Mitigating the Legal Risks of Nonprofits’ ESG and DEIA Programs

10 Min Read By: Jeffrey S. Tenenbaum

ESG” refers to the three broad pillars of Environmental, Social, and Governance considerations, which have become increasingly important in assessing certain for-profit businesses, especially publicly traded ones. With ever-intensifying demands from regulators, investors, and the public for attention to ESG issues, for-profit companies are increasingly focused on ESG considerations, initiatives, and compliance. ESG-related shareholder and class-action litigation, governmental investigations, and enforcement actions in the corporate world have expanded at a rapid clip. In addition, regulators both in and outside of the United States have promulgated new mandatory rules, disclosure obligations, and enforcement mechanisms for ESG-related conduct. The Securities and Exchange Commission (“SEC”), the Federal Trade Commission (“FTC”), and state attorneys general have taken the regulatory enforcement lead domestically.

While there are no universal definitions of ESG, the three primary ESG pillars generally involve the following issues, among others:

  • Environmental: climate change, resource depletion, waste and pollution, and deforestation.
  • Social: working conditions, employee relations and DEIA, health and safety, interaction with local communities (including indigenous communities), and conflict and humanitarian crises.
  • Governance: board diversity and structure, executive compensation, and ethics.

While ESG is a broader concept than Diversity, Equity, Inclusion, and Accessibility (“DEIA”), it includes and incorporates DEIA. DEIA programs fostering the hiring and promotion of African American employees and other underrepresented workers have been prominent in corporate America in recent years. For-profit corporations have been under enormous scrutiny of late regarding their hiring and promotion policies and practices—from both the left and right sides of the political aisle. A number of states have passed laws and issued executive orders requiring, or in some cases prohibiting, DEIA practices. Most recently, the U.S. Supreme Court’s June 2023 decision banning race-conscious college admissions—and the rationale underlying it—have raised concerns about the ruling’s potential broader implications, particularly in federal employment law, and perhaps even more broadly, such as in connection with federal funding. And even in advance of future court rulings, concerns have been raised about the possibility of some employers’ curtailing current diversity efforts in the workplace and halting new ones.

ESG and DEIA are controversial in some circles. There is a growing attack from the political right on corporate policies aimed at diversity in hiring and promotion and other social and environmental goals, with that attack taking the form of lawsuits, requesting agency investigations, congressional investigations, public pressure, and more.

So, what does any of this have to do with nonprofits? While nonprofit organizations are not subject to the specific ESG regulatory requirements and legal standards applicable to certain for-profit companies (such as those enforced by the SEC), nonprofits have incorporated DEIA into their programs, activities, governance, and operations for years, and they are increasingly voluntarily incorporating ESG principles and practices into their organizations. They may do so under pressure from their boards of directors, employees, grant-makers, donors, sponsors, advertisers, and other third parties. They also may do so in order to attract and retain a younger generation of staff that is increasingly sensitized to and mindful of ESG principles.

In doing so, nonprofits expose themselves to potential legal jeopardy in a wide array of areas. This article explains the legal risks inherent to ESG-related initiatives for nonprofit organizations and provides practical tips and guidance on how nonprofits can effectively mitigate those risks.

The Primary Legal Risks of Nonprofit ESG Programs

When a nonprofit organization voluntarily decides to weave ESG principles and practices into its organizational and operational fabric, it is taking on a certain degree of legal risk. To be sure, that risk is not anything remotely like the risk faced by for-profit companies—particularly publicly traded companies—that are subject to ESG statutory and regulatory mandates from the SEC and elsewhere. Nonprofits are not subject to such mandates. Nonetheless, nonprofits do face ESG-related legal risks. A non-exhaustive list of such risks follows.

Employment Law: ESG initiatives—particularly those that involve DEIA issues—can involve changes to hiring and promotion practices, workplace diversity, and employee compensation and benefits, which can trigger employment-related legal risks such as discrimination, harassment, and wrongful termination claims. This is nothing new, and laws like Title VII of the federal Civil Rights Act and state equivalents have been applied to nonprofit employers for more than fifty years. But what is new is the potential impact of the U.S. Supreme Court’s June 2023 ruling (Students for Fair Admissions v. Harvard and Students for Fair Admissions v. University of North Carolina) rejecting race-conscious admissions in higher education. While the new decision does not impede employers from pursuing diversity in their workforces (as it is limited solely to higher education admissions), many experts maintain that, as a practical matter, the ruling will likely discourage some employers from putting in place ambitious diversity policies in hiring and promotion—or prompt them to rein in existing policies—by encouraging new lawsuits in the employment arena under the new legal standard. In principle, the logic of the Court’s ruling on college admissions could threaten employer programs that, as of today, can take race into account if workers were previously excluded from a job category based on race or can do so to remove obstacles (such as unconscious bias) that prevent employers from having a more diverse workforce. But the more meaningful effect of the Court’s decision is likely to be greater pressure on policies that were already on questionable legal ground. These could include, for instance, staff leadership acceleration programs or internship programs that are open only to members of underrepresented groups. It also would not be surprising to see the Court use the ruling’s rationale to limit race-conscious initiatives in other aspects of nonprofit governance and management in the future, such as if federal funds are involved.

State Laws and Executive Orders Restricting DEIA Policies, Trainings, and Practices: Effective July 2022, Florida’s Individual Freedom Act, or the so-called “Stop WOKE” law, restricts diversity-related training in private Florida workplaces—including nonprofits based in Florida or (presumably) that have Florida-based employees—and also bars the teaching of critical race theory in K-12 schools and universities. That law is currently the subject of litigation that is working its way through the courts. In February 2023, Texas Governor Greg Abbott issued a memorandum to state agencies warning them to not use any DEIA programs in hiring that are “inconsistent” with Texas law, including setting diversity goals or interview targets for diverse candidates. While the memorandum is limited to public employers, it is unclear whether the governor may take similar action toward private employers in Texas. While California had adopted laws requiring certain racial, ethnic, and gender diversity on boards of directors of public companies headquartered in California, both laws have been struck down by courts, and appeals are underway. Observers widely expect a proliferation of such laws and executive orders restricting DEIA policies, trainings, and practices in a variety of “red” states. Beyond the employment realm, it would not be surprising to see new state laws and executive orders that could effectively prohibit DEIA initiatives in other aspects of nonprofit governance and management, such as board composition, volunteer leader selection, and grantmaking, as well as government grants, contracts, and cooperative agreements.

Misrepresentation and Greenwashing: There is a risk of publicly misrepresenting or overstating a nonprofit’s ESG performance, which could lead to charges of “greenwashing” or otherwise engaging in deceptive or misleading conduct. This could result in donor or funder backlash, reputational damage, and potentially even regulatory enforcement by state attorneys general, as well as private litigation. While nonprofits should always be mindful of these longstanding risks of making misleading or non-substantiated claims in connection with all of their programs and activities—well beyond ESG—the legal and public relations risks can be particularly acute here.

“Derivative” Suits: Nonprofits that incorporate ESG into their investment policy statement and base investment decisions, in part, on ESG criteria and then face material investment losses may risk being on the opposite end of “derivative”-type lawsuits alleging that the nonprofit’s board of directors and/or investment committee were not prudent stewards of the organization’s resources.

Data Privacy and Security: Nonprofits’ ESG activities often involve, in part, collecting, processing, and storing sensitive data about volunteer leaders, employees, donors, funders, and other stakeholders. There is a risk of data breaches or mishandling of information, which could result in legal action, regulatory penalties, and reputational harm. If a data breach occurs, there is an ever-increasing web of requirements imposed by state, federal, and international laws that must be followed.

Mitigating the Legal Risks of Nonprofit ESG Programs

To mitigate these legal risks, there are a number of proactive steps that nonprofit organizations can take. Below is a non-exhaustive list:

  • Ensure that your nonprofit’s employment policies and practices are fully compliant with all current federal and state legal standards in areas involving discrimination, harassment, wrongful termination, and otherwise. This necessarily means ensuring that any current or future employment diversity initiatives are narrowly tailored as permitted by current law and do not result in discrimination. It also means not overreacting to the June 2023 U.S. Supreme Court decision involving race-conscious college admissions but keeping a close eye on future legal developments in the employment context. For those nonprofits with remote employees in different states, remember that state employment laws generally apply to any employee who regularly works from the state, irrespective of where the organization is based. Be sure to always consult with employment counsel fluent in both federal law and the laws of the applicable states. Finally, outside of the workplace setting, keep an eye on future rulings from the U.S. Supreme Court that could apply the rationale underlying the college admission decision to other aspects of nonprofit governance and management, for instance if federal funds are involved.
  • While Florida’s Individual Freedom Act includes nonprofits based in Florida (and presumably those with Florida-based employees) in its restrictions on diversity-related training in private Florida workplaces, most other state laws and executive orders to date that restrict DEIA policies, trainings, and practices do not apply to nonprofits. That may well change in the coming months and years, however, particularly in certain “red” states. It is important to stay on top of all new state developments in this area—both those affecting the workplace and those potentially affecting other aspects of nonprofit governance and management—and take all necessary steps to comply with them.
  • Ensure that all public statements regarding your nonprofit’s ESG performance are accurate, fully substantiated with appropriate data and documentation, and not in any way overstated, misleading, or deceptive.
  • Working with a professional investment advisor, adopt an investment policy statement that reflects the nonprofit’s priorities, goals, risk tolerance, and financial needs but that is defensible as being reasonable, prudent, and appropriate. Be sure to revisit it on a regular basis and update it as needed.
  • Implement strong data privacy and security measures to protect sensitive information about nonprofit volunteer leaders, employees, donors, funders, and other stakeholders and to mitigate the risk of data breaches or mishandling of such information. If a data breach occurs, be sure to closely follow the ever-increasing requirements imposed by state, federal, and international laws.
  • Develop clear and consistent ESG policies and practices that align with your nonprofit’s values and mission, as well as expectations of donors, funders, and other stakeholders.
  • Regularly engage with stakeholders such as donors, funders, and employees to ensure that your nonprofit’s ESG initiatives are transparent and meet their needs.
  • Maintain up-to-date knowledge of applicable state, federal, and international ESG-related laws and regulations, and ensure full compliance with them.
  • As with all areas of legal risk management, work with experienced legal counsel to help your nonprofit navigate the complex and ever-changing legal landscape governing ESG initiatives.


While ESG initiatives are thus far not mandated for nonprofit organizations as they are for certain for-profit companies, for a variety of reasons, increasingly nonprofits are voluntarily incorporating ESG principles and practices into their organizations and operations. In doing so, nonprofits can gain certain benefits but also expose themselves to potential legal risk in a wide array of areas. That being said, if properly understood and appreciated by nonprofit executives and leaders, those risks can be effectively mitigated by incorporating a number of practical tips and suggestions.

For more information, contact Mr. Tenenbaum at [email protected].

By: Jeffrey S. Tenenbaum


Connect with a global network of over 30,000 business law professionals


Login or Registration Required

You need to be logged in to complete that action.