(image from pexels.com)
By Danielle Cook
Nonprofit organizations have always operated in complex environments. Digital fundraising and data privacy obligations now span dozens of jurisdictions at once. What has changed is the pace at which policy decisions, regulatory expectations and public scrutiny collide. Funding rules can shift mid-cycle. Oversight intensity can rise without warning.
These pressures are no longer confined to compliance or legal teams. They influence how nonprofit leaders plan and deliver programs, manage cash flow and communicate with stakeholders. Uncertainty today is not just about what will happen next, but whether decisions made in the past will be revisited, paused or reversed.
Conversations with nonprofit policy, governance and compliance leaders point to a clear pattern. Organizations that treat regulatory intelligence and governance as core operating disciplines are better positioned to absorb volatility. Those that rely on reactive responses are finding the margin for error shrinking.
Tax rules or reporting requirements often come to mind first when nonprofit leaders discuss regulatory risk. “The largest risk for this space, in my mind, continues to be funding,” said Charles Cooper, founder and managing partner of the Brumidi Group. “Processes in D.C. are somewhat broken, which drives uncertainty in timing. Partisanship drives uncertainty around what ultimately gets funded.”
Beyond future appropriations, leaders must also consider the stability of existing funding. Cooper noted that uncertainty now extends to whether federal programs will be reauthorized, reduced or halted midstream. For nonprofits that rely directly or indirectly on federal funding, that ambiguity complicates everything from hiring decisions to long-term commitments.
In this environment, consistent engagement matters. “If you’re not engaging on a regular basis, your risk profile goes up significantly,” Cooper said. Relationships built before a crisis are often the ones that help organizations navigate uncertainty when it arrives.
Bipartisanship And Message Discipline Reduce Exposure
One common misstep, Cooper said, is leadership aligning too closely with one side of the aisle. “If you’re not operating on a bipartisan basis, you’re taking two steps backwards,” he said. Oversight authority and funding decisions rarely rest with a single group. Flexibility depends on credibility across audiences.
Message discipline is equally important. “This is a messaging town,” Cooper said. “Message often leads policy.” Organizations that improvise messaging during a crisis risk inconsistency and confusion. Leaders emphasize the value of clear, pre-defined narratives that speak to mission impact and stewardship, not politics.
Experienced partners also play an important role. Navigating policy risk without a deep understanding of how Washington operates often leads to miscalculation. The system is driven by policy, politics and shifting priorities, Cooper said, not business norms.
Compliance Blind Spots Are Often Structural
From a governance and audit perspective, compliance failures often stem from structure rather than intent. Dennis Morrone, head of Not-for-Profit & Higher Education Industry at Grant Thornton, noted that nonprofits with significant federal funding often demonstrate strong discipline around grant compliance. “There is genuinely a fear of non-compliance,” he said. “From what we generally see, entities are spending those monies in a manner that conforms with the terms of the agreement.”
Where blind spots emerge are in areas that feel indirect or fragmented. Digital fundraising is a prime example. Campaigns that cross state lines can trigger registration and disclosure requirements that teams may not anticipate.
There’s a belief that if you send out a solicitation to a national audience, or just have a passive website, you’re fine. But with so many different state laws, you can trigger registration and disclosure requirements of which organizations might not be aware.”
Third-party platforms do not remove that responsibility, as they typically have no responsibility for an NFP’s compliance.
Boards Are Asking More Questions, Rigor Varies
Board oversight is intensifying, driven by high-profile fraud cases and rising reputational risk. Directors are asking more questions about controls, audits and technology use.
What concerns Morrone is the gap between questions and analysis. “More often than not, management teams give boards the comfort they’re requesting,” he said. “But I’m not sure they’ve really done the type of rigorous analysis and review that’s necessarily warranted.”
That gap can persist until an external event forces deeper scrutiny. Morrone said this moment creates an opening. Organizations can use heightened board attention to revisit governance structures, policies and risk oversight with an eye on today’s realities, not those of prior cycles.
AI Already Embedded, Governance Often Not
Technology is shaping compliance and communications whether leaders plan for it or not. Many NFPs are already using AI to draft content, analyze data or streamline workflows.
Used thoughtfully, AI can reduce risk. Used casually, it can introduce new exposure. In that regard, people are becoming more savvy about when messages appear AI-generated. That creates a huge disconnect from your audience. AI should support, not replace, an organization’s voice.
Morrone added that boards are increasingly focused on how technology might help surface anomalies or misuse of funds. The challenge is that many NFPs are still in the formative stages of understanding what these technology tools can and cannot do.
Resilience does not require sweeping transformation. For nonprofit leaders who consistently emphasize practicality, the first step is clarity. Ask:
- Who owns regulatory monitoring?
- Who is accountable when compliance cuts across fundraising, technology and finance?
From there, a targeted use of automation can deliver early value by monitoring deadlines, scanning for policy changes or flagging financial anomalies, which reduces friction without overburdening teams.
Over time, governance can mature. Morrone said consideration of automation might also be an opportunity for an NFP to conduct a governance review, examining whether policies, processes and oversight have kept pace with regulatory and technological change.
Regulatory acceleration is no longer theoretical for nonprofits. It is shaping funding stability, governance expectations and public trust in real time.
Organizational leaders who continue to view compliance as overhead will face rising exposure. Those that elevate regulatory intelligence, strengthen board oversight and use technology with discipline are better positioned to sustain their missions.
Uncertainty will remain. Preparedness does not eliminate risk, but it narrows surprises. In today’s regulatory environment, NFP resilience is built through clarity, engagement and governance long before a crisis appears.
*****
Danielle Cook is Associate Director, Public Policy at Grant Thornton LLC. Her email is [email protected]
