← All insights

Non-Profit Governance

March 6, 2026

5 Legal Gaps Most Nonprofit Boards Don't Know They Have

Most nonprofit boards assume their legal house is in order. The articles of incorporation were filed. The bylaws were adopted. The 501(c)(3) determination letter is in a drawer somewhere. All good, right?

In our experience reviewing governance structures for 40+ organizations, the answer is almost always no. Not because anyone did anything wrong — but because organizations evolve and their legal foundations don’t evolve with them.

Here are the five gaps we see most often.

1. Bylaws that haven’t been reviewed since formation

Your bylaws are the operating manual for your board. They define quorum, voting procedures, officer roles, term limits, and removal processes. Most nonprofits adopted bylaws at formation — often from a template — and haven’t looked at them since.

The problem: your organization today doesn’t look like your organization at formation. Board size has changed. Meeting practices have changed. Maybe you now operate in multiple states. If your bylaws don’t reflect how you actually operate, you have a governance gap that creates legal exposure.

What to do: Schedule a bylaws review every three years, or after any significant organizational change. Compare what the bylaws say to what you actually do. Where they diverge, update the bylaws — with a proper board vote and recorded resolution.

2. No conflict of interest policy — or one that’s never enforced

The IRS expects every 501(c)(3) to have a conflict of interest policy. Form 990 asks about it directly (Part VI, Line 12). Many organizations have a policy on paper but have never actually used the disclosure and recusal process it describes.

A conflict of interest policy that exists but isn’t followed is arguably worse than not having one. It suggests the board knows about the risk and chose to ignore it.

What to do: Review your conflict of interest policy annually. Require every board member to complete a disclosure form each year. When conflicts arise, follow the policy — document the disclosure, the recusal, and the board’s decision. This paper trail matters.

3. Directors and officers without adequate liability protection

Board members of nonprofits can be personally liable for certain organizational failures — unpaid payroll taxes, negligent oversight, breach of fiduciary duty. Most states offer some statutory protection for volunteer directors, but these protections have limits and don’t cover everything.

Many nonprofits assume their general liability insurance covers board members. It usually doesn’t. D&O (Directors and Officers) insurance is a separate policy, and it’s more affordable than most organizations expect.

What to do: Verify that your organization carries D&O insurance. Confirm that the policy covers both current and former directors. Review coverage limits — $1M is a common starting point for organizations under $5M in revenue. If you don’t have D&O coverage, get quotes. It’s typically $1,000–$3,000 annually for small nonprofits.

4. State registration obligations they don’t know about

If your nonprofit solicits donations from residents of other states — including through your website — you may be required to register in those states. This is called charitable solicitation registration, and the requirements vary by state. About 40 states have some form of registration requirement.

Most small nonprofits don’t know this requirement exists. And enforcement has been increasing, particularly for organizations that fundraise online.

What to do: Audit where your donors are located. If you’re actively soliciting in states beyond your home state, research the registration requirements for those states. The Multistate Registration and Filing Portal (MRFP) simplifies the process for many states. If you’re fundraising nationally, consider working with counsel to develop a registration strategy.

5. Employment practices that haven’t been reviewed by counsel

Nonprofits are employers, and they’re subject to the same employment laws as any other employer — wage and hour rules, anti-discrimination requirements, workplace safety, benefits compliance. The nonprofit exemption that applies to taxes does not apply to employment law.

Common issues we see: misclassifying employees as independent contractors, failing to comply with state-specific wage requirements, handbook policies that conflict with current law, and inadequate documentation of personnel decisions.

What to do: Have your employment practices reviewed by counsel at least every two years. This includes your employee handbook, contractor agreements, job descriptions, and termination procedures. Employment law changes frequently, and what was compliant three years ago may not be today.

The common thread

None of these gaps are the result of bad intentions. They’re the result of good organizations that are focused on their mission and haven’t had someone look at the legal foundation in a while.

The fix is almost always straightforward. A governance review typically takes two to four weeks and results in a clear report: here’s what’s sound, here’s what needs attention, and here’s the documentation to fix it.

If your organization hasn’t had a legal review in the past three years, it’s time.