10 Essential Policies for Canadian Charities & Nonprofits

Operating a charity or nonprofit in Canada means more than just fulfilling a mission; it also involves managing the legal, financial, and ethical responsibilities that come with running an organization. One of the most important ways to ensure smooth operations and compliance with Canadian laws is by implementing clear, comprehensive policies. These policies help establish trust, protect the organization's assets, and maintain transparency with the public, donors, and employees.

Quick Policy Checklist: Does Your Charity Have These?

Use this checklist to assess your organization's policy readiness. A well-governed charity should have all of these policies documented and accessible to board members, staff, and volunteers.

□ Code of Conduct Policy – Ethical standards for everyone in your organization
□ Conflict of Interest Policy – Disclosure and management of personal interests
□ Financial Management Policy – Budgeting, expenses, and financial controls
□ Privacy and Confidentiality Policy – Protection of personal and sensitive data
□ Human Resources Policies – Fair employment practices and workplace standards
□ Whistleblower Protection Policy – Safe reporting of misconduct
□ Anti-Discrimination Policy – Prevention of harassment and discrimination
□ Risk Management Policy – Identification and mitigation of organizational risks
□ Volunteer Management Policy – Recruitment, training, and support for volunteers
□ Fundraising and Donor Stewardship Policy – Ethical fundraising practices

Missing more than 3 policies? Your organization may be at risk for compliance issues or operational challenges. Read on to understand why each policy matters and how to implement them effectively.

Are Policies Important for Charities and Nonprofits?

Policies are essential for any organization, as they establish clear expectations for behavior, processes, and decision-making. For Canadian charities and nonprofits, whether registered in Toronto, Ontario (which has the highest amount of registered charities in the country) or across this great nation, these policies ensure compliance with laws such as the Canada Not-for-Profit Corporations Act (CNCA) and regulations from the Canada Revenue Agency (CRA).

For Ontario-incorporated charities, the Ontario Not-for-Profit Corporations Act (ONCA), which came into effect on October 19, 2021, governs corporate operations and includes specific requirements for conflict of interest policies and audit procedures.

By implementing appropriate policies, organizations can prevent internal issues like misconduct and financial mismanagement while also promoting a culture of transparency and accountability.

Understanding Policies vs. Procedures

Many charities confuse policies with procedures, but understanding the difference is crucial for effective governance.

Policies define the "what" and "why" – they establish rules, principles, and guidelines that govern your organization's operations. Policies are broad statements that reflect your organization's values and legal obligations. For example, a conflict of interest policy states that board members must disclose potential conflicts and that decisions must be made in the organization's best interest.

Procedures define the "how" – they are step-by-step instructions for implementing policies. Procedures are detailed and specific. For example, a conflict of interest procedure would outline exactly how a board member completes a disclosure form, when they must recuse themselves from discussions, and how the board documents the conflict resolution.

Think of it this way: Your financial management policy establishes that expenses over $5,000 require board approval. Your financial management procedure explains the exact steps to submit an expense request, who reviews it, the timeline for approval, and how the decision is recorded.

Most organizations need both policies and procedures, but policies should be established first as they provide the framework for developing effective procedures.

Provincial Considerations for Canadian Charities

While federal law governs all registered Canadian charities through the Income Tax Act and CRA regulations, provincial laws may also affect your organization's policies, particularly in these areas:

Employment Standards: Each province has its own employment standards legislation that affects HR policies. For example, Ontario's Employment Standards Act sets minimum requirements for vacation time, termination notice, and workplace rights that must be reflected in your HR policies.

Privacy Laws: While PIPEDA applies federally and in most provinces, British Columbia (PIPA), Alberta (PIPA), and Quebec (Law 25) have their own privacy legislation. Charities operating in these provinces must ensure their privacy policies comply with provincial requirements.

Fundraising Regulations: Charitable fundraising is regulated at the provincial level. Some provinces require registration before conducting fundraising activities or have specific rules about lottery licenses, gaming events, or door-to-door solicitation.

Corporate Governance: If your charity is incorporated provincially (such as under Ontario's Not-for-Profit Corporations Act, 2010), your governance policies must align with provincial corporate law requirements in addition to federal charity regulations.

Ontario-incorporated charities should note that ONCA contains specific requirements for conflict of interest policies, director duties, and audit procedures that must be reflected in organizational policies.

Public Policy and Advocacy Activities: Understanding your charity's ability to engage in advocacy is crucial for policy development. As of 2018, the CRA abolished the previous 10% limit on non-partisan political activities. Under current CRA guidance (CG-027), registered charities can now engage in unlimited Public Policy Dialogue and Development Activities (PPDDAs), provided these activities are non-partisan and further a charitable purpose. This means your policies should not restrict advocacy activities based on outdated percentage limits. Instead, governance policies should ensure that any public policy activities remain non-partisan, subordinate to charitable purposes, and properly documented. Organizations involved in advocacy work should develop clear policies outlining how they ensure compliance with these requirements while maximizing their ability to influence public policy in their areas of charitable work. 

When developing policies, organizations should consult both federal CRA guidelines and relevant provincial legislation to ensure comprehensive compliance.

10 Policies Every Canadian Charity & Nonprofit Should Have

‍

Every Canadian charity and nonprofit needs clear, effective policies to operate legally and responsibly. Here are 10 essential policies every organisation should have in place.

1. Code of Conduct Policy

A Code of Conduct and Ethics Policy lays out the expectations for how all members of the organization, from board members to volunteers, should behave. It promotes a positive work environment where integrity, respect, and transparency are prioritized.

• Why it's important: This policy helps set the ethical framework for your organization, guiding decisions and actions.
• What it includes: Guidelines for ethical behavior, reporting procedures for violations, and how to handle conflicts of interest.

Real-World Example: A youth mentorship charity discovered that one of its volunteer mentors was using their position to promote their private tutoring business to program participants. Because the organization had a clear code of conduct that prohibited using volunteer roles for personal business gain, they were able to address the situation immediately and remove the volunteer while documenting the proper handling of the issue.

2. Conflict of Interest Policy

To maintain trust with stakeholders, including donors and the public, charities and nonprofits need to prevent conflicts of interest that could affect their decision-making. A Conflict of Interest Policy outlines how board members, staff, and volunteers should disclose any personal interests that may interfere with the organization's objectives.

For Ontario-incorporated charities, ONCA requires directors and officers to disclose conflicts and comply with specific procedural requirements when conflicts arise.

• Why it's important: This ensures that decisions are made in the best interest of the organization, not for personal gain.
• What it includes: Clear examples of conflicts of interest, how to disclose conflicts, and steps to resolve potential issues.

3. Financial Management Policy

Charities and nonprofits must maintain financial transparency, especially when managing donations, grants, and other funds. A Financial Management Policy outlines the management of finances, ensuring the responsible use of funds while adhering to legal standards.

• Why it's important: This policy helps ensure proper handling of donations and grants, keeping the organization in good standing with the CRA.
• What it includes: Budgeting processes, expense management, approval procedures, and financial reporting requirements.

Real-World Example: A community arts charity implements a financial management policy requiring two signatures on all cheques over $1,000 and board approval for any expenses exceeding $5,000. When their executive director wants to purchase new sound equipment costing $7,500, they must present a proposal to the board showing quotes from three suppliers, demonstrating fair market value, and explaining how the purchase aligns with the charity's programs. This process prevents impulsive spending and ensures board oversight of significant financial decisions.

4. Privacy and Confidentiality Policy

Handling sensitive information is part of running a charity or nonprofit, from donor details to client data. A Privacy and Confidentiality Policy ensures that personal and sensitive data is collected, stored, and used in compliance with privacy laws like PIPEDA (Personal Information Protection and Electronic Documents Act).

• Why it's important: Protecting the privacy of donors, clients, and employees helps build trust and ensures compliance with Canadian privacy laws.
• What it includes: Data collection practices, access controls, and breach protocols.

Real-World Example: A homeless shelter charity collects sensitive personal information from clients, including health conditions, addiction histories, and government identification numbers needed to access social services. Their privacy policy clearly outlines what information is collected, why it's necessary, how long it's retained, who can access it, and how it's secured both physically (locked filing cabinets) and digitally (password-protected databases with limited user access). When a client requests to review their file or asks that certain historical information be removed, the policy provides clear procedures for honoring these requests while maintaining records required for funding compliance.

5. Human Resources Policies

For charities and nonprofits that employ staff, HR policies are crucial for setting expectations and ensuring fair treatment. These policies outline how employees are hired, trained, evaluated, and treated throughout their employment.

• Why it's important: HR policies ensure that all employees are treated fairly and legally in accordance with Canadian employment laws.
• What it includes: Hiring practices, anti-discrimination policies, workplace safety measures, and employee conduct expectations.

Real-World Example: An immigrant settlement services charity develops comprehensive HR policies covering recruitment (requiring diverse hiring panels to reduce bias), onboarding (including cultural sensitivity training), performance management (with clear evaluation criteria and regular feedback), and termination procedures (ensuring proper documentation and compliance with employment standards). When they need to terminate an underperforming program coordinator, the HR policy requires documentation of performance issues, a performance improvement plan with specific goals, regular check-ins, and a clear timeline. This protects both the employee's rights and the organization from potential wrongful dismissal claims.

6. Whistleblower Protection Policy

A Whistleblower Protection Policy allows individuals to report misconduct or unethical behavior without fear of retaliation. For charities and nonprofits, this is vital for maintaining transparency and accountability.

• Why it's important: It protects the individuals who come forward and helps maintain a transparent and ethical environment.
• What it includes: How to report issues, assurance of confidentiality, and protection against retaliation.

Real-World Example: A health advocacy charity establishes a whistleblower policy that provides multiple reporting channels: an anonymous tip line, a confidential email address monitored by the board chair, and the option to report directly to an external lawyer. When a staff member discovers that the executive director is submitting inflated expense reports, they can report this anonymously through the tip line. The policy requires the board to investigate all reports within 30 days, prohibits any retaliation against the whistleblower (including subtle actions like workload changes or exclusion from meetings), and outlines the consequences for anyone who retaliates. This encouraged the staff member to report the fraud early, preventing more significant financial losses.

7. Anti-Discrimination Policy

An Anti-Harassment and Discrimination Policy is essential for creating a safe, respectful environment for everyone involved in your charity or nonprofit. This policy outlines acceptable behaviors and the steps for handling complaints of harassment or discrimination.

• Why it's important: It helps prevent and address harassment or discrimination, ensuring a positive and inclusive environment.
• What it includes: Definitions of harassment and discrimination, reporting procedures, and disciplinary actions for violations.

Real-World Example: A multicultural community services charity develops a comprehensive anti-discrimination policy that defines discrimination and harassment based on all protected grounds under human rights legislation (race, ethnicity, religion, gender, sexual orientation, age, disability, etc.). When a volunteer complains that another volunteer made repeated comments about their accent and suggested they "learn to speak properly," the policy provides a clear investigation process. A designated harassment officer (trained in investigations) interviews both parties confidentially, reviews any witnesses or documentation, and determines whether discrimination occurred. The policy outlines progressive discipline, which in this case resulted in mandatory diversity training for the offending volunteer and a written warning. The policy also requires the organization to examine whether systemic issues contributed to the incident and to implement preventive measures.

8. Risk Management Policy

Every organization faces risks, whether financial, operational, or reputational. A Risk Management Policy helps charities and nonprofits identify potential risks and develop strategies to manage them effectively.

• Why it's important: This policy allows the organization to be prepared for unexpected situations, minimizing negative impacts.
• What it includes: Risk identification, assessment, and mitigation strategies, along with emergency response plans.

Real-World Example: An outdoor education charity that runs summer camps for children develops a comprehensive risk management policy. They conduct an annual risk assessment identifying potential hazards: severe weather events, medical emergencies, transportation accidents, child safety incidents, financial risks (enrollment shortfalls), and reputational risks (social media crises). For each risk, they document the likelihood and potential impact, then establish mitigation strategies – maintaining insurance coverage, training all staff in first aid, implementing strict child supervision ratios, conducting background checks, diversifying funding sources, and creating a crisis communication protocol. When a severe thunderstorm hits during a camp session, staff follow the emergency weather protocol, ensure all children are accounted for and sheltered safely, notify parents promptly, and document the incident. Because risks were identified and planned for, a potentially dangerous situation was managed effectively.

9. Volunteer Management Policy

Volunteers are often the backbone of charities and nonprofits, and a Volunteer Management Policy helps ensure that volunteers are properly recruited, trained, and managed. This policy also provides clear expectations and roles for volunteers.

• Why it's important: It helps charities effectively manage volunteer resources, ensuring they feel supported and valued.
• What it includes: Recruitment procedures, training, safety measures, and how to evaluate volunteer performance.

Real-World Example: A food bank charity develops a comprehensive volunteer management policy. Recruitment includes a simple application process, an interview to assess skills and interests, a criminal background check for volunteers handling cash or working unsupervised, and reference checks for volunteers in leadership positions. New volunteers complete an orientation covering the organization's mission, confidentiality expectations, safety procedures, and their specific role responsibilities. The policy establishes that volunteers receive the same anti-harassment protections as staff, are covered by the organization's liability insurance, and can access expense reimbursement for pre-approved costs. Regular volunteer recognition (thank you events, milestone celebrations, volunteer spotlights in newsletters) is built into the policy. When a volunteer's behavior becomes problematic – repeatedly arriving late or being rude to clients – the policy provides a progressive approach similar to staff management: informal coaching, written expectations, and if necessary, ending the volunteer relationship.

10. Fundraising and Donor Stewardship Policy

This policy outlines how a charity or nonprofit solicits donations and stewards donor relationships. It ensures that fundraising practices are transparent, ethical, and in line with Canadian laws governing charitable fundraising.

• Why it's important: It protects the integrity of fundraising efforts, ensuring donors trust that their contributions are being used as intended.
• What it includes: Fundraising guidelines, donor recognition practices, and how to handle restricted funds.

Real-World Example: An animal rescue charity implements a comprehensive fundraising policy. It establishes that all fundraising materials must clearly state the charity's registration number and accurately describe how funds will be used. When a donor makes a $10,000 contribution specifically for a new veterinary clinic, the policy requires the charity to track this restricted donation separately, use it only for the designated purpose, and provide the donor with updates on the project's progress. The policy prohibits percentage-based fundraising (where fundraisers keep a percentage of donations raised) and requires written agreements with any professional fundraisers outlining compensation structure and ethical standards. Donor information is kept confidential and never sold or shared. The charity maintains a gift acceptance policy declining donations that don't align with their mission – when someone offers to donate exotic animals that the charity can't properly care for, they respectfully decline.

The policy also addresses legacy giving and estate donations, ensuring proper procedures when the charity is named as a beneficiary. In Ontario, where the correct legal term is "estate trustee" rather than "executor" under the Succession Law Reform Act, the policy uses appropriate terminology and outlines how the charity works with estate trustees to receive bequests properly.

Recognition practices are outlined: donations under $500 receive a donation receipt and thank you letter; donations over $500 also receive a personal phone call; major donors are invited to special events.

Common Policy Mistakes to Avoid

Even organizations with policies in place can undermine their effectiveness through these frequent errors:

1. Creating Policies That Aren't Actually Followed

The most dangerous policy situation is having written policies that exist only to satisfy compliance requirements but aren't actually implemented. This demonstrates governance failure and creates greater liability than having no policy at all. When problems arise, having an ignored policy proves the board knew about the risk and failed to address it. Ensure policies reflect your organization's actual practices, not idealized versions of what you wish you did.

2. Failing to Distinguish Between Policies and Procedures

Many organizations create documents that confuse policies with detailed procedures. Policies should be relatively stable governance documents approved by the board that outline principles and parameters. Procedures are operational documents that can be updated by management as processes evolve. When you combine them, you force the board to approve minor procedural changes constantly, or you find that your board-approved policies quickly become outdated because the actual steps have changed.

3. Using Template Policies Without Customization

Downloading a policy template from the internet or copying another charity's policies might seem efficient, but it creates significant problems. Templates don't reflect your organization's size, programs, jurisdiction, or specific risks. A policy designed for a large multi-staff charity won't work for a small volunteer-run organization. Provincial laws vary, so an Alberta charity can't simply adopt Ontario-specific policies. Customize every policy to your actual context, and ensure language reflects what your organization actually does.

4. Not Tailoring Policies to Organization Size

Small charities often feel overwhelmed trying to implement policies designed for large organizations, while large charities sometimes rely on informal practices suitable only for small groups. A charity with three staff members doesn't need the same elaborate HR infrastructure as one with 50 employees, but it still needs basic written policies. Conversely, large organizations can't rely on informal understanding and personal relationships – they need documented systems.

5. Neglecting Policy Training and Communication

Creating policies and filing them away doesn't achieve anything. Board members must receive training on governance policies during orientation and annually thereafter. Staff and volunteers need training on policies relevant to their roles. Make policies accessible – keep them on your shared drive, in your volunteer handbook, or on your internal website. When policies are updated, communicate the changes clearly and provide refresher training if needed.

6. Creating Policies But Failing to Enforce Them

Selective enforcement of policies destroys trust and creates liability. If your expense policy requires receipts for all reimbursements but you waive this requirement for the executive director, you've created a problematic double standard. If your conflict of interest policy requires annual disclosures but you only ask for them when convenient, the policy becomes meaningless. Enforce policies consistently across all people and situations, or change the policy to reflect what you'll actually do.

7. Forgetting to Review and Update Policies Regularly

Laws change, organizational contexts evolve, and policies need regular review. A policy created in 2015 before remote work was common won't address current needs. Review all policies at least annually, and immediately when there are legal changes, regulatory updates, or organizational restructuring. Assign responsibility for policy review to a specific board committee (usually governance committee) with a defined schedule.

Policy Implementation Timeline: A Practical Approach

Implementing all essential policies at once can overwhelm organizations, particularly smaller charities with limited capacity. Here's a realistic timeline for developing and implementing comprehensive policies:

Phase 1: Foundation Policies (Months 1-2)

Priority policies that protect your organization from immediate risk:

• Conflict of Interest Policy – Prevents governance problems and is scrutinized by CRA
• Financial Management Policy – Ensures proper handling of charitable funds
• Code of Conduct Policy – Establishes ethical framework for operations

These three policies address the most common areas of compliance failure and should be your first priority. Even basic versions of these policies provide more protection than having none. The board should approve these policies before moving to the next phase.

Phase 2: People Management Policies (Months 3-4)

Policies that govern how you work with people:

• Human Resources Policies (if you have employees)
• Volunteer Management Policy (if you have volunteers)
• Anti-Discrimination Policy (essential for all organizations)
• Privacy and Confidentiality Policy (required for handling personal information)

These policies protect both your organization and the people involved in it. They address legal requirements under employment law, human rights legislation, and privacy law. Develop these policies after your foundation is established.

Phase 3: Operational Policies (Months 5-6)

Policies that strengthen operations and risk management:

• Risk Management Policy – Identifies and mitigates organizational risks
• Fundraising and Donor Stewardship Policy – Ensures ethical fundraising practices
• Whistleblower Protection Policy – Creates accountability mechanisms

These policies move you from basic compliance to operational excellence. While important, they can be implemented after core policies are in place.

Ongoing: Review and Refinement (Every 6-12 months)

Continuous improvement process:

• Review each policy annually, even if no changes are needed
• Update policies immediately when laws change or organizational context shifts
• Collect feedback from staff, volunteers, and board members about policy effectiveness
• Document all policy revisions with version dates and track changes
• Provide refresher training when policies are updated

Tips for Successful Implementation:

• Start with what you can manage: A simple, clear policy that's actually used is better than a comprehensive policy that sits in a drawer
• Get input: Involve people affected by policies in their development – staff input on HR policies, volunteers input on volunteer policies
• Assign responsibility: Designate someone (board committee, executive director, governance lead) responsible for driving policy development forward
• Use existing resources: Many provincial nonprofit associations, community foundations, and legal clinics offer policy templates specific to Canadian charities
• Document board approval: All policies should be formally approved by board resolution, with the date recorded in minutes
• Communicate clearly: Once approved, ensure everyone affected knows the policy exists and where to find it

For very small organizations (all-volunteer boards with no staff), consider developing fewer, more comprehensive policies that combine related areas. For example, a single "Governance Policy" might incorporate code of conduct, conflict of interest, and board operations rather than three separate documents.

The Importance of Regular Policy Reviews

While having policies in place is critical, they should also be reviewed and updated regularly. Changes in the law, evolving organizational needs, and feedback from staff or volunteers may require adjustments. A regular review schedule, ideally once a year, ensures that policies stay relevant and effective.

• Review Process: Review policies at least annually, and consider conducting additional reviews when there are changes to the law or organizational structure.
• Get Expert Advice: Consult legal experts or professionals in nonprofit law to ensure policies are up-to-date and comply with current regulations.

Key Benefits of Having Clear Policies

Implementing and adhering to policies offers several key benefits for Canadian charities and nonprofits, including:

• Ensuring Legal Compliance: Policies help ensure that your organization complies with Canadian laws like the CNCA (or ONCA for Ontario-incorporated charities) and CRA guidelines for registered charities. 
• Enhancing Transparency: Clear policies build trust with donors, volunteers, and the public, demonstrating your commitment to ethical practices.
• Protecting Your Organization: Well-crafted policies help protect the organization's financial and reputational health by identifying potential risks and providing protocols to address them.
• Streamlining Operations: Policies make it easier to manage day-to-day operations, improving efficiency and consistency.

Conclusion

For Canadian charities and nonprofits, policies are essential—not just guidelines. They play a crucial role in ensuring legal compliance, protecting the organization, and promoting transparency. By implementing these essential policies, your charity can establish a strong foundation for success, earn public trust, and concentrate on what matters most: making a positive impact in the community.

Need help developing or reviewing your charity's policies? B.I.G. Charity Law Group specializes in helping Canadian charities establish governance frameworks that satisfy CRA requirements. Our experienced charity lawyers can review your existing policies, identify gaps, and create customized solutions for your organization. Contact us at 416-488-5888 or dov.goldberg@charitylawgroup.ca.

Schedule a FREE consultation to discuss how we can strengthen your governance framework and ensure CRA compliance. Visit CharityLawGroup.ca to learn more about our services and access additional resources for Canadian charity leaders.

Frequently Asked Questions

What policies are legally required for Canadian charities?

The CRA doesn't mandate specific policies but strongly expects conflict of interest policies. Charities must comply with the Income Tax Act and demonstrate proper governance. Provincial laws may require specific policies: employment standards affect HR policies, privacy laws require privacy policies, and provincial corporate laws (like ONCA for Ontario charities) include conflict of interest and audit requirements. Organizations serving vulnerable populations must comply with sector-specific regulations around child protection.

How often should charity policies be reviewed and updated?

Review policies at least annually. Update immediately when laws change, organizational structure shifts, or problems reveal gaps. Many organizations review different policies quarterly to avoid overwhelming board meetings.

What happens if a charity doesn't have proper policies in place?

Absent policies create serious risks: CRA compliance issues threatening charitable status, increased liability, denied insurance claims, limited funding opportunities, potential board member liability, and reputational damage. The CRA can revoke charitable status for persistent governance failures.

Are nonprofit policies different from charity policies in Canada?

Yes. All registered charities are nonprofits, but not all nonprofits are registered charities.

Non-Profit Organizations (NPOs) under paragraph 149(1)(l) must meet strict annual tests. Unlike charities, NPOs aren't fully tax-exempt and cannot issue donation receipts. NPO policies must ensure no proprietary interests are available to members.

Registered charities face additional CRA regulations requiring policies for conflict of interest, financial management, and fundraising practices.

What are the CRA's requirements for charity policies?

The CRA doesn't mandate specific policies but expects sound governance. During reviews, the CRA examines whether policies ensure charitable use of resources, prevent private benefit, maintain adequate records, and manage conflicts of interest. The CRA wants proof policies are followed through minutes showing disclosures and recusals. Absent governance policies can contribute to charitable status revocation.

Can charities engage in political or advocacy activities?

Yes. Since 2018, the CRA abolished the 10% limit. Under CRA Guidance CG-027, charities can engage in unlimited Public Policy Dialogue and Development Activities (PPDDAs) if they're non-partisan and further charitable purposes. Policies must ensure activities remain non-partisan and properly documented.

‍