Employee Records: What to Keep, What to Shred, and How Long to Keep It in New York

For New York financial firms, public companies, and their accounting and legal advisors, the Sarbanes-Oxley Act of 2002 (SOX) fundamentally changed the landscape of document management and destruction. Enacted in the wake of the Enron and WorldCom accounting scandals, SOX doesn’t just tell companies how to keep records — it makes document destruction before required retention periods a federal crime. At the same time, it also creates obligations around the systematic destruction of records once they are no longer required to be kept. Wall Street firms, public company executives, and their advisors in New York City need to understand both sides of the SOX document destruction equation.

This guide explains SOX compliance document shredding requirements for New York financial firms: what records must be retained, for how long, when destruction is permitted, and what procedures must be followed to ensure that your destruction program doesn’t inadvertently expose your company or its executives to criminal liability.

What Does SOX Require for Document Retention?

The Sarbanes-Oxley Act contains two key sections that directly affect document retention and destruction for covered entities:

Section 802 — Makes it a federal crime (punishable by up to 20 years in prison) to knowingly destroy, alter, conceal, falsify, or make a false entry in any document with intent to impede, obstruct, or influence any existing or anticipated federal investigation or official proceeding.

Section 1102 — Creates separate criminal liability for tampering with records with intent to obstruct official proceedings.

Beyond these anti-obstruction provisions, SOX-implementing rules issued by the SEC require specific retention periods for records related to audits and reviews of financial statements:

• Audit and review workpapers — Must be retained for 7 years after the audit or review of financial statements is completed
• Records relevant to audit or review — Any material that is created, sent, or received in connection with an audit or review and contains conclusions, opinions, analyses, or financial data must be retained for 7 years

These rules apply to both accounting firms and their clients. Visit our compliance page for more information on financial industry document security requirements.

Sarbanes-Oxley Record Retention: The Full Schedule

While SOX itself focuses primarily on audit-related records, a comprehensive Sarbanes-Oxley record retention program for a New York financial firm must also account for related regulatory requirements. Here is a practical retention schedule:

• Audit workpapers and related records — 7 years (SOX requirement)
• Annual financial statements — Permanent
• Corporate tax returns — 7 years minimum
• Board minutes and resolutions — Permanent
• Articles of incorporation and bylaws — Permanent
• Contracts and agreements — Generally 7 years after expiration or termination
• General ledger and financial records — 7 years
• Bank statements and reconciliations — 7 years
• Expense reports — 7 years
• Employee payroll records — 7 years minimum
• Correspondence related to financial matters — 7 years (if material to audit)

These retention periods represent minimums; legal counsel may recommend longer retention for some record categories based on your specific business and risk profile.

When SOX Document Shredding Is Legal — and When It Isn’t

SOX’s document destruction provisions create a critical distinction between routine, scheduled destruction of records whose retention period has expired (legal and appropriate) versus destruction in anticipation of or during an investigation (potentially criminal).

Legal destruction:

• Shredding financial records after their retention period has expired pursuant to a formal, written records retention policy
• Destroying records per a consistent, documented schedule that applies uniformly across record categories
• Destruction documented by a Certificate of Destruction from a certified shredding company

Potentially criminal destruction:

• Destroying documents after learning of, or in anticipation of, a government investigation or audit
• Selectively destroying certain records while retaining others of the same type
• Destroying documents after receiving a litigation hold notice
• Accelerating document destruction in response to any regulatory inquiry

This is why a formal, written records retention program — applied consistently, before any investigation arises — is so important for New York financial firms. Ad hoc document disposal, no matter how innocent, creates risk when it coincides with any kind of regulatory scrutiny.

Building a SOX-Compliant Document Destruction Program

For New York financial firms seeking to achieve financial records shredding compliance under SOX, a formal records management program is essential. Key components include:

1. Written records retention policy — Document your retention schedule in writing, have it approved by legal and senior management, and distribute it to all relevant personnel
2. Litigation hold procedures — Establish clear procedures for implementing litigation holds that suspend normal destruction when litigation, investigations, or regulatory inquiries arise
3. Regular destruction schedules — Implement systematic, scheduled destruction of records whose retention period has expired, documented with Certificates of Destruction
4. Certified shredding partner — Contract with a NAID-certified shredding company that provides documented destruction evidence
5. Employee training — Train all relevant personnel on the records retention policy, including the consequences of improper destruction
6. Annual policy review — Review and update your retention schedule annually with legal counsel as regulations evolve

New York Shredding provides certified shredding services for financial firms throughout New York City, including regular scheduled service, one-time purges for expired records, and hard drive destruction. Our Certificate of Destruction documentation supports your SOX compliance records. Contact us to discuss your firm’s requirements.

Why New York Businesses Choose New York Shredding

For over a decade, New York Shredding Document Destruction, Inc. has helped businesses across New York City, Long Island, Westchester, and the Hudson Valley protect their sensitive information through certified, HIPAA-compliant shredding services. Our industrial-grade shredding equipment, locked on-site consoles, and Certificate of Destruction give your business the proof it needs for any compliance audit.

Whether you need scheduled shredding, a one-time purge, or hard drive destruction, we serve all five boroughs and surrounding areas with fast, reliable service. Request a free quote today and get your office on a shredding schedule that keeps you protected year-round.

Ready to get started? Contact New York Shredding for a free quote, or explore our full range of shredding services.