Keeping Your Story Straight - Establishing and Implementing a Record Retention Policy

Every nonprofit must maintain certain records to satisfy both federal and DC laws.  However, nonprofits often don’t have clear guidelines about what records must be kept and for how long.  That is where record retention policies come in.  A record retention policy provides clear rules that set out what records can be disposed of; which should be kept permanently and which records must be kept for a set time.  Just as importantly, the policy makes clear that once the time-period for keeping a record has elapsed, the record should be destroyed and helps to guard against improper disposal or destruction of documents with the intent of obstructing an investigation.  

Both the Internal Revenue Code and the DC Nonprofit Code impose record keeping requirements on tax-exempt organizations.  First, the Internal Revenue Code provides that tax-exempt organizations must make certain tax forms available for public inspection.  These include:

• Form 1023 – Application for exempt status.  Applications filed after July 14, 1987 must be permanently available for inspection by the public.


• Form 990 -This includes Form 990, Form 990-EZ and Form 990-T (tax on unrelated business income). The Form must be made available for the 3-year period beginning with the due date of the return.


• For organizations with annual revenues of $50,000 or less and that file Form 990-N, the form is filed through IRS website and available there.

A nonprofit that fails to comply with these requirements is subject to financial penalties.  The DC Nonprofit Code also requires a nonprofit to retain certain records.  A nonprofit must maintain at its principal offices, copies of the following:

• Articles of Incorporation and Bylaws.


• Minutes and accounting records for past three years.


• Communications to membership for past three years.


• Names and business addresses of officers and directors.


• Most recent biennial report.


• If a membership organization, an accurate membership list that includes names, addresses, and voting class of all members.

There is no penalty for failure to do so, although directors and members have a right to inspect the records and can sue to enforce that right.

Part VI of the IRS Form 990 requires a nonprofit to state whether the organization has a written document retention and destruction policy.  The IRS defines a document retention and destruction policy as a policy that identifies the record retention responsibilities of staff, volunteers, board members, and outsiders for maintaining and documenting the storage and destruction of the organization's documents and records.  

Part VI of the IRS Form 990 also requires a nonprofit to state whether it maintains contemporaneous documentation of its Board and committee meetings.  Contemporaneous means the later of:

• the next meeting of the Board or committee, or


• 60 days after the date of the meeting or written action.

To answer yes, the nonprofit needs to have minutes for only those committees with authority to act on behalf of the Board (which ordinarily do not include advisory committees).  Documentation can include anything permitted by state law including approved minutes, email, or similar writings that explain the action taken, when it was taken, and who made the decision.

What Should a Document Retention and Destruction Policy Include?

Generally, when drafting a document retention and destruction policy, you should include:  

• A list of document categories, along with the length of time (permanently, or a period of years) that the organization should retain such documents;


• A provision that restricts employees, officers, and directors of the organization from destroying documents in anticipation of litigation; and


• A provision that ensures that once the period for retaining the document expires, the documents and all copies of the document are destroyed.  

The policy should provide that records be kept in a manner that makes them reasonably accessible to the appropriate people, such as in an online storage site to which more than one person has access.  For example, important documents should not be stored only in a volunteer’s basement or computer.  To do so runs the risk that the documents will be lost when the individual is no longer affiliated with the organization.

It is also important that the documents be properly secured against their inadvertent destruction.  For example, the organization should keep digital copies of documents on a server, with a proper method for backing up the files.  In addition, when appropriate, physical copies of the records should be kept in a fire-proof filing cabinet in the organization’s offices.

Prior to establishing document retention time periods, an organization should consult with an  attorney regarding local laws, as they vary by jurisdiction, paying particular attention to both statutes of limitations and statutory and regulatory requirements for maintaining originals or copies.

Exempt organizations also should be aware of certain requirements of the Sarbanes-Oxley Act of 2002 that apply to nonprofits: specifically, the imposition of criminal liability on exempt organizations that destroy records with the intent to obstruct a federal investigation.  While the Act does not explicitly require the adoption of a document retention and destruction policy, it is recommended that exempt organizations adopt and abide by such a policy as a “best practice.”

Document Destruction

While it is important for an organization to maintain records, it is equally important that an organization destroy documents once their maintenance is no longer required.

Destroying documents that are no longer needed helps the organization maintain more easily accessible files.  With an effective document destruction policy, the organization is no longer “drowning in paper.”  In addition, if the organization is sued, it will not have to spend hundreds of hours looking through old, outdated documents to find the documents needed to respond to the lawsuit.  

Keeping documents past their required retention date can also harm an organization.  For example, suppose that ten years ago, a former employee made a valid claim of sexual harassment against another former employee.  Suppose also that under your organization’s document retention and destruction policy, the employment records for former employees should have been destroyed after seven years.  However, if the records were not destroyed and your organization is again sued for sexual harassment, the organization will have to turn over the old records to the individual filing suit.  If they had been destroyed as scheduled, the organization would not have to do so.

Record Audit

Once an organization has established a record retention and destruction policy, the organization must follow the policy.  From time to time, the organization should conduct an audit to ensure that it has copies of the records it is supposed to be maintaining.   For example, if the organization no longer has a copy of its IRS Form 1023, it can contact the IRS and obtain a copy.  It can also contact former board members if it cannot locate minutes from prior years’ meetings.  If it cannot locate copies of its older insurance policies, it can ask the insurance carrier for copies of the policies.

It is better to reconstruct records proactively.  Your organization should not wait until it has a dispute with, for example, an insurance carrier about a claim to get a copy of the policy from the insurer.