Running a non-profit is a work of passion. It is about dedicating yourself to a cause and making a real difference in the world. However, behind every great mission is a strong foundation of rules and responsibilities. This foundation is called non-profit compliance. It may not be the most exciting part of your work, but it is one of the most important. Simply put, compliance means following all the laws and regulations that apply to your organization. This includes rules from the federal government, your state, and even local authorities.

Think of compliance as the framework that supports everything you do. It ensures that your organization operates legally and ethically, which builds trust with your donors, your community, and the public. When you follow the rules, you protect your non-profit’s most valuable asset: its 501(c)(3) tax-exempt status. Without that status, donations would no longer be tax-deductible, which could make fundraising much harder. Furthermore, good compliance protects your board members from legal trouble and helps your organization run more smoothly. This guide will walk you through the nine key areas of compliance that every non-profit leader must understand. By mastering these areas, you can ensure your organization stays strong, secure, and ready to focus on what truly matters: your mission.

Area 1: Federal Tax Compliance and the IRS Form 990

The most important compliance duty for most non-profits is filing an annual information return with the IRS. This is commonly known as the Form 990. It is not a tax form in the traditional sense, because as a tax-exempt organization, you generally do not pay federal income tax. Instead, the Form 990 is a transparency and accountability tool. It provides the IRS and the public with a detailed look at your non-profit’s finances, activities, governance, and leadership. This form is how you prove that you are still operating as a public charity and deserve your tax-exempt status. It is a critical part of maintaining public trust.

There are several different versions of the Form 990, and the one you file depends on your organization’s financial size. Small organizations with gross receipts of normally $50,000 or less can file the Form 990-N, also known as the e-Postcard. This is a very simple online filing. Organizations with gross receipts under $200,000 and total assets under $500,000 can file the Form 990-EZ. For all larger organizations, the full Form 990 is required. It is a long and detailed document that asks for a lot of information, including a list of your highest-paid employees and contractors, a breakdown of your program service accomplishments, and details about your board governance practices.

Filing this form on time is absolutely essential. The due date is the 15th day of the 5th month after your fiscal year ends. For organizations on a calendar year, this means the deadline is May 15th. If you fail to file a Form 990 for three years in a row, the IRS will automatically revoke your tax-exempt status. This is a very serious consequence that can be difficult and expensive to fix. Therefore, you must make the Form 990 a top priority every single year. It is a good idea to work with an accountant who has experience with non-profits to ensure your form is filled out correctly and completely.

Area 2: State-Level Registration and Annual Reporting

In addition to your federal requirements with the IRS, you also have compliance duties in the state where your non-profit was incorporated. When you first decided on starting a non-profit, you filed Articles of Incorporation with a specific state. That state considers your organization a legal entity under its laws, and it expects you to keep your information current.

Most states require non-profits to file an annual or biennial (every two years) report. This report is usually filed with the Secretary of State’s office. Its purpose is to update the state on basic information about your organization. This often includes your current address, the names and addresses of your board of directors and officers, and the name of your registered agent. A registered agent is a person or service designated to receive official legal documents on behalf of your non-profit. It is very important to keep this information up to date. If the state cannot contact you because your address is wrong, you could fall out of “good standing” and even risk being dissolved.

These state reports are usually much simpler than the federal Form 990. However, the deadlines are just as important. Missing a state filing deadline can lead to late fees, penalties, and eventually the administrative dissolution of your non-profit. This means the state would no longer recognize your organization as a legal corporation. This would create major problems for your ability to operate, open a bank account, or enter into contracts. Be sure to check with your state’s Secretary of State website to understand the specific requirements and deadlines that apply to your organization. It is wise to create a compliance calendar that tracks both your federal and state filing due dates so you never miss one.

Area 3: Charitable Solicitation (Fundraising) Registration

This is one of the most commonly overlooked areas of non-profit compliance, but it is incredibly important. Before you ask for donations, you may need to get permission from the government first. This process is called charitable solicitation registration. Around 40 states have laws that require non-profits to register with a state agency, often the Attorney General’s office, before they can fundraise from that state’s residents. The purpose of these laws is to protect citizens from fraudulent charities and to provide transparency in the non-profit sector.

These rules apply to all forms of fundraising. This includes sending direct mail, writing grants, asking for corporate sponsorships, and, importantly, soliciting donations online. If your website has a “Donate” button, people from all 50 states can technically give to you. This creates a tricky compliance situation. In the past, many non-profits only registered in their home state. But now, with the rise of online fundraising and giving days, state regulators are paying more attention to out-of-state organizations that raise money from their residents. This is a key part of your non-profit marketing strategy.

The registration process typically involves submitting an application, a copy of your IRS determination letter, your bylaws, and a list of your board members. After your initial registration, you will usually have to file an annual renewal. This renewal often requires you to submit a copy of your recently filed IRS Form 990. Managing these registrations in multiple states can be complicated. Each state has different rules, forms, and deadlines. Some states also require you to include specific disclosure statements on your fundraising materials, like “A copy of our financial report is available from the Attorney General.” Because of the complexity, many non-profits choose to work with a specialized service to help them manage their state fundraising registrations. While it is an investment, it ensures you are legally allowed to ask for the funds that are essential to your mission.

Area 4: Corporate Governance and Board Responsibilities

Good governance is the bedrock of a healthy and compliant non-profit. Governance refers to the systems and policies that direct and control your organization. At the center of this is your board of directors. The board has a legal responsibility to oversee the non-profit and ensure it stays true to its mission. Legally, board members have three primary duties: the Duty of Care, the Duty of Loyalty, and the Duty of Obedience.

The Duty of Care means that board members must act with the same level of caution and prudence that a reasonable person would in a similar situation. This involves attending board meetings, reading financial statements, and asking critical questions. They cannot just show up and rubber-stamp decisions. They must be informed and engaged in the oversight of the organization’s financial management.

The Duty of Loyalty requires board members to act in the best interest of the non-profit, not in their own self-interest or the interest of another organization. This means they must avoid conflicts of interest. For example, a board member who owns a printing company should not vote on a decision to award a major printing contract to their own business. The board must have a clear process for handling such situations, which is where a conflict of interest policy becomes vital.

Finally, the Duty of Obedience means the board must ensure the non-profit is following its own bylaws, adhering to its stated mission, and complying with all applicable laws and regulations. The board is ultimately responsible for making sure that all the compliance areas in this guide are being managed correctly. To do their job well, board members need good information. This means management must provide them with timely and accurate reports on finances, programs, and fundraising. Regular board meetings with clear agendas and minutes are a key part of good governance and compliance.

Area 5: Essential Governance Policies

To support good governance, every non-profit should have a set of key policies in place. These are not just nice-to-have documents; they are formal guidelines that help your organization run properly and stay out of trouble. The IRS even asks about some of these policies on the Form 990 to see if you are following best practices. Having these policies written down and approved by the board shows that your organization is serious about its responsibilities.

Your policies are the rulebook for your organization. They ensure everyone is playing the same game and working toward the same goal.

There are several policies that are considered essential. The first is a Conflict of Interest Policy. As mentioned earlier, this policy defines what a conflict is and creates a clear procedure for board members and staff to disclose potential conflicts and for the board to manage them. Another key document is a Whistleblower Policy. This policy protects individuals who report suspected illegal or unethical activities within the organization from retaliation. It provides a safe way for people to raise concerns, which can help the organization identify and fix problems before they become major scandals. The third essential policy is a Document Retention and Destruction Policy. This policy outlines how long different types of documents should be kept and when they can be legally destroyed. This is crucial for staying organized and being prepared for any potential audits.

In addition to these “big three,” it is also a good practice to have policies on other important topics. For example, a social media policy can provide guidelines for staff and volunteers on how to represent the organization online. A gift acceptance policy can define what types of donations your organization will and will not accept, which can help you avoid problematic gifts. These policies should be reviewed by the board periodically, perhaps every one or two years, to make sure they are still relevant and effective. They should be stored in a central place where all board members and key staff can access them.

Area 6: Proper Record-Keeping Requirements

Keeping good records is a fundamental part of compliance. You cannot prove you are following the rules if you do not have the documents to back it up. Good record-keeping is not just about staying organized; it is a legal requirement. The IRS and state agencies expect you to maintain thorough and accurate records of your financial and corporate activities. This is how you demonstrate financial accountability and responsible stewardship of the funds you receive from the public.

So, what records do you need to keep? There are a few main categories. First are your permanent corporate records. These should be kept forever. This includes your Articles of Incorporation, your official IRS 501(c)(3) determination letter, and your bylaws. It also includes the minutes from all board meetings, as these are the official record of the board’s decisions and oversight.

The second category is financial records. This includes everything related to the money that comes in and goes out of your organization. You should keep records of all income, including donation receipts, grant award letters, and bank deposit slips. You also need to keep records of all expenses, such as invoices, receipts, and canceled checks. It is also important to maintain your general ledger, bank statements, and any audit reports. A good rule of thumb is to keep these financial records for at least seven years. Your annual reports are also a key part of this record.

Finally, you need to keep detailed records related to your donors. This is especially important for substantiating donations. For any single donation of $250 or more, you are required by the IRS to provide the donor with a written acknowledgment. This letter must include specific information, such as the amount of the cash contribution and a statement about whether the donor received any goods or services in return. Keeping good records allows you to send these required letters promptly and accurately, which is a key part of good donor engagement.

Area 7: Employment and Labor Laws

If your non-profit has paid staff, even just one part-time employee, you become an employer. This means you must follow a whole new set of federal and state laws related to employment. Non-profits are not exempt from these rules. These laws are in place to ensure workers are treated fairly and safely. Failure to comply can lead to significant fines, lawsuits, and damage to your organization’s reputation.

One of the first things you must do as an employer is handle payroll taxes correctly. This involves withholding federal and state income taxes, as well as Social Security and Medicare taxes (known as FICA taxes), from your employees’ paychecks. You then have to remit these withheld taxes, along with your own employer portion of FICA taxes, to the government on a regular basis. You will also need to pay federal and state unemployment taxes. Another key area is correctly classifying your workers. It can sometimes be tempting to classify a worker as an “independent contractor” instead of an “employee” to avoid paying payroll taxes. However, there are strict legal tests for who qualifies as a contractor. Misclassifying an employee can lead to major penalties for back taxes and benefits.

Beyond taxes, you must also follow wage and hour laws, such as the Fair Labor Standards Act (FLSA). This law sets the federal minimum wage and overtime pay requirements. You need to understand which of your employees are “exempt” from overtime (typically salaried, managerial staff) and which are “non-exempt” (typically hourly staff) and pay them accordingly. In addition, you must comply with laws that prohibit discrimination and harassment in the workplace. These laws make it illegal to make employment decisions based on a person’s race, color, religion, sex, national origin, age, or disability. This applies to hiring, firing, promotion, and pay. Finally, you need to follow workplace safety rules, known as OSHA requirements, to provide a safe and healthy environment for your team. Managing all of this is a big responsibility, and it’s a key part of your overall management strategy.

Area 8: Lobbying and Political Activity Regulations

Many non-profits work to influence public policy as part of their mission. This is a perfectly legal and important part of the non-profit sector’s role in society. However, there are very strict rules about how 501(c)(3) public charities can engage in lobbying and political activity. Violating these rules can jeopardize your tax-exempt status, so it is crucial to understand the lines you cannot cross.

First, it is important to understand the difference between lobbying and political campaign activity. Lobbying involves attempting to influence specific legislation. Non-profits are allowed to do some lobbying, but it cannot be a “substantial part” of their overall activities. There are two tests the IRS uses to determine what is substantial, but it is often a gray area. A non-profit can choose to take what is called the “501(h) election,” which provides more clear and generous spending limits for lobbying. This is often a good choice for organizations that plan to do a fair amount of advocacy work.

On the other hand, political campaign activity is absolutely prohibited. A 501(c)(3) organization may not, under any circumstances, endorse or oppose a candidate for public office. This includes making statements for or against a candidate, contributing money to their campaign, or rating candidates on their positions. The ban is total. Even something that seems minor, like letting a candidate use your office phone to make campaign calls, could be seen as a violation.

Because these rules are so strict, it is vital to train your staff and board members on what they can and cannot do, especially during an election year. All official communications, from your website to your social media posts, should be reviewed to ensure they do not cross the line into prohibited political activity. You can advocate for your cause, but you cannot advocate for a candidate.

Area 9: Data Privacy and Donor Information Security

In our digital world, data has become one of the most valuable assets an organization holds. For non-profits, this is especially true of your donor data. Your list of supporters, their contact information, and their giving history are all sensitive information. Protecting this information is no longer just a good idea; it is a critical compliance issue. Donors trust you with their data, and you have an ethical and often legal obligation to keep it safe.

There is a growing web of laws related to data privacy, such as the GDPR in Europe and the California Consumer Privacy Act (CCPA). While these may not apply to all non-profits, they show the direction that regulations are heading. The basic principle is that people have a right to know what data is being collected about them and how it is being used. As a best practice, every non-profit should have a public-facing privacy policy, usually linked in the footer of their website. This policy should explain in simple terms what information you collect from website visitors and donors and what you do with it. For example, you should state whether you ever share or sell your mailing list to other organizations.

Beyond privacy policies, you also need to take concrete steps to secure the data you store. This is especially true if you collect donations online. You must use a secure payment processor that is PCI compliant, which is the security standard for the credit card industry. The donor data you store in your database, such as in your donor database, should be protected with strong passwords and access controls. This means only staff members who need to see the data for their job should have access to it. A data breach, where your donor information is stolen, can be devastating to your reputation and your relationship with your supporters. Taking data security seriously is a key part of modern non-profit compliance.

Conclusion: Compliance as a Foundation for Mission Success

Navigating the world of non-profit compliance can feel overwhelming. There are many rules to follow and deadlines to meet. However, it is important to reframe compliance not as a burden, but as a strategic part of your mission. When you have your compliance house in order, you are building a strong, stable, and trustworthy organization. Good compliance protects you from legal risks, builds confidence with your donors, and frees you up to focus on the work that truly inspires you.

By focusing on these nine key areas—from federal and state filings to good governance and data security—you are creating a foundation of integrity. This foundation allows you to fundraise effectively, run your programs with confidence, and build a lasting legacy of impact. Do not wait for a problem to arise. Be proactive. Create a compliance calendar, review your policies, and educate your board and staff. Investing in compliance today is an investment in the long-term health and success of your non-profit’s mission.