COUNSEL by Marcus van Geyzel
The Securities Commission of Malaysia (SC) issued a press release on 15 June 2010 to sternly remind directors and principal officers of public listed companies (PLCs) of their duties in relation to the retention of documents and records, and the severe consequences of destroying or causing the loss of these documents. The SC said that they are “extremely concerned that […] documents that are central to […] investigations have been reported lost, destroyed or even stolen,” alluding to the fact that some losses “seem to have occurred under extremely questionable circumstances”. The SC Chairman Tan Sri Zarinah Anwar reminded directors of their responsibility for the safe custody of company documents, and warned that it is an offence to assist another person to destroy documents. She added that the SC “will not hesitate to take action against anyone who is responsible for the destruction, loss or removal of any company records.”
The SC’s press release should serve as a useful reminder to PLCs of the importance of a good document retention policy. Such a policy could either be a standalone, or one of the pillars of a general corporate governance or information management policy. It is surprising to note the number of PLCs which do not have such a policy in place, bearing in mind the heightened scrutiny on the propriety of corporate operations, and the increased focus on good corporate governance and issues relating to record-management such as insider trading, money-laundering and fraud.
Regulatory framework
The SC’s reminder was based on Section 371 of the Capital Markets and Services Act 2007 (CMSA), which makes it an offence for a person to destroy, conceal, mutilate or alter any record or account required to be kept under relevant rules or laws. The penalty for contravention is a fine of up to RM10 million or to imprisonment of up to 10 years, or both. The CMSA also makes it an offence for a person to abet or conspire with any other person to commit this offence. The CMSA defines “record” to include information stored or recorded by means of a computer, electronic or digital medium or any other means of recording or storage.
The CMSA is not the only law that requires the retention of records; there are countless statutes and administrative regulations which impose these obligations. For example, there are the basic requirements to keep minutes of meetings and accounts under the Companies Act 1965. Companies also have to retain their tax returns, and other tax records and documentation for specified periods. Numerous other industry-specific laws and regulations also provide clear requirements for record handling and retention, such as the Anti-Money Laundering and Anti-Terrorism Financing Act 2001 and industry guidelines which are tied in to the validity of operational licences.
In the past decade, there has been a global movement towards implementing a good document retention policy, consistent with public awareness of the need for good corporate governance. This has been particularly pronounced in the United States, with the Arthur Andersen case in relation to Enron, and the introduction of the Sarbanes-Oxley Act and high-profile, big-money prosecutions led by the Securities Exchange Commission and other regulators.
Aside from the legal reasons, there are good business reasons for having a document retention policy. It enables employees to effectively retrieve records, saving time and increasing productivity. Companies would be better equipped to counter any litigation claims by producing favourable documentary evidence. A good policy would save storage costs of record-keeping, as it would include a guideline for the scheduled destruction of documents – companies do not have to retain records forever – which also helps free up network server space by periodically destroying electronic data.
Elements of a good document retention policy
The formulation of a good document retention policy depends on the size of your company, and the industry in which it operates. The policy has to be tailor-made following consultation with legal experts. The following are a few key elements which should apply across the board:
- Identify laws and regulations that apply to your company, including industry-specific regulations. This is the foundation of your policy.
- Get each department in your company to come up with a list of documents it regularly processes, and a practically-workable retention period.
- Compile the document lists and consolidate them into a top-level company Master Document List and information flow chart. By doing this, you will get a clear picture of the documents which your employees regularly handle.
- Get your lawyer to review the Master Document List. This ensures that the Master Document List is not just based on practical concerns. Your lawyer will confirm that all legal retention periods are complied with, and advise on changes required based on numerous other factors such as litigation risk management and limitation periods.
- Incorporate the Master Document List into a Document Retention Policy. The policy must be easy to understand, and spell out the importance of document retention guidelines, and enable each employee to know how to handle information and documents as part of their daily duties.
- The policy should not only address retention timelines and methods. It should also deal with classification criteria, destruction methods, release authorisations, retrieval mechanisms, and secure documents against alteration.
- Hold discussions with department heads and your IT personnel to ensure that the policy is workable. Your lawyer should also be a part of this process to help decide on any amendments to be made at this stage.
- Issue the policy to your employees together with a basic training program. This is crucial to ensure the policy is properly implemented. Employees need to understand the practical reasons for the policy, and appreciate that it is not just another set of rules they are forced to abide by.
- Schedule an annual review. Your policy must be up-to-date legally, as well as practically – the documents processed by your employees may change.
We are very much in the information age, and record management is no longer just a matter of filing or shredding paper documents. Information is electronic, and this is not just restricted to desktop or laptop computers as instant messaging, websites, remote access servers and BlackBerrys are essential communication channels. A practical, understandable and up-to-date document retention policy is not just recommended to ensure regulatory compliance, minimise litigation risk, save costs and increase productivity – it has become essential.
Marcus van Geyzel is a senior associate in the corporate and commercial division at Mah-Kamariyah & Philip Koh, Advocates & Solicitors
This article appeared in Forum page of The Edge Malaysia, Issue 814, July 12-18, 2010
Posted on July 12, 2010
0