How Long Should Business Records Be Kept?

Maintaining business records is fundamental for any enterprise. These records support financial management, operational efficiency, and regulatory adherence. Proper management and retention help businesses demonstrate accountability, support financial claims, and navigate legal or tax inquiries. Clear guidelines for record retention protect a business’s integrity and long-term viability.

General Record Retention Principles

Effective record retention requires understanding why business documents are kept. Records substantiate income, expenses, deductions, and financial statements. They also provide evidence of compliance with federal regulations and serve as historical references for strategic planning or proving ownership. Developing a comprehensive record retention policy is important for any business. Such a policy outlines record types, retention periods, and management responsibilities. This approach ensures necessary documents are available and prevents accumulation of outdated information. Specific retention periods depend on the record’s nature and governing legal or regulatory authority.

Keeping Tax Records

Businesses must maintain tax records to support their tax returns and prepare for potential IRS audits. For most income tax returns, records should be kept for three years from the filing date or due date, whichever is later. This aligns with the typical statute of limitations for IRS assessment or refund claims.

Certain circumstances extend this period. If gross income is underreported by over 25%, the period increases to six years. Records for worthless securities or bad debt deductions must be kept for seven years. If a business files a fraudulent return or fails to file, records should be kept indefinitely as there is no statute of limitations.

Employment tax records, including payroll tax filings and employee wage documentation, require retention for at least four years after the tax becomes due or is paid, whichever is later. For assets like property or equipment, records should be retained until the period of limitations expires for the tax year of disposal. This ensures proper calculation of depreciation and gain or loss upon sale.

Keeping Employment Records

Employment records are subject to retention requirements from federal agencies like the Department of Labor (DOL) and the Equal Employment Opportunity Commission (EEOC). General personnel records, such as job applications, resumes, performance evaluations, and disciplinary actions, should be retained for one year from creation or employee separation, whichever is later. If an employee is involuntarily terminated, their personnel records must be kept for at least one year from the termination date.

Payroll records, including wages, hours worked, and other compensation details, must be kept for a minimum of three years under the Fair Labor Standards Act (FLSA). Documents explaining wage differences for similar positions, relevant to the Equal Pay Act, need retention for at least two years. Form I-9, used for verifying employment eligibility, must be kept for three years after hire or one year after employment ends, whichever is longer.

Records related to the Family and Medical Leave Act (FMLA), including leave requests and medical certifications, must be retained for at least three years. FMLA medical certifications and related medical histories should be stored in separate, confidential files from general personnel records. Records related to COBRA should be maintained for six years to align with ERISA requirements. Records concerning employee benefit plans, governed by ERISA, need to be kept for six years after the plan year ends. If a discrimination charge is filed, all related personnel and employment records must be retained until the final disposition of the charge or any resulting lawsuit.

Keeping Other Business Records

Beyond tax and employment documentation, businesses generate other records essential for legal, operational, and financial continuity. Legal documents, such as contracts, leases, and intellectual property registrations, should be kept indefinitely or for the life of the agreement plus a period for potential disputes. These documents protect a business’s rights and establish its obligations. Financial statements, including annual balance sheets, income statements, general ledgers, and audit reports, should be kept indefinitely. These documents provide a historical overview of the business’s financial health and performance.

Banking records, such as bank statements and canceled checks, should be kept for at least seven years. This period supports financial transactions and helps resolve discrepancies or inquiries. Corporate governance documents, including articles of incorporation, bylaws, and meeting minutes, represent the foundational legal structure and decisions of the entity and should be preserved permanently. Records related to property and equipment, like deeds and purchase receipts, should be kept as long as the asset is owned and for a period after its disposal to account for depreciation and any capital gains or losses. Customer and vendor records should be kept for several years to manage ongoing relationships and address service or billing issues.

Storing and Disposing of Records

Proper storage of business records ensures their accessibility, security, and integrity throughout their retention period. Physical records can be stored in secure, fireproof cabinets or rooms with restricted access, or in professional offsite storage facilities offering environmental controls and robust security. For digital records, secure cloud storage, encrypted external hard drives, or network servers are common choices. Implementing strong access controls, encryption, and regular data backups is important for digital security. A consistent naming convention and organized filing system, for physical or digital documents, enhance retrieval efficiency and reduce loss risk.

Once records meet their required retention period, secure disposal prevents unauthorized access to sensitive information. Physical documents should be destroyed using a high-quality cross-cut or micro-cut shredder that renders information unreadable. For digital records, simple deletion is often insufficient; data wiping software or physical destruction of storage media like hard drives through degaussing or shredding is necessary for complete eradication. Incorporating a clear disposal schedule into a comprehensive record retention policy ensures documents are destroyed securely and systematically, minimizing risk while maintaining compliance.