What "fiduciary" actually means
A fiduciary is someone trusted to act on behalf of others, with a legal obligation to put their interests first. Trustees are fiduciaries for beneficiaries; financial advisors (sometimes) for clients. Nonprofit directors are fiduciaries for something more abstract: the charitable mission and the public that subsidizes it through tax exemption.
That's the key mental shift. A for-profit board answers to shareholders, who can sue, vote, or sell. A nonprofit has no owners — so the law substitutes fiduciary duties, enforced mainly by state attorneys general (for example, the charities programs of the California AG and New York AG) and by the IRS through the rules that come with 501(c)(3) status.
The good news: the duties are demanding in principle and forgiving in practice. Courts apply the business judgment rule — they protect informed, good-faith, disinterested decisions even when the outcomes are bad. The duties punish process failures: not reading, not asking, not disclosing. Which means they're satisfiable by ordinary diligence.
The duty of care: pay attention
The standard: act with the care an ordinarily prudent person would exercise in a like position under similar circumstances. In English: be the kind of board member who reads the materials, shows up, asks questions, and thinks before voting.
What it requires in practice:
- Attend meetings. Chronic absence is itself a breach — you cannot be careful in absentia.
- Read before you vote. Review the board packet, financial statements, and any contract or policy you're approving. You may rely on reports from officers, staff, and professionals (accountants, lawyers) — but only reasonably. Relying on a report you never opened is not reliance; it's abdication.
- Ask questions until you understand. "I don't follow this number" is the duty of care in action. Voting on what you don't understand is the breach.
- Oversee, on a schedule. Regular financial review (see how to read nonprofit financial statements), confirmation that the Form 990 was filed, payroll taxes paid, insurance in force.
Classic care failures: the board that never saw financial statements while the bookkeeper embezzled for years; the board that approved a building loan without reading the terms; the board that didn't notice the 990 hadn't been filed for three years — which triggers automatic loss of tax-exempt status. None of these required bad intent. They required only inattention.
The duty of loyalty: the mission comes first
The standard: act in the organization's interest, not your own. When your personal, family, or business interests touch a board decision, the organization's interest wins — and the conflict must be handled in the open.
What it requires in practice:
- Disclose conflicts — proactively, annually in writing, and again in the moment when a conflicted matter arises.
- Recuse yourself from discussion and the vote when conflicted. Leave the room for the deliberation; the minutes should say so.
- No self-dealing. Contracts with a director's company, sales of property to or from insiders, loans to officers (illegal for nonprofits in many states) — all are danger zones requiring independent review, comparable data, and documentation, if they happen at all.
- No usurping opportunities. A funding lead or property deal that comes to you as a director belongs to the organization first.
- Confidentiality. Using or leaking board information for outside benefit is a loyalty breach too.
The IRS gives the loyalty duty federal teeth through two doctrines. Inurement: no part of a charity's net earnings may benefit an insider — a strict, no-minimum rule that can cost the organization its exemption. And excess benefit transactions (IRC §4958): excise taxes — assessed personally — on insiders who get a better-than-fair deal and on managers who knowingly approve one.
The operational armor for all of this is a written conflict of interest policy with annual disclosure — covered step-by-step in our conflict of interest guide.
The duty of obedience: stay true to the mission
The standard: keep the organization faithful to its stated purpose and obedient to the law. Donors gave to this mission; the public exempted this purpose from tax. The board is the guarantor of that bargain.
What it requires in practice:
- Operate within the exempt purpose in your articles of incorporation and the 501(c)(3) requirements — including the bans on political campaign activity and on more-than-insubstantial lobbying.
- Honor donor restrictions. A gift restricted to the scholarship fund cannot patch this month's payroll — even temporarily, even with the best intentions. This is why boards should insist on reports that separate restricted from unrestricted funds (the core of fund accounting).
- Follow your own bylaws. Quorums, notice periods, term limits, officer elections. Decisions made in violation of the bylaws are challengeable.
- File and register. Form 990 federally; charitable solicitation registration in the states where you fundraise; payroll and employment obligations always.
Obedience is also the duty that governs mission drift. Chasing a grant that pulls the organization sideways from its purpose isn't just a strategy question — at the extreme, it's a legal one.
How boards actually get in trouble
Real enforcement actions and exemption revocations cluster around a familiar set of patterns:
| Pattern | Duty breached | The fix |
|---|---|---|
| No one reviewed the books; fraud ran for years | Care | Monthly statements to the full board; segregation of duties |
| Insider contract at above-market rates | Loyalty | COI policy: disclosure, recusal, comparables, documentation |
| Restricted funds spent on operations | Obedience | Fund accounting; restricted balances on every board report |
| 990 not filed three years running → automatic revocation | Care + obedience | Compliance calendar; filing confirmation in minutes |
| Payroll taxes withheld but not remitted | Care | Treasurer verifies remittance; board asks quarterly |
| Founder compensation set by the founder's friends | Loyalty | Independent comp review with comparable data, documented |
Note the common thread: none of these require villains. Most fiduciary failures are drift — small omissions that compound because nobody's job was to notice.
Personal liability and your protections
Directors reasonably ask: can this volunteer role cost me my house? Almost always no — here's the actual exposure map:
Your protections:
- The business judgment rule — informed, good-faith, disinterested decisions are protected even when wrong.
- Volunteer protection statutes — the federal Volunteer Protection Act and state equivalents shield unpaid directors from ordinary negligence claims.
- Indemnification — most bylaws commit the organization to cover directors' defense costs.
- D&O insurance — backstops indemnification with actual money. Every board should carry it; every prospective member should ask.
Where the shields fail:
- Self-dealing and intentional misconduct — no statute protects bad faith.
- Gross negligence — willful blindness is not "ordinary" negligence.
- Unpaid federal payroll taxes — the IRS trust fund recovery penalty reaches "responsible persons" individually, which can include directors who knew and let it slide. This is the sharpest personal-liability edge in the nonprofit world; treat payroll tax remittance as sacred.
- Excess benefit excise taxes — assessed personally on managers who knowingly approve insider windfalls.
A practical fiduciary compliance checklist
If your board can check every box below, you are comfortably inside the law's expectations:
- ☐ Financial statements (position, activities, budget-vs-actual) reviewed at every regular meeting
- ☐ Restricted vs. unrestricted funds reported separately
- ☐ Form 990 reviewed by the board before filing, every year
- ☐ Payroll tax remittance confirmed quarterly
- ☐ Written conflict of interest policy; annual signed disclosures from all directors
- ☐ Conflicted members recused, and recusals recorded in minutes
- ☐ ED compensation set by independent members using comparable data, documented
- ☐ Minutes kept for every meeting and approved at the next
- ☐ Bylaws reviewed in the last three years and actually followed
- ☐ D&O insurance in force
- ☐ State charitable registrations current in every state where you solicit
Several boxes get dramatically easier with the right plumbing. When your banking and books live in one system that tracks funds by restriction and produces board-ready statements automatically, the duty of care stops depending on one heroic volunteer. That's the problem Holdings built fund accounting to solve — free banking underneath, with the software at $25/mo.
Primary sources
- IRS, Publication 4221-PC: Compliance Guide for 501(c)(3) Public Charities
- IRS, Inurement / Private Benefit — Charitable Organizations
- IRS, Intermediate Sanctions — Excess Benefit Transactions
- California Attorney General, Charities Program · New York Attorney General, Charities Bureau