Minutes and Software, Oversight, Regulation & Disclosure

Question 1

Are Companies required to take Minutes?

Answer 1

Leglisation: Companies are required by law to keep minutes of meetings of their directors (CA2006 s. 248) or general meetings of their members (CA2006 s. 355(1)(b)), written resolutions of the members (CA2006 s. 355(1)(a)) or decisions of any sole member (CA2006 s. 355) or sole member of a class (CA2006 s. 359).

Minutes should be unambiguous and in the third person, singular and past tense.

Question 2

Static Data- what is good practice to include in the minutes? What is not necessary for Members meetings?

Answer 2

The content of the minutes is not set out in the Act or Articles, however, good practice to include the following:

• company name and registered number (registered number is useful where the company subsequently changes its name);
• place, date and time the meeting commenced;
• attendees (indicating which part of the meeting was attended by those not present for the whole meeting); (Not required for Members Meeting)
• identity of the person chairing the meeting;
• confirmation that a quorum is present;
• declaration of any specific potential conflicts of interest (Not required for Members Meeting)
• in matters to be discussed or changes of general potential conflicts of interest;
• and time meeting closes

Question 3

What is Variable Data?

Answer 3

• matters brought forward and action points from previous meeting(s);
• review and approval for signature of minutes of the previous meeting;
• synopsis of discussions on matters on agenda, actions points, decisions made;
• matters to be carried forward and action points; and
• any other business not on the agenda.

Question 4

What are the Six C’s in Minutes?

Answer 4

• Clarity
• Coherence
• Correctness
• Conciseness
• Completeness
• Consistency

‘If i had clarity I would be coherent in explaining concisely and completely the consistent correctness of my minutes’

Question 5

What is the General Format for Board Minutes?

Answer 5

As a minimum, should include:

• name of company
• place where meeting held
• day and date of meeting
• list of those present and other attendees
• apologies for absence
• approval of previous minutes
• accurate and unambiguous record of proceedings, capturing key points and decisions reached
• consider using numbering system
• chairman’s signature

Question 6

What is the General Format for Minutes of General Meetings?

Answer 6

• Statutory requirement to prepare
• Signed by chairman
• Failure to keep minute books makes directors & officers liable to a daily default fine
• Permanent record of business conducted and decisions reached
• Must be clear, concise and unambiguous
• No alterations made once agreed and signed (unless an amending minute at subsequent meeting)
• Approved at next available board meeting - no need for shareholder approval at next AGM
• Members entitled to inspect, and to be supplied with copy within 14 days of request

Question 7

Are minutes evidence of the proceedings of the meeting? What are written resolutions, do they require minutes?

Answer 7

Evidence: Minutes of meetings of the directors recorded and retained in accordance with CA2006 s. 248 and authenticated by the chair of the next directors’ meeting are evidence (in Scotland sufficient evidence) of the proceedings of the meeting (CA2006 s. 249(1)). Provided the minutes have been properly recorded then until the contrary is proved the meeting is deemed duly held and convened, the proceedings to have taken place and any appointments made at the meeting are deemed valid (CA2006 s. 249(2)).

This evidentiary status does not apply to written resolutions of the directors in the Act. However, Model Articles Ltd and Guar reg. 15 do require copies of unanimous or majority decisions of the directors to be retained and this clearly also includes written resolutions.

Written Resolutions: Where decisions are taken by written resolution no need for minutes but instead copies of the resolutions signed by the directors to signify their consent. Resolutions only contain details of the decisions to be approved and may also contain a briefing of the relevant subject matter. Written resolutions do not however contain any discussion of the subject matter as there is no forum for any such discussion.

If the minutes are retained in electronic form, they must still be authenticated by the chair of the meeting to be treated as evidence in proceedings.

Question 8

Are minutes Proof of Existance of a Company and Record of decision?

Answer 8

• Proof of existence of company and that directors have authority to undertake certain specific actions.
• Extracts of minutes often requested, and may be certified by company secretary.
• Historic record of significant events and decision over life of company.
• Director and company secretary changes mean that minutes provide the only long-term account of what took place at meetings.
• Record decisions both in favour or against each matter brought to the board and include sufficient detail of the discussion to allow someone, not present at the meeting, to gain an insight into the reasons leading up to that decision and the key factors taken into consideration.
• Minutes should reflect not only the actions of the board but the context.
• In the interest of brevity, background information need not be repeated.
• If Action points are recorded, it is useful to keep a record of these separately.
• Demonstration of due diligence on part of decision-maker, taking into consideration all the factors- s172 statement.
• Minutes that are properly authenticated and kept are evidence that the meeting took place and that the business set out in the minutes was undertaken.

Question 9

Minutes as Legal Evidence in support of Actions

Question 10

Should minutes be retained?

Answer 10

• In practice, minutes of meetings permanently.
• However, companies must keep minutes of meetings of both members and directors for at least 10 years, for meetings held after 1 October 2007 (implementation of the Act) (CA2006 ss. 248(2) and 355).
• For any meetings held before 1 October 2007 under the CA1985, minutes of meetings of the members and of the directors have to be kept permanently.
• Recommended that notes taken by the minute taker are securely destroyed once the final version of the minutes has been agreed. RISK: notes discoverable in any legal proceedings.
• Directors’ notes, whether in hard or soft copy or annotated with board portal applications, and draft versions of the minutes, particularly in the regulated sectors. Boards should adopt a policy.
• Where minutes are created and retained in electronic form, they must still be capable of being reproduced in hard copy form (CA2006 s. 1135(2)). This requirement will apply not only at the point when the minutes are first stored in electronic form but for at least the 10-year period following the date of the meeting. NOTE advances in technology advances essential that historic minutes are capable of being reproduced in hard copy.

Question 11

Security of Minutes

Answer 11

• Minutes must be stored securely with access limited to those that require access, because they contain sensitive information and for a listed company very possibly price sensitive information.
• Security is required not only to keep the content of minutes secure but also to guard against falsification of the minutes and to facilitate its discovery in any legal proceedings.

Sequential numbering of all paragraphs.

• The chair to both sign the last page but also sign or at least initial each page.
• Hard copy minute books to be kept in lockable cupboard with restricted access.
• Where loose-leaf binders are used these should be lockable.
• To mitigate against the insertion of new text, minutes should be printed single spaced, no spaces between paragraphs and the signature of the chair on the line immediately following the last paragraph. Using special security printed and possibly numbered paper for the copy of the minutes to be signed. This does of course present an additional security risk, as the paper must also be kept securely.

Significant fines by ICO for breaches in GDPR

Question 12

What are the Factors to consider in choosing a vendor for Company Secreterial Software?

Answer 12

Flexibility, Vendor which will adapt to your chosen business model

helpfulness, Vendor who wants to build a long term partnership

knowledge, Aware of legal requirements, and usage of technology

foresight, suppliers main area of development and future upgrades

support, Availability of tech support

accountability, iron out issues without demanding extra

security- fully committed to providing assurance of security controls

Question 13

What are the main areas of software?

Answer 13

• form filing and online filing packages;
• statutory register maintenance;
• minutes and resolution generation applications; and
• group structure overview.

The range of ‘group’ information required to be kept track of and includes tax reference numbers, GDPR registration and renewals, trade mark and patent registrations, licences etc., manual systems are quickly overwhelmed

Question 14

Evaluation of needs for Company, what are the different ways of identifying needs?

Answer 14

Different ways of identifying business and user requirements, which should be methodidcal and structured:

Focus Groups - group of users that perform specific duties and tasks that can be polled to ascertain their duties, functions and system interactions within the company,

Interviews - what is currently being done to support the system?

Interface Analysis- an examination as to inputs, outputs and intermediary steps that may be required for the system to function and define interoperability to exisitng system.

Surveys- an internal account from different points of view as to how operations and processes actually happen.

Observation

Business/user/system requirements + needs/wants/priorities= tasks/processes/workflow

Question 15

What should you consider during the Implementation of Appropriate Software?

Answer 15

• training- introductory training on the new system
• validation of data- Validation process so that the data captured, both old and new is accurate.
• Must provide accurate, secure and accessible data

Input is dependant on the Accuracy and completeness of the underlying dataset- deteriorates over time.

Question 16

How should you consider, Security Issues (cyber attacks), Potential uses and benefits of company secretarial software and Ongoing maintenance and updates?

Answer 16

Security: Data security is an absolute priority due to increased amount of cyber attacks. Even when personal data is on the public record GDPR requires the Company to keep that data secure. Prevent unauthorised access to the date, tampering and falsification.

Potential uses and benefits of Company Secretarial Software: Automating compliance obligations/manual processes and introducing effective control and monitoring processes.

Allows the Co Sec to provide the relavant departments with real-time access to entity and subsidiary related information in a secure manner- the entity management system becomes the single respected and trusted source of corporate records.

• increases efficiency

Ongoing Maintenance and Updates:

Database accuracy has the potential to degrade- add new changes- add new entities from incorporation- regular programmes updating the changes in legislation.

Question 17

What are the Pro’s and Cons for an Internal vs an External Board Evaluation?

Answer 17

Question 18

What are the Investigative Powers of the Regulators?

Answer 18

• Department for Business, Energy and Industrial Strategy Investment (BEIS). Investigate affairs which could be attempt to defraud the creditors, prejudicial acts for the members, or that the company was formed for unlawful purpose. Directors and Officers are expected to produce all documents- Cost borne by BEIS but can be recovered upon conviction. Can investigate as to the true identity of those financially interested in the success or failure of a company- investigate in attempt of takeover for undisclosed arrangements.
• HM Revenue and Customs- Criminal Investigations for those presenting a serious threat to the tax base, material false statements and documents are found, money laundering offences. HMRC can give notice requiring production of documents and information- PAYE NI, VAT returns. Unannounced visits do take place- mostly officer visits by appointment.
• Financial Conduct Authority, FCA can request the production of documents or that an authorised connected person commission and provide a report into a matter- FCA has power to appoint. FCA has power of entry in extreme scenarios where the documents at the premise are in danger of being tampered/lost.
• Prudential Regulation Authority
• Competition and Markets Authority
• The Panel on Takeovers and Mergers

Question 19

What are the Investigative Powers of Regulators Summarised-

Answer 19

Question 20

What are the 5 key aspects of the Data Protection Act 2018 and what is the PECR?

Answer 20

Data Protection Act 2018

• Data processing- Implements GDPR Standards, providing clarity on their definitions, and also ensuring that sensitive health, social care and education data can continue to be processed with confidentiality maintained. Provides appropriate restrictions to rights to access and delete data.
• Law enforcement processing- bespoke regime to aid the processing of data for law enforcement purposes- allow the international flow of data, whilst protecting personal data.
• Intelligence services processing- ensure that laws are up-to-date with modernised international standards, protect data + tackle security threats.
• Regulation and enforcement- enacts additional powers for the Information Commissioner who will regulate and enforce data protection laws, allowing to levy higher finds on data controllers up to £17 million or 4% global turnover for most serious breaches.
• Registration Regime- Data Protection (Charges and Information) Regulations 2018 require every organisation or sole trader that processes personal information to pay a data protection fee, unless they are exempt. ICO maintains a public register of data controllers who pay the fee. Micro Company £40, small and medium £60, Large £2,900

Privacy and Electronic Communications Regulations- PECR sits alongside DPA2018 and GDPR and provides additional protection for individuals in relation to electronic communications which are out of scope of GDPR. Electronic marketing, Use of Cookies, Traffic and location data control.

Question 21

What are the 7 key principles of the GDPR? What does the GDPR place on data processors, and what is considered personal data?

Answer 21

• lawfulness, fairness and transparency;
• purpose limitation;
• data minimisation;
• accuracy;
• storage limitation;
• integrity and confidentiality (security); and
• accountability.

GDPR places new specific legal obligations on data processors including a requirement to maintain records of personal data and processing activities. Data controllers must ensure that the service contractor carries out the processing activities in compliance with GDPR.

Personal data only includes information relating to natural persons who can be identified, or are identifiable, directly from the information in question. Also applies to persons indirectly identified from the information in question when combined with other information. Identification alone is not enough- must relate to the person in some way either as identifying them as a resident/employee/owner of a vehicle etc.

Question 22

What are valid grounds under GDPR for collecting and using personal data? Does the Public have Access to Corporate Information, and How do Companies keep employee data? What is the FOI ACT 2000?

Answer 22

Organisations must have valid grounds under GDPR for collecting and using personal data.

• Consent- GDPR requires consent to be explicit- data subjects have the right to withdraw consent at any time.
• Contractual Obligations- Any processing of personal data is permissible to fulfil a contractual obligation provided there is no alternative
• Legal Obligations- Organisation is doing so to meet a Legal Obligation
• Vital Interests- it permits processing to save a data subjects life- emergency services
• Public task- carry out a function in the national interest
• Legitimate interests- permits the processing of data necessary for the legitimate interests of the data controller or by a third party except where the fundamental rights and freedoms of the data subject require the data to be protected.

Public Access to Corporate Information- Under DPA2018, individuals have the right to find out what information the government and other organisations store about them. An application is made through writing to the organisation- reply within a month, or within 3 months if it is a complex request and the data subject has been informed. An organisation is permitted to withhold, without explanation, some or all information if it relates to the prevention/detection/investigation of a crime, national security or the armed forces- judicial or ministerial appointments etc.

Companies must keep their employees’ personal data safe, secure and up to date. An employer is permitted to keep certain personal information about their employees without their consent: Name/Address, DOB, Education and qualifications, TAX code etc. Certain additional personal information on an employee constitutes ‘sensitive’ personal data and can only be kept and processed with the employees’ explicit permission -race, religion, ethnicity, political memberships or opinions etc.

The Freedom of Information Act 2000- The Act covers any recorded information that is held by a public authority. Any natural person or corporate entity can make a freedom of information request and there is no need to provide any reason for the request or the use the information will be put to. Public authorities have 20 working days to respond to a request- stating whether it holds the requested information, and to provide that information.