A robust records management strategy is crucial for law firms due to the volume of sensitive documents they handle, such as agreements, instructions, and case notes. Effective and compliant document management also includes limitation periods on how long firms should retain client matter files.
It is widely agreed that most types of records should be retained for a minimum of six years as per the Limitation Act of 1980, which is the primary limitation period. Although, certain legal documents require a more extended retention period of at least 15 years or more. However, this is more complex than it first seems, with various factors that should be considered. In this article, our compliance team provides some basic recommendations on limitation period guidelines and effective document retention policies.
2. Guidance on retention periods
Firms are regulated on how sensitive documents should be handled from the moment they are created, though to a specified disposal date and on how communication with clients must be handled in this regard. As a guide, our compliance team provide a few points to consider.
- The accounts rules give the regulatory guidance on the storage of records which is six years from the date of the matter closure. A firm cannot destroy a file before this time.
- Incidentally, the AML Regs 2017 says you must retain Client Due Diligence (CDD) documents for five years.
- Insurers tend to ask firms to retain records for seven years in view of the limitation act (where the primary period for professional negligence is six years from the date of the breach/loss). It is not uncommon for claims to arise just after the 6-year limitation period has expired but the acting law firm has used of the service window.
- Both minors and clients under the Mental Capacity Act 2005 fall into the category of persons under a disability to whom the usual rules on limitation do not apply. For example, the limitation period for minors, of course, will not begin to run until the child reaches the age of 18, and the limitation for the contract is six years. Therefore, provision needs to be made for persons under this category, as they must be treated differently for this reason.
- Once the firm has established with the client that they cannot destroy records within six years, the client must be given the right to have their data deleted, which they can do anytime after the six years whether, they have reached an agreement with the firm to store the file for longer or not.
- Some firms (or probably most) will have extended periods of retention as agreed with the client on a case-by-case basis. When we draft policies, we set the standard for 7 years but ask the firm to list other types of matter where they will store the file for longer i.e.
- Wills – by agreement with the client and if the firm is instructed to hold for life
- LPA’s – again to be held while the LPA is live particularly where the firm is appointed (plus 7 years from closure)
- Trusts – as the above and for as long as the Trust is live or the firm (Partners is a Trustee) + 7 years
- Firms should also bear in mind Section 14b of the limitation act, which does allow for claims in negligence to extend to fifteen years, but this will ONLY apply where the negligence is discovered at a later point in time but cannot exceed 15 years and is limited to 3 years from the date of knowledge.
Ultimately, for limitation requirements under the regulations set by the Solicitors Regulation Authority, a minimum six-year retention period suffices and anything above this will be regarding negligence and insurance.
3. Policies and Procedures
In addition to the above considerations, advising clients on how long you will retain their files is essential. This information should be included in the client care letter and outline what will happen to the file afterwards. For example, you may include details on whether the file will be destroyed or returned to the client after a specified period.
An up-to-date document retention policy is also fundamental when managing and protecting important records. Without one, firms may face regulatory scrutiny, sanctions or financial penalties resulting from poor data management practices. The data retention policy must explain the firms approach and cross-reference into GDPR statements and client care documentation.
It is down to the firm to decide if they want to store data for longer and then agree with or tell the client the reasons for this approach. Failure to tell a client how long data will be stored, when it will be deleted and then giving the right to delete would be a breach of the regulations. A breach will also occur if you do not delete data when you say you will. – Read our previous article – Data Protection and GDPR – protecting your firm
In essence, the firm’s terms and conditions need to make it clear what the storage and retention policy is. Due to the reasons mentioned above, it cannot be less than 6 years, and our recommendation is it should be set at seven years or extended by agreement with the client. A prudent firm may choose for matters where knowledge may be realised after the primary limitation period to extend their storage for up to 15 years.
All the above, of course, refers to both online and paper files. Where you intend to store documents in an electronic format, you should first consider whether the absence of paper documents will be detrimental to the client’s interests before you agree on such storage methods with your client.
4. Effective Policies and Procedures Management
A firm’s failure to maintain an up-to-date suite of documents that accurately reflects its operations and staff responsibilities can leave it vulnerable to criticism from regulatory bodies and professional indemnity insurers. To avoid these risks, firms should consider implementing the following measures:
- Use bespoke documentation and procedures tailored to the firm’s specific needs and operations, rather than relying on generic templates that may not accurately represent the firm’s internal workings.
- Regularly monitor and maintain documentation to ensure that it accurately reflects the firm’s day-to-day practices.
- Provide training to relevant staff members on new or updated procedures to ensure they are properly implemented.
The Strategic Partner provides quality and bespoke document drafting in consultation with the firm and can incorporate a range, from single documents perhaps relating to Client Care to a more complex series of documents, such as Risk and Compliance, Document Retention, Data Protection and Anti-Money Laundering.
The Strategic Partner will work with firms to generate bespoke documents that reflect how they operate. We will help establish best practices and implementation of any changes so that the policies match reality.
5. Outsourced Compliance Solutions
Our goal is to ensure the firms we work with have and retain a compliant structure enabling the firms, their managers, and owners to focus on running their businesses and servicing their clients.
Our packaged risk and compliance solutions provide guidance and support to firms on a range of topics and include: –
- Our Risk, Regulation and Compliance Service (including AML), provides firms with the necessary Policies Control and Procedures (PCP’s) alongside training, supervision structure, an annual independent assessment and reporting. This solution ensures that firms and their staff are compliant and remain so. It also clarifies what to do in the event of a mistake and/or a breach occurs.
- Our extended service, Risk, Compliance, AML Guidance and Register Administration, provides an outsource solution for firms where The Strategic Partner not only manages and maintains the risk registers and provides guidance to all staff (inc. Partners), we also produce monthly risk and compliance reports.
The combination of these two solutions provides a law firm with a robust and cost-effective risk and compliance strategy that ensures staff have access to expert guidance as it is needed.
6. About The Strategic Partner
The Strategic Partner is a law firm knowledge hub. We work with law firms and professional indemnity insurers, advising and guiding on compliance and risk management techniques to assist and reduce instances of claims or regulatory breaches.
We offer a range of services and consultancy tailored to the Legal sector. We have gained a wealth of knowledge and experience in the overall management of law firms and work with them to achieve profitability, stability, and efficiency. Our goal is to become a valued and respected partner to our member law firms, consistently providing high-quality services and solutions.