It’s nearly halfway through the UK tax year. For any accountancy practice, that means coping with an increasing number of files for current clients. But for many firms, there is sometimes confusion over past paperwork, especially for former clients. There are often concerns over what documents to keep, how long to retain them, and how to destroy them securely.

If your firm doesn’t have a formal document retention policy, there’s no time like the present to formulate one. And it may be a possible extra source of income for you; working with clients to formulate theirs. Luckily CAS is here to give you pointers on what documents to keep, how to store them – and how to dispose of them.

Document retention policy: why now?

A retention policy adhered to by all members of staff is not only good business, but could be invaluable in legal proceedings. Such a policy is hardly ever a priority at the commencement of an accountancy practice, but often becomes an issue later if space for storage becomes tight. And that’s when cataloguing and creating a document archive might also become an issue.

It’s also vital to integrate your document retention policy with your data protection requirements. The current Data Protection Act 1998 specifies ‘personal data processed for any purpose shall not be kept for longer than necessary’. But the advent of the Europe-wide General Data Protection Requirement (GDPR) in May 2018 creates further requirements. For instance, the GDPR includes an enhanced ‘right to be forgotten’ by individuals. Increasingly, therefore, accountants must advise clients of their data retention policy upfront in their engagement letters.

Creating a document retention policy

As a minimum, a document retention policy should list the records to be covered. These should then be identified and categorised per type according to retention criteria. Each type of record should be allocated a ‘trigger date’, to ascertain for how long each type of record should be kept. Regulations nearly always impose minimum retention periods rather than a maximum, calculated in a number of years or months after an event (the ‘trigger’). In deciding upon a trigger date, a margin for safety should be included. For example, you’ll need to consider situations where the accounting reference date is amended to extend the accounting period.

CAS can help you at every stage. We can catalogue your documents, including where to keep each type of record that is to be retained, and in what format. We’ve produced a handy retention schedule, which categorises key document types and the reasons for keeping them. For instance, you may choose to archive files relating to non-current clients in CAS’s off-site storage facilities. The policy should specify who has responsibility for implementation of and compliance with the policy. Create a review procedure and timetable, to include procedures for alerting people that a review is required at a future date. And the policy should explicitly state how documents will be destroyed securely and safely. CAS is on hand to take care of all your document shredding requirements.

Don’t forget that documents aren’t just paper: dealing with digitised and scanned documents

For many organisations, it makes sense to move towards a paperless office environment. One key element is digitising existing files – and again, CAS can help with all your document scanning needs. We have the option of scanning-on-demand, while for files that are frequently accessed you can choose live file storage. In cases where an original copy has been scanned and subsequently destroyed, a written audit trail forms an integral part of our scanning services. Such audit trails should form part of the document retention policy, so that the electronic copy can be allowed as evidence in any subsequent civil or criminal proceedings.

Of course, emails are also ‘documents’. While they’re not yet covered by one single act in the UK, best practice is for a separate email retention policy to be a sub-policy to the main document retention policy. This should cover the use of software that automatically deletes or archives emails past a certain age, or imposes limits on the number of emails per inbox. If you choose our CAS-Cloud document management system, then storing emails forms part of the service.

A worked example: company records

Many accountants use a six-year rule for retaining client records. This includes instances where they act as liquidators for companies which have been wound up. However, we’d urge you to refer to our retention schedule if you’re advising a client on their document retention policies. Some company records need to be kept permanently for the company’s entire life. These include the Certificate of Incorporation, the Articles of Association, and Registers of Members and Directors. Some company records must be kept for at least ten years from the trigger date, such as records of resolutions passed otherwise than at general meetings or trademark documents.

Contact one of the CAS team today to find out more about our range of document storage, data destruction and facilities management services for accountancy firms.

About CAS document storage and management

CAS provides comprehensive and secure document storage and management, and facilities management services. For more than 20 years CAS have worked with NHS Trusts, Financial Services providers, and corporate and private clients. Our head office is just four miles from the City of London, supported by our advanced storage centres across the UK. CAS has an impressive array of International certifications (ISOs), which prove our compliance with the strictest national, European and international laws. They also demonstrate our commitment to provide innovative systems on security, confidentiality and quality control in keeping your files safe and well managed.