State Charity Investigations: What Typically Triggers Them

SPEAKER_00 (0:00): Welcome to the Nonprofit Compliance Brief, where we explain charitable solicitation and multi-state fundraising requirements in clear, practical terms for nonprofit leaders and finance teams. This podcast is produced by Ironwood Registrations.

SPEAKER_01 (0:14): It is so great to be here.

SPEAKER_00 (0:15): Today we are doing a deep dive into a topic that I think most nonprofit leaders would frankly prefer to just keep double locked and bolted shut.

SPEAKER_01 (0:24): Oh, absolutely.

SPEAKER_00 (0:25): We’re looking at state charity investigations. And I have to say, just reading the phrase “state investigation” in the source materials we have for today, it sent a little shiver down my spine.

SPEAKER_01 (0:35): Right. It’s heavy.

SPEAKER_00 (0:36): It feels incredibly heavy. It sounds like something involving, you know, sirens, enforcement actions, maybe a news crew waiting on the sidewalk outside your office.

SPEAKER_01 (0:44): And that is a completely normal reaction. I mean, the terminology itself is—well, it’s designed to be serious. When you see a letterhead with “Attorney General” or “Division of Enforcement” on it, your immediate psychological response is just panic. You think, “What did we do? Is this the end of the organization?”

SPEAKER_00 (1:01): Exactly. It feels like this existential threat. But the mission for this deep dive today is to actually walk that fear back a little bit. We want to demystify this “black box” of state oversight.

SPEAKER_01 (1:11): Because it really is a black box to most people.

SPEAKER_00 (1:13): Right. And looking at the research for today, it seems like the reality of these investigations is very different from that dramatic movie version we all have playing in our heads.

SPEAKER_01 (1:24): That is definitely the most important place to start. If we connect this to the bigger picture, while hearing from a state regulator is obviously intimidating, these interactions are rarely about intentional wrongdoing. They aren’t assuming you’re running a criminal enterprise. They aren’t looking for villains—in most cases, anyway.

SPEAKER_00 (1:43): So they aren’t storming the office because you made a typo on a receipt or bought the wrong coffee for the break room?

SPEAKER_01 (1:50): No, absolutely not. Usually, these inquiries are triggered by identifiable patterns, inconsistencies, administrative errors. It’s much more boring, honestly, and a lot more manageable than people think. It’s about paperwork, data, clarity.

SPEAKER_00 (2:04): Okay, so let’s unpack this. If they aren’t the FBI kicking down the door, who exactly are these regulators? Like, who is actually doing the investigating? And frankly, what do they want from us? Are they looking for money?

SPEAKER_01 (2:17): Well, the “who” is typically a state charity office. Now, depending on the state, this might be housed within the Secretary of State’s office, but very often it’s a division within the State Attorney General’s office or a Division of Consumer Protection.

SPEAKER_00 (2:32): Consumer protection. That’s an interesting distinction. Because I usually think of consumer protection as the people I call when a car dealership rips me off, or like a toaster catches on fire. Not for a charity.

SPEAKER_01 (2:44): It is a fascinating framing, isn’t it? But think about it from the regulator’s perspective for a second. Donors are consumers. They are essentially buying into a mission. They’re trusting an organization with their money to deliver a specific social good. So the regulator’s mandate isn’t just to collect filing fees. Their mandate is consumer protection—protecting donor trust.

SPEAKER_00 (3:07): They’re the guardians of the marketplace, basically. The marketplace of doing good. Because if the public loses trust in charities because of a few bad actors, the whole sector suffers.

SPEAKER_01 (3:20): That makes total sense. So they aren’t necessarily looking to extract fines. They’re looking for what exactly?

SPEAKER_00 (3:26): They focus on four main pillars:

1. Accurate public disclosures.
2. Lawful solicitation practices (Are you asking for money the right way and in the right places?).
3. Financial transparency.
4. Prevention of misleading fundraising activity.

SPEAKER_01 (3:49): Precisely. And here is where it gets really reassuring for you as a listener. The nature of these investigations, at least at the outset, is almost always just an administrative review. They are checking the paperwork. They are not starting with a presumption of guilt. They are starting with a question about a file.

SPEAKER_00 (4:05): That is a huge relief. It’s a lot less “you have the right to remain silent” and more “Hey, line four on this form looks a little weird. Can you explain it?”

SPEAKER_01 (4:14): Exactly. It’s a desk audit. It’s not a raid.

SPEAKER_00 (4:17): Okay, so let’s get into the actual mechanics of this. How does an investigation actually kick off? Does an alarm go off in a government basement somewhere?

SPEAKER_01 (4:25): It’s usually much quieter than that. Most investigations do not start with a surprise inspection. You aren’t going to have agents in windbreakers showing up in your lobby. It almost always starts with a letter or an email.

SPEAKER_00 (4:39): The dreaded letter.

SPEAKER_01 (4:40): The letter. And usually, it’s just requesting clarification. Which brings us to the first major category of triggers, what I like to call the “oops” moments.

SPEAKER_00 (4:49): The administrative stuff, the enforced errors.

SPEAKER_01 (4:51): Right. The most frequent trigger we see is simply registration status. Missed or outdated registrations are the absolute most common way to get flagged.

SPEAKER_00 (5:01): This seems like something that would be easy to catch, though. How does this slip through the cracks for a professional organization?

SPEAKER_01 (5:06): Well, it happens all the time. A very common scenario is fundraising taking place before registration approval is actually granted. An organization gets excited. Maybe there is a timely event or a natural disaster they really want to help with, so they launch a campaign in a new state.

SPEAKER_00 (5:22): Ah, so they jumped the gun. They had really good intentions, they wanted to raise money for the cause right now, but they technically solicited before they were legally allowed to.

SPEAKER_01 (5:32): Exactly. They put the cart before the horse. Or it could be renewals that just weren’t completed on time. Or maybe the organizational info is out of date.

SPEAKER_00 (5:41): Like what?

SPEAKER_01 (5:42): The address changed, a board member left, and the state just wasn’t notified.

SPEAKER_00 (5:46): And I assume the state doesn’t have a person manually checking every single charity’s website every day to see if they updated their address. This has to be automated, right?

SPEAKER_01 (5:55): That is the real nuance here. These are often administrative oversights, not malicious acts. But state systems are increasingly automated. If a database sees a donation come in from a state where you aren’t active, or if your federal tax filing lists expenses for fundraising in a state where you have no registration on file—that triggers an automated compliance monitoring alert. Or if you just have missing or late filings, that acts as an immediate flag in the database.

SPEAKER_00 (6:26): That is really interesting. So the computer spits out the flag and then the human sends the letter.

SPEAKER_01 (6:31): Exactly. It’s a database query. It’s not personal at all. It’s an algorithm checking for a match.

SPEAKER_00 (6:35): Okay, so that’s the first bucket—the “oops, we forgot to file” bucket. But what about when you did file, but something doesn’t quite look right? I’m looking at our source notes here about “data detectives,” and this sounds a bit more intense.

SPEAKER_01 (6:48): This is where we get into inconsistencies. This is probably the most fascinating part of modern regulation. You really have to imagine the regulator as a detective who is holding three different pieces of paper, looking for where the story changes.

SPEAKER_00 (7:02): Connecting the dots. What are the three pieces of paper?

SPEAKER_01 (7:05): They are looking at what we call the triangulation of data.

• Source one: Your IRS Form 990 filing (the federal tax return).
• Source two: Your state charitable registrations.
• Source three: Your organization’s own website and fundraising materials.

SPEAKER_00 (7:28): Oh, wow. So they are actively checking your marketing claims against your tax returns.

SPEAKER_01 (7:33): Absolutely. And if the story doesn’t match across all three of those sources, that is a massive red flag.

SPEAKER_00 (7:39): Can you give us an example of what that looks like in practice? What kind of mismatch catches their eye?

SPEAKER_01 (7:44): Well, imagine your website says “100% of donations go directly to feeding the hungry.” That is a very powerful marketing message. Donors love to hear that zero overhead is involved.

SPEAKER_00 (7:56): Sure. It makes you feel like your dollar goes much further.

SPEAKER_01 (7:58): Exactly. But then the regulator pulls your Form 990, and on the 990, under functional expenses, it shows significant administrative overhead: rent, salaries, or massive fundraising costs.

SPEAKER_00 (8:10): Oh man.

SPEAKER_01 (8:11): That is a direct conflict.

SPEAKER_00 (8:12): So the website is making a promise that the tax form basically proves is impossible.

SPEAKER_01 (8:17): Right. Or maybe your state registration says your mission is educational support, but your fundraising emails are asking for money for disaster relief because that happens to be what is in the news cycle that week.

SPEAKER_00 (8:28): I see. So the financial figures or the description of the mission itself differs across the platforms.

SPEAKER_01 (8:33): Yes. Consistency across filings is a vital compliance signal. If you are telling the IRS one thing, the state another thing, and the donor a third thing, the regulator is inevitably going to ask which one is the truth.

SPEAKER_00 (8:46): And that triggers the letter.

SPEAKER_01 (8:48): That triggers the request for clarification. And again, it might just be an innocent mistake. Maybe the marketing team updated the website with a really catchy new slogan, but didn’t bother to tell the finance team who actually files the 990.

SPEAKER_00 (9:02): That is such a good point. It really highlights how siloed nonprofits can get. You know, the marketing people are over here being creative and trying to drive engagement, and the finance people are over here being compliant, and they just aren’t talking to each other.

SPEAKER_01 (9:16): And that silence between departments is exactly where investigations are born. If marketing and finance aren’t in the same room, you are creating risk.

SPEAKER_00 (9:25): So we’ve covered the machines, the automated triggers, and the data detectives, but there is a very human element here, too, right? Because organizations deal with the public.

SPEAKER_01 (9:34): Yes, and this is the third major trigger category: public complaints.

SPEAKER_00 (9:40): I imagine this is a big one.

SPEAKER_01 (9:41): It really is. Investigations frequently begin with complaints from donors or just the general public. And what is fascinating here is that the complaint doesn’t even have to be well-founded to trigger a review.

SPEAKER_00 (9:53): Really? So if I just misunderstand an email and get angry, I can cause a massive headache for a charity?

SPEAKER_01 (9:59): Essentially, yes. Common causes are things like a misunderstanding of fundraising messaging or disputes about how a donation was used. A classic example is the restricted gift.

SPEAKER_00 (10:09): Walk us through that. How does that happen?

SPEAKER_01 (10:10): Let’s say a donor gives $100 and writes “for the scholarship fund” on the memo line of the check. Then a month later, they get a general newsletter showing the organization just bought a brand-new van. The donor thinks, “Hey, they used my scholarship money for a van!”

SPEAKER_00 (10:26): Even if they didn’t.

SPEAKER_01 (10:27): Right. The charity might have had plenty of unrestricted funds to buy the van, but the donor perceives a misuse of funds, so they file a complaint with the state.

SPEAKER_00 (10:36): And the regulator has to look into it.

SPEAKER_01 (10:38): They have to. Even a minor, completely unfounded complaint forces the regulator to review the organization’s filings for accuracy. They have to prove the money was handled correctly. So a simple communication breakdown suddenly leads to an audit.

SPEAKER_00 (10:54): Wow. And that brings us to the optics part of this—fundraising representations. It sounds like how you present yourself is just as important as the actual math in the background.

SPEAKER_01 (11:03): It is. Regulators heavily scrutinize how organizations present themselves. They look at claims about program impact. If you say, “We saved 10,000 puppies this year,” can you prove that? They also look at required disclosures in solicitations. You know those tiny blocks of text at the bottom of a donation letter?

SPEAKER_00 (11:19): The fine print that lists all the registration numbers.

SPEAKER_01 (11:22): Exactly. That fine print is legally required in many states. If it’s missing, or if the marketing claims don’t match the reality of the program, scrutiny follows. It is all about whether the donor is being misled.

SPEAKER_00 (11:36): It seems like there is a recurring theme here. We talked a little bit about it earlier, but I really want to dive deeper into it: the idea that success can actually be a problem.

SPEAKER_01 (11:45): Yes. It is the paradox of the nonprofit world. Success creates risk.

SPEAKER_00 (11:50): Explain that. Because usually, we think growth is purely good. More money equals more mission, right?

SPEAKER_01 (11:56): In theory, yes. But here is the core theme we really need to emphasize: Compliance tends to expand alongside fundraising growth, and organizations that review requirements periodically avoid most problems.

SPEAKER_00 (12:08): Okay, but that makes sense.

SPEAKER_01 (12:09): When an organization experiences rapid growth, they naturally encounter increased fundraising across state lines. They have higher donation volumes. They have greater public exposure—more people are watching them, more people are reading their emails and visiting their website.

SPEAKER_00 (12:23): So it’s just a visibility factor.

SPEAKER_01 (12:26): Exactly. Regulatory attention often follows growth simply because the activity is more visible. If you are a tiny local charity, you might fly under the radar. But if you are a multi-state organization raising millions of dollars, you are a blip on every single radar.

SPEAKER_00 (12:45): So the takeaway there isn’t “don’t grow.” It is “don’t grow without checking your blind spots.”

SPEAKER_01 (12:50): Precisely. You have to scale your compliance infrastructure at the exact same speed you scale your fundraising. You cannot run a $10 million organization with a $10,000 organization’s back office.

SPEAKER_00 (13:02): That is a really powerful insight. It is a growing pain. So you have to mature your operations to match your ambition.

SPEAKER_01 (13:08): Right.

SPEAKER_00 (13:08): Okay, so let’s play this out. Let’s say the inevitable happens—the letter arrives. We triggered a review. Maybe we missed a filing. Maybe a donor got mad about a van. The letter is sitting on my desk right now. What do I do?

SPEAKER_01 (13:21): First step: do not panic, do not shred it, and do not hide it in a drawer.

SPEAKER_00 (13:25): Good advice for life in general, honestly, but especially here.

SPEAKER_01 (13:29): Definitely. The initial contact is usually informational. They want updated filings, they want documentation, or they just want clarification.

SPEAKER_00 (13:40): So they are genuinely giving you a chance to explain.

SPEAKER_01 (13:42): Yes. And a timely, cooperative response usually resolves the matter without any escalation. If you ignore it, that is when it becomes an enforcement action. That is when fines start to accrue and legal action actually becomes a possibility. If you engage with it, it remains an administrative review.

SPEAKER_00 (14:01): So speed and transparency are your best friends here. Don’t ghost the regulator.

SPEAKER_01 (14:06): Absolutely do not ghost them. Treat them as a professional correspondent, not an enemy.

SPEAKER_00 (14:10): So how do we stop the letter from arriving in the first place? If we want to lower our risk profile, what is the prevention strategy? The cheat sheet.

SPEAKER_01 (14:19): It really comes down to four habits:

1. Maintain accurate registrations. Know exactly where you are registered and when it expires. Use a calendar.
2. Align messaging with filings. Ensure your marketing team and your finance team are looking at the exact same numbers. The website must match the tax form.
3. Periodically review your compliance status. Don’t just set it and forget it. Rules change.
4. Respond promptly to any correspondence. If the state asks a question, answer it.

SPEAKER_00 (15:07): It sounds so simple when you lay it out like that. It is really just about hygiene. Organizational hygiene.

SPEAKER_01 (15:12): That is a great way to put it.

SPEAKER_00 (15:14): So as we wrap this up, let’s look at the big picture here. We started this deep dive talking about panic and fear and sirens. But walking through this, it feels like the scary monster under the bed is actually just a very fastidious accountant.

SPEAKER_01 (15:28): That is the reality. State charity investigations are not typically about punishment. They aren’t trying to shut you down. They are about ensuring transparency and protecting public trust. They want the sector to be healthy so that donors feel safe giving their money.

SPEAKER_00 (15:42): So, in a way, the regulators are on our side. They’re keeping the ecosystem clean for everyone.

SPEAKER_01 (15:48): If you are a legitimate charity doing good work, the regulator is your partner in maintaining credibility.

SPEAKER_00 (15:54): I love that perspective shift. Before we go, what is one final thought you want to leave our listeners with today?

SPEAKER_01 (16:02): You know, we often hear nonprofit leaders complain about compliance. They view it as a hurdle to their mission. But I would argue that clear records and consistent reporting actually protect the mission.

SPEAKER_00 (16:16): How so?

SPEAKER_01 (16:17): They ensure that regulatory interactions remain boring, straightforward, and manageable. The goal shouldn’t be to avoid regulation. The goal should be to make your organization so transparent that the regulation is basically irrelevant to your day-to-day. A boring back office is a secure front line.

SPEAKER_00 (16:35): “A boring back office is a secure front line.” I am definitely writing that down. It is not about bureaucracy, it is about sustainability.

SPEAKER_00 (16:45): Well, this has been an incredibly enlightening conversation. I definitely feel a lot less anxious about the idea of a state letter now. It really feels like a solvable puzzle rather than a disaster.

SPEAKER_01 (16:56): That was the goal.

SPEAKER_00 (16:57): If you found this discussion helpful, you can find additional compliance guides and visual resources at ironwoodregistrations.com. Thanks for listening.