February 21, 2025

From legislation that would make it easier to challenge nonprofit organization’s tax-exempt status to federal prohibitions against once-popular diversity, equity and inclusion programs, the thought on the minds of many nonprofit leaders these days is: what if we get sued?

“While getting sued is admittedly a worst-case scenario, it’s not a bad lens through which to make sure your organization is prepared in these rapidly changing times,” says Soraya Membreno, the Institute for Nonprofit News’ Chief Operating Officer.

Membreno talked with INN’s communications team about the steps she is taking to mitigate legal and financial risks to INN – and what she recommends that all nonprofits do right now.

1. Evaluate your insurance policies. 

Three kinds of insurance policies are essential for any nonprofit organization, Membreno suggests. 

Directors and officers (D&O) insurance protects the organization’s board and officers from civil litigation for comments or actions taken on behalf of the organization: it’s important to keep this policy updated as people join. While historically D&O insurance has mostly been used for internal lawsuits (think: harassment), Membreno encourages nonprofits to add coverage for so-called third-party lawsuits, which may be brought by people who make claims – however false – against the organization’s activities. 

General liability policies are likewise essential, Membreno says, and should also include coverage for third-party coverage. Even all-remote workplaces need general liability to protect them when they host events, rent equipment or send employees on trips. 

Cyber liability is the third category of insurance that Membreno recommends for any organization that collects personal information (like email addresses) from the general public. It also covers newer threats like digital extortion that lead to financial losses.

Media organizations need a fourth policy, and that’s media liability insurance to protect against claims brought in response to news reporting. Membreno cautions news publishers to explicitly examine the definition of covered media to make sure the policy covers all the ways they currently publish and disseminate content.

A final tip on the insurance front: pay attention to whether legal defense fees are covered by the policy, not just hard costs: even claims lacking in merit require a response, and the response can be costly.

2. Establish your legal counsel before you need it. 

“You do not want to be shopping for a lawyer when you’re at the point of needing one,” Membreno says. 

This is particularly true for media liability insurance, in which an organization must list out attorneys by name and rate for pre-approval; counsel not listed in the policy is not covered. But it’s important generally, Membreno says, because you need to know that when you call someone, he or she will be ready to take your case. 

Many attorneys will make an agreement to represent an organization without charging a monthly retainer, as long as the organization agrees to call them first when it’s necessary. 

Pro bono legal services are a great resource, Membreno says (and for news publishers groups like Lawyers for Reporters offer real expertise) but for most nonprofit organizations, a pro bono service cannot replace dedicated legal counsel.  

3. Review your contracts. 

One of the tasks that organizations should ask lawyers (either pro bono or paid) to undertake is a review of all contracts, especially those templates like vendor contracts that are continually repurposed. 

Contracts should include mutual indemnification, so that both parties are protected from unforeseen consequences.

Making sure that language reflects the current state of the law is critical, too. For example, last year, a bill was introduced in Congress that could strip the tax-exempt status of nonprofits for supporting “terrorism.” While the bill is not currently up for a vote, there is word that it could come back and expand the definition of a terrorist organization to encompass groups that do work unpopular with the new Administration. To address this, a lawyer might incorporate language into contracts that says any funds disbursed cannot be used to fund terrorist organizations.

 4. Keep your finances up to date. 

While nonprofit organizations like INN already follow the fundamental rules of being a 501(c)3 (such as refraining from political activity), critics of nonprofits “could get nitpicky on the auditing,” says Membreno.

Rather than requesting deferments, Membreno suggests that it’s best in the current political climate to file forms and submit payments on schedule: this includes conducting audits, filing 990 Forms and paying quarterly taxes.

Being up to date also means making sure that everyone who works for an organization has submitted necessary paperwork (like I-9 Forms) and, especially for a remote workforce, that employee forms and withholding correspond to tax rules in each state. 

For organizations without full-time human resources staff, Membreno recommends working with a professional employer organization (PEO) like Justworks, which can help by offering local guidance on laws and regulations. 

5. Conduct a risk assessment. 

While conventional wisdom says that nonprofits should conduct a risk assessment annually, Membreno thinks it might be good now to do one every six months.

There are different templates for risk assessments, covering topics such as governance, finance, operations and compliance. Pick the template that makes sense and make time to work through it with a group of colleagues. Keeping old assessments allows organizations to evaluate how their understanding of and approach to risk is changing over time. 

Aside from these five areas that Membreno is working on for INN, she recommends that all operations professionals and nonprofit leaders make time now to build out relationships with key service providers.

“We have to expand who we think of as our allies or our community: Build out relationships with your lawyers and tax professionals and insurance agents because you may need them, and they can make better recommendations the more they know about your organization.”