Credit unions generate a significant number of documents during their day-to-day operations, particularly in light of the proliferation of electronic data. In addition, the nature of documents that are maintained by credit unions may evolve over time, along with the record keeping systems for such documents. As such, credit unions may wish to periodically review whether or not they have taken appropriate steps to meet their legal and business requirements relating to document retention. This blog post provides a high-level overview of some of the key considerations for credit unions to be mindful of when undertaking such a review.
Document retention requirements for credit unions are impacted by a range of considerations, such as legislative requirements and associated guidelines, industry best practices, contractual requirements, client expectations, and business requirements. The following are some key considerations for credit unions in reviewing their document retention practices:
- Complete a high-level assessment of the credit union’s records: Given that document retention requirements vary based on the nature of records, an initial high-level assessment of the types of documents generated and maintained by a credit union is necessary to determine the applicable retention requirements. This assessment generally involves preparing (or updating) a summary of the categories of paper and electronic records generated by the credit union in its operations.
- Consider the applicable requirements: Depending on the jurisdiction in which a credit union is incorporated or registered to carry on business, there are a number of federal and provincial legislative requirements that may be applicable. A credit union’s governing legislation and associated guidelines will outline the key retention requirements. In addition, the requirements of all other applicable legislation should be considered (such as legislation addressing money laundering, privacy, tax, employment, and limitation periods). Provincially regulated credit unions may also wish to consider guidelines for federally regulated financial institutions as a matter of best practice. Lastly, a credit union will want to ensure that its document retention practices address contractual and business requirements as well as relevant client expectations.
- Implement a clear document retention policy: Credit unions should have customized document retention policies which take into consideration the types of records maintained by the credit union as well as all applicable requirements. Such policies typically provide general guidelines for document retention, as well as specific guidelines for each key category of records generated by a credit union. A schedule, or listing, of retention periods is often attached to such policies for easy reference. Once a credit union has created or updated its policy, the credit union will want to ensure that the policy is appropriately implemented (for example, by appropriately training employees, periodically reviewing and updating the policy as necessary, and consistently enforcing the policy).
- Key questions for policies: Some key questions for credit unions to consider and incorporate into document retention policies include:
- Which documents are required to be retained?
- How and for how long should such documents be retained?
- How should such documents be destroyed following the applicable retention periods?
The answers to these questions should be based upon compliance with the applicable requirements outlined above. If documents are retained by third party service providers, a credit union’s policy should outline additional steps to be taken to ensure that the credit union can continue to meet its retention requirements even when documents are in the custody of a third party (for example, by incorporating appropriate contractual terms with service providers).
- Electronic Retention: In addition to the above considerations, credit unions wishing to retain documents electronically should keep in mind that additional requirements apply to electronic documents. These include, for example, practical considerations (such as selecting an IT solution that enables a credit union to efficiently and accurately locate documents when they are needed, and adopting appropriate procedures for storing documents), general legislative requirements for electronic signatures and documents, and evidentiary requirements for electronic documents. A credit union’s document retention policy should address these additional requirements.
- Consequences: Credit unions may face various consequences for failing to meet retention requirements, including for example:
- credit unions and their directors and officers may face criminal charges, regulatory orders, and significant financial penalties for certain such failures (e.g. penalties under money laundering legislation include imprisonment for up to 5 years, a fine of $500,000, or both, as well as other administrative monetary penalties);
- such failures can be costly in terms of time and money to respond to alleged violations and to manage associated reputational and regulatory consequences; and
- such failures can create additional risk and expense if a credit union is faced with legal claims and proceedings.
Developing, implementing, and updating appropriate document retention practices can seem daunting given the number of different steps involved and requirements to consider. Credit unions may wish to consult experienced legal counsel for assistance with implementing appropriate policies and practices or reviewing existing policies or practices.