Governance In The Age Of Data: Why The Company Secretary Matters Now More Than Ever

Introduction

It rarely begins with a headline issue. More often, governance failure reveals itself in small, easily overlooked inconsistencies: a board paper containing conflicting figures, a regulatory request that cannot be satisfied promptly, or a data subject access request that exposes weaknesses in record-keeping. What appears operational is often, in reality, a governance failure.

Across jurisdictions, organisations are investing heavily in digital transformation, cybersecurity, and enterprise data systems. Yet a more fundamental question remains insufficiently addressed: who is accountable for the integrity, traceability, and defensibility of the information upon which board decisions are made?

Increasingly, the answer lies with the Company Secretary.

The Company Secretary has long been understood as the custodian of minutes, statutory registers, board processes, and corporate records. That function remains essential. However, the environment in which the role is performed has changed significantly. Data now sits at the centre of governance, risk management, regulatory compliance, corporate reporting, and strategic decision-making.

As a result, the Company Secretary is no longer merely preserving the record of what the board decided. The role is increasingly concerned with whether the board had access to reliable, complete, and properly governed information before making those decisions.

The Traditional Role of the Company Secretary under CAMA 2020

Under the Companies and Allied Matters Act (CAMA) 2020, the Company Secretary occupies a recognised corporate office within the company structure. The CAMA 2020 requires every company, except a small company, to have a secretary, while public companies are expressly required to appoint a company secretary. For public companies, the CAMA 2020 also prescribes qualification requirements, including membership of the Institute of Chartered Secretaries and Administrators, legal practitioners, accounting qualification, or relevant experience in the office of company secretary.

Traditionally, the Company Secretary's responsibilities have included maintaining statutory registers and corporate records, ensuring regulatory filings, preparing notices and agendas for meetings, documenting board proceedings, advising on governance and compliance matters, and supporting the Board in the discharge of its duties. The Nigerian Code of Corporate Governance (NCCG) 2018 further recognises the Company Secretary as a central source of guidance to the Board on governance, ethics, compliance, and board effectiveness.

These responsibilities position the Company Secretary as the custodian of the organisation's corporate memory. Minutes, resolutions, statutory books, regulatory filings, and board papers provide the evidential basis upon which corporate decisions are justified and defended. In many respects, therefore, the Company Secretary has always performed a form of information governance. What has changed is the nature of corporate information itself. As organisations become increasingly digital and data driven, the traditional responsibility for managing corporate records is evolving into a broader role focused on information integrity, accountability, and data governance.

International Standard Practice: The Governance Adviser to the Board

Internationally, the office of the Company Secretary has moved beyond clerical administration. The UK Corporate Governance Code 2024 provides that all directors should have access to the advice of the company secretary, who is responsible for advising the board on all governance matters. It further recognises that the appointment and removal of the company secretary should be a matter for the whole board.

This reflects an important shift in emphasis. The Company Secretary is not simply a meeting administrator but an expected trusted advisor who will ensure decisions are legally sound, governance is watertight, and organisational integrity is protected.

The Larger Ecosystem: Where Data Has Become Currency

Modern organisations are now built around data. Customer information, employee records, financial reports, operational dashboards, regulatory filings, investor updates, board packs, risk registers, cybersecurity logs, and audit trails all form part of the corporate information ecosystem.

Data is no longer a back-office concern. It is now a business asset, a regulatory exposure, a strategic resource, and, in some cases, a source of competitive advantage. The accuracy, availability, security, and lawful use of data directly affect corporate value.

Boards increasingly make decisions based on dashboards, management reports, analytics, market intelligence, internal controls data, and regulatory risk information. A board approving a transaction, restructuring debt, entering a new market, responding to a breach, or signing off financial statements is relying on data. If that data is incomplete, inaccurate, manipulated, poorly sourced, or incapable of verification, then the quality of the board’s decision is compromised.

This is where governance and data become inseparable. A weak data environment leads to weak board oversight. Weak board oversight leads to weak accountability. Weak accountability leads to regulatory, financial, and reputational risk.

Data Governance as a Board-Level Responsibility

Data governance may be defined as the framework through which an organisation ensures that data is properly owned, classified, managed, protected, retained, used, and reported. It answers basic but critical questions:

• Who owns the data?
• Who validates it?
• Who has authority to amend it?
• Which version is the approved version?
• What evidence supports it?
• How long should it be retained?
• Can it be produced to a regulator or court when required?
• Was it lawfully collected and processed?
• Was it relied upon by the board?

These are not merely IT questions. They are governance questions.

Technology teams may build the systems. Data protection officers may advise on privacy obligations. Internal audit may test controls. Risk teams may monitor exposures. However, the Company Secretary has a distinctive role because the office controls and supports the flow of information into the boardroom. Where board information is unreliable, the issue is not only operational. It becomes a board governance failure.Data governance as a board-level responsibility, elevates datafrom an IT issue to a strategic corporate asset.

Company Secretary as the Board’s House Keeper

The role of the Company Secretary has often been likened to that of a housekeeper, not in the administrative sense, but in the sense of being the custodian of order, structure, and discipline within the boardroom. Just as a well-managed household functions efficiently because someone ensures that everything is in its proper place, the effectiveness of a board often depends on the Company Secretary's ability to maintain the governance architecture that supports sound decision-making.

As the board's housekeeper, the Company Secretary is responsible for ensuring that meetings are properly convened, agendas are carefully structured, board papers are circulated in a timely manner, decisions are accurately recorded, and statutory records are maintained. The office helps create an environment in which directors can focus on strategy, oversight, and decision-making, confident that the underlying governance processes are functioning effectively.

However, the modern Company Secretary's housekeeping function extends beyond maintaining minutes and registers. It now includes preserving the integrity of information flowing into the boardroom, ensuring that governance records are complete and accessible, monitoring compliance obligations, and maintaining the organisational memory upon which future decisions may depend. In many respects, the Company Secretary ensures that the board's house remains in order, not only for today's decisions but also for future scrutiny by regulators, auditors, shareholders, and other stakeholders. A well-governed organisation is rarely the product of chance. More often, it reflects the quiet but essential work of a Company Secretary who ensures that the board's affairs are conducted in an orderly, transparent, and accountable manner.

The Company Secretary as Information Gatekeeper

The Company Secretary is often the final point of control before information reaches the board. In that capacity, the role should increasingly include ensuring that board papers are not only circulated on time, but are reliable, coherent, and supported by proper sources.

This does not mean the Company Secretary must personally verify every figure in a finance report or every metric in an operational dashboard. Rather, it means the Company Secretary should ensure that the organisation has a disciplined process for preparing, validating, approving, and recording board information.

For instance, where a board paper contains performance data, there should be clarity as to the department responsible for the data, the date of extraction, the version relied upon, the assumptions made, and whether the information has been reviewed by the relevant executive owner. Without these controls, board packs may become collections of unverified assertions rather than reliable decision-making tools. The Company Secretary’s role, therefore, is to help institutionalise discipline around board information.

The Company Secretary as Governance Architect

The modern Company Secretary should also contribute to designing the governance structures that support data integrity. This includes helping the board approve or oversee policies on records management, board reporting, document retention, regulatory filings, data protection, conflicts of interest, electronic communications, and delegated authority.

In a data-driven organisation, governance policies should not sit in isolation. The board charter, committee terms of reference, data protection policy, risk management framework, cybersecurity policy, document retention policy, and reporting calendar should speak to one another.

A Company Secretary with a modern governance mindset will ask practical questions such as:

• Does the board know which data is critical to its oversight role?
• Are board reports supported by auditable source material?
• Is there a clear owner for each key regulatory return?
• Are data breaches escalated to the board when appropriate?
• Are minutes drafted in a way that evidence proper consideration of data-driven risk?
• Are board decisions linked to the materials relied upon?
• Can the organisation reconstruct the basis of a decision two years later?

These questions demonstrate how the Company Secretary’s traditional role naturally extends into data governance.

The Company Secretary as Accountability Anchor

One of the most enduring responsibilities of the Company Secretary is the preservation of the organisation's accountability framework. Historically, this responsibility was discharged through the maintenance of minutes, resolutions, statutory registers, and regulatory filings with the CAC. While these records remain fundamental, the nature of corporate accountability has evolved considerably in the digital age.

Today, the evidential trail supporting corporate decision-making extends far beyond the traditional minute book. It now encompasses a wide range of digital records and metadata, including document versions, approval workflows, audit logs, board portal activity, email correspondence, electronic signatures, data sources, access records, and system-generated evidence of decision-making processes.

It is within this context that the phrase "from minutes to metadata" assumes particular significance. Corporate accountability is no longer established solely by what is recorded in a board resolution or minute. Increasingly, regulators, auditors, courts, and stakeholders expect organisations to demonstrate not only the decision that was taken, but also the information upon which it was based, the process through which it was approved, and the controls that governed its consideration.

For example, where a regulator such as the Central Bank of Nigeria ("CBN") seeks to understand how the board of a financial institution approved a significant transaction, the production of a signed board minute may no longer be sufficient. The organisation may also be required to produce the board paper presented for consideration, the underlying management reports, supporting data, version histories, risk assessments, legal opinions, approval workflows, committee recommendations, and other records evidencing the basis upon which the board reached its decision.

In this environment, the Company Secretary occupies a uniquely strategic position. By virtue of the office's responsibility for board administration, corporate records, governance processes, and regulatory compliance, the Company Secretary is well placed to ensure that these accountability trails are created, preserved, and maintained in a manner that is organised, accessible, and legally defensible.

In many respects, the modern Company Secretary has become the custodian not merely of corporate records, but of the evidential integrity of the organisation's governance framework itself.

Nigerian Regulatory Context: CAMA, NDPA and Evidence-Based Compliance

In Nigeria, this evolution is shaped by an increasingly robust legal and regulatory landscape. The CAMA 2020 imposes clear obligations on companies to maintain proper records and adhere to established corporate governance standards. Similarly, the Nigeria Data Protection Act 2023 (NDPA) has elevated accountability expectations in relation to the processing of personal data, requiring organisations not only to process data lawfully but also to demonstrate that appropriate safeguards, controls, and governance measures are in place.

Increasingly, regulators are no longer satisfied with assurances of compliance; they expect evidence. A company that asserts compliance with regulatory obligations must be able to produce the records that support that claim. A company that relies on a board decision must be able to demonstrate the authority for that decision through board resolutions, minutes, or other appropriate corporate records. Likewise, an organisation that claims compliance with data protection requirements must be able to evidence its accountability through policies, procedures, records, and demonstrable governance practices.

The convergence of corporate governance, data protection, cybersecurity, and regulatory compliance has inevitably elevated the strategic importance of the Company Secretary. This does not mean that the Company Secretary supplants the role of the Data Protection Officer, Chief Information Security Officer, or Compliance Officer. Rather, the Company Secretary is uniquely positioned to ensure that the work of these functions is appropriately reported to the board, properly documented, and effectively embedded within the organisation's wider governance framework. In doing so, the Company Secretary helps ensure that governance decisions are supported by reliable information, clear accountability, and an auditable record of compliance.

Practical Anecdote: When Corporate Records Tell Different Stories

A few years ago, we were involved in the acquisition of a financial institution which required a legal due diligence exercise. As part of the review, we sought to verify the company's shareholding structure and requested supporting documentation to confirm whether a particular shareholder had fully paid for its shares.

At first glance, the issue appeared straightforward. The most recent Register of Members indicated that the shareholder had outstanding unpaid shares. However, upon reviewing the company's audited financial statements, we discovered that the same shareholder had consistently been reflected as having fully paid for its shares for at least five consecutive years.

The Management was initially confident that the discrepancy could be easily explained. However, as the finance team and company secretariat began searching for the supporting records, a more concerning picture emerged. The relevant entries appeared to have been carried forward from one reporting cycle to another without proper validation. The original subscription documents could not be located, different versions of historical records contained conflicting narratives, and no one could clearly identify when the discrepancy first arose or who had approved the treatment adopted in the financial statements.

The issue was not necessarily that the Register of Members was wrong or that the audited accounts were deliberately misleading. The real concern was that the organisation could not demonstrate which record was accurate, why the inconsistency existed, or provide a reliable audit trail showing how the information had been reviewed, verified, and approved over time.

What began as a routine due diligence enquiry quickly evolved into a governance issue. The concern was no longer limited to the status of a single shareholder. It raised broader questions about record integrity, internal controls, information ownership, and the reliability of information being presented to the board, auditors, regulators, and potential investors.

The lesson was significant. In the end, the principal concern was not simply whether the shareholder had paid for the shares. It was the absence of a clear governance framework capable of demonstrating how critical corporate information was maintained, validated, and reported. The incident ultimately triggered a wider review of the company's record-keeping practices, document retention procedures, approval workflows, and governance controls.

Incidents such as this illustrate why the role of the Company Secretary is becoming increasingly important in the modern governance environment. Beyond maintaining statutory registers and board records, the Company Secretary helps ensure that corporate information remains accurate, consistent, traceable, and capable of withstanding regulatory scrutiny. Sometimes governance failure is not the result of misconduct or fraud. It is simply the inability to answer a legitimate question with confidence, evidence, and a defensible audit trail.

Fundamental Expectations of the Modern Company Secretary

In the current corporate environment, the Company Secretary should be expected to perform several core functions.

• The Company Secretary must protect the integrity of board processes. This includes ensuring that meetings are properly convened, papers are circulated in good time, decisions are properly recorded, and the board acts within its delegated and statutory authority.
• The Company Secretary must support the integrity of board information. This includes encouraging structured reporting, clear ownership of information, proper version control, and reliable record retention.
• The Company Secretary must act as a bridge between the board and management. This is especially important where technical teams produce operational data that the board must understand and rely upon.
• The Company Secretary must strengthen regulatory defensibility. The organisation should be able to show not only that decisions were made, but how they were made, what information was relied upon, and whether the process was fair, informed, and compliant.
• The Company Secretary must help embed a culture of accountability. Good governance is not achieved only through policies. It is achieved when the organisation consistently behaves in a way that produces reliable decisions and defensible records.

Practical Steps for Organisations

To effectively respond to the growing intersection between governance and data management, organisations should take deliberate steps to formalise the Company Secretary's role within the broader data governance framework.

First, the Company Secretary's responsibilities in relation to data governance should be expressly recognised within the Board Charter, Governance Framework, or Governance Manual. This provides clarity regarding oversight responsibilities and reinforces the Company's commitment to information integrity as a governance priority.

Secondly, organisations should establish robust validation and quality assurance protocols for board papers, particularly where such papers contain financial, regulatory, operational, risk, or compliance-related information. The objective should be to ensure that information presented to the Board is accurate, complete, reliable, and capable of supporting informed decision-making.

Companies should also maintain a centralised, secure, and auditable repository for board-approved documents, resolutions, minutes, policies, and supporting materials. Such repositories should facilitate document traceability, version control, and ease of retrieval for regulatory, audit, or litigation purposes.

In addition, board papers should, where appropriate, clearly identify the data owner, source documents, underlying assumptions, date of extraction, and document version. These measures enhance accountability and reduce the risk of decisions being made on the basis of incomplete, outdated, or inconsistent information.

Organisations should further ensure that their data protection framework, records management processes, and board reporting mechanisms operate in a coordinated manner. Data governance should not be treated as a standalone compliance exercise but as an integral component of the organisation's overall governance architecture.

Given the increasing reliance on data in strategic decision-making, directors and senior management should receive periodic training on the governance implications of data quality, data integrity, cybersecurity risks, regulatory accountability, and information management. Such training will enable Boards to exercise more effective oversight and ask the right questions when considering information presented for decision-making purposes.

Finally, organisations should periodically assess the quality of information presented to the Board by evaluating whether it is accurate, timely, complete, relevant, and capable of supporting sound decision-making. Regular reviews of board reporting practices can help identify weaknesses in information flows and strengthen the overall governance framework.

Collectively, these measures will help organisations build a governance culture in which information is not merely collected and reported, but properly governed, verified, and relied upon with confidence.

Conclusion

For decades, the Company Secretary has been regarded as the custodian of corporate records, board procedures, and governance processes. Those responsibilities remain fundamental. However, the nature of corporate records and the environment in which governance operates have changed dramatically. The boardroom is no longer driven solely by resolutions, minutes, and statutory registers; it is increasingly driven by data, analytics, digital records, and information flows that shape strategic and operational decision-making.

In this new reality, governance has become inherently data-driven. Boards rely on data to assess performance, oversee risk, approve transactions, satisfy regulatory obligations, monitor organisational culture, and discharge their fiduciary duties. The quality of governance is therefore inextricably linked to the quality of the information upon which decisions are made. Where data is inaccurate, incomplete, inaccessible, or poorly governed, governance itself is weakened.

This shift presents a significant opportunity for the Company Secretary. Positioned at the intersection of board oversight, regulatory compliance, record management, and corporate accountability, the Company Secretary is uniquely placed to serve as a bridge between operational data and governance outcomes.

While the role does not replace the responsibilities of technology, compliance, risk, or data protection professionals, it increasingly requires the Company Secretary to ensure that information reaching the board is reliable, traceable, defensible, and capable of supporting sound decision-making.

The transition from minutes to metadata is therefore not merely a technological development; it represents an evolution in corporate governance itself. As regulatory expectations continue to expand and organisations become increasingly dependent on data, the Company Secretary's contribution to information governance will become even more critical.

For Nigerian companies, this evolution is supported by a growing body of legislation and regulatory expectations. CAMA 2020 continues to recognise the Company Secretary as a key governance officer, while frameworks such as the NDPA 2023, Cybercrimes (Prohibition, Prevention etc) Act 2024, and sector-specific governance requirements increasingly emphasise accountability, record integrity, and demonstrable compliance. Internationally, developments such as the UK Corporate Governance Code reinforce the Company Secretary's role as a trusted adviser to the board on governance matters.

Ultimately, organisations that recognise and institutionalise the Company Secretary's role within their data governance framework will be better positioned to meet regulatory expectations, strengthen stakeholder confidence, withstand scrutiny, and make decisions founded on reliable and defensible information. In the modern corporate environment, effective governance is no longer simply about keeping records; it is about ensuring that the information upon which decisions are based can be trusted. In that regard, the Company Secretary is rapidly becoming one of the most important guardians of organisational accountability.

References

1. Companies and Allied Matter Act 2020

2. Nigerian Code of Corporate Governance (NCCG) 2018

3. UK Corporate Governance Code 2024

4. Nigeria Data Protection Act 2023

5. General Application and Implementation Directive 2025

6. Corporate Governance Code Guidance

7. Factsheet. What is a company secretary or governance professional? www.cgi.org.uk accessed 3rd June 2026

8. Why data governance belongs in the boardroom. Brianna McShane https://mbs.edu/news/why-data-governance-belongs-in-the-boardroom accessed 3rd June 2026. 

The content of this article is intended to provide a general guide to the subject matter. Specialist advice should be sought about your specific circumstances.