A nonprofit embezzlement incident is emotionally devastating, causing nonprofit leaders to question their own judgment and management ability. It erodes the public’s trust, jeopardizes grants and funding contracts, scares off new donors, can attract scrutiny from regulators, and in the worst cases, can bring down a nonprofit.
A 2013 investigation by the Washington Post drew attention to the problem of nonprofit embezzlement by examining “significant diversions of assets” reported on Form 990.
Nonprofit embezzlement can involve anyone: officers, directors, employees, volunteers, contractors, vendors, etc. In our experience, it is often someone that is trusted implicitly such that their reports are never questioned. This post offers a run-down of the steps nonprofit leaders can take to deal with the aftermath of an embezzlement incident.
Secure the nonprofit’s assets
Upon learning of the embezzlement, the first step the nonprofit leadership must take is to secure the nonprofit’s assets to prevent further losses. If the perpetrator was a signer on any bank accounts or had online access to accounts, revoke their access immediately. If they had company credit cards, cancel them. If the loss involved other types of assets, take whatever steps are necessary to secure them.
Preserve evidence of the nonprofit embezzlement by revoking access to the suspect’s computer as well as company accounts including company email, cloud-based software platforms, and corporate social media accounts.
Sideline the suspect pending an investigation
If the nonprofit organization has either proof or strong suspicion of who the perpetrator was, the nonprofit will need to sideline the suspect while it conducts a thorough investigation. If the suspect is an employee, they can be placed on administrative leave. If they are a volunteer, suspend their clearance to serve as a volunteer.
Obtain keys and key cards
Secure the suspect’s keys and key cards if any. If there is a concern a copy was made or if the keys can’t be recovered, re-key the locks and change access codes.
Secure confidential information
Demand the employee turn-over any corporate confidential information in his or her possession. This can include hard-copy and digital files.
Conduct a thorough investigation
It may be necessary to bring in an outside investigator. Ideally, a forensic accountant will uncover exactly how much was taken and how it was taken.
Once the nonprofit organization has clear evidence that the suspect is responsible for the loss and that it was in fact theft, terminate the relationship with the individual. If the individual was an employee or a vendor with a contract, it is a good idea to consult with legal counsel.
File a police report
Ideally, the nonprofit organization should file a police report. The police report should strictly recite provable facts uncovered during the investigation. The nonprofit organization does not want to be sued for defamation.
Report the loss to the insurance carrier
Organizations general liability insurance may have coverage for theft. Those with employment practices coverage may have coverage for employee theft. However, to access it, the insurer typically requires a copy of the police report. Do not delay in reporting the event to the insurer as a delay could jeopardize coverage.
Attempt to recover funds from the perpetrator
It may be helpful to consult an attorney regarding options to recover stolen funds. If the funds were spent, the items that were purchased with the stolen proceeds may be able to be recovered and sold.
Report to the IRS
- Significant Diversion of Assets. The IRS requires tax-exempt organizations to report a significant diversion of assets on Form 990. A diversion of assets includes theft, embezzlement, or any unauthorized use of the organization’s assets. The diversion is “significant” if the gross value of all diversions (not counting restitution, insurance, or similar recoveries) discovered during the tax-exempt organization’s tax year exceeds the lesser of 5% of its gross receipts for the year, 5% of its total assets at the end of the year, or $250,000. A diversion that occurred in a prior year should be reported in the tax year it is discovered. The organization must explain on Schedule O the nature of the diversion, the dollar amounts involved, as well as any steps the organization took to correct the diversion. The organization should not identify the perpetrator by name.
- Excess Benefit Transactions. If the perpetrator is a person who has substantial influence over the organization, the diversion could amount to an excess benefit transaction. An excess benefit transaction could result in penalty taxes on the perpetrator. It also jeopardizes the organization’s tax-exempt status.
Shore up Policies and Procedures
When an embezzlement, theft or fraud event has occurred, it is critical that the nonprofit be honest about what happened and have a good story to tell. A good story should focus on the good news: it was caught, appropriately reported to the Police and the IRS, steps were taken to recover funds (perhaps they were even recovered), and the organization’s processes and procedures were overhauled to ensure it will never happen again. Depending upon the severity of the event and the level of public interest, consider engaging a crisis communications expert.
Deal Honestly with Stakeholders
If the nonprofit’s leadership isn’t honest and transparent with its stakeholders, they will sense something is off and their assumptions will often be worse than the actual facts. Without naming names, the better approach is to be transparent about what happened and focus on the steps that are being taken to prevent it from happening again. In particular, reach out to major funders as soon as possible. Funders have seen it all before and know that these things happen even under the best of circumstances. An open line of communication will go far to shore up confidence.
If lightening strikes your nonprofit organization in the form of nonprofit embezzlement, following the above steps will give it the best chance to recover. For ideas on how to avoid nonprofit embezzlement in the first place, check out our Top 10 Tips for Preventing Theft and Embezzlement.
Ellis Carter is a nonprofit lawyer with Caritas Law Group, PC. To contact Ellis, call 602-456-0071 or email us at firstname.lastname@example.org.