The National Association of Attorneys General (NAAG) and National Association of State Charities Officials (NASCO) held their 2024 Charities Conference on October 8-10.

This conference is the sole annual event at which charity regulators and nonprofit organizations and their attorneys, accountants, fundraisers, and advisers can meet, learn about, and discuss issues of interest across the charitable sector. The conference will provide an opportunity to hear from regulators and others in the nonprofit sector on current issues, including sessions on:

* Matters of Current Interest from State Regulators
* Artificial Intelligence’s (AI) Role in the Nonprofit Sector
* Fraud Resilience Among Charitable Organizations
* Boards Facing Crisis
* Fiscal Sponsorships, Legal Framework, Benefits, and Pitfalls

I had the pleasure of speaking at last year’s conference and enjoyed attending this year’s. Some highlights below:

Partnering for Public Good

• Graduated enforcement: information contact, informative letter, inquiry letter, AOD, cease & desist letter, formal investigation, lawsuit
  • State regulator can use an AOD (assurance of discontinuance), which is filed with the court but can be an an alternative to a judicial or administrative proceedings and used to stop a practice, act, or method that violates a law without an admission of a violation.
• Regulators on panel recognize that the vast majority of charities are trying to get it right
• Attorneys representing charities are acting to advance the charity’s best interests and (generally) do not (or should not) represent individuals associated with the charity so are typically aligned with the charities regulator in their goal
• Enforcement hypotheticals
  • Charities fail to register or report
  • Agency becomes aware of questionable information
  • Charity does not provide requested information or documents
• Seeking regulator approval
  • What do regulators want to see?
  • What do charities want regulators to know?
  • Tension may exist regarding the timing
  • Communication is key
• Public records and confidentiality
  • What concerns do organizations have? – Negative PR effect
  • What are ways regulators can address those concerns? – With open communication with organizations, regulator may be able to keep information confidential or more protected
  • What are the legal and logistical limits placed on regulators’ ability to address those concerns? – States differ on what they must disclose under public records laws
• Overcoming communication breakdowns

AI’s Role in Charities

• AI use in donor communications
  • Caution: AI use to draft donor acknowledgement letter – AI may provide a favorable response but leave out state-specific requirements (charities cannot rely on AI for sufficiency or validity of content – use as starting point, not as the final answer)
• AI to address labor shortages or reduce workload of existing staff
  • Nonprofits are often depended on to provide ‘human touch’
• AI and confidential data
  • Caution: Use of AI might cause a breach of privacy laws or confidential data
  • Caution: AI and note taking at meetings – are all participants in agreement?
• AI and predictive analytics
• AI and program-related tools
• Technology governance policies – good to have – AI may be helpful in identifying types of policies and creating first drafts
• Major problems:
  • AI hallucinations – production of incorrect or misleading information, sometimes asserted as fact
  • AI bias and ethical concerns – skewed outputs based on favored data sets/sources (some AI models are trained to address bias – e.g., Latimer)
• Questions:
  • How can state regulators and nonprofit organizations work together to understand the impact of AI on the sector?
    • Nonprofits need to be at the table, contribute with information on how AI can be used for good (and not solely focused on the threats of AI), including in improving accessibility
  • How can nonprofit organizations stay up to date?

Fraud Resiliency In The Charitable Sector

• Types of occupational (internal) fraud – see The Fraud Tree from Association of Certified Fraud Examiners (ACFE) – note that cases may involve more than one type of fraud
  • Corruption (including resulting form conflicts of interest) – 35.4% of cases, $200,000 median loss
  • Asset misappropriation – 83.5% of cases; $125,000 median loss
  • Financial statement fraud – 9.6% of cases; $975,000 median loss
• Number of perpetrators – more than half of fraud cases involve more than one perpetrator
• Problem: reporting fraud can have negative PR and fundraising consequences so chills disclosure (regulators can help in framing charity as victim rather than as blameworthy party)
• How is occupational fraud detected?
  • Tips – 43% (52% of the tips from employees; 48% of the tips come from others — having a system to report tips can be important)
  • Internal audit – 14%
  • Management review – 13%
• Percentage of all organizations victimized by occupational fraud: nonprofits – 10% ($76,000 median loss)
• Common occupational fraud schemes in religious, charitable, or social services organizations – corruption (45%), billing (36%), expense reimbursement (29%)
• Presence of anti-fraud controls reduce median losses – e.g., hotline (50%), anti-fraud policy (50%), fraud training for employees (47%), code of conduct (40%)
• Primary internal control weaknesses – lack of internal controls (32%), lack of management review (18%)
• Fraud trends:
  • Digital Asset and Cryptocurrency Risks
  • Generative AI-enhanced Fraud
  • Account Takeovers and New Account/Application Fraud
• Resource: Fraud in Nonprofits (ACFE)

Boards Facing Crisis

• A crisis creates a distraction from mission/interferes with operations; cannot be dealt with in the ordinary course; requires an extraordinary allocation of time and resources; and can become catastrophic if not addressed.
• Board members must meet their fiduciary duties to address a “crisis” – duty of care, duty of loyalty. For example:
  • Prepare – Assess the management team’s incident response plans
  • Practice – Test the execution of “crisis management” through planned and unplanned tabletops (the time of crisis is not the time to test your capability to respond)
  • Protect – Evaluate the D&O, cyber incident, and other “catastrophic” event coverages in place
  • Probe – Benchmark organization’s plans and readiness against industry/sector standards
• Interestingly, a panelist noted the impacts of climate change as being an example of what a board member should be preparing for in meeting their fiduciary duties
• Steps after crisis comes to light (e.g., in news story)
  • ORG: Determine who needs to know immediately, who is in charge of response and who is involved, initial steps
  • REG: Expect communication from charity (if story hits paper), review currency of filings and jurisdictional issues
  • ORG: Investigate the allegations, determine the response plan including internal changes and corrective actions, maintain/restore trust with donors and others
  • REG: Consider whether charity leaders have a fiduciary duty to investigate or report, expect charity board to take the issue seriously, restore trust

Fiscal Sponsorship Roundtable

• Some framing questions: Does an informal group that enters into a fiscal sponsorship agreement have the power to enter into and enforce a legal contract; does that trigger registration and other requirements for the group; does that subject the group’s members to risks of personal liability?
• Different models of fiscal sponsorship
• Fiscal sponsorship agreement – very important to get right [particularly because “fiscal sponsorship” is not defined in statute or regulation and can refer to several legally permissible relationships or, if improperly constructed, relationships that do not work
• Fiscal sponsorship done right is extremely valuable and an effective and efficient way to structure many charitable initiatives
• Some cases of fiscal sponsorship gone wrong:
  • International Humanities Center, Inc. (2015)
  • ZeroDivide (2022)

Government Oversight of Charities And Fundraising In 2024 And Beyond

• Threats to the charitable sector
  • IRS Form 1023-EZ that appears more like a self-certification than an application to be reviewed carefully by the IRS before recognizing an applicant as exempt under 501(c)(3) – shifts burden to state on vetting charitability of 501(c)(3) organizations
  • Technology, including in the education of boards and donors and in creating and distributing solicitations
  • Antiquated laws
• Benefits to the charitable sector
  • Technology, including the dissemination of educational information
  • Data collection and analysis
• Trends:
  • Education will be the regulator’s most important tool
  • More change in state legislation affecting nonprofits, including in response to changes in technology
  • Regulator enforcement based on common law and on data
  • Greater transparency but with acknowledgement that most donors won’t care
  • First Amendment cases – transparency vs. privacy (which is getting more complicated with technology)
• Resource:, Inconsistent Regulations, Crackdown on Civil Liberties Hinder Nonprofits, Experts Say (Stephanie Beasley, Chronicle of Philanthropy)