Nonprofit 411: 5 Policies That Could Protect Your Organization

Sheryl Howard - headshotBy Sheryl Howard,  Krokidas & Bluestein LLP

Tax exempt non-profit organizations should periodically review their existing policies, and should consider what other policies make sense based on their size, staffing, and operations. The following is a list of some key policies for Massachusetts non-profit organizations to consider:

1)      Conflict of Interest –   A conflict of interest policy should define what constitutes a conflict, identify who is covered (typically directors, officers and senior staff), and include a process for monitoring and enforcing the policy.  In particular, the policy must require that these parties disclose any conflict and recuse themselves from all voting and discussion of the matter.  Some organizations may want to have a conflict of interest policy for rank and file staff, as well.

2)      Whistleblower – A whistleblower policy helps to foster a culture where employees are encouraged to bring problems to the organization’s attention without fear of retaliation.  This policy should establish a process for staff to report violations internally and in good faith, including identification of the party  whom staff should contact and other specifics as to how to make a report.  Last, it should explicitly protect the employee reporting the issue from retaliation or other negative ramifications.

3)      Document Retention and Destruction – This policy is usually highly customized, depending on how the organization creates, handles, stores and destroys documents and who will administer the policy and monitor compliance.  A good policy should take into account the relevant statutes of limitations for the types of claims that may arise in connection with the documents, and should put in place a plan for preventing the destruction of documents in the event of litigation or certain investigations.  This plan should include (and comply with) the written information security plan described in Item 4 below.

4)      Data Privacy & Security – This policy should address how the organization will handle and store “personal information” (social security numbers, credit card information, bank account numbers and drivers’ license numbers) of all Massachusetts residents (employees, clients, donors, etc.).  If the organization handles or stores this type of information, it must have a written information security plan in place.

5)      Public Disclosure Procedures – The organization should address how it will make its Form 1023 and Form 990 (or 990-EZ) available to the public.  It may choose to disclose these documents on its website, another website (such as GuideStar), or upon request.  The organization may also consider what other documents should be made publicly available (for example, governing documents, financials and the conflict of interest policy).

Your legal counsel can help you put these policies in place, and determine if there are other policies that your organization should consider.  A small investment of time and resources now will go a long way towards protecting your organization in the future.

Sheryl A. Howard is an attorney with Krokidas & Bluestein LLP in Boston, specializing in work with non-profit, commercial and public organizations.