Limited companies or limited liability partnerships are required to keep (where applicable) statutory records, financial and accounting records to be made available for public inspection at the company’s registered office address or its SAIL address. A SAIL address is an optional Single Alternative Inspection Location (SAIL) where a company’s statutory records may also be stored and inspected. This does not replace a registered address and would need to be verified regarding its use, depending on which country the business is registered in.
Statutory records include the register of directors (past and present directors, residential addresses), register of company members (past and present shareholders or guarantors), register of people with significant control (PSC), certificate of incorporation, share certificates and stock transfer forms.
Financial and accounting records include the record of all company sales and income; all purchases and expenses; invoices and receipts; VAT records, if applicable; PAYE records, if applicable; and records of assets and liabilities.
Electronic versus Paper
The move from paper-based records to electronic can be a challenging decision for businesses to make, particularly if paper-based record-keeping has traditionally been used for documents. However, there are a number of positive reasons why electronic recordkeeping should become the standard in a business:
- Saves money – the time it takes for people to find physical records diminishes exponentially through the ability to search with keywords online. There is also the physical space requirements, upkeep and access issues to take into account that are provided by in an electronic system.
- Environmental Awareness – printing paper, often unnecessarily is not good for the environment. There may be specific reasons to keep some paperwork in paper form but a businesses environmental footprint can be reduced through electronic record-keeping.
- Version control is important for record retention and is much more easily managed via an electronic system.
With records, it’s best to only keep one version either in paper form or electronically. In many countries, this is a legal requirement and should be factored into a business’s decision to move to a fully electronic system. Once documents are scanned, the original paper version should be shredded. Helpful hint – make sure the scan is clear and readable before shredding!
How long should you keep these records?
Using the UK as an example, accounting records should be kept for a minimum of three years for private companies and 6 years for public limited companies. PAYE records must also be retained for three years from the end of the tax year to which the records relate.
On the other hand, VAT records must be retained, which can be on paper, electronic form or as part of a computer programme, for at least six years. While records for completing personal tax returns are to be kept for at least five years after the 31st January deadline of the relevant tax year.
However, as a general rule, records like financial statements, accounting records, and tax returns should be kept for six years from the end of the company’s accounting period. Moreover, certain records need to be retained for 10 years or longer, such as the statutory books, VAT (or country equivalent), and the minutes of the board meetings and resolutions.
While the law is not specific as to how you should keep these records, there are certain documents that need to be retained in their original format such as dividend vouchers and bank interest certificates. Also, original documents that indicate that tax has been deducted should be retained.
Most records can be kept electronically and stored on a computer or storage device but you must ensure that all information is captured, readable, and accessible anytime.
When and how should records be destroyed?
- When you no longer need them – when you no longer have a need to keep these documents, you need to get rid of them, ideally by shredding or fully deleting (clearing recycle bin as well), provided that they do not relate directly to the company, clients, or employee information.
- When the statutory retention period has passed, or the end of the time when a record should be retained, irrespective of format (paper, electronic etc). This will be country-specific and you should consult your Government website for the correct retention periods for the destruction of records.
- When you have backup copies – you may destroy hard copies of some documents as long as you make sure that you have an electronic copy saved securely. Take note, however, that you may be required by law to keep original copies of certain documents.
- Confidential and sensitive information that should not be seen by others.
How to destroy documents securely
Once you have reached the period of destruction, you need to be aware that you should not just drop records in your general waste collection. This is not secure nor good practice. Confidential information must be destroyed properly and in a secure manner.
A shredder in the office may be useful if you keep paper-based records for compliance by the team, or a reminder in the team calendar to delete electronic records regularly.
There are companies that provide secure, confidential bulk shredding for businesses. This may be helpful if there is a lot of document destruction to do and can be cost-effective for the business versus the team’s time to destroy documents directly. These companies will provide a certificate of destruction.
Make sure there is a process in place for document destruction that clearly defines when and how to destroy what documents, and who has the authority to destroy. Don’t assume this is an administrative task – it is a decision that must be consciously made at a management level as the results of careless or frivolous destruction could lead to serious penalties for a business.
GDPR and document destruction
Businesses that collect, store, and process all types of personal data belonging to EU citizens must comply with the General Data Protection Regulation (GDPR). GDPR ensures that companies take the necessary steps to securely store information and prevent data breaches. Failure to follow GDPR rules can lead to a fine of up to €20 million or four percent of the company’s global turnover, whichever is greater.
All information provided in this blog are for guidance only and businesses must consult their official registered country’s policies on records retention and destruction periods.