The Primary Legal Risks of Nonprofit ESG Programs
When a nonprofit organization voluntarily decides to weave ESG principles and practices into its organizational and operational fabric, it is taking on a certain degree of legal risk. To be sure, that risk is not anything remotely like the risk faced by for-profit companies—particularly publicly traded companies—that are subject to ESG statutory and regulatory mandates from the SEC and elsewhere. Nonprofits are not subject to such mandates. Nonetheless, nonprofits do face ESG-related legal risks. A non-exhaustive list of such risks follows.
Employment Law: ESG initiatives—particularly those that involve DEIA issues—can involve changes to hiring and promotion practices, workplace diversity, and employee compensation and benefits, which can trigger employment-related legal risks such as discrimination, harassment, and wrongful termination claims. This is nothing new, and laws like Title VII of the federal Civil Rights Act and state equivalents have been applied to nonprofit employers for more than fifty years. But what is new is the potential impact of the U.S. Supreme Court’s June 2023 ruling (Students for Fair Admissions v. Harvard and Students for Fair Admissions v. University of North Carolina) rejecting race-conscious admissions in higher education. While the new decision does not impede employers from pursuing diversity in their workforces (as it is limited solely to higher education admissions), many experts maintain that, as a practical matter, the ruling will likely discourage some employers from putting in place ambitious diversity policies in hiring and promotion—or prompt them to rein in existing policies—by encouraging new lawsuits in the employment arena under the new legal standard. In principle, the logic of the Court’s ruling on college admissions could threaten employer programs that, as of today, can take race into account if workers were previously excluded from a job category based on race or can do so to remove obstacles (such as unconscious bias) that prevent employers from having a more diverse workforce. But the more meaningful effect of the Court’s decision is likely to be greater pressure on policies that were already on questionable legal ground. These could include, for instance, staff leadership acceleration programs or internship programs that are open only to members of underrepresented groups. It also would not be surprising to see the Court use the ruling’s rationale to limit race-conscious initiatives in other aspects of nonprofit governance and management in the future, such as if federal funds are involved.
State Laws and Executive Orders Restricting DEIA Policies, Trainings, and Practices: Effective July 2022, Florida’s Individual Freedom Act, or the so-called “Stop WOKE” law, restricts diversity-related training in private Florida workplaces—including nonprofits based in Florida or (presumably) that have Florida-based employees—and also bars the teaching of critical race theory in K-12 schools and universities. That law is currently the subject of litigation that is working its way through the courts. In February 2023, Texas Governor Greg Abbott issued a memorandum to state agencies warning them to not use any DEIA programs in hiring that are “inconsistent” with Texas law, including setting diversity goals or interview targets for diverse candidates. While the memorandum is limited to public employers, it is unclear whether the governor may take similar action toward private employers in Texas. While California had adopted laws requiring certain racial, ethnic, and gender diversity on boards of directors of public companies headquartered in California, both laws have been struck down by courts, and appeals are underway. Observers widely expect a proliferation of such laws and executive orders restricting DEIA policies, trainings, and practices in a variety of “red” states. Beyond the employment realm, it would not be surprising to see new state laws and executive orders that could effectively prohibit DEIA initiatives in other aspects of nonprofit governance and management, such as board composition, volunteer leader selection, and grantmaking, as well as government grants, contracts, and cooperative agreements.
Misrepresentation and Greenwashing: There is a risk of publicly misrepresenting or overstating a nonprofit’s ESG performance, which could lead to charges of “greenwashing” or otherwise engaging in deceptive or misleading conduct. This could result in donor or funder backlash, reputational damage, and potentially even regulatory enforcement by state attorneys general, as well as private litigation. While nonprofits should always be mindful of these longstanding risks of making misleading or non-substantiated claims in connection with all of their programs and activities—well beyond ESG—the legal and public relations risks can be particularly acute here.
“Derivative” Suits: Nonprofits that incorporate ESG into their investment policy statement and base investment decisions, in part, on ESG criteria and then face material investment losses may risk being on the opposite end of “derivative”-type lawsuits alleging that the nonprofit’s board of directors and/or investment committee were not prudent stewards of the organization’s resources.
Data Privacy and Security: Nonprofits’ ESG activities often involve, in part, collecting, processing, and storing sensitive data about volunteer leaders, employees, donors, funders, and other stakeholders. There is a risk of data breaches or mishandling of information, which could result in legal action, regulatory penalties, and reputational harm. If a data breach occurs, there is an ever-increasing web of requirements imposed by state, federal, and international laws that must be followed.
Mitigating the Legal Risks of Nonprofit ESG Programs
To mitigate these legal risks, there are a number of proactive steps that nonprofit organizations can take. Below is a non-exhaustive list:
- Ensure that your nonprofit’s employment policies and practices are fully compliant with all current federal and state legal standards in areas involving discrimination, harassment, wrongful termination, and otherwise. This necessarily means ensuring that any current or future employment diversity initiatives are narrowly tailored as permitted by current law and do not result in discrimination. It also means not overreacting to the June 2023 U.S. Supreme Court decision involving race-conscious college admissions but keeping a close eye on future legal developments in the employment context. For those nonprofits with remote employees in different states, remember that state employment laws generally apply to any employee who regularly works from the state, irrespective of where the organization is based. Be sure to always consult with employment counsel fluent in both federal law and the laws of the applicable states. Finally, outside of the workplace setting, keep an eye on future rulings from the U.S. Supreme Court that could apply the rationale underlying the college admission decision to other aspects of nonprofit governance and management, for instance if federal funds are involved.
- While Florida’s Individual Freedom Act includes nonprofits based in Florida (and presumably those with Florida-based employees) in its restrictions on diversity-related training in private Florida workplaces, most other state laws and executive orders to date that restrict DEIA policies, trainings, and practices do not apply to nonprofits. That may well change in the coming months and years, however, particularly in certain “red” states. It is important to stay on top of all new state developments in this area—both those affecting the workplace and those potentially affecting other aspects of nonprofit governance and management—and take all necessary steps to comply with them.
- Ensure that all public statements regarding your nonprofit’s ESG performance are accurate, fully substantiated with appropriate data and documentation, and not in any way overstated, misleading, or deceptive.
- Working with a professional investment advisor, adopt an investment policy statement that reflects the nonprofit’s priorities, goals, risk tolerance, and financial needs but that is defensible as being reasonable, prudent, and appropriate. Be sure to revisit it on a regular basis and update it as needed.
- Implement strong data privacy and security measures to protect sensitive information about nonprofit volunteer leaders, employees, donors, funders, and other stakeholders and to mitigate the risk of data breaches or mishandling of such information. If a data breach occurs, be sure to closely follow the ever-increasing requirements imposed by state, federal, and international laws.
- Develop clear and consistent ESG policies and practices that align with your nonprofit’s values and mission, as well as expectations of donors, funders, and other stakeholders.
- Regularly engage with stakeholders such as donors, funders, and employees to ensure that your nonprofit’s ESG initiatives are transparent and meet their needs.
- Maintain up-to-date knowledge of applicable state, federal, and international ESG-related laws and regulations, and ensure full compliance with them.
- As with all areas of legal risk management, work with experienced legal counsel to help your nonprofit navigate the complex and ever-changing legal landscape governing ESG initiatives.
While ESG initiatives are thus far not mandated for nonprofit organizations as they are for certain for-profit companies, for a variety of reasons, increasingly nonprofits are voluntarily incorporating ESG principles and practices into their organizations and operations. In doing so, nonprofits can gain certain benefits but also expose themselves to potential legal risk in a wide array of areas. That being said, if properly understood and appreciated by nonprofit executives and leaders, those risks can be effectively mitigated by incorporating a number of practical tips and suggestions.