Do’s and Don’ts of Offshore Corporate Recordkeeping

Most offshore compliance problems I see aren’t the result of complex regulations. They usually boil down to sloppy recordkeeping: missing board minutes, unsupported cross‑border payments, or no paper trail for who really owns the shares. The good news is that clean, disciplined records will solve 80% of these headaches. Whether you manage a single holding company or a web of subsidiaries, the principles below will help you build a recordkeeping system that satisfies regulators, keeps your banks confident, and makes audits uneventful.

Why offshore recordkeeping matters

Offshore structures attract more scrutiny than most onshore companies. Banks, regulators, and tax authorities all want to see the same thing: that the entity is real, well‑governed, and used for legitimate business. Good records are how you prove that. They show decision‑making, control, and the flow of funds. They demonstrate that the company can stand on its own, without relying on a shareholder’s personal wallet or memory.

The stakes are higher than they appear. Banks have been “de‑risking” for years—closing accounts when they can’t quickly understand a corporate customer’s ownership or transactions. Auditors expect contemporaneous documentation for transfer pricing and intercompany loans. Economic substance rules in many offshore centers require companies to evidence local activity. Every one of these expectations rests on the quality of your records.

Finally, tidy records are operational leverage. When you can instantly pull a resolution, a register extract, or an invoice pack, decision cycles shrink. Deals close faster. Tax queries don’t derail quarter‑end. It’s not glamorous, but nothing is more practical.

Core principles: the do’s and don’ts at a glance

Do:

• Keep a complete, indexed set of statutory, ownership, and governance records at all times.

• Maintain detailed accounting evidence—ledger, invoices, contracts, and bank support—for at least 5–7 years (or longer if your jurisdiction requires).

• Document decisions when they happen. Minutes and resolutions should be contemporaneous, not reconstructed months later.

• Align your recordkeeping with economic substance requirements: keep proof of local meetings, employees, premises, and expenses where relevant.

• Centralize storage in a secure document management system with access controls, versioning, and audit logs.

• Create a jurisdiction‑specific retention schedule and a compliance calendar for filings and deadlines.

• Build standardized “evidence packs” for banks, auditors, and tax authorities.

Don’t:

• Commingle personal and company funds or use personal email/accounts for company business.

• Rely solely on your registered agent to keep core records. Maintain your own master set.

• Backdate minutes or resolutions. If you missed a meeting, record a late ratification transparently.

• Leave beneficial ownership undocumented or out of date. Ownership chains change—your register should too.

• Ignore local language, notarization, or apostille requirements for documents to be enforceable or bank‑ready.

• Keep only PDFs of key originals when wet‑ink or notarized copies are still required in certain jurisdictions.

• Assume one retention rule fits all. Tax and company law retention periods vary widely.

The records you must maintain

Corporate and statutory records

Every offshore entity should have a clean “corporate bible” that can be shared at a moment’s notice. At minimum:

• Certificate of incorporation and any name change certificates.

• Memorandum and articles (constitution/LLC agreement/partnership deed).

• Registers:

• Members/shareholders (or interests for LLCs).

• Directors/managers and officers.

• Beneficial owners/controlling persons where required (e.g., PSC in the UK, registrable controllers in Singapore, significant controllers in Hong Kong).

• Charges/encumbrances.

• Share certificates or unit confirmations (if issued) and transfers/stock ledger.

• Minutes and written resolutions of the board and shareholders.

• Powers of attorney and authorized signatory lists with specimen signatures.

• Registered office and agent appointment agreements.

• Licenses and permits (e.g., trade license, business registration certificates).

• Proof of good standing and incumbency certificates (keep current and historical).

Do:

• Keep the official registers current within statutory timelines when directors/officers or ownership changes occur.

• Store both the executed original and a certified copy for irreplaceable items (constitution, key resolutions).

• Maintain an up‑to‑date organizational chart linking each entity and beneficial owner with ownership percentages and voting rights.

Don’t:

• Use bearer shares where prohibited.

• Forget to file required updates to public or semi‑public registers after changes (e.g., UBO register updates).

• Keep minutes as vague one‑liners. Capture the substance of discussion, not just the voting result.

Accounting and tax records

A tidy ledger won’t save you if it isn’t supported by evidence. The standard audit pack should include:

• General ledger, trial balance, and chart of accounts.

• Bank statements, bank confirmations, and reconciliations.

• Invoices (sales and purchases), contracts, and delivery/acceptance evidence.

• Expense claims with receipts and approval trail.

• Intercompany agreements (management services, licensing, cost sharing, loans) with pricing support.

• Fixed asset registers and depreciation schedules.

• VAT/GST returns and working papers where applicable.

• Corporate income tax computations, returns, and correspondence.

• Transfer pricing documentation (master file/local file where relevant) and benchmarking studies.

Retention guidelines:

• Many offshore jurisdictions require 5 years of record retention after the end of the financial period (e.g., Cayman, Singapore). Others, like Hong Kong, require 7 years. HMRC generally expects 6 years for UK tax records. Design your policy for the longest applicable rule plus a buffer.

• Keep intercompany agreements and loan documents for the life of the arrangement plus the longest tax limitation period.

Do:

• Use consistent invoice numbering and ensure every bank transaction maps to an invoice, contract, or board approval.

• Maintain contemporaneous pricing evidence for intercompany services and loans.

• Tie every dividend, capital contribution, or share redemption to proper authorizations and filings.

Don’t:

• Pay or receive material amounts without documented purpose and counterparties.

• Let “miscellaneous” accounts grow. Auditors and banks loathe unexplained balances.

AML/KYC and counterparty due diligence

Even if your company isn’t a financial institution, banks and regulators increasingly expect corporates to show they know their counterparties.

Maintain:

• KYC files for major customers and suppliers: legal name, registration extract, ownership where relevant, and screening results for sanctions/PEP exposure.

• Onboarding questionnaires and risk ratings for high‑risk counterparties.

• Contractual terms including payment conditions and delivery obligations.

Do:

• Update counterparty KYC periodically, especially for high‑risk jurisdictions or large exposure.

• Screen counterparties and beneficial owners against sanctions lists before first payment and when changes occur.

Don’t:

• Rely solely on a counterparty’s own brochure or website. Get official registry extracts or certificates.

Employment and payroll records

If your offshore entity employs staff or uses contractors:

• Employment contracts, job descriptions, work permits/visas.

• Payroll records, tax and social contributions, pension filings.

• Timesheets for contractors and approvals.

• HR policies and disciplinary records where applicable.

Do:

• Align employment evidence with economic substance claims (e.g., the staff you rely on for CIGA should be employed by the entity claiming substance).

• Keep local language copies if mandated.

Don’t:

• Treat long‑term contractors like employees without proper structure; this will backfire in substance reviews and labor audits.

Governance and economic substance evidence

Economic substance rules in jurisdictions like BVI, Cayman, Bermuda, Jersey, Guernsey, Isle of Man, and the UAE require evidence that core income‑generating activities occur locally for relevant activities.

Keep:

• Board and committee meeting calendars, agendas, and location evidence (room bookings, travel itineraries).

• Minutes recording strategic decisions made in the jurisdiction.

• Office lease, utility bills, and equipment/service contracts.

• Employer records evidencing local employees, roles, and qualifications.

• Local expenditure records aligned to the scale of activities.

Do:

• Schedule key decisions in the relevant jurisdiction and capture who attended in person.

• Keep a concise “substance pack” ready for annual filings: meetings summary, local headcount, premises proof, expenditure totals.

Don’t:

• Run everything by email across borders and retroactively put a “local meeting” cover on it. It’s obvious to reviewers.

Regulatory filings and licenses

Track and archive:

• Annual returns/confirmation statements.

• Economic substance returns and notifications.

• Beneficial ownership filings.

• Financial statements filings (e.g., XBRL in Singapore).

• Business license renewals.

• VAT/GST and corporate tax filings.

• Any regulator correspondence and decisions.

Do:

• Maintain a master calendar with filing dates, preparers, and sign‑offs. Include buffer time for notarization/apostille where needed.

• Store submitted copies with proof of receipt.

Don’t:

• Let your registered agent file on auto‑pilot without your review. Validate data before submission.

Building a recordkeeping system that works

Step 1: Map obligations by jurisdiction

Start with a jurisdictional matrix. For each entity, list:

• Statutory registers required and where they must be kept (registered office vs principal place of business).

• Accounting and tax retention periods.

• Language, notarization, and apostille requirements.

• Annual filings, deadlines, and approval chains.

• Economic substance rules and evidence expectations.

• UBO/PSC register requirements and who may inspect.

In my experience, a one‑page cheat sheet per entity prevents 90% of last‑minute scrambles.

Step 2: Choose a home for records

Use a proper document management system (DMS) rather than a shared drive. Options range from enterprise tools (Diligent Entities, Athennian, NetDocuments) to well‑structured SharePoint or Google Drive with strict governance.

Key features:

• Role‑based access, MFA, and audit logs.

• Version control and document locking.

• Metadata fields for jurisdiction, entity, document type, retention category, and expiry dates.

• Automated reminders for renewals (licenses, IDs, board terms).

Create a standard folder structure:

• 00 Corporate (constitution, registers, minutes, powers of attorney).

• 10 Ownership (share certificates, transfers, UBO evidence, org charts).

• 20 Banking (account opening, mandates, KYC, statements, reconciliations).

• 30 Contracts (customer, supplier, intercompany, NDAs).

• 40 Finance & Tax (ledger, TB, returns, TP docs, audits).

• 50 Regulatory (licenses, filings, correspondence).

• 60 Substance (meetings, leases, employees, travel, expenses).

• 70 HR & Payroll (contracts, filings, policies).

• 80 Legal (litigation, opinions, notices).

Step 3: Establish naming conventions and version control

Pick a naming convention that is human‑friendly and sortable:

• [YYYYMMDD][Entity][DocType][Counterparty/Descriptor]v1.0.pdf

• Example: 20250331ACMEBVIResolutionShareIssuev1.0.pdf

Lock drafts during review, and only publish signed, final versions to the “Official” folder. Archive superseded versions with a “Superseded” tag so no one uses the wrong template in a rush.

Step 4: Calendar key events and filings

Use a central compliance calendar with:

• Filing dates and internal cut‑offs.

• Board and shareholder meeting slots.

• License renewals and bank KYC refresh cycles.

• Director/officer term expirations and required resignations/appointments.

Automate reminders 60/30/7 days out. Assign owners and escalation paths. I like a quarterly “evidence day” where the team closes out meeting packs, reconciliations, and filings for that quarter.

Step 5: Control access and approvals

Limit access to sensitive folders (UBO, bank, HR). Set up:

• Maker‑checker workflows for payments, contracts, and filings.

• E‑signature policies (DocuSign/Adobe Sign) with signer verification aligned to local legal acceptance.

• Authority matrix defining who can sign what, and capture board‑approved delegations in writing.

Step 6: Routine audits and evidence packs

Run internal spot checks:

• Pick a bank transaction and trace the invoice, contract, approval, and board authority.

• Select a director change and check the chain: resignation letter, acceptance, register update, filing confirmation.

• Review an intercompany charge: agreement, pricing support, invoice, and payment receipt.

Prepare standard “evidence packs” to reduce firefighting when a request arrives:

• Banking pack: org chart, UBO tree with IDs, structure rationale, sample contracts, latest financials, and compliance policies.

• Tax pack: trial balance, GL, returns, TP master/local file, intercompany agreements, and loan files.

• Substance pack: meeting calendar, minutes, travel/attendance proof, office lease, staffing list and roles, local expenditures.

Step 7: Disaster recovery and continuity

Follow the 3‑2‑1 rule: three copies of your data, on two different media, with one offsite. For sensitive corporate records:

• Primary DMS in the cloud with regional redundancy.

• Encrypted offline backup (e.g., secure vault or cold storage).

• Tested restore procedures and a simple disaster runbook.

Don’t forget physical originals:

• Track where originals live (registered office vs company vault), who holds keys, and custody transfers. For wet‑ink items, store in fire‑resistant cabinets and log every checkout/return.

Digital best practices and security

• Choose a cloud region that aligns with your data transfer obligations (e.g., GDPR requires appropriate safeguards for transfers). Use standard contractual clauses where needed.

• Enable MFA for all users and SSO integration with conditional access policies.

• Encrypt at rest and in transit. For ultra‑sensitive IDs or UBO data, consider field‑level encryption.

• Maintain an access review cycle (quarterly) to remove dormant accounts and excess privileges.

• Keep email hygiene: avoid transmitting passports and bank mandates over unsecured email; use secure links with expirations.

• Maintain a clear policy for electronic vs wet‑ink signatures. Many jurisdictions accept e‑signatures for internal documents but still require notarization/apostille for registry filings, bank mandates, or share transfers.

• Maintain a legalization tracker: which documents need notarization, certified copies, or apostille for a specific counterparty or authority.

Specific jurisdiction nuances

The basics are universal, but a few jurisdictional quirks regularly trip teams up. A handful of examples:

British Virgin Islands (BVI)

• Accounting records and underlying documentation must be maintained and be sufficient to show and explain transactions; generally kept for at least 5 years from the transaction date. Keep them at the registered office or make them accessible upon request.

• Beneficial ownership reporting through the BVI’s secure system remains a core obligation for in‑scope entities.

• Economic substance filings are annual for relevant activities; keep minutes showing decisions and proof of local resources if applicable.

Common mistake: treating the registered agent as a warehouse for everything and not keeping a complete internal set. Agents keep statutory basics; you must maintain underlying documentation and accounting evidence.

Cayman Islands

• Maintain proper books and records for at least 5 years. Funds and regulated entities face additional recordkeeping expectations.

• Economic substance notifications and reports are required for entities conducting relevant activities.

• UBO information must be kept in a beneficial ownership register for certain entities and be available to authorities.

Common mistake: assuming audited financials are optional for all vehicles. Many regulated structures require audit; plan your evidence trail accordingly.

Singapore

• Companies must keep accounting records for 5 years after the end of the financial year. AGM/annual filing timelines depend on fiscal year and company type.

• File financial statements in XBRL format unless exempt; keep board and shareholders’ resolutions clean and timely.

• Maintain the register of registrable controllers (private register accessible to authorities).

Common mistake: leaving XBRL conversion to the last minute without mapping the chart of accounts, resulting in errors and resubmissions.

Hong Kong

• Businesses must keep sufficient records for 7 years to enable accurate assessment of profits tax. Significant Controllers Register must be maintained and available for inspection by authorities.

• Keep business registration certificates current and displayed at the place of business where required.

Common mistake: treating a Hong Kong SPV with no local operations as exempt from robust recordkeeping. The Inland Revenue Department still expects proper books and records.

United Arab Emirates (UAE)

• Corporate tax at 9% applies from 2023 for most businesses; keep tax records and transfer pricing documentation where thresholds apply.

• Economic substance rules apply in both mainland and many free zones. UBO reporting is required.

• VAT records must be kept, including tax invoices and credit notes.

Common mistake: mixing free zone entities’ activities with mainland operations without proper contracts and invoicing, then lacking the records to support tax positions.

UK and US links

• UK: Maintain the PSC register and statutory books; HMRC typically expects 6 years of tax records. For groups, align Company Secretarial practices with tax retention.

• US Delaware LLC with foreign ownership: Even if disregarded for US tax, a foreign‑owned single‑member LLC must file Form 5472 with pro‑forma 1120 and keep supporting records of reportable transactions.

Common mistake: ignoring US informational reporting for “inactive” LLCs and keeping no records of intercompany funding.

Banking and payments: make the auditor’s life easy

Banks and auditors look for the same trio: purpose, authority, and evidence.

Best practices:

• Segregate accounts by entity and currency; no personal use, ever.

• Maintain a clear payment policy: two‑step approvals for amounts above a threshold, with segregation between requestor and approver.

• Capture purpose in the payment reference and link payment batches to invoice lists and signed contracts.

• Keep all SWIFT/MT103s, remittance advices, and bank confirmations. Reconcile monthly and sign off.

• For dividends, interest, and royalties, keep withholding tax analysis and treaty claim documentation.

• For inbound funds, request and retain counterparty payment evidence when needed (e.g., capital contributions should match board approvals and subscription agreements).

Don’t:

• Use circular funding with opaque descriptions. That’s a red flag for both banks and auditors.

Transfer pricing and intercompany records

If your offshore entity transacts with affiliates, assume you must defend the pricing.

Essentials:

• Intercompany agreements signed before or contemporaneously with transactions: services, licensing, distribution, loans, cash pooling.

• Master file and local file (where applicable) aligning with OECD standards.

• Benchmarking studies for service markups, royalty rates, and loan interest using reputable databases or advisor studies.

• Evidence of services performed: timesheets, work logs, deliverables, and management meeting notes.

• Loan documentation: principal, tenor, currency, collateral, covenants, and interest rate rationale.

Common pitfalls:

• Treating intercompany invoices as a year‑end plug. Price and document during the year.

• Using a single markup for all services regardless of function and risk. Tailor rates to activities.

Common mistakes and how to fix them

• Backdating minutes: If you missed documentation, prepare a ratifying resolution that states the actual timeline and reasons. Consistency beats fictional perfection.

• No beneficial ownership trail: Build a top‑to‑bottom ownership diagram with percentages, and attach registry extracts and ID verification for each layer. Update after every change.

• Missing substance evidence: If travel or meetings didn’t happen locally, don’t claim they did. Instead, adjust operating practices for the next period—schedule meetings in‑jurisdiction, hire locally where needed, and document.

• Disorganized DMS: Archive and rebuild. Start with the folder structure above, migrate documents with metadata, and lock the structure. It’s a one‑time heavy lift that pays for years.

• Poor invoice quality: Standardize templates with required fields (entity name, address, tax IDs, invoice number/date, payment terms, description). Make them audit‑friendly.

• Ignoring language/legalization needs: Keep a register of documents requiring notarization or apostille for bank or regulator use. Build extra lead time into your calendar.

• Over‑reliance on memory: Tribal knowledge walks out the door. Write playbooks for recurring processes: share issuances, director changes, bank account openings, and intercompany billing.

A practical toolkit you can deploy this quarter

• Entity profile sheet: one page with incorporation details, UBOs, officers, registered office, licenses, tax IDs, bank accounts, and key advisors.

• Retention schedule: jurisdiction‑specific rules summarized by document category with destruction dates.

• Compliance calendar: annual returns, economic substance, tax filings, license renewals, and KYC refresh cycles with owners and due dates.

• Authority matrix: signing limits by role and document type; linked to board‑approved delegations.

• Meeting pack templates: agenda, board papers, attendance register, and minute templates.

• Intercompany agreement library: services, cost‑sharing, IP licensing, and loan templates aligned with your functional analysis.

• Onboarding dossier for banks: org chart, UBO IDs, financials, business model narrative, major contracts, and AML policy.

• Month‑end checklist: bank recs, AR/AP aging, intercompany confirmations, substance log updates, and document filing.

What to do when ownership or structure changes

Change is where recordkeeping shines—or fails.

When ownership changes:

• Obtain share transfer forms, board approvals, updated share certificates, and register updates.

• Update UBO/PSC/registrable controller registers and notify authorities within required timelines.

• Amend bank mandates and authorized signatories; banks will ask for resolutions and IDs.

When migrating or redomiciling:

• Keep certificates of discontinuance/continuation, legal opinions, and evidence of asset and liability transfers.

• Update contracts with counterparty notices where required by change‑of‑control or governing law provisions.

• Refresh substance planning if the new jurisdiction’s rules differ.

When appointing/replacing directors or officers:

• Obtain signed consents, resignation letters, and acceptance letters.

• Update registers, filings, and bank mandates.

• Remind departing individuals to return company property and confirm records custody.

Do:

• Prepare a “change pack” with all relevant documents and a checklist per change type.

Don’t:

• Forget to re‑paper intercompany agreements when governance or jurisdiction shifts alter tax or legal assumptions.

Working with registered agents, corporate secretaries, and providers

Your registered agent or company secretary is a key partner, not a dumping ground.

• Set SLAs for changes and filings, including review timelines and document formats.

• Request annual extracts of statutory registers and compare to your internal set.

• Share your org chart and UBO updates proactively; don’t wait for their annual KYC refresh.

• Ask for a “compliance certificate” quarterly stating filings are current, or at least a status report.

• For multi‑jurisdiction groups, consider a single entity management platform to consolidate data from various agents.

Red flag: an agent who can’t produce current registers within 48 hours or who refuses to share copies. That’s your risk, not theirs.

Quick checklists

Onboarding a new offshore entity

• Incorporation docs and constitution filed and stored.

• Registers created: members, directors, beneficial owners, charges.

• Board appointments, bank mandates, signatory lists completed.

• DMS folders configured; naming conventions and retention policy applied.

• Accounting system set up with chart of accounts and tax codes.

• Intercompany agreements drafted (if applicable).

• Compliance calendar loaded: annual return, substance, tax, license renewals.

• Bank KYC pack prepared and consistent with filings.

• Substance plan documented (meetings, staffing, premises if relevant).

Year‑end evidence pack

• Signed financial statements and board approval minutes.

• Trial balance, GL, AR/AP aging, bank recs, and confirmations.

• Intercompany confirmations and transfer pricing documentation.

• Substance summary: meeting log, local staff list, lease and expense summary.

• Tax computations, return drafts, and supporting workpapers.

• Updated UBO/PSC registers and any change filings.

• License renewals and regulator correspondence.

Exit, liquidation, or strike‑off

• Board and shareholder approvals; appointment of liquidator if needed.

• Settlement of liabilities and collection of receivables with proof.

• Final financial statements and tax clearances.

• Distribution approvals and evidence of payments to entitled parties.

• Delivery of books and records to the appropriate custodian per law.

• Notices to banks, counterparties, and regulators with confirmations archived.

Red flags that trigger audits or bank reviews

• Large or frequent cross‑border payments with vague descriptions and no matching contracts.

• Transactions with high‑risk jurisdictions without enhanced due diligence.

• Sudden director/UBO changes without a credible rationale or updated structure narrative.

• Inconsistent business purpose: filings say “investment holding” but transactions show active trading without licenses.

• Repeated late filings, missing annual returns, or lapsed licenses.

• Economic substance claims unsupported by local meetings, staff, or expenditure.

If any of these apply, expect questions. Prepare your evidence pack before someone asks.

Do’s and don’ts for daily discipline

Do:

• File documents the day they’re signed; don’t let “to be filed” piles form.

• Log board decisions and attach the underlying papers (presentations, contracts) to the minutes.

• Reconcile bank accounts monthly and sign off digitally with timestamp.

• Keep a change log for registers with time, person, and reason for each update.

• Refresh bank KYC proactively when your structure changes.

Don’t:

• Treat emails as your filing system. Extract decisions and approvals into the DMS with proper metadata.

• Let a single person control all access and knowledge. Cross‑train and document.

• Assume shared drive links to personal OneDrive or desktop locations will be accessible long term.

A few real‑world examples

• A private equity fund lost six months on a portfolio exit because the BVI SPV’s share ledger was inconsistent with historic transfers. We rebuilt the ledger from bank wires, share transfer forms, and resolutions, then got a comfort opinion. Had the registers been updated at each transfer and verified yearly, the sale would have closed on schedule.

• A trading company’s Hong Kong bank froze their account after inbound wires lacked clear purpose and the company couldn’t produce contracts. We put in place a deal folder for each trade: sales contract, purchase contract, bills of lading, and payment approvals. The bank unfroze after reviewing the new system and a sample pack.

• A tech group failed a UAE economic substance review because board decisions were made over Zoom with no local attendance. We moved quarterly meetings in‑person to the free zone, documented travel and room bookings, and hired a local finance manager. The next year’s filing sailed through.

Keeping people engaged and accountable

Processes are only as good as the people who run them.

• Assign document ownership: each document type has an owner and a backup.

• Use short SOPs with screenshots for recurring tasks (e.g., updating the register of members).

• Hold a 30‑minute monthly “records stand‑up” to clear bottlenecks and review upcoming deadlines.

• Tie clean audits and on‑time filings to performance metrics for legal/finance teams.

• Celebrate the “boring” wins: an auditor’s clean report, a bank KYC refresh approved in one pass.

Final thoughts

Offshore recordkeeping isn’t about collecting paper. It’s about being able to answer, without hesitation, three questions: Who owns and controls this company? How are decisions made? Can you prove the money flows match the business story? Build your system around those questions and the rest falls into place.

The do’s and don’ts above reflect what has consistently worked across dozens of jurisdictions and hundreds of audits, bank reviews, and tax examinations. Start with a clear structure, document decisions as they happen, centralize the evidence, and keep your data secure. When the inevitable request lands—an auditor’s sample, a bank refresh, a regulator’s query—you’ll respond with confidence, not chaos.