How Nonprofit Directors Should Handle Whistleblower Complaints – Carefully!

Imagine you have recently joined a nonprofit board.  The organization’s bookkeeper, a long-time employee, approaches you and shares her concern that lately she has entered several checks signed by the Treasurer and made out to “Cash.”  The Treasurer has provided no explanation except to tell her to assign the expenses to “Office Supplies” and not to worry.  What do you do next? 

Assess the Whistleblower Problem

First, identify the problem.  The bookkeeper has made a “whistleblower” complaint of official misconduct: she has reported apparently unethical and possibly illegal activity by one of the nonprofit’s leaders.  The bookkeeper is looking to you for help, as a director entrusted with fiduciary responsibilities to carefully guard the nonprofit’s charitable resources, legal obligations, and reputation.  The IRS, the state Attorney General, and donors likewise all hold you and the other directors accountable for the nonprofit’s well-being.

Next, check to make sure the organization has a whistleblower policy. Better yet – do so now, to be fully prepared!  It is now standard “best practice” for responsible nonprofits to have a board-approved whistleblower policy in place.  Indeed, the IRS Form 990 information return specifically asks whether such policy exists, as a measure of overall good governance.  The whistleblower policy should set forth a high standard for ethical conduct among the organization’s leaders and workers, along with a strong prohibition against any retaliation for whistleblowers.  The federal Sarbanes-Oxley Act also contains certain whistleblower protections, as do some state laws.

Top Ten Legal Resolutions for Nonprofit Leaders in 2016

With the new year upon us, our hope is that all of our nonprofit clients will thrive in 2016, fulfilling their organizational mission and impacting their communities.  As attorneys, we understand the importance of legal compliance for an organization’s mission, governance, and success.  The following is a list of ten critical legal areas that may impact nonprofit organizations in 2016.  Resolve to address them throughout the year, especially any deficiencies that warrant further action.

1.         Develop nonprofit website privacy and cybersecurity protections and policiesNonprofits regularly gather personal information from people who visit their organizational websites.  A major legal development in the last few years is the need for many nonprofit organizations to implement a privacy policy or user agreement for their websites.  The policies should establish protocols for collection, use, and storage of website users’ private information. They should also provide appropriate disclosures to users, such as analytics information, cookies, security measures such as encryption, and how organizations may share data.  Significantly, nonprofits that permit financial transactions on their sites, such as receiving donor contributions should ensure their payment systems are PCI DSS compliant.  These are emerging but important areas as internet traffic increases along with corresponding privacy concerns. 

2.         Use Social Media Well.  Social media is a powerful tool for many nonprofits.  Continual improvements can help promote an organization’s mission and nurture its good reputation.  Unfortunately, many nonprofits fail to take the time to understand how copyright and trademark laws govern their use of photos, videos, or other media in their posts.  In using social media, nonprofits need to teach their workers how to identify and comply with applicable copyright or trademark restrictions, for which a license or other protection may be needed.  Nonprofits should also consider individual privacy interests related to posts and obtain consents or provide other disclosures as warranted prior to posting information about beneficiaries, donors, or others.  Finally, nonprofits should take steps to protect their reputations by developing a procedure or policy that ensures employees and volunteers refrain from using the organization’s social media for disparaging comments or to express views contrary to the mission. 

Open Doors Under the Steeple: Integrating Sex Offenders

For churches and other religious institutions that intentionally practice theologically-oriented hospitality, registered sex offenders present a conundrum.  How can a worshipping organization practice hospitality, generosity, and grace while protecting its members from harm and protecting itself from liability?  The short answer:  it depends.  Religious institutions need to carefully weigh their potential liability against the resources they have available to mentor, supervise, and minister to registered sex offenders.

What’s at stake?

Welcoming registered sex offenders into a religious body may align with ministry philosophy and goals, but organizations must balance their desire to welcome with the need to protect.  A church has no legal obligation to permit a registered sex offender to attend.  Any permission granted should be contingent upon the church’s ability to exercise oversight and provide discipleship.   In granting permission, the church exposes itself to significant risks:  that the sex offender will again commit harmful behavior; punitive damages for negligence; negative media attention; and liability for board members who fail to implement sufficient safeguards.  Smaller churches with limited resources for oversight may choose to exclude all registered sex offenders from the church.

Guidelines for safeguards

If a church chooses to allow registered sex offenders to participate in services and activities, it should have a proactive policy in place that emphasizes the church’s care for its entire church body.  We also recommend that the church use a restrictive access agreement, signed by the registered sex offender, in order to minimize legal risk. An individual’s church participation should be conditioned upon their willingness to submit to oversight and abide by the conditions of the agreement.  Both the policy and the agreement should include the following elements.