Requirements for retention of
original Paper Documents

©1999, 2001 Charlie Plesums, Austin Texas

Many questions have come up concerning the legality of image systems, and specifically the need to retain paper documents. This paper is a summary of the issues as discussed in the records management and image processing circles that I frequent. I even occasionally talk to lawyers, but I am NOT a lawyer, and this is not a legal opinion. Each companyís legal and regulatory counsel must make the final decision concerning the records retained by their company.

General issues of legality

The lawyers who have counseled me suggest that there are two primary paths that they can take concerning evidence stored on an image system:

Many companies were still nervous about these rules, so a blue ribbon panel of legal, regulatory, and records experts was convened by AIIM a few years ago. The panelís initial reaction was that there was nothing for them to do, since everything required was already in place. Under pressure from the convenors, they proposed changes (under the usual Uniform Commercial Code procedures) that would list potential media, including optical storage, in the law.

Many people (including me) used to cite the "best evidence rule," feeling that the courts would require the original paper if it was normally retained, but would accept the digital image copy if the paper had been destroyed in the normal course of business. Several lawyers have told me that this is wrong, primarily because the output from the image system, under the rules above, is legally an original, thus IS the best evidence. They have also explained that the best evidence rule dates back to the big books of legal documents filed in court houses, before microfilm or Xerox copies, when monks and quill pens copied the relevant pages for the courts. The best evidence rule is not relevant.

There is a legal advantage to destroying the original paper. If you make a major investment installing an image system, and then spend even more to keep the original paper records, too, could it be that you donít trust your image system? If you donít trust your image system, why should the courts trust it? Destroying the paper doesnít make the image system legal, but keeping the paper without a compelling business reason weakens the believability of the evidence stored in the image system.

Retention of Paper after Scanning

If the original documents are going to be destroyed after scanning, they still need to be kept at least a short period. (It isnít likely that we will put a shredding station at the back of the scanner.) Two factors determine the amount of time the documents should be savedÖ

The second case is normally the limiting factor. Add a couple weeks to pull the original document (it probably isnít the highest priority work in the company), and this suggests a 60-day retention. If space is a problem, then 45 days may be sufficient. Some companies arbitrarily keep all documents 90 days.

SEC Regulations

"Part 240 - GENERAL RULES AND REGULATIONS, SECURITIES EXCHANGE ACT OF 1934," required that original paper documents, with signatures, be retained by exchange members and broker-dealers for many equity transactions. The Securities and Exchange Commission (SEC) often deals through "Self Regulating Organizations," SROs, such as the National Association of Security Dealers (NASD).

No-Action Letters

In about 1970 they wrote letters to anyone wanting them saying that the regulations had not changed, but they would take NO ACTION against a company using a microfilm system (meeting common standards) if they used the microfilm rather than keeping their paper.

By 1990, image systems were becoming common, but the SEC was not ready to change their rules. Several companies described their image systems to the SEC, and got a specific letter from the SEC that they would take "NO ACTION" against the company for not keeping the original paper as long as they used a system as described. (Note that the no action letter was only for specified company, and only as long as the system worked exactly as described a decade ago. There is no SEC guarantee that one no-action letter would apply to other users of a similar system, but many companies are satisfied with the precedent.)

After numerous no-action letters, the SEC grew tired of the game, and reportedly provided a generic no-action letter that applied to most image systems. (I have not seen that generic letter, but have been assured that it exists.)

1997 Regulatory Change

As you read the regulations, you will see the SEC only added an option, not a change. In practice, if they changed the way the records must be kept, then the SEC would have to prove that they had not increased the paperwork burden - an effort apparently comparable to developing an environmental impact statement for a nuclear waste dump. Therefore the SEC was sneaky - they again said the regulations had not changed - the record keeping requirement was still paper, but if a company chose to use an image system meeting a long series of requirements (most commercial system do their part in meeting the requirements), then the "only" (official) record could be the image rather than paper. The image was not a requirement - only an option, so no impact to anyone who doesn't choose the option, and far less effort for the SEC.

In February 1997 the SEC published changes to the reporting requirements for Broker Dealers (17 CFR Part 240) effective in April 1997. (Click here to see a copy of the changes to the SEC regulations as published in the Federal Register.) These changes provided an electronic alternative to keeping the paper records, provided a number of conditions were met. Many of the requirements are obvious, like having back up copies and properly numbering the optical discs. One condition was the use of write-once (WORM) optical storage. Another condition is providing a third party downloader agreement.

The downloader agreement seems to be a major sticking point. There are really two parts: 1) a third party that will keep the description of the system (e.g. index structure) in escrow, and 2) a third party that will retrieve documents as required if the company is unwilling or unable to do so. The primary concern is corporate failure - with paper or microfilm records, the sheriff can break down the doors and recognize microfilm or paper files to seize. With electronic images, an expert could be required to operate the system and retrieve required documents. Since the company is presumably out of business (or this agreement would probably not have been invoked), there is little chance for the third party to be paid for their services (beyond an up-front fee).

Since the third party must be expert in the image system, the logical parties to provide the service are the vendor or system integrator. Some lawyers have recognized that there is no limit to the amount of work the regulators and courts could demand. There is the potential for being required to provide unlimited services with practically no chance of payment for the services.

A few people interpret the third party downloader agreement to require that the third party have a complete system installed and operational at all times, with back up copies of all the documents active in the system. Obviously maintaining a complete duplicate system and staff is very expensive - perhaps that is why some companies providing this service argue that it is necessary. Other people believe that it is sufficient to have a working knowledge of the image system, and be ready to operate the primary system (perhaps with the protection of the court/sheriff) if the company is "unwilling or unable" to provide access to the system.

So, what are the options:

  1. At least one company has focused on the definition of broker-dealer, and declared their transfer agent as subject to the agreement, but not themselves. (However, many insurance companies - rightly or wrongly - are worried about this regulation.)

  2. Some companies have passed their NASD audit "with flying colors" despite not having a third party agreement. Perhaps this is related to item 1, or perhaps a good record keeping system has caused auditors to overlook the details.

  3. One of the industry experts that I approached on the subject said that many of the companies providing the third party agreements are small records storage companies. He admitted that most of the companies would probably go out of business if this agreement were invoked (unlikely) and the demands were excessive (likely).

  4. Although the regulations prescribe the form of a third party agreement (or at least the certification that an agreement is in place), that form includes the word "reasonable" three times, with no definition of "reasonable." An insurance company could try to provide a third party agreement that defines "reasonable" in ways that makes the liability finite (even if it is large). Once the liability is finite, it may be insurable (the classic Lloyds of London type of policy), or may even be an acceptable business risk for a reasonable fee.

  5. A variant of option 4 is a download agreement for a finite period - say one to three years. During that period, the risk would be small, as long as the insurance company remained viable, and was committed to pay for any services required. If the company faced hard times, the third party downloader agreement would probably not be renewed, thus risking the SEC or NASD approval to use the image system.

  6. An option often mentioned discretely is to keep the paper records "out in the country in a leaky barn." A more socially acceptable statement would be to minimize the cost of paper storage, to meet the letter of the law, knowing that the paper will never2 be required.

  7. Some companies still want to use the "no-action" letters. For a company that previously established their record keeping system under those rules, the "grandfather" argument may be valid. However, the opinion of most experts I have talked with is that we are now working under the 1997 rules, so a "no-action letter" waiving enforcement of some of the 1934 rules is irrelevant.

If there are significant other points or options, please let me know so that I can share them.


1 "...in the normal course of business..." has many implications, from documented procedures to staff training to record keeping and audits. These issues may be more important (or harder to handle) than the legal rules involved, but are not covered at all in this paper.

2 Never is a very strong word, but the paper will only be required if the original company goes out of business without a successor. There will almost certainly a successor company, who will want to access the image records. With a successor and a chance to be paid, a vendor would be willing to work for that successor company, even though no vendor is willing to work for the SEC without pay.


Back to the home page

Send e-mail comments to


©1999, 2001 by Charles A. Plesums, Austin, Texas USA. ALL RIGHTS RESERVED. You may license additional copies of this document through a nominal royalty payment as specified on www.plesums.com.