Standards for Excellence ®

Guiding Principle:
Legal Compliance and Ethics

Nonprofits enjoy the public’s trust, and therefore must comply with a diverse array of legal and regulatory requirements. Organizations should conduct periodic reviews to address regulatory and fiduciary concerns. One of leadership’s fundamental responsibilities is to ensure that the organization governs and operates in an ethical and legal manner. Fostering exemplary conduct is one of the most effective means of developing internal and external trust as well as preventing misconduct. Moreover, to honor the trust that the public has given them, nonprofits have an obligation to go beyond legal requirements and embrace the highest ethical practices. Nonprofit board, staff, and volunteers must act in the best interest of the organization, rather than in furtherance of personal interests or the interests of third parties. A nonprofit should have policies in place, and should routinely and systematically implement those policies, to prevent actual, potential, or perceived conflicts of interest. In this way, ethics and compliance reinforce each other.

  • Nonprofits must be aware of and comply with all applicable federal, state, and local laws. This may include, but is not limited to complying with laws and regulations related to IRS filing requirements, governance, human resources, licensing, financial accountability, taxation, valuation of in-kind gifts, unrelated business income, document retention and destruction, related entities, data security, accessibility, fundraising, lobbying, and advocacy.
  • Nonprofits should periodically conduct an internal review of the organization’s compliance with known existing legal, regulatory, and financial reporting requirements, and should provide a summary of the results to the board of directors.

Nonprofits should have at least one designated representative who is responsible for ensuring that the organization is complying with both the letter and the spirit of federal and state laws that require disclosure of information to the public.

Organizations must provide employees, board members, and volunteers a confidential means to report suspected impropriety or misuse of organizational resources. Organizations should have in place a policy prohibiting retaliation against persons reporting improprieties.

  • Nonprofits should have a written conflict of interest policy and statement. These should be applicable to board members and staff, as well as volunteers who have significant, independent decision-making authority regarding the resources of the organization. The policy and statement should be executed by covered individuals, both at the time of the individual’s initial affiliation with the organization and at least annually thereafter.
  • The conflict of interest policy should identify the types of conduct or transactions that raise conflict of interest concerns, should set forth procedures for disclosure of actual or potential conflicts, and should provide for review of individual transactions by the uninvolved members of the board of directors.
  • The conflict of interest statement should provide space for the board member, employee or volunteer to disclose any known interests that the individual, or a member of the individual's immediate family, has in any business entity which transacts business with the organization.

  • Nonprofits should ensure that they have an explicit and clear set of ethical principles and, as appropriate, operational or program standards that have been discussed by their board and staff and that are transparently clear to all stakeholders.
  • In rendering its programs or services, a nonprofit should act with the utmost professionalism and treat persons served with respect.
  • Nonprofits should provide an effective procedure for problem solving or reporting grievances, including but not limited to, legal or ethical misconduct by the organization’s employees and volunteers. The procedure should include actions for addressing and resolving complaints effectively.
  • Nonprofits should have policies in place that protect the confidentiality and privacy of personal information.