If you manage the office admin for a Singapore company, this situation is probably familiar: you open the filing room, see years of stacked folders and boxes, and have no idea what’s safe to clear out and what needs to stay.
It’s not a small question. Toss something too early and you’re exposed to regulatory risk. Keep everything indefinitely and you’ve got filing cabinets full of documents that should have gone through the paper shredding machine years ago, some of which contain personal data you’re no longer supposed to hold.
Below is a breakdown of the most common business documents, how long Singapore law requires you to keep each one, and what to do when they’ve passed their time.
Why Getting This Right Matters
Singapore has several regulations that govern document retention, and they don’t all say the same thing.
IRAS (Inland Revenue Authority of Singapore) requires companies to retain accounting records and source documents for at least five years from the relevant Year of Assessment.
ACRA (Accounting and Corporate Regulatory Authority) under the Companies Act requires companies to retain accounting and other records for at least five years after the end of the financial year in which the relevant transactions or operations were completed.
The PDPA (Personal Data Protection Act) works differently. Rather than giving you a fixed number, its Retention Limitation Obligation says you must stop holding personal data once the purpose for collecting it is no longer relevant, unless another law says otherwise. In plain terms: you cannot keep personal data indefinitely just in case it becomes useful later.
Getting this wrong in either direction creates problems. Dispose of records too early and you may not be able to substantiate claims during an IRAS audit. Hold onto personal data beyond its purpose and you’re running a PDPA risk.
Reference: How Long to Keep Common Business Documents
The table below covers the most common document types. For industry-specific requirements, check with your legal or compliance team.
| Document Type | Suggested Retention Period | Basis / Notes |
|---|---|---|
| Financial statements, accounting records, source documents | At least 5 years from relevant YA | IRAS |
| Accounting and other company records | At least 5 years after end of relevant financial year | Companies Act / ACRA |
| Invoices and receipts | At least 5 years from relevant YA | IRAS |
| Bank statements | At least 5 years from relevant YA | IRAS |
| GST records (tax invoices, import/export docs) | At least 5 years | IRAS GST rules |
| Ordinary commercial contracts | 7 years after contract ends — practical buffer | Limitation Act gives 6 years from cause of action accruing |
| Contracts involving deeds, property, guarantees, warranties, disputes | Longer — case by case | Seek legal advice |
| Employment and salary records | Current employees: latest 2 years. Ex-employees: last 2 years, kept for 1 year after leaving | MOM / Employment Act |
| Payroll and CPF records for tax/audit purposes | 5 years is prudent practice | Aligns with IRAS and audit needs |
| Leave records | Keep as part of employment records. Longer if disputes possible. | MOM |
| Work injury / incident records | At least 5 years as prudent practice | Verify specific obligations with insurer / legal adviser |
| Corporate meeting minutes, resolutions, statutory registers | Keep while company is active | Companies Act |
| Personal data with no ongoing legal or business purpose | Cease retention, anonymise, or securely dispose | PDPA |
Document by Document
Financial and Accounting Records
Five years from the Year of Assessment for IRAS purposes, and five years from the end of the relevant financial year under the Companies Act. The two rules are similar but not identical, so it is worth knowing both.
The YA clock can catch people out. IRAS taxes companies on a preceding-year basis, so the financial year ending in 2023 is assessed under YA2024. For a company with a 31 December financial year end, a receipt dated March 2023 would generally fall under YA2024 and should be retained until at least 31 December 2028. The exact YA depends on your company’s financial year end, so always calculate from that, not from the date on the document.
What counts as an accounting record? The scope is broader than most people assume: invoices issued and received, payment vouchers, petty cash records, bank statements, and any paperwork that explains a business transaction. Even a handwritten petty cash slip technically qualifies.
For GST-registered companies, tax invoices and records related to the sale or disposal of business assets fall under the same five-year rule.
Five years of financial records for an active SME adds up to a lot of paper. Running an annual document shredding exercise for files that have crossed the five-year mark is not just housekeeping; it’s the right compliance practice.
Contracts and Agreements
For ordinary commercial contracts, the Limitation Act generally allows contractual claims to be brought within six years from the date the cause of action accrues, which is usually the date of breach rather than the date the contract ended. Many businesses therefore keep contracts for at least seven years after the contract ends or after the last possible claim-related event, as a practical buffer.
This applies to most supplier agreements, client service agreements, and NDAs. However, seven years is not a fixed legal minimum for all contracts. Deeds, property-related agreements, guarantees, warranties, contracts connected to ongoing disputes, or those in regulated industries may need to be kept longer. If you are unsure about a specific contract, check with your legal team before scheduling it for paper shredding.
HR and Employment Records
Different documents within HR have different rules, which is where a lot of admin staff get caught out.
Employment and salary records: MOM requires employers to keep employment records for the latest two years for current employees, and the last two years of records for one year after a former employee leaves. This covers employment terms, payslips, and related documentation. For employment contracts that contain non-compete, confidentiality, or IP clauses that could surface later as a dispute, or where the person held a senior role, many HR and legal teams keep records for five to seven years after separation as a practical precaution. That is not a statutory requirement, but a reasonable one.
Payroll and CPF records for tax and audit purposes: the statutory employment records minimum above applies to payroll and payslips, but many businesses retain these for five years to align with IRAS requirements and cover any audit or dispute scenarios. CPF Board’s public guidance does not prescribe a specific fixed retention period for employer CPF contribution records. The practical approach is to download and retain CPF payment records, and keep them for at least five years alongside your financial records.
Leave records: keep leave records as part of employment records, applying MOM’s rule of two years for current employees and one year after the employee leaves. Hold longer if there are potential leave encashment, payroll, or dispute concerns.
Work injury records: five years from the date of the incident is the widely cited standard for WICA-related records, but MOM’s public guidance does not state this explicitly. Verify your specific obligations with your insurer or legal adviser, particularly for cases involving claims or investigations.
Personal data of former employees such as NRIC copies, home addresses, and pass photos: once employment ends and there is no active legal or regulatory reason to retain this information, the PDPA expects you to dispose of it or remove the identifying elements. An ex-employee’s NRIC sitting in a filing cabinet with no specific purpose attached to it is a compliance gap.
Corporate Records
Directors’ meeting minutes, shareholder resolutions, written resolutions, and statutory registers should be maintained as core company records for as long as the company is active. They may be needed for ACRA filings, audits, shareholder matters, banking relationships, due diligence, or disputes, so there is no scheduled end date while the business is running.
If the company is wound up or struck off, IRAS requires that books and papers be retained for at least five years from the date of dissolution.
Documents Containing Personal Data
The PDPA does not hand you a number. It asks a question: is the reason you collected this data still valid? If the answer is no, and there is no other legal obligation to retain it, you need to either destroy it securely or remove the identifying elements.
In practice, this catches a lot of documents that admins don’t usually think of as sensitive: old customer enquiry forms, event registration sheets, candidate resumes for roles that were filled two years ago, visitor logbooks. These all contain personal data, and none of them should sit in a drawer indefinitely.
The easiest approach is to run the PDPA check at the same time as the retention review. When a document hits its expiry date, ask whether the personal data it contains still has a live purpose before you decide what to do with it.
Setting Up a Simple Retention Schedule
No software needed. Most Singapore SMEs can manage this with four steps:
Step 1: Date and label when you file. When a document goes into a physical folder, note the document type and the date. A label on the outside of the file is enough.
Step 2: Write the review date on the folder. Based on the table above, note when the contents can be reviewed. A 2023 invoice folder gets a review date of 2029.
Step 3: Run an annual shredding exercise. Pick a fixed month, Q1 or Q4 works well for most companies. Pull all folders with that year’s review date, confirm the retention period has been met, and book a document shredding service for secure disposal.
Step 4: Keep a destruction log. Note what was shredded, the date, and the method. This is your paper trail for PDPA accountability.
When the Time Comes: How to Shred Properly
Dropping old files into the recycling bin is not appropriate disposal for documents containing personal data or confidential information. The PDPC specifically warns that simply discarding such documents can lead to data breaches and gives shredding, incineration, and pulping as examples of proper disposal methods.
The right approach depends on how sensitive the information is. Cross-cut or confetti shredding is generally safer than strip-cut shredding because it makes reconstruction more difficult, particularly for documents containing personal data or business-sensitive content.
For most offices, the choice comes down to two options.
An office shredder works for day-to-day disposal of a small number of sheets. For clearing years of accumulated records, it is not practical. Office shredders overheat on volume, jam frequently, and require you to remove every staple and paper clip.
A professional shredding service is better suited for bulk clearances. Look for a provider that offers secure collection in sealed or tamper-evident bags, controlled transport, proper destruction at a licensed facility, and a Certificate of Destruction as a formal record. Arkiva provides GPS-tracked collection, documented chain of custody, and issues a Certificate of Destruction for every job.
If the clearance includes hard drives, USB drives, laptops, or company phones, those need to be handled separately. Data-bearing devices should go through secure data erasure, sanitisation, or physical destruction before recycling or resale. They cannot go into the general recycling.
If You’ve Inherited the Filing Room
If you recently took over the admin role and you’re looking at boxes of unlabelled documents from staff who left years ago, do not shred anything before you know what it is.
Sort first. Identify the document type, estimate the date if it is not labelled, and apply the relevant retention period from the table above. If you genuinely cannot date a document, treat it conservatively and check with your finance or legal team before it goes anywhere near a shredder.
Once the initial sort is done, you only have one year’s worth of cleared documents to manage each time you run the annual exercise going forward. It is much more manageable than it looks from the start.
Summary
Most financial records: five years from the relevant Year of Assessment under IRAS, and five years from the end of the relevant financial year under the Companies Act. Ordinary commercial contracts: seven years is a sensible practical buffer, though some contracts need longer. Employment records: two years for current staff, one year after leaving under MOM rules, with five years as common practice for tax and audit alignment. Personal data: only as long as the original purpose requires.
When a document containing personal data or confidential information has served its time, it should not be discarded casually. Proper disposal means securely destroying it, anonymising it, or handling it in a way that makes the personal data unrecoverable, depending on the document type and what the law requires in your situation.
If you are planning a document clearance and need a reliable shredding service in Singapore, Arkiva handles secure collection, destruction, and issues a Certificate of Destruction for your records. Contact us for a quote.
Arkiva Pte Ltd is NEA-licensed and ISO-certified, providing secure document shredding, paper shredding, and licensed e-waste disposal services to businesses across Singapore.
Disclaimer: The retention periods in this article are based on publicly available Singapore legislation and regulatory guidance as of the date of publication, including IRAS, ACRA, MOM, the PDPC, and the Limitation Act. Some figures, particularly for CPF contribution records and WICA work injury records, reflect widely accepted industry practice where primary regulatory sources do not state an explicit period. This article is for general informational purposes only and does not constitute legal or compliance advice. Regulations may change. Always consult your legal counsel, corporate secretary, or relevant regulatory body for advice specific to your situation.