Table of Contents

Understanding corporate policies

Max Dana Updated by Max Dana

This guide is intended to demystify some of the most common corporate policies, with a focus on New York State nonprofits. However, it is not a comprehensive list so you should consult with an expert such as a lawyer or accountant when reviewing your policies. For more information that may be helpful to New York nonprofits, see the guides published by the Charities Bureau of the New York State Attorney General’s Office or the NY Statewide Financial System.

What are corporate policies?

Every company has a set of corporate policies and procedures that guide them in their operations. Some policies are mandated by law, while others are considered good practices. For example, under New York's Nonprofit Revitalization Act of 2013, nonprofits are required to adopt written policies that deal with Related Party Transactions, Conflicts of Interest, and Whistleblowers. Other policies may be highly recommended in order to comply with other legal and accounting requirements, particularly in the employment context.

Certain policies are frequently embedded in an Employee Handbook (e.g. Equal Employment Opportunity Policy), while other policies that are applicable to non-employees such as Board members and constituents (e.g. a Sexual Harassment Prevention Policy) may be better as stand-alone policies to facilitate distribution. Since the scope and purpose of each policy is unique, it's important to understand what each type of policy is and what it means for your organization.

Who decides on the content of policies?

Generally, policies are drafted by an organization's executive leadership or operations staff based on the organization's specific operational context and approved by the organization's Board of Directors. The Board has a legal fiduciary responsibility to govern and direct the organization in accordance with Federal and state law, so it's very important that the nonprofit formally adopt these corporate policies and periodically review them.

ArtsPool has templates for many policies, but these templates are general purpose and should be reviewed carefully and adapted to the specifics of your organization.

⚖️We are not lawyers or accountants. Our policy templates have been reviewed by lawyers, but laws change and operational contexts differ, so you should always have policies reviewed by an expert with knowledge of the domain covered by the policy (lawyer, accountant, security/safety consultant, etc.) prior to Board approval.

Adopting policies

  1. Make a copy of one of the policy templates in the Policy examples and templates section below. Just select File > Make a Copy from within the Google Doc to make a copy in Google format. Alternatively, select File > Download > Microsoft Word. Be sure to rename the file and move it to a location where other people can access it.
  2. Fill out any placeholder sections highlighted in yellow with appropriate information for your organization.
  3. Read the whole policy and update it to reflect how you actually operate or want to operate. Get a cup of coffee or three, but whatever you do, don't skip this step. A policy that is simply copy and pasted will be out of sync with your organization's operations and ineffective. This task may seem onerous, but it is a long term investment in your organization's stability. Once you have the policies in place, the annual review becomes much easier.
  4. Have internal stakeholders familiar with the area that the policy covers review your draft. Board members are great collaborators on this task, particularly if they have legal, accounting, or human resources expertise, so put feelers out at your next Board meeting to recruit volunteers.
  5. Put the policy on the agenda for the next Board meeting and have it adopted, or have it adopted by the Executive Committee if your bylaws permit it. In some states such as New York you can adopt policies electronically by unanimous written consent, but all Board members must vote and they all have to agree or the vote is not valid.
  6. Distribute the policy to employees and Board members and post it in the workplace or online as necessary.

Maintaining policies

You should review all policies annually and have the Board vote to re-approve them with or without changes. Some Boards will identify a Board member to conduct this annual review and then recommend bulk approval of all policies to the full Board or Executive Committee (with a report on and discussion of any changes made prior to the vote).

Reminder: We are not lawyers or accountants, so be sure to have all policies reviewed by an expert such as a lawyer or accountant prior to Board approval. 🧠

Policy examples and templates

Different jurisdictions require different policies, so it's always a good idea to review you policies with your lawyer and accountant periodically. This is particularly important if you expand into a new state, since each state has different laws governing nonprofits.

The policies listed below are some of the most common policies that we have come across for New York State nonprofits. However, many of these are excellent to have in place regardless of your geographic location. See the links provided for templates.

Conflict of Interest Policy

One of the most important policies for nonprofits (or any company), the Conflict of Interest Policy defines your organization's process for determining whether a Board member or key employee -- sometimes known as a "key person" -- has a conflict of interest in a matter being voted on by the Board or in an aspect of your organization's business. It also defines the process for disclosing those conflicts, which is typically done via annual Conflict of Interest Disclosure forms or more frequently if a conflict arises mid-year. Finally, it defines rules around how Board actions are taken on such matters when there is a conflict (e.g. the conflicted Board member abstains from voting). Conflicts of interest are not illegal, but they must be disclosed to the Board and handled in a legally compliant way.

Required by: Internal Revenue Service, New York State Prequalification (Statewide Financial System)

Template: Conflict of Interest Policy

Records Retention Policy

The Records Retention Policy defines which documents your organization retains, how they should be retained, and for how long. Some documents and data must legally be retained forever; other documents must be retained for shorter periods. Be sure to have your lawyer and accountant review your Records Retention Policy regularly to ensure that it is compliant with current laws and regulations.

Required by: Internal Revenue Service

Template: Records Retention Policy

Whistleblower Policy

A Whistleblower Policy protects your employees and Board members from retaliation should they report a violation of any applicable legal, regulatory, or ethical standards. It also defines the types of incidents that should be reported, how they should be reported, and the process for handling the reported incident. Some organizations opt to include this in their Employee Handbook but it's a good idea to create a stand-alone version to distribute to the Board since the policy applies to Board members in the course of their service to the organization.

Required by: Internal Revenue Service (recommended but not required)

Template: Whistleblower Policy

Executive Compensation Policy

An Executive Compensation Policy defines how your Board determines compensation for executive-level employees (Executive Director, Artistic Director, etc) and how often this compensation is reviewed. This is up to your Board to determine, but it should be clearly stated in writing as an official policy.

Required by: Internal Revenue Service (required for organizations submitting a full 990)

Template: Executive Compensation Policy

Fiscal Controls Policy

A Fiscal Controls Policy, sometimes also known as an Internal Controls Policy or Financial Controls Policy, is a critical document that defines processes intended to prevent fraud, embezzlement, misappropriation, or other shenanigans with your organization's finances or other assets.

For example, it is good practice for an organization separate its fiscal and legal functions by having a different people authorized to sign checks and contracts. Depending on the size of your organization, this may not be possible, but your organization will be more protected against fraud with controls such as these in place. The template policy below includes many controls that we have found useful in our work with nonprofits, but each organization's Board must determine these controls for themselves and consult with a lawyer or accountant to ensure that the policy is compliant with requirements of their jurisdiction(s).

Required by: New York State Prequalification (Statewide Financial System)

Template: Fiscal Controls Policy

Sexual Harassment Prevention Policy

A Sexual Harassment Prevention Policy should clearly state your organization's policy on sexual harassment (hint: it's illegal on the Federal level and also illegal in many states) as well as a clear process for handling complaints of sexual harassment. Some organizations include this in a broader anti-harassment policy in their Employee Handbook, but its a good idea to have it as a stand-alone policy as well since it also applies to the Board, donors, volunteers, constituents, and anyone else involved in your organization's programs or operations. Always consult with a lawyer when developing your Sexual Harassment Prevention Policy to ensure that your policy covers requirements of your local jurisdiction (e.g. New York City requires annual sexual harassment prevention training).

Required by: New York State, New York City

Template: Sexual Harassment Prevention Policy

Staff Code of Conduct and Ethics

A Staff Code of Conduct is designed to promote honest, ethical and lawful conduct by all employees, volunteers, and directors of your organization and outlines both expectations of conduct and ethics as well as the consequences of violations. This is often included as part of the Employee Handbook, but be sure to circulate it to your Board as well (or create a separate Board-specific document) since they work for the organization in a volunteer capacity and should uphold its standards of conduct.

Required by: New York State Prequalification (Statewide Financial System)

Template: Staff Code of Conduct and Ethics

Anti-Nepotism Policy

Nepotism is defined as "the practice among those with power or influence of favoring relatives or friends, especially by giving them jobs," which is never a good thing in any organization. Adopting an Anti-Nepotism Policy does not mean that your organization can't hire relatives or friends, but it provides your organization with a clear statement on whether hiring relatives or friends is allowed, how and when it needs to be disclosed to the Board, and any rules that your Board requires in order to maintain controls against abuse, e.g. a person cannot directly supervise their relative.

Required by: New York State Prequalification (Statewide Financial System)

Template: Anti-Nepotism Policy

Equal Employment Opportunity Policy

U.S. Federal law prohibits unfair treatment or harassment of employees and job applicants on the basis of race, color, religion, sex (including pregnancy, gender identity, and sexual orientation), national origin, age (40 or older), disability, or genetic information. In addition it prohibits denial of a reasonable workplace accommodation that the employee needs because of religious beliefs or disability and retaliation against employees who complain about job discrimination or assist with a job discrimination investigation or lawsuit. Organizations should adopt an Equal Employment Opportunity Policy (sometimes referred to as an Affirmative Action Plan) to ensure they are in compliance with these requirements.

Required by: U.S. Federal law

Template: Equal Employment Opportunity Policy

Minority and Women-Owned Business Enterprise Policy

Some jurisdictions have Minority and Women-Owned Business Enterprise (MWBE) opportunity programs designed to help support businesses owned by minorities and women. New York State, for example, requires potential grantees to attest that they have a Minority and Women-Owned Business Enterprise Policy in place prior to being prequalified for state grants even though not all grants have MWBE benchmarks attached. Whether or not it's required, adopting an MWBE Policy is a great way to show your support for the minority and women-owned businesses in your community.

Required by: Certain contracts with state, local or Federal agencies. Review contracts carefully to ensure compliance.

Template: Minority and Women Owned Business Enterprise (MWBE) Policy

Investment Policy

Nonprofits aren't prohibited from having investments, but since investing comes with risk, it's a good practice for the Board to adopt a clear Investment Policy to ensure that they are fulfilling their legally mandated fiduciary responsibility to the organization. An Investment Policy often defines the goals of the investment, dealer qualifications, types of investments allowed, credit rating requirements, concentration limits, reporting requirements, and other risk management practices.

Required by: Not required, but a good practice for organizations with investments.

Template: Investment Policy

Security Policy

A Security Policy serves to document your organization's security practices both in terms of physical security and data security. The content of this policy can be whatever your Board decides is a prudent level of security, but it's important that you train your employees to follow the security practices defined in the policy, particularly in the era of digital data. If your organization works with vulnerable communities or sensitive personally-identifiable information, it's a good idea to invest resources in developing this policy and training your employees to ensure you are operating safely.

Required by: Not required, but a good practice for organizations with physical locations or that handle data.

Template: Security Policy

Emergency Preparedness Policy

An Emergency Preparedness Policy is intended to outline the steps that will be implemented to mitigate the extent of damage to and interruption of your organization's operations in the event of an emergency. It typically contains sections relating to planning and preparation, document safety, steps to be taken in the event of an emergency, and steps to be taken to resume operations. It can be a more general document that outlines broader emergency preparedness strategies when used in conjunction with a more detailed Continuity of Operations Plan (see below).

Required by: Not required, but highly recommended for all organizations.

Template: Emergency Preparedness Policy Template

Continuity of Operations Plan

A Continuity of Operations Plan is intended to guide your organization in determining the role of your organization during an emergency, what programs and services are essential to maintain during the emergency, and how you do so while keeping your employees, constituents, facilities, and information safe. It is often much more detailed than the Emergency Preparedness Policy so that it can serve as a "manual" to guide employees in the event of an emergency.

The Continuity of Operations Plan should consider both fast moving scenarios with acute disruption or damage such as natural disasters, accidents, etc and slow moving events such as a pandemic that might put operations, employees, or finances at risk over a longer period of time. It's also important to regularly review and update the plan, circulate it to employees, and train employees in emergency procedures.

Required by: Not required, but highly recommended for all organizations, particularly those where disruptions to operations could harm the organization or its constituents.

Template: Continuity of Operations Plan

Management Succession Policy

The purpose of a Management Succession Policy is to ensure replacements for key executive, management, technical, and professional positions at your organization. The document can be as detailed or as general as you like, but it should ensure that there are practices in place to ensure that existing employees are prepared for rapid advancement and have the skills, confidence, and resources to take over certain key job responsibilities in the event of a sudden or planned departure in a critical area (e.g. deaths, disabilities, retirements, or other unexpected losses). It is also a good practice for the policy to address how the organization promotes the advancement of protected labor groups defined under Federal law.

Required by: Not required, but recommended for larger organizations

Template: Management Succession Policy

Supervision and Performance Evaluation Policy

A Supervision and Performance Evaluation Policy -- often included in the Employee Handbook -- provides a framework for discussing, planning and reviewing the performance of each employee at an organization. It should include details on when and how reviews are conducted, how salary increases are planned for annually, how performance evaluations affect salary increases, and how salary equity reviews can be requested.

If performance review procedures for senior level employees such as the Executive Director are not described in the Executive Compensation Policy (see above), be sure to include a section on how the performance of employees who report to the Board are reviewed.

Required by: Not required, but recommended for all organizations.

Template: Supervision and Performance Evaluation Policy

Diversity Policy

The purpose of a Diversity Policy is to define how your organization fosters, cultivates, and preserves a culture of diversity and inclusion amongst its employees, Board, contractors, and the community of citizens that it serves. While this document bears some resemblance to an Equal Employment Opportunity Policy, it should go beyond anti-discrimination and anti-harassment language and describe your organization's values as they relate to diversity and what your organization is proactively doing to ensure a diverse, equitable, and inclusive environment.

Required by: New York State Prequalification (Statewide Financial System)

Template: Diversity Policy

Employee Recruitment Policy

An Employee Recruitment Policy defines practices for recruiting and hiring new employees. It is informed by other policies such as the Equal Employment Opportunity Policy and Diversity Policy and generally includes details on how and where to post open positions, how to review candidates, and how to make offers of employment.

Required by: Not required, but recommended for larger organizations.

Template: Employee Recruitment Policy

Employee Retention Policy

Retention of skilled employees helps shield your organization from the shocks that come with frequent turnover, and the Employee Retention Policy is intended to provide clarity on what strategies or incentives your organization uses to keep employees happy and reduce turnover.

Required by: Not required, but recommended for larger organizations.

Template: Employee Retention Policy

Lactation Policy

NYC Local Law 185 and Local Law 186 (both passed in 2018) require that employers provide employees with lactation accommodations, including a lactation room where employees can pump/express breast milk, and reasonable time to pump/express breast milk. Employers are also required to have a written lactation policy that meets certain requirements under the law and must provide it to all new employees, e.g. via an organization's Employee Handbook. The NYC Commission on Human Rights has developed several model lactation accommodation policies and a request form.

Required by: New York City

Templates: Lactation Policy (dedicated space), Lactation Policy (multi-use space), Lactation Policy (no dedicated/multi-use space)

Measuring Effectiveness Policy

A Measuring Effectiveness Policy defines how and how often the Board of Directors evaluates whether the organization is effectively serving its mission. The policy should ensure that the organization has defined, measurable goals and objectives in place to evaluate the success and impact of its program(s) in fulfilling these goals and objectives.

Required by: Better Business Bureau (if your organization submits reports to them)

Template: Measuring Effectiveness Policy

Online Privacy Policy

An Online Privacy Policy sets forth your organization's policies and practices for handling information collected from donors, program participants, or other constituents. Though not a legal requirement in many U.S. jurisdictions, there are several cases in which Federal and individual state laws require privacy policies. As such, it is a good practice for any company doing business on the internet to adopt a policy to ensure that they are being good stewards of personal data.

Privacy policies can be long and detailed or as short as a single paragraph depending on the nature or geographic area of your operations, the type of data you collect, and your level of risk, so be sure to have it reviewed by your lawyer before you publish it on your website, web application, etc. California, in particular, has detailed legal requirements so be sure to have a lawyer familiar with California data privacy laws review your policy if you collect data from California residents.

Required by: Better Business Bureau (if your organization submits reports to them), certain state and Federal laws

Template: Online Privacy Policy

How did we do?

Board actions for New York nonprofits

Fiscal control stopgaps: what NOT to do

Contact