What happens when a business violates recordkeeping requirements?
Most people think of fines—which is usually the case. For instance, the SEC recently fined multiple firms (including multiple Wells Fargo related firms) $549 million for poor recordkeeping.[1]
But sanctions take other forms as well. Businesses and entities of all kinds should be aware of these sanctions to proactively tailor their records information management practices. This article discusses examples of the most common sanctions and what your organization can expect from them.
FINES
Simple fines are the most common record keeping penalty. Amounts can vary, but here are some heftier examples:
GDPR (EU) Maximum Fine: €20 million, or 4% of annual worldwide turnover, whichever is greater.[2]
U.S.: Recordkeeping penalties for failure to properly maintain and provide customs related documents start at $10,000 per violation and can go up to $100,000 per violation, depending on the level of culpability.[3]
China: Failure to prepare or keep customs declaration documents, import or export documents, contracts, other materials directly related to the import or export business subject to a fine of not less than 10,000 yuan but not more than 500,000 yuan. If the circumstances are serious directly responsible persons in charge and other directly liable persons shall be subject to a fine of not less than 1,000 yuan but not more than 5,000 yuan.[4]
While these examples are steeper examples, most jurisdictions crack down via fines for record keeping violations, meaning that even smaller fines can add up to hinder any business.
PENALTY UNITS
Penalty units are simply a way of measuring fines. For example, if a penalty unit is worth $100, then a violation worth 10 penalty units totals $1,000.
Australia uses penalty units—and even within Australia, amounts differ. For instance, in Tasmania, a penalty unit is worth $202,[5] but in Queensland, a penalty unit is worth $161.30.[6] The rationale behind this practice is practical: penalty units allow simplicity in defining fine amounts given constant changes in the law and inflation.[7]
Additionally, penalty units allow easy comparison between how sanctions relatively affect corporations and individuals. For example, Tasmanian electrical workers must keep a record of any work performed for 10 years after. If a corporation doesn’t meet this requirement, a fine of 50 penalty units is incurred. However, if an individual fails to keep this requirement, the fine is only 25 penalty units.[8]
PROFESSIONAL SANCTIONS
In many professions, poor record keeping can affect your standing, especially where licensure is required.
For instance, in Nova Scotia, Canada, a denturist can be found guilty of professional misconduct for simply failing to “maintain adequate records.”[9] More severely, insurance agents in California can have their license revoked entirely for not keeping required records.[10]
Paying a fine is a hassle, but losing one’s means—even temporarily—of making money is usually worse.
IMPRISONMENT
In certain cases, jail or prison can be on the table for not keeping proper records. Outright fraud can result in imprisonment (Enron, anyone?), but poor record keeping does not need to be fraudulent in nature to result in prison. For instance, Idaho pharmacists who fail to keep required records can be guilty of a misdemeanor carrying a sentence for a term not to exceed one year in county jail.[11]
Of course, punishments like these are rare. However, even a remote possibility of prison is enough of a headache. Further, there is no way to truly quantify the damage such a scenario would bring to the reputation of a business—shareholders, clients, and potential business partners alike may take note and act accordingly.
A ROCK AND A HARD PLACE
RIM professionals have a dual interest in creating a retention schedule—strategy and compliance. A business bogged down with unnecessary records creates a cluttered environment, potentially exposing the business to disarray and other pitfalls such as the sanctions discussed here. Simultaneously, businesses have an obligation to adhere to record retention periods set by law. Retention schedules help balance both interests.
Sanctions for poor record-keeping practices are very real, but the solution is simple: enterprises should be aware of these sanctions, form a sound records retention schedule tailored to their needs, and adhere to it. Doing so is a way of “showing your work” behind a thoughtful records and information management program, which is a key step towards ensuring neither you or your organization becomes the subject of records practices-related sanctions.
[1] Amazon faces record GDPR fine, (August 2, 2021) https://www.simmons-simmons.com/en/publications/ckrus16301do70a28ptvwqy5t/amazon-faces-record-gdpr-fine
[2] https://gdpr.eu/fines/
[3] 19 CFR 163.6
[4] Regulation on Customs Inspection (2016 Revision)(31)
[5] https://www.justice.tas.gov.au/about-us/legislation/penalty-units-indexed-amounts
[6] https://www.qld.gov.au/law/fines-and-penalties/types-of-fines/sentencing-fines-and-penalties-for-offences
[7] https://en.wikipedia.org/wiki/Penalty_unit#:~:text=A%20penalty%20unit%20(PU)%20is,units%20prescribed%20for%20the%20offence.
[8] Tasmania Occupational Licensing (Electrical Work) Regulations 2018 (14)(1)(p2)
[9] Nova Scotia Denturist Regulations (30)(1)(f)
[10] Cal Ins Code 1747 (p1)
[11] Idaho Code 54-1732(3)(e)
Disclaimer: The purpose of this post is to provide general education on information governance topics. The statements are informational only and do not constitute legal advice. If you have specific questions regarding the application of the law to your business activities, you should seek the advice of your legal counsel.