Safeguarding charitable missions

Nonprofits share many of the same risks as for-profit organizations; however, their core missions expose them to a wide variety of unique risks, from volunteer projects to fundraising events. Should an incident happen, such as a cyberattack or lawsuit, a nonprofit’s mission could be at risk, jeopardizing the positive impact charitable organizations bring to individuals and communities around the world.

In celebration of National Nonprofit Day on August 17, NU PC360 spoke with Patrick Baker, nonprofit D&O product manager at Travelers, about the ways nonprofits can evaluate their risk management strategy, safeguard their mission and insure their distinctive risks. 

NU PC360: What kind of risks do nonprofits face on a regular basis? Are there any that are specifically threatening compared to for-profit businesses and private companies? 

Patrick Baker: Nonprofits face a variety of risks. Lawsuits and claims can be brought for a range of issues, including breach of fiduciary duty, failure to fulfill their mission, misuse or mismanagement of funds, and improper conduct of employees or volunteers.

Specific to nonprofits, a lot of them are challenged with fund-raising on an ongoing basis, which creates different issues that a for-profit company might not have to deal with. An example of this are donor lists; the sensitive personal and financial information often stored electronically by a nonprofit could produce a cyber exposure.

In addition to that, nonprofits often face heightened scrutiny from the government, and from the public due to their tax-exempt status and the regulations and requirement that come along with that, not to mention the expectations the public tends to have for a nonprofit. There can also be a reputational risk to a nonprofit if there is a PR-related issue that is being covered by media.

NU PC360: What forms of coverage should every nonprofit have to make sure their work isn’t interrupted? 

PB: In addition to traditional P&C coverages, every nonprofit should strongly consider carrying management liability policies. That typically includes directors and officers liability, employment practices liability, fiduciary liability, crime and certainly these days, cyber risk protection. Depending on the services provided, other coverages such as professional liability may need to be considered as well.

NU PC360: What would you say to nonprofits that might argue that they do not have enough resources to commit to the various forms of coverage they would need to ensure their operations run smoothly? 

PB: In my opinion, they can’t afford not to. Without the proper insurance protection, being on the receiving end of a lawsuit or suffering a data breach could threaten an organization’s ability to fulfill their mission or deliver services. Having the right risk management strategies in place, including insurance, should be viewed as a core part of a nonprofit’s operations.

NU PC360: How often should nonprofits assess their risk management strategy? 

PB: Risk management should be a board level issue, and each nonprofit would benefit from spending the time and figuring out what the appropriate frequency and strategy looks like for them. 

NU PC360: What risk should be at the top of mind for nonprofits going forward?

PB: Right now, cyber, data breach and network security are top of mind. 

NU PC360: Is there anything else you’d like to emphasize about nonprofits and the risks they face?

PB: Nonprofits are not immune to risk; in fact, they face unique risks as a result of being a nonprofit. As the world of risk continues to evolve, nonprofits can and must protect themselves and should look to partner with an insurance carrier that has experience, expertise and a commitment to the nonprofit sector. 

Related: 7 tips to protect nonprofits and their volunteers from risks