on a mobile device, change job codes with a simple click and electronically submit their time for approval. These apps will push the approved data to your payroll and accounting apps. Bye, bye rekeying of data!
  • Integration and Automation Apps – Imagine if an action in one app could automatically cause action in other apps and integrate data. For example, someone donates via your website and an app automatically adds them to your mailing list, sends an email alert to the management team, builds a thank you email and tweets about their donation. Just one more way to eliminate keypunch!

For any of us old enough to remember the DOS version of QuickBooks, some of these apps seem too good to be true! However, they really do exist and can be used to dramatically change your organization. They can help you move your operations out of the 1980s and create a more efficient and fun place to work.

Nonprofit 411: Questions to Ask Yourself about Client Confidentiality and the Mobile Workforce

By Dan Keleher, KPM Consulting, LLC


Nonprofit 411 KPM 2The global workforce is evolving into a remote and flexible environment. According to Strategy Analytics there is potential for the mobile workforce to increase from 38.8% of the global workforce in 2016 to 42.5% by 2022. This move is seen as mutually beneficial for employees and employers.

With the increase in the mobile workforce, employers are identifying cost savings in areas as diverse as real estate/office space and training of new employees, and are reporting increases in productivity due to reductions in days out sick. Employees are reducing personal expenses with reduced commuting costs as well as time savings. The increase in remote work has also opened opportunities for workers with physical disabilities or limited mobility. Ultimately, all of this contributes to a more productive work environment.

What does this mean for your customers and their data? Doesn’t the remote worker introduce more security risks and a greater chance of a data breach? Not necessarily, as long as everyone is doing their part. First, as the employer you need to take a serious look at your data security program.

  • Has your Information Technology (IT) staff established substantive security measures? Are they monitoring firewalls and intrusion detection, encrypting data at rest, encrypting laptop hard drives, pushing updates for anti-virus or malware programs, and establishing email filtering and multi-factor authentication for network access?
  • How are your data security policies and procedures? Are you prohibiting the storage of customer data on mobile devices such as laptops, flash drives, and smartphones? Are you requiring the use of a Virtual Private Network (VPN) when remote users connect to your network? What about requiring users to ensure the latest system and application patches and updates are installed on their laptops; and prohibiting the use of any company owned device by any non-employee?
  • How is your data security training program? Is your staff receiving updated training throughout the year on the current data security policies and procedures? What about why strong passwords are important, or how to identify phishing and possible malware attacks?
  • Do you have a fully implemented incident response program? Do your staff know what to do in case of a lost or stolen device?
  • When was the last time you reviewed and updated your Massachusetts data privacy Written Information Security Plan (WISP)?

Ensuring your mobile workers do not jeopardize your customer’s confidentiality starts with ensuring that your organization has a strong data security program and that all employees are educated on the part that they play in that program.

Dan Keleher is the Executive Director of KPM Consulting, a subsidiary of Kevin P. Martin & Associates, P.C. He can be reached at KPM Consulting offers a variety of services including IT risk assessments, business continuity planning, vulnerability scans, SOX compliance reviews, MA data privacy planning, HIPAA compliance reviews, data center reviews, and security testing.


Nonprofit 411: Securing Growth Capital in Challenging Times

Nonprofit 411 People's UnitedBy Bruce Figueroa, Head of Non-Profit-Banking at People’s United Bank

Nonprofit organizations looking to issue bonds for capital projects, or to refinance existing debt face one of the toughest financing environments in years due to rising interest rates and recent changes in tax laws. Careful, expert analysis and advanced planning are critical for all organizations today to be able to structure the most efficient long-term financing vehicles to help fund new projects.

The pressure on interest rates is real and growing. Ten-year Treasury rates have risen more than 125 basis points or 60% since Labor Day, 2017—with more rate hikes expected in 2019. Meanwhile, bank direct purchase tax-exempt bond rates have increased due to the corporate tax-rate changes that went into effect on January 1, 2018. The combined impact of these changes means that a nonprofit that might have financed a project at 2.5% before the changes in both market rates and the tax code, could now face tax-exempt rates of 4.5% or even 5%.

Given this backdrop, nonprofits need creative, customized financing solutions and expert analysis in three areas: peer comparison, debt capacity and cost/benefit views on various debt structures.

Creative Financing Solutions

Tools such as interest-rate derivatives can help protect against interest-rate risk in a rising rate environment. Instead of taking out a floating-rate loan or bond during construction and convert to a fixed-rate when construction is complete, the nonprofit can partner with a bank to design an interest-rate derivative with a forward starting rate lock based on the project completion date. This rate reduces risk, improves the nonprofit’s forecasting and its ability to service the new debt.

Peer Comparison

An informed peer comparison analysis gives borrowers a valuable view into their own performance vs. those of similar organizations. This comparison – offered by bankers with expertise in the particular sector – can define key performance indicators (KPIs) and help set realistic performance objectives against those KPIs. Metrics typically include cash flow, debt service, operating performance and balance sheet measures such as leverage and liquidity.

Debt Capacity

The simplest debt analysis looks at the current level of debt and infers a debt coverage value. A more thoughtful analysis will also use peer comparison information to assess additional capacity and consider the impact of future projects and capital investments. Knowing debt capacity is vital for planning purposes and to set appropriate fund-raising targets.

Comparative cost/benefits

Changes in interest rates and tax rules continue to shift the cost/benefit analyses. For example, if the upfront fees on a taxable loan are $40,000, while the upfront fees on a tax-exempt bond are $150,000, a comparative cost/benefit analysis needs to factor in the size of the issuance and its duration to determine if the higher upfront fees of a bond are worth paying. It’s important to conduct these analyses well before the organization will need to issue debt.

Adjusting to New Terrain

The facts on the ground—higher interest rates and a less advantageous tax code—are putting pressure on nonprofits looking to issue debt and plan for projects. Fortunately, there is still a strong appetite among regional banks to purchase these bonds. And by teaming with expert bankers, not only can nonprofits access creative, customized financing solutions, they can also gain insights into three critical areas for future planning: peer comparison, debt capacity and cost/benefits.

Bruce Figueroa is Head of Non-Profit-Banking at People’s United Bank. He leads a team of specialized bankers that partner with nonprofit institutions across industries, to provide strategic solutions for financing, liquidity, risk, operational and resource management in support of their missions. Please contact Bruce at