You are here

Where do I find what policies are required?

Your Legal Questions Answered

Where do I find what policies are required?

Is there an easy way to locate applicable regulations regarding policies and procedures a 501(c)(3) charity is required to have in place? I recently heard there are requirements for record-keeping and harassment policies and I wonder if there are other policies/procedures as well.

The kinds of policies you refer to are not required by any law or regulation that I am aware of.  The IRS Form 990 tax information return includes a whole series of questions in its section on governance about whether or not an exempt entity has certain policies, including conflict of interest, whistleblower, document retention and destruction, compensation setting, joint ventures, minute keeping, and reviewing the 990 before it is filed.  The Form makes clear that the governance policies are not required by the Tax Code, but the IRS, and lots of others, think they are valuable in running a good organization.

Many have published lists of key policies for nonprofits.  (See Ready Reference Page:  “Top Ten Policies and Practices for Nonprofit Organizations”)  The Standards for Excellence, developed by Maryland Nonprofits and being replicated by many state associations, have a comprehensive set of policies to help nonprofits govern themselves effectively and ethically.  They cover areas such as mission, governing body, conflict of interest, human resources, financial and legal issues, openness, fundraising, and public policy.  Virtually all of the recommended policies are things the organization “should” have.  Only a few are based on legal requirements that a nonprofit must follow.  You can check out the list on the Pennsylvania Association of Nonprofit Organization’s website or at the Standards for Excellence Institute. They are good policies to consider and adopt.  But they are generally not legally required.

Want to learn more about key policies? Consider listening to one of our recorded webinars.

Listen at your convenience to one or both of our 90 minute recorded programs, available in our store:

5 Critical Policies for Nonprofits

Nonprofit Policies for Donor, Partner and Advocate Confidence


Tuesday, March 29, 2011


The documents retention rules are very explicit that destroying or altering records needed for a federal inquiry is against the law.  Any NPO that files a 990 needs to be aware of this rule and have policies in place that will dissuade employees or others from breaking it if an investigation is pending or underway.  More generally, federal contracts would, I believe, impose the same requirements.

The whistleblower rules are equally clearly relevant to a nonprofit.  They focus on the possibility of retaliation, and impose serious penalties when it occurs. Again, the scope is limited to retaliation for good faith reporting of violations of federal laws or other legal requirements. Even if it were wise, it would be difficult to develop a whistleblower policy limited to such events. And, in any case, a whistleblower policy is a good idea.  

In my opinion, the SOx rule looks too closely at the wrong end of the problem.  Organizations that care about stewardship of charitable assets needs a whistleblower policy that clearly and publicly describes an easy way for anyone who suspects misdeeds to report them (a) without risk of retribution or retaliation, and (b) in a way that will result in a careful, fair, and usually confidential investigation to protect the rights of anyone who might be mistakenly or falsely accused and, of course, to avoid potential abuse of the policy in internecine conflict. --P.B. via e-mail.

I agree that there are two provisions of Sarbanes-Oxley that apply to nonprofits as you cite above.  But, like compliance with any other law (such as don't steal, don't obstruct justice, or don't harass), I don't think they require "policies" in the sense that the Form 990 asks about them or the Standards for Excellence envisions them.  The typical document retention policy deals with a whole lot more than not destroying them when you become aware of a federal investigation that might involve them.  The whistleblower policy, as you state, ought to cover state and local laws as well as federal, and also internal policies and procedures.  The anti-harassment policy should include a procedure for complaints, investigations, and correction of improper or unwanted conduct that might not rise to the level of illegal harassment.  If utilized, these can all improve the administration of an organization.  But beyond the "policy" that an organization shall not break the law (which applies to every individual and organization whether or not in a "policy"), these more elaborate policies are not legally required. --Don Kramer

Add new comment

Sign-up for our weekly Q&A; get a free report on electioneering