Association Governance Insitute (AGI) logo
American Society of Association Executives (ASAE) logo

Resources

So, You Want To Be a Director of Ethics…

Stepping into a director of ethics role is both an honor and a significant responsibility. You are preparing to take the helm of maintaining and promoting ethical standards within and throughout your association by creating and distributing codes of ethics and ensuring that all members and employees understand and adhere to the organization’s ethical standards. This position is crucial for associations in today’s professional landscape as they manage the organization’s ethics program while addressing ethical inquiries from its members, staff, volunteers, and even the public. It also helps maintain ethical standards and resolve dilemmas, ensuring the integrity and professionalism of the association’s members and activities.

In this position you will be developing comprehensive guidelines that outline expected behaviors and principles and making these guidelines accessible through various communication channels. It may also involve accepting and adjudicating complaints, ensuring due process, and upholding the integrity of the association.

Your insight and skills will be crucial as associations are beginning to navigate the ethical implications of technological advancements responsibly. With the advancement of A.I., and other automated technology, it is important to have clear ethical guidelines and oversight to ensure your association’s standards are maintained, prevent misuse, and address these ever-emerging challenges effectively. Let’s answer a few common questions about this role.

Are You Required To Be an Attorney?

The short answer is no, you are not required to be an attorney to be the director of an ethics office. However, having a legal background can be extremely beneficial. Understanding the nuances of processing complaints, ensuring due process, and navigating the legalities of ethical issues can be complex. An attorney’s training provides a strong foundation in these areas, making it easier to handle the various legal aspects of the job.

It’s important to note that giving legal advice is generally reserved for the association’s chief legal officer (CLO) or approved outside counsel. This delineation ensures that legal matters are handled by those with the requisite legal expertise and credentials. This approach not only safeguards the association legally but also ensures that legal interpretations are accurate and reliable. What is most crucial is a solid understanding of ethical principles and a commitment to fairness and integrity. If you are not an attorney, consider taking courses in ethics and legal processes related to your field. Building a network of legal advisors or consultants who can assist you when complex legal questions arise is also a practical approach.

Am I Required To Be a Member of the Association or a Person Who Receives Specific Benefits From the Association?

Not necessarily, but that can vary based on the association. Some ethics directors do not need to be a member of the association or someone who receives specific benefits from it. In fact, there are arguments both for and against this. Being a member can offer insights into the association’s culture, values, and the specific challenges its members face. This insider perspective can be valuable in making informed and empathetic decisions. On the other hand, not being a member can also be beneficial. It allows for an independent and unbiased viewpoint, which is crucial when handling ethical complaints. An independent voice ensures that all members feel that their concerns will be considered fairly, without any potential conflicts of interest. Striking a balance between understanding the association’s workings and maintaining impartiality is key.

Should I Be Expected To Give Legal Advice to Our Members?

No, you should not be expected to provide legal advice to association members. The primary reason is that laws vary significantly from state to state, and it is unreasonable to expect one person to be an expert in all applicable laws, regulations, and requirements across the nation. Associations often have members from different states or even countries, further complicating the legal landscape. Your role is not to act as a legal advisor; however, you should be prepared to guide members on where they can seek appropriate legal assistance. This could involve directing them to their state bar association, where they can find licensed attorneys specializing in the relevant area of law. If the profession has specific licensing boards, these can also be valuable resources for legal and regulatory guidance.

Instead of providing legal advice, focus on creating clear ethical guidelines and procedures for your association’s members. Ensure that these guidelines are accessible and understandable for all members. Facilitating workshops or informational sessions on ethical practices and compliance can also be helpful. These initiatives not only educate members but also demonstrate the association’s commitment to ethical standards.

How Can I Navigate the Role With Integrity and Competence?

The foundation of this work lies in integrity, transparency, and fairness. Here are some additional tips for successfully performing the duties of an ethics director:

  • Develop clear policies and procedures. Establish and regularly update the ethics policies and, if applicable, complaint procedures. Ensure these documents are transparent, accessible, reflect your association’s policy, and are understandable to all members.
  • Foster an ethical culture. Promote ethical behavior through regular communication, training, and leading by example. Encourage members to uphold the association’s values and standards.
  • Seek continuous education. Ethics and legal landscapes are continually evolving. Stay updated on new developments through continuous education and professional development opportunities.
  • Build a support network. Collaborate with legal advisors, ethics consultants, and other professionals who can provide guidance and support when needed.
  • Encourage open dialogue. Create channels for open communication where members can voice their concerns and seek advice without fear of retaliation.

Being the director of an ethics office is a role that requires diligence, compassion, and a steadfast commitment to ethical principles. By focusing on fairness, transparency, and continuous learning, you can effectively guide your association in maintaining high ethical standards and fostering a culture of integrity. 

Legal Duties of Association Board Members

Legal

The board of directors is the governing body of the association, responsible for the ultimate direction of the management of the affairs of the organization. The board is responsible for policymaking, while employees (and to a certain extent, officers) are responsible for executing day-to-day management to implement board-made policy. However, the ultimate legal responsibility for the actions (and inactions) of the association rests with the board.

The board can act legally only by consensus (majority vote of a quorum in most cases) and only at a duly constituted and conducted meeting, or by unanimous written consent (in most states, boards cannot act by mail, fax, or electronic ballot). The board may delegate authority to act on its behalf to others, such as committees, but in such cases the board is still legally responsible for any actions taken by the committees or persons to whom it delegates authority. An individual board member has no individual management authority simply by virtue of being a member of the board. However, the board may delegate additional authority to a board member, such as when it appoints board members to committees. In a similar fashion, an officer has only the management authority specifically delegated in the bylaws or by the board, although the delegated authority can be general and broad.

Those in positions of responsibility and authority in the governance structure of an association have a fiduciary duty to the organization, including duties of care, loyalty, and obedience. 

Committees have no management authority except for that delegated to them by the bylaws or by the board. Furthermore, under most state nonprofit corporation laws, certain functions may not be delegated by the board to committees. For example, in many states, the board may not delegate to committees the power to elect officers, fill vacancies on the board or any of its committees, amend the bylaws, or approve a plan of merger or dissolution.

Employees have no management authority except that specifically delegated to them in the bylaws or by the board. For example, most associations’ bylaws delegate to the chief staff executive the responsibility for the day-to-day operations of the association’s offices, including the responsibility to hire, train, supervise, coordinate, and terminate the professional staff of the association, as well as the responsibility for all staffing and salary administration within guidelines established by the board.

Members have no management authority, as such authority is held by the board of directors. However, state nonprofit corporation laws generally reserve to members the right to remove officers and directors and to amend the association’s articles of incorporation, among other rights. Under some associations’ bylaws, certain matters, such as the amendment of the bylaws or the election of officers and directors, must be submitted to the membership for a vote. However, most other matters generally are not submitted to the full membership, but rather are handled by the board, one or more of its committees, or the officers or employees of the association.

Fiduciary Duty

Those in positions of responsibility and authority in the governance structure of an association—both volunteers who serve without compensation and employed staff—have a fiduciary duty to the organization, including duties of care, loyalty, and obedience. In short, this means they are required to act reasonably, prudently, and in the best interests of the organization; to avoid negligence and fraud; and to avoid conflicts of interest. In the event that the fiduciary duties of care, loyalty, or obedience are breached, the individual breaching the duty is potentially liable to the association for any damages caused to the association as a result of the breach. This fiduciary duty is a duty to the association as a whole; even those who only serve on a particular committee or task force owe the fiduciary obligation to the entire association.

  • Duty of care. This duty is broad, requiring officers and directors to exercise ordinary and reasonable care in the performance of their duties, exhibiting honesty and good faith. Officers and directors must act in a manner which they believe to be in the best interests of the association, and with such care, including reasonable inquiry, as an ordinarily prudent person in a like position would use under similar circumstances. The “business judgment rule” protects officers and directors from personal liability for actions made in poor judgment as long as there is a reasonable basis to indicate that the action was undertaken with due care and in good faith. 
  • Duty of loyalty. This is a duty of faithfulness to the association. This means that officers and directors must give undivided allegiance to the association when making decisions affecting the association. In other words, officers and directors cannot put personal interests above the interests of the association. Personal interests may include outside business, professional, or financial interests; interests arising from involvement in other organizations; and interests of family members, among others. Officers and directors should be careful to disclose even potential conflicts of interest to the board of directors and should recuse themselves from deliberation and voting on matters in which they have personal interests. For pervasive and continuing conflicts, such as a director of the association concurrently serving on the board of a competing association, resignation from the individual’s association leadership post or from the outside conflicting responsibility may be required. Officers and directors can have business dealings with the association, but such transactions must be subject to considerable scrutiny. In such event, officers and directors must fully disclose any personal interests to the board of directors, and the terms of any transaction must be fair to the association. In addition, state nonprofit corporation statutes frequently provide specific procedures for dealing with transactions in which officers or directors have conflicts of interest. 
  • Duty of obedience. This duty requires officers and directors to act in accordance with the organization’s articles of incorporation, bylaws, and other governing documents, as well as all applicable laws and regulations.

Reliance on experts.Unless an officer or director has knowledge that makes reliance unwarranted, an officer or director, in performing his or her duties to the organization, may rely on written or oral information, opinions, reports, or statements prepared or presented by

  • officers or employees of the association whom the officer or director believes in good faith to be reliable and competent in the matters presented
  • legal counsel, public accountants, or other persons as to matters that the officer or director believes in good faith to be within the person’s professional or expert competence
  • in the case of reliance by directors, a committee of the board on which the director does not serve if the director believes in good faith that the committee merits confidence.

Willful ignorance and intentional wrongdoing. Directors cannot remain willfully ignorant of the affairs of the association. A director appointed as treasurer, for example, with limited knowledge of finance cannot simply rely on the representations and reports of staff or auditors that “all is well” with the association’s finances. Moreover, officers and directors acting outside of or abusing their authority as officers and directors may be subject to personal liability arising from such actions. Furthermore, officers or directors who, in the course of the association’s work, intentionally cause injury or damage to persons or property may be personally liable, even though the activity was carried out on behalf of the association.

Reducing Personal Liability Risk

Association officers and directors can help minimize their risk of personal liability by doing the following:

  • Being thoroughly and completely prepared before making decisions. 
  • Becoming actively involved in deliberations during board meetings, commenting as appropriate, and making inquiries and asking questions where prudent and when such a need is indicated by the circumstances. 
  • Making decisions deliberately and without undue haste or pressure. 
  • Insisting that meeting minutes accurately reflect the vote counts (including dissenting votes and abstentions) on actions taken at meetings. 
  • Requesting that legal consultation be sought on any matter that has unclear legal ramifications. 
  • Requesting that the association’s accountants assess and evaluate any matter that has significant financial ramifications. 
  • Obtaining and carefully reviewing both audited and unaudited periodic financial reports of the association. 
  • Attending the association’s meetings and reading the association’s publications carefully to keep fully apprised of the organization’s policies and activities. 
  • Reviewing from time to time the association’s articles of incorporation, bylaws, and other governing documents. 
  • Avoiding completely any conflicts of interest in dealing with the association and fully disclosing any potential conflicts.

If preventive risk management fails, the liability of association officers and directors can be limited through indemnification by the association, insurance purchased by the association, and state volunteer protection laws.

Apparent Authority

In the landmark 1982 case American Society of Mechanical Engineers v. Hydrolevel, the U.S. Supreme Court determined that an association can be held liable for the actions of its officers, directors, and other volunteers (including actions that bind the association financially), even when the association does not know about, approve of, or benefit from those actions, as long as the volunteer reasonably appears to outsiders to be acting with the association’s approval (i.e., with its “apparent authority”). The Supreme Court made clear that associations are to be held strictly liable for the activities of volunteers that have even the apparent authority of the association. Even if an association volunteer does not in fact have authority to act in a particular manner on behalf of the association, the law will nevertheless hold the association liable if third parties reasonably believe that the volunteer had such authority. 

The law thus requires an association to take reasonable steps to ensure that the scope of its agents’ authority is clear to third parties and that agents (e.g., officers, directors, and committee members) are not able to hold themselves out to third parties as having authority beyond that which has been vested in them by the association—for example, by regulating access to association letterhead stationery.

Antitrust

Associations are subject to strict scrutiny under both federal and state antitrust laws. The Sherman Act, the principal federal antitrust statute, prohibits “contracts, combinations, or conspiracies … in restraint of trade.” By their very nature, associations are a “combination” of competitors, so one element of a possible antitrust violation is always present, and only some action by the association that unreasonably restrains trade needs to occur for there to be an antitrust violation. Consequently, associations are common targets of antitrust plaintiffs and prosecutors.

The consequences for violating the antitrust laws can be severe. A conviction can carry stiff fines for the association and its offending leaders, jail sentences for individuals who participated in the violation, and a court order dissolving the association or seriously curtailing its activities. The antitrust laws can be enforced against associations, association members, and the association’s employees by both government agencies and private parties (such as competitors and consumers) through treble (triple) damage actions.

As the Sherman Act is a criminal conspiracy statute, an executive who attends a meeting at which competitors engage in illegal discussions may be held criminally responsible, even if he or she says nothing at the meeting. The executive’s attendance at the meeting may be sufficient to imply acquiescence in the discussion, making him or her liable to as great a penalty as those who actively participated in the illegal agreement.

Common antitrust claims against associations include price fixing (any explicit or implicit understanding affecting the price of a member’s product or service is prohibited, even if the understanding would benefit consumers), group boycotts/concerted refusals to deal, customer allocation or territorial division, bid rigging, and illegal tying arrangements. Antitrust-sensitive areas of association activity include membership restrictions, standard setting, certification and self-regulation, statistical surveys, and information exchange programs, among others.

To avoid antitrust liability, associations should adopt a formal antitrust compliance program, and this policy should be distributed regularly to all association officers, directors, committee members, and employees. The policy should require, among other conditions, that all association meetings be regularly scheduled—with agendas prepared in advance and reviewed by legal counsel—and that members be prohibited from holding “rump” meetings. 

Above all else, members should be free to make business decisions based on the dictates of the market, not the dictates of the association. Any deviation from this general principle, such as adoption of a Code of Ethics that infringes on members’ ability to make fully independent business decisions, should be approved by legal counsel.

Nonprofits and AI: Managing Legal and Other Risks

AI

Generative artificial intelligence (“AI”) is ubiquitous. Even those most skeptical of AI almost certainly use AI as matter of routine, whether through the spell-check feature in Microsoft Word, the auto-correct feature in text messages, the auto-complete feature in various applications, web searches, closed-captioning, digital traffic maps, smart home devices, suggested responses on Gmail, Siri, and so forth. At this point in time, it is not realistic to imagine a business where AI is not used in some form. Even so, nonprofit organizations should carefully weigh the benefits of AI against legal and reputational risks. For example, a nonprofit may wish to authorize the use of AI to capture committee or working group notes, but, might there ever be times when such authorization is imprudent, for example, if a committee or working group is discussing sensitive, confidential, or proprietary information? Consider another example where a nonprofit uses AI to assist in the peer review of a journal article. This could be efficient and highly valuable, but it also could prompt legal, reputational, or scholarly concerns.

As technology evolves, AI will become more and more intertwined into the fabric of nonprofit operations. Nonprofit leaders should thoughtfully consider the promise and perils of AI with respect to their organization’s specific needs and should thoughtfully craft policy and practice that is tailored to the nonprofit’s specific needs, all the while managing legal and reputational risks and aligning policy with accepted practices, industry standards, and strategic aspirations. This article outlines legal, reputational, and other risks related to AI and outlines some strategies for managing those risks.

1. Primary Risk Areas
While the promise of AI presents transformative opportunities, the use of generative AI presents legal and other risks that must (and can) be managed. Primary risk areas include intellectual property[1] ownership, use, and infringement, privacy and data security, discrimination, and tort liability. These risks are borne from a complicated web of evolving federal, state, and international laws related to privacy and data security and, to a lesser extent, to AI itself, that in many ways intersect but that all have various nuances. In addition to legal risks, AI also may present reputational risks. While the potential risks are significant, appropriate risk mitigation measures can reduce both legal exposure and reputational risk.

A. Who owns the copyright to AI-generated content?
The U.S. Copyright Office will only register an original work of authorship that has been “created by a human being.”[2] The Office’s Compendium of Copyright Office Practice clarifies that “the Office will not register works produced by a machine or mere mechanical process that operates randomly or automatically without any creative input or intervention from a human author.”[3] To evaluate ownership claims, the Office will look at “whether the ‘work’ is basically one of human authorship, with the computer [or other device] merely being an assisting instrument, or whether the traditional elements of authorship in the work (literary, artistic, or musical expression or elements of selection, arrangement, etc.) were actually conceived and executed not by man but by a machine.”[4] The U.S. Copyright Office reaffirmed this position, most recently in an August 30, 2023 call for comments published in the Federal Register, but, in so doing, acknowledged the inherent challenge in discerning between AI-generated content and human-generated content, especially when a new work had both human and artificial imprints. As it reflected, “Although we believe the law is clear that copyright protection in the United States is limited to works of human authorship, questions remain about where and how to draw the line between human creation and AI-generated content.”[5]

The law governing copyright rights with respect to AI-generated content is novel and rapidly evolving.[6] Based on existing law, nonprofit organizations should assume that they have no intellectual property rights in and with respect to AI-generated content. As a matter of course, nonprofit should require human authors to substantially and materially contribute to any nonprofit work product.[7] Nonprofits should revise existing author and speaker agreements (both for volunteers and paid contributors) to require a written attestation from employees, contractors, and volunteer authors and speakers representing and warranting that (i) any submitted content has been revised substantially such that the author/creator has all necessary rights to assign or license the work to the nonprofit and (ii) the submitted content does not infringe the intellectual property rights of any third party. As discussed later in this article, that same attestation should also address defamation, privacy, and other third-party rights. At least for paid contributors, the author/creator should indemnify the nonprofit for any breach of these representations and warranties.

B. What third-party intellectual property rights exist that could be leveraged into an actionable claim against a nonprofit for the improper use of AI?
Under U.S. copyright law, a copyright holder has the sole and exclusive rights to create derivative works from the underlying copyrighted work, unless the author assigns or licenses that right to a third party. “[A] ‘derivative work’ is a work based upon one or more preexisting works, such as a translation, musical arrangement, dramatization, fictionalization, motion picture version, sound recording, art reproduction, abridgment, condensation, or any other form in which a work may be recast, transformed, or adapted.”[8]

Assume that an author/contributor submits an original work that relies, in part, on AI-generated content and that the nonprofit publishes the work on its website and distributes the work to its membership. Assume also that the AI-generated content that is embedded in the submitted work infringes someone else’s copyright. It is possible, in this circumstance, that the third party whose copyright was infringed may have actionable claims against the author and against the nonprofit that published and redistributed the work. Ultimately, an infringement claim will hinge on the facts, focusing on the extent of the infringement, as well as an analysis of whether the appropriated content amounts to permissible use under the Fair Use Doctrine.

The factual analysis, though, is hardly simple. Even the U.S. Copyright Office is not certain how to distinguish new works from derivative works when AI is used in the development of a work. They have asked for public input on (1) “whether or when the use of copyrighted works to develop datasets for training AI models (in both generative and nongenerative systems) is infringing”; (2) “the proper scope of copyright protection for material created using generative AI”; and (3) how liability should be apportioned for AI generated content that infringes upon a copyright.[9]

As before, risk can be mitigated by requiring human authors to indemnify the nonprofit for works that infringe upon third-party intellectual property rights.[10] Indemnity essentially transfers risk from the nonprofit to the submitting author, thus protecting the nonprofit from any liability that might arise from third-party intellectual property claims. That being said, for volunteer authors, it often can be difficult to get them to agree to such indemnification.

C. What are the legal risks of using AI with respect to privacy and data security?
Nonprofit organizations use of AI, while embedding great promise, also carries substantial risk, especially with respect to privacy and data security.[11] AI relies on inputted data to generate new data. It does not differentiate between public data and personally identifiable information (“PII”) or confidential information. Because PII is so heavily regulated by federal, state, and international law, nonprofits should not allow staff, contractors, volunteer contributors, or other agents to input PII into an AI application unless comprehensive compliance measures are implemented and enforced. For other reasons—namely to safeguard confidential, proprietary, sensitive, and/or attorney-client privileged information—nonprofits also should prohibit staff, contractors, volunteer contributors, and other agents from inputting confidential, proprietary, or sensitive information or privileged content of any sort into any AI application—even if the “sharing”/”learning” feature of the AI application is disengaged, as can be done with paid and enterprise versions of most of the leading AI platforms.

If it is not possible or practicable to segregate PII or other confidential information—for example, if a nonprofit uses targeted advertising to tailor member or donor experiences—the organization should implement additional risk mitigation measures to comply with federal, state, and international data privacy laws. While each of these laws contains various nuances, in general, these robust laws derive from a uniform set of principles that endeavor to protect PII from unauthorized disclosure by (1) requiring organizations to obtain informed consent prior to collecting and using PII, (2) requiring that organizations provide an opportunity for individuals to change their preferences at any time about whether and how their data will be used, and (3) requiring organizations to provide a mechanism for individuals to access personal data. A robust privacy and data security policy, coupled with aligned organizational practice, can help to mitigate liability for a data breach. Where a nonprofit relies more heavily on sensitive PII, we recommend engaging expert privacy counsel to (1) determine applicable data privacy laws, (2) review and classify all existing data that may be used by the AI application, (3) identify the purpose and use of the data in a clear and articulable way, (4) develop a compliance plan, and (5) monitor compliance over time and take appropriate action in the event of noncompliance.

D. What are the legal risks of using AI with respect to discrimination?
In an October 2023 Executive Order, President Biden acknowledged the perils of AI in perpetuating discrimination: “Artificial Intelligence systems deployed irresponsibly have reproduced and intensified existing inequities, caused new types of harmful discrimination, and exacerbated online and physical harms.”[12] Indeed, because AI relies on pre-existing inputted data, it can inadvertently replicate and perpetuate bias and discrimination. We have seen this play out most prominently in the human resources context, where AI resume review has the potential to introduce unlawful bias into the hiring process, exposing nonprofit and for-profit entities to legal liability under Title VII of the federal Civil Rights Act, state employment laws, and other federal, state, and local laws. Here, especially, it is critical for human reviewers to analyze and test for bias and/or discrimination.

While discrimination only creates legal exposure in certain contexts (e.g., employment), algorithmic bias may have other adverse implications for nonprofit organizations as well. Imagine, for example, that a nonprofit inputs 50 years of journal articles into a generative platform that conducts AI “peer reviews” of scholarly works. The peer review function draws from past scholarship to generate feedback on new works. Quite possibly, the generative feedback could rely on outdated nomenclature or debunked data in producing reviewer feedback that may be offensive, at best, or replicate biased or discriminatory scholarship, at worst. Whether or not that undesired result materializes, it is almost assured that use of an AI application of this sort will privilege existing content over novel theories, which could result in stagnation and stale scholarship, among other potential adverse consequences.

To best guard against this undesirable outcome, humans should always review AI processes and outputs for bias and/or discrimination and should record efforts to test for bias (e.g.,documentation of a hiring process, meeting minutes) or submit an attestation as an accompaniment to submissions fixed in any tangible medium (e.g., written works, artistic works, videos, recordings, etc.).

E. What are the legal risks of using AI with respect to tort liability, scholarly reputation, and academic/professional integrity?
AI-generated content is not always accurate, potentially bearing on the reputation of a scholar, a scholarly publication, or a nonprofit publisher. To the extent that a statement of fact is not only false, but also adversely bears on a person’s reputation, the publication of the false statement could expose an author and/or publisher to liability for defamation. Again, sufficient human vetting is the best risk mitigation strategy to capture and correct factual inaccuracies. In addition, nonprofits should consider requiring that authors affix a conspicuous disclaimer to any submissions incorporating AI-generated content signaling that “the content was produced with the assistance of artificial intelligence” and that “the author/creator(s) reviewed and edited the content as needed and take(s) full responsibility for the content of the publication.” Disclaimers of this sort likely also will satisfy the ethical requirements embedded in some international AI laws.

2. Policy Development and Insurance Coverage
Nonprofit organizations should develop and implement written AI usage policies, informed by the considerations outlined in this article as well as input from stakeholders familiar with various aspects of the nonprofit’s governance, management, and operations (e.g., legal, technology, membership, finances, human resources, scholarly and educational departments, etc.). Some nonprofits have developed AI usage policies that cover everyone who uses AI for or on behalf of the organization (such as staff, contractors, and volunteer contributors), while others have created different policies for different sets of users. Generally, and at a minimum, such policies should set forth a purpose, define material terms, scope coverage, describe permitted and prohibited uses of AI, require disclosures and disclaimers, and describe potential consequences of non-compliance. Because international data privacy and AI laws vary and continue to evolve, and because AI itself is rapidly evolving, nonprofit organizations should commit to revisiting the policy(ies) on a periodic basis to ensure that it/they remain(s) legally compliant, reflect(s) best practices and industry standards, and meet(s) the nonprofit’s needs.

In addition, nonprofits should review their directors and officers liability and cyber insurance coverage, as well as their errors and omissions liability (sometimes called media liability) insurance coverage, to ensure that potential claims arising from the nonprofit’s use of AI are covered to the greatest extent possible. Nonprofit organizations should work closely and proactively with their insurance broker and legal counsel to do everything possible to minimize insurance coverage gaps in these areas.

3. Conclusion
While the promise of AI presents transformative opportunities for nonprofits, the use of AI presents legal and other risks that must be managed and mitigated. Nonprofits should thoughtfully consider the benefits and perils of AI and craft thoughtful policies that appropriately circumscribe use in a legally compliant and ethical manner that, in all instances, aligns with the nonprofit’s values, ethics, policies, and unique circumstances. Finally, be sure to revisit such policies on a regular basis, as this is, without question, a rapidly evolving area for every nonprofit organization.

[1] While “intellectual property” includes copyrights, trademarks, patents, and trade secrets, for the purpose of this article, it is primarily referring to copyright.
[2] U.S. Copyright Office, Compendium of the U.S. Copyright Office Practices at 7 (3d ed. Jan. 28, 2021).
[3] Id. at 21-22.
[4] Id.
[5] U.S. Copyright Office, Artificial Intelligence and Copyright, Fed. Reg. Vol. 80, 59943 (Aug. 30, 2023).
[6] In March 2023, the U.S. Copyright Office launched an initiative to examine copyright law and policy in relation to AI. It issued its first report on Digital Replicas on July 31, 2024. For more information, see https://www.copyright.gov/ai/ (last visited Aug. 5, 2024).
[7] U.S. Copyright Office, Artificial Intelligence and Copyright, Fed. Reg. Vol. 80, 59943 (Aug. 30, 2023) (contributions must be more than de minimis).
[8] U.S. Copyright Act, 17 U.S.C. §1101.
[9] U.S. Copyright Office, Artificial Intelligence and Copyright, Fed. Reg. Vol. 80, 59943 (Aug. 30, 2023).
[10] U.S. Copyright Office, Artificial Intelligence and Copyright, Fed. Reg. Vol. 80, 59943 (Aug. 30, 2023) (contributions must be more than de minimis).
[11] President Biden’s Executive Order, Safe, Secure, and Trustworthy Development and Use of Artificial Intelligence (Oct. 30, 2023). Note that this Executive Order merely directs federal agencies to develop policies and procedures regarding the use of AI and does not apply to nonprofit organizations, but it does provide an excellent overview of some of the benefits and perils of AI.
[12]President Biden’s Executive Order, Safe, Secure, and Trustworthy Development and Use of Artificial Intelligence (Oct. 30, 2023).

Mitigating the Legal Risks of Nonprofits’ ESG and DEIA Programs

Risk

“ESG” refers to the three broad pillars of Environmental, Social, and Governance which have become increasingly important in assessing certain for-profit businesses, especially publicly traded ones. With ever-intensifying demands from regulators, investors, and the public for attention to ESG issues, for-profit companies are increasingly focused on ESG considerations, initiatives, and compliance. ESG-related shareholder and class-action litigation and governmental investigations and enforcement actions in the corporate world have expanded at a rapid clip. In addition, regulators both in and outside of the United States have promulgated new mandatory rules, disclosure obligations, and enforcement mechanisms for ESG-related conduct. The Securities and Exchange Commission (“SEC”), the Federal Trade Commission (“FTC”), and state Attorneys General have taken the regulatory enforcement lead domestically.

While there are no universal definitions of ESG, the three primary ESG pillars generally involve the following issues, among others: Environmental (climate change, resource depletion, waste and pollution, and deforestation); Social (working conditions, employee relations and DEIA, health and safety, local communities (including indigenous communities), and conflict and humanitarian crises); and Governance (board diversity and structure, executive compensation, and ethics).

While ESG is a broader concept than Diversity, Equity, Inclusion, and Accessibility (“DEIA”), it includes and incorporates DEIA. DEIA programs fostering the hiring and promotion of workers from racial and ethnic minorities, women, members of the LBGTQ+ community, diverse religious groups, and others have been prominent in corporate America in recent years.

For-profit corporations have been under enormous scrutiny as of late regarding their hiring and promotion policies and practices – from both the left and right sides of the political aisle. A number of states have passed laws and issued executive orders both requiring, and in some cases prohibiting, DEIA practices. Most recently, the U.S. Supreme Court’s June 2023 decision banning race-conscious college admissions – and the rationale underlying it – have raised concerns about the ruling’s potential broader implications, particularly in federal employment law, and perhaps even more broadly, such as in connection with contracting, fellowships, scholarships, and internships, and federal funding. And even in advance of future court rulings, concerns have been raised about some employers’ curtailing of current, and halting new, diversity efforts in the workplace.

ESG and DEIA are controversial in some circles. There is a growing attack from the political right on corporate policies aimed at diversity in hiring and promotion and other social and environmental goals in the form of lawsuits, requesting agency investigations, congressional investigations, public pressure, and in other ways.

So, what does any of this have to do with nonprofits? While nonprofit, tax-exempt nonprofits are not subject to the specific ESG regulatory requirements and legal standards applicable to certain for-profit companies (such as those enforced by the SEC), nonprofits have incorporated DEIA into their programs, activities, governance, and operations for years, and are increasingly voluntarily incorporating ESG principles and practices into their organizations. They may do so under pressure from their boards of directors, donors, members, employees, grant-makers, sponsors, advertisers, exhibitors, and other third parties. They also may do so in order to attract and retain a younger generation of staff that is increasingly sensitized to and mindful of ESG principles.

In doing so, nonprofits expose themselves to potential legal jeopardy in a wide array of areas. This article explains the legal risks inherent with ESG-related initiatives for nonprofits and provides practical tips and guidance on how nonprofits can effectively mitigate those risks.

The Primary Legal Risks of Nonprofit ESG Programs

When an nonprofit voluntarily decides to weave ESG principles and practices into its organizational and operational fabric, it is taking on a certain degree of legal risk. To be sure, that risk is not anything remotely like the risk faced by for-profit companies – particularly publicly traded companies – that are subject to ESG statutory and regulatory mandates from the SEC and elsewhere. Nonprofits are not subject to such mandates. Nonetheless, nonprofits do face ESG-related legal risks.

Here is a non-exhaustive list:

Employment Law: ESG initiatives – and particularly those that involve DEIA issues – can involve changes to hiring and promotion practices, workplace diversity, and employee compensation and benefits, which can trigger employment-related legal risks such as discrimination, harassment, and wrongful termination. This is nothing new and laws like Title VII of the federal Civil Rights Act and state equivalents have been applied to nonprofit employers for over 50 years. But what is new is the potential impact of the U.S. Supreme Court’s June 2023 ruling (Students for Fair Admissions v. Harvard and Students for Fair Admissions v. University of North Carolina) rejecting race-conscious admissions in higher education. While the new decision does not impede employers from pursuing diversity in their workforces (as it is limited solely to higher education admissions), many experts maintain that, as a practical matter, the ruling will likely discourage some employers from putting in place ambitious diversity policies in hiring and promotion – or prompt them to rein in existing policies – by encouraging new lawsuits in the employment arena under the new legal standard. In principle, the logic of the Court’s ruling on college admissions could threaten employer programs that, as of today, can take race into account, such as if members of a racial minority were previously excluded from a job category or to remove obstacles (such as unconscious bias) that prevent employers from having a more diverse workforce. But the more meaningful effect of the Court’s decision is likely to be greater pressure on policies that were already on questionable legal ground. These could include staff leadership acceleration programs or internship programs that are open only to members of underrepresented minority groups.

Contracts (Including Fellowships, Scholarships, and Internships): Section 1981 of the federal Civil Rights Act of 1866 prohibits racial discrimination in contracting. The law, which was passed after the Civil War to protect the rights of people freed from enslavement, is limited solely to race discrimination and does not apply to discrimination based on other protected characteristics, such as other forms of discrimination prohibited by Title VII of the federal Civil Rights Act of 1964.

In 2023, the American Alliance for Equal Rights (“AAER”) – led by the same conservative activist (Edward Blum) who filed the higher education affirmative action cases described above – sued Fearless Fund Management LLC, a Black women-run venture capital fund, for claims of racial discrimination and violations of Section 1981, using the reverse discrimination rationale underlying the U.S. Supreme Court’s 2023 decision regarding race-conscious college admission practices. AAER alleges that the Fearless Fund is operating a racially discriminatory program called the Strivers Grant Contest that violates Section 1981’s “guarantee of race neutrality” in making “contracts.” AAER claims that the Fearless Fund’s grant program discriminates against other races by awarding $20,000 grants, business support services, and mentorship specifically and only to Black women-owned businesses. The lawsuit was settled in September 2024, with the Fearless Fund agreeing to terminate its grant program for Black women-owned businesses.

AAER also filed lawsuits in 2023 against two national law firms that have operated paid diversity fellowship programs for many years aimed at bolstering diversity and inclusion in their attorney ranks. The lawsuits allege that the paid fellowship programs – which are limited solely to certain underrepresented groups in the legal profession, such as students of color, those who identify as LGBTQ+, and those with disabilities – are a violation of Section 1981 by illegally discriminating against students on the basis of their race. Because these fellowships require students to enter into contracts with the law firms, the lawsuit alleges they are covered by Section 1981.

If these lawsuits – and/or others like them which have been filed and are working their way through the courts – are ultimately successful, it is not at all inconceivable that the result would be a prohibition of numerous nonprofit fellowship, scholarship, internship, and other programs (where contracts are involved) aimed at increasing diversity and inclusions.

State Laws and Executive Orders Restricting DEIA Policies, Trainings, and Practices: Since 2022, Florida’s Individual Freedom Act, or the so-called “Stop-WOKE” law, restricts diversity related training in private Florida workplaces – including nonprofits based in Florida or (presumably) which have Florida-based employees – and also bars the teaching of critical race theory in K-12 schools and universities. That law is currently the subject of litigation and is working its way through the courts. In 2022, Texas Governor Abbott issued a memorandum to state agencies warning them to not use any DEIA programs in hiring that are “inconsistent” with Texas law, including setting diversity goals or interview targets for diverse candidates. While the memorandum is limited to public employers, it is unclear whether the Governor may take similar action toward private employers in Texas. While California had adopted laws requiring certain racial and ethnic, as well as gender, diversity on boards of directors of public companies headquartered in California, both laws have been struck down by courts and appeals are underway.

Observers widely expect a proliferation of such laws and executive orders restricting DEIA policies, trainings, and practices, particularly in certain politically “red” states. Beyond the employment realm, it would not be surprising to see new state laws and executive orders that could effectively prohibit DEIA initiatives in other aspects of nonprofit governance and management, such as board composition, volunteer leader selection, grantmaking, contracting, and government grants, contracts, and cooperative agreements.

Misrepresentation and Greenwashing: There is a risk of publicly misrepresenting or overstating a nonprofit’s ESG performance, which could lead to charges of “greenwashing” or otherwise engaging in deceptive or misleading conduct. This could result in donor or member backlash, reputational damage, and potentially even regulatory enforcement by the FTC (for trade and professional associations) or state Attorneys General, as well as private litigation. While nonprofits should always be mindful of these longstanding risks of making misleading or non-substantiated claims in connection with all of their programs and activities – well beyond ESG – the legal and public relations risks can be particularly acute here.

Member “Derivative” Suits: Trade and professional associations that incorporate ESG into their investment policy statement and base investment decisions, in part, on ESG criteria and then face material investment losses may risk being on the opposite end of “derivative”-type lawsuits from members alleging that the association’s board of directors and/or investment committee were not prudent stewards of the organization’s resources. Such lawsuits also can be brought by state Attorneys General in the association’s state of incorporation.

Date Privacy and Security: Nonprofits’ ESG activities often involve, in part, collecting, processing, and storing sensitive data about volunteer leaders, employees, donors, members, and other stakeholders. There is a risk of data breaches or mishandling of information, which could result in legal action, regulatory penalties, and reputational harm. If a data breach occurs, there is an ever-increasing web of requirements imposed by state, federal, and international laws that must be followed.

Mitigating the Legal Risks of Nonprofit ESG Programs

To mitigate these legal risks, there are a number of proactive steps that nonprofits can take. Below is a non-exhaustive list:

  • Design scholarship, fellowship, grant, and similar programs using race-neutral criteria which are designed to accomplish the purpose of the scholarship, fellowship, grant, or other program.
  • Ensure that your nonprofit’s employment policies and practices are fully compliant with all current federal and state legal standards in areas involving discrimination, harassment, wrongful termination, and otherwise. This necessarily means ensuring that any current or future employment diversity initiatives are narrowly tailored as permitted by current law and do not result in reverse discrimination. It also means not overreacting to the June 2023 U.S. Supreme Court decision involving race-conscious college admissions but keeping a close eye on future legal developments in the employment context. For those nonprofits with remote employees in different states, remember that state employment laws generally apply to any employee who regularly works from the state, irrespective of where the nonprofit is based. Be sure to always consult with employment counsel fluent in both federal law and the laws of the applicable states. Finally, outside of the workplace setting, keep an eye on future rulings from the U.S. Supreme Court and other courts that could apply the rationale underlying the college admission decision to other aspects of nonprofit governance and management, for instance, in connection with contracting, fellowships, scholarships, or internships, or federal funding.
  • While Florida’s Individual Freedom Act restricts diversity related training in private Florida workplaces – including nonprofits based in Florida or (presumably) which have Florida-based employees – most other state laws and executive orders to date that restrict DEIA policies, trainings, and practices do not apply to nonprofits. But that may well change in the coming months and years, particularly in certain “red” states. It is important to stay on top of all new state developments in this area – both those affecting the workplace and potentially other aspects of nonprofit governance and management, such as board composition, volunteer leader selection, grantmaking, contracting, and government grants, contracts, and cooperative agreements – and take all necessary steps to comply with them.
  • Ensure that all public statements regarding your nonprofit’s ESG performance are accurate, fully substantiated with appropriate data and documentation, and not in any way overstated, misleading, or deceptive.
  • Working with a professional investment advisor, adopt an investment policy statement that reflects the nonprofit’s priorities, goals, risk tolerance, and financial needs but that is defensible as being reasonable, prudent, and appropriate. Be sure to revisit it on a regular basis and update it as needed.
  • Implement strong data privacy and security measures to protect sensitive information about nonprofit volunteer leaders, employees, donors, members, and other stakeholders and to mitigate the risk of data breaches or mishandling of such information. If a data breach occurs, be sure to closely follow the ever-increasing requirements imposed by state, federal, and international laws.
  • Develop clear and consistent ESG policies and practices that align with your nonprofit’s values, mission, and stakeholder expectations.
  • Regularly engage with donors, members, and employees to ensure that your nonprofit’s ESG initiatives are transparent and meet their needs.
  • Maintain up-to-date knowledge of applicable state, federal, and international ESG-related laws and regulations, and ensure full compliance with them.
  • As with all areas of legal risk management, work with experienced legal counsel to help your nonprofit navigate the complex and ever-changing legal landscape governing ESG initiatives.

Conclusion

While ESG initiatives are not regulated for nonprofits as they are for certain for-profit companies, for a variety of reasons, nonprofits are increasingly voluntarily incorporating ESG principles and practices into their organizations and operations. In doing so, nonprofits expose themselves to potential legal risk in a wide array of areas. That being said, if properly understood and appreciated by nonprofit executives and leaders, those risks can be effectively mitigated by incorporating a number of practical tips and suggestions.

Calls to Action

SCENARIO PLANNING

Boards often use scenario planning to envision possible futures and to make informed decisions and choose a course of action. These key steps can help you begin scenario planning:

Identify external uncertainties. Consider the external forces of change that may impact your organization—particularly those you have no control over.

Determine internal uncertainties. Explore the forces of change inside your organization that you do have control over but that may currently be uncertain. This could include decisions about hiring or whom you serve.

Explore multiple, alternative futures. Create short, detailed scenarios describing plausible futures and the impacts they would have on your mission. Then visualize fully how your association might pivot within each scenario.

Assess the scenarios. After identifying possible scenarios, determine which scenarios and courses of action are most viable.

Scenario planning helps deepen our understanding of the world we’re operating in by creating the opportunity to envision and plan for various outcomes. Once you’ve explored and assessed various scenarios, you can use them to stimulate discussion, accelerate collective learning, set strategic direction, solidify decisions, and bring alignment among staff and board members

.

ADVOCACY ADVOCATE

If advocacy and government relations are imperatives for your association, then it’s also part of your job. Four simple tactics to keep in mind:

  1. GIVE YOUR GR TEAM THE RESOURCES IT NEEDS. If your association thinks that advocacy is important enough to include on the agenda, the board needs to provide resources to do the job right. That may mean dollars for staff, consultants, technology, PR, and other tools.
  2. KNOW YOUR OWN STORY. Legislators and their staff want to know about your business in their state or district, the people you employ and serve there, and how and why the advocacy issue at hand matters back home. Show up as an earnest con-stituent and you will get a warm reception.
  3. LEARN YOUR PITCH. Your GR team should give you a few talking points on the advocacy issues of greatest importance. The message should be straight-forward and easy to remember, it should dovetail nicely with your own story, and it should include a specific request, such as asking the lawmaker to cosponsor a bill you support.
  4. FOLLOW THE RULES. Federal and state laws govern lobbying and political giving. Take them seriously. Every board member should understand the basics of lobbying disclosure and related requirements issued by federal, state, and local governments.

Cheryl T. Cepriano, JD, CAE, President, Kidney Care Council

Fundraising: Make the Ask

If you’re like many volunteer leaders, panic sets in when, in the middle of a board meeting, the board chair says, “The next item on the agenda is a report on contributed income so far this year.”

Sure, you knew when you were selected to serve on the board that you might have to help raise money, but you hate putting the squeeze on friends and family to donate, attend a special event, or buy something. Nevertheless, fundraising in support of your association’s mission—whether the beneficiary is a related foundation, scholarship, or other program—is a critical role for volunteer leaders.

These tips can help you conquer any fears you may have about fundraising and successfully meet expectations.

  1. Know the overall dollar goal for the particular campaign (including cash donations and sponsorships). What’s the break-even point on this campaign? In other words, at what point does the expenditure of volunteer time, staff time, and money produce net-positive income?
  2. Set a realistic personal goal and then stretch it by 10 percent. Know what resources are available to help you reach your goal, such as staff support, advice and connections from other volunteers, and materials produced by the organization.
  3. Be honest about what you can do, and keep your word. If you just can’t do what’s being asked, say so. Be prepared to offer an alternative way to support the goal.
  4. Make a list of prospects in three categories: fam-ily, friends, and business colleagues. Share your list with others helping with the campaign so that the same person doesn’t get asked multiple times. Be willing to let another person “make the ask” if they have a stron-ger relationship with the prospec-tive donor. You can share the credit for any contribution, membership, or sponsorship that results from the other person’s outreach.
  5. Consider how you will make your request to each prospect: in person, by telephone, or in writing. Personalize any prepared script or talking points so that they sound like you, and tailor each request based on what you know about the prospective donor. Practice with a friend or col-league to get comfortable with your pitch.
  6. Remember to personally thank each person who responds favorably. This is in addition to any receipts or expressions of gratitude sent out by the association.

When the campaign is over, participate in evaluating it as part of the association’s overall financial strategy. Did it meet expectations? Were the public relations, membership, sponsorship, and income goals met? Were they realistic to begin with? Did the campaign positively or negatively affect staff and volunteer morale? Should it be repeated next year, tweaked, or retired? The lessons learned and the insights gained for improving future campaigns are the real, strategic value of having board members participate in fundraising.

Commitment to Inclusion

Almost every associations wants the best of its industry or profession among its leadership. That means bringing together people who represent a broad range of ideas, thoughts, and expertise. If the board does this correctly, it establishes a base from which the organization can move to greater heights.

That’s why it’s important to talk about diversity and inclusion. Organizations that practice D+I create an environment that results in richer leadership discussions about programs and services for the group’s constituencies, and D+I has the potential to result in a significant return on investment. If you make a commitment that extends beyond lip service, you will help create positive, lasting change and success for the industry or profession you represent.

The most productive association leaders are sensitive to member needs, wants, and interests. You can accomplish this by ensuring that the greatest number of voices are heard so that the decisions the board makes are truly representative of the people you serve.

Doing that starts with the board’s commitment. While everyone need not understand the theory and research behind D+I, they at least need to be committed to the practice and willing to explore the topic. Some boards invite an outside consultant to help improve their knowledge of D+I and engage in a discussion that leads to best practices. These questions can result in healthy and revealing board discussions:

  • Are the staff’s goals for the year in sync with the board’s strategic vision relative to D+I? If not, how will the board ensure alignment?
  • Is D+I seen as a resource that can enhance products and services and further your industry or profession?
  • Do board members understand that D+I affects all levels of the association—members, volunteer leaders, and staff? If so, who will take responsibility for the various facets of the D+I process?
  • What avenues will the board create to ensure that emerging leaders understand and are part of the D+I commitmenyt?

D+I is a comprehensive, ongoing, and developmental effort. At times, it may challenge leadership to explore its intentions and question its motives. But the D+I journey won’t just enhance your organization; it has the potential to be personally fulfilling as well.

Finance: Know the Numbers

In your career role, you may be used to reading for-profit financial statements and probably understand the terms used to define profitability, performance, and financial results of for-profit entities. However, in your role as an association board member, you have a fiduciary duty of care to oversee how your organization communicates its financial and operational results to its stakeholders. To carry out that duty, you need to understand the differences between for-profit and nonprofit financial reporting so that you can evaluate the association’s financial position, liquidity, and ability to sustain itself.

To begin with, the financial reporting goals of for-profit and nonprofit organizations are different. A for-profit entity reports profitability and cash flows so that shareholders and investors can project future dividends and return on investment. A nonprofit has two primary financial reporting goals:

  • to meet its obligation to communicate to the public and donors how it acquired, managed, and allocated financial resources to accomplish its mission
  • to present financial statements that are informative, transparent, and reliable and communicate financial position, results, and accomplishments to stakeholders

Types of Financial Statements

To address their different goals, the financial statements of the two types of entities are also different. Nonprofits use five types of financial documents:

Statement of financial position. Known in for-profits as the balance sheet, the statement of financial position provides a financial snapshot on a specific date. It has three main components: assets, liabilities, and net assets (known as equity in a for-profit business). The statement of financial position helps you assess your association’s soundness in terms of liquidity risk, financial risk, credit risk, and sustainability.

Statement of activities. An association’s statement of activities (known as the income statement in for-profits) reports the revenue, expenses, gains or losses on investments, and other gains or losses (such as gain or loss on the sale of property or equipment) in all areas of the organization. An association may choose to show net investment return as a nonoperating activity to distinguish them from its operations. Other items, such as nonoperating expenses, may also be included as nonoperating activity at the association’s discretion. At the bottom, the statement shows the resulting change in net assets for the fiscal reporting period.

Statement of cash flows. The statement of cash flows shows the association’s major sources and uses of cash during the same reporting period. In other words, it lists the major reasons for the change in the association’s cash and cash equivalents at the beginning and end of the period, as reported on the statement of financial position.

Statement of net assets. The statement of net assets reconciles the changes in the net asset classifications—net assets without donor restrictions and net assets with donor restrictions—as reported in the association’s statement of activities. Net assets with donor restrictions are those that result from contributions or other inflows of assets whose use is limited by donor-imposed stipulations. These include stipulations that expire by the passage of time or can be fulfilled or removed by action of the association and those that must be maintained in perpetuity. Net assets without donor restrictions have no such donor stipulations. Board-desig-nated net assets would be classified as net assets without donor restrictions. Not all associations present a separate statement of net assets. Many present this reconciliation as part of the statement of activities.

ONE OF YOUR MOST IMPORTANT TASKS IN EXERCISING YOUR DUTY OF CARE IS TO READ, REVIEW, AND ASK QUESTIONS ABOUT YOUR ASSOCIATION’S FINANCIAL STATEMENTS.

Cybersecurity: Prepared to Act

In our digitized world, cybersecurity isn’t just an operational necessity; it’s the basis upon which an association’s trust, integrity, and future prosperity rest. And as custodians of an organization’s well-being, board members must ensure an association stays resilient against cyber threats. Here are four ways that board members can show their commitment to cybersecurity.

Elevate cybersecurity discussions. One of the primary responsibilities of board members is to elevate the discourse around cybersecurity within the boardroom. Cybersecurity should not be a topic relegated to IT-specific meetings but rather a recurring agenda item for every board meeting. By integrating discussions on emerg-ing threats, ongoing initiatives, and incident-response strategies into meetings, boards can foster a culture of awareness and preparedness. Each board member’s active participation in these discussions not only signifies the collective dedication to the association’s security but also encourages a proactive stance among staff.

Review and understand risk levels. Understanding the association’s risk levels is paramount. Board members must engage in a comprehensive review of the organization’s cybersecurity risk position, understanding potential internal vulnerabilities and threats specific to the industry. This understanding enables informed decision-making. By reviewing assessments of risk levels, board members can then support prioritization of cybersecurity efforts effectively, ensuring that resources are allocated where they’re needed most. This responsibility also involves a collaborative effort with cybersecurity experts, internal teams, and external consultants to grasp the nuanced nature of modern cyber threats.

Ensure adequate attention and funding. A crucial board responsibility lies in guaranteeing that adequate attention and funding are dedicated to cybersecurity initiatives. Cybersecurity cannot be an afterthought: it requires proactive investment. Board members must advocate for appropriate budget allocations, enabling the imple-mentation of robust security measures and continuous training programs. By cham-pioning cybersecurity budgets, board members reinforce the importance of security within the association’s strategic priorities.

Champion organizational responsibility. Cybersecurity is an organizational responsibility that permeates every department and individual, including the board. Board members must advocate for a culture where every staff member understands their role in safeguarding the organization’s digital assets. This involves promoting a sense of shared responsibility and fostering an environment where reporting potential threats is both welcomed and rewarded. Ultimately, board members must lead by example, showcasing a commitment to cybersecurity that inspires others within the association

Foresight: Choosing the Future

Less than a year before the mid-way point of The Turbulent Twenties arrives, association boards must make a crucial decision: Will they reject complacency and bring a renewed sense of purpose to standing up for their successors’ futures?

As human systems responsible for guiding human systems through an increasingly nonlinear and incomprehensible world, the answer must be an unequivocal yes, with a clear commitment to the board’s duty of foresight at the core of that choice.

2024 marks the 10-year milestone of the duty of foresight, a concept I originated in the pages of Associations Now magazine in the summer 2014. Since that initial article, I have had many compelling conversations about the duty of foresight with diverse groups of board directors and officers, CEOs, and other contributors to board work. This ongoing process of discovery and reflection has helped me develop a richer understanding of why the duty of foresight is essential to building fit-for-purpose association boards:

The duty of foresight demands a fearless reckoning with orthodoxy. Over the last 10 years, the duty of foresight has consistently included the pursuit of intentional learning as a critical element. Eliminating the barriers to learning with the future created by orthodox beliefs—the deep-seated assumptions we make about how the world works—requires association boards to confront, interrogate, and defeat their detrimental impact at every opportunity.

The duty of foresight nurtures a deeper sense of responsibility. It impels boards to bring critical thinking, genuine empathy, and a clear-eyed perspective to conversations about the world they are leaving for their successors. The futures for which association boards are responsible today do not belong to them, and the care required to shape those futures must be grounded in our shared humanity.

The duty of foresight enables long-term adaptation. Boards can neither control the direction of the futures their organizations will face, nor can they render them invulnerable to the accelerating and intensifying impact of social, technological, economic, environmental, and political forces. The duty of foresight rejects the unattainable notion of “future proofing” in favor of creating capable and future-adaptive associations.

Throughout this year, the second half of The Turbulent Twenties, and into the challenging decades ahead, the board’s duty of foresight will endure as a vital choice for association boards committed to setting a higher standard of stewardship, governing, and foresight. For boards ready to become fit-for-purpose, the duty of foresight is an ethical, honorable, and purposeful decision to stand up for their successors’ futures.