Mitigating the Legal Risks of Nonprofits’ ESG and DEIA Programs

“ESG” refers to the three broad pillars of Environmental, Social, and Governance which have become increasingly important in assessing certain for-profit businesses, especially publicly traded ones. With ever-intensifying demands from regulators, investors, and the public for attention to ESG issues, for-profit companies are increasingly focused on ESG considerations, initiatives, and compliance. ESG-related shareholder and class-action litigation and governmental investigations and enforcement actions in the corporate world have expanded at a rapid clip. In addition, regulators both in and outside of the United States have promulgated new mandatory rules, disclosure obligations, and enforcement mechanisms for ESG-related conduct. The Securities and Exchange Commission (“SEC”), the Federal Trade Commission (“FTC”), and state Attorneys General have taken the regulatory enforcement lead domestically.

While there are no universal definitions of ESG, the three primary ESG pillars generally involve the following issues, among others: Environmental (climate change, resource depletion, waste and pollution, and deforestation); Social (working conditions, employee relations and DEIA, health and safety, local communities (including indigenous communities), and conflict and humanitarian crises); and Governance (board diversity and structure, executive compensation, and ethics).

While ESG is a broader concept than Diversity, Equity, Inclusion, and Accessibility (“DEIA”), it includes and incorporates DEIA. DEIA programs fostering the hiring and promotion of African Americans and other minority workers have been prominent in corporate American in recent years. For-profit corporations have been under enormous scrutiny as of late regarding their hiring and promotion policies and practices – from both the left and right sides of the political aisle. A number of states have passed laws and issued executive orders both requiring, and in some cases prohibiting, DEIA practices. Most recently, the U.S. Supreme Court’s June 2023 decision banning race-conscious college admissions – and the rationale underlying it – have raised concerns about the ruling’s potential broader implications, particularly in federal employment law, and perhaps even more broadly, such as in connection with federal funding. And even in advance of future court rulings, concerns have been raised about some employers’ curtailing of current, and halting new, diversity efforts in the workplace.

ESG and DEIA are controversial in some circles. There is a growing attack from the political right on corporate policies aimed at diversity in hiring and promotion and other social and environmental goals in the form of lawsuits, requesting agency investigations, congressional investigations, public pressure, and in other ways.

So, what does any of this have to do with nonprofit? While nonprofit organizations are not subject to the specific ESG regulatory requirements and legal standards applicable to certain for-profit companies (such as those enforced by the SEC), nonprofits have incorporated DEIA into their programs, activities, governance, and operations for years, and are increasingly voluntarily incorporating ESG principles and practices into their organizations. They may do so under pressure from their boards of directors, employees, grant-makers, donors, sponsors, advertisers, and other third parties. They also may do so in order to attract and retain a younger generation of staff that is increasingly sensitized to and mindful of ESG principles.

In doing so, nonprofits expose themselves to potential legal jeopardy in a wide array of areas. This article explains the legal risks inherent with ESG-related initiatives for nonprofit organizations and provides practical tips and guidance on how nonprofits can effectively mitigate those risks.

The Primary Legal Risks of Nonprofit ESG Programs

When a nonprofit organization voluntarily decides to weave ESG principles and practices into its organizational and operational fabric, it is taking on a certain degree of legal risk. To be sure, that risk is not anything remotely like the risk faced by for-profit companies – particularly publicly traded companies – that are subject to ESG statutory and regulatory mandates from the SEC and elsewhere. Nonprofits are not subject to such mandates. Nonetheless, nonprofits do face ESG-related legal risks.

Here is a non-exhaustive list:

Employment Law: ESG initiatives – and particularly those that involve DEIA issues – can involve changes to hiring and promotion practices, workplace diversity, and employee compensation and benefits, which can trigger employment-related legal risks such as discrimination, harassment, and wrongful termination. This is nothing new and laws like Title VII of the federal Civil Rights Act and state equivalents have been applied to nonprofit employers for over 50 years. But what is new is the potential impact of the U.S. Supreme Court’s June 2023 ruling (Students for Fair Admissions v. Harvard and Students for Fair Admissions v. University of North Carolina) rejecting race-conscious admissions in higher education. While the new decision does not impede employers from pursuing diversity in their workforces (as it is limited solely to higher education admissions), many experts maintain that, as a practical matter, the ruling will likely discourage some employers from putting in place ambitious diversity policies in hiring and promotion – or prompt them to rein in existing policies – by encouraging new lawsuits in the employment arena under the new legal standard. In principle, the logic of the Court’s ruling on college admissions could threaten employer programs that, as of today, can take race into account, such as if members of a racial minority were previously excluded from a job category or to remove obstacles (such as unconscious bias) that prevent employers from having a more diverse workforce. But the more meaningful effect of the Court’s decision is likely to be greater pressure on policies that were already on questionable legal ground. These could include staff leadership acceleration programs or internship programs that are open only to members of underrepresented minority groups. It also would not be surprising to see the Court use the ruling’s rationale to limit race-conscious initiatives in other aspects of association governance and management in the future, such as in contracting or if federal funds are involved.

State Laws and Executive Orders Restricting DEIA Policies, Trainings, and Practices: Effective July 2022, Florida’s Individual Freedom Act, or the so-called “Stop-WOKE” law, restricts diversity related training in private Florida workplaces – including nonprofits based in Florida or (presumably) which have Florida-based employees – and also bars the teaching of critical race theory in K-12 schools and universities. That law is currently the subject of litigation and is working its way through the courts. In February 2022, Texas Governor Abbott issued a memorandum to state agencies warning them to not use any DEIA programs in hiring that are “inconsistent” with Texas law, including setting diversity goals or interview targets for diverse candidates. While the memorandum is limited to public employers, it is unclear whether the Governor may take similar action toward private employers in Texas. While California had adopted laws requiring certain racial and ethnic, as well as gender, diversity on boards of directors of public companies headquartered in California, both laws have been struck down by courts and appeals are underway. Observers widely expect a proliferation of such laws and executive orders restricting DEIA policies, trainings, and practices in a variety of “red” states. Beyond the employment realm, it would not be surprising to see new state laws and executive orders that could effectively prohibit DEIA initiatives in other aspects of association governance and management, such as board composition, volunteer leader selection, grantmaking, contracting, and government grants, contracts, and cooperative agreements.

Misrepresentation and Greenwashing: There is a risk of publicly misrepresenting or overstating a nonprofit’s ESG performance, which could lead to charges of “greenwashing” or otherwise engaging in deceptive or misleading conduct. This could result in donor or funder backlash, reputational damage, and potentially even regulatory enforcement by state Attorneys General, as well as private litigation. While nonprofits should always be mindful of these longstanding risks of making misleading or non-substantiated claims in connection with all of their programs and activities – well beyond ESG – the legal and public relations risks can be particularly acute here.

“Derivative” Suits: Nonprofits that incorporate ESG into their investment policy statement and base investment decisions, in part, on ESG criteria and then face material investment losses may risk being on the opposite end of “derivative”-type lawsuits alleging that the nonprofit’s board of directors and/or investment committee were not prudent stewards of the organization’s resources. Such lawsuits also can be brought by state Attorneys General in the nonprofit’s state of incorporation.

Date Privacy and Security: Nonprofits’ ESG activities often involve, in part, collecting, processing, and storing sensitive data about volunteer leaders, employees, donors, funders, and other stakeholders. There is a risk of data breaches or mishandling of information, which could result in legal action, regulatory penalties, and reputational harm. If a data breach occurs, there is an ever-increasing web of requirements imposed by state, federal, and international laws that must be followed.

Mitigating the Legal Risks of Nonprofit ESG Programs

To mitigate these legal risks, there are a number of proactive steps that nonprofit organizations can take. Below is a non-exhaustive list:

  • Ensure that your nonprofit’s employment policies and practices are fully compliant with all current federal and state legal standards in areas involving discrimination, harassment, wrongful termination, and otherwise. This necessarily means ensuring that any current or future employment diversity initiatives are narrowly tailored as permitted by current law and do not result in reverse discrimination. It also means not overreacting to the June 2023 U.S. Supreme Court decision involving race-conscious college admissions but keeping a close eye on future legal developments in the employment context. For those nonprofits with remote employees in different states, remember that state employment laws generally apply to any employee who regularly works from the state, irrespective of where the organization is based. Be sure to always consult with employment counsel fluent in both federal law and the laws of the applicable states. Finally, outside of the workplace setting, keep an eye on future rulings from the U.S. Supreme Court and other courts that could apply the rationale underlying the college admission decision to other aspects of nonprofit governance and management, for instance, if federal funds are involved.
  • While Florida’s Individual Freedom Act restricts diversity related training in private Florida workplaces – including nonprofits based in Florida or (presumably) which have Florida-based employees – most other state laws and executive orders to date that restrict DEIA policies, trainings, and practices do not apply to nonprofits. But that may well change in the coming months and years, particularly in certain “red” states. It is important to stay on top of all new state developments in this area – both those affecting the workplace and potentially other aspects of nonprofit governance and management, such as board composition, volunteer leader selection, grantmaking, contracting, and government grants, contracts, and cooperative agreements – and take all necessary steps to comply with them.
  • Ensure that all public statements regarding your nonprofit’s ESG performance are accurate, fully substantiated with appropriate data and documentation, and not in any way overstated, misleading, or deceptive.
  • Working with a professional investment advisor, adopt an investment policy statement that reflects the nonprofit’s priorities, goals, risk tolerance, and financial needs but that is defensible as being reasonable, prudent, and appropriate. Be sure to revisit it on a regular basis and update it as needed.
  • Implement strong data privacy and security measures to protect sensitive information about nonprofit volunteer leaders, employees, donors, funders, and other stakeholders and to mitigate the risk of data breaches or mishandling of such information. If a data breach occurs, be sure to closely follow the ever-increasing requirements imposed by state, federal, and international laws.
  • Develop clear and consistent ESG policies and practices that align with your nonprofit’s values, mission, and donor, funder, and other stakeholder expectations.
  • Regularly engage with stakeholders such as donors, funders, and employees to ensure that your nonprofit’s ESG initiatives are transparent and meet their needs.
  • Maintain up-to-date knowledge of applicable state, federal, and international ESG-related laws and regulations, and ensure full compliance with them.
  • As with all areas of legal risk management, work with experienced legal counsel to help your nonprofit navigate the complex and ever-changing legal landscape governing ESG initiatives.

Conclusion

While ESG initiatives are not mandated for nonprofit organizations as they are for certain for-profit companies, for a variety of reasons, nonprofits are increasingly voluntarily incorporating ESG principles and practices into their organizations and operations. In doing so, nonprofits expose themselves to potential legal risk in a wide array of areas. That being said, if properly understood and appreciated by nonprofit executives and leaders, those risks can be effectively mitigated by incorporating a number of practical tips and suggestions.

For more information, contact Mr. Tenenbaum at jtenenbaum@TenenbaumLegal.com.