"Corporate responsibility" is not a new concept for nonprofit boards of directors. But a series of high-profile Wall Street accounting scandals have focused attention on standards of corporate governance, not just among public companies, but also among private companies and nonprofits.
For example, although not directly applicable to nonprofit organizations, the requirements set by the Sarbanes-Oxley legislation may become relevant to the governance of nonprofit corporations as "best practices" or even threshold expectations. Some state legislatures and attorneys general are already advancing Sarbanes-Oxley-type corporate governance standards directed at nonprofit corporations.
While these events have not yet changed the core standards of a nonprofit director's fiduciary duties, they draw attention to the corporate responsibility environment in which nonprofit boards of directors operate. This outline provides an overview of the laws affecting corporate responsibilities of nonprofit boards, as well as specific steps that nonprofit boards of directors may take to evaluate and improve the exercise of their oversight responsibilities.
Duties and Constituencies
Directors of nonprofit corporations, as with directors of for-profit corporations, owe important duties to the organizations they serve. These duties include both a "duty of loyalty" and a "duty of care." In general, the duty of care requires that directors take adequate steps to inform themselves in making decisions and also requires that each director act as an ordinary prudent person would act in the same circumstances. The duty of loyalty requires that directors place the interests of the corporation above their own and act in what they reasonably believe is the best interest of the organization.
While the duties owed by nonprofit directors are largely equivalent to the duties owed by directors of for-profit entities, the constituencies to whom directors are accountable are not. Directors of for-profit entities, with isolated exceptions, owe their fiduciary duties to corporate shareholders and are accountable to the shareholders. Directors of nonprofits, on the other hand, may be held accountable by any number of groups.
One of the primary sources of authority to whom nonprofit boards must answer are state attorneys general. Where an organization exists for the stated purpose of providing for the public good, attorneys general are usually charged with representing the public. Thus a state attorney general is frequently deemed to speak for the beneficiaries of charitable organizations, or is charged with defending the public against fraud or improper conduct on the part of nonprofits or their boards.
In Colorado, for example, an attorney general may bring an action to have a court dissolve a nonprofit if the nonprofit exceeds or abuses its authority. New York attorney general Eliot Spitzer recently proposed sweeping laws requiring that nonprofits in New York appoint audit committees and prohibit self-dealing transactions. Minnesota's attorney general investigated Allina in one of the most high-profile regulatory proceedings ever to involve a nonprofit entity. This review was settled out of court through a Memorandum of Understanding that required Allina to spin off its 501(c)(4) health maintenance organization and replace certain board members.
Of course, directors of nonprofit organizations that have corporate members will, to at least some extent, also be answerable to those members. Members of a nonprofit corporation may be entitled to elect or remove directors, to approve certain actions by the organization, and also to bring derivative actions in the name of the nonprofit corporation against directors for a breach of fiduciary duty. Other directors, too, may be entitled to bring derivative actions for a director's breach of fiduciary obligations or the conduct of an organization's affairs.
For organizations that enjoy favorable tax treatment under the Internal Revenue Code, the IRS is also a constituent, insofar as it seeks to enforce qualifications for tax-exempt status under § 501(c)(3) of the Code. In some circumstances, state authorities will monitor tax compliance of charitable organizations as well.
Finally, it is important to acknowledge a growing body of law establishing that where a for-profit corporation is at or even near insolvency (within the "zone of insolvency"), the persons to whom directors and officers owe their duties of care and loyalty expands to include creditors, in addition to shareholders. Because this expanded responsibility could potentially be applied to nonprofits, directors and officers should be extra vigilant during times of economic hardship at nonprofits, particularly with regard to financial affairs, and should extend their vigilance to include creditor concerns.
If the worst happens and a nonprofit organization or its directors are sued, the law provides certain protections to directors to shield them from personal liability for any damages or penalties assessed in such a suit. In addition, if directors are found liable to members of the nonprofit corporation or to third parties, the organization may indemnify the directors in certain circumstances. But these protections generally apply only if the director's actions meet the standards of care discussed above – that is, the director acted in good faith, with the care of an ordinary prudent person, in a manner he or she believed to be in the best interests of the organization.
Sarbanes-Oxley and Nonprofits
In response to a series of widely-reported corporate scandals in the for-profit world, such as Enron, WorldCom, and Global Crossing, Congress passed the Sarbanes-Oxley Act of 2002 last summer. While it is primarily aimed at SEC reporting companies, it is important to at least consider some of the provisions of Sarbanes-Oxley that arguably raise the bar for nonprofit corporate directors, because states may adopt certain of its provisions in their nonprofit organization legislation. Moreover, Sarbanes-Oxley-type structures and policies may be adopted as "best practices" by at least larger nonprofits.
To the extent Sarbanes-Oxley and the related requirements have established higher standards of conduct in matters such as auditor independence, financial statement review, insider transactions and disclosure, those higher standards will likely affect the fiduciary duties introduced above—and therefore the potential liabilities of directors and officers of nonprofits. Consider the following:
One rule promulgated by the SEC under Sarbanes-Oxley requires that public companies have an audit committee of the board, to be made up only of "independent directors." To qualify as an independent director, a director must not accept, directly or indirectly, any consulting, advisory or other compensatory fee from the company or its subsidiaries, other than for board and committee service, and must not be an executive officer or holder of 10% of the company's stock. In addition, the rules require companies to disclose whether or not at least one member of the audit committee is "audit committee financial expert," which the rules define as an individual with certain attributes generally aimed at establishing a familiarity with GAAP, who gained such attributes in certain broadly-defined capacities.
A nonprofit organization with a Sarbanes-Oxley-compliant audit committee would have a compelling defense in the event of a claim of financial mismanagement or fraud. Assuming the committee was reasonably diligent in conducting its activities, the oversight of such an independent body, which by definition has expertise in financial and auditing matters, should satisfy any observer that the board had exercised reasonable care in protecting the organization from harm.
The SEC was required by Sarbanes-Oxley to adopt rules relating to the independence of firms that audit public companies' financial statements. The SEC specified various services, some of them commonly provided by the big auditing firms, that would disqualify the firms from auditing a company's financial statements. Auditors may not provide bookkeeping services or certain consulting services relating to financial information systems, may not give appraisals or fairness opinions, may not perform actuarial, internal audit, management, human resources, investment banking, legal, or expert services unrelated to the company's audit. In addition, audit partners must rotate out of audit service for particular companies on a periodic basis, and if a company employee was employed as part of the company's audit team at an audit firm in the previous year, that audit firm would be disqualified from auditing the company.
Nonprofits that engage independent auditors may look to their auditing firms as the obvious choice for other financial or accounting services if the need arises. However, in light of the new environment as reflected by Sarbanes-Oxley, it may be wise to reconsider this choice.
Nonprofits that engage independent auditors should also be aware that under Sarbanes-Oxley, records relating to audits of public companies must be retained for 7 years. This is another area where Sarbanes-Oxley may influence private companies and the charitable world even though it doesn't apply to such organizations generally – it may be that retaining audit records for 7 years becomes a "best practice" outside of the public company realm.
Controls and Procedures
Sarbanes-Oxley further requires that companies establish systems of disclosure controls and procedures designed to ensure that the company meets its reporting obligations under the securities laws. The rules regarding disclosure controls and procedures bring to the forefront the importance of process, both for organizations that are required to report on the state of their business or finances, and for organizations, such as some nonprofits, that are charged with custodial authority over the assets of others.
Nonprofits may be well-advised to re-examine the current processes in place for gathering information, either for monitoring purposes or to prepare reports to regulators or constituents. It is imperative that these procedures adequately capture all relevant information, and enable the information to be recorded, processed, and reported on a timely basis if necessary.
Many requirements of Sarbanes-Oxley add significant levels of cost, and some inefficiency, to matters of governance and financial oversight. However, they also have the potential to strengthen a company's internal organization and procedures, if implemented, and a nonprofit that institutes provisions of Sarbanes-Oxley that are deemed appropriate by the board of directors could appear in the future to be more responsible than nonprofits without such controls. These steps could serve to enhance donor confidence and reduce the risk of legal challenge.
In light of the current corporate responsibility environment, it is sensible for nonprofit boards of directors to evaluate how they exercise their oversight responsibilities and fiduciary duties, and how the boards can respond to the governance challenges spawned by the Enron debacle and subsequent legislative initiatives. Given the range of size and expertise of nonprofit boards of directors, the evaluation of current practices and the implementation of any changes will require an assessment of costs, time, and risks. However, while Sarbanes-Oxley does not apply directly to nonprofit organizations, implementing certain relevant provisions may serve the board of directors and the corporation well, particularly in the event of later legal or regulatory scrutiny. State legislatures may also pass legislation applying Sarbanes-Oxley-type responsibilities on nonprofit boards of directors, their auditors and counsel.