How Modern Tzedaka Organizations Can Be More Effective
Modern financial and IT standards work
What, exactly, does the word “Effective” in the title mean? It’s referring to two things:
The ability to reliably and efficiently convert the highest percentage of a charity’s funds to actual program value - rather than wasting money on unnecessary administration or fundraising costs
The ability to communicate to potential donors the message that a charity is genuinely committed to transparency and compliance - thereby attracting more and larger donors
I believe that many of the problems discussed in the previous article (The Economics of the Modern Tzedaka Industry) can be solved by charities themselves. And it’s all about choosing to become more effective.
Identifying Problems
What can donors themselves do? Unfortunately, very little. We know that some fraud exists in the industry, and we also know that many, many perfectly honest organizations spend 70 or 80% (or more) of their budgets on fundraising expenses. But sitting in my house with my pen poised over an open check book, there’s not a lot I can do to figure out which organizations are which.
Despite the existence of a wealth of public data on the internet, there’s surprisingly little useful information available that’s specific to individual tzedakos. When it comes to US-based organizations, for instance, you can search reports on the charitynavigator.org site, but you won’t get too far. That’s because, as I mentioned in the previous article, very few mosdos file Form 990, so there’s really no public financial information to see. Similarly, few mosdos have enough of an internet presence to make web searches helpful.
When it comes to Israeli organizations, many of us will struggle with the language and with inexperience with the Israeli bureaucracy. That’ll make it harder to tap into whatever government resources might exist.
I personally wouldn’t recommend starting a tzedaka-focused customer review service using the Yelp model because there would be no way to control for manipulation and the spreading of vague, unsubstantiated rumors. It’s also unlikely that such a service would ever be adopted at a enough of a scale to be widely useful.
However it is worthwhile to break tzedakos down into multiple categories:
Large and well-known organizations like, say, Mir Yerushalayim
Organizations with which you’ve had a direct and personal connection over time
Previously unknown organizations or individuals that reach out to you directly (in shul, at your front door, or by phone)
Organizations that come to your attention through the internet
Organizations that reach out through unsolicited email campaigns
I think it’s obvious that we don’t have to be too concerned about the first two of those. Although you should be careful to confirm it’s actually an appeal from Mir you’re responding to: spoofing and identity theft are well-known scams out there in the wider world. I haven’t yet heard about them being used in the frum community, but it’s only a matter of time.
It’s usually impractical to properly validate individuals fitting the third category. We should probably never turn anyone away empty-handed just because we’re unsure about them, but we might want to save our larger donations for better-confirmed causes.
The final two categories are more difficult to address. I’ve seen enough problems that I prefer something a bit more substantial than a sad story and a link to a credit card processing site. For such cases, perhaps the organizations themselves should take the initiative.
How Organizations Can Help Themselves
So what can (and should) all tzedaka organizations do? Here are some ideas:
Have regular financial audits performed and make the resulting documents (including financial statements) publicly available through your website.
Ensure that your board of directors includes at least a couple of individuals who aren’t connected to the organization, and publish the names and bios of all directors.
Create and publicize a privacy policy that governs the way you store and, eventually, destroy all personal information.
Create and publicize a policy to secure your IT infrastructure including, if appropriate, regular penetration and vulnerability testing.
Make sure you NEVER process credit card transactions yourself unless your organization is verified PCI-DSS compliant. Otherwise, use only third-party transaction tools like Stripe, Square, or Shopify.
If your operating model involves moving funds between other non-profits, explain why.
Make it easy for people to contact you with complaints and suggestions.
Expect things to go wrong from time to time and build a system that identifies and fixes problems fast.
This list will sound intimidating and expensive at first. and it is intimidating and expensive. In fact, it only gets worse the more you learn about it. You can trust me on this one: I happen to teach a lot of this stuff for a living.
But the return on your investment will be significant. And when (not if) you’re hit with a cyber attack, the costs of not doing it will be far greater.
Just imagine the consequences if a major yeshiva with a budget in the tens of millions of dollars was hit with a ransomware attack. You may argue that most yeshivos have very little IT infrastructure, so how bad could such an attack be? Well think about how much fun it would be if their complete donor lists - along with home addresses, mobile phone numbers, and credit card information - suddenly appeared on the dark web, available for public download.
Who’s already Doing it Right
It’s not all bad news here. Take Chai Lifeline as an example. Their website has a page clearly outlining their privacy policy, that includes this:
“Chai Lifeline is PCI compliant. We do not store your credit card information after the transaction is completed…”
And Amudim is another excellent example. They do a great job with transparency, showing us who their board members are and giving us access to historical audits and financial reports.
I’m not saying it’s impossible for anything to go wrong with such organizations, but it would definitely be a whole lot less likely.
If enough of us commit to focusing most of our tzedaka spending on organizations that invest in audits and full transparency, the market can change itself. Non-compliant mosdos will, on their own, recognize the value of improving their processes and upping their game. Which means that we’ll all have many more valuable organizations to choose from, and hopefully we’ll all give - and accomplish - more.
Spread the word. And be in touch with your own ideas.