Document Retention Policies Have Long-Term Benefits

Goal Is to Ensure Important Information Is Kept as Long as Necessary and No Longer

So said U.S. District Judge Melinda Harmon when she imposed the stiffest sentence under federal law on the convicted and near defunct Arthur Andersen LLP for obstructing a federal inquiry into the collapse of Enron.¹ Andersen in-house counsel Nancy Temple remains at the eye of the storm, waiting to see if she will be charged by prosecutors for what she may have done or failed to do while Andersen employees were destroying documents.

No company or in-house counsel wants to face the same fate that Arthur Andersen and Nancy Temple face. Since the Andersen downfall, document retention policies have received renewed attention from corporate counsel. This article discusses the benefits of a formal, written document retention policy, how a document retention policy should be created and implemented, why document retention policies should be kept up-to-date and when and how companies should preserve documents once a litigation or a government investigation arises or is anticipated.

The creation and implementation of a document retention policy entails readily apparent administrative costs. The benefits of a document retention policy are not as clearly apparent, but the Andersen trial has certainly raised public awareness about the risks of improper document destruction. Since the support of management is critical to the success of any document retention program, corporate counsel will want to underscore how the long-term benefits of a document retention policy outweigh the short-term administrative costs.

A document retention policy serves the information and record management needs of the business. The organization, storage, retention and easy retrieval of business records facilitate the company’s business operations and preserve the company’s valuable information assets — its institutional knowledge, experience, business methods and practices.

Business activities are subject to extensive regulations, from pension and tax laws to securities laws. New regulations are regularly adopted. For example, §802 of the new Sarbanes-Oxley Act makes it a crime for any auditor of a public company to knowingly and willfully fail to maintain all "audit or review workpapers" for five years from the end of the fiscal period for which the audit or review was conducted. The SEC plans to issue more detailed regulations on the retention of audit workpapers early next year.² A well-designed policy ensures corporate compliance with statutory and regulatory document retention rules, enabling the company to avoid civil and criminal fines and penalties.

A document retention policy protects a company against other legal risks as well. The destruction of documents in the ordinary course of business pursuant to a reasonable document retention policy adopted in good faith is a valid justification for the company’s failure to produce these documents in later litigation. Thus, a document retention policy reduces the risk that the destruction of documents will undermine the company’s position in litigation or expose the company to discovery sanctions for spoliation of evidence. It also reduces the likelihood of costly collateral litigation over discovery sanctions. If a company has an ad hoc policy or no policy at all, any document destruction it undertakes is more likely to be viewed by a court as selective and motivated by a desire to destroy damaging evidence.

A document retention policy should not be adopted for the purpose of preventing damaging documents from becoming available in future litigation. But an indirect benefit of a policy adopted for other purposes is that it will rid the company of documents it does not need to keep and that might, in the future, cause the company harm. For example, many e-mails are written less carefully than more formal documents and may contain incorrect assumptions, factual errors, baseless legal conclusions, personal opinions or offensive remarks that can be embarrassing or harmful if they are disclosed. A company does not usually have a business or legal need to retain all of its e-mails. Retaining documents that do not need to be retained exposes the company to unnecessary risk.

Good record-keeping makes it easier for a company to protect its legal rights and prevail in future lawsuits as a plaintiff or as a defendant. This is why, for example, companies retain deeds, insurance policies, original patents, copyrights and trademarks. Similarly, contracts and related documents showing that the company performed its contractual obligations should be kept as long as there is a potential for litigation relating to the contract.

Document retention policies save money. Disposal of documents in an orderly manner and organizing retained documents reduces storage and retrieval costs. In addition, document retention policies reduce the cost of responding to discovery demands in litigation or investigations by saving the time and cost for litigation counsel to retrieve and review documents that the company was not required to retain.

No one policy fits all companies, nor even all business units within a company. A typical policy recites its purpose; provides retention guidelines and procedures for the storage, organization, retrieval and, ultimately, destruction of documents; designates individuals responsible for ensuring compliance with the policy; and provides for the suspension of the policy in the event of litigation or an investigation. Retention guidelines usually divide the documents to be retained (including electronic records) into categories (e.g., administration; accounting and finance; tax; pension, personnel and payroll; legal; insurance; contracts; correspondence). The guidelines typically specify retention periods for each category of retained documents. Documents that do not fall into these categories are to be discarded.

The policy must balance legal and business needs, technological limitations and costs. Creating the right policy is a joint effort of the business people, the legal department, and the records management and information technology specialists.

The goal of the document retention policy is to ensure that everything the company must keep is kept as long as it is needed and no longer. The key question to be addressed is: What documents should be retained and for how long? In answering this question, the business must consider its operational and financial needs. A company should keep documents that are needed for its business, regardless of legal considerations. Any document that is not needed for the business should not be retained unless there are legal reasons to do so.

Documents should be retained at least as long as required by federal or state statutes or regulations. Otherwise, there is no clear-cut legal rule to follow. A document retention policy must be adopted in good faith (not with the intent to conceal misconduct or harmful documents) and be "reasonable considering the facts and circumstances."³ Counsel need to consider the likelihood that a particular category of documents may become material in the future, particularly in litigation. Thus, statutes of limitations are useful guides to use in determining appropriate retention periods. Documents need not be retained once possible litigation involving them is time-barred. Counsel should keep in mind the kinds of claims that may arise, the applicable limitations period, and when the potential claims might accrue.

In addition, counsel should consider industry norms for retention of certain categories of documents. The failure to retain documents as long as industry peers retain them could suggest bad faith, absent a reasonable explanation.

A document retention policy should be updated periodically after it is created. In the event of a merger or acquisition, the acquirer’s counsel should review the document retention policy of the acquired business (if there is one), and integrate the acquired business into the acquirer’s existing document retention program.

A document retention policy that is not uniformly followed is worse than no policy at all. An adversary is sure to point to a company’s failure to meet its own retention standards and to suggest a sinister motive for any document destruction that violates the company’s policy.

Once a plan is adopted, it must be implemented consistently. The first step is to make sure that the policy is approved and fully supported by senior management. The importance of the policy and expectation of compliance should be communicated through the ranks of the company. The company should designate individuals in the legal department and in business units or departments who will be responsible for implementing and monitoring the policy.

The company’s employees will implement the policy on a day-to-day basis. Thus, education and training on the policy are critical. The policy must be distributed to all employees in writing. New employees should be given copies of the policy when they join the company. The policy should be posted, if possible, on the company’s intranet for easy access. Companies should also run training programs on the proper application of the policy. These training programs should be repeated periodically to take into account new employees and periodic changes to the policy. Training programs are also an opportunity for in-house counsel to secure employee feedback that can be used to improve or clarify the policy. In addition, the policy should include a procedure for an employee to seek guidance from the legal department on the application or interpretation of the policy in specific circumstances.

Training must be accompanied by compliance-monitoring. The worst time to find out that the policy has not been followed is in litigation. The general counsel or another responsible officer of the company should regularly audit compliance with the company’s document retention policy and remedy any violations that are discovered.

Finally, the company will need to be able to prove that it adopted and consistently implemented its document retention policy and made every effort to ensure compliance with the policy. To do this, the company should retain (a) copies of the policy in effect each year, (b) proof that the company disseminated the policy to its employees and conducted employee-training programs, (c) compliance audit reports, and (d) legal and factual research supporting the business and legal purposes of the policy.

The biggest danger for the corporation and in-house counsel occurs when a document retention policy intersects with litigation or a government investigation. A company has a duty to preserve documents that are likely to be relevant to pending or threatened litigation. If a company breaches that duty, it could face sanctions in the litigation for spoliation of evidence, including an instruction by the court to the jury that they may draw an adverse inference that the destroyed documents were damaging to the company that destroyed them, monetary sanctions and, in egregious cases, an adverse judgment.⁴

A company’s failure to preserve documents in the face of a government investigation may expose the company to charges of obstruction of justice.⁵ The destruction of documents by employees who are aware of a grand jury proceeding can be an obstruction of justice even if the company has not yet received a grand jury subpoena.⁶ The new Sarbanes-Oxley Act makes it a felony knowingly to destroy documents to "impede, obstruct or influence the investigation or proper administration of any matter" by a federal agency or department "in relation to or in contemplation of any such matter or case …"⁷

A company also has an interest in preserving documents when litigation or government investigation arises because those documents may vindicate the company’s position.

Therefore, every document retention policy should instruct employees to notify the legal department as soon as any potential litigation or investigation for which the company may have relevant records comes to their attention. Every policy should provide for its own suspension and set forth strict procedures for the preservation of documents in the event of a threatened litigation or investigation.

Corporate counsel cannot, however, depend on company employees to recognize or report situations that may require the preservation of documents. Counsel need to be vigilant about any circumstances that may give rise to a preservation obligation, even if the company has not been explicitly threatened with litigation or has not received a subpoena.

The Andersen case illustrates the potential dangers that a company faces if counsel does not take appropriate action. On Oct. 16, 2001, Enron announced a $618 million third-quarter loss and a $1.2 billion drop in shareholder equity. On Oct. 22, Enron announced an SEC inquiry into the company’s finances. On Oct. 23, Andersen partner David Duncan ordered the destruction of Enron-related documents. On Nov. 8, Andersen received a subpoena from the SEC. The next day Duncan’s secretary sent an e-mail to "stop the shredding."⁸ Based on the public information alone, it could be argued that Andersen’s in-house counsel had reason to believe that Andersen had documents relevant to an existing or potential investigation of, and likely civil litigation against, Enron.

One lesson to be learned from the Andersen criminal case is that the general counsel must immediately take affirmative steps to ensure the preservation of potentially relevant documents as soon as counsel believes that the company may have records relevant to a potential or actual litigation or investigation. This means that the general counsel must clearly communicate in writing to all appropriate personnel that the destruction of documents must stop immediately. The communication must identify the categories of documents to be preserved and must convey the serious consequences of non-compliance. Counsel should also communicate with other parties that have documents that may be deemed to be under the company’s control (including subsidiaries, foreign offices and profession-al service providers such as the company’s auditing firm).

Counsel should determine that the non-destruct orders were received, understood and followed. Information technology specialists should be used to ensure that any automated destruction of electronic records also stops immediately. In-house counsel should take whatever steps are necessary to make sure that all documents potentially relevant to a litigation or investigation are preserved and secure.

Document retention policies are an important component of any corporate governance and risk management program. All corporate counsel should consider adopting and consistently enforcing a document retention policy suitable to the business and legal needs of their company.

1. Lianne Hart, et al., "Andersen Sentenced to $500,000 Fine, 5 Years Probation," The Los ^{Angeles Times, Oct. 17, 2002, at Part 3, p.3.}

2. 18 U.S.C.A. §1520(a) (West Group 2002).

3. Lewy v. Remington Arms Co., Inc., 836 F.2d 1104, 1112 (8th Cir. 1988).

4. E.g., West v. Goodyear Tire & Rubber Co., 167 F.3d 776 (2d Cir. 1999).

5. 18 U.S.C. §1503 (2000) (obstruction of grand jury investigations); 18 U.S.C. §1505 (2000) (obstruction of administrative and congressional hearings and investigations).

6. E.g., U.S. v. Gravely, 840 F.2d 1156 (4th Cir. 1988).

7. 18 U.S.C.A. §1519 (West Group 2002).

8. Richard A. Oppel, Jr., et al., "Enron’s Collapse: The Overview; Arthur Andersen Fires An Executive For Enron Orders," The New York Times, Jan. 16, 2002, at al; April Witt, et al., "Losses Conflicts Threaten Survival; CFO Eastow Ousted In Probe of Profits," The Washington Post, July 31, 2002, at A01; Adrian Michaels, et al., "Andersen in Crisis," The Financial Times, April 11, 2002, at 26.