Company directors will need to ensure their businesses
have the right IT systems in place to store and retrieve data to
comply with the new Companies Act.
The
Companies
Act 2006, which will come fully into force by October 2009,
sets requirements for directors to ensure that they look after the
interests of company shareholders. The retrieval of documents and
data is essential for directors to prove this is the case.
The new rules will build on the existing
Companies
Act 1985, and take into consideration modern electronic
communications, which were not widespread when the original act
became law.
The act makes it an offence for an officer of a company to
destroy, mutilate or falsify company documents. Anyone found guilty
could face imprisonment of up to seven years or a fine. This
includes IT directors, making the management of digital information
a priority.
Geoff Yates, a partner at law firm Addleshaw Goddard, said, "You
could be regarded as a shadow director if you influence the board."
People with such responsibilities could face the same scrutiny as
board-level executives, he said.
Digital responsibility
Businesses will have to put in place storage and
data retention policies, and will need to ensure their computer
networks and IT systems are not vulnerable to security attacks that
could damage the business and the interests of shareholders.
The quantity of electronic information stored by companies has
increased significantly in the 20 years since the 1985 act was
introduced. It is important that companies are able to make this
information available to auditors, if required.
Dale Vile, managing director at analyst group Freeform Dynamics,
said smaller companies could find it hard to retrieve the right
information unless their electronic records are managed properly.
"Many smaller companies have been quite relaxed in the past about
keeping records," he said.
Vile said individual staff often take ownership of data within
the company IT systems, such as the sales manager looking after
sales data. He said this needs to change. "Someone in the business
needs to make charge of data."
Vile said smaller companies should adopt an information
life-cycle management plan, which would allow the company to
specify how data is retained and stored.
Lars Davies, chief executive at Kalypton, a company specialising
in helping businesses meet their compliance obligations, said that
a blanket policy on data retention would not be enough to keep the
regulators happy.
He said businesses must keep the IT department fully informed so
they can prioritise which information to retain. "A vague
requirement to 'keep records' or 'make us compliant' is just not
good enough. IT directors and managers must insist that they are
given the information they need."
Electronic communications
Another major change that the act brings is allowing directors
to communicate with shareholders electronically.
This means websites will have to be robust and electronic
communications with shareholders will need to be secure. Prior to
the act, firms could only make official communications to
shareholders by post.
Paul Claydon, a partner at law firm Morrison & Foerster,
said the challenge for IT directors would be to ensure websites are
able to cope with the increased traffic coming from shareholders.
"You will want to make your website as robust as possible to cope
with the increase in traffic," he said.
An IT failure that prevents shareholders from accessing the
company's website would breach shareholder rules, he said.
Tim Jennings, research director at analyst firm Butler Group,
said, "There will be a requirement for secure communications with
shareholders, which means using encrypted e-mail and digital
signatures."
IT directors may need to evaluate the feasibility of providing
secure e-mail for shareholders. Jennings said companies will need
to extend their document management systems to support the
electronic distribution of company documents and reports to
shareholders using the Acrobat PDF file format.
● The Companies Act 2006 simplifies the previous 1985 act to
clarify director responsibilities.
● Companies will be able to make greater use of electronic
communications with shareholders.
● Companies will be required to publish their full registration
details, registered office, registration number, e-mail addresses
and websites in all correspondence.
● Directors could be imprisoned for as long as seven years and
face an unlimited fine for destroying company documents.
● Directors and managers, including IT directors, could be
liable if they fail to comply with the act.