Three Critical Privacy Issues Every Nonprofit Entity Should Consider

By Deena Coffman, GSEC, CIPP/US, CIPP/E, CIPM, FIP

Most nonprofit organizations collect, use and store “personal information” of donors and staff. There are well over 200 laws, just in the United States, that mandate protections of this information and apply, in whole or in part, to nonprofits. All nonprofit entities should understand the requirements that TCPA, GDPR and U.S. state data breach/protection laws impose upon their organizations.

Just a few years ago, many entities were largely unaware of the impact data privacy and cybersecurity could have on their organization overall. Most categorized these issues as belonging to the IT or HR departments. Now, data-privacy class-action litigation has erupted and data breach announcements dominate the headlines. Currently, in almost every survey conducted of boards and senior management, data issues rank as one of their three top concerns, if not their single greatest concern. Nonprofit entities would be well advised to tend to this important area which is often overlooked until it becomes a crisis.


The Telephone Consumer Protection Act of 1991 (TCPA) was introduced in response to consumer sentiment toward unwanted telephone solicitations. Telemarketers calling during all hours—particularly the dinner hour—became a punchline and an irritant. TCPA has been updated several times over the years, and the most recent update tightens restrictions on calling without written permission, even if a “prior business relationship” existed. Nonprofit organizations are exempt from some, but not all, requirements under TCPA. For example, the “abandonment rules” are an exemption for nonprofits, and requirements for auto-dialers and prerecorded calls are different for nonprofit organizations than for commercial entities. While the requirements are less restrictive, nonprofit organizations still can’t afford to completely ignore TCPA, because some requirements do still apply, and the cost for getting this incorrect can be enormous.

The recent changes give the TCPA “teeth” by providing for a private right of action, effectively inviting consumers, the FCC and states’ attorneys general to join in enforcement efforts. Plaintiffs are able to recover the higher of their actual loss or $500 for each violation. And, if the court finds that the defendant acted willfully or knowingly, the court has discretion to triple the amount to $1,500 for each violation.

Organizations that conduct telemarketing should be tuned to recent changes in the TCPA. Professional plaintiffs are causing a rise in TCPA enforcement and there have been no shortage of multimillion dollar settlements. Interline Brands agreed to pay $40 million to Craftwood Lumber to settle a suit alleging a TCPA violation by sending over 1,500 advertisements via fax. And, Bank of America agreed to pay $32 million for violating TCPA through its use of auto-dialing technology and prerecorded voice messages without prior written consent.

TCPA has no cap on total damages—making it easy to imagine that an organization with a large roster of donors or potential donors could quickly expose itself to losses in the range of multiple millions of dollars.

How do you protect yourself from this exposure? Simple—get written consent from individuals before marketing to them via phone or fax.

State Data Breach Laws

Almost every U.S. state and territory has enacted laws requiring entities to protect sensitive consumer and employee information in their possession and, if that protection fails, to provide notification to the individuals so she or he is able to be alert to identity theft and fraud. These laws vary, but it is important to note that an entity must be informed of the evolving state laws that apply where their employees, customers and prospects reside and not just where the entity is located. These requirements were initiated in 2003 with California’s law with other states following suit. Some states have also already updated their original laws to keep up with current technology standards and consumer expectations. With identity theft continuing to rise and awareness increasing, the trend will certainly continue.

Increasingly, state laws address issues beyond breach notification. Some states require specific security measures such as a written information security plan or encryption. At last count, four states had specific requirements for a written information security plan, three states require a dedicated employee responsible for information security and seven states require security provisions in supplier contracts. Penalties for violations can range up to $500,000.

Some states require privacy policies to be posted. For example, since 2003 the California Online Privacy Protection Act (CalOPPA) has required that all websites that collect personal information about state residents post an online privacy policy if the information is collected for the purpose of providing goods or services for personal, family or household purposes. Most websites, even if not required, post privacy policies. Ensuring the privacy policy complies with applicable laws is a critical first step. It is important then to align technology and operations with the public-facing statements and to maintain that alignment as new systems and processes are adopted and the business grows. Some state laws even address internal privacy policies. In 2005, Michigan began requiring employers to publish internal privacy policies to address the proper handling of employee sensitive information. New York has adopted a similar statute as has Connecticut, Massachusetts, and Texas. As mentioned, states are working to keep pace with technology changes and evolving standards, which makes it important for entities to remain alert to developments.

General Data Protection Regulation (GDPR)

U.S. entities may, understandably, not be aware of developments in European privacy law. But, Europe recently made dramatic changes to its data privacy laws which will impact the way many U.S. entities do business. U.S. entities doing business with or within Europe (EU) or marketing goods and services (even if unpaid) to EU residents must update how they collect, handle and secure information that identifies a natural person, such as name, address or email address, or they risk facing heavy fines and penalties. Even entities that are not located in the EU may be impacted as their EU clients and suppliers may require compliance as a condition of continued business. This new regulation goes into effect on May 25, 2018, and contains important new operational requirements concerning data minimization, accuracy, accountability, purpose and storage limitations, and data protection that will require impacted organizations to begin making technology and administrative changes far in advance of the deadline.

The regulation also mandates that entities demonstrate compliance, which will require the creation of policies, procedures and documentation mechanisms. If your entity possesses data on EU residents, you are positioned to be impacted by this new regulation. If you market to or solicit donations from the EU market, you’ll want to stay tuned to updates to the ePrivacy Directive (this is also called the “Cookie” Directive) which is expected to create as much disruption for U.S. entities.

The GDPR authorizes regulators to levy remarkably steep fines in amounts exceeding €20 million or 4 percent of annual global revenue, whichever is higher. Germany and Spain have stated openly that they may move against U.S. entities quickly. France has mentioned codifying parts of GDPR earlier than 2018. Some example requirements likely to be of interest to nonprofit entities include the following:

  • Consent must be “freely given, specific, informed and unambiguous.” Silence, pre-ticked boxes or inactivity is not sufficient to provide consent. Much of the data currently in use was collected using “opt out” mechanisms. This will need to be remediated if the information is going to continue to be retained and used.
  • If the data is being used because consent has been given, then that consent must be able to be withdrawn at any time and withdrawn “as easily as it was given.” This will necessitate changes in processes and quite possibly technology in order to accommodate. This also means that the data belonging to that individual not only cannot be used going forward but must be erased.
  • For data being used based on consent, the data subject has the right to request an inventory of all of the information an entity possesses on that individual. Accommodating these requests will require entities to establish mechanisms for receiving the requests, verifying the identity of the requestor, accurately and completely finding all relevant information to respond to requests and a documentation mechanism.
  • A new “accountability principle” makes those that collect and use data responsible for demonstrating compliance with the general principles outlined in the regulation. (Demonstrating compliance is in the form of policies, procedures, impact assessments, documentation of consent, inquiry handling, responses and decisions, etc.)

Interpreting GDPR requirements strictly is likely to lead entities to incorrect conclusions. Special provisions for nonprofit organizations are present in the GDPR, but they are limited, so most of the regulation still applies to nonprofit entities just as it does for for-profit companies. Privacy rights are not absolute, and a balancing decision must be made by legal counsel familiar with EU privacy laws. The GDPR contains many different requirements and the requirements may or may not apply to all entities depending on various factors. To make correct decisions, counsel must know details on what data is processed, the circumstances around the original collection, what is done during processing, retention/disposition, access, security controls and onward transfers.

Data privacy is increasingly important and can, if ignored, have tremendous impact on a nonprofit. An annual privacy assessment is recommended to see that your technology, policies and operations are aligned with current applicable requirements.

This article originally appeared in BDO USA, LLP’s “Nonprofit Standard” newsletter (Summer 2017). Copyright © 2017 BDO USA, LLP. All rights reserved.

IRS “Snapshots” Providing Technical Guidance

By Joyce Underwood, CPA

The IRS has recently added new issue-specific guidance regarding charities and nonprofits in the form of “Snapshots.”

The guidance is a result of internal collaboration and provides fresh insight and perspective to agents on compliance areas to help them effectively and efficiently perform their work. These IRS employee job aids are public documents and provide insight to nonprofits and other outsiders on how the IRS is thinking and responding to issues.

For each issue, the guidance provides lists of relevant law and resources, analysis and background on the issue, and tips to help the agent recognize if an organization has an issue in the area. The concise format allows the reader to focus on the definitions, law and facts, and hopefully to efficiently and effectively form a conclusion.

The following is a summary of topics for charities and nonprofits included in the Snapshots issued to date:

If an organization is determined to be Lessening the Burdens of Government it can qualify as an Internal Revenue Code (IRC) Section 501(c)(3) charitable organization. The guidance, with the application of facts and circumstances criteria, helps clarify if the activities represent a burden of government and if the organization by its activities lessens that burden.

Electronic Health Records (EHRs) or Regional Health Information Organizations (RHIOs) have been formed to facilitate the electronic use and exchange of health-related information in response to incentives and appropriations for health information technology provided by the American Recovery and Reinvestment Act of 2009 (ARRA). The IRS’ concern is to ensure organizations are organized for an exempt purpose, lessen the burden of government, and act in a manner consistent with Health and Human Services (HHS) standards.

Taxable unrelated trade or business activity does not include sponsorships, so determining if an activity is Advertising or Qualified Sponsorship Payments is important to many nonprofits. Review of sponsorship arrangements includes an assessment of any substantial return benefit, payments contingent on attendance, use or acknowledgment of a name or logo, and connections to a qualified convention or trade show or exclusive provider arrangements. Certain language is provided which, if used in an acknowledgment, is an indication of a taxable advertisement.

Definition of a Disqualified Person: The term “disqualified person” is critical to private foundations to analyze whether various Chapter 42 excise taxes apply, and in determining whether an organization qualifies for public charity status as a supporting organization or meets the public support test for IRC Section 509(a)(2). It is important to identify relationships and transactions between the organization and private individuals, corporations, partnerships and other potential disqualified persons.

Taxes on Failure to Distribute Income —Carryover: Private foundations with mandatory distribution requirements that carry over excess distributions from earlier years can correct their distributable amounts and the amounts of qualifying distributions in order to determine the correct excess or deficient distribution carryovers. They are not barred by the statute of limitations on changing the carryover, however, they can only correct Section 4942 excise tax for years open by the period of limitations on assessment.

Penalty Abatement due to Reasonable Cause is permitted for private foundation first-tier taxes under Chapter 42 of the Internal Revenue Code, except for penalties assessed for self-dealing. Since there is no definition of “reasonable cause,” the determination of whether a taxpayer’s actions were due to reasonable cause under Section 4962 and in good faith is made on a case-by-case basis. Examples of court cases and legislative history provide perspective on how to assess the facts and circumstances.

For private foundations with distribution requirements, Administrative Expenses Treated as Qualifying Distributions are allowed. Qualifying distributions include that portion of reasonable and necessary expenses, direct and indirect, that a foundation incurs in implementing exempt purposes. Direct expenses are those which can be specifically identified with a particular activity. Indirect (overhead) expenses are not specifically identifiable with a particular activity. Neither the Internal Revenue Code nor the Treasury regulations set any limits on the amount of administrative expenses that may be used as qualifying distributions as long as they are reasonable and necessary for the accomplishment of the private foundation’s exempt purposes.

Private Operating Foundation under IRC 4942(j)(3) discusses the advantages to having private operating foundation status as opposed to that of a private non-operating foundation, and reviews the annual tests (Income, Assets, Endowment and Support) for qualification based on an organization’s qualifying distributions, income and assets. An organization that fails to qualify as an operating foundation in a given year may have to distribute additional amounts to other charities in order to avoid excise taxes on failure to make sufficient qualifying distributions.

The release of the Snapshots is a welcome educational resource. Knowing the guidance and resources recommended by the IRS when evaluating a tax position, and the steps they take in their analysis can be helpful in responding to inquiries or avoiding potential compliance and exemption issues. The full list of Snapshots, which also includes topics for retirement plans, federal, state and local governments, and tax-exempt bonds, can be found at The IRS plans to add and update Snapshots periodically in the future.

This article originally appeared in BDO USA, LLP’s “Nonprofit Standard” newsletter (Spring 2017). Copyright © 2017 BDO USA, LLP. All rights reserved.

Best Practices for an Effective Investment Committee

By Lee Klumpp, CPA CGMA

Most nonprofits rely on an investment committee to oversee their investment portfolios. This oversight group can have a big impact on real long-term wealth preservation and ensuring resources are available to realize organizational goals and aspirations.

These best practices are consistent with the fiduciary duties of care, loyalty and obedience, and include:

  1. Form a strong investment committee that embraces the “commit” in committee.
  2. Ensure diversity and experience in committee composition.
  3. Set a strong Investment Governance and Operational Framework that establishes an Investment Policy Statement—including asset allocation, risk constraints, performance metrics and pay-out. It should be consistent with furthering the organization’s objectives and realistic given its resources.
  4. Refresh the organizational Investment Policy Statement on a regular basis to make sure that it continues to articulate the organization’s long-term objectives and unique needs.
  5. Define a realistic target for investment success that is consistent with the organization’s resources, and focus on the implementation.
  6. Be strategic in asset and investment manager selection and perform regular evaluations.
  7. Find an appropriate person or organization that can act as the organization’s Chief Investment Officer (CIO), to manage its investment portfolio, be held accountable to the committee and regularly review its performance.
  8. Monitor results and make changes as needed.
  9. Have regularly structured investment committee meetings and draft minutes from these meetings.

Above all, these best practices, which are fundamental regardless of the nature or size of the organization, can be boiled down to five C’s: commitment, coordination, communication, continuity and completion.

While an investment committee can operate successfully with a variety of structures and approaches, these best practices can make any investment committee more efficient and effective. This should lead to improved long-term portfolio operation—ultimately benefiting grantees, beneficiaries and stakeholders.

This article originally appeared in BDO USA, LLP’s “Nonprofit Standard” newsletter (Spring 2017). Copyright © 2017 BDO USA, LLP. All rights reserved.

IRS Focuses on Employment Tax Issues During Tax-Exempt Organization Audits

By Robert Kaelber, J.D.

With tax filing season well underway, organizations of all sizes are beginning to identify areas of potential noncompliance and, for nonprofits, a common culprit is employment tax issues.
The IRS has emphasized employment tax compliance during its tax-exempt audits for many years. As we’ve noted in multiple prior Nonprofit Standard blog posts (see “IRS Issues 2017 Work Plan for Tax Exempt Organizations” and “UBI Issues: Is Your Organization at Risk?”), the IRS has officially stated that this employment tax focus will continue into 2017. In the IRS’ Tax Exempt and Government Entities FY 2017 Work Plan, which details its priorities and mission for the coming year, the IRS disclosed that more than 25 percent of closed audits had a “primary issue” related to employment tax. At the end of June 2016, 1,323 audits involved primarily employment tax issues, out of a total 4,984 closed examinations. Further, the IRS continues to include employment tax issues within its list of high-risk areas of noncompliance.

The IRS states in its 2017 Work Plan that, “Employment Tax includes unreported compensation, tips, accountable plans, worker reclassifications and noncompliance with FICA, FUTA and backup withholding requirements.” While this definition covers a wide range of areas, our experience with IRS employment tax audits and associated information document requests (IDRs) indicates that likely issues for review may include, but are not limited to, the following:

• Expense reimbursements and accountable plan compliance;
• Fringe benefits (e.g., relocation/moving, automobiles, group term life, cell phone reimbursement, prizes/awards, spousal travel and education benefits);
• Independent contractor classification and income reporting;
• Supplemental pay reporting and processes, including timing of wage inclusion for various tax and wage types (including retirement pay and incentives);
• Form W-9 process, Form 1099 TIN matching procedures and backup withholding compliance;
• Forms W-2c and 941-X processes;
• International cross-border employment tax issues; and
• General compliance procedures for employment tax filing obligations.

The IRS appears to be trying to streamline its processes for audit target identification, focusing on increasing efficiency as it works with fewer resources. As such, the agency has implemented a “data-driven case selection process,” and is seeking new ways to identify data that can indicate patterns of noncompliance. Other 2017 IRS priorities include working to develop an employment tax knowledge database (the “Employment Tax K-Net”) to track and disseminate what is learned during audits, and to use it to further train employees in this area. It is likely that with enhanced training, IRS examiners will more readily identify more complex potential employment tax issues for review rather than merely focusing on the “low hanging fruit.”

Based upon the IRS’ continued focus on employment tax issues, it is imperative that tax exempt entities review their policies and processes and invest in initiatives and resources to ensure compliance. Organizations should also document all policies and processes so that they may readily demonstrate upon audit that IRS compliance protocols are followed. Being proactive and completing an internal employment tax process review or even a “mock audit” may help to identify issues and result in the early implementation of corrections before the IRS is involved. Failure to comply with employment tax reporting obligations can result in the imposition of significant tax, penalties and interest. Additional wage inclusion due to employment tax noncompliance could also trigger further questions from the IRS pertaining to inurement or private benefits.

This article originally appeared in BDO USA, LLP’s “Nonprofit Standard” newsletter (Spring 2017). Copyright © 2017 BDO USA, LLP. All rights reserved.

The Importance of Civic Reach

By Lewis Sharpstone, CPA
Ensuring sustainability is a top priority for almost every nonprofit organization. But one sometimes overlooked piece of the sustainability puzzle is managing critical external relationships and ensuring their longevity. This is especially important in a climate characterized by pervasive change. As we’ve covered in our Nonprofit Standard blog posts, executive retirements are impacting nonprofits of all sizes as leaders age, many of whom have tenured long careers at their organizations. The industry is also seeing an uptick in merger and acquisition (M&A) activity aimed at consolidating costs, back-office and administrative functions, and building efficiencies to expand scope and reach. How new priorities in the executive branch will impact charitable organizations is also a big unknown.

Whether an organization is approaching succession planning, post-merger integration or other organizational transition, or simply examining its long-term sustainability, it’s important to invest in key relationships.

Paul Vandeventer, CEO of Community Partners, describes this concept especially well with what he’s coined “The Civic Power Grid.” He defines an organization’s civic reach as “the essential third leg of a nonprofit board’s sustainability platform,” with fundraising and governance as the first and second legs. As Paul explains, the term “civic reach” refers to an organization’s ability to develop, maintain and grow relationships with individuals who have influence over resources across the sectors in which it operates.

Most nonprofit executives can attest that a grant proposal is received differently when you have a relationship with the program officer who receives it. Similarly, consider how your views about a regulatory issue might be taken when you already have a relationship with the official listening to you. What about how an influential person might look at an invitation to join your board when the board is already home to well-connected and influential members?

While building civic reach may sound like mere networking, Vandeventer contends it’s much more important than that. It’s essential that every organization have a sustainability plan. See Laurie De Armond’s, partner and national co-leader of BDO’s Nonprofit & Education practice, article on page 1 discussing this topic in detail. Her advice was that “To prevent gaps in relationship management during an executive transition, organizations can encourage shared ownership and an open flow of information so that key relationships don’t become siloed with one individual.” Extending an organization’s civic reach is an often-forgotten, but essential, element of building a sustainable enterprise. In this article from Stanford Social Innovation Review’s archives, Vandeventer dives deeper into the concept of civic reach and gives plenty of examples illustrating how increasing civic reach led to great results.

Over the course of my career working with nonprofit organizations, I’ve met a host of inspiring and remarkable people. While they built well-respected organizations that carry on wonderful and impactful legacies in the communities they served, many didn’t devote resources to building ties with the wider community and may have been able to leverage their connections for even more meaningful results if they had invested in civic reach.

To illustrate what civic reach can do for an organization, let’s consider a nonprofit in my area that was facing foreclosure. When we were first engaged to work with them, we were able to stave off foreclosure on a temporary basis, buying the organization time. Three years later, though, when the financial issues bubbled up again, they had cultivated a strong civic reach. They engaged local and even some national politicians, businesspeople and community leaders to advocate against foreclosure—and it worked. A favorable long-term loan, a win-win for the organization and the bank, was put in place and the nonprofit is now moving from uncertainty to strength. I am convinced that leveraging the increased civic reach of this organization is the only thing that could have achieved this result.

Here you can find a self-assessment tool to identify gaps and target areas for growth, which will help you put in place a specific plan to increase your organization’s civic reach. Happy “reaching!”

This article originally appeared in BDO USA, LLP’s “Nonprofit Standard” newsletter (Spring 2017). Copyright © 2017 BDO USA, LLP. All rights reserved.

IRS Stresses New Processes at Annual Tax Exempt and Government Entities Meeting

By Laura Kalick, JD, LLM in Taxation

The 2017 Internal Revenue Service (IRS) Joint TE/GE (Tax Exempt and Government Entities) Council Meeting was held in Baltimore in February. These annual meetings were designed to maintain open communication between practitioners and the IRS TE/GE Division. Attendees include members of the five regional TE/GE Councils. Each regional council is comprised of two subgroups: Exempt Organizations (EO) and Employee Plans, and includes representatives from the legal, accounting, consulting and in-house EO community. This year, the theme of the meeting, in keeping with the message IRS TE/GE Commissioner Sunita B. Lough included in the 2017 Tax Exempt Work Plan, focused on transparency, efficiency and effectiveness.

As we have previously reported, the IRS, and especially the Exempt Organizations division, is working with fewer resources and, with additional budget cuts looming, this challenge will likely persist. Lough reported that the workforce is down by 20 percent, requiring the division to find new ways to work efficiently, including more targeted examinations, information requests and the use of digital communications.

Commissioner Lough said the IRS does not want to burden organizations that appear to be tax compliant and is, therefore, making examination decisions based on red flags in an organization’s Form 990. In addition, the IRS may even be obtaining data from individuals associated with organizations to see if there are private inurement or private benefit indicators. To make their process more efficient, the IRS will combine the data mining and research staff into one compliance-focused unit. The commissioner indicated that this is a dynamic effort, and mentioned the agency is constantly tweaking its processes to gain better results.

Lough noted that, like other government agencies, the IRS has a hold on regulations based on President Trump’s recent “one in, two out” executive order. Since there is currently no Assistant Secretary for Tax Policy, there is no one to administer which two regulations will be eliminated to promulgate a new one. Despite this hold, the IRS is still implementing new procedures for exempt organizations.

New Audit Process for Information Document Requests (IDRs)

The commissioner indicated there is a new audit process in place for information gathering once an organization has been identified as having a specific audit issue (or issues). Under the new process, the IRS and the organization will discuss the issues and the information needed before the IRS sends the Information Document Requests (IDRs) and the IRS will provide the organizations with a timeline to respond to the requests. Issue identification before the IDRs are sent represents a major procedural breakthrough for both the IRS and exempt organizations. In the past, even though both sides knew what issues were at play, the IRS would bombard the organization with multiple IDRs (sometimes in the hundreds) that would cause an audit to last for extended periods of time. Also, many IDRs were duplicative and requested information that was possibly irrelevant.

With the new process, it appears that the IRS will be flexible in granting extensions to provide the information, if an organization has good cause to request one. However, if an extension is granted, the IRS will expect the response to come by the extended deadline. Additionally, the IRS is making a commitment to respond to information it receives in response to an IDR in a reasonable time frame.

In April 2017, the IRS will also implement a new process for those organizations that do not respond to IDRs on time. If the organization does not respond within the given time period, the IRS will issue a notice of deficiency. If the IRS still does not receive the documents in time, including extensions, a summons will be issued. The goal of this process is to ensure issues are addressed in a transparent and timely fashion.

Digital Communication

Commissioner Lough also discussed a trial test of digital communications. The IRS will be testing a process for sending IDRs through secure messaging, rather than through “snail mail,” which could also save time.

She also indicated that they are testing electronic return readers that remove personal information, allowing the information from Forms 990 to be online faster. The Form 1023-EZ information is now available online, so a Freedom of Information Act (FOIA) request is no longer required to obtain the application. The IRS will also create a section on the Form 1023-EZ where the organization will input an explanation of the exempt purpose.

Another advancement is that the Form 990-EZ now has 29 electronic help icons that will hopefully reduce the errors on this return. Currently, the paper-filed Form 990-EZ has an error rate of 34 percent. Under new procedures, if a return is not complete, it will be sent back to the organization and will not be considered filed and the organization will have to refile. The IRS is hoping that the new electronic form will lower the error rate and encourage organizations to ensure all necessary information is included on the form so it is not returned by the IRS.

Final Note

Recent Statistics of Income published for Tax Year 2012 showed that over 46,000 tax-exempt organizations filed a Form 990-T with the IRS that year, and over half of those organizations did not report unrelated business income tax liability after subtracting deductions from gross unrelated business income. The new procedures and initiatives that the IRS is implementing should help address this issue, and others.

This article originally appeared in BDO USA, LLP’s “Nonprofit Standard” newsletter (Spring 2017). Copyright © 2017 BDO USA, LLP. All rights reserved.

Supporting Organizations Could Be Putting Their Charity Designation at Risk

By Rebekuh Eley, CPA MST

Supporting organizations have been the subject of scrutiny over the last few years, from the Pension Protection Act in 2006, to Treasury Regulations in 2012 and 2015, to additional disclosure requirements to Form 990 Schedule A in 2014.

Supporting organizations, particularly those of grant-making foundations, are left wondering if their current activities will fall within these published rules. The consequences for not falling within these rules includes an organization being treated as a private foundation instead of a public charity. These organizations would be subject to excise taxes on investment income and would need to abide by stricter operational requirements.

Supporting organizations achieve public charity status by passing four tests, including an organizational test, operational test, relationship test and a control test. For the organizational test, an organization must be organized and operated exclusively for the benefit of, to perform the function of, or to carry out the purposes of one or more specified organizations described in IRC section 509(a)(1) or (2). The organization must also be operated, supervised, or controlled by or in connection with one or more organizations described in IRC section 509(a)(1) or (2). The control must not be direct or indirect by disqualified persons (other than foundation managers or organizations described in IRC sections 509(a)(1) or (2)).

Additionally, a supporting organization must fall into one of three relationship categories: operated, supervised, or controlled by a supported organization (Type I parent-subsidiary); supervised or controlled in connection with a supported organization (Type II, brother-sister) or; operated in connection with, one or more publicly supported organizations (Type III). The relationship must ensure that the supporting organization is responsive to the needs or demands of the supported organization(s), and the supporting organization will constitute an integral part of, or maintain a significant involvement in, the operations of the supported organization(s). Control is determined through the facts around the organizing documents, operations, and relationship between the supporting organization and the supported organization(s).

Many Type I and II supporting organizations do not make grants to the controlling organization, but rather make grants to other organizations that address the charitable purpose of the controlling organization. This commonplace industry practice could risk failure of the operational test. A supporting organization can only support or grant funds to an organization that is specified within its organizing documents. The rules on how to determine what is a “specified organization” are very complex and can be found in Treasury Regulation 1.509(a)-4(d). Specified organizations may be identified by designating an organization by name or by a charitable class that aligns with the mission of the controlling organization. If the supporting organization provides grants to organizations other than the controlling organization, the organizing documents should designate a supported organization by class rather than by name. The strict requirements for designating a supported organization by class are also found in the Treasury Regulations. This type of designation requires additional disclosures on the supporting organization’s Form 990 Schedule A, which may be scrutinized by the IRS.

Now is a good time to look at a supporting organization’s operations and confirm they are aligned with the governing documents, and grants made properly. If the organizational documents and operations are not aligned, the supporting organization may have to act intentionally to prevent private foundation status.

This article originally appeared in BDO USA, LLP’s “Nonprofit Standard” newsletter (Spring 2017). Copyright © 2017 BDO USA, LLP. All rights reserved.

A Deeper Dive Into ASU 2016-14 Implementation Issues – Part Two

By Tammy Ricciardella, CPA

In this issue, we will examine two additional areas of the ASU: Expense reporting and reclassification upon expiration of donor-imposed restrictions.

Expense Reporting

Once ASU 2016-14 is adopted, all nonprofits are required to present expenses by nature and by function, as well as an analysis of these expenses in one location by both nature and function. This analysis can be presented on the face of the statement of activities, as a separate statement (not a supplemental schedule) or in the notes to the financial statements.

As a quick refresher, functional expense classifications are generally shown as:

  • Program services: Activities that result in goods and services being distributed to beneficiaries, customers or members that fulfill the purposes or mission for which a nonprofit exists
  • Supporting services, which often include:
    • Management and general: Activities generally include oversight of the nonprofit and financial management
    • Fundraising: Activities undertaken to induce potential donors to contribute to the organization
    • Membership development: Activities undertaken to solicit new members and retain existing members

The ASU has modified the definition of management and general activities. The revised definition is “supporting activities that are not directly identifiable with one or more program, fundraising or membership development activities.” Thus, activities that represent direct conduct or direct supervision of program or other supporting activities require allocation from management and general activities. Additionally, certain costs benefit more than one function and, therefore, should be allocated. For example, information technology generally can be identified as benefiting various functions such as management and general (for example, accounting, financial reporting and human resources), fundraising and programs. Therefore, information technology costs generally would be allocated among functions receiving direct benefit.

The expense analysis required by ASU 2016-14 should show the disaggregated functional expense classifications, such as program services and supporting activities by their natural expense classification, such as salaries, rent, depreciation, interest, professional fees and such.

If there are expenses that are reported by a classification other than their natural classification, such as when a nonprofit shows costs of goods sold and includes salaries in this presentation, these expenses should still be segregated and shown in the analysis by their natural classification within each function.

However, the external and direct internal investment expenses that are netted against investment return (as required by the ASU) should not be included in this analysis of expenses by nature and function.

In addition, gains and losses incurred by the nonprofit on such items as a loss on the sale of equipment or an insurance loss or gain should not be shown in this analysis of expenses.

It is also important to note that the ASU does not change any current generally accepted accounting principles (GAAP) related to the allocation, reporting and disclosures of joint costs.

The expense analysis presented is required to be supplemented with enhanced disclosures about the allocation methods used to allocate costs among the functions. In developing this disclosure, a nonprofit should assess which activities constitute direct conduct or direct supervision of a program or supporting function, and, therefore require an allocation of costs. An example of a disclosure regarding the allocation of costs is provided below (this is an excerpt from the ASU at section 958‑720-55-176):

Note X. Methods Used for Allocation of Expenses from Management and General Activities

The financial statements report certain categories of expenses that are attributable to one or more program or supporting functions of the Organization. Those expenses include depreciation and amortization, the president’s office, communications department and information technology department. Depreciation is allocated based on square footage, the president’s office is allocated based on estimates of time and effort, certain costs of the communications department are allocated based on estimates of time and effort, and the information technology department is allocated based on estimates of time and costs of specific technology utilized.

The revised ASU provides specific examples of direct conduct and supervision as it relates to the determination of certain types of expenses. These are contained at sections 958-720-55-171 through 958-720-55-176 in the ASU. The ASU provides examples of allocations of a chief executive officer, chief financial officer, human resources department and the grant accounting and reporting function. In these sections it notes that the cost of the human resource department is not generally allocated to any specific program, and that instead all costs would remain as a component of management and general activities because benefits administration is a supporting activity of the entire entity.

Nonprofits should review the clarifications in the ASU with regard to the allocation of expenses and review their allocation methodologies to determine if there are any changes that are necessary. Once the organization determines the correct allocation approach, they will need to decide where they want to present this analysis in their financial statements and develop the format. Some organizations may also need to evaluate the different programs and supporting activities they have historically presented to determine if the presentation is concise. In addition, the organization will have to develop the wording for its allocation methodology disclosure.

Reclassification upon Expiration of Donor-Imposed Restrictions

If a nonprofit has received funds restricted to the purchase or construction of property, plant or equipment or a donation of such an asset with an explicit donor-imposed restriction on the length of time that the asset must be used, then net assets with donor restrictions should be reclassified as net assets without donor restrictions in the statement of activities as the restriction expires. The amount that is reclassified may or may not be the same as the amount of depreciation recorded on the asset. The amount reclassified each year should be based on the length of time of the explicit time restriction for the use of the asset. However, the depreciation should be based on the useful economic life of the asset.

If the donor does not specify how long the donated assets or assets constructed or acquired with cash restricted for the acquisition or construction must be used, then the restrictions on the long-lived assets, if any, expire when the assets are placed in service.

The entire amount of the contribution of property, plant or equipment, or cash shall be reclassified from net assets with donor restrictions to net assets without donor restrictions when the asset is placed in service if there are no explicit restrictions noted by the donor with regard to how long the long-lived asset is to be used.

When examining the effect of the ASU on your organization you should look at whether you have any contributions of long-lived assets that are being reclassified over time without any explicit stipulation of a time period for the use of the asset. If these assets have already been placed in service, the amount of these long-lived assets should be reclassified from net assets with donor restrictions to net assets without donor restrictions upon adoption of the ASU.

In addition, the organization will have to modify its policy with regard to the receipt of contributions for the construction of long-lived assets or donated long-lived assets. Upon adoption of the ASU, an organization will have to recognize revenue without donor restrictions when the donated assets are placed in service absent any explicit donor stipulations otherwise. In the past, organizations had an option to either follow the placed-in-service approach or to place an implied time restriction on the long-lived assets.

This article originally appeared in BDO USA, LLP’s “Nonprofit Standard” newsletter (Spring 2017). Copyright © 2017 BDO USA, LLP. All rights reserved.

Accounting and Financial Reporting for Other Postemployment Benefit Plans

By Patricia Duperron, CPA

Beginning with fiscal years ending June 30, 2017, the first of the two Other Postemployment Benefit (OPEB) standards from the Governmental Accounting Standards Board (GASB) becomes effective.

GASB Statement No. 74, Financial Reporting for Postemployment Benefit Plans Other Than Pension Plans replaces GASB Statements Nos. 43 and 57 for reporting of OPEB plans and mirrors the requirements of GASB Statement No. 67, Financial Reporting for Pension Plans. The good news is that most everything you learned in implementing the pension standards will apply to implementing the OPEB standards. There are, however, a few exceptions which will be discussed herein.

OPEB includes postemployment healthcare benefits such as medical, dental and vision, whether the benefit is provided separately from or through a pension plan. However other benefits, such as death benefits, life insurance, disability and long-term care are considered OPEB, subject to GASB 74 only when provided separately from a pension plan. OPEB does not include termination benefits or termination payments for sick leave.

GASB 74 applies to defined benefit plans and defined contribution plans administered through trusts, as well as plans not held in trust. Similar to pension plans, there are three types of defined benefit OPEB plans:

  • Single-employer
  • Cost sharing multiple-employer—in which the OPEB obligations to the employees of more than one employer are pooled and OPEB plan assets can be used to pay the benefits of the employees of any employer that provides pensions through the plan.
  • Agent multiple-employer plans—in which OPEB assets are pooled for investment purposes but separate accounts are maintained for each individual employer so that each employer’s share of the pooled assets is legally available to pay the benefits of only its employees.

GASB 74 does not apply to insured plans (those financed through an arrangement whereby premiums are paid to an insurance company during employees’ active service and the insurance company unconditionally undertakes an obligation to pay the OPEB of those employees).

GASB 74 requires the same two financial statements currently required by GASB 43 for plans administered through trust:

  • Statement of fiduciary net position (similar to GASB 67, receivables for contributions are only included if due pursuant to legal requirements)
  • Statement of changes in fiduciary net position
  • Footnotes specified by paragraph 35 of GASB 74 should include:
  • Basic description of the plan and policies
  • Investment information, including the annual money weighted rate of return
  • Information about reserves
  • Single and cost-sharing plans should also disclose:

–  Components of the OPEB liability

–  Significant assumptions

–  Healthcare cost trend analysis

–  Discount rate

–  Long-term expected rate of return

–  Sensitivity analysis of the discount rate and the healthcare cost trend rate

Note that the sensitivity analysis for OPEB includes the healthcare cost trend rate, which is something that wasn’t required for pension plan financial statements. The net OPEB liability will be shown at the current healthcare cost trend rate and one percentage point higher and lower. The discussion of actuarial assumptions will also include the healthcare cost trend rates.

Required supplementary information (RSI) for single and cost-sharing employers should include 10-year schedules of:

  • Changes in the OPEB liability and related key ratios
  • Actuarially determined contributions and actual contributions
  • Annual money-weighted rate of return on investments
  • Notes to the required schedules

RSI for agent OPEB plans requires a 10-year schedule of the annual money-weighted rate of return.

The OPEB liability should be determined by an actuarial valuation which can be no more than 24 months earlier than the plan’s most recent year-end, using the entry age actuarial cost method. The discount rate should be a single rate that reflects the long-term rate of return on investments that will be used to pay benefits. If there will be insufficient assets to pay the liability, the index rate for 20-year tax-exempt municipal bonds with an average rating of AA/Aa or higher would be used. Keep in mind that actuaries will be quite busy as everyone will be required to get OPEB valuations completed this year, so don’t wait until the last minute.

For assets accumulated to provide OPEB but not in a trust, the employer will continue to report the assets in an agency fund. For defined contribution plans there are specific disclosures required.

GASB has issued an Exposure Draft Implementation Guide No. 201X-X, Financial Reporting for Postemployment Benefit Plans other than Pension Plans, which follows the format of the GASB 67 Implementation Guide. The Implementation Guide includes illustrations to assist in determining the discount rate, money-weighted rate of return and sample note disclosures and should be finalized in April 2017.

Deferred inflows and deferred outflows of resources should be fairly rare as GASB has not identified any deferrals specific to OPEB. The draft Implementation Guide identifies a possible deferred outflow or deferred inflow related to derivatives, if applicable.

Implementing GASB 74 for OPEB plan financial statements will be very similar to the implementation of GASB 67 for pension plans. The GASB intentionally made GASB 74 similar to GASB 67 to minimize implementation issues for governments. However, in 2018 governments will be required to implement GASB statement No.75, Accounting and Financial Reporting for Postemployment Benefits Other than Pensions, which will require governments to record their proportionate share of the net OPEB liability in the financial statements. Previously, governments only recorded an OPEB obligation if they didn’t fully fund the annual required contribution and the net OPEB liability was only disclosed in the notes. Implementing GASB 75 will have a significant effect on a government’s net position because many OPEB plans are significantly underfunded or not funded at all.

This article originally appeared in BDO USA, LLP’s “Nonprofit Standard” newsletter (Spring 2017). Copyright © 2017 BDO USA, LLP. All rights reserved.

Public Charities and Private Foundations—What’s the Difference?

By Christina K. Patten

When starting a 501(c)(3) organization, the IRS will generally classify it one of two ways—either as a public charity or a private foundation. Public charities are known to perform charitable work, while private foundations are typically grant-making organizations. The main difference between public charities and private foundations is the source of their financial support.

Public Charities

Public charities generally have greater interaction with the public and receive the majority of their financial support from the general public and/or governmental units. Organizations such as churches and religious organizations, schools, hospitals and medical research organizations automatically qualify as public charities while other organizations must prove to the IRS that they are publicly supported.

An organization is considered publicly supported if:

  1. It normally receives one-third of its support from a governmental unit or from contributions from the general public or at least 10 percent public support, and facts and circumstances that show the public nature of the organization; or,
  2. It normally receives more than one-third of its support from gifts, grants, contributions or gross receipts from activities related to its exempt purposes, and not more than one-third of its support from gross investment income.

An organization can also achieve public charity status if it is a supporting organization of another charity that derives its public charity status under one of the tests stated above.

The IRS will automatically presume an organization to be a private foundation unless it can show that it is a public charity. After an organization’s initial five years, its public support test is based on a five-year computation period that consists of the current year and the four years immediately preceding the current year.

Private Foundations

A private foundation is typically controlled by members of a family or by a corporation, and receives much of its support from a few sources and from investment income. Because they are less open to public scrutiny, private foundations are subject to various operating restrictions and to excise taxes for failure to comply with those restrictions.

The IRS recognizes two types of private foundations: Private non-operating foundations and private operating foundations. The key difference between the two is how each distributes its income: A private non-operating foundation grants money to other charitable organizations, while a private operating foundation distributes funds to its own programs that exist for charitable purposes.

Benefits of Public Charities Over Private Foundations

Classification is important because private foundations are subject to strict operating rules and regulations that do not apply to public charities. Some advantages public charities have over private foundations include higher donor tax-deductible giving limits, 50 percent of adjusted gross income (AGI) versus a private foundation’s 30 percent of AGI limit, and the ability to attract support from private foundations. Public charities also have three possible tax filing requirements based upon annual revenue: Form 990 (> $200,000), Form 990-EZ ($50,000 – $200,000), and Form 990-N e-postcard (<$50,000). All private foundations, regardless of revenue, must annually file Form 990-PF. Additionally, a private foundation must annually distribute at least 5 percent of the fair market value of its net investment assets for charitable purposes. The penalty for failure to meet the 5 percent required minimum distribution is 30 percent of the shortfall or the remaining amount that should have been spent to meet the required minimum level. Private foundations are also subject to strict self-dealing rules, a 1 percent or 2 percent tax on investment income and certain expenditure responsibilities.

Public charities may engage in limited amounts of direct and grassroots lobbying. Private foundations that spend money on lobbying will incur an excise tax on those expenditures; this tax is so significant that it generally acts as a lobbying prohibition.


When deciding whether to operate as a public charity or a private foundation, the decision should depend on the organization’s programs and objectives. Once an organization is classified as a public charity, it must demonstrate annually that it meets the public charity tests. Once an organization is classified as a private foundation, it remains a private foundation.

If an organization fails the public support test two years in a row, it is at risk of reclassification as a private foundation, which can have significant implications for sustainability and mission accomplishment. To regain status as a public charity, the organization must notify the IRS in advance that it intends to make a qualifying 60-month termination. Only if it meets one of the public support tests at the end of a 60-month (five-year) period can the organization again operate as a public charity.

This article originally appeared in BDO USA, LLP’s “Nonprofit Standard” newsletter (Spring 2017). Copyright © 2016 BDO USA, LLP. All rights reserved.