What nonprofit compliance actually is
Most compliance guides are written for organizations with a compliance officer. If you are reading this, you probably are the compliance officer, along with everything else you do.
This post is for small nonprofits: teams of two to ten people managing programs, funders, a board, and a pile of deadlines that never stops growing. Here is what you are actually required to track, in plain terms.
The two kinds of obligations
Every obligation your organization carries falls into one of two buckets.
Regulatory obligations come from the government. They exist whether you have a single grant or none. They include your annual IRS filing, state charitable registration, payroll filings, and any licensing or certification your programs require. Missing them can cost you your tax-exempt status or your right to solicit donations.
Funder and stakeholder obligations come from the people who give you money or govern your organization. Grant reporting deadlines, board meeting requirements, insurance renewals, lease terms, and staff credential renewals all live here. Missing them can cost you funding, your lease, or your standing with the people who trust you to run the organization well.
Most small nonprofits have a decent handle on the regulatory side, at least they know it exists. The funder and stakeholder side is where things fall through the cracks, because no single government form tells you what you owe.
What the regulatory side actually requires
At the federal level, almost every 501(c)(3) must file an annual return with the IRS. Which version depends on your revenue:
- Under $50,000 in gross receipts: Form 990-N, an electronic postcard that takes minutes
- Under $200,000 in gross receipts and under $500,000 in assets: Form 990-EZ
- All others: Form 990
The deadline is the 15th day of the fifth month after your fiscal year ends. For a December 31 fiscal year, that is May 15. Missing three consecutive years means automatic revocation of your tax-exempt status.
At the state level, requirements vary significantly. Most states require you to register before soliciting donations, then renew that registration annually. If you fundraise online, you may have obligations in states where you have never set foot.
What the funder and stakeholder side actually requires
This is the harder list to maintain, because it is different for every organization and every grant. A typical small nonprofit is tracking some combination of:
- Grant narrative and financial reports, with due dates set by each funder
- Board meeting minimums, usually set by your bylaws
- Insurance policy renewals for general liability, directors and officers, and workers comp
- Lease renewal windows, meaning the notice period and not just the expiration date
- Staff certification renewals such as first aid, mandatory reporter, or program-specific credentials
- Fiscal sponsor reporting if you operate under a fiscal sponsor rather than your own 501(c)(3)
None of these show up on a single checklist. You have to build your own, then maintain it as obligations change.
The practical problem
The reason small nonprofits fall behind on compliance is not negligence. It is that the obligations are spread across emails, grant agreements, board bylaws, insurance documents, and lease files, often in different places, owned by different people, with no single system connecting them.
The answer is a compliance calendar: one place where every deadline lives, with an owner attached to each one, and enough lead time to actually prepare before the due date arrives.