Nonprofit Tuesday · Week 9 · Insurance & Risk Management
Nonprofit Insurance & Risk Management:
The Coverages Most Organizations Miss
Nonprofits have unique insurance needs that most small business policies don't address. Here is what your organization actually needs to be protected.
This week's Nonprofit Tuesday video covers the four coverages that go beyond a standard small business policy, and the internal risk management practices that reduce the likelihood of ever needing to file a claim. Watch for the D&O section — many experienced board members will not serve on a nonprofit that lacks it.
Monday's post covered the core insurance stack every Virginia small business needs. A nonprofit carries all of those same risks — bodily injury, property damage, employment claims — and then adds a layer of risks that are unique to its structure: a volunteer board making governance decisions, an unpaid volunteer workforce performing physical work, grant funds held in trust for restricted purposes, and a mission that generates public accountability in ways a private business does not.
The standard general liability and property policies that form a small business's foundation do not cover any of these nonprofit-specific risks. Four additional coverages address them. And beyond insurance, nonprofits have access to internal risk management practices that reduce fraud, employment liability, and governance risk before they become claims.
This post covers both layers: the coverage stack and the controls.
Why a Standard Small Business Policy Leaves Gaps
The confusion is understandable: a general liability policy sounds comprehensive. It covers bodily injury and property damage arising from operations. But consider what it does not cover in a nonprofit context:
- A board member sued personally for a governance decision made in good faith
- A former employee who claims wrongful termination or harassment
- A volunteer injured while staffing a community event (volunteers are not employees and are not covered by workers' compensation)
- An employee who embezzles donor funds or grant dollars over 18 months
Each of these scenarios represents a real and recurring risk for Virginia nonprofits. Each requires a specific coverage type that sits outside the standard business insurance stack. And in most cases, the financial consequence of an uncovered claim falls directly on the organization's operating budget, its reserves, or its board members personally.
“Many nonprofits discover their insurance gaps only after a claim. The coverage conversation needs to happen before the event, not after.”
The Four Nonprofit-Specific Coverages
These coverages address risks that are structurally unique to nonprofits. None of them are typically included in a standard general liability or commercial property policy.
Directors & Officers (D&O) Insurance
D&O insurance protects board members and executive officers from personal liability when organizational decisions are challenged. Without it, a board member can be sued personally for a governance decision, a budget approval, or a programmatic choice — and their personal assets, including savings and home equity, are at risk.
Common D&O claims include: misrepresentation to funders or regulators, alleged mismanagement of funds, breach of fiduciary duty, and failure to follow organizational bylaws. The majority of these claims are brought by employees, former employees, donors, or government agencies — not by random third parties.
Many experienced board members and prospective directors will not serve on a nonprofit board that does not carry D&O coverage. Lack of this policy signals governance risk and can limit recruitment of qualified board leadership.
Employment Practices Liability (EPLI)
EPLI covers claims by employees or former employees related to wrongful termination, discrimination, harassment, wage and hour violations, and retaliation. General liability specifically excludes these employment claims, and a commercial umbrella policy typically follows suit.
Nonprofits are particularly exposed to employment claims for structural reasons: limited HR capacity, diverse workforce structures (employees, volunteers, contractors, interns), and the common nonprofit culture of close personal relationships that can complicate formal employment processes. A 2025 report documented a small health nonprofit where a wrongful termination claim settled for $105,000, plus $28,000 in legal defense costs — nearly $133,000 that would have directly hit the operating budget without EPLI.
Volunteer Accident Insurance
Volunteers are not employees. They are not covered by workers' compensation when injured while performing services for the organization. If a volunteer is hurt during a community event, a habitat restoration project, or while delivering meals for a social services program, the costs for their medical treatment and lost wages fall outside the organization's workers' comp coverage.
Volunteer accident insurance covers injuries sustained by volunteers on a no-fault basis, typically providing medical expense reimbursement that applies before (or in excess of) the volunteer's personal health insurance. It is one of the more affordable nonprofit coverages available, and for organizations whose programs involve any physical activity, outdoor work, or client-facing volunteer roles, it addresses a genuine gap.
Note: the Volunteer Protection Act of 1997 provides limited individual immunity to volunteers, but does not protect the organization from liability for a volunteer's actions and does not cover the volunteer's own medical costs.
Fidelity / Crime Insurance
Fidelity insurance (also called crime insurance) covers losses from employee theft, embezzlement, fraud, and dishonesty. For nonprofits managing grant funds and donor contributions, this coverage addresses one of the sector's most persistent financial risks.
The ACFE's 2024 data shows nonprofits experience a median fraud loss of $76,000 per incident, rising to $85,000 for religious, charitable, and social services organizations. Common fraud schemes at small nonprofits include check tampering, billing fraud, and skimming — often perpetrated by trusted long-term employees precisely because the trust eliminates the oversight that would otherwise catch it.
Some funders — particularly government agencies and larger foundations — require proof of fidelity coverage as a condition of receiving a grant award. An organization without it may be disqualified from funding opportunities regardless of programmatic merit.
Nonprofit Insurance at a Glance
| Coverage | What It Protects | Who It Covers | Common Claims |
|---|---|---|---|
| D&O | Board & executive governance decisions | Directors, officers, sometimes volunteers | Mismanagement, breach of fiduciary duty, misrepresentation |
| EPLI | Employment-related claims | Organization (defending against employee claims) | Wrongful termination, discrimination, harassment, retaliation |
| Volunteer Accident | Volunteer injuries on-duty | Volunteers (not employees) | Injuries during events, programs, or physical volunteer work |
| Fidelity / Crime | Internal theft & fraud | Organization's assets (from employee dishonesty) | Embezzlement, check tampering, billing fraud, skimming |
| Cyber Liability | Data breach & network incidents | Organization & affected individuals | Breach notification costs, regulatory fines, legal defense |
Insurance costs belong in your grant budget — and most nonprofits underestimate them.
One of the most consistent budget modeling errors we find in Virginia nonprofit financial statements is the treatment of insurance as a single line item estimated from the prior year. Organizations that have added programs, employees, or volunteers, that have won new government contracts, or that have expanded into new physical spaces often carry coverage that no longer matches their actual risk profile — and a budget that does not account for the premium increases that come with appropriate coverage adjustments.
EveryCentCounts CFO Advisory engagements for nonprofits include an insurance cost baseline review as part of operating expense analysis. If your organization's coverage has not been reviewed since your last program expansion, book a consultation to discuss what a complete review looks like.
Risk Management Beyond Insurance
Insurance covers what happens after a loss occurs. Risk management tries to prevent or minimize losses before they happen. For nonprofits, where margins are thin and reputational damage from fraud or governance failures can be as costly as the financial loss itself, internal controls are not a compliance exercise. They are a financial planning tool.
The ACFE's research is direct on this point: nonprofits that implemented fraud awareness training detected fraud 2.5 times faster and reported nearly 50% lower losses than those that did not. And nonprofits have the lowest implementation rate of fraud awareness training of any sector studied.
Segregation of Duties
No single person should have both custody of assets and the ability to record transactions involving those assets. The person who opens the mail and receives checks should not be the same person who records the deposit or reconciles the bank statement. In small nonprofits with limited staff, board members can fulfill oversight roles in the segregation structure.
Dual Authorization on Disbursements
Require two authorized signatures on all checks above a defined threshold, typically $2,500 to $5,000 for most small nonprofits. Require board or executive director approval for wire transfers and ACH transactions. This single control has the highest documented impact on fraud loss reduction.
Background Checks
Conduct background checks for all staff and volunteers who work with vulnerable populations, handle cash or financial accounts, or have access to sensitive donor or client data. This is both a risk management practice and a funder requirement in many grant agreements. Document the process and retain records.
Anonymous Reporting (Hotline)
The ACFE reports that 43% of all fraud is detected through tips, and that organizations with hotlines or anonymous reporting systems detect fraud significantly faster. A simple anonymous reporting mechanism — even an email address monitored by the board chair or audit committee — provides a channel for concerns that employees might not raise through direct supervision.
Data Security Practices
Virginia's VCDPA and the state's data breach notification law require prompt notification of affected individuals and the Office of the Attorney General following a breach. Nonprofits handling donor, client, or participant data should conduct annual data inventory reviews, enforce role-based access to sensitive systems, and consider cyber liability insurance if they have not already.
Board Financial Oversight
The board's finance or audit committee should review bank reconciliations, credit card statements, and expense reports quarterly — not just the P&L. Transaction-level review by a board member with no operational authority is one of the highest-impact governance controls available to a small nonprofit without dedicated audit capacity.
Virginia-Specific Considerations for Nonprofits
Northern Virginia nonprofits receiving federal funding through HHS, HUD, or Department of Justice programs face specific insurance requirements embedded in their grant agreements. Fidelity coverage minimums, required general liability limits, and COI naming requirements differ across agencies and program types. Organizations managing multiple federal grants should maintain a coverage requirements register alongside their grant tracking system, and confirm at each renewal that coverage meets or exceeds the requirements in every active award.
Hampton Roads nonprofits serving transitioning veterans, military families, and active-duty personnel often operate programs that involve physical activities, transportation, and home visits — all of which elevate the importance of volunteer accident insurance and general liability coverage. Organizations providing TAP support, housing navigation, or employment services should verify that volunteer activities in client homes and community settings are covered under their current general liability policy, and that transportation of clients or materials does not create a commercial auto exposure that the policy excludes.
Virginia nonprofits closing a June 30 fiscal year should confirm that all coverage renews before or immediately after fiscal year-end. Policy lapses over the renewal period — even brief ones during a fiscal year transition — can create uninsured exposure and may violate requirements in active grant agreements. Confirming policy continuity dates with your broker as part of the year-end close process is a straightforward step that prevents a compliance problem that is expensive to resolve after the fact.
Clean books and strong internal controls are the foundation of both audit readiness and fraud prevention.
The internal controls that prevent fraud — segregation of duties, dual authorization, regular bank reconciliation, board oversight of transactions — are the same practices that support a clean annual audit and build funder confidence. Organizations with monthly bookkeeping close cycles and current, reconciled financials detect anomalies faster, satisfy auditor requirements more efficiently, and present a more credible financial picture to grantors.
EveryCentCounts provides monthly bookkeeping close services for Virginia nonprofits, including the transaction-level reconciliation and reporting that supports effective board oversight. Book a consultation to discuss what a complete monthly close looks like for your organization.
The nonprofit insurance market has specialized carriers and package products that general commercial brokers may not access or recommend. A broker with an active nonprofit client base will know which carriers offer the best D&O terms for your organization size and mission type, which package policies include volunteer accident coverage, and which fidelity products meet common federal grant requirements. Ask your broker directly: how many nonprofit clients do you currently serve?
Action Steps
Confirm whether you currently carry D&O, EPLI, volunteer accident insurance, and fidelity/crime coverage. If any are absent, note what triggered the gap: budget constraints, lack of awareness, or a policy lapse. Each absence represents a specific uncovered risk that may already exist in your operations today.
Search each active grant agreement for the terms “insurance,” “coverage,” and “fidelity.” Document the minimum required coverage types, limits, and any additional insured naming requirements. Compare against your current coverage. Any gap between what a grant requires and what your policy provides is a compliance issue that could result in grant suspension or termination if discovered during a monitoring visit or audit.
Segregation of duties and dual authorization on disbursements are the two highest-impact fraud prevention controls available to a small nonprofit. If either is not currently in place, document what the current process is, identify who is in a position to circumvent it, and bring a proposed control structure to the board for approval. The board's approval creates a governance record and signals organizational commitment to financial integrity.
Policy continuity is particularly critical for nonprofits with active grant awards. Pull each policy's renewal date and add a 90-day advance reminder to your organizational calendar. Use that lead time to review coverage, compare alternatives, and confirm that all grant-required coverages are in place before the renewal date rather than after. Thursday's post on the Annual Risk Review will walk through the complete process for building this into your organizational routine.
References
- Association of Certified Fraud Examiners (ACFE). 2024. Report to the Nations: 2024 Global Study on Occupational Fraud and Abuse. Austin, TX: ACFE. acfe.com
- PBMares LLP. 2025. “Fraud Risks in Nonprofits: Trends and Strategies for 2025.” February 26, 2025. pbmares.com
- California Nonprofits Insurance Services. 2025. “Debunking Common Nonprofit Insurance Myths (2025 Update) Part 3.” calnonprofitsinsurance.org
- Nonprofit Insurance Alliance (NIA). 2026. Board & Executive Liability Insurance for Nonprofits. Santa Cruz, CA: NIA. insurancefornonprofits.org
- Apex Risk & Insurance Services. 2026. “EPLI for Nonprofits: What You Need to Know.” January 30, 2026. apex-risk.com
- CTG Insurance. n.d. “Employment Practices Liability Insurance.” ctgins.com
- Travelers Insurance. 2023. “Protecting Your Nonprofit from Crime.” travelers.com
- Virginia Information Technologies Agency (VITA). 2023. Virginia Consumer Data Protection Act Overview. Richmond, VA: Commonwealth of Virginia. vita.virginia.gov
EveryCentCounts
Financial Services & Digital Presence Management — Ladysmith, VA
EveryCentCounts provides bookkeeping, CFO Advisory, accounting, and digital presence services to Virginia nonprofits and small businesses. We help mission-driven organizations build the financial controls and reporting practices that protect their funds, satisfy their funders, and support sustainable growth.
Does Your Coverage Match Your Organization's Actual Risk?
EveryCentCounts works with Virginia nonprofits to build the financial controls, reporting systems, and budget models that keep missions protected and funders confident. Let's start with your coverage picture.
Book a Free Consultation