HOW TO DRAFT POLICIES
(325) 676-7575
[email protected]
GOVERNANCE OF NONPROFIT ORGANIZATIONS August 22-23, 2013
Austin
Abilene, Texas 79606
PROFESSIONAL ACTIVITIES
Admitted to practice: Texas Supreme Court, US Supreme Court, US Tax
Court; CPA (Texas)
Former Chair, Advanced Estate Planning Conference, Texas Society of
CPA =s
Former member, Fiduciary Income Tax Committee, and Estate and Gift
Committee, American Institute of Certified
Public Accountants
Member, Tax Section, American Bar Association
Member, Real Property, Probate and Trust Law Section, American Bar
Association
Member, Real Estate, Probate and Trust Law Section, State Bar of
Texas
Member, Tax Section, State Bar of Texas
Member, American Health Lawyers Association
Fellow, Texas Bar Foundation
PUBLICATIONS, ACADEMIC APPOINTMENTS & HONORS
Author of several books and articles on estate planning and tax
subjects, and a frequent speaker to professional and
lay groups
i
TABLE OF CONTENTS
I. INTRODUCTION
...............................................................................................................................................
1
II. BACKGROUND
.....................................................................................................................................................
1
III. METHODOLOGY
..................................................................................................................................................
2
IV. TYPICAL CONTENT AREAS
..............................................................................................................................
2 A. Gift Acceptance
...............................................................................................................................................
2 B. Document Retention
........................................................................................................................................
2 C. Privacy
.............................................................................................................................................................
3 D. Insurance
.........................................................................................................................................................
4 E. Employee
.........................................................................................................................................................
5 F. Whistleblower
.................................................................................................................................................
5 G. Conflict of Interest
...........................................................................................................................................
6 H. Investment
.......................................................................................................................................................
7 I. Volunteer
.........................................................................................................................................................
7 J. Property Owners Association
..........................................................................................................................
8 K. Intellectual Property
........................................................................................................................................
8 L. Private Foundations
.........................................................................................................................................
8 M. Social Media
....................................................................................................................................................
9
SUGGESTED READING
............................................................................................................................................
10
APPENDIX B - SAMPLE DOCUMENT RETENTION POLICY
..............................................................................
21
APPENDIX C - PROTECTING CUSTOMER
INFORMATION................................................................................
28
APPENDIX E - SAMPLE WHISTLEBLOWER POLICY
..........................................................................................
34
APPENDIX F - CONFLICT OF INTEREST POLICY (PUBLIC CHARITY)
...........................................................
37
APPENDIX G - INVESTMENT POLICY
...................................................................................................................
41
APPENDIX H - VOLUNTEER POLICIES AND PROCEDURES
.............................................................................
50
APPENDIX I - CONFLICT OF INTEREST POLICY FOR PRIVATE FOUNDATION
........................................... 53
APPENDIX J - POLICY ON JEOPARDY INVESTMENTS AND EXCESS BUSINESS
HOLDINGS ................... 57
APPENDIX K - SOCIAL MEDIA POLICY TEMPLATE
..........................................................................................
59
How To Draft Policies Chapter 2
I. INTRODUCTION
Non-profits benefit immensely from a thoughtful, organized effort
to develop appropriate policies to guide
their governing boards, staff and volunteers. This article attempts
to point the way to accomplish this goal. As in
most fields, we stand on the Ashoulders of the giants@ who have
lead the way. (This was first attributed to Bernard of
Chartres, but popularized by Sir Issac Newton.)
II. BACKGROUND
Some have asserted that non-profit policy-making is like the
weather - much is said but little is done. The
purpose of this article is two-fold: motivation to do the job and
tips to make the work easier. And then, the rest is up
to you.
Let=s look at the reasons to make and maintain sound, practical and
thoughtful policies for the organization.
Most non-profits have pride in their work and mission. The
organization=s policies can reflect and build that pride.
Most non-profits expect their Board and staff to know and observe
rules of governance that protect and
enhance the mission and the organization=s resources, both
financial and human. If the rules are missing or unclear,
as nature abhors a vacuum, the holes can be filled with inefficient
or worse, illegal action.
Too often, board members are not informed, not intentionally, but
under a pattern of Aalways done it that way.@
It takes some persistence but an organization can break out of that
pattern using a Anew member orientation.@
The new board member is given a board book containing governing
documents, policies and a description of
the organization=s programs and/or events. An experienced hand in
the organization takes the time to lead the new
member through the board book highlighting those parts of interest
or concern to the new member.
This author can personally attest to the value of this process
having been involved in it from both sides.
The regulators and the IRS are watching. Should a problem arise, a
non-profit with a policy-driven response is
likely to fare much better than one without. One prime example is
the rebuttable presumption review under the
intermediate sanctions regulations.
Donors expect the organization to be a wise manager of its
resources. Policies made and enforced reassure the
donor or prospective donor that their gifts or grants will have a
good chance for successful use in the mission.
Pg 32 of the Compliance Guide for 501(c)(3) Public Charities,
published by the IRS states:
AGovernance and Management Policies. Although the Internal Revenue
Code does not require
charities to have particular governance and management policies,
the IRS does encourage boards of
charities to consider whether the implementation of policies
relating to executive compensation,
conflicts of interest, investments, fundraising, documentation of
governance decisions, document
retention, and whistleblower claims may be necessary or
appropriate.@
The article devotes a portion of the content to risk management.
Texas non-profits and their governing bodies
are subject to contract and tort liability, but manageable by and
large through statutory exemption, insurance, and
policy developed to minimize risk. Fund-raising events, operations,
and joint activities with other organizations all
present risks which policy can address. This is an area which
should not be left to chance, since experienced
management can leave and boards do turnover.
Policies thrown together without much thought or review might work,
but may be worse than useless. The
latter part of this article will help an organization=s governing
body Aget a grip@ on the subject with checklists and
resources covering the major content areas for which this author
believes policy is needed. Not that every non-profit
should or must adopt policy on each content area. Each non-profit
has special or unique circumstances so that each
must decide what is best for it.
AThe equation for disaster is A + B = C [Disaster]. A is natural
hazards, things like hurricanes, gases and
liquids under pressure that are extremely volatile .... B is
organizational hazards: people and their hubris, their
1
How To Draft Policies Chapter 2
arrogance, their greed. The real killer is our indolence.@ Robert
Bea, professor emeritus of Civil Engineering,
University of California, Berkeley and former Shell Oil Co.
executive, as quoted in ADiscover@ June, 2013.
III. METHODOLOGY
There is no single right way for a non-profit to adopt and maintain
its policies, other than involvement by both
governing body and staff. Some organizations will be lead by staff
whose job it is to make and maintain the policies
for the organization subject to approval by the board. Others may
have active board involvement, or perhaps a board
committee. The needs and dynamics of the organization will dictate
structure. However, it is clear that however
done, the policies adopted must have the following
characteristics:
A. support the organization=s mission
B. be clear and concisely drawn
C. provide guidance appropriate to the organization=s
activities
D. provide guidance for decision-making when management discretion
is needed
E. follow applicable legal, accounting and tax rules or
conventions
F. set forth the process for their revision as needed
Professional assistance and review of an organization=s policies
for a start-up or in a periodic review can be
crucial. The discovery of inappropriate or incorrect policy after
an adverse event or transaction could hurt or is at
least not helpful.
IV. TYPICAL CONTENT AREAS
A. Gift Acceptance. No matter what, over time, a charity with an
active fund-raising effort will be
presented with an unusual or challenging problem. Someone wants to
donate a lake lot, or property subject to a debt,
or property with a suspicious environmental history. Or, someone
wants to donate with restrictions on the gift. All
these questions can be successfully handled by the organization IF
it has already adopted a suitable gift acceptance
policy, and the board and staff understand and use it. Such is the
art of crafting policies that benefit the organization
by properly focusing its efforts. If the organization is not so
focused, then it could spend time dealing with
something that really diverts it from its mission. For example,
many charities should not consider accepting and
administering deferred gifts such as charitable split-interest
gifts, as they do not have the internal staff or experience
to do so. The gift acceptance policy should deal with that so that
all stakeholders are clearly informed. A board
member will be able to say to a friend when asked, ANo, the
organization does directly accept the trusteeship of a
remainder trust, but it can certainly be named as a remainder
beneficiary.@ A sample Gift Acceptance Policy is
provided at Appendix A.
B. Document Retention. A document retention policy permits the
organization to balance risk
management with efficiency. Where that balance lies is generally in
the sound judgment of the governing body,
subject to legal requirements, such as keeping tax records for
years where the period of limitations has not run. Of
course, certain really important records should never leave home,
but many others have a useful life then should be
properly disposed of again based upon the policy adopted.
This policy should be revisited periodically by the governing body
for two reasons: for currency and for a
discipline of actually disposing of the documents which it calls
for destruction. Following the policy promotes
efficiency and still manages risk by having the documents available
to show the organization=s considered course of
action.
Two important ideas crowd in here:
One, if there is threatened or an actual litigation or regulatory
examination, then the document policy is put in
suspense. An example of this guidance is provided as VI. of the
sample document Retention Policy included as
Appendix B.
Second, an ever increasing level of organizational documents are
digital. Those digital records may be
centrally stored and retrieved on a network, in the cloud or on
individual computers. The Sample Document
Retention Policy in Appendix B speaks of network storage, but a
given organization may not have such a system. So
2
How To Draft Policies Chapter 2
the policy should be tailored to deal with this. At a minimum,
someone in management should monitor data storage
and retrieval for that situation.
C. Privacy. A cardinal principle for charities and many other
non-profits is maintaining donor privacy.
(Yes, even (c)(4)=s.) For charities with a gift acceptance policy,
the privacy of the donor=s plan or contribution unless
the donor consents to public recognition, is prominently declared.
For organizations without a formal gift acceptance
policy, the organization may provide the donor with written
assurances of privacy.
There may be other aspects to donor privacy. A celebrity donor may
wish to be a volunteer in the organization
(not serve as a governing person) without any publicity. A donor=s
family member may receive services from the
organization for which the donor wants no publicity. These
situations may require or receive assistance from a
privacy policy.
Certainly those individuals receiving assistance from an
organization will usually wish to stay clear of the
public view. This should not mean that the organization may avoid
required reports to regulators, etc., which
generally is not viewed as public disclosure. A sample Privacy
Policy is in Appendix C.
If your organization has a website, you MUST pay attention to the
Privacy Best Practices published by
TRUSTe, a non-profit organization involved in education on privacy
practices and certifying websites for privacy
protection quality.
There are restrictions on how and what data may be collected from
children (AChild Online Protection Act@
HR3783; 47 USC 231(d)).
The Federal Trade Commission is active in investigating and
prosecuting cases involving breach of privacy.
See the Notes on Non-Profits blog of Erin McClarty for excellent
insight into the warp and woof of this area. Of
particular note is her comment warning about simply finding a
document on the internet and adopting it without
careful thought or professional help.
That theme is recurrent in this broad area of policy development
for non-profits. While in some cases a hastily
prepared policy might do for a while, over time it can become a
problem because of the mismatch between actual
need and transactions and the policy language. APay me now or pay
me later.@
Note: Charities, religious organizations and a number of tax-exempt
organizations have increased public
disclosure requirements. Certain tax returns and forms must now be
disclosed to the public on request. These
requirements arise from the passage of the Taxpayer Bill of Rights
2 in 1996 (P. L. 104-168) and implemented by
Treasury Regs. effective June 8, 1999.
What must be disclosed: All or any requested part (except donor
information) of:
Form 990 Return of Organization Exempt from Tax
Form 990 BL Information and Initial Excise Tax Return for Black
Lung
Benefit Trusts and Certain Related Persons
Form 990-EZ Short Form Return of Organization Exempt from Income
Tax
Form 1023 Application for Recognition of Exemption under
Section
501(c)(3) of the Internal Revenue Code
Form 1024 Application for Recognition of Exemption under
Section
501(a) or for Determination under Section 120 of the
Internal Revenue Code
No disclosure is required for a PENDING application for
exemption.
The three (3) most recent tax returns, plus all attachments, are
open to disclosure except those
attachments dealing with donors.
How disclosure is made.
Disclosure may be made by inspection or copying.
Inspection. Documents subject to disclosure may be inspected at the
principal office of
the organization. If the organization has satellite offices or
three (3) or more
full-time employees, and management staff (beyond merely
on-site
management), then inspection may occur there as well.
Inspection of documents may be monitored by an employee of
the
organization.
Copying. Requests for copies made in person must be satisfied
usually on the same
business day. If unusual circumstances exist, such as the absence
of the
person normally handling such requests, then the organization may
have up
to five business days if needed, within which to respond.
Requests for copies by mail, fax or email must receive a response
within 30
days.
An organization may charge a reasonable copy fee. Generally, the
IRS
considers $ 1.00 for the first page and $ .15 for each additional
page to be a
reasonable copy fee. Postage is also an acceptable charge to the
person
requesting copies.
An organization may require prepayment of its copy fees. Should a
written
request arrive without prepayment, the organization must give the
requestor
written notice within seven days that payment is due.
Telephone requests for copies need not be accepted. Requestors
should be
told to make a written request.
Documents widely available
An exception to the copying burden exists where the organization
makes its tax information
(e.g. Form 990) widely available. The most commonly referred to
method is the internet.
If any person may print the organization’s document from the
internet in the same format as
the tax return and without charge, then the organization need not
make copies available.
However, the organization must still allow inspection of these
documents on request at its
office(s).
Penalties for non-compliance
$ 20.00 per return or exemption application per DAY on the
individual responsible for
disclosure, up to $ 10,000 maximum for a return. (No max for an
exemption application.)
$ 5,000 per return or application for an organization wilfully
failing to disclose.
A more robust discussion of the applicable rules will be found in
the outline of Jonathan Frels, “Current Case
Law Development in Public Disclosure,” as a part of this
course.
D. Insurance. By and large, the most important reason for having an
insurance policy is to backstop the
indemnity promises made to the organization=s governing body and
volunteers. Many organizations provide hold
harmless language to these individuals in their governing
documents, such as Bylaws. The organization promises to
protect the volunteer board member from liability including costs
of defense in a lawsuit where the board member is
4
How To Draft Policies Chapter 2
sued, and the governing board finds that the member has not acted
in bad faith or with disloyal conduct to the
organization.
Sometimes organizations accept the indemnity language in the
governing documents without much review.
This could be a problem since Texas law leaves wide latitude for an
organization to decide how much and when to
indemnify. A critical question is either the costs of defense are
paid in advance or at the conclusion of the litigation.
Clearly, the terms of any insurance, particularly a directors and
officers liability policy, should be consistent
with the indemnity provisions of the organization=s insurance
policy and/or governing documents. If the policy says
pay up-front, but the insurance policy says wait, then the
organization=s balance sheet is impacted.
A qualifying charity or other organization covered by the
Charitable Immunity Act of 1987 (Chapter 84, Civil
Practice and Remedies Code), will want to review insurance coverage
and maintain the level needed to qualify for
protection of its volunteers and employees from unwanted personal
liability.
A well-crafted policy will coordinate the above elements for
maximum protection and lowest premium cost,
consistent with the organization=s activities. A sample Insurance
Policy is found in Appendix D.
E. Employee. It is perhaps an understatement to say that a
well-crafted employee policy is quite
important. Insurance agents claim that the primary source of claims
against the directors of a non-profit organization
are employee-related.
Unless organization management is really capable of doing so, it
should use outside experts such as an
employment law attorney, to prepare, or to review and edit, any
employee manual or policy, the area is just so dicey
with risk to the organization and its management, this type of
organizational document must be correct, complete and
thoroughly compliant with the multitude of laws and regulations
affecting employers.
For an excellent source, see Connie Cornell, Employment Litigation
Prevention for Texas Managers and
supervisors.
F. Whistleblower. Whether the organization has paid staff or not, a
whistleblower protection policy
A...encourages staff and volunteers to come forward with credible
information on illegal practices or violations of
adopted policies of the organization, specifies that the
organization will protect the individual from retaliation,
and
identifies those staff or board members or outside parties to whom
such information will be reported.@
Instructions to Form 990, pg. 20.
Even though not required by federal tax law, the organization may
benefit from the policy through prevention
of fraud or damage to its image. Its adoption brings recognition
that the organization desires transparency and
accountability.
Further, the Sarbones-Oxley Act (Section 1107) requires that no
corporation (including non-profits) may
retaliate against a whistleblower. This does not require a written
policy but there is universal agreement that written
policy prove it was attempting compliance.
As to the IRS= view, a whistleblower policy has three main
elements;
1. Encourages disclosure within the organization of illegal acts or
violations of policy;
2. Protects the whistleblower from retaliation; and
3. Identify persons within the organization to whom the information
may be given.
If an organization receives federal funding, then the Federal False
Claims Act (31 USC 3729(h)) protects
whistleblowers from retaliation.
Useful guidance on the development of this type of policy is found
in Policy Services Memo #3 dated 12-1-
2009, issued by the Form 990 Policy Series Group
(www.publiccounsel.org/usefulmaterials).
How To Draft Policies Chapter 2
1. Where should the policy be found? For example, if it is only in
the employee handbook, then it
would not be available to volunteers.
2. Make sure the policy can actually be followed.
3. At what level is the policy approved? Board or staff?
4. Who is really going to receive a whistleblower complaint? Often
in a small organization, such as
one without an audit committee or a compliance officer, the real
opportunity to disclose is missing.
5. Provide a disciplinary route for frivolous complaints.
6. Provide a concrete means of follow-up, including informing legal
counsel, if needed, interviewing
employees and others, and making a written record.
7. Reporting back to the whistleblower.
8. Making explanations of the policy to employees and
volunteers.
A sample policy is found in Appendix E.
G. Conflict of Interest. Among the most important duties of a
non-profit director or key officer is the
duty of loyalty. That duty is breached if the director or officer
uses the resources of the organization unfairly for
personal reasons. Here, a conflict of interest policy is, without
research, probably the most prevalent policy in the
non-profit organization=s portfolio. It does not hurt that the IRS
Form 1023 asks quite prominently about this as well.
What are the essential elements of a conflict of interest
policy?
First, it should define the relationships and transactions that may
give rise to a conflict.
Second, the policy requires governing persons to disclose actual or
possible conflicts to the organization.
Third, a process for sorting out the facts and making a decision on
behalf of the organization is important.
Fourth, it gives enforcement authority to the governing body in the
event of a finding of a conflict.
Fifth, it pays particular attention to compensated individuals of
the governing body.
Sixth, it encourages the use of outside experts if needed.
Although the policy adopted by a public charity is not required to
refer to the provision of the intermediate
sanctions rules of Section 4958, IRC, the policy should be
consistent with such rules. For example, the policy should
allow for the procedures available to obtain a rebuttable
presumption of no prohibited transaction with respect to a
transaction between the organization and an insider, under Section
4958, IRC.
For insiders and the organization, there is a fair amount at stake
here. If the organization has a robust conflict
of interest policy communicated to its stakeholders, there may be
less chance that a governing person will attempt an
unfair transaction, or if attempted, that another person in the
organization will acquiesce.
Should an insider transaction occur, the governing body and staff
can handle the situation with more
confidence. In an indirect way, the policy can back up a decision
to remove the recalcitrant director who has crossed
the line.
A routine process of disclosure by governing persons gives the
organization and its supporters a greater
confidence that the organization is well-run.
A sample conflict of interest policy is found at Appendix F.
6
How To Draft Policies Chapter 2
H. Investment. Texas Business Organization Code, Section 22.221,
provides that a director must act in good
faith, with ordinary care and in a manner the director reasonably
believes to be in the best interests of the corporation.
A director is not a guarantor of performance, but must act with
informed judgment and common sense.
Attendance at meetings, review and understanding of materials
presented to the board and requesting information are
part of the proper exercise of a director=s duties.
The Code also allows the board to delegate its investment
authority, but it cannot delegate the ultimate
responsibility. The board may contract with investment advisors or
managers, so long as it selects such outside
managers with ordinary care and in good faith.
For those organizations with endowment assets or other investments
that are not used directly in the
performance of the exempt function, an investment policy is needed.
Texas has the Uniform Prudent Management of
Institutional Funds Act AUPMIFA@ (Texas Property Code, Chapter
163), which guides such non-profits in the
management of their investments. Using the modern portfolio theory
of investments, UPMIFA permits distributions
from the investments that are prudent in light of the overall
investment return. Distributions greater than 7% require
extra justification or will be considered imprudent for a fund
valued at $1 million or more. Smaller funds have a 5%
threshold. But these are not safe harbors.
Under UPMIFA, the directors are to act with ordinary business care
and prudence in the investment of its funds
and consider both short and long term needs in making investment
decisions, using the facts and circumstances at the
time of the decision.
UPMIFA specifically allows the board to delegate its investment
authority to outside investment managers and
pay their fees. Also, UPMIFA allows the corporation to invest in
practically any kind of investment, regardless of its
current return.
An organization=s attention to this area is a mark of sound
management and good stewardship. The investment
policy may, but need not explicitly mention UPMIFA; nonetheless,
the policy should at a minimum, cover the
following:
1. The overall investment goals of the organization, such as to
build long-term endowment.
2. The asset allocation to be the target for overall investment
strategy.
3. What person or group of persons is responsible for the oversight
of the investment decision-
making.
Often, the organization will use outside investment management but
someone within the organization must
review that work and report to the governing body.
4. How often will the organization review the results of the
investments.
Many organizations will use either a quarterly or annual review
process. This may include a decision on
whether to retain or discharge an investment manager, or, the
organization could decide to move the investment
management outside the organization after the investments have
grown or become diverse.
5. The process for changing the investment policy. Normally, the
policy has, in its asset allocation
section, a range of values within which the investment manager may
operate. For example, holding cash of between
2% and 4% of the total investment fund could be an acceptable
amount of cash to be held, under the policy.
A sample investment policy is included in Appendix G.
I. Volunteer. It is a rare case to find a non-profit with no
volunteers. Volunteers are vital to the organization,
starting with volunteer board members. Just as with any valuable
resource, this one needs management: recruiting,
7
screening, training, supervising and evaluating. There are lots of
online resources for dealing with volunteers.
Appendix H includes the online version of a sample Volunteer
Policy.
As with any organization policy, the content and style should fit
the organization.
Significant items for the policy probably should include:
1. Training and duties
4. Conflict of interest
5. Safety and security
J. Property Owners Association. Roy Hailey is going to provide an
authoritative discussion of property
owner’s associations later in this course. This is a somewhat
specialized area with its own set of state law
requirements. For example, associations must maintain policies on
open records and records retention (Texas
Property Code, Section 200.005), and payment plan guidelines (Texas
Property Code, Section 209.0062.) If
association has a website, then the required policies must be found
there. (Texas Property Code, Section
207.006).
K. Intellectual Property. Although many organizations will not be
involved in research and development and
the commercialization of inventions, innovations and research
findings, those that have a trade name or wish to
protect copyrighted material should consider an appropriate
intellectual property policy.
A useful tool for crafting such a policy is the document
AGuidelines on Developing Intellectual Property Policy for
Universities and R&D Organizations,@ published by the World
Intellectual Property Organization, Geneva
Switzerland. (unedited, advance copy).
This publication=s bibliography acknowledges material it drew from
leading U.S. Universities, including the
University of Texas (http://www.utsystem.edu?OGC/Intellectual
Property (polguide.htm) and MIT
(http://web.mit.edu/policies/13-1-html).
For example, the draft items covering copyrights include the
authorization or prohibition of:
reproduction in various forms
translation into other languages
With respect to the management of a copyright, the policy must deal
with:
1. Ownership, including participation agreements which clearly
gives the organization rights in the work, subject
to any retained rights in the creator
2. Whether the organization will register the copyrighted work with
the Library of Congress
3. Whether copyrighted work will be available for licensing and on
what terms and conditions
A registered trademark for a non-profit organization provides
recognition and potential financial reward, as
well as protection from unfair competition from organizations who
would provide inferior service. However, the
majority of non-profit organizations will probably avoid using a
registered mark, as the costs of its maintenance and
administration will outweigh the benefits (notable
exception-Gatorade7).
L. Private Foundations. Private foundations are subject to more
restrictions and requirements in their
operation than publicly supported charities, including governing
document requirements under Section 508(e), IRC.
Those document requirements are either present in the governing
documents of the organization or incorporated by
reference under Texas law. See Section 112.055, Texas Property Code
or Section 2.107, Texas Business
8
Organizations Code. Unless the organization is a private operating
foundation described in Section 4942(j)(3), IRC,
the organization will move through the annual drill of determining
its 2% audit tax to pay with the filing of its Form
990-PF and the amount to distribute or spend to meet the 5% payout
requirement.
Since the private foundation and its disqualified persons may not
deal with each other no matter whether the
deal is fair or not (Section 4941,IRC), the organization will want
a different conflict of interest policy than a publicly
supported charity (that is not a supporting organization). A sample
policy is found in Appendix I.
A private foundation is subject to special restrictions in jeopardy
investments (Section 4944, IRC) and excess
business holdings (Section 4943, IRC). Provisions in the investment
policy and the gift acceptance policy should
reflect the organization=s understanding of these roles and a plan
to deal with them. See Appendix J.
M. Social Media. In January, 2012, the National Labor Relations
Board (NLRB) produced a second report on
social media, revising its earlier first report issued in 2011.
(See www.socialmediapolicytemplate.com) Eric
Schwartzman, an online communications consultant, has drafted an
excellent outline and template, based upon the
NLRB report, for guidance on developing organizational
policy.
In summary, after concise and accurate definitions, the policy sets
out organizational objectives, then guiding
principles.
The basic rules for an organization’s staff are:
- do not use social media covertly - always show clear
identification with the organization
- only certain persons are authorized to use social media on behalf
of the organization
- all contractors, venturers and agencies with whom the
organization has an ongoing relationship are in
agreement with the organization’s social media policy
- online activities of organization staff do not interfere with
their job performance
This author would add that whether it appears in this policy and/or
in the employee handbook, the organization
should require the staff’s understanding that any social media use
at work on computers or tablets of the organization
may be accessed at any time by the organization.
Suggested Reading
“The Sarbones-Oxley Act and Implications for Nonprofit
Organizations,” © 2003 Board Source and Independent
Sector.
“Guidelines on Developing Intellectual Property Policy for
Universities and R&D Organizations,” World Intellectual
Property Organization (unedited, advance copy) at
www.wip.int/
www.truste.com/
Commonfund White Papers at
www.commonfund.org/InvestorResources/Publications
Pages/WhitePapers.aspy
“ A B o a r d M e m b e r ’ s G u i d e t o N o n p r o f i t I n s
u r a n c e , ” P a m e l a D a v i s , 2 0 0 8 i n
How to Draft Policies Chapter 2
11
GIFT ACCEPTANCE POLICIES AND GUIDELINES
______ Charity, a not for profit organization organized under the
laws of the State of encourages the solicitation and acceptance of
gifts to I
_________ Charity (hereinafter referred to as the Charity) for
purposes that will help the Charity to further and fulfill its
mission. The following policies and guidelines govern acceptance of
gifts made to the Charity or for the benefit of any of its
programs.
The mission of the Charity is to:
I. Purpose of Policies and Guidelines
The Board of Directors of Charity and its staff solicit current and
deferred gifts from individuals, corporations, and foundations to
secure the future growth and missions of the Charity. It is the
purpose of these policies and gUidelines to govern the acceptance
of gifts by the Charity and to provide guidance to prospective
donors and their advisors when making gifts to the Charity. The
provisions of these policies shall apply to all gifts received by
the Charity for any of its programs or services.
n. Use of Legal Counsel
______ charity shall seek the advice of legal counsel in matters
relating to acceptance of gifts where appropriate. Review by
counsel is recommended for:
a. review of closely held stock transfers that are subject to
restrictions or buy - sell agreements
b. review of documents naming Charity as Trustee
c. review of all gifts involving contracts, such as bargain sales
or other documents requiring the Charity to assume an
obligation
d. review of all transactions with potential conflict of interest
that may invoke IRS sanctions
e. and such other instances in which use of counsel is deemed
How to Draft Policies Chapter 2
12
appropriate by the Gift Acceptance Committee ID. Conflict of
Interest
All prospective donors shall be strongly urged to seek the
assistance of personal legal and financial advisors in matters
relating to their gifts and the resulting tax and estate planning
consequences. The Charity will comply with the Model Standards of
Practice for the Charitable Gift Planner promulgated by the
National Committee on Planned Giving, shown as an appendix to this
document.
IV. Restrictions on Gifts
The Charity will accept unrestricted gifts, and gifts for specific
programs and purposes, provided that such gifts are not
inconsistent with its stated mission, purposes, and priorities. The
Charity will not accept gifts that are too restrictive in purpose.
Gifts that are too restrictive are those that violate the terms of
the corporate charter (or trust document if Charity is established
under trust), gifts that are too difficult to administer, or gifts
that are for purposes outside the mission of the Charity. All final
decisions on the restrictive nature of a gift, and its acceptance
or refusal, shall be made by the Gift Acceptance Committee of the
Charity.
V. The Gift Acceptance Committee
The gift acceptance committee shall consist of:
- The President of Charity
- The Treasurer of Charity
- Two members of the Executive Committee, appointed by the
President
- Two members of the Development Committee, appointed by the
Development Vice President
- Such other members as appointed by the President of the
Charity
- Ex-Officio members shall include the Executive Director and the
Development Director of Charity
The gift acceptance committee is charged with the responsibility of
reviewing all gifts made to Charity, properly screening and
accepting those gifts, and making recommendations to the Board on
gift acceptance issues where appropriate.
How to Draft Policies Chapter 2
13
1. Cash
6. Oil, Gas, and Mineral Interests
7. Bargain Sales
8. Life Insurance
13. Bequests
14. Life Insurance Beneficiary Designations
B. The following criteria govern the acceptance of each gift
form:
1. Cash: Cash is acceptable in any form. Checks shall be made
payable to The Charity and shall be delivered to (place title of
Charity employee to which gift should be delivered) in the
Charity's administrative offices.
2. Tangible Personal Property: All other gifts of tangible personal
property shall be examined in light of the following
criteria:
• Does the property fulfill the mission of the Charity?
How to Draft Policies Chapter 2
14
• Is the property marketable?
• Are there any undue restrictions on tile use, display, or sale of
the property?
• Are there any carrying costs for the property?
The final determination on the acceptance of other tangible
property gifts shall be made by the Gift Acceptance Committee of
the _ Charity.
3. Securities: The Charity can accept both publicly traded
securities and·closely held securities.
Publicly Traded Securities: Marketable securities may be
transferred to an account maintained at one or more brokerage firms
or delivered physically with the transferor's signature or stock
power attached. As a general rule, all marketable securities shall
be sold upon receipt unless otherwise directed by the Investment
Committee. In some cases marketable securities may be restricted by
applicable securities laws; in such instance the final
determination on the acceptance of the restricted securities shall
be made by the Gift Acceptance Committee of the Charity.
Closely Held Securities: Closely held securities, which include not
only debt and equity positions in non-publicly traded companies but
also interests in LLPs and LLCs or other ownership forms, can be
accepted subject to the approval of the Gift Acceptance Committee
of the Charity. However, gifts must be reviewed prior to acceptance
to determine that:
• there are no restrictions on the security that would prevent
_____ Charity from ultimately converting those assets to
cash,
• the security is marketable, and
• the security will not generate any undesirable tax consequences
for the Charity.
If potential problems arise on initial review of the security,
further review and recommendation by an outside professional may be
sought before making a final decision on acceptance of the gift.
The final determination on the acceptance of closely held
securities shall be made by the Gift Acceptance Committee of the
Charity and legal counsel where necessary. Every effort will be
made to sell non-marketable
How to Draft Policies Chapter 2
15
securities as quickly as possible.
4. Real Estate: Gifts of real estate may include developed
property, undeveloped property, or gifts subject to a prior life
interest. Prior to acceptance of real estate, the Charity shall
require an initial environment review of the property to insure
that the property is not contaminated with environmental damage.
Environmental inspection forms are attached as an appendix to this
document. In the event that the initial inspection reveals a
potential problem, the Charity shall retain a qualified inspection
firm to conduct an environmental audit. The cost of the
environmental audit shall generally be an expense of the
donor.
Where appropriate, a title binder shall be obtained by the Charity
prior to the acceptance of the real property gift. The cost of this
title binder shall generally be an expense of the donor.
Prior to acceptance of the real property, the gift shall be
approved by the Gift Acceptance Committee of the Charity and by the
Charity's legal counsel. Criteria for acceptance of the property
shall include:
• Is the property useful for the purposes of the Charity?
• Is the property marketable?
• Are there carrying costs, which may include insurance, property
taxes, mortgages, or notes,' etc., associated with the
property?
• Does the environmental audit reflect that the property is not
damaged?
5. Remainder Interests In Property: The Charity will accept a
remainder interest in a personal residence, farm, or vacation
subject to the provisions of paragraph 4. above. The donor or other
occupants may continue to occupy the real property for the duration
of the stated life. At the death of the donor, the Charity may use
the property or reduce it to cash. Where the Charity receives a
gift of a remainder interest, expenses for maintenance, real estate
taxes, and any property indebtedness are to be paid by the donor or
primary beneficiary.
6. Oil, Gas, and Mineral Interests: The Charity may accept oil and
gas property interests, where appropriate. Prior to acceptance of
an oil
How to Draft Policies Chapter 2
16
receipt. include the year
8. Life Insurance: Charity must be named as both beneficiary and
irrevocable owner of an insurance policy before a life insurance
policy can be recorded as a gift. The gift is valued at its
interpolated terminal reserve value, or cash surrender value,
upon
If the donor contributes future premium payments, the Charity will
the entire amount of the additional premium payment as a gift in
that it is made.
If the donor does not elect to continue to make gifts to cover
premium payments on the life insurance policy, the Charity
may:
• continue to pay the premiums,
• convert the policy to paid up insurance, or
• surrender the policy for its current cash value.
9. Charitable Gift Annuities: Charity may offer charitable gift
annuities. The minimum gift for funding shall be $5,000. Charity
President may make exceptions to this minimum. The minimum age for
life income beneficiaries of a gift annuity shall be 55. Where a
deferred gift annuity is offered, the rninimum age for life income
beneficiaries shall be 45. No more than two life income
beneficiaries will be permitted for any gift annuity.
Annuity payments may be made on a quarterly, semi-annual, or annual
schedule. Charity President may approve exceptions to this payment
schedule.
______ Charity will not accept real estate, tangible personal
property, or any other illiquid asset in exchange for current
charitable gift annuities. Charity may accept real estate, tangible
personal property, or other illiquid assets in exchange for
deferred gift annuities so long as there is at least a 5 year
period before the commencement of the annuity payment date, the
value of the property is reasonably certain, and the President of
Charity approves the arrangement.
Funds contributed in exchange for a gift annuity shall be set aside
and invested during the term of the annuity payments. Once those
payments have terminated, the funds representing the remaining
principal contributed in exchange for the gift annuity shall be
transferred to _____ Charity's general endowment funds, or to such
specific fund as designated by the donor.
10. Charitable Remainder Trusts: The Charity may accept
How to Draft Policies Chapter 2
17
ENVIRONMENTAL INTERVIEW
This interview is designed for use with current and/or prior owners
or mangers of the property.
Date of Interview _ Interviewer _
Type of Property Agricultural Commercial Age of Buildings
Residential
Timber Manufacturing Undeveloped Lane Other
_
1. Indicate prior uses of property. _
_ _
3. For U$es indentified in question 1, has an environmental license
or permit ever been issued? No Yes
4. Are there any oil, fuel or chemical storage tanks on the
property located above or below ground? No Yes
5. Has an environmental assesment been previously conducted?__ No
__ Yes If Yes, provide a copy of the report.
6. If available, attach maps or surveys that describe the property
to this questionnaire. __ attached __ non available
7. If you are unable to furnish the information requested above,
please advise us if there is a reliable source that may be able to
furnish this information.
How to Draft Policies Chapter 2
18
Name of Inspector _ Date of Inspection _
Owner of Property _ Estimated Size _
Location of Property _ Current Use _
Number of years the current use has been in effect _
Brief history of property use (list past use and former tenants,
and source of information)
ENVIRONMENTAL SITE INSPECTION CHECKLIST
1. An on-site inspection revealed the following: Yes No
A. Stressed or denuded vegetation or unusual barren areas B.
Discoloration, oil sheens or foul/unusual odors in water C. Dump
site D. Tire/battery/chemical storage or disposal E. Storage drums
F. Above or below ground storage tanks, vent or filler pipes G.
Evidence of petroleum or oil products H. Evidence of PCBs
(electrical transformers, capacitors) I. Subject or adjoining
property used for industrial purposes
J. Existing structures: If yes, indicate if there is: 1. Evidence
of chemical spills/leaks 2. Evidence of asbestos 3. Any source of
air emission
K. Does property appear on National/Site Hasardous Site list? L. If
"yes" to any of the above, describe: _
II. ( ) Based on the evaluation of known, discovered or observed
environmental factors, there is no evidence of environmental
contamination on this or neighboring properties, and no further
action is recommended.
How to Draft Policies Chapter 2
19
H. The donor has revealed portential sources or causes of
environmental contamination.
I. This property is used for agricultural purposes.
( ) Based on the evaluation of known environmental factors, there
is no evidence of possible environmental contamination of this or
neighboring properties and no further action is recommended.
( ) Based on the evaluation of known environmental factors, there
is evidence of possible environmental contamination on this or
neighboring properties and further investigation is
recommended.
Recommendations: _
Acceptance of Form Approved By Title Date
How to Draft Policies Chapter 2
20
21
SAMPLE DOCUMENT RETENTION POLICY From the January/February 2006
Fraud Magazine column "Fraud &The Law"
By Juliana Morehead
hllp:l/acfe.com/fraud/view.asp?ArticleID:=SOO
This is OIlIY (J SAMPLE DOCUMENT RETENTION Po.UCY ("DRP'J, and ir
NOT LEGAL ADVICE. It i.r OIl!Y all example ofa gelleral DRP alld
should 1I0t he ",.red Ivithollt l'CIJ;'riOIl to 1I/eet the
paltiC!llar adtl/ilJi.rtratipe alld legal lIeeds ofyour
orgalli:<:f1tioll. Thel'C arc mal!y federal, .rtale alld loml
laws that reqllire orgallizatiolls to retaiJi dOt'lI/Jlellt.r for a
arlaill peliod r!l tillle that III'!)' 1I0t repl'C.rellted ill
thi.r sample poliry. All fOlI/pallies should tVlltad tVimsc/
lit'lJllsed to pmdit"c Imv i/1 their state befol'C implelltelltillg
a DRP.
I. Purpose
To ensure the most efficient and effective operation of
ORGANIZATION ("Organization"), we are implementing this Document
Retention Policy ("DRP" or "policy''). The records of Organization
and its subsidiaries are important to the proper functioning of
Organization. Our records include virtually all of the records you
produce as an Organization employee. Such records can be in
dectronic or paper form. Thus, items that you may not consider
important, such as interoffice emails, desktop calendars and
printed memoranda are records that are considered important under
this policy. If you are ever uncertain as to any procedures set
forth in this policy (e.g., what records to retain or destroy, when
to do so, or how) it is your responsibility to seek answers from
Organization's DRP Manager.
The goals of this DRP are to: 1. Retain important documents for
reference and future use; 2. Ddete documents that are no longer
necessary for the proper functioning of
Organization; 3. Organize important documents for efficient
retrieval; and 4. Ensure that you, as an Organization employee,
know what documents should be
retained, the length of their retention, means of storage, and when
and how they should be destroyed.
Federal and state laws require Organization to maintain certain
types of records for particular periods. Failure to maintain such
records could subject you and Organization to penalties and fines,
obstruct justice, spoil legal evidence, and/or seriously harm
Organization's position in litigation. Thus, it is imperative that
you fully understand and comply with this, and any future records
retention or destruction policies and schedules, UNLESS you have
been notified by Organization, or ifyou believe that (1) such
records are or could be relevant to any future litigation, (2)
there is a dispute that could lead to litigation, or (3)
Organization is a party to a lawsuit, in which case you MUST
PRESERVE such records until Organization's legal counsd determines
that the records are no longer needed.
"Records" discussed herein refers to all business records of
Organization (and is used interchangeably with "documents''),
including written, printed, and recorded materials, as well as
dectronic records (i.e., emails and documents saved dectronically).
All business
How to Draft Policies Chapter 2
22
records shall be retained for a period no longer than necessary for
the proper conduct and functioning of Organization. No business
records shall be retained longer than five (5) years, EXCEPT those
that (1) have periods provided for herein, (2) are in the Document
Retention Schedule, found at Appendix "A", or (3) are specifically
exempted by Organization's DRP Manager.
II. Management
To ensure compliance with this DRP, Organization's DRP Manager is
responsible for the following oversight functions:
• Implementing the DRP; • Ensuring that employees are properly
educated, understand, and follow the DRP's
purpose; • Providing oversight on actual retention and destruction
of documents;
• Ensuring proper storage of documents; • Periodically following-up
with counsel to ensure proper retention periods are in
place;
to theDRP.
Organization's DRP Manager shall annually review the DRP, modify it
accordingly, and inform and educate all Organization employees on
any such changes. All questions relating to document retention
and/or destruction should be directly addressed to Organization's
DRP Manager.
III. Types of Records
Appendix "A", attached at the end of this DRP, lists several
categories of records, as well as specific records that contain
specific retention periods. This is referred to as a Document
Retention Schedule ("DRS"). All tec:ords not provided for in the
DRS or described herein, shall be classified into three types, (1)
Temporary Records, (2) Final Records, and (3) Permanent
Records.1
Tempotaty Records
Temporary records include all business documents that have not been
completed. Such include, but are not limited to written memoranda
and dictation to be typed in the future, reminders, to-do lists,
report, case study, and calculation drafts, interoffice
correspondence regarding a client or business transaction, and
running logs
I See Ashcraft, H. uf Hanson, Bridgett. Marcus, Vlahos & Rudy,
LLI'., DQCUmcnt Retention: Guidelines for Managing Project Files,
February 2002. Available at
Ilttp://terral'l'g.col11/images/pdfs/Doclll11entRetention.pdC
How to Draft Policies Chapter 2
23
Temporary records can be destroyed, or pennanently deleted if in
electronic form (see protocol below for proper destruction of data
in electronic form) when a project/case/file closes. Upon the
closing of a project/case/file, gather and review all such
temporary records. Before you destroy or permanently delete these
documents, make sure you have duplicates of all the final records
pertaining to the project/case/file. Upon destruction or deletion,
organize the final records (and duplicates) in a file marked
"FINAL" and store them appropriately.
Final Records
Final records include all business documents that are not
superseded by modification or addition. Such include, but are not
limited to: documents given (or sent via electronic form) to any
third party not employed by Organization, or government agency;
final memoranda and reports; correspondence; handwritten telephone
memoranda not further transcribed; minutes; design/plan
specifications; journal entries; cost estimates; etc. All
accounting records shall be deemed final.
Except as provided for in the DRS, all final documents are to be
discarded ten (10) years after the close of a
project/case/file.
P~ent Records
Permanent records include all business documents that define
Organization's scope ofwork, expressions of professional opinions,
research and reference materials. Such include, but are not limited
to contracts, proposals, materials referencing expert opinions,
annual financial statements, federal tax returns, payroll
registers, copyright registrations, patents, etc.
Except as provided for in the Docwnent Retention Schedule (Appendix
"N'), all permanent documents are to be retained
indefinitely.
Accounting and Corporate Tax Records
Accounting and corporate mx records include, but are not limited
to: financial smtements; ledgers; audit records; invoices and
expense records; federal, smte, and property tax returns; payroll;
accounting procedures; gross receipts; customer records; purchases;
etc.
Unless otherwise specified in the DRS, such records should be
retained for the minimum of six (6) years or until the smtute of
limitations for a particular record expires (please consult
Organization's counsel for time periods if you manage/control such
records).
Workplace Records
Workplace records include, but are not limited to Articles of
Incorporation, bylaws, meeting minutes, deeds and tides, leases,
policy smtements, contracts and agreements, patents and trademark
records, etc.
Unless otherwise specified in the DRS, such records should be
retained in perpetuity.
How to Draft Policies Chapter 2
24
Employment records include, but are not limited to job
announcements and advertisements; employment applications,
background investigations, resumes, and letters of recommendation
of persons not hired; etc.
Unless otherwise specified in the DRS, such records should be
retained for the minimum of one (1) year.
Employee records include, but are not limited to employment
applications, background investigations, resumes, and letters of
recommendation of current and past employees, records relating to
current and past employee's performance reviews and complaints,
etc.
Unless otherwise specified in the DRS, such records should be
retained for the minimum of three (3) years following unemployment
with Organization.
Payroll records include, but are not limited to wage rate tables;
salary history; current rate of pay; payroll deductions; time
cards; W-2 and W-4 forms; bonuses; etc.
Unless otherwise specified in the DRS, such records should be
retained for the minimum of six (6) years.
Bank Records
Bank records include, but are not limited to bank deposits; check
copies; stop payment orders; bank statements; check signature
authorizations; bank reconciliations; etc.
Unless otherwise specified in the DRS, such records should be
retained for the minimum of three (3) years.
1&gal Records
Legal records include, but are not limited to all contracts, legal
records, statements, and correspondence, trademark and copyright
registrations, patents, personal injury records and statements,
press releases, public findings, etc.
Unless otherwise specified in the DRS, such records should be
retained for the minimum of ten (10) years.
Historical Records
Historical records are those that are no longer of use to
Organization, but by virtue of their age or research value may be
of historical interest or significance to Organization.
Historical records should be retained indefinitely.
IV. Storage
25
Tangible Records
Tangible records are those in which you must physically move to
store, such as paper records (including records printed versions of
electronically saved documents), photographs, audio recordings,
advertisements and promotional items. Active records and records
that need to be easily accessible may be stored in Organization's
office space or equipment. Inactive records can be sent to
Organization's off-site storage facility.
Electronic Records
Electronic mail ("E-mail") should be either printed and stored as
tangible evidence, or downloaded to a computer file and kept
electronically or on a disk.
Organization has computer software that duplicates files, which are
then backed-up on central servers. Ifyou have a notebook computer
from Organization that you work on out of the office, your computer
contains synchronization software that duplicates and backs-up
files when you log into the network. However, it is important that
all employees take precautionary measures to save work and records
on Organization's network drive.
Ifyou save sensitive or important records on computer disks, you
should duplicate the information in an alternate format because
disks are easily lost or damaged.
v. Destruction/Deletion
Tangible Records
Tangible records should be destroyed by shredding or some other
means that will render them unreadable. Ifyou have a record that
you do not know how to destroy, such as a photograph, compact disk,
or tape recording, ask the advice of Organization's DRP
Manager.
Electronic Records
E-mail records that you "delete" remain in Organization's system.
Thus, Organization's information technology ("IT") department will
be responsible for permanendy removing deleted emails from the
computer system.
Deleting files and emptying the recycling bin is usually sufficient
in most circumstances to get rid of a record. However, because
electronic records can be stored in many locations, Organization's
IT departtnent will be responsible for permanendy removing deleted
files from the computer system.
Keep in mind, where duplicate records are involved, both copies
must be destroyed/deleted where proper.
VI. Cessation of Record Destruction/Deletion
How to Draft Policies Chapter 2
26
If a lawsuit is filed or imminent, or a legal document request has
been made upon Organization, .AlL RECORD DESTRUCTION MUST CEASE
IMMEDIATELY. Organization's DRP Manager may suspend this DRP to
require that documents relating to the lawsuit or potential legal
issue(s) be retained and organized A critical understanding of this
section is imperative. Should you fail to follow this protocol, you
and/or Organization may be subject to fines and penalties, among
other sanctions.
VII. Acknowledgement
I have read and understand the purpose of this DRP. I understand
that strict adherence to this DRP is a condition of my employment
with Organization. If I do not understand something regarding this
DRP, I will contact Organization's DRP Manager immediately for
clarification. I agree to abide by Organization's DRP.
Employee's Signature Date
Employee's Name (print)
27
28
Find TRUSTed Sites I Evenls I 810g I Newsletler 'fRUSTe
Pow~riflH 1"ru3! in IhQ O'l!'l E£lJIwmy
Privacy Best Practices
WhyTRUSTe
Protecting Customer Information Online
Consumer confidence in how you protect their pri~acy is key to your
online business. When TRUSTe certifies your Web site, you get o~r a
decade of our expertise in the issues that maller most in online
pri~acy. Here are just a few examples of the best practices we
recommend for businesses to build trust with consumers.
Your Web Site's Privacy Statement
Your EU Certification
Your Email Privacy Practices
Your Web Site's Security
Your Online Behavioral Tracking Practices
Your Web Site's Privacy Statement
Review your privacy statement to make sure it's easy to read and
understand. Build trust with your consumers; write your pri~acy
statement in straightforward language and organize it
clearly.
Make sure your privacy statement aligns with your terms-of-service
statement. This is best done by cross-referencing your pri~acy
statement with your terms-ot·use statement. Confirming uniform
pri~acy practices throughout your Web site projects a clear and
concise impression to consumers while minimizing your exposure to
priwcy risk.
When establishing your company's privacy program, build internal
documents with an eye to your public privacy statement. Your posted
pri~acy statement defines your entire pri~acy program. All the
internal documentation of the processes and procedures you use to
enforce pri~acy within your organization should be in lockstep with
that statement. Make sure that your internal documents and policies
reflect what your outward-facing pri~acy statement says-it'S one
more step toward mitigating your pri~acy risk.
Back to top
Review your privacy policy regularly to make sure it accurately
reflects your current data-collection and -handling practices. It's
important to re"ew your pri~acy policies annually, e~n if you
belie~ that nothing has changed. Your annual business priwcy re~iew
process should in\Ol~ all parties who handle customer data-oat
minimum, management. marketing, legal, operations, and IT.
When writing or revising your privacy statement, use mayor might
statements sparingly. A\Oid sounding e~asi~ and build trust uplront
by using forthright language. Your pri~cy
statement should describe actual practices consistent with the Fair
Information Practice of Notice.
Add an effective date to your privacy statements. This fulfills one
of the requirements of the California Onfine Pri~acy Protection Act
of 2003. The statement can be as simple as "Effecti~ as of January
1, 2004."
Back to top
CON'fACT US , j
White Paper
Behavioral Targeting Awareness on the Rise. TRUSTe survey re~ls
consumers want choices. Downloed the survey
Need to renew? Sign in now»
How to Draft Policies Chapter 2
29
Your EU Certification
Learn how to make your EU certification seamless. EU Certification
lets consumers and regulators around the globe know that you comply
with the EU Safe Harbor Framework, which is required when
transmitting personal data belonging to EU citizens. TRUSTe's EU
Sale Harbor Seal Program is the ultimate solution to expand your
global presence. Learn more about the program.
Back to top
Com plying with the Children's Online Privacy Protection Act
(COPPA) Al<lld COPPA llio/ations. Do not indicate to users that
an age restriction exists when collecting personally identifiable
information. COPPA is triggered whenel.er your Web site collects
both age-identifying information and personally idenliliable
information. If you notify users at the point of data collection
that an age restriction eXists, they can easily circuml.ent the
restriction. Find out about TRUSTe's Children's Pri~acy Seal
program.
Back to top
Your Email Privacy Practices
Put an email authentication system in place. Email authentication
stymies forgery 01 email messages and allows senders to build a
positil.e reputation with receil.ers based upon their mailing
behallior.
Implement an automated unsubscribe system. An automated system lets
you ensure that each unsubscribe request is processed within a
reasonable time/rame. Also, send users a confirmation email thai
allows them to l.erify that their request has been processed.
Find out more: leam about the TRUSTed Email program or contact a
TRUSTe representatil.e.
Back to top
Your Customers' Personally Identifiable Information (PII)
Treat testimonial PII respecfully. Many TRUSTe certilied Web sites
use customer testimonials to both add credibility to their business
and lortify their marketing messages. TRUSTe offers some best
practice guidelines lor posting testimonials that may be associated
with a user's personally identifiable information.
Notify customers If you're about to transfer their personally
Identifiable information elsewhere. 11 your business undergoes a
transition such as an acquisition, merger or bankruptcy, you need
to gil.e your customers notice--and in some cases choice--regarding
the transler 01 their information to the new controlling
organization.
Determine whether changes you make to your Web site require you to
notify all site users. 11 you change the way you handle your
customers' personally identifiable information, gil.e them notice
so they can chose whether they want to continue sharing their
information with you.
Back to top
Your Web Site's Security
Consider synching up your privacy and security teams. Corporate
pri~acy and security teams share many common goals, but don't
always work together. 11 you hal.e separate teams, synching or
integrating them to better protect your customers' data.
When Is SSL (Secure Sockets Layer) encryption important? SSl
encryption Is a security measure that companies must take while
collecting sensitil.e client data online. Sensitil.e information
includes: credit card number, Social Security number, personal
health information, Tax 10 numbers and bank information
How to Draft Policies Chapter 2
30
(routing number, account number). It's important to a"Oid common
encryption mishaps like failing to encrypt login or password
retrieV<l1 web pages. SSL encryption on designated pages isn't
just a TRUSTe requirement-it's a crucial way to maintain your
clients' trust.
Prepare for the case of a data security breach It pays to
familiarize yourself with the data-security-breach notiUcation laws
that might apply to your company, and to build an incident response
team.
Back to top
Your Online Behavioral Tracking Practices
Minimize data collection on your Web site, You should only collect
enough personal data from visitors to either provide them with your
products or services or let them interact on your site. The less
user information you collect-and the more you notify users that
you're collecting it-the more users will trust your
organization.
When you collect consumer data on your site, take extra steps to
inform users about how their information will be used. It's
important that you communicate your practices to consumers
transparently. Most organizations do this by providing a link to
their priV<lcy statement on the site's homepage or on pages that
ask for personal information. These steps build trust, which
ultimately leads to a strong and loyal customer base.
Retain customer data for the shortest time possible. Retain data
for only as long as it serves a business purpose or as required by
law. Know what your specilic data retention requirements are based
on your business model and all legally required retention rules.
Different businesses are required to keep data for varying lengths
of lime depending on their regulatory requirements.
Back to top
If your organization shares personal information with third parties
for marketing purposes, make sure you comply with SB 27,
California's "Shine the Light" law. SB27 requires companies that do
business with california consumers and share personal information
with third parties for marketing purposes to provide consumers with
a designated contact point where they can request an
Information-Sharing Disclosure Notice.
If you use user-profiling technologies like cookies, log flies and
Web beacons, notify users about it in your privacy statement You
can get V<lluable marketing insight by tracking individual
users' mOl.ements on your site. But you must disclose your use of
all personally identifiable information In order to comply with the
Fair Information Practices guidelines.
Back to top
Learn more about TRUSTe online priV<lcy services for your
business: contact a TRUSTe representatil.e.
FOllOW US AWARDS AND FRESS
AbDUl Us I eontacl Us I Pa~ner Program I Caleers I Sita Map I
Privacy Policy I Term. or Service I Terms or U'"
@TRUSTs Internet Privacy and Securily ror Busneeres
How to Draft Policies Chapter 2
31
32
Appendix D Insurance Policy
The organization will maintain the following insurance coverage and
limits in order to protect it from foreseeable risks:
Type Limits
Auto and general liability $_________ non-owned/hired auto
$_________ Personal property/renter=s $_________ Directors and
officers liability $_________ Workers Compensation $_________
Fidelity bond $_________ Improper sexual conduct $_________
The organization desires to protect its staff and volunteers under
Texas law from personal risk arising from claims of negligence when
those persons are conducting activities for the organization.
Therefore, the coverage and limits should meet the minimums
required under Texas law for this purpose.
How to Draft Policies Chapter 2
33
How to Draft Policies Chapter 2
34
Sample Whistleblower Policy
General The Organization's Code of Ethics and Conduct ("Code")
required directors, officers and employees to observe high
standards of business and personal ethics in the conduct of theil'
duties and responsibilities. As employees and representatives of
the Organ ization, we must practice honesty and integrity in
fulfilling our responsibilities and comply with all applicable laws
and regulations
Reporting Responsibility It is the responsibility of all directors,
officers and employees to comply with the Code and to report
violations or suspected violations in accordance with the
Whistleblower Policy.
No Retaliation No director, officer or employee who in good faith
reports a violation ofthe Code shall suffer harassment, retaliation
or adverse employment consequence. An employee who retaliates
against someone who has reported a violation in good faith is
subject to discipline up to and including termination of
employment. This Whistleblower Policy is intended to encourage and
enable employees and others to raise serious concerns within the
Organization prior to seeking resolution outside the
Organization.
Reporting Violations The Code addresses the Organization's open
door policy and suggests that employees share their questions,
concerns, suggestions or complaints with someone who can address
them properly. In most cases, an employee's supervisor is in the
best position to address an area of concern. However, if you are
not comfortable speaking with your supervisor or you are not
satisfied with your supervisor's response, you are encouraged to
speak with someone in the Human Resources Department or anyone in
management whom you are comfOJtable in approaching. Supervisors and
managers are required to report suspected violations of the Code of
Conduct to the Organization's Compliance Officer, who has specific
and exclusive responsibility to investigate all repOited
violations. For suspected fraud, or when you are not satisfied or
uncomfortable with following the Organization's open door policy,
individuals should contact the Organization's Compliance Officer
directly.
Compliance Officer The Organization's Compliance Officer is
responsible for investigating and resolving all reported complaints
and allegations concerning violations of the Code and, at his
discretion, shall advise the Executive Director and/or the audit
committee. The Compliance Officer has direct access to the audit
committee of the board of directors and is required to report to
the audit committee at least annually on compliance activity. The
Organization's Compliance Officer is the chair of the audit
committee.
How to Draft Policies Chapter 2
35
Accounting and Auditing Matters The audit committee of the board of
directors shall address all reported concerns or complaints
regarding corporate accounting practices, internal controls or
auditing. The Compliance Officer shall immediately notifY the audit
committee of any such complaint and work with the committee until
the matter is resolved.
Acting in Good Faith Anyone filing a complaint concerning a
violation or suspected violation of the Code must be acting in good
faith and have reasonable grounds for believing the information
disclosed indicates a violation of the Code. Any allegations that
prove not to be substantiated and which prove to have been made mal
iciously 01' knowingly to be false will be viewed as a serious
disciplinary offense.
Confidentiality Violations or suspected violations may be submitted
on a confidential basis by the complainant or may be submitted
anonymously. Reports ofviolations or suspected violations will be
kept confidential to the extent possible, consistent with the need
to conduct an adequate investigation.
Handling of Reported Violations The Compliance Officer will notifY
the sender and acknowledge receipt of the reported violation or
suspected violation within five business days. All reports will be
promptly investigated and appropl'iate corrective action will be
taken ifwarl'anted by the investigation.
from the National COl/ncil ofNonprofit Associations
(www.ncna.org)
How to Draft Policies Chapter 2
36
37
Article I Purpose
The purpose of the conflict of interest policy is to protect this
tax-exempt organization=s (Organization) interest when it is
contemplating entering into a transaction or arrangement that might
benefit the private
interest of an officer or director of the Organization or might
result in a possible excess benefit transaction. This policy is
intended to supplement but not replace any applicable state and
federal laws
governing conflict of interest applicable to nonprofit and
charitable organizations.
Article II Definitions
1.Interested Person
Any director, principal officer, or member of a committee with
governing board delegated powers, who has a direct or indirect
financial interest, as defined below, is an Interested Person. Any
person who
has a family or business relationship with an Interested Person is
also considered an Interested Person.
2.Financial Interest
A person has a financial interest if the person has, directly or
indirectly, through business, investment, or family:
a.An ownership or investment interest in any entity with which the
Organization has a transaction or arrangement.
b.A compensation arrangement with the Organization or with any
entity or individual with which the Organization has a transaction
or arrangement, or
c.A potential ownership or investment interest in, or compensation
arrangement with, any entity or individual with which the
Organization is negotiating a transaction or arrangement.
Compensation includes direct and indirect remuneration as well as
gifts or favors that are not insubstantial.
Article III Procedures
1. Duty to Disclose
In connection with any actual or possible conflict of interest, an
interested person must disclose the existence of the financial
interest and be given the opportunity to disclose all material
facts to the directors and members of committees with governing
board delegated powers considering the proposed transaction or
arrangement.
2. Determining Whether a Conflict of Interest Exists
How to Draft Policies Chapter 2
38
After disclosure of the financial interest and all material facts,
and after any discussion with the interested person, he/she shall
leave the governing board or committee meeting while the
determination of a conflict of interest is discussed and voted
upon. The remaining board or committee members shall decide if a
conflict of interest exists.
3. Procedures for Addressing the Conflict of Interest
a. An interested person may make a presentation at the governing
board or committee meeting, but after the presentation, he/she
shall leave the meeting during the discussion of, and the vote on,
the transaction or arrangement involving the possible conflict of
interest.
b. The chairperson of the governing board or committee shall, if
appropriate, appoint a disinterested person or committee to
investigate alternatives to the proposed transaction or
arrangement.
c. After exercising due diligence, the governing board or committee
shall determine whether the Organization can obtain with reasonable
efforts a more advantageous transaction or arrangement from a
person or entity that would not give rise to a conflict of
interest.
d. If a more advantageous transaction or arrangement is not
reasonably possible under circumstances not producing a conflict of
interest, the governing board or committee shall determine by a
majority vote of the disinterested directors whether the
transaction or arrangement is a conflict of interest. In conformity
with the above determination it shall make its decision as to the
other to enter into the transaction or arrangement.
4. Violations of the Conflicts of Interest Policy
a. If the governing board or committee has reasonable cause to
believe a member has failed to disclose actual or possible
conflicts of interest, it shall inform the member of the basis for
such belief and afford the member an opportunity to explain the
alleged failure to disclose.
b. If, after hearing the member=s response and after making further
investigation as warranted by the circumstances, the governing
board or committee determines the member has failed to disclose an
actual or possible conflict of interest, it shall take appropriate
disciplinary and corrective action.
Article IV Records of Proceedings
The minutes of the governing board and all committees with board
delegated powers shall contain:
1. The names of the persons who disclosed or otherwise were found
to have a financial interest in connection with an actual or
possible conflict of interest, the nature of the financial
interest, any action taken to determine whether a conflict of
interest was present, and the governing board=s or committee=s
decision as to whether a conflict of interest in fact
existed.
2. The names of the persons who were present for discussions and
votes relating to the transaction or arrangement, the content of
the discussion, including any alternatives to the proposed
transaction or arrangement, and a record of any votes taken in
connection with the proceedings.
How to Draft Policies Chapter 2
39
Article V Compensation
1. A voting member of the governing board who receives
compensation, directly or indirectly, from the Organization for
services is precluded from voting on matters pertaining to that
member=s compensation.
2. A voting member of any committee whose jurisdiction included
compensation matters and who receives compensation, directly or
indirectly, from the Organization for services is precluded from
voting on matters pertaining to that member=s compensation.
3. No voting member of the governing board or any committee whose
jurisdiction includes compensation matters and who receives
compensation, directly or indirectly, from the Organization, either
individually or collectively, is prohibited from providing
information to any committee regarding compensation.
Article VI Annual Statements
Each director, principal officer and member of a committee with
governing board delegated powers shall annually sign a statement
which affirms such person:
1. Has received a copy of the conflict of interest policy,
2. Has read and understands the policy,
3. Has agreed to comply with the policy, and
4. Understands the Organization is charitable and in corder to
maintain its federal tax exemption it must engage primarily in
activities which accomplish one or more of its tax-exempt
purposes.
Article VII Periodic Reviews
To ensure the Organization operates in a manner consistent with
charitable purposes and does not engage in activities that could
jeopardize its tax-exempt status, periodic reviews shall be
conducted. The periodic reviews shall, at a minimum, include the
following subjects:
1. Whether compensation arrangements and benefits are reasonable,
based on competent survey information, and the result of arm=s
length bargaining.
2. Whether partnerships, joint ventures, and arrangements with
management organizations conform to the Organization=s written
policies, are properly recorded, reflect reasonable investment or
payments for goods and services, further charitable purposes and do
not result in inurement, impermissible private benefit or in
prohibited transaction.
Article VIII Use of Outside Experts
When conducting the period reviews as provided for in Article VII,
the Organization may, but need not, use outside advisors. If
outside experts are used, their use shall not relieve the governing
board of its responsibility for ensuring periodic reviews are
conducted.
How to Draft Policies Chapter 2
40
41
42
Statement of Purpose
This policy statement provides a framework for the management of
the investable assets of _______________________, a Texas
Non-profit Corporation (“____________” and “Fund”). This policy
will assist the Board of Directors in supervising and monitoring
the investments of the Fund. A subcommittee of the Board of
Directors or an Investment Committee may be established
(“Committee”) to implement and monitor the Fund in accordance with
this policy statement. The guidelines allow for flexibility and a
process to capture investment opportunities, while prudently and
carefully setting forth reasonable risk control parameters for the
investment program.
The statement of investment policy is intended to address asset
deployment, liquidity and diversification requirements, which
should not be violated over the planning horizon. Policy issues
relate directly to the return requirements and risk parameters of
the Fund and are to be considered and general principles governing