Institutional Memory: The Asset Organisations Lose Without Realising
Why Supervisory Boards Must Protect Their Decision-Making Record
Every organisation believes it remembers its own history.
Until it doesn’t.
Somewhere along the way, the email chain disappears. A WhatsApp discussion evaporates when a director upgrades their phone. A key supervisory board member resigns and takes years of context with them in their personal Gmail account. The decision may still exist somewhere.
But the reasoning behind it – and sometimes even proof that it was approved – has vanished.
Increasingly, another layer is being added to this problem. Directors now routinely upload documents into AI tools to summarise reports, generate questions, or draft responses. Each interaction can create additional fragments of information – summaries, prompts, and interpretations – that live on external platforms the organisation does not control.
What begins as a single supervisory board or corporate document can quickly spawn multiple AI-generated versions circulating across email threads and chat groups. And that is where trouble begins.
In a recent white paper I wrote on safeguarding institutional memory, I examined a surprisingly common governance vulnerability: critical supervisory board-level communication scattered across private devices, personal email accounts, and messaging apps.
It may seem harmless. In reality, it creates serious operational and legal risks.
When the Paper Trail Vanishes
Imagine a large infrastructure company that approved a major long-term contract five years ago.
At the time, the supervisory board debated the decision extensively – or not! There were concerns about pricing, technical capacity, and delivery timelines or not!. Additional reports were circulated – or not!. Several directors asked for clarifications before the final vote – or not!. Eventually, the supervisory board approved the contract – or not!
Fast forward five years. The project encounters difficulties, and shareholders and stakeholders begin asking questions. One very simple question arises: Did the supervisory board actually approve this decision? That question should be easy to answer.
But the minutes are vague. Supporting reports were circulated through personal email accounts. The chair who coordinated the discussion has since stepped down. The WhatsApp group used to exchange documents no longer exists.
Today, the problem may be compounded further if portions of the analysis were run through AI tools, leaving fragments of the deliberation scattered across platforms the organisation cannot access.
Now the organisation finds itself in an extraordinary position. It cannot easily reconstruct the supervisory board’s deliberation. In extreme cases, it may even struggle to demonstrate clearly that formal board approval occurred. And when an organisation cannot show how a decision was made, doubt quickly fills the vacuum.
If the supervisory board failed to deliberate or fail to give approval the governance violations become a liability and directors and supervisory directors get exposed to financial claims that could easily exceed the aggregate of the (supervisory) director’s compensation.
When Personal Devices Become Evidence
Consider another scenario.
A private company becomes involved in litigation over a strategic acquisition approved by its board several years earlier.
During the legal process, opposing counsel argues that key supervisory supervisory board discussions took place through private communication channels. The court agrees that those communications may be relevant. Suddenly, supervisory directors are asked to produce material from their personal phones, Gmail accounts, and private document folders.
Family photos sit next to board emails. Personal conversations appear alongside confidential corporate discussions. Lawyers, perhaps even prosecutors, sift through years of private data searching for fragments of board deliberations. The organisation loses control of its own records.
And the supervisory directors lose control of their personal privacy. Ironically, no one intended for this to happen. The supervisory board simply communicated the way many boards do today, using convenient tools like Gmail and WhatsApp. But convenience is not governance.
The “Zombie Decision” Problem
There is another, quieter consequence of the loss of institutional memory. I call it the “zombie decision.”
A decision that continues influencing the organisation long after everyone has forgotten why it was made. Imagine a company that decided in 2018 not to expand into a particular market. At the time, the supervisory board may have studied the issue carefully. Perhaps there were regulatory risks, unreliable partners, or economic instability. Five years later, a new supervisory board revisits the idea. They find only the outcome: “Expansion rejected.”
But the reasoning is gone.
So the organisation commissions new studies, hires consultants, and spends months analysing risks that had already been examined years earlier. In effect, the organisation pays twice to learn the same lesson. Institutional memory is not just historical documentation. It is organisational efficiency.
The Structural Problem
The issue is not technology. The tools already exist. The problem is structural. In (too) many organisations, supervisory board communication evolves informally. A supervisory director sends the first document from a personal Gmail account. Someone creates a WhatsApp group for convenience. Files are shared through private cloud folders.
Before long, the organisation’s most sensitive governance discussions are spread across platforms it does not own or control. Each supervisory director effectively becomes a fragment of the organisation’s memory. And increasingly, the situation becomes even more complicated.
A managing-director uploads a document into an AI tool and asks it to summarise the report. Then a supervisory director uses a different AI tool to generate questions for the managing-director. The other suoerviosry directors nodd happily since they dident have ti lift a finger and were too busy anyway. Someone else uploads the same material to analyse the risks. An assistant to the director uses AI to draft responses to those questions.
Now pieces of the organisation’s decision-making process are scattered not only across private email and messaging apps, but across multiple AI platforms and servers that the organisation does not control.
Original documents are uploaded. Extracts are generated. Summaries circulate. AI-generated questions and AI-generated answers move through email chains and chat groups. At some point, something strange can happen. People are no longer reading the original document. They may have not ever even seen the original document. They are reading interpretations of interpretations.
The underlying information becomes fragmented, part of it in private inboxes, part in chat threads, part sitting on external AI servers, and part embedded in documents that no one remembers generating. What began as a simple board discussion becomes a digital puzzle with pieces scattered everywhere.
And when someone later asks:
“What information did the board rely on when making this decision?”
the answer may be surprisingly difficult to reconstruct.
Liability Flows Both Ways
Directors assume documentation primarily protects the organisation.
In reality, it protects them personally as well.
Supervisory directors and managing directors have fiduciary duties. When major decisions are later questioned by shareholders, regulators, or courts, directors must be able to demonstrate that they acted in good faith, with adequate information through a proper deliberative process
Under Aruba law, (supervisory) (a/o) (managing) directors must ensure that their decisions are taken in the best interests of the company, avoid conflicts of interest, and comply with applicable governance rules, including those contained in Book 2 of the Civil Code, the company’s articles of incorporation, and the jurisprudence that has developed within our jurisdictions on corporate governance and directors’ duties.
In practice, this means (supervisory) (a/o) (managing) directors must be able to demonstrate not only what decision was taken, but also what information the board relied upon and how the deliberation unfolded.
A clear documentary trail makes this possible.
Supervisory board materials, emails, supporting reports, and recorded reasoning create a defensible record of responsible governance. Without that trail, even well-considered decisions can later appear unclear or poorly documented. Documentation is not bureaucracy. It is protection.
A Simple Governance Fix
Fortunately, the solution is neither expensive nor complicated.
Boards, especially supervisory boards, simply need a Communication and Archiving Protocol (“CAP”) built on three straightforward principles.
Pillar 1. A Central Repository
All supervisory board materials, agendas, minutes, reports, and supporting documents should live in a single secure repository controlled by the organisation. This becomes the institutional memory. When a new supervisory board member joins, they gain immediate access to the supervisory board’s decision history.
Pillar 2. Organisation-Issued Email
Supervisory Board communication should occur through official organisational email accounts rather than personal Gmail or Hotmail addresses. This allows the organisation to archive communications, manage retention policies, and comply with legal obligations. It also keeps directors’ personal accounts outside the scope of future investigations.
Pillar 3. Clear Limits on Messaging Apps
Messaging platforms, like Whatsap, can still serve logistical purposes, confirming attendance or sharing meeting reminders. But substantive supervisory board discussions should not take place in channels that cannot be archived. Otherwise, the real decision-making record disappears.
Governance Is About Memory
We often think of governance as making good decisions. But good governance also requires the ability to answer a simple question years later:
“Why did the board decide this?”
If the answer depends on someone’s fading recollection, or a WhatsApp chat that vanished with a lost phone, the organisation is exposed. Institutional memory is not an administrative detail. It is a governance asset. And when it disappears, problems tend to follow.
A Deeper Look
This week, I published a white paper that explores this issue in greater depth and outlines practical steps supervisory boards can take to safeguard their institutional memory and protect both the organisation and its directors.
The paper explains how organisations can implement a Communication and Archiving Protocol (“CAP”) to ensure that board communications, supporting documents, and decision-making records remain within systems that the organisation actually controls. You can find the white paper on my LinkedIn page.
If you serve on a supervisory board, whether in a corporation, foundation, NGO, or family business, it is worth a read.
Because one day someone will ask your organisation a very simple question:
“Why did the board decide that?”
or
“Did the board actually approve this”?
And the best time to prepare that answer is before the memory disappears.
Good governance does not happen by accident. It happens by design. Perhaps I can assist with the design.
Thanks for reading. My name is Lincoln Gomez.
Visit my blog to find all my posts.
Listen to my Podcasts.
Watch my YouTubeChannel
