A Steward's Perspective: A Culture of Compliance Is More Important Than Ever

Mature charitable enterprises operating in today’s challenging environment view their compliance obligations through the lens of stewardship. They see risk and opportunity as two sides of the same coin. An organization that effectively manages its compliance risk is almost certainly, by definition, an organization poised to take expedient advantage of available opportunity.

Tone at the Top
Stewardship starts and ends with the organization’s fiduciaries—the members of the board are the chief stewards of the organization. In today’s environment, it is clear that the board is the accountable body for compliance failures. A breach-of-fiduciary-duty claim seeking to hold directors liable for failing to exercise appropriate oversight by establishing an effective system to monitor compliance with the law has come to be known as a Caremark claim. (In “re: Caremark International Inc. Derivative Litigation,” the Caremark court concluded that a director’s obligation includes a duty to attempt, in good faith, to assure that appropriate systems of internal control and compliance are in place, and that the systems are sufficient to assure that the board will receive timely information about compliance in the ordinary course.)

For today’s nonprofit boards, Caremark and its progeny demonstrate that where compliance failures involve regulatory requirements, internal policies and other red flags, the questions that will arise are: Where was the board? What did it know? When did it know it? Inadequate answers to these questions can prove devastating in terms of damages to the organization and to the board. How the board sets this tone is demonstrated by certain key actions, perhaps the most significant of which is the hiring of the organization’s senior staff officer—whether CEO, president or executive director—and the manner in which it fulfills its oversight of management’s execution of the organization’s mission activities. These are culture-building activities. Indeed, one could safely say that no single board-decision drives tone more than the hiring (or as the case may be, firing) of the CEO.

In 1992, controversy related to the annual compensation package of United Way president William Aramony raised questions about executive compensation as a whole. The controversy created a sense that boards were neither watching the expenditure of donor-dollars nor exercising appropriate care that such dollars were being used for their intended purpose. As a result, Congress enacted sections to the Internal Revenue Service Code (specifically, Code 4958) and the IRS promulgated rules and regulations regarding reasonable compensation. These rules require nonprofit organizations to pay executive compensation that is “reasonable.” The determination as to whether executive compensation is reasonable involves a variety of factors, including the employee, the organization and the compensation itself.

But wait—there is far more that a board can do to set the tone. One additional and necessary act is the adoption of a clear yet robust code of ethics and a conflicts-of-interest policy. For assistance with the latter, any nonprofit organization, particularly one that qualifies as a charitable organization described in 501(c)(3) of the Internal Revenue Code, can look to the sample provided by the IRS in the instructions to the Form 1023. To ensure consistency with state law, however, it is also important to check the nonprofit corporation statute of the state of incorporation for provisions/nuances specific to that state. As to the code of ethics—assuming this is a separate document—the organization should view it as the “charter” for its compliance program. These words, however crafted, will establish the organization’s “true north” and serve as the standard against which all actions from the board to the volunteer in the mission-field will be measured.

Operating Environment

Let us consider the new landscape for today’s nonprofit charitable enterprises, and how operating within that landscape makes a well-articulated compliance posture/program not only a requirement, but also a true stewardship obligation. This “new normal” is characterized by the following conditions:

• Increasing competition for the charitable dollar. While overall charitable giving is on the rise, it is far outpaced by the growth in the number of nonprofits. This trend places pressures on organizations and their fundraisers to be more aggressive and creative in the use of revenue-development strategies and tactics—a trend that places emphasis on a strong culture of compliance and the development of appropriate internal systems to provide sufficient checks and balances. Arrangements with professional fundraising organizations and telemarketers require special scrutiny. As recently as 2012, Bloomberg Business reported on the Ohio attorney general’s investigation of InfoCision Management Corporation, which at the time claimed to be one of the world’s leading telemarketing organizations. Though the investigation ended in a settlement with no admission of guilt, the resulting media coverage created challenges for some of the nation’s most recognized charities because their donors felt scammed based on the disclosed telemarketing practices. The lesson for the steward is that relationships with third parties matter. And in the age of viral news coverage, innocence and guilt may be determined within a 24-hour news cycle. Stewards of the organization should especially take note of this risk. The fiduciary duty of care and its attendant obligation to be reasonably informed about an organization’s activities certainly extend to fundraising practices, whether conducted by internal resources or external agents. If in fact a compliance failure results in a publicly facing investigation or publicized regulatory review, the brand impact may be significant.
• An accelerated demand for services. The declines in state and federal funding for social programs triggered by the deep recession in the global economy have placed an enormous burden on nonprofit charitable enterprises to deliver more with less. However, the compliance obligations associated with program delivery have not decreased, and indeed, one could safely argue they have only increased in the regulatory environment that has developed in response to the behaviors leading up to the financial crisis. In fact, the recent increase in regulatory obligations impacting nonprofit organizations could be traced to the passage of the Sarbanes-Oxley Act in July 2002, in the wake of the Enron scandal. (Note: SOX, as it is more commonly known, was viewed at the time of its enactment as a legislative attempt to reign in public company auditing, reporting, governance and compliance practices.) However, some of its provisions—e.g., those related to whistleblower protection and document destruction—also apply to nonprofit corporations. In more recent developments, the United States Senate Committee on Finance has signaled its continuing interest in the activities of charitable organizations. Sen. Charles E. Grassley, R-Iowa, in his roles as chairman of the United States Senate Committee on Finance and a ranking member of the Judiciary Committee, has launched several highly publicized investigations into well-known charities. For example, Sen. Grassley led an investigation into the American Red Cross to identify the policy changes needed to implement the best leadership and governance. As part of its plan to increase oversight going forward, the American Red Cross vowed to take steps to encourage greater transparency within the organization by supporting whistleblowers who speak out against the problems and acting on the reporting of whistleblowers. So, from the steward’s perspective, the failure to create, maintain and promote a culture of compliance and the systems that support it places the organization at real risk of regulatory intervention. This can be costly both in real dollars and in reputational impact.
• Volatile global economy. While demand for charitable services and the competition for the resources to meet these needs has continued to increase, the economic landscape for the charitable enterprise has become far less stable. In a world in which markets are oscillating at a frequency that defies the most sophisticated predictive modeling, charities must exercise financial stewardship—which is founded in firm compliance with the regulations, but perhaps more importantly, their donors’ (this may be the government) intent—or risk losing a mission-critical resource. Here, stewardship dictates an understanding of the constraints or restraints associated with the organization’s funding, so that decisions are made in complete compliance, keeping the resources out of jeopardy.
• Acutely partisan political environment. We are in an election year. The rhetoric is quite divisive now. This isn’t a new phenomenon, but the political environment has become more acutely partisan as of late. This places a particular focus on certain areas of compliance for the nonprofit charitable enterprise: lobbying and political campaign activity. The stewards of a charitable enterprise should know that the former involves a prohibition and the latter a limitation, which if not properly managed may become a trap for the unwary. So, before an organization gets out in front in terms of its advocacy activities, it would be wise for those with fiduciary roles to fully understand the compliance issues related to legislative and political activities. Failure to do so generates existential risk.
• Rapid, continuous communication. Saving the best for last—it’s all about information. Information communication technology and the methods with which it is employed in today’s global economy are nothing short of phenomenal. As much of a mission and fundraising accelerant these developments present for the modern charitable enterprise, no steward should rest comfortably without a clear understanding of how his or her organization is positioned to comply with the many-faceted laws, rules and regulations that govern technology-assisted communication and data transfer. Just when you thought HIPAA (Health Insurance Portability and Accountability Act) was bad, you realize that the complexity of the regulatory scheme that applies to your organization may be a virtual alphabet soup of compliance headaches. Consider for example, CAN-SPAM, COPPA, DMPEA, FCRA and HITECH. (Respectively: “Controlling the Assault of Non-Solicited Pornography and Marketing Act,” “Children’s Online Privacy and Protection Act,” “Deceptive Mail Prevention and Enforcement Act,” “Fair Credit Reporting Act” and “Health Information Technology for Economic and Clinical Health Act.”) Fortunately, there are very capable lawyers who can assist charitable clients with the maze of technology-related issues, and some are even willing to do so pro bono. But the clear message to the steward is this: The technology train has left the station. Be sure your car doesn’t go off the rails because of a failure in your compliance monitors.

Navigation Tools
Having set the tone at the top by establishing standards and ensuring executive action in carrying them out, the organization’s stewards should now go about the task of systematically integrating into the organization the tools and resources (including human and technology) that reinforce the cultural foundation of ethics and compliance. It seems daunting, but an old adage may prove helpful: How do you eat an elephant? One bite at a time. So assuming you have crafted your code of ethics and conflict-of-interest policy, it is time to set about the work of creating your compliance program. Believe it or not, this is the fun part.
Now that we understand that compliance must be a part of a charitable enterprise’s culture, and that the landscape demands affirmative compliance action, what are some of the steps an organization can take to put itself into compliance shape?

• Ensure that the tone at the top is clearly communicated. Embed your true north in a code of ethics and conflict-of-interest policy.
• Perform a compliance risk-assessment. Look at the areas of the organization’s activities where you may have compliance gaps. Do 
you have employees, hire independent contractors, or both? Does the organization clearly differentiate between the two? What fundraising activities require registrations, licenses and/or the use of third parties? How does the organization collect, use, store and destroy data?
• Develop a “treatment plan” to mitigate the areas of exposure and communicate the plan up and down the chain. Any good treatment plan should have articulated milestones and objectives. Do not simply identify problem areas. Develop solution sets and put them into action.
• Create and manage a monitoring capability to ensure internal controls are operating, and if not, any deficiencies are captured early and corrected. You can call this your “Caremark Plan.”
• Ensure the board (chief stewards) receives a regular compliance report. This will enable the board to create its record of compliance oversight, a clear rebuttal to a claim that it didn’t exercise the appropriate duty of care.

The current operating environment for the nonprofit charitable enterprise has never been more challenging—but it’s never been more rife with opportunity. Organizations must prepare to navigate against the headwinds generated by unpredictable global economic forces and with the cross-currents of intensifying regulatory oversight, while maintaining their heading to achieve the greatest mission impact. As the chief stewards of their organizations, the board of directors and senior staff leadership should view the obligation to build a culture of compliance and to invest in a program that supports it not only as a critical component of their fiduciary duties of care and loyalty, but also as a mechanism to maintain the organization’s true north during the voyage.