Nonprofits and Fraud: Maintaining Trust Through Defensible Data Accountability

By Brian Christian February 3, 2026

---

The U.S Internal Revenue Service (IRS) estimates that 1.8 million tax-exempt organizations currently operate in the United States, with an estimated $1.4 trillion in annual revenues. While they enjoy exemption from federal income taxes, any surplus funds are supposed to be reinvested into their missions. And theoretically, nonprofits are subject to stringent reporting and public transparency requirements because they receive taxpayer money. However, nonprofit fraud has become headline news, and demand is ratcheting up for investigation and stricter enforcement.

How Does Nonprofit Fraud Happen?

Whether nonprofits are innocently affected by fraud or perpetuating it, most is committed by individuals inside of the organization. They manipulate financial records to present a false picture of the organization’s financial status or health. They steal, divert, or misuse assets—the most common type of fraud. Or they abuse power for personal gain through bribery, conflicts of interest, and kickbacks.

When Trust Goes Out the Window

Nonprofits are especially vulnerable because they typically lack the robust internal controls and oversight characteristic of large enterprises. They operate with limited resources. And they often rely on volunteers and committees who don’t have appropriate expertise.

In 2025 alone, charity scandals revealed fraud in the hundreds of millions of dollars. These are just a few:

• Feeding Our Future: Officials at Feeding Our Future have been prosecuted and convicted for stealing $250 million from federal social welfare programs. The organization’s nonprofit status was revoked by the IRS in February, 2020 for not meeting IRS reporting requirements for the previous three years, yet it continued to advertise itself as a nonprofit. Defrauding of Minnesota’s Child Care Assistance Program goes back more than 10 years. The U.S. Department of Justice is currently prosecuting nearly 80 individuals from this and related Minnesota public programs fraud with potential losses of taxpayer funding reaching $9 billion.
• New Heights Community Resource Center: The executive director siphoned $10 million from federal programs supposed to feed low-income children.
• San Francisco Parks Alliance: Diverted more than $3.8 million earmarked for park projects for other purposes.
• VDARE Foundation: The leaders diverted at least $2 million in charitable assets for personal benefit.
• Hope Florida: Distributed funds without disclosing key financial data and had no document retention policy.
• D.E.L.T.A. Rescue: Questionable governance and misleading financial reporting stated that it granted more than $2.5 million to related organizations, none of which reported receiving the money.
• Baltimore Children and Youth Fund: Taxpayer-funded, it spent $10 million on consulting fees since 2020 and used 40% of its 2024 budget for administrative costs and not grants.
• Colorado Amateur Hockey Association: The director diverted more than $579,000 to his private business.

Demand for Crackdown on Fraud

These and other fraud scandals are driving a growing demand for investigation and serious reform. On January 20, 2026, the U.S. House Ways and Means Committee called on the IRS and U.S. Treasury Department to overhaul oversight of the non-profit sector. The request represents an aggressive congressional push to revoke tax-exempt status where warranted, expand audits, and rein in systemic failures in policing the nonprofit sector.

Best Defense: Data Accountability

Successful defense against compliance, fraud prevention, and data sovereignty challenges depends on data. Nonprofits need the ability to fully see, validate, and document data flows within the organization. It’s not enough to know where data is stored, who has access rights, and which security measures are protecting the repository—and many nonprofits lack even this basic data oversight. It’s not even enough to discover and classify data. Compliance today means being able to account for all of the organization’s data and its behavior wherever it moves, and however it’s used in any situation.

Here are the five steps every nonprofit should take to build defensible data accountability against compliance challenges:

1. Revisit and/or establish your data standards
2. Know your data
3. Benchmark and track data behavior
4. Establish compliance controls with data policy
5. Document everything with a data chain of custody

Learn more about these steps with Surviving Global Data Sovereignty Regulation. The same steps enable you to build defensibility no matter what level of compliance demands must be met.

 

Deploy Defensible Accountability in Minutes

Flying Cloud CrowsNest deploys in minutes to give you real-time visibility into your data and compliance status on networks, in clouds, and across clouds. We’re the only solution that enables you to:

• Protect donor, client, and grant data in real time
• Track chain of custody for every email, as well as attachments and other files
• Set policies on how data is allowed to behave and where it can go
• Track compliance status at a glance
• Avoid vendor lock-in and bundle pricing
• Start protecting your data in minutes without adding staff or resources

 

Get Help

As an Oracle Cloud Infrastructure and Google Cloud Platform partner, we can help you quickly implement a sound data accountability strategy without rearchitecting your world. For more information, request a meeting.