An entity’s document retention and destruction policy is entity-specific based on the laws and regulations applicable to that entity. Based on the different types of documents that an entity has and the different rules governing the retention of these documents, the process can be very daunting. However it is crucial for any business to have these policies in place due to the implications of not having the documents available e.g. whether due to legal repercussions or due to conflicts with clients and/or suppliers and/or employees.
Below is a summary of the retention periods noted by the Companies Act, 71 of 2008 (the general rule for retention of company records is 7 years or longer):
* Indefinite is not defined in legislation. It is general practice that when an entity ceases to exist, the obligation to retain documents ceases to exist.
** If the entity liquidates, it ceases to exist and the obligation to retain documents will therefore cease to exist.
Where different legislation refers to the retention of the same or similar records, the prudent approach should be taken by following the guidance of the most stringent legislative requirements.
For example, consider the below where the Companies Act requirements (as per previous table) are more stringent.
In accordance with the Income Tax Act, Value Added Tax Act and the Tax Administration Act, the following minimum requirement needs to be met:
# This is dependent on the type of tax document and circumstances surrounding that document.
Based on legislation governing employee relations, the following minimum terms apply:
In any situation, consideration needs to be given to the individual legislative requirements applicable to the specific type of entity. Where legal or other reasons exist that make the retention period longer, necessary documents should be retained for that longer period.
POPIA should be considered with regards to the retention of personal information. POPIA mentions that records of personal information must not be kept any longer than is necessary for achieving the purpose for which the information was collected, with limited exceptions. It is difficult to summarise all scenarios that are possible under this requirement, and it is therefore necessary to develop and implement policies that applies and are specific to each entity.
Refer to the SAICA Guide on the retention of records (issued May 2021) for more details.