7 charity compliance checklists for smarter nonprofit updates

Every charity faces a thicket of compliance requirements — federal filings, state registrations, board minutes, donor receipts, and more. Miss one deadline and you risk fines, lost tax-exempt status, or a hit to public trust. But staying compliant doesn't have to mean drowning in paperwork. We've distilled the core of nonprofit compliance into seven practical checklists. These are designed for busy teams who need a clear, repeatable process — not another binder to collect dust.

1. Why compliance checklists matter for your charity

Nonprofit leaders often treat compliance as a once-a-year scramble around tax season. That reactive approach leads to mistakes: missed state filings, incomplete board minutes, or lapsed fundraising registrations. Checklists transform compliance from a crisis into a routine. They reduce cognitive load, catch errors before they become problems, and provide a clear audit trail for board members and regulators.

Consider what happens without a checklist. A treasurer leaves the organization; the new person doesn't know which states require annual renewals. Six months later, the charity receives a notice that its registration in California is revoked. Now the team is scrambling to re-register, paying late fees, and explaining to donors why contributions from that state may not be tax-deductible. A simple checklist would have flagged the renewal date and assigned responsibility.

Checklists also serve as training tools for new staff and board members. When everyone follows the same steps, institutional knowledge isn't lost when someone leaves. And they make board meetings more productive — instead of wondering whether something was done, the board can review a completed checklist and focus on strategy.

We're not suggesting you need to build everything from scratch. Many of the checklists below are adapted from common regulatory requirements and industry best practices. Use them as a starting point, then customize for your organization's size, jurisdiction, and activities.

What a good compliance checklist includes

An effective checklist is more than a to-do list. It includes the action, the deadline, the responsible person, and a place to mark completion. It also notes where supporting documents are stored. For example: "File Form 990 with IRS by May 15 — CFO — stored in Google Drive/990 folder." Some teams add a column for "evidence" (a link or file name) so an auditor can verify each step.

Who should own compliance

Smaller charities often assign compliance to the executive director or treasurer. As the organization grows, consider a dedicated compliance officer or a committee that meets quarterly. The key is clear ownership: every checklist item should have a single person accountable, not a vague "team" responsibility.

2. Annual filing checklist

The most visible compliance task for US nonprofits is the annual information return — usually Form 990, 990-EZ, or 990-N (e-Postcard). Missing the deadline can result in automatic revocation of tax-exempt status. But the filing itself is just one piece; there are related steps that often get overlooked.

Start with the calendar. The Form 990 deadline is the 15th day of the 5th month after the end of your fiscal year. Most charities operate on a calendar year, making May 15 the typical due date. But if your fiscal year ends June 30, the deadline is November 15. Mark the date in your shared calendar and set reminders 90, 60, and 30 days out.

Before you prepare the return, gather the year's financial statements, board meeting minutes, conflict of interest disclosures, and compensation data for key employees. Many preparers find it helpful to draft the 990 early and review it with the board before filing. That way, questions about compensation or related-party transactions can be addressed ahead of time.

Don't forget state filings. Most states require a copy of the federal return, and some have separate forms. The Multistate Guide to Registration and Reporting from the National Association of State Charity Officials is a good starting point — but check each state's website for current forms and fees. Some states also require an audited financial statement if revenue exceeds a threshold.

Common annual filing mistakes

Late filing is the most obvious error, but there are others: missing schedules (especially Schedule B for large donors and Schedule O for supplemental information), incomplete Part VI governance questions, and incorrect EIN or address. Have a second person review the return before submission. Also, remember that the 990 is public — donors and watchdog groups will see it. Accuracy matters for reputation, not just compliance.

Checklist items for annual filing

• Confirm fiscal year end and calculate filing deadline
• Gather financial statements, board minutes, and conflict of interest forms
• Prepare and review Form 990 (or 990-EZ/990-N)
• Obtain board approval before filing (if required by bylaws)
• File with IRS (electronically if required — most must e-file if gross receipts exceed $50,000)
• File state copies and any state-specific forms
• Store confirmation and copy in permanent records
• Update internal calendar with next year's deadline

3. Fundraising registration checklist

If your charity solicits donations from the public — including online — you may need to register with state charity offices. As of 2025, about 40 states require some form of registration before you can solicit donations from residents. The rules vary widely: some states exempt organizations with under $25,000 in contributions, others have no threshold. And the definition of "solicitation" can include a simple "Donate" button on your website.

The registration process typically involves submitting an application, paying a fee, and providing copies of your IRS determination letter and audited financials. Renewal is usually annual, with deadlines tied to your fiscal year or registration anniversary. Failure to register can lead to fines, cease-and-desist orders, and even criminal penalties in a few states.

Many charities start with a few states where they have a physical presence or a major donor base. As online fundraising grows, the question becomes: do you need to register everywhere? The legal answer is generally yes if you have "continuous and substantial" solicitation activity. But some states offer a low-activity exemption. Consult with a nonprofit attorney or a compliance service if you're unsure.

Because registration requirements change frequently, your checklist should include a periodic review. At least once a year, check each state's charity office website for updates. Some states now participate in the Unified Registration Statement (URS), which simplifies multi-state registration, but not all accept it.

Fundraising registration checklist items

• Identify states where you solicit donations (online, mail, events)
• Check each state's registration threshold and exemption rules
• Prepare registration application (often includes IRS letter, financials, board list)
• Submit application and fee before soliciting in that state
• Mark renewal deadlines for each state
• Monitor for new registration states (e.g., if you run a national Giving Tuesday campaign)
• Review annually for changes in state law

When professional fundraisers are involved

If you hire a fundraising consultant or telemarketing firm, additional compliance steps apply. Many states require the fundraiser to register separately and file financial reports. Your contract should include a clause requiring the fundraiser to maintain its own compliance. Also, be aware that some states require specific disclosures in solicitation materials, such as the percentage of donations that go to the charity vs. the fundraiser.

4. Board governance and meeting checklist

Good governance isn't just about ethics — it's a compliance requirement. The IRS Form 990 asks detailed questions about board independence, meeting frequency, and document retention. State nonprofit corporation laws also mandate minimum board actions, such as electing officers and approving major transactions.

Start with your bylaws. They should specify the number of board meetings per year, quorum requirements, and how decisions are made. Many state laws require at least one annual meeting. If your board rarely meets, or if meetings are poorly documented, you risk legal challenges and IRS scrutiny.

Minutes are the most common governance compliance gap. They need to record what was discussed, what decisions were made, and who voted. Vague minutes like "the board discussed finances" are insufficient. Instead, write: "The board reviewed the Q2 financial statements, noted a 5% variance in program expenses, and approved the revised budget by a vote of 7-1 (Smith dissenting)." Attach supporting documents to the minutes.

Conflict of interest is another area where checklists help. At the start of each year, board members and key staff should sign a conflict of interest disclosure statement. When a potential conflict arises during a meeting (e.g., a board member's company is bidding for a contract), that member should recuse themselves and the recusal should be noted in the minutes.

Board governance checklist items

• Review bylaws annually for compliance with state law
• Schedule at least the minimum number of board meetings
• Distribute meeting materials in advance (typically one week before)
• Take detailed minutes, including motions, votes, and recusals
• Approve minutes at the next meeting and store signed copies
• Collect annual conflict of interest disclosures
• Maintain a board member list with terms and contact info
• Document board approval of major decisions (budget, CEO compensation, mergers)

5. Donor receipt and acknowledgment checklist

Donors expect receipts for tax purposes, and the IRS has specific rules. For cash donations of $250 or more, you must provide a written acknowledgment that includes the charity's name, the date and amount of the donation, and a statement about whether any goods or services were provided in exchange. For donations of $75 or more that include a benefit (like a gala dinner), you must disclose the fair market value of the benefit and note that only the excess is deductible.

Many charities use a template acknowledgment letter, but errors creep in. Common mistakes: failing to include the charity's EIN, not specifying that no goods or services were provided (for cash donations), or using generic language that doesn't meet the IRS's "contemporaneous" requirement (the acknowledgment must be provided by January 31 of the year after the donation, or earlier if the donor files before then).

Non-cash donations add complexity. For items valued at $5,000 or more, the donor needs a qualified appraisal, and the charity must sign Form 8283. The charity should also provide a receipt describing the donated property — but not an appraisal or valuation, as that's the donor's responsibility. For vehicles, boats, and aircraft, special rules apply if the charity sells the item rather than using it.

Your checklist should cover both one-time and recurring donations. For monthly donors, you can issue a single annual statement summarizing all gifts, as long as it meets the acknowledgment requirements.

Donor receipt checklist items

• Generate acknowledgment within 30 days of donation (or by Jan 31 for year-end)
• Include charity name, EIN, date, and amount
• State whether goods/services were provided (and value if applicable)
• For non-cash donations: describe property, note if appraisal is needed
• For vehicles sold: provide required IRS disclosure within 30 days of sale
• Keep copy of all acknowledgments in donor records
• Review template annually for IRS rule changes

6. Data privacy and security checklist

Nonprofits collect sensitive data: donor credit card numbers, bank account details for recurring gifts, employee Social Security numbers, and sometimes health information for program participants. Data breaches can lead to legal liability, fines, and loss of donor trust. While federal privacy law (like HIPAA) applies mainly to healthcare organizations, many states have data breach notification laws that apply to any entity holding personal information.

The first step is to know what data you hold and where. Conduct a data inventory: donor databases, email marketing platforms, payroll systems, cloud storage. For each system, identify who has access and what security measures are in place (encryption, password policies, two-factor authentication).

Payment card data is especially sensitive. If you process credit card donations directly (not through a third-party like Stripe or PayPal), you may be subject to PCI DSS requirements. Most small charities avoid this by using a payment processor that handles the card data. But even then, your website should use HTTPS and you should never store full card numbers or CVV codes.

Data privacy regulations like the GDPR (if you have EU donors) and the California Consumer Privacy Act (if you have California donors) impose additional requirements: you must disclose what data you collect, allow donors to request deletion, and obtain consent for certain uses. Your checklist should include a review of your privacy policy and data handling practices at least annually.

Data privacy checklist items

• Inventory all systems storing personal data
• Review access controls — remove former employees and volunteers
• Ensure payment processing uses tokenization or a third-party gateway
• Post a privacy policy on your website that meets state law requirements
• Train staff on phishing and data handling procedures
• Create a breach response plan (who to contact, how to notify affected individuals)
• Check if GDPR or CCPA applies to your donor base
• Back up critical data and test restoration

7. FAQ: Common compliance questions from nonprofits

Do we need to register in every state where we have a donor? Not necessarily. Many states exempt charities that raise below a certain threshold (often $25,000) or that only solicit via mail or online without a physical presence. But the rules vary, and some states have no exemption. It's safest to consult a compliance attorney or use a registration service for a multi-state analysis.

What happens if we miss the Form 990 deadline? The IRS grants a 90-day automatic extension if you file Form 8868 before the original due date. If you miss even the extension, the penalty is $20 per day (up to $10,000 or 5% of gross receipts for larger organizations). For three consecutive years of non-filing, revocation is automatic. If you realize you missed a deadline, file as soon as possible and include a reasonable cause explanation.

Can we use a template for board minutes? Yes, but customize it each time. A template helps ensure consistency, but the minutes must reflect the actual discussion and decisions. Avoid copying and pasting from previous meetings — that can look like the board isn't genuinely deliberating.

Do we need an audit? Some states require an audit if your revenue exceeds a certain threshold (often $500,000 or $1 million). Even if not required, many charities choose to have an audit or a financial review to reassure donors and board members. Check your state's requirements and your grant agreements — some foundations require audited statements.

How do we handle international donors? If you receive donations from outside the US, you may need to comply with that country's charity laws and data privacy regulations. For example, GDPR applies if you have donors in the EU. Also, the IRS has rules about foreign grants — you must verify that the recipient organization is a qualified charity if you're making a grant abroad.

Our treasurer left — how do we transfer compliance knowledge? This is where checklists shine. If your checklists include responsible persons and document locations, a new treasurer can pick up the process quickly. Schedule a handoff meeting and review each checklist item together. Also, ensure all online accounts (IRS, state portals, banking) have a shared login or a backup administrator.

Should we use compliance software? For organizations with complex multi-state registration or high-volume donor receipts, software can save time and reduce errors. Tools like Foundation Group, Harbor Compliance, or DonorDock offer compliance tracking and automated reminders. But for small charities, a well-maintained spreadsheet or shared checklist may be enough. Evaluate cost vs. time saved before purchasing.

Compliance doesn't have to be a burden. With these seven checklists — annual filing, fundraising registration, board governance, donor receipts, data privacy, and a FAQ to address common gaps — your organization can stay ahead of deadlines, reduce risk, and focus on mission. Start by printing the checklists that apply to your current activities, assign owners, and schedule a monthly 30-minute compliance review. Over time, these practices become habit, and the peace of mind is worth the effort.