While I was in college, a youth minister asked me to “fill in” for him and host a party for the students at his church. One of the games involved “bobbing” for apples. As the evening unfolded, students were laughing and playing hard, until one student opened his mouth too wide to grab an apple out of the water—and his jaw locked open. Rushed to a nearby emergency room, the student was finally able to get his mouth closed. Although we were able to laugh about it later, at the time it was a frightening experience for the student and everyone around him.

Years later I was working on a policy for a growing congregation that would govern the use of the church facilities by outside groups during the week. Several business leaders and an attorney in the church did not want to adopt or implement such a policy. They were not opposed to evangelism, especially since the church was actively reaching unchurched individuals and families. They were deeply concerned about the potential exposure of the church to legal risks and liability to participants during events that were not being officially sponsored by the church. Their solution was to eliminate the risk by barring use of church property by outside groups.

Both of these stories illustrate two extreme responses to the subject of church liability or risk management. The youth minister I assisted was unaware and unconcerned for the risks associated with holding a youth event at the church, even if the injury that occurred was unusual or rare. Fortunately, no legal action followed. In the second example, the leadership exhibited a level of concern over the church’s liability that affected the ministry of the church within the local community. What both churches needed to do was develop and implement a liability strategy for managing risks.

What is Risk Management?

Risk management describes the effort to ensure the safety and well-being of individuals, groups, and property for whom the church is legally responsible. A “risk” represents that aspect of church-related participation, employment, volunteer service, properties, or activities that have the potential to create a moral or financial loss to the church. The process of risk management involves the identification of risks and the intentional effort to reduce those risks.

The Danger of Ignorance and Neglect

In the absence of risk management, the church as an organization could face serious financial and legal liability. If a lawsuit is filed against the church, the legal costs associated with hiring an attorney, paying court costs, and discharging a jury-awarded financial settlement can quickly outstrip the resources of a church. Litigation has increased dramatically in recent years, with the sexual abuse lawsuits against the Catholic Church being the most heavily publicized. Your church has no immunity from similar legal challenges; anyone can sue your church.

Without a risk management strategy, your church’s mission and witness is in danger of being damaged. The church is on a mission to share the gospel of Jesus Christ with a lost and watching world. Negative reports arising from the ignorance or neglect of easily identified risks will damage a church’s reputation and evangelistic impact. A single failure to conduct a criminal background check of a volunteer worker leading to the molestation of a small child can damage a church’s ability to reach families for years.

In John 10, Jesus describes himself as a shepherd who takes care of the sheep. In His care, the sheep are protected against thieves, robbers, and wolves who come “to steal, and to kill, and to destroy’ (John 10:10)—a clear form of risk management to minimize danger to the flock. Pastors and church leaders should exhibit a similar vigilance for the spiritual and physical well-being of their human “flock” entrusted to their care. A failure to manage the risks that could affect the church is more than an act of ignorance: it is a dereliction of duty associated with the pastoral task.

A Strategy for Managing Risk in the Local Church

Risk management is a process of identifying the risks and then determining the best way to handle those risks in a moral and legally-responsible manner. It is a genuine and intentional effort to care for the people, assets and property associated with the church as an organization, preventing all forms of injury and loss. Due to the sheer number of possibilities and dynamic nature of risks that threaten a church, the process of risk management never ends. How can a church develop an effective and workable strategy for managing risk?

Assign responsibility. Whether it is a staff member or a ministry team, someone in the church needs to take the lead in developing the strategy. The church should make a clear assignment of responsibility and empower that person or group with sufficient authority to recommend changes or make decisions addressing safety concerns, inadequate insurance coverage, or church policies. Although the responsibility may be rotated periodically, the function and activity of risk management should have a permanent place in the leadership structure of the church.

Conduct a periodic risk assessment. The risk management leadership should thoroughly identify all risks. The survey of known risks should include a review of existing insurance coverage, potentially hazardous or unsafe conditions on the church property, church policies and practices concerning employees and volunteers, and financial policies and procedures (see below a sample list in the section “A List of Twenty Actions to Ensure Safety and Reduce Liability”). The survey should be repeated on a periodic basis to identify new risks that may surface due to changes in the condition of the property, legal requirements, community environment, or direction in ministry. Risk management leadership can create a series of checklists to facilitate a routine risk assessment.

Determine how each risk will be managed. Risk management leadership needs to evaluate each of the identified risks for potential impact on the church. Motivated by pastoral and organizational concern to protect the church, risk management leadership can choose from four basic options to manage an identified risk.

1. Avoid the risk. Risk management leadership can decide to eliminate the condition or activity that creates the risk. Leadership could cancel a ski trip, the use of the property by an outside group, or the use of church vehicles in an effort to eliminate risk.
2. Share the risk. Risk management leadership can require individuals or groups to show proof of insurance before participating in a church-related event or using church property. In effect, the risk is “shared” between the church and the insurance company.
3. Transfer the risk. Risk management leadership can purchase various forms of church insurance to cover the risk. Provided the coverage is sufficient, the insurance company assumes liability for the risk.
4. Reduce the risk. Risk management leadership can minimize the risk through proactive actions including property improvements and changes in church policies and procedures. Often referred to as loss prevention, the goal is to reduce the likelihood of a risk creating a hazard or liability for the church (e.g., replacing lights in a darkened hallway). Loss control is the effort to minimize the damage caused by a risk. An example of loss control would be the development of a strategy for correctly handling an accusation of child molestation against a church employee or volunteer in a timely manner.

Gather resources. The risk management leadership in the church should stay well-informed and updated on the subject of risk management. The leadership should purchase and review books, periodicals, and multimedia resources addressing various topics in risk management. The single best resource the church has is their insurance provider.  Most insurance companies can provide the church with risk management materials and guides to assist in the development of a risk management strategy. In many cases, the insurance company will send an agent to help conduct an inspection of the church property for hazards and unsafe conditions.

Document and record all decisions and activities. The risk management strategy can be called many things (e.g., church safety and liability plan) but it should be documented and made available to the church. More than a document sitting in a file folder at the church, the risk management strategy should be carefully implemented. The risk management team should also review and update the strategy on a periodic basis to keep it current.

A List of Twenty Actions to Ensure Safety and Reduce Liability 

1. Assign the responsibility for risk management to a staff member or ministry team. Unless someone owns the responsibility to administer risk management, it will not receive the level of attention that is needed to develop an adequate church liability strategy. The leadership should make every effort to identify all risks and determine how to manage each risk to reduce or eliminate its potential impact on the church.
2. Evaluate the insurance coverage of the church to determine whether all insurable risks are adequately covered. The church cannot afford to be underinsured against a costly legal obligation stemming from an uninsured risk. The risk management leadership should review and seek to understand the existing insurance coverage of the church, enlisting the aid of their insurance agent. Church insurance should include six categories of coverage: property, liability, workers compensation, employers liability, automobile, and excess or umbrella insurance.
3. Perform an inspection of the church buildings and grounds for unsafe or hazardous conditions. Church members and guests should not be exposed to the risk of injury or harm due to the poor condition of church property (e.g., faulty equipment, inadequate lighting, or slick floors). The risk management leadership should conduct a safety and security inspection of their facility and grounds, identifying risks and hazards that need to be corrected or repaired. Inspection considerations and/or checklists can usually be secured from the church’s insurance carrier or downloaded from a credible internet source such as the GuideOne Center for Risk Management or Guidestone’s Safety Toolkit.
4. Control access to facilities, church equipment, and material resources. The risk management leadership should set policies governing the access to and use of church property. Buildings, offices, and equipment storage should be locked when not in use and key distribution should be limited to avoid theft or unauthorized activities. The church should develop policies concerning the usage of church property by church members or non-members.
5. Review the procedures for the collection and handling of offerings. Church members participating in the collection of offerings are vulnerable to accusations of theft or embezzlement. The risk management leadership should carefully review how money is handled during the weekly Sunday collection. They may also want to consider contracting with an accounting firm to conduct a procedural audit of the collection process, recommending changes or improvements to the way offerings are handled on a weekly basis. At least two, unrelated adults should oversee the process from the moment of collection until the funds are safely deposited into the bank or church safe. No one should ever take the offerings home for safekeeping or counting. A team of individuals should count the funds in a room where all cash, checks, and envelopes will remain in sight of the entire team. All counts should be double-checked and documented on a signed form listing all currency and checks prior to completing the bank deposit slip. Counting team members should be rotated on a regular basis.
6. Provide training for the church treasurer and finance committee regarding the IRS rules governing charitable contributions. Not all contributions are tax deductible. If the church provides written substantiation of a gift that does not meet the established criteria of a tax deduction, the donor could be subject to costly penalties. Established in Internal Revenue Service Publication 526 (http://www.irs.gov/publications/p526/index.html), charitable contributions must meet an established set of criteria in order to be tax deductible. Church treasurers need to be familiar with these rules in order to advise donors and assist them in providing written substantiation of their gifts to the church.
7. Provide training for the church treasurer and finance committee regarding employment tax requirements of the church as an employer. Churches need to ensure that all required forms, documentation, and payments associated with an employee’s taxes are being completed and filed in a timely manner. In addition, the church should be well informed concerning the use of housing allowances by ordained clergy, the value of an accountable reimbursement plan to manage professional expenses, and the proper administration of withholding taxes.
8. Review non-exempt employee work hours to ensure compliance with the Fair Labor Standards Act (FLSA). The FLSA establishes minimum wage, overtime pay, recordkeeping, and youth employment standards affecting all church employees. Churches must provide overtime pay for employees who are not exempt from overtime requirements under the FLSA (e.g., church secretaries and custodial staff).
9. Develop a standard interview form, employment application, and comprehensive process for use when hiring church employees. Supervisors and personnel committees involved in the hire or termination of employees need to be aware of the legal standards placed upon employers. Certain questions may not be asked during an interview or requested on a job application. Interview forms and hiring/termination procedures should be developed in consultation with the counsel of a qualified human resource manager or an attorney.
10. Ensure compliance with new hire reporting and immigration laws. Every state requires employers to report all new hires as part of the Personal Responsibility and Work Opportunity Reconciliation Act of 1996. The reports are used primarily for tracking parents who owe back child support and for reducing fraud under various social programs, including unemployment benefits. In addition, all employers are required to have new employees complete an Employment Eligibility Form I-9 as part of the Immigration Reform and Control Act of 1986. The forms are to be kept on file and maintained by the employer. Severe fines and penalties can be applied to the church that fails to comply with these non-IRS documentation requirements.
11. Display all required state and federal employee notices for employees. Employers are required to post notices from a variety of federal and state agencies in locations that are accessible and visible to all employees. Failure to post the required notices can result in significant fines and penalties. Although there are human resource suppliers willing to sell the posters to the church, all of the required notices can be obtained without cost through the websites and offices of the U. S. Department of Labor and the labor department of the state in which the church is located.
12. Safeguard church financial, membership, and employment records. Church vital records should be protected from unauthorized access or loss. Fireproof safes and file cabinets should be used for hard copies of documents. Offsite and redundant storage should be used to backup all digital records. The risk management leadership should develop a records retention policy governing what records should be preserved and for what duration.
13. Develop a policy and process for screening employees and volunteers for past criminal behavior. Criminal background checks should be required for all staff and volunteers who work with children and youth. In addition, references concerning past employment or volunteer service should be checked thoroughly.
14. Establish a church policy to reduce risks associated with mission trips. With the growing popularity of church mission trips, a number of risks ranging from accidental injury to unforeseen natural disasters can occur. The church should have an adequate policy in place that requires participants to acquire “out of the country” health and accident insurance and to adequately inform participants of the hazards associated with the trip.
15. Train ushers and greeters to be security-conscious and prepared to respond to emergencies associated with a medical need, accidents, potential intruders, or natural disasters. Churches are vulnerable to a variety of unforeseen emergency conditions on Sundays when the most people are on campus and the church is most accessible to the general public. Ushers and greeters should be properly trained and prepared to respond to emergency conditions as they arise. They should also be alert to unsafe conditions or hazards in and around the church buildings.
16. Establish policies to ensure adequate and proper supervision of youth and children during all church activities and events. Churches are susceptible to charges of improper or inadequate supervision should a child be abused or injured as part of a church sponsored activity or event. Employees and workers should be required to submit to a criminal background check prior to enlistment or employment by the church to supervise children. Many states and municipalities have specified the minimum ratio of workers to participants when working with minors.
17. Develop procedures for handling accusations of criminal or sexual misconduct against a staff member or church member. Unfounded accusations can severely damage the reputation of a wrongly accused church member or employee. At the same time, accusations must be handled with a serious and deliberate response in order to protect the alleged victim(s) of criminal or sexual misconduct. Until guilt or innocence is established, the church must act to protect all parties involved with responsible action.
18. Define an emergency response and communication plan to be implemented when actual criminal or sexual misconduct is discovered. Churches that are slow to react or uncertain in their response can easily mishandle and exacerbate an already difficult situation for affected families and church members.
19. Develop a policy and a strategy for the conduct of pastoral counseling. Pastors and staff face a degree of risk whenever they respond to requests for counseling from church members or non-members of the church. Best practices should be established and observed to ensure that counseling is conducted in a manner that protects the minister and the client. Clients should be required to read and sign an agreement clarifying the limits and extent of the counseling services being provided by the church. Specifically, the policy and the client agreement should clarify the limits of clergy-penitent privilege, as well as the parameters of confidentiality. Pastors and church leaders should be aware of the mandatory reporting laws in their state mandating they report certain crimes, including the suspected abuse of a minor or senior adult.
20. Review, update, and observe the guiding documents of the church. The guiding documents of a church may include the articles of incorporation, a constitution, and a set of bylaws. If a church fails to observe the requirements of their guiding documents, particularly as they apply to the conduct of business and decision making, the church may be subject to legal challenges from members.