Q&A #154 – Are nonprofits required to have a document retention and destruction policy?
Question: I recently started as Executive Director of a nonprofit organization and noticed that the organization does not have a document retention and destruction policy. It was my understanding that the Sarbanes-Oxley Act requires nonprofits to have a document retention and destruction policy, but several Board members have questioned whether this law applies to nonprofits. Does the Sarbanes-Oxley Act require nonprofits to have a document retention and destruction policy?
Answer: Sections 802 and 1102 of the Sarbanes-Oxley Act generally prohibit all persons, including nonprofit organizations, from destroying, falsifying, or otherwise modifying records to obstruct a federal proceeding or investigation. There is no specific requirement under federal law to have a document retention and destruction policy (sometimes called a record retention policy), but having one is a recommended best practice to prevent violations of this law and to demonstrate the organization’s commitment to transparency and accountability.
The applicability of the Sarbanes-Oxley Act of 2002 to nonprofit organizations is an often-misunderstood topic. The Act (P.L. 107-204), was passed in response to the corporate fraud scandals that occurred in the early 2000s (e.g., Enron and WorldCom) and included widespread corporate governance and financial reforms aimed mainly at publicly traded for-profit companies.
However, there are two main aspects of the Act that do apply to nonprofits: (1) restrictions on destroying, falsifying, or otherwise modifying records to obstruct a federal proceeding or investigation; and (2) restrictions on retaliating against certain whistleblowers.
Specifically, Section 802 of the Sarbanes-Oxley Act, codified at 18 U.S.C. § 1519, provides that:
“Whoever knowingly alters, destroys, mutilates, conceals, covers up, falsifies, or makes a false entry in any record, document, or tangible object with the intent to impede, obstruct, or influence the investigation or proper administration of any matter within the jurisdiction of any department or agency of the United States or any case filed under title 11, or in relation to or contemplation of any such matter or case, shall be fined under this title, imprisoned not more than 20 years, or both.”
Additionally, Section 1102 of the Sarbanes-Oxley Act, codified at 18 U.S.C. § 1512, provides that:
“Whoever corruptly … alters, destroys, mutilates, or conceals a record, document, or other object, or attempts to do so, with the intent to impair the object's integrity or availability for use in an official proceeding … shall be fined under this title or imprisoned not more than 20 years, or both.”
Likewise, this section also includes similar restrictions on withholding such records and intimidating, threatening, or corruptly persuading other persons to withhold or alter, destroy, mutilate, or conceal such records.
These restrictions generally apply in the context of federal court cases, bankruptcy proceedings, Congressional investigations, Internal Revenue Service audits, EEOC or Department of Labor investigations, and other federal agency proceedings.
Thus, the Act does not specifically require adoption of a document retention and destruction policy to prevent the criminal violations referenced in the statute, but having document retention and destruction policy is a generally recommended best practice for a few important reasons.
First, nonprofit organizations are required by federal and state law to maintain certain corporate records and, in some cases, to disclose these records upon request to the organization’s Board members and officers, voting members, and/or the general public. Having a document retention and destruction policy can serve as an effective reminder of these obligations and thereby help to ensure compliance with recordkeeping laws as well as the restrictions of the Sarbanes-Oxley Act.
Second, many external auditors strongly urge organizations to have a document retention and destruction policy, so not having one can impact the financial statement audit process and lead to possible findings in the auditor’s management letter.
Further, the Form 990 (in Part VI, Section B) specifically asks whether the organization has a written document retention and destruction policy. Answering “no” to this question can reflect poorly on the organization’s management practices and result in a lower rating by charity watchdog sites, as demonstrated in this explanation of how Charity Navigator computes its Accountability & Finance score.
Planning Tip – When drafting or revising your organization’s document retention and destruction policy, consider including provisions addressing how the organization will handle documents that are subject to public disclosure requirements, such as the organization’s application for tax-exempt status (Form 1023 or Form 1024). For example, the document retention and destruction policy may be a good place to clarify that the “public disclosure” copy of the Form 990 (with certain donor information redacted from Schedule B) will be maintained separately from the organization’s internal copy of the Form 990.
For these reasons, it is essential to have a thoughtfully drafted document retention and destruction policy, even if this policy is not strictly required by federal law.
If you have a question you would like to submit to SE4N, send it to us using the contact form and we will consider answering it in a future post. Please do not send confidential information.
