The Compliance Blind Spot
Running a NGO in India is not simple work.
You're dealing with income tax obligations under 12A and 80G. FCRA if you receive foreign donations. POCSO Rules if your programs involve children. PoSH if you have women on staff. ESI and EPF once your headcount crosses certain thresholds. Professional Tax in certain states. Annual filings, board meeting requirements, auditor appointments, utilisation certificates for grants.
Each of these has its own deadline, its own documentation requirement, its own consequence for non-compliance.
And yet, in most NGOs, the answer to "are we compliant?" is some version of: "We think so. We haven't heard otherwise."
That's not a governance posture. That's hope.
What Gaps Actually Look Like in Practice
Compliance gaps don't usually announce themselves. They accumulate quietly, over months, sometimes years — until something forces them into view.
It might be a statutory notice about a missed filing. A grant-making organisation asking for documentation your team scrambles to locate. A board member at an AGM asking a pointed question about a regulatory requirement nobody had tracked. Or an auditor arriving with a checklist you've never seen before.
By that point, you're not managing compliance. You're managing a crisis.
The harder truth is that most of these gaps aren't the result of negligence. They're the result of not having a structured way to check. NGO administrators are busy people. Program work comes first. Compliance review is something that gets scheduled and then postponed, because nothing feels immediately urgent — until it does.
Eight Areas Where Indian NGOs Are Most Exposed
Based on what we've seen across the sector, these are the domains where governance gaps most commonly show up:
1. Statutory Compliance
This is the widest category — and the one with the most conditional requirements. FCRA filings, 80G renewal, annual returns under the Income Tax Act, state-level registrations. Many trusts are strong on the basics but have never audited their conditional obligations — the ones that only apply if you receive foreign donations, or have paid staff, or work with children.
2. Finance and Accounting
Books of accounts maintained correctly. Utilisation certificates issued on time. Internal financial controls in place. Salary compliance — TDS deducted, Form 16 issued. These are areas where a single missed step creates a thread that, when pulled, unravels quickly during an audit.
3. Governance
Board meeting frequency. Minutes recorded and signed. Conflict of interest policies. Succession planning. These feel administrative until a funder asks for proof, or a trustee dispute arises and there's no documented record of how decisions were made.
4. Human Resources
This domain is invisible to many trusts until it isn't. PoSH compliance requires an Internal Complaints Committee the moment you have 10 or more employees. ESI applies at 10. EPF applies at 20. Child protection policies are legally required under POCSO Rules 2020 if your work involves regular contact with children. Most trusts with growing teams haven't kept pace with these thresholds.
5. MIS and Technology
Data security policies. Backup procedures. Access controls on sensitive beneficiary information. This is an emerging area of governance, but funders — especially international ones — are increasingly asking about it.
6. Leadership and Strategy
Does your trust have a documented vision and strategy? Is there a succession plan for key leadership roles? Is organisational learning built into your processes? These questions distinguish well-governed trusts from ones that are entirely dependent on one or two individuals.
7. Program Planning and Management
Theory of change, M&E frameworks, baseline data, program documentation. Funders expect this. It also determines whether your programs can be evaluated, replicated, or scaled.
8. Fundraising and Marketing
Donor receipts issued correctly. Acknowledgement practices. 80G receipts with the right format and information. Communication practices that meet donor expectations. Small errors here cause donor attrition that never gets attributed to the real cause.
The Problem with Self-Assessment by Feel
Many NGO administrators would say, if asked, that they have a general sense of where they're compliant and where they're not.
But general sense is not the same as structured review.
When compliance is tracked by intuition — by what you remember, what your CA mentioned last year, what came up at the last board meeting — you're always working from an incomplete picture. You're likely strong in the areas you've recently been tested on, and quietly exposed in the areas you haven't thought about.
A structured self-assessment changes that. It forces you to answer specific questions, domain by domain, without being able to skip the uncomfortable ones. It shows you where you're strong, where you're weak, and — crucially — where you're exposed without knowing it.
Why We Built a Free Compliance Self-Assessment
We built the Compliance Self-Assessment tool at ManageMyTrust because we kept seeing the same pattern: trusts that were doing genuinely good work, but had never had a structured way to look at their own compliance health.
The tool covers all eight domains above. It takes 10 to 15 minutes. There's no login required. You answer questions about your trust — its type, its staff size, whether you receive foreign donations, whether you work with children — and the questionnaire adapts to your context. FCRA questions only appear if you receive foreign donations. HR domain questions only appear if you have paid staff. The questions you see are the questions that are actually relevant to you.
When you complete it, you get a personalised gap analysis report — free, in your inbox. It shows your overall compliance score, your score in each domain, and a full list of gaps ranked by severity. Not a generic report. One that reflects your specific organisation.
The point isn't to alarm anyone. Most trusts will score reasonably well in some areas and have gaps in others. That's normal. The value is in knowing — clearly, specifically, structured — where you stand.
What to Do With the Results
Once you have your gap report, the path forward is usually clearer than expected.
Some gaps are quick wins — a policy document that needs to be drafted, a committee that needs to be constituted, a filing that's overdue. These can be addressed in days.
Some gaps are structural — processes that don't exist yet, record-keeping that needs to be built from scratch, governance practices that need to be formalised. These take longer but are manageable once you can see them clearly.
And some gaps are ones you'll want to raise with your CA, your legal advisor, or your board at the next meeting — because they touch on areas where you need professional guidance before acting.
The report gives you the full list. What you do with it is up to you. But you can't prioritise what you can't see.
Start With Knowing
The trusts that are most resilient — the ones that sail through audits, that retain donor trust, that attract serious funders — aren't necessarily the ones doing the most complex work. They're the ones that know where they stand.
They've done the internal review. They've identified their gaps. They've built systems to track the things that matter. They've stopped relying on memory and intuition to manage obligations that have real legal and financial consequences.
That starts with a single honest look at your own compliance health.
You can take that look right now — free, in 10 minutes, no login required.
