Nonprofit Board Compliance: What You Actually Need to Track

Nonprofit compliance has a reputation for being either overwhelming or boring, and it ends up being neither handled well nor thought about clearly. Organizations either over-invest in tracking things that don't meaningfully affect their standing, or they underinvest and end up with lapsed filings, outdated policies, and unsigned documents that create real problems when a funder or auditor asks to see them.

The goal of this article is to help you focus on what actually matters — the compliance obligations that have consequences if they slip — without turning board governance into a compliance audit.

Federal obligations: the Form 990

The Form 990 is the annual information return most tax-exempt organizations file with the IRS. It's public, which means funders, watchdog organizations, and curious donors can read it. The IRS uses it to assess whether your organization is maintaining its tax-exempt status appropriately.

There are three versions depending on your size:

• 990-N (e-Postcard): For organizations with gross receipts under $50,000
• 990-EZ: For organizations with gross receipts under $200,000 and total assets under $500,000
• 990: Full form for larger organizations

The due date is the 15th day of the fifth month after your fiscal year ends. For a December 31 fiscal year end, that's May 15. You can file for an automatic six-month extension.

Missing three consecutive years of 990 filing results in automatic revocation of tax-exempt status. The IRS maintains a list of organizations that have lost their status this way. Reinstatement is possible but involves fees and paperwork that are entirely avoidable.

The 990 also asks about specific governance practices: whether you have a written conflict of interest policy, whether the policy includes annual disclosure requirements, and whether you have a whistleblower policy. These aren't legally required, but their absence is visible to anyone who reads your filing. For more on the COI side, see what every nonprofit needs in a conflict of interest policy.

State obligations: charity registration

Many states require nonprofits that solicit donations from state residents to register with a state agency, typically the Attorney General's office or a charitable trust division. Requirements vary significantly by state. Some states exempt small organizations. Some require registration before you solicit a single dollar. Some require annual renewal.

The National Council of Nonprofits maintains state-by-state resources that can help you understand what applies to your organization. If you're fundraising online, you may have obligations in states where you've never physically operated, depending on how broadly your solicitations reach.

Lapsed charity registration can result in fines, and some states have started enforcing more actively than they once did. This is an area where an hour of research specific to your state can prevent a real headache.

Governance documents that need to stay current

Beyond filings, there's a set of internal documents that should be current, accessible, and actually used:

Bylaws

Your bylaws are your governing document. They define how the board operates: term lengths, quorum requirements, officer roles, voting procedures, amendment processes. If your bylaws are outdated, they may conflict with how you're actually operating, which creates ambiguity whenever a governance dispute arises.

Review your bylaws at least every three years. If significant decisions about board structure have been made informally over the years, this is the time to formally reflect them.

Conflict of interest policy

As covered in detail elsewhere, this needs to be written, signed annually by all board members, and enforced consistently. See what every nonprofit needs in a conflict of interest policy for the full breakdown.

Whistleblower policy

The IRS 990 asks whether you have one. A basic whistleblower policy establishes a process for reporting financial misconduct or other concerns without retaliation. It doesn't need to be complex, but it should be in writing and communicated to staff and board.

Document retention policy

How long should financial records be kept? Employment records? Contracts? A document retention policy answers these questions and protects the organization when records are requested during an audit or legal matter. The IRS offers general guidance on record retention for tax-exempt organizations.

Annual compliance calendar

Compliance is easiest to manage when it's scheduled, not reactive. Most small nonprofits benefit from a simple annual calendar that maps their obligations by month. Here's a basic template:

• January: Distribute conflict of interest disclosure forms; collect signed forms from all board members
• February: Review financials and prepare for annual audit or review
• March–April: Prepare Form 990 (or deliver documents to accountant)
• May: 990 due (or file extension)
• June: Check state charity registration renewal dates; renew if needed
• September: Mid-year board review; update bylaws if needed
• October: Reminder cycle for any unsigned compliance documents
• November: Annual meeting preparation; board terms up for renewal; governance committee review

The exact timing depends on your fiscal year and state requirements, but having it in one place prevents the scramble of discovering a lapsed obligation when it's already overdue.

What slips first

There are a few compliance items that consistently get overlooked in small nonprofits:

Unsigned compliance documents. Annual signing requirements are easy to initiate and easy to let slide. A common pattern is distributing forms, collecting signatures from most members, and leaving one or two people as perpetually outstanding without follow-up. Over two or three years, you end up with gaps in your records.

State charity registration renewals. These tend to get filed in "someone's handling this" mental territory until there's a reason to check. Set a calendar reminder for the renewal date, not just the due date.

Board term records. Boards that don't formally track start dates and term lengths eventually lose track of who's been serving how long. This creates both a governance issue and a potential compliance issue if your bylaws specify term limits that aren't being observed. See how to structure board member terms at your nonprofit for a framework.

Bylaws that drift from reality. If board practices have evolved but the bylaws haven't been updated, you're technically operating outside your governing document. This usually doesn't surface until there's a dispute, at which point it becomes harder to resolve.

How much to formalize

Small nonprofits sometimes over-formalize compliance management: elaborate tracking systems, lengthy policies, multiple layers of review. Most of this isn't necessary and takes time away from the actual work of running the organization.

The right level of formalization is what prevents things from slipping without creating overhead that exceeds the risk it's managing. For most organizations under 25 board members, this means a clear calendar, a small set of documents that are reviewed annually, a tracking system for signatures, and someone who owns each item.

Board Manager tracks compliance document signings at the member level, so you can see at a glance who has signed what and send reminders to outstanding members. Combined with term tracking and committee records, it covers most of what small nonprofits need in one place. Whether you use a dedicated tool or a well-maintained spreadsheet, the key is having a single place where compliance status is visible and someone who checks it regularly.

Compliance isn't glamorous work. But the organizations that handle it calmly and consistently are the ones that can focus their attention on their mission rather than on fixing preventable problems.