Proposed Rule2023-20268
EDGAR Filer Access and Account Management
Primary source
Metadata and text below are from the Federal Register, a public-domain U.S. government work. Always verify the official published version before relying on it for any legal matter.
Published
September 22, 2023
Issuing agencies
Securities and Exchange Commission
Abstract
The Securities and Exchange Commission ("Commission") is proposing rule and form amendments concerning access to and management of accounts on the Commission's Electronic Data Gathering, Analysis, and Retrieval system ("EDGAR") that are related to potential technical changes to EDGAR (collectively referred to as "EDGAR Next"). We propose to require that electronic filers ("filers") authorize and maintain designated individuals as account administrators and that filers, through their account administrators, take certain actions to manage their accounts on a dashboard on EDGAR. Further, we propose that filers may only authorize individuals as account administrators or in the other roles described herein if those individuals first obtain individual account credentials in the manner to be specified in the EDGAR Filer Manual. As part of the EDGAR Next changes, the Commission would offer filers optional Application Programming Interfaces ("APIs") for machine-to-machine communication with EDGAR, including submission of filings and retrieval of related information. If the proposed rule and form amendments are adopted, the Commission would make corresponding changes to the EDGAR Filer Manual and implement the potential technical changes.
Full Text
<html>
<head>
<title>Federal Register, Volume 88 Issue 183 (Friday, September 22, 2023)</title>
</head>
<body><pre>
[Federal Register Volume 88, Number 183 (Friday, September 22, 2023)]
[Proposed Rules]
[Pages 65524-65575]
From the Federal Register Online via the Government Publishing Office [<a href="http://www.gpo.gov">www.gpo.gov</a>]
[FR Doc No: 2023-20268]
[[Page 65523]]
Vol. 88
Friday,
No. 183
September 22, 2023
Part III
Securities and Exchange Commission
-----------------------------------------------------------------------
17 CFR Parts 232, 239, 249, et al.
EDGAR Filer Access and Account Management; Proposed Rule
��Federal Register / Vol. 88, No. 183 / Friday, September 22, 2023 /
Proposed Rules��
[[Page 65524]]
-----------------------------------------------------------------------
SECURITIES AND EXCHANGE COMMISSION
17 CFR Parts 232, 239, 249, 269, and 274
[Release Nos. 33-11232; 34-98368; 39-2551; IC-34996; File No. S7-15-23]
RIN 3235-AM58
EDGAR Filer Access and Account Management
AGENCY: Securities and Exchange Commission.
ACTION: Proposed rule.
-----------------------------------------------------------------------
SUMMARY: The Securities and Exchange Commission (``Commission'') is
proposing rule and form amendments concerning access to and management
of accounts on the Commission's Electronic Data Gathering, Analysis,
and Retrieval system (``EDGAR'') that are related to potential
technical changes to EDGAR (collectively referred to as ``EDGAR
Next''). We propose to require that electronic filers (``filers'')
authorize and maintain designated individuals as account administrators
and that filers, through their account administrators, take certain
actions to manage their accounts on a dashboard on EDGAR. Further, we
propose that filers may only authorize individuals as account
administrators or in the other roles described herein if those
individuals first obtain individual account credentials in the manner
to be specified in the EDGAR Filer Manual. As part of the EDGAR Next
changes, the Commission would offer filers optional Application
Programming Interfaces (``APIs'') for machine-to-machine communication
with EDGAR, including submission of filings and retrieval of related
information. If the proposed rule and form amendments are adopted, the
Commission would make corresponding changes to the EDGAR Filer Manual
and implement the potential technical changes.
DATES: Comments should be received on or before November 21, 2023.
ADDRESSES: Comments may be submitted by any of the following methods:
Electronic Comments
<bullet> Use the Commission's internet comment form (<a href="https://www.sec.gov/rules/submitcomments.htm">https://www.sec.gov/rules/submitcomments.htm</a>); or
<bullet> Send an email to <a href="/cdn-cgi/l/email-protection#a4d6d1c8c189c7cbc9c9c1cad0d7e4d7c1c78ac3cbd2"><span class="__cf_email__" data-cfemail="daa8afb6bff7b9b5b7b7bfb4aea99aa9bfb9f4bdb5ac">[email protected]</span></a>. Please include
File Number S7-15-23 on the subject line.
Paper Comments
<bullet> Send paper comments to Secretary, Securities and Exchange
Commission, 100 F Street NE, Washington, DC 20549.
All submissions should refer to File Number S7-15-23. This file number
should be included on the subject line if email is used. To help the
Commission process and review your comments more efficiently, please
use only one method of submission. The Commission will post all
submitted comments on the Commission's website (<a href="https://www.sec.gov/rules/proposed.shtml">https://www.sec.gov/rules/proposed.shtml</a>). Comments are also available for website viewing
and printing in the Commission's Public Reference Room, 100 F Street
NE, Washington, DC 20549, on official business days between the hours
of 10 a.m. and 3 p.m. Operating conditions may limit access to the
Commission's Public Reference Room. Do not include personal
identifiable information in submissions; you should submit only
information that you wish to make available publicly. We may redact in
part or withhold entirely from publication submitted material that is
obscene or subject to copyright protection.
Studies, memoranda, or other substantive items may be added by the
Commission or staff to the comment file during this rulemaking. A
notification of the inclusion in the comment file of any such materials
will be made available on our website. To ensure direct electronic
receipt of such notifications, sign up through the ``Stay Connected''
option at <a href="http://www.sec.gov">www.sec.gov</a> to receive notifications by email.
FOR FURTHER INFORMATION CONTACT: Rosemary Filou, Deputy Director and
Chief Counsel; Daniel K. Chang, Senior Special Counsel; E. Laurita
Finch, Senior Special Counsel; Jane Patterson, Senior Special Counsel;
Margaret Marrero, Senior Counsel; Lidian Pereira, Senior Special
Counsel; EDGAR Business Office at 202-551-3900, Securities and Exchange
Commission, 100 F Street NE, Washington, DC 20549.
SUPPLEMENTARY INFORMATION: The Commission is proposing amendments to 17
CFR 232.10 (``Rule 10'') and 17 CFR 232.11 (``Rule 11'') under 17 CFR
232.10 through 232.903 (``Regulation S-T''); and amendments to Form ID
(referenced in 17 CFR 239.63, 17 CFR 249.446, 17 CFR 269.7, and 17 CFR
274.402).
Table of Contents
I. Introduction
II. Background
A. Current EDGAR Access and Account Management
B. The Commission's September 2021 Request for Comment
III. Discussion
A. Individual Account Credentials
B. Individual Roles: Account Administrator, User, Technical
Administrator
1. Account Administrators
2. Users
3. Technical Administrators
C. Delegated Entities
1. Delegating Authority To File
2. Separation of Authority of Filer and Delegated Entity
3. Delegated Entities
4. Delegated Users
5. User Groups at Delegated Entities
6. Technical Administrators at Delegated Entities
D. Application Programming Interfaces
1. Submission API
2. Submission Status API
3. EDGAR Operational Status API
E. Proposed Amendments to Rules and Forms
1. Rule 10 Under Regulation S-T
2. Rule 11 Under Regulation S-T
3. Form ID
F. Transition Process
1. Individual Account Credentials
2. Enrollment
3. Compliance
G. General Request for Comment and EDGAR Next Proposing Beta
IV. Economic Analysis
A. Introduction
B. Baseline
C. Consideration of Benefits and Costs as Well as the Effects on
Efficiency, Competition, and Capital Formation
1. Benefits
2. Costs
3. Effects on Efficiency, Competition, and Capital Formation
D. Reasonable Alternatives
1. Require Personally Identifiable Information in Addition to
Individual Account Credentials
2. Requirements for Individual and Small Filers
3. Implementing Performance-Based Standards
4. Institute Phased Compliance Dates by Filer Category or Form
Type
E. Requests for Comment
V. Paperwork Reduction Act
A. Form ID
B. The Dashboard
C. Request for Comment
VI. Small Business Regulatory Enforcement Act
VII. Initial Regulatory Flexibility Analysis
A. Reasons for, and Objectives of, the Proposed Action
B. Legal Basis
C. Small Entities Subject to the Proposed Rule and Form
Amendments
D. Reporting, Recordkeeping, and Other Compliance Requirements
E. Duplicative, Overlapping, or Conflicting Federal Rules
F. Significant Alternatives
G. Request for Comment
Statutory Authority
Appendix A
I. Introduction
We are seeking comment on proposed rule and form amendments
concerning EDGAR filer access and account
[[Page 65525]]
management. Separately, we welcome feedback on related EDGAR technical
functionality.
The Commission is seeking to enhance the security of EDGAR, improve
the ability of filers \1\ to securely manage and maintain access to
their EDGAR accounts, facilitate the responsible management of filer
credentials, and simplify procedures for accessing EDGAR.\2\ In
furtherance of these goals, on September 30, 2021, the Commission
issued a Request for Comment on Potential Technical Changes to EDGAR
Filer Access and Filer Account Management Processes (``2021 Request for
Comment'').\3\ The Commission received comments from and engaged in a
dialogue with interested parties, considered feedback from these
parties, and gathered additional information about filers' interactions
with EDGAR.\4\ The rule and form amendments we are proposing in this
release and the related technical changes seek to achieve the
Commission's goals for secure EDGAR access and account management while
addressing many of the comments and concerns expressed in response to
the 2021 Request for Comment.
---------------------------------------------------------------------------
\1\ For purposes of this release, we use the term ``filer'' to
mean ``electronic filer,'' as defined in Rule 11 of Regulation S-T:
``A person or an entity that submits filings electronically pursuant
to Rules 100 or 101 of Regulation S-T.''
\2\ Please refer to proposed Rule 11 of Regulation S-T, set
forth in this release, for definitions of the terms used in this
release, including ``account administrator,'' ``dashboard,''
``user,'' ``delegated entity,'' ``APIs,'' and ``technical
administrator.''
\3\ In the 2021 Request for Comment, we referred to filer
administrators. That term has been changed herein to refer to
account administrators, which we believe is in keeping with industry
nomenclature and is less confusing in context. See Potential
Technical Changes to EDGAR Filer Access and Filer Account Management
Processes, Release No. 33-10993 (Sept. 30, 2021) [86 FR 55029 (Oct.
5, 2021)].
\4\ Comment letters related to the 2021 Request for Comment are
available at <a href="https://www.sec.gov/comments/s7-12-21/s71221.htm">https://www.sec.gov/comments/s7-12-21/s71221.htm</a>.
---------------------------------------------------------------------------
The obligations for filers contemplated by EDGAR Next would
generally be codified in Rule 10 of Regulation S-T.\5\ Form ID would be
amended to implement those changes and require information about, among
other things, the filer's account administrators,\6\ and to improve the
utility of the form for Commission staff. Moreover, Rule 11 of
Regulation S-T would be amended to provide clarity regarding certain
new terms related to the proposed rule and form amendments.\7\
---------------------------------------------------------------------------
\5\ In addition to the changes discussed below, Rule 10 would
also be amended to implement certain technical and conforming
changes. See Section III.E.1.
\6\ We are proposing amendments to Rule 11 under Regulation S-T
to define an ``account administrator'' as an individual authorized
by an electronic filer to manage the electronic filer's EDGAR
account on EDGAR, and to make filings on EDGAR on the electronic
filer's behalf. See the discussion of proposed amendments to Rule 11
in Section III.E.2.
\7\ The amendments to Rule 11 would also update or delete
outdated terminology and clarify the definition of the EDGAR Filer
Manual.
---------------------------------------------------------------------------
Under proposed Rule 10(d)(1), only those individuals who obtained
individual account credentials \8\ could be authorized to act on the
filer's behalf on a dashboard \9\ on the EDGAR Filer Management
website.\10\
---------------------------------------------------------------------------
\8\ We are proposing amendments to Rule 11 under Regulation S-T
to define ``individual account credentials'' as credentials issued
to individuals for purposes of EDGAR access, as specified in the
EDGAR Filer Manual. See the discussion of proposed amendments to
Rule 11 in Section III.E.2. We currently anticipate that, if the
proposal is adopted, the EDGAR Filer Manual would specify that
individual account credentials must be obtained through <a href="http://Login.gov">Login.gov</a>, a
sign in service of the United States Government that employs multi-
factor authentication.
\9\ We are proposing amendments to Rule 11 under Regulation S-T
to define the ``dashboard'' as an interactive function on EDGAR
where electronic filers manage their EDGAR accounts and individuals
that electronic filers authorize may take relevant actions for
electronic filers' accounts. See the discussion of proposed
amendments to Rule 11 in Section III.E.2.
\10\ See EDGAR Filer Management website at <a href="https://www.filermanagement.edgarfiling.sec.gov">https://www.filermanagement.edgarfiling.sec.gov</a>.
---------------------------------------------------------------------------
Proposed Rule 10(d)(2) would require each filer to authorize and
maintain individuals as its account administrators \11\ to manage the
filer's EDGAR account on the filer's behalf, in accord with the EDGAR
account access and account management requirements set forth in this
proposal and in the EDGAR Filer Manual. The filer could authorize
someone who is not an employee of the filer \12\ as the filer's account
administrator, if the authorized individual for the filer \13\ provided
a relevant notarized power of attorney authorizing that individual to
be the filer's account administrator.\14\
---------------------------------------------------------------------------
\11\ Applicants (individuals and companies) for EDGAR access
would designate account administrators on Form ID. See proposed Form
ID.
\12\ For example, if a filer wished to authorize an individual
employed by its filing agent to act as the filer's account
administrator, the authorized individual for the filer would be
required to upload a notarized power of attorney authorizing the
individual to be the filer's account administrator. See proposed
Form ID, Part 3.
\13\ We are proposing amendments to Rule 11 under Regulation S-T
to define ``authorized individual.'' See the discussion of proposed
amendments to Rule 11 in Section III.E.2.
\14\ Foreign filers who do not have access to a U.S. notary
public could use the foreign local equivalent of a notary public
(e.g., apostille) or obtain notarization by a remote online notary
recognized by the law of any State or territory in the U.S. or the
District of Columbia. See EDGAR Filer Manual, Volume I, at Section
3.
---------------------------------------------------------------------------
On the dashboard, account administrators would take actions on
behalf of the filer to add and remove authorized users, account
administrators, and technical administrators; and annually confirm the
accuracy of the filer's information on the dashboard.
Additionally, on the dashboard, account administrators could
delegate authority to file on behalf of the filer to any other EDGAR
account, such as a filing agent, making that account a delegated entity
of the filer, and could remove a delegated entity's authority to file
on the filer's behalf. A delegated entity would have its own EDGAR
account and dashboard to manage its account. Because it would itself be
a filer, a delegated entity would be subject to the same requirements
as other filers. Through its dashboard, a delegated entity could manage
the delegated authority it received from filers. If a delegated entity
accepted a delegation from a filer, the delegated entity's account
administrators would become delegated administrators with respect to
that filer. Each delegated administrator could thereafter manage which
of the users of the delegated entity would become delegated users for
particular filers. A delegated entity could not further delegate
authority to file on behalf of that filer, nor could delegated
administrators take action on the filer's dashboard. Similarly, the
filer's account administrators could not view or take action on the
delegated entity's dashboard.\15\
---------------------------------------------------------------------------
\15\ Please see the illustration in diagram 3 in Section III.C.
---------------------------------------------------------------------------
As proposed, Rule 10(d)(4) would require each filer, through its
authorized account administrators, to confirm annually that all account
administrators, users,\16\ delegated entities,\17\ and technical
administrators \18\ reflected on the dashboard for the filer's EDGAR
account are authorized by the filer and that all information regarding
the filer on the dashboard is accurate (generally including the filer's
corporate and contact information).
---------------------------------------------------------------------------
\16\ We are proposing amendments to Rule 11 under Regulation S-T
to define a ``user'' as an individual that the filer authorizes on
the dashboard to make submissions on EDGAR on the filer's behalf.
See the discussion of proposed amendments to Rule 11 in Section
III.E.2.
\17\ We are proposing amendments to Rule 11 under Regulation S-T
to define a ``delegated entity'' as an electronic filer that another
electronic filer authorizes, on the dashboard, to file on EDGAR on
its behalf. See the discussion of proposed amendments to Rule 11 in
Section III.E.2.
\18\ We are proposing amendments to Rule 11 under Regulation S-T
to define a ``technical administrator'' as an individual that the
filer authorizes on the dashboard to manage the technical aspects of
the filer's use of EDGAR Application Programming Interfaces on its
behalf. See the discussion of proposed amendments to Rule 11 in
Section III.E.2.
---------------------------------------------------------------------------
Pursuant to proposed Rule 10(d)(5), each filer, through its
authorized
[[Page 65526]]
account administrators, would further be required to maintain accurate
and current information about the filer on EDGAR, and, pursuant to
proposed Rule 10(d)(6), to securely maintain information relevant to
the ability to access the filer's EDGAR account.
As part of EDGAR Next, the Commission would offer filers optional
APIs \19\ to facilitate machine-to-machine communication with EDGAR,
including submission of filings and retrieval of related information.
Pursuant to proposed Rule 10(d)(3), if the filer decided to use an
optional API, the filer would be required to authorize two individuals
to be technical administrators to manage the API.\20\ In addition, the
filer would present security tokens to EDGAR, which would be reissued
annually, and which the technical administrators would manage on the
filer's dashboard. Individuals using the APIs would be required to sign
in with their individual account credentials and complete multi-factor
authentication on a monthly basis.
---------------------------------------------------------------------------
\19\ We are proposing amendments to Rule 11 under Regulation S-T
to define an ``Application Programming Interface'' or ``API'' as a
software interface that allows computers or applications to
communicate with each other. See the discussion of proposed
amendments to Rule 11 in Section III.E.2.
\20\ See proposed Rule 10(d)(3).
---------------------------------------------------------------------------
The Commission intends to make available to filers an EDGAR Next
Proposing Beta environment \21\ that reflects the proposed rule and
form amendments and related technical changes. In addition to public
comment on the proposed rule and form amendments, the Commission
welcomes feedback from filers about the technical aspects of EDGAR
Next.\22\
---------------------------------------------------------------------------
\21\ The Commission staff will make available an EDGAR Next
Proposing Beta environment shortly after the issuance of this
release, and it will remain open to filers for at least 6 months
thereafter.
The EDGAR Next Proposing Beta will reflect the proposed rule and
form changes as well as the technical changes to EDGAR set forth in
this release. The EDGAR Next Proposing Beta environment will
therefore contain functionality, including APIs, not included in the
2021 Request for Comment beta environment.
If the Commission later adopts the proposed rule and form
changes set forth in this release, staff would make available to
filers an EDGAR Next Adopting Beta environment that reflects the
rule and form changes as adopted and the technical changes to EDGAR
to be made in connection with adoption. The EDGAR Next Adopting Beta
would allow filers to prepare for the transition to the rule and
form changes as adopted and the final version of the technical
changes to EDGAR.
\22\ Technical feedback may be submitted to the public comment
file.
---------------------------------------------------------------------------
II. Background
A. Current EDGAR Access and Account Management
Presently, those seeking to file on EDGAR apply for access pursuant
to Rule 10 of Regulation S-T by completing the Form ID application for
access on the EDGAR Filer Management website and submitting a notarized
copy of that application signed by an authorized individual of the
filer.\23\ Form ID is an online fillable form that requires the
applicant to provide the applicant's name and contact information, the
applicant's point of contact for EDGAR information, inquiries, and
access codes (``EDGAR POC''), and its contact for SEC account
information and billing invoices (``billing contact'').\24\ Further,
when the applicant entity or individual submits the Form ID, the
applicant must create and retain a passphrase to be used to create
access codes if the application is granted.
---------------------------------------------------------------------------
\23\ See EDGAR Filer Manual, Volume I, at Section 3. The EDGAR
Filer Manual specifies the instructions filers must follow when
making electronic filings on EDGAR and is incorporated by reference
in the Code of Federal Regulations by 17 CFR 232.301 (Rule 301 of
Regulation S-T). Rule 10 of Regulation S-T and the EDGAR Filer
Manual permit manual, electronic, and remote online notarizations,
authorized by the law of any State or territory of the United States
or the District of Columbia. See 17 CFR 232.10 and EDGAR Filer
Manual, Volume I, at Section 3. An ``authorized individual'' for
purposes of the Form ID notarization process is an individual with
the authority to legally bind the applicant, or an individual with a
power of attorney from an individual with the authority to legally
bind the applicant. See EDGAR Filer Manual, Volume I, at Section 3.
\24\ 17 CFR 239.63, 249.446, 269.7, and 274.402.
---------------------------------------------------------------------------
If Commission staff approves the Form ID application, an account in
the filer's name is opened on EDGAR, denoted by a central index key
number (``CIK'') unique to that filer, if needed.\25\ The EDGAR POC may
then generate access codes to allow the filer to make submissions on
its EDGAR account. To do so, the EDGAR POC uses the CIK provided in an
email from EDGAR and the passphrase the filer created on EDGAR when the
filer submitted the Form ID to generate a password, central index key
confirmation code (``CCC''), and password modification authorization
code (``PMAC'').\26\ Together with the CIK, the filer's password,
passphrase, CCC, and PMAC constitute the EDGAR access codes.
---------------------------------------------------------------------------
\25\ While most applicants that submit Form ID have not
previously been assigned a CIK, a small number of other applicants
have already been assigned a CIK but have not filed electronically
on EDGAR. These applicants continue to use the same CIK when they
receive access to EDGAR and are not assigned a new CIK.
\26\ See EDGAR Filer Manual, Volume I, at Section 4. For a
discussion of the functions of these access codes, please see the
``Understand and utilize EDGAR CIKs, passphrases, and access codes''
section of the ``EDGAR--How Do I'' FAQs, at <a href="https://www.sec.gov/edgar/filer-information/how-do-i">https://www.sec.gov/edgar/filer-information/how-do-i</a>.
---------------------------------------------------------------------------
Filers make submissions on EDGAR using their CIK, password, and
CCC. Filings on EDGAR are therefore traceable to the filer's CIK. EDGAR
does not presently issue identifying credentials to individuals making
filings on EDGAR; an individual's authority to file on EDGAR is
predicated on possession of the password and CCC. Thus, filings are not
easily traceable to individuals, and the Commission currently does not
provide a technical solution through which filers may manage
individuals who make submissions on filers' behalf. As a result,
Commission staff and affected filers often encounter delays in
addressing potentially problematic filings.
Because filers are required to securely maintain their EDGAR access
codes,\27\ Commission staff understands that many filers have devised
their own internal methods of tracking the individuals who possess the
password and CCC. Other filers, however, may not have closely tracked
the individuals who possess the password and CCC and/or otherwise
maintained secure access to filers' EDGAR accounts. For example,
Commission staff understands that some filers have shared EDGAR access
codes with co-registrants, filing agents, and various employees through
non-secure means and without tracking or recording the names and
identities of the recipients.
---------------------------------------------------------------------------
\27\ See EDGAR Filer Manual, Volume I, at 4 (``Filers must
securely maintain all EDGAR access codes and limit the number of
persons who possess the codes.'').
---------------------------------------------------------------------------
EDGAR does not currently employ multi-factor authentication. As
noted, if an individual has the password and CCC, then no other
authentication is required to access EDGAR. Multi-factor authentication
would increase the level of assurance that an individual is indeed the
person authorized to access an account by requiring provision of an
additional data point to gain access.
Filers routinely hire filing agents, which include law firms and
third-party software providers, to assist with filing on EDGAR. Indeed,
EDGAR data reveals that, at a minimum, more than 60% of filings on
EDGAR are made by a filing agent on the filer's behalf,\28\ and
[[Page 65527]]
commenters have indicated that 81-90% of EDGAR filings are not manually
submitted to EDGAR.\29\ While EDGAR does not require the use of filing
agents, a filer may decide to hire a filing agent to assist with EDGAR
filing.
---------------------------------------------------------------------------
\28\ In calendar year 2021, 63% of all EDGAR submissions were
made by filers that identified themselves as ``filing agents.''
Because filing agents are not required to self-identify in EDGAR as
such, however, and instead could simply identity themselves as a
``filer,'' the actual percentage of EDGAR submissions made by filing
agents may be significantly higher.
\29\ See Workiva Comment Letter (Nov. 30, 2021) (``Workiva
Comment Letter''); XBRL US Comment Letter (Dec. 1, 2021) (``XBRL
Comment Letter'').
---------------------------------------------------------------------------
Further, as noted in comments submitted in response to the 2021
Request for Comment, individual filers who are officers and/or
directors with obligations to file on EDGAR pursuant to section 16 of
the Securities Exchange Act of 1934 (``Exchange Act'') \30\ routinely
rely upon the companies for which they serve as officers and/or
directors to make filings on their behalf on EDGAR.\31\ Likewise, other
filers may make filings on behalf of affiliated or related entities,
such as asset-backed securities issuers on behalf of their serial
companies.\32\
---------------------------------------------------------------------------
\30\ 15 U.S.C. 78p.
\31\ See Orrick, Herrington & Sutcliffe LLP Comment Letter (Feb.
23, 2022) (``Orrick Comment Letter''); McGuireWoods, LLP and
Brownstein Hyatt Farber Schreck, LLP (Dec. 1, 2021) (``McGuireWoods
Comment Letter''); Brandon Norman Egren, Associate General Counsel &
Assistant Secretary, Verizon (Dec. 1, 2021) (``Verizon Comment
Letter''); Toppan Merrill (Nov. 22, 2021) (``Toppan Comment
Letter'').
\32\ See Donnelly Financial Solutions Comment Letter (Dec. 1,
2021) (``DFIN Comment Letter''); XBRL Comment Letter.
---------------------------------------------------------------------------
Filers make submissions on EDGAR through one of three web-based
user interfaces, depending on the type of submission made.\33\
Commission staff is aware that filers and filing agents have for years
sought to automate submissions on EDGAR so as not to rely upon web-
based interfaces, and many filers and filing agents have engineered
their own automated processes to make submissions and otherwise
interact with EDGAR. These filers and filing agents extract data and
content from, or ``scrape,'' the EDGAR filing websites and use that
data to create custom software that allows them to interact with the
websites in a machine-to-machine fashion to accomplish tasks such as
scheduling filings and making a large volume of submissions on numerous
different CIK accounts.\34\
---------------------------------------------------------------------------
\33\ See EDGAR Filer Management website at <a href="https://www.filermanagement.edgarfiling.sec.gov">https://www.filermanagement.edgarfiling.sec.gov</a>; EDGAR Filing website at
<a href="https://www.edgarfiling.sec.gov/Welcome/EDGARLogin.htm">https://www.edgarfiling.sec.gov/Welcome/EDGARLogin.htm</a>; and EDGAR
Online Forms website at <a href="https://www.edgarfiling.sec.gov/Welcome/EDGAROnlineFormsLogin.htm">https://www.edgarfiling.sec.gov/Welcome/EDGAROnlineFormsLogin.htm</a>.
\34\ See CompSci Comment Letter (Nov. 19, 2021); Workiva Comment
Letter (Nov. 30, 2021); CompSci Resources LLC Comment Letter (Nov.
19, 2021).
---------------------------------------------------------------------------
Filers and filing agents must modify their custom software
periodically to accord with underlying changes to EDGAR code.
Similarly, when Commission staff makes EDGAR software changes, staff
has coordinated with filers and filing agents using custom software to
prevent filing disruptions. As a result, efficient implementation of
certain technical changes in EDGAR may be delayed while such
coordination and software adjustments take place.
B. The Commission's September 2021 Request for Comment
The 2021 Request for Comment sought feedback from filers about
potential technical changes to EDGAR access and account management,
including the addition of individual account credentials with multi-
factor authentication, a dashboard on EDGAR where a filer would manage
its EDGAR account, administrators to manage the filer's account and
annually confirm the filer's information, and the time period required
to implement the potential technical changes. To assist filers in
assessing the potential technical changes, the Commission provided
filers access to a beta environment that reflected the majority of the
potential technical changes.
The Commission received over forty comment letters in response to
the 2021 Request for Comment.\35\ Commenters were generally supportive
of the Commission's objectives,\36\ but were concerned about certain
aspects of the potential technical changes.
---------------------------------------------------------------------------
\35\ Twenty of these letters were form letters that requested an
extension of the deadline to provide comments, as opposed to
providing substantive comments.
\36\ See, e.g., Verizon Comment Letter (Dec. 1, 2021); XBRL US
Comment Letter; Workiva Comment Letter; Davis Polk Comment Letter
(Dec. 1, 2021).
---------------------------------------------------------------------------
With respect to requiring individual account credentials, many
commenters expressed the view that the potential technical changes
would prevent filers and filing agents from continuing to use their
custom third-party software to make machine-to-machine submissions on
EDGAR. Several commenters estimated that currently 81-90% of EDGAR
filings are submitted to EDGAR directly through third-party filing
systems rather than manually uploaded on an individual basis via EDGAR
filing websites.\37\ Commenters stated that the <a href="http://Login.gov">Login.gov</a> multi-factor
authentication process does not support automated machine-to-machine
authentication and requested that the Commission consider machine-to-
machine authentication to facilitate the ability to pre-schedule and
perform bulk filings, reduce the potential for error due to manual
processing, reduce the risk of missing deadlines, and decrease the cost
of compliance.\38\ One commenter conducted a survey of filers wherein
70% of respondents believed that the increased time required to submit
filings due to the loss of direct submission capability from third-
party filing systems would be ``very impactful'' or ``extremely
impactful'' to their filing success.\39\
---------------------------------------------------------------------------
\37\ See Workiva Comment Letter; XBRL US Comment Letter.
\38\ See, e.g., Workiva Comment Letter; XBRL US Comment Letter.
\39\ See Workiva Comment Letter (the filer survey included 660
responses from Nov. 15-27, 2021).
---------------------------------------------------------------------------
The Commission also requested comment on whether filers should
authorize administrators to manage filers' EDGAR accounts. Certain
commenters expressed concerns about the impact that the institution of
administrators would have on individual officer and director filers
pursuant to section 16 of the Exchange Act.\40\ Commenters recommended
that the Commission allow a company to create and manage a company-
specific account for an individual non-employee director or section 16
officer.\41\ These commenters further suggested that each company be
required to obtain a notarized power of attorney from the individual so
that the company could create and maintain the company-specific account
on behalf of the individual.\42\
---------------------------------------------------------------------------
\40\ See, e.g., Workiva Comment Letter; XBRL US Comment Letter.
\41\ See McGuire Woods, LLP and Brownstein Hyatt Farber Schreck,
LLP Comment Letter (Dec. 1, 2021) (``McGuire/Brownstein Comment
Letter''); Orrick, Herrington & Sutcliffe LLP Comment Letter (Feb.
23, 2022) (``Orrick Commenter Letter'') (reiterating the concern
that the new filer administrator position would create an
administrative burden on section 16 filers and endorsing instead the
company-specific account approach outlined in the McGuire/Brownstein
Comment Letter).
\42\ These commenters also recommended ``grandfathering''
issuers with existing powers of attorney for section 16 officers and
directors. Alternatively, they recommended a ``negative consent''
construct, according to which a company would be deemed to have
authority to create a new company-specific account unless an officer
or director expressly objected during a set period of time. See
McGuire/Brownstein Comment Letter; Orrick Comment Letter.
---------------------------------------------------------------------------
With respect to the Commission's request for comment on a
requirement to annually confirm users and administrators, commenters
generally did not support the requirement,\43\
[[Page 65528]]
noting that it would increase the number of required confirmations,
would be duplicative, and would necessitate additional management
effort for filers, thus increasing the administrative burden.\44\
Certain commenters recommended limiting confirmation to
administrators.\45\ Others suggested that the Commission implement an
active notification process to inform filers of impending expiration
\46\ and recommended a grace period after failure to make a
confirmation.\47\ Several commenters recommended that denying EDGAR
access until the administrator has reconfirmed would be less burdensome
than deactivating accounts.\48\
---------------------------------------------------------------------------
\43\ See, e.g., McGuire/Brownstein Comment Letter; XBRL US
Comment Letter. A few commenters also requested enhancement of the
beta environment to reflect ``a complete testing environment'' or
the ``full life cycle of an SEC EDGAR filing which would enable full
and appropriate analysis.'' See, e.g., Toppan Comment Letter (Nov.
30, 2021); Donnelley Financial Solutions Comment Letter (Nov. 18,
2021).
\44\ See XBRL US Comment Letter; Workiva Comment Letter; DFIN
Comment Letter.
\45\ See XBRL US Comment Letter; Workiva Comment Letter; DFIN
Comment Letter.
\46\ See DFIN Comment Letter; Workiva Comment Letter.
\47\ See DFIN Comment Letter; Workiva Comment Letter; XBRL US
Comment Letter.
\48\ See Workiva Comment Letter; XBRL US Comment Letter.
---------------------------------------------------------------------------
With respect to the time period required to effectuate the
potential technical changes to EDGAR access and account management, one
commenter indicated that 66% of its surveyed respondents expressed the
view that an appropriate transition period would be 1-3 years,\49\ one
commenter suggested a transition period of 18-24 months, and another
commenter recommended a transition period of at least one year.\50\
---------------------------------------------------------------------------
\49\ Workiva Comment Letter (referencing the same filer survey
discussed above).
\50\ See XBRL US Comment Letter; McGuire/Brownstein Comment
Letter.
---------------------------------------------------------------------------
The staff engaged in additional dialogue with commenters and other
interested parties regarding the 2021 Request for Comment and further
approaches to EDGAR access improvements.\51\ Among the topics discussed
were APIs for submission and for checking accession numbers (numbers
filers receive from EDGAR indicating receipt of a filing), filing
status, and other information; annual confirmation of individuals
authorized to make submissions on a filer's behalf; whether accession
numbers should be traceable to the individuals making submissions or
instead to the CIK numbers associated with the submissions; bulk
submissions and user group functionality; delegation of authority to
file; a potential transition process to implement the changes
contemplated by the 2021 Request for Comment; and other technical
topics.
---------------------------------------------------------------------------
\51\ Staff invited interested parties to participate in the
dialogue through the Commission's EDGAR Next web page.
---------------------------------------------------------------------------
Having considered the significant additional information provided
by commenters in response to the 2021 Request for Comment and the
subsequent dialogue with interested parties, we are contemplating a
number of changes in connection with the EDGAR Next project, including
proposed amendments to Rules 10 and 11 under Regulation S-T and to Form
ID; changes to enhance dashboard functionality; and the addition of
optional APIs to allow machine-to-machine submissions on EDGAR as an
alternative to submission through the EDGAR filing websites.
III. Discussion
We are proposing amendments to Rule 10 under Regulation S-T
concerning EDGAR filer access and account management and related
matters; Form ID, the application for EDGAR access; and Rule 11 under
Regulation S-T, containing the definitions of terms in Regulation S-T.
Proposed amendments to Rule 10 and Form ID would set forth requirements
for each EDGAR filer to authorize and maintain individual account
administrators to manage the filer's EDGAR account on a dashboard on
EDGAR, and to authorize account administrators, users, and technical
administrators only if those individuals obtained individual account
credentials.\52\ Each filer, through its account administrators, would
be required to confirm annually that all account administrators, users,
technical administrators, and delegated entities reflected on the
filer's dashboard are authorized by the filer to act on its behalf, and
that all information about the filer on the dashboard is accurate;
maintain accurate and current information on EDGAR concerning the
filer's account; and securely maintain information relevant to the
ability to access the filer's EDGAR account.
---------------------------------------------------------------------------
\52\ We are proposing amendments to Rule 11 under Regulation S-T
to define ``individual account credentials'' as credentials issued
to individuals for purposes of EDGAR access. See the discussion of
proposed amendments to Rule 11 in Section III.E.2.
---------------------------------------------------------------------------
On the dashboard, account administrators could add and remove
authorized users, account administrators, and technical administrators;
delegate and remove delegated authority to file to other EDGAR
accounts; and annually confirm the accuracy of all information on the
dashboard. The dashboard would contain the filer's corporate and
contact information, generally corresponding to the company information
currently maintained on EDGAR.\53\ The dashboard would be available
during EDGAR operating hours,\54\ such that filers could manage their
EDGAR accounts during the same time period that they would file on
EDGAR.
---------------------------------------------------------------------------
\53\ The information corresponds to information that filers
presently amend through a ``Company Update'' or ``COUPDAT''
submission. Filers would continue to be able to edit their company
information through COUPDATs under the EDGAR Next changes.
\54\ Regulation S-T provides that filings ``may be submitted to
the Commission each day, except Saturdays, Sundays, and Federal
holidays, from 6 a.m. to 10 p.m., Eastern Standard Time or Eastern
Daylight Saving Time, whichever is currently in effect.'' 17 CFR
232.12(c). The dashboard would be available from 6.a.m.-10 p.m. as
described above, so that filers could manage their accounts during
the period when EDGAR filings could be submitted.
---------------------------------------------------------------------------
The Commission would provide optional APIs for machine-to-machine
communication with EDGAR, including to submit filings and to facilitate
filers' retrieval of information regarding their submissions. To use
APIs, filers would be required to authorize two technical
administrators and present certain tokens to EDGAR that we plan to
specify in the EDGAR Filer Manual. Filers who did not wish to use the
APIs would not need to do so and therefore would not need to comply
with the API-related requirements. Those filers could continue to make
submissions through the web-based EDGAR filing websites.
A. Individual Account Credentials
Under proposed Rule 10(d)(1), a filer could only authorize an
individual to perform functions on the dashboard on the filer's behalf
if the individual possessed individual account credentials, obtained in
the manner specified in the EDGAR Filer Manual. This requirement would
pertain to all existing filers and all individuals acting on behalf of
those filers, as well as all applicants for access to EDGAR.
We anticipate requiring, through the EDGAR Filer Manual, that
individual account credentials be obtained through <a href="http://Login.gov">Login.gov</a>, a secure
sign in service of the U.S. General Services Administration.\55\
<a href="http://Login.gov">Login.gov</a> is used by participating Federal agencies, as well as State,
local, and territorial governments to provide a secure login process
and to allow members of the public to use a single account that is
protected by encryption, multi-factor authentication, and additional
safeguards.\56\
---------------------------------------------------------------------------
\55\ <a href="https://www.login.gov/">https://www.login.gov/</a>.
\56\ See <a href="http://Login.gov">Login.gov</a>, ``About us,'' at <a href="https://www.login.gov/about-us/">https://www.login.gov/about-us/</a>.
_____________________________________-
On the <a href="http://Login.gov">Login.gov</a> website, the individual would respond to prompts
to provide an email address and select a multi-factor authentication
option.\57\
[[Page 65529]]
The email address provided to <a href="http://Login.gov">Login.gov</a> would be required to match the
email address the filer provides to EDGAR, for example, on Form ID.\58\
After the individual confirmed her email address and completed multi-
factor authentication, <a href="http://Login.gov">Login.gov</a> would issue individual account
credentials to the individual to sign in to EDGAR.
---------------------------------------------------------------------------
\57\ As of the date of this proposal, <a href="http://Login.gov">Login.gov</a> multi-factor
authentication options include: (1) a security key; (2) Government
employee or military PIV or CAC cards; (3) authentication
application; (4) text message/SMS or telephone call; and (5) backup
codes, with (1), (2), and (3) being the most secure methods, and (5)
being the least secure authentication option according to <a href="http://Login.gov">Login.gov</a>.
See generally <a href="http://Login.gov">Login.gov</a>, Authentication Options at <a href="https://www.login.gov/help/get-started/authentication-options/">https://www.login.gov/help/get-started/authentication-options/</a>. See also
generally <a href="http://Login.gov">Login.gov</a>, ``Privacy and security: Our security
practices,'' at <a href="https://login.gov/policy/our-security-practices/">https://login.gov/policy/our-security-practices/</a> for
information on <a href="http://Login.gov">Login.gov</a>'s security practices.
\58\ While <a href="http://Login.gov">Login.gov</a> permits multiple email addresses to be
associated with a single <a href="http://Login.gov">Login.gov</a> account, EDGAR would require a
single email address related to the need to access EDGAR be
associated with the individual account credentials. To change an
email address (for example, because of a change of domain name), the
individual would change the email in the dashboard and then change
it on <a href="http://Login.gov">Login.gov</a> to maintain access to EDGAR.
---------------------------------------------------------------------------
In accord with proposed Rule 10(d), all account administrators,
users, and technical administrators would be required to use their
individual account credentials, and multi-factor authentication, to
sign into all EDGAR filing websites. After entering the <a href="http://Login.gov">Login.gov</a>
username and password, each individual would be prompted to enter a
one-time passcode received through the multi-factor authentication
option the individual selected when obtaining individual account
credentials at <a href="http://Login.gov">Login.gov</a>.\59\
---------------------------------------------------------------------------
\59\ If the individual lost or forgot her <a href="http://Login.gov">Login.gov</a> password,
the individual would reset the password through <a href="http://Login.gov">Login.gov</a>,
simplifying and automating the process of password retrieval.
---------------------------------------------------------------------------
Individual account credentials would enhance EDGAR security and
improve the ability of filers to securely maintain access to their
EDGAR accounts. As noted, filers currently share access codes among
multiple individuals, making it difficult to track with whom the codes
are shared or to trace a filing to a specific individual. The use of
individual account credentials would enable Commission staff and filers
to easily determine the individuals making specific filings on EDGAR.
Linking individuals to the filings they make would be particularly
useful for filers and Commission staff when problematic filings are
made on EDGAR and would enhance the security and integrity of the
system.
The use of individual account credentials would provide additional
assurance that only individuals who have been properly authorized by
the filer or the filer's account administrator could take actions on
the filer's behalf on EDGAR. Currently, the process of filing on EDGAR
requires the filer to use certain EDGAR access codes. EDGAR Next would
enhance security by requiring an individual seeking to make a filing on
EDGAR to sign in with individual account credentials, complete multi-
factor authentication, be authorized by the filer or the filer's
account administrator, and enter the filer's CIK and CCC.
Multi-factor authentication for individual accounts would be
required to access EDGAR. Multi-factor authentication is a widely
accepted security tool that would improve the security of access to
EDGAR by adding a layer of validation each time an individual signed
into EDGAR. Consistent with general industry practice, and standard
<a href="http://Login.gov">Login.gov</a> processes, individuals could check a box labeled ``remember
this browser'' during the <a href="http://Login.gov">Login.gov</a> sign-in process to preserve their
multi-factor authentication for 30 days if they used the same web
browser for login.\60\
---------------------------------------------------------------------------
\60\ Consistent with current practice, an individual logged into
EDGAR would be automatically logged out if the individual were idle
for more than 60 minutes, as well as at the end of EDGAR's hours of
operation (10:00 p.m. ET on business days). In each of those cases,
the individual would need to complete multi-factor authentication in
order to log back into EDGAR unless the individual had successfully
signed into EDGAR and checked the ``remember this browser'' box
within the last 30 days.
---------------------------------------------------------------------------
Under EDGAR Next, the EDGAR password, PMAC, and passphrase would no
longer be used. The historic use of several codes with differing
functions is not in accord with standard access processes. The use of
individual account credentials aligns more closely with streamlined,
modern access processes, including individual login using multi-factor
authentication. The CCC would persist as the code required for filing,
but, as noted, individuals seeking to file would also need to sign in
with individual account credentials, complete multi-factor
authentication, and be authorized by the filer or an account
administrator for the filer. Because of these additional safeguards,
the filer's CCC would be displayed on the dashboard for account
administrators and users.
Requests for Comment
1. Should we require the use of individual account credentials, as
proposed under Rule 10(d)(1), and multi-factor authentication for all
existing filers, individuals acting on their behalf, and applicants for
access to EDGAR?
2. Does the filing community have experience with obtaining account
credentials from third-party service providers including or similar to
<a href="http://Login.gov">Login.gov</a> that the Commission should consider? If so, which third-party
service party service providers, and what experience? Would the use of
third-party service providers give rise to any security concerns for
individual or entity filers?
3. Would the use of individual account credentials give rise to any
concerns regarding costs, confusion, or complexity for individual or
entity filers? Are there specific concerns for individual or entity
filers that make filings with respect to more than one subject company
(e.g., an individual filer who is a board member for more than one
company)? If so, what concerns? Please be specific.
B. Individual Roles: Account Administrator, User, Technical
Administrator
Under proposed Rule 10(d)(2), each filer would be required as an
initial matter to authorize and maintain at least two individuals with
individual account credentials as account administrators to manage the
filer's EDGAR account and to make submissions on EDGAR on behalf of the
filer,\61\ unless the filer were an individual or single-member
company,\62\ in which case it would be required to authorize and
maintain at least one individual with individual account credentials as
an account administrator.
---------------------------------------------------------------------------
\61\ See EDGAR Filer Manual, Volume I, at Section 4.
\62\ As defined in proposed Rule 11 and proposed Form ID, a
``single-member company'' would be a company that has a single
individual who acts as the sole equity holder, director, and officer
(or, in the case of an entity without directors and officers, holds
position(s) performing similar activities as a director and
officer).
---------------------------------------------------------------------------
Using the dashboard on EDGAR, account administrators, acting on
behalf of the filer, would authorize individuals with individual
account credentials to be users, additional account administrators, or
technical administrators for the filer, as needed. This process is
illustrated in diagram 1 below. Further, account administrators could
de-authorize account administrators, users, and technical
administrators for the filer.
[[Page 65530]]
[GRAPHIC] [TIFF OMITTED] TP22SE23.001
Individuals in each role would perform different functions for the
filer, and an individual's dashboard would display functionality that
corresponded to the respective individual's role, as explained more
fully below.
An individual could be authorized to perform more than one role for
a filer. For example, one individual could be both an account
administrator and a technical administrator, or one individual could be
both a technical administrator and a user. An account administrator
could not be a user, however, given that account administrators are
able to perform all the functions of a user, including the ability to
file on EDGAR, themselves.
Analogous additional roles would exist at delegated entities--
filers, including filing agents, to which another filer delegates
authority to file on its behalf. Specifically, the delegated entity's
account administrators would become delegated administrators for the
filer, and delegated administrators would have the ability to authorize
one or more of the delegated entity's users as delegated users who
could make submissions on behalf of that filer.
The key functions that could be performed by each role are
illustrated in diagram 2 below.
Diagram 2--Key Functions for Each Role
--------------------------------------------------------------------------------------------------------------------------------------------------------
Manage account Delegate to/
administrators, accept
Submit Generate/ users, technical delegated Manage Manage Manage
Role filings, change CCC administrators, entity status delegated filer API user API
view CCC and delegated from another users token token
entities filer
--------------------------------------------------------------------------------------------------------------------------------------------------------
Account Administrator.............................. X X X X ........... ........... X
User............................................... X ........... ................. ............... ........... ........... X
Technical Administrator............................ ........... ........... ................. ............... ........... X ...........
Delegated Administrator............................ X ........... ................. ............... X ........... X
Delegated User..................................... X ........... ................. ............... ........... ........... X
--------------------------------------------------------------------------------------------------------------------------------------------------------
1. Account Administrators
Proposed Rule 10 paragraphs (d)(4), (d)(5), and (d)(6) would
require that the filer, through its account administrators, be
responsible to maintain accurate and current information on EDGAR
concerning the filer's account and to confirm that information
annually, as well as to securely maintain information relevant to the
ability to access the filer's EDGAR account, including but not limited
to access through any APIs.
Under EDGAR Next, account administrators, on behalf of the filer,
would be responsible for the security of the filer's EDGAR account and
the accuracy of the filer's information on EDGAR. Account
administrators would manage the filer's account on the dashboard, which
would display relevant functionality for them to:
<bullet> Add and remove users, account administrators, and
technical administrators (including removing themselves as account
administrators);
<bullet> Create and edit groups of users;
<bullet> Delegate filing authority to other EDGAR accounts, such as
a filing agent's account, and remove such delegations;
<bullet> Make the required annual confirmation of all of the
filer's information on the dashboard;
<bullet> Generate a new CCC for the filer; and
<bullet> View and correct their own profile information (name,
address, phone number, etc.).
Account administrators could also make submissions on behalf of the
filer on EDGAR, allowing filers to make submissions on EDGAR through
their account administrators without adding individuals as users on the
account.
In addition, account administrators would serve as the points of
contact for questions from Commission staff regarding the filer's
account.\63\
---------------------------------------------------------------------------
\63\ Technical administrators would serve as the Commission
staff's points of contact regarding the filer's use of the APIs. See
infra Section III.B.3.a.
---------------------------------------------------------------------------
Each account administrator would be co-equal, possessing the same
authority and responsibility to manage the filer's EDGAR account. There
would be no primary account administrator. All actions that would be
required to be
[[Page 65531]]
performed by account administrators could be performed by any of them
individually and would not require joint action by the filer's account
administrators.
a. Filer Authorization of Account Administrators
Under the proposal, prospective EDGAR filers would designate on
Form ID the individuals that the filer authorized as account
administrators.\64\ As noted above, pursuant to proposed Rule 10(d)(1),
the filer could only authorize individuals as account administrators if
those individuals had obtained individual account credentials in the
manner specified in the EDGAR Filer Manual.
---------------------------------------------------------------------------
\64\ A unique process would be employed to transition existing
filers, as discussed in the transition section below (see Section
III.F).
---------------------------------------------------------------------------
Prospective company filers could authorize as account
administrators either (i) individuals employed at the filer or an
affiliate of the filer or (ii) any other individual, provided the filer
submitted a notarized power of attorney authorizing such other
individual to be its account administrator. Prospective individual
filers could authorize as account administrators either (i) themselves
or (ii) any other individual, provided the filer submitted a notarized
power of attorney authorizing such other individual to be the
individual filer's account administrator.
A prospective account administrator would complete the prospective
filer's Form ID and electronically submit it, and also upload a
notarized copy of the prospective filer's Form ID signed by an
authorized individual of the prospective filer, as currently required.
The signature of the authorized individual would constitute the filer's
authorization of the account administrators listed on Form ID.
If the prospective filer sought to authorize another individual as
an account administrator, the prospective filer would additionally be
required to provide Commission staff with a notarized power of attorney
executed by an authorized individual of the prospective filer granting
authority to that individual to be an account administrator. The power
of attorney would be uploaded with the prospective filer's completed,
notarized Form ID.\65\
---------------------------------------------------------------------------
\65\ Currently, a person with a power of attorney from an
individual filer may sign the Form ID application for the individual
filer; in that case, the power of attorney document must accompany
the notarized Form ID application. See EDGAR Filer Manual, Volume I,
at Section 3. Existing Commission practice also permits the Form ID
to be signed by an individual with a power of attorney from a filing
entity, such as a corporation.
---------------------------------------------------------------------------
If, after reviewing the Form ID application, Commission staff
granted access to EDGAR to the filer, EDGAR would email the account
administrators listed on Form ID the filer's CIK number and a link to
the relevant EDGAR website, similar to the current process. The account
administrators could then access the filer's dashboard by logging into
EDGAR with their individual account credentials and completing multi-
factor authentication.
On the dashboard, account administrators could generate a CCC for
the newly issued CIK. The CCC would be securely saved in the dashboard
and would be visible to all account administrators and users, delegated
administrators, and delegated users for that CIK to facilitate their
ability to make submissions on behalf of the filer.
Account administrators could authorize additional account
administrators via the dashboard. Thus, if the initial account
administrators are determined to be properly authorized to act for the
filer on EDGAR, those initial account administrators would be
authorized to add account administrators.
b. Number of Account Administrators
As proposed in Rule 10(d)(2), filers who are individuals or single-
member companies would be required to authorize and maintain at least
one account administrator; all other filers would be required to
authorize and maintain at least two account administrators. On the
dashboard, any account administrator could add account administrators
to the filer's EDGAR account; the maximum number of account
administrators would be twenty. After an account administrator invited
the individual on the dashboard, EDGAR would send an email invitation
to the individual at the email address used to create individual
account credentials.
Requiring most filers to authorize at least two account
administrators would increase the ability of filers to manage their
EDGAR accounts without interruption. Thus, if an account administrator
unexpectedly resigned or otherwise ceased to be available to manage the
filer's account, the remaining account administrators would continue to
manage the filer's account and could authorize additional account
administrators. If the account administrator who sought to resign was
one of the required two account administrators for an entity filer,
then that account administrator could not be removed from the filer's
EDGAR account unless the filer first added another account
administrator through the dashboard to meet the required minimum of two
account administrators. For individual filers and single-member
companies, at least one account administrator would always be required
because those filers typically consist of only one individual. A limit
of twenty account administrators would likely be sufficient to allow
for management of large accounts, while avoiding the confusion that a
larger number of account administrators might cause.
If all the account administrators for a filer ceased to be
available to manage the filer's account, the filer would be required to
submit a new Form ID to authorize new account administrators.
c. Account Administrator Authorization and Removal of Users, Technical
Administrators, and Other Account Administrators
An account administrator could add an individual as a user, account
administrator, or technical administrator for an EDGAR account through
the dashboard. The account administrator would enter on the dashboard
the prospective individual's first and last name and email address, and
EDGAR would send an email invitation to that address. The email address
would be required to match the email address provided by the individual
when they obtained individual account credentials. In addition, EDGAR
would send a notification to the individual through the dashboard if
the individual to be added had existing access to the dashboard for
another role or filer. The individual's designation as user, account
administrator, or technical administrator would be effective when the
individual accepted the invitation. Individuals would have fourteen
days within which to accept the invitation.\66\ If the individual did
not accept within that time period, the individual would not be added,
and the invitation would become void. The account administrator could
re-initiate the invitation thereafter, however, to afford the
individual another opportunity to accept.
---------------------------------------------------------------------------
\66\ If the deadline fell upon a day when the dashboard was not
available (e.g., a holiday or weekend), the deadline would be
deferred until the following business day.
---------------------------------------------------------------------------
Account administrators could change roles of individuals who had
already been authorized to act on behalf of the filer, by adding or
removing roles as account administrator, user, and/or technical
administrator. The relevant individuals would not be required to accept
additional invitations or de-
[[Page 65532]]
authorizations for their role to be changed. An account administrator
could perform all the functions of a user, therefore, an account
administrator could not also be a user since it would be redundant for
an individual to hold both roles for the same filer. An individual
could, however, be both an account administrator and a technical
administrator for the same filer, or a user and a technical
administrator for the same filer.
d. Account Administrator Performance of Annual Confirmation
As proposed under Rule 10(d)(4), each filer would be required to
perform an annual confirmation on EDGAR of all of the filer's users,
account administrators, technical administrators, and delegated
entities, as well as any other information related to the filer
appearing on the dashboard.\67\ Account administrators would act for
the filer to carry out this function.\68\ Annual confirmation would
assist the filer in tracking those authorized to file on EDGAR and
would provide an opportunity for account administrators to confirm the
accuracy of those individuals and delegated entities associated with
the filer and to remove those no longer authorized.
---------------------------------------------------------------------------
\67\ As discussed above, the dashboard would contain the filer's
corporate and contact information. See supra text accompanying note
53. If the filer's information contained in the dashboard was not
correct, that information could be updated via a COUPDAT submitted
by the filer's account administrator or user. Proposed paragraph
(d)(4) is analogous to the requirements currently set forth in the
EDGAR Filer Manual, Volume I, to securely maintain EDGAR access and
to maintain accurate company information on EDGAR. See EDGAR Filer
Manual, Volume I, at Sections 4 and 5.
\68\ As discussed above, in the 2021 Request for Comment, the
Commission sought comment on requiring confirmations to be made by
both account administrators and users. Several commenters objected
to this requirement on the grounds that it would be duplicative and
unduly burdensome for account administrators to confirm all users
authorized to act on behalf of the filer, and for those users to
separately have to confirm their own authorizations. See supra note
45. Other commenters recommended limiting confirmation to
administrators. See supra note 45. To address these commenters'
concerns, our proposal includes the latter group of commenters'
recommendation, requiring only account administrators to confirm
users, account administrators, technical administrators,
delegations, and other information on the filer's dashboard. We
believe that limiting the confirmation to account administrators
should address the concerns from these commenters.
---------------------------------------------------------------------------
To provide flexibility to filers, EDGAR would allow account
administrators to select one of four quarterly dates as the filer's
ongoing confirmation deadline: March 31, June 30, September 30, and
December 31 (or the next business day, if the date fell upon a weekend
or holiday when EDGAR was not operating). An account administrator need
not wait until the deadline to confirm and could confirm at any earlier
date. An account administrator could further change the quarter when
confirmation was due by confirming the account at a date in a quarter
earlier than the currently selected deadline quarter. Confirmation in
an earlier quarter would result in a confirmation deadline one year
after the end of the quarter in which the early confirmation occurred.
For example, if a December 31 confirmation deadline was selected by the
account administrator for the initial annual confirmation, but the
account administrator submitted the confirmation for the following year
in August, the filer's annual confirmation deadline for the next year
would be September 30 (or the next business day, if the date fell upon
a weekend or holiday when EDGAR was not operating).
EDGAR would provide several periodic notices to account
administrators of the upcoming confirmation deadline, as well as notice
of completion of confirmation or failure to timely confirm.\69\ There
would also be a two-week grace period following the confirmation
deadline, during which account administrators would receive a final
series of notices reminding them to complete annual confirmation.\70\
---------------------------------------------------------------------------
\69\ As discussed above, in response to the 2021 Request for
Comment, some commenters suggested that the Commission implement an
active notification process to inform filers of impending
expiration, and the proposed process would follow that approach. See
supra note 46.
\70\ These notices would be provided in the dashboard and also
be sent via email to all account administrators' email addresses
(e.g., the confirmation deadline notices would be periodically
provided in both email and via the dashboard multiple times leading
up to the deadline to ensure that the account administrators were
fully aware of the pending deadlines). See infra Section III.B.1.f
(discussing notifications to account administrators).
---------------------------------------------------------------------------
If no account administrator performed the annual confirmation by
the end of the grace period, EDGAR would deactivate the filer's access
and the filer would be required to submit a new Form ID application to
request access to file on EDGAR.\71\ If Commission staff approved the
Form ID application, the filer would continue to have the same CIK
previously assigned and its filing history would be maintained. The
filer's account administrators listed on Form ID would be required,
however, to invite through the dashboard, as if to a new account, any
additional account administrators, technical administrators, and users.
Although the need to reapply for access and, in particular, the need to
invite account administrators, users, and technical administrators
anew, would impose an additional burden on filers, failure to perform
annual confirmation could signal that the filer was no longer managing
or controlling the account. Removing individuals from the filer's
account upon deactivation would safeguard information regarding
individuals whose information was listed on the filer's dashboard. For
example, if someone other than the original filer's account
administrators submitted a Form ID application for access to the
account, and the original account administrators did not respond to
Commission staff's inquiries regarding the new Form ID, the process
outlined above would prevent the new account holder from accessing the
names, addresses, and contact information of the individuals formerly
associated with the account.
---------------------------------------------------------------------------
\71\ As discussed above, in response to the 2021 Request for
Comment, several commenters urged the Commission to provide a grace
period to filers that failed to perform annual confirmation timely
(as opposed to immediately removing access) and separately requested
that the Commission deny EDGAR access until the administrator
performed annual confirmation (as opposed to inactivating the EDGAR
account). See supra notes 47-48. As discussed below, as part of the
EDGAR Next changes, we would provide multiple notices of the
impending confirmation deadline to account administrators on the
dashboard and by email and also provide a two-week grace period that
would include a series of reminder notices. Collectively, we believe
this would ensure that the filer's account administrators would
receive adequate notice and opportunity to timely perform
confirmation. Deactivating the account due to failure to provide
confirmation therefore would immediately protect the filer because
failure to perform the required confirmation could be a sign that
the account may no longer be managed or controlled by the filer.
---------------------------------------------------------------------------
e. User Groups
The dashboard would allow an account administrator to group subsets
of the filer's users into user groups. User groups would:
<bullet> Be created by an account administrator;
<bullet> Consist only of users, not account administrators or
technical administrators;
<bullet> Contain only users for the same EDGAR account;
<bullet> Contain up to 500 users (corresponding to the maximum
number of users per filer that would be allowed); and
<bullet> Not be subject to any numerical limit (i.e., there could
be an unlimited number of user groups).
The user group function would primarily assist delegated entities
to authorize certain delegated users to file on EDGAR for specific
filers, as explained in the Delegated Entities section below. By
employing user groups, the delegated administrator could add or remove
the ability to file
[[Page 65533]]
for a certain filer to all users in the group at once, leading to
efficiencies of time in managing users.
If an account administrator added an individual to a user group,
the individual would receive an invitation to join the user group. If
the individual accepted, the individual would become a member of the
user group.
2. Users
Under EDGAR Next, account administrators could authorize
individuals with individual account credentials as users able to make
submissions on EDGAR on behalf of the filer.
a. Authority of Users
Users would be able to make submissions on EDGAR on the filer's
behalf. On the dashboard, account administrators and Commission staff
could determine which users made which submissions; however, this
information would not be made public on EDGAR. In addition, on the
dashboard, users could:
<bullet> Remove themselves as a user for a filer;
<bullet> If using APIs, generate, view, and copy their user API
tokens (as discussed further in Section III.D below); and
<bullet> View basic information about the filer's account,
including the filer's name, CIK, CCC, and corporate information and
contact information, as well as the contact information for the account
administrators.
Users could not, however, add or remove individuals from the
dashboard other than themselves. Further, users could not generate a
new CCC.
Separately, users could submit COUPDATs to update filer information
such as name, address, and state of incorporation, as filers currently
do.
As part of the login and authentication process for the EDGAR
filing websites, a user would be able to select the CIK of the filer
for which submissions were being made, and that CIK would be reflected
in the accession number \72\ for each of the user's submissions
(``login CIK''). Users could change their login CIK at any time to any
other CIK for which they were authorized.
---------------------------------------------------------------------------
\72\ An accession number is a unique identifier assigned
automatically to EDGAR submissions for tracking and reference
purposes. The first 10 digits comprise the CIK of the entity making
the submission, which may be an entity with reporting obligations or
a third party (such as a filing agent. The next two digits represent
the year. The last series of digits comprise a sequential count of
submitted filings from that CIK. The count is usually, but not
always, reset to zero at the start of each calendar year.
---------------------------------------------------------------------------
b. Becoming Authorized as a User
Through the dashboard, an account administrator would invite an
individual to be a user for the filer's account, and the prospective
user would receive an email invitation from EDGAR at the email address
associated with the prospective user's individual account credentials.
In addition, if the prospective user had a role for any EDGAR account,
the notification would also appear on the prospective user's dashboard.
The individual would be required to accept the invitation to become a
user. The individual could then sign in as a user to the filer's EDGAR
account by entering her individual account credentials and completing
multi-factor authentication.
c. Number of Users
There would be no minimum number of users because account
administrators could make submissions on behalf of the filer. There
would be a maximum of 500 users. We anticipate that 500 users would be
sufficient to accommodate sophisticated filers making a large number of
varied filings.
3. Technical Administrators
In connection with the EDGAR Next changes, filers would have an
option to use a submission API and related informational APIs, and
filers who opted to use the APIs would be required, through their
account administrators, to authorize at least two technical
administrators to manage API tokens and related technology. Technical
administrators could:
<bullet> Issue and deactivate filer API tokens on the dashboard;
<bullet> Remove themselves as technical administrators for filers;
<bullet> View and correct their own profile information; and
<bullet> View basic information about each filer for which they are
designated as a technical administrator, including the filer's
corporate information and contact information.
a. Authority of Technical Administrators
A technical administrator would issue and deactivate filer API
tokens required to use the APIs, as set forth more fully in the API
discussion in Section III.D. Technical administrators would also serve
as points of contact for questions from Commission staff regarding the
filer's use of the APIs.
A technical administrator could not add or remove individuals on
the dashboard, except to remove themselves as technical administrator.
Nor could a technical administrator make submissions on EDGAR on the
filer's behalf. Additionally, a technical administrator could not
generate CCCs and could not change company information. A technical
administrator could, however, view relevant filer information on the
dashboard.
An account administrator could authorize technical administrators
to be account administrators or users as well as technical
administrators. To the extent that individuals designated as technical
administrators also had the role of account administrator or user, they
would additionally be able to perform the functions associated with
that role.
b. Becoming a Technical Administrator
Identical to the process for users, an account administrator would
invite the prospective technical administrator on the dashboard, and
EDGAR would send the invitation to the email address associated with
the prospective technical administrator's individual account
credentials. In addition, if the prospective technical administrator
already had a role for any EDGAR account, a notification of the
invitation would appear on her dashboard. The prospective technical
administrator would be required to accept the invitation to become a
technical administrator.
c. Number of Technical Administrators
As proposed, if the filer chose to use an API, the filer, acting
through its account administrator, would be required to designate at
least two technical administrators. This minimum would parallel the
minimum number of individuals required to be account administrators (in
the case of filers other than individuals and single-member companies)
and would reduce the chance that the filer's access to the APIs would
be interrupted. There would be no exception to the two technical-
administrator minimum for individuals and single-member companies,
however, because we anticipate that filers that make a large volume of
submissions--typically large filers and filers who use filing agents--
would use the APIs, and those filers would have sufficient staff to
designate two technical administrators.
Because a filer would be required to have at least two technical
administrators to use the APIs, the dashboard would not allow a
technical administrator to be removed from a filer's account when only
two technical administrators were authorized on the account. An account
administrator would be required to first add another technical
administrator.
[[Page 65534]]
There would be a maximum of ten technical administrators per filer.
This limit would streamline points of contact with the filer and avoid
confusion at the filer regarding API tokens. For example, having more
than ten possible technical administrators could heighten opportunities
for miscommunication between Commission staff and the filer if issues
arose regarding the use of APIs. Moreover, based on our understanding
of filers' current practice, we do not anticipate that a filer would
require more than ten technical administrators to carry out the
functions of managing technical aspects of the APIs.
Requests for Comment
4. Should we add a required account administrator role to EDGAR, as
set forth in proposed Rule 10(d)? If not, why not?
5. As stated in proposed Rule 10(d), at least two account
administrators would be required for filing entities (other than
single-member companies) and one account administrator for individual
filers and single-member companies. Are these minimum numbers of
account administrators appropriate? If not, what minimum numbers of
account administrators would be appropriate? Should individual filers
and single-member companies be required to have more than one account
administrator? If so, why?
6. Should account administrators be permitted to add and/or remove
other account administrators without the filer's consent? If so, why?
If the filer's consent is not required, should the filer be notified
when a new account administrator is added or removed?
7. Should a prospective filer's Form ID be required to be completed
and submitted by an account administrator, as set forth in proposed
Rule 10(b)? If not, what would be the advantages and disadvantages of
allowing an individual who was not an account administrator to complete
and submit a Form ID on behalf of an applicant? Please be specific.
8. In proposed Rule 10(d), each filer, through its account
administrators, would be required to confirm annually the accuracy of
the filer's information on the dashboard; maintain accurate and current
information on EDGAR concerning the filer's account; and securely
maintain information relevant to the ability to access the filer's
EDGAR account, including but not limited to access through any EDGAR
APIs. Should any changes or clarifications be made to the proposed
responsibilities of filers to be carried out by account administrators
in proposed Rule 10(d)? If so, how and why should such changes or
clarifications be made? Should any guidance be provided with regards to
any of these responsibilities and, if so, how and why?
9. Should any changes be made to the authorization process for
account administrators? For example, in the case of company filers,
should employees of the filer's affiliate be required to be
authenticated via a notarized power of attorney? If so, why?
10. Should any changes be made to the scope of the proposed annual
confirmation requirement set forth in proposed Rule 10(d)? Why? Should
the confirmation be performed annually, more frequently, or less
frequently? Why? As currently contemplated as part of EDGAR Next, in
the case of a failure to satisfy the proposed annual confirmation
requirement, should there be a grace period for the account
administrators to satisfy the confirmation requirements before the
account is deactivated? How long should this grace period be, if
adopted? Regardless of whether a grace period is provided, should
failure to satisfy the proposed annual confirmation requirement result
in deactivation of the account with removal of the individuals
authorized on the dashboard for the filer, as discussed above, or
alternatively, would a temporary suspension of EDGAR access without
removal of any of the individuals authorized on the dashboard for the
filer be more appropriate, until any of the listed account
administrators satisfied the confirmation requirement? Why? How long
should the described temporary suspension be, if adopted? Separately,
if failure to satisfy the proposed annual confirmation requirements
should result in deactivation of the account with removal of the
individuals authorized on the dashboard of the filer, as discussed
above, should delegated entities and delegating filers also be removed
from the dashboard? Why or why not?
11. Would the annual confirmation requirement create any additional
burden for filers compared to the current annual EDGAR password update
requirement? If so, are there any improvements to the proposed annual
confirmation requirement that would reduce the burden for filers?
Separately, are there any particular concerns for filers who may only
engage in occasional filings, such as filers pursuant to section 16 of
the Securities Exchange Act of 1934 who may make sporadic submissions
of Forms 3, 4, and 5 less than once per year? If so, to what extent
would those concerns be newly implicated by the proposal, given that
currently filers must change their password annually or their access to
EDGAR is deactivated?
12. Are there any considerations regarding the annual confirmation
requirement that are specific to individual or entity filers that make
filings with respect to more than one subject company (e.g., an
individual filer who is a board member for more than one company)?
Should the confirmation requirement differ for such filers? If so, why?
13. Should we add a user role to EDGAR? If not, how would we
address our policy concerns regarding the identification and
authorization of individuals who make submissions on the filer's
behalf? Is a limit of 500 authorized users per filer appropriate, or
should that number be increased or decreased? Should account
administrators be able to add users only for a specific filing or for a
specific period of time, after which the user's authorization
automatically expires? Should any changes or clarifications be made to
the scope of authority of users as part of EDGAR Next? If so, how and
why should the scope of authority of users be different, or how could
the tasks within the scope of authority for users be clarified?
14. Should we add a technical administrator role to EDGAR, as set
forth in proposed Rule 10(d)? If not, how would we address our policy
concerns regarding the identification and authorization of the
individuals who would manage the filer's APIs?
15. Would the requirement of at least two technical administrators
to manage the filer's APIs, as set forth in proposed Rule 10(d), create
an undue burden for filers? Should this requirement be revised to more
fully parallel the limit for account administrators by requiring only
one technical administrator for filers who are individuals and single-
member companies? Why or why not? Is a maximum number of ten technical
administrators appropriate? Why or why not? Should any changes or
clarifications be made to the scope of authority for technical
administrators as part of the EDGAR Next changes?
16. For what purposes, if any, would filers need to access the
dashboard when EDGAR filing functionality was not available? If the
dashboard were made available to filers for a period of time outside of
EDGAR operating hours, in addition to during EDGAR operating hours,
would filers be impacted by the unavailability of filer telephone and
email support and EDGAR submission capabilities during that time
period?
[[Page 65535]]
How would they be impacted? Please be specific.
C. Delegated Entities
Under EDGAR Next, a filer could delegate authority to file on its
behalf to any other EDGAR filer, such as a filing agent, which would
become a delegated entity for the filer.
1. Delegating Authority To File
An account administrator would delegate authority to file by
entering the prospective delegated entity's CIK on the dashboard. EDGAR
would then send an email invitation to all account administrators of
the prospective delegated entity; in addition, the invitation would
appear on the dashboard of the prospective delegated entity's account
administrators.
One account administrator for the prospective delegated entity
would be required to accept the invitation for the delegation to become
effective. If no account administrator for the prospective delegated
entity accepted within fourteen days of it being issued, the invitation
would lapse; however, the filer could again follow the process outlined
herein to issue another invitation.\73\
---------------------------------------------------------------------------
\73\ If the deadline fell upon a day when the dashboard was not
available (e.g., a holiday or weekend), the deadline would be
deferred until the following business day.
---------------------------------------------------------------------------
If the filer's account administrators wished to terminate the
delegation, they could do so on the dashboard by removing the delegated
entity's authority to file. Removal of delegation would not require
acceptance by the delegated entity.
An account administrator could delegate authority to file to an
unlimited number of EDGAR accounts, allowing filers to delegate to
multiple filing agents, for example, should they so choose.
2. Separation of Authority of Filer and Delegated Entity
An account administrator could not add or remove individual
delegated users at the delegated entity, nor could the account
administrator access the delegated entity's dashboard or account.
Delegated administrators and delegated users could file on the
filer's behalf, but they could not take any other actions on behalf of
the filer. Nor could they access the filer's dashboard.\74\ For
example, a delegated administrator could not add, remove, or confirm
account administrators, users, or technical administrators for the
filer. Similarly, delegated administrators would not be able to
generate or reset the filer's CCC, nor would delegated administrators
or delegated users be able to make COUPDAT submissions for the
filer.\75\ Delegated administrators and delegated users would not count
towards the limits of 20 account administrators and 500 users for the
filer under EDGAR Next.\76\
---------------------------------------------------------------------------
\74\ As discussed further below in Section III.C, the dashboard
would generally be used to manage a filer's EDGAR account, including
management of individuals authorized to act as account
administrators, users, and technical administrators; management of
entities authorized to act as delegated entities; and management of
filer and user API tokens. Delegated entities would not need to
access the filer's dashboard in order to make filings on the filer's
behalf, since filings would be made directly on the EDGAR filing
websites, as opposed to through the filer's dashboard.
\75\ As currently planned, delegated administrators and
delegated users would not be able to make COUPDAT submissions for
the filer. Delegated administrators and delegated users could,
however, continue to submit series and company update submissions,
or SCUPDATs, for registered investment company clients according to
the present process.
\76\ See Section III.B.1.b. and III.B.2.c (discussing limits of
account administrators and users per filer).
---------------------------------------------------------------------------
Delegated entities could receive and provide multiple delegations,
but they could not further delegate authority to file to other entities
on behalf of filers who delegate authority to them. For example, Filer
A could delegate authority to file on its behalf to Filer B.
Separately, Filer B could delegate authority to file on its behalf to
Filer C. In this scenario, however, Filer B could not delegate to Filer
C the authority to file on behalf of Filer A, and Filer C could not
file on behalf of Filer A.
3. Delegated Entities
As EDGAR filers, delegated entities would be required to comply
with the same requirements applicable to all filers.
A delegated entity could be any EDGAR account, including but not
limited to:
<bullet> Filing agents; \77\
---------------------------------------------------------------------------
\77\ We are proposing amendments to Rule 11 under Regulation S-T
to define a ``filing agent'' as any person or entity engaged in the
business of making submissions on EDGAR on behalf of filers. This
would include law firms, financial services companies, and other
entities engaged in the business of submitting EDGAR filings on
behalf of their clients. See the discussion of proposed amendments
to Rule 11 in Section III.E.2.
---------------------------------------------------------------------------
<bullet> Issuers, broker-dealers, and others making submissions on
behalf of individuals filing pursuant to section 16 of the Securities
Exchange Act of 1934;and
<bullet> Parent companies of large groups of related filers.
A delegated entity would maintain its separate EDGAR account with
its own account administrators, users, and technical administrators.
A delegated entity could receive delegated authority to file for an
unlimited number of filers.
We contemplate that individuals with section 16 filing obligations
could delegate authority to file to relevant company filers under the
construct set forth herein, if they wished to do so. In response to the
2021 Request for Comment, several commenters suggested that the
Commission permit the creation of company-specific accounts for each
individual with filing obligations pursuant to section 16 of the
Exchange Act.\78\ Commenters stated that such accounts would allow
individuals to delegate their EDGAR account administration
responsibilities to the companies for which those individuals had
section 16 filing obligations.\79\ This framework would make it
difficult for the Commission and others to track the filings made by a
specific individual, however, since each filing would be made by a
different company-specific account without linking individuals to the
accounts or the filings made therein. The delegation process described
herein would make it easier for individuals to obtain assistance with
their filings, while allowing the Commission and others to determine
filings made by a specific individual. We therefore do not plan to
implement the commenters' suggestion.
---------------------------------------------------------------------------
\78\ See supra notes 41-42.
\79\ See supra notes 41-42.
---------------------------------------------------------------------------
If a filer authorized a delegated entity to file on its behalf, one
of the delegated entity's account administrators would be required to
accept the invitation; further, upon acceptance, all of the delegated
entity's account administrators would automatically become delegated
administrators for the filer. All delegated administrators for the
filer would have co-equal authority with regard to that filer. If the
delegated entity added or removed one of the account administrators for
its own EDGAR account, then that individual would also be added or
removed as a delegated administrator for the filer. These relationships
are illustrated in diagram 3 below.
[[Page 65536]]
[GRAPHIC] [TIFF OMITTED] TP22SE23.002
4. Delegated Users
If a delegated entity accepted a delegation from a filer, the
delegated administrators could authorize specific users at the
delegated entity to become delegated users with respect to that filer.
Delegated users would not count as part of the 500-user limit for the
filer.\80\
---------------------------------------------------------------------------
\80\ See supra Section III.B.2.c.
---------------------------------------------------------------------------
Alternately, if delegated administrators wanted all of their users
to become delegated users with respect to a filer, the delegated
administrators could check a box to automatically designate all of the
users at the delegated entity as delegated users for the filer.
Thus, delegated administrators would have the following options:
<bullet> Authorize a subset of the delegated entity's users as
delegated users, through the user group function, as discussed above
and further explained below;
<bullet> Authorize all of the delegated entity's users as delegated
users for the filer; or
<bullet> Not authorize any delegated users (because the delegated
administrators could file on behalf of the filer \81\).
---------------------------------------------------------------------------
\81\ For this reason, delegated administrators could not be
designated as delegated users with regards to the delegating filer,
because doing so would be redundant.
---------------------------------------------------------------------------
Users at the delegated entity would receive notifications if a
delegated administrator added or removed them as a delegated user for a
particular filer, however, users would not need to accept the
notification or take any further action to become a delegated user for
a filer.
Delegated users could submit filings on behalf of the filer on the
EDGAR filing websites or through the submission API (which would also
require the user to generate and submit a user API token, as discussed
further below).
5. User Groups at Delegated Entities
We believe that the user group function would provide an efficient
method for delegated administrators to manage delegated users.
Delegated entities, through their delegated administrators, could
employ user groups to assign certain users to different filers for whom
they possessed delegated authority to file. An example is provided in
diagram 4 below.
[[Page 65537]]
[GRAPHIC] [TIFF OMITTED] TP22SE23.003
<bullet> In diagram 4, the account administrators for Filer A and
Filer B delegated to Filer C. As a result, Filer C's account
administrators became delegated administrators for Filers A and B. In
this example, Filer C might be a filing agent to which Filer A or Filer
B gave authority to make filings on its behalf, and Filer A and Filer B
might be public companies or investment companies.
<bullet> A delegated administrator at Filer C created User Group 1
containing Filer C's Users 1, 2, and 3. The delegated administrator
assigned authority to file for Filer A to User Group 1. Users 1, 2, and
3 are thus delegated users for Filer A because they are members of User
Group 1. If additional users from Filer C were added to User Group 1,
those additional users would also become delegated users for Filer A.
<bullet> The delegated administrator at Filer C also created User
Group 2 containing Filer C's User 3. The delegated administrator
assigned authority to file for Filer B to User Group 2. User 3 is a
delegated user for Filer B.
<bullet> By employing the user group function, the delegated
administrator at Filer C restricted delegated filing permissions for
Filer A to Filer C Users 1, 2, and 3 only (via User Group 1) and
delegated filing permissions for Filer B to Filer C User 3 only (via
User Group 2). Filer C User 4 has not been authorized as a delegated
user for any filers.
<bullet> In diagram 4, each user group has only been assigned
authority to file for a single filer, but user groups could be assigned
authority to file for multiple filers.
Delegated administrators could also designate a default user group
of individuals who would be automatically assigned as delegated users
for all future delegations. The ability to have a default user group
would be an efficient way for delegated administrators to authorize
groups of their users as delegated users for any delegating filer.
Users would receive notifications when added to or removed from a
user group, and when the user group to which they belonged became
authorized to make submissions for a filer, or when that authorization
was removed. Users would not need to accept or otherwise take any
action on these notifications.
6. Technical Administrators at Delegated Entities
If the delegated entity chose to use APIs, the delegated entity
would be required to designate its own technical administrators. The
delegated entity's technical administrators would be responsible for
maintaining the API capabilities for filings by the delegated entity.
They would manage the delegated entity's own filer API tokens, as
discussed further in Section III.D.1, and the delegated entity would
use the delegated entity's filer API tokens to make filings for any
filers that delegated authority to it. Technical administrators at the
delegated entity would not manage any APIs in use by the filer itself.
Nor would the technical administrator need different tokens for
different filers that delegated to the delegated entity.
Requests for Comment
17. Should we add individual roles to EDGAR for delegated
administrators and delegated users? If not, how should we address our
policy concerns regarding the identification and authorization of the
delegated individuals who would submit filings on the filer's behalf?
18. Should account administrators be able to delegate filing
authority to any EDGAR filer (and remove such delegation)? Do
commenters have any concerns with the delegation function or any
suggested modifications? For example, should delegation be limited to
EDGAR filers that selected ``filing agent'' as the account type on Form
ID when opening the account? Or should delegation be permitted to any
EDGAR account, as proposed? Why?
19. Would the EDGAR Next delegation framework address concerns
raised by commenters about the impact that the contemplated EDGAR Next
changes would have on individual officer and director filers pursuant
to section 16 of the Exchange Act, in light of the fact that individual
officer and director filers could delegate authority to file on their
behalf to any related companies, law firms, or filing agents? Why or
why not?
20. Should any changes be made to the authority of delegated
administrators and delegated users under EDGAR Next?
21. Are there any situations where the EDGAR Next delegation
framework could be streamlined?
22. Would user group functionality facilitate the ability of
account administrators and delegated
[[Page 65538]]
administrators to efficiently add and remove users and delegated users?
Why or why not? Should any changes to user group functionality be made?
D. Application Programming Interfaces
As part of the EDGAR Next changes, the Commission would offer APIs
to filers to allow machine-to-machine communication with EDGAR. The
Commission plans initially to provide three APIs to allow filers to:
<bullet> Make both live and test submissions on EDGAR (``submission
API'');
<bullet> Check the status of an EDGAR submission (``submission
status API''); and
<bullet> Check EDGAR operational status (``EDGAR operational status
API'').
Pursuant to proposed Rule 10(d)(3), to use the APIs, filers would
be required to authorize at least two technical administrators.
Additionally, we plan to specify in the EDGAR Filer Manual that, to
use the APIs, filers would be required to present filer API tokens and
user API tokens to EDGAR that would be generated on the dashboard. The
filer's technical administrators would be required to generate a filer
API token to authenticate the filer. Further, the individual user or
account administrator who submits the filing would be required to
generate a user API token to authenticate herself as an authorized user
or account administrator for the filer. We plan that filer and user API
tokens would be confidential alphanumeric strings of text separately
generated in the dashboard by a technical administrator and a user,
respectively, and each would be valid for one year.\82\ Employing these
tokens would allow automated server-to-server authentication without
the need for manual individual account credential multi-factor
authentication, thus addressing a significant concern raised by
commenters in the 2021 Request for Comment.\83\
---------------------------------------------------------------------------
\82\ As a security measure, we contemplate that the user API
token would be deactivated if the user had not successfully logged
into the EDGAR Filer Management dashboard or one of the EDGAR filing
websites (EDGAR Filing or EDGAR Online Forms) within the last 30
days.
\83\ See supra notes 38-39.
---------------------------------------------------------------------------
In addition, as they would with other similar APIs, filers would
need to create, license, or otherwise obtain software (a ``filing
application'') to interface with the APIs. Additional information
regarding the APIs is available in the Overview of EDGAR Application
Programming Interfaces (``Overview of EDGAR APIs'') located on the
EDGAR Next page on <a href="http://SEC.gov">SEC.gov</a>.
The use of APIs would be optional. Filers that seek to file on
EDGAR, check the status of a submission, or check EDGAR operational
status would continue to be able to do so without using an API, as they
currently do.
1. Submission API
The submission API would provide filers a new option to submit test
and live filer-constructed EDGAR submissions through a machine-to-
machine connection.\84\ Filers who do not wish to use the API to make
filer-constructed submissions, and filers making other types of
submissions, could file through the web-based EDGAR filing
websites.\85\
---------------------------------------------------------------------------
\84\ Currently, EDGAR accepts approximately 525 submission
types, of which approximately 500 (95%) permit filer construction.
\85\ Whether submissions were made through the API or the EDGAR
filing websites, filers would specify the CIK for which they would
be making submissions. That CIK number would be reflected in the
accession number associated with those submissions. Filers could
change the login CIK reflected in the accession number at any time
to any other CIK for which the filer was authorized to file on
EDGAR. For example, a filing agent could choose to submit filings
for a client filer using its own login CIK, or by using its client
filer's login CIK.
---------------------------------------------------------------------------
To use the optional submission API, filers would be required to
comply with certain requirements. For filer API tokens, we plan that:
<bullet> A filer API token would be needed to identify the filer or
filing agent accessing the API.
<bullet> Only the filer's authorized technical administrator could
create filer API tokens.
<bullet> Filers could have multiple, valid filer API tokens (for
example, to identify different subsidiaries or divisions within the
filer) in use at the same time.
<bullet> A technical administrator would need to log into the
dashboard and be authenticated with individual account credentials to
create a filer API token.
<bullet> A technical administrator could terminate a filer API
token on the dashboard at any time.
<bullet> A filer API token would remain valid for up to one year.
<bullet> While valid, a filer API token could be used to submit an
unlimited number of filings.
For user API tokens, we plan that:
<bullet> Only a user, delegated user, or account administrator for
the filer associated with the filer API token could be authorized as a
user for the API.
<bullet> A user API token would be needed to identify the user
associated with each submission.
<bullet> Users would have only one valid user API token at a given
time.
<bullet> A user would log into the dashboard and be authenticated
with individual account credentials to create a user API token.
<bullet> A user API token would remain valid for up to one year
provided that the user associated with the token logged into the
dashboard or one of the EDGAR filing websites at least every 30 days.
If the user did not log in at least every 30 days, the user API token
would be deactivated.
<bullet> A user could terminate its user API token on the dashboard
at any time.
<bullet> While valid, a user API token could be used to submit an
unlimited number of filings.
The Overview of EDGAR APIs lists certain technical standards for
the submission API, as well as the expected inputs and outputs.
2. Submission Status API
Currently, EDGAR receives significant network traffic inquiring as
to the status of EDGAR submissions. Many filers check EDGAR submission
status immediately upon making a filing and again regularly until the
submission is accepted and ultimately disseminated, or alternately
suspended. This may result in significant network traffic for EDGAR and
represent a tedious manual process for filers. Providing a submission
status API would allow filers to use their filing application to
simultaneously check the status of multiple submissions in a batch
process, instead of manually logging into EDGAR and individually
checking the status of each submission.
The Overview of EDGAR APIs lists certain technical standards for
the submission status API, as well as the expected inputs and outputs.
Among other things, the submission status API would require a valid
filer API token; it would not require a user API token. The submission
status API would indicate to the filing application whether each
submission was submitted and accepted, but not yet publicly
disseminated; \86\ submitted and accepted, and publicly disseminated;
or submitted and suspended. In turn, the filing application would
display this information to the filer.
---------------------------------------------------------------------------
\86\ Generally, filings are first accepted and then subsequently
disseminated. However, certain filings remain nonpublic and are
never disseminated, so those filings will never progress from
accepted to disseminated status.
---------------------------------------------------------------------------
3. EDGAR Operational Status API
Many filers check EDGAR operational status continuously throughout
the filing day. This may result in significant network traffic for
EDGAR and constitute a tedious manual process for
[[Page 65539]]
filers. Providing an EDGAR operational status API would allow filers to
use their filing application to check the operational status of EDGAR
at any given time.
The Overview of EDGAR APIs lists certain technical standards for
the EDGAR operational status API, as well as the expected inputs and
outputs. Among other things, the EDGAR operational status API would
require a valid filer API token to be submitted by the filing
application; it would not require a user API token. The EDGAR
operational status API would indicate to the filing application whether
EDGAR was fully operational, unavailable (after business hours), or not
fully operational in whatever regard at that point in time (for
example, if EDGAR is not disseminating to <a href="http://SEC.gov">SEC.gov</a>). In turn, the filing
application would display this information to the filer.
Requests for Comment
23. Should we add other EDGAR information that could be accessed
through APIs, and, if so, why? Please rank in terms of priority any
additional information that you would like to see added, and also
estimate how much usage you believe that information API would receive
(for example, in potential hits per day).
24. The Overview of EDGAR APIs lists certain technical standards
for the planned APIs. Are there any considerations we should take into
account when determining what technical standards should be used for
the planned APIs?
E. Proposed Amendments to Rules and Forms
1. Rule 10 Under Regulation S-T
We propose to add new paragraph (d) to Rule 10 to implement the
changes being contemplated as part of EDGAR Next. Proposed paragraphs
(d)(1) through (4), are discussed in full above.\87\
---------------------------------------------------------------------------
\87\ See supra Section I, III.A, III.B, III.C, and III.D.
---------------------------------------------------------------------------
We further propose to add new paragraph (d)(5) to require that the
filer, through its authorized account administrators, maintain accurate
and current information on EDGAR concerning the filer's account,
including but not limited to accurate corporate information and contact
information, such as mailing and business addresses, email addresses,
and telephone numbers. This would constitute an ongoing obligation for
the filer to update its information on EDGAR as necessary. Similar to
proposed paragraph (d)(4), proposed paragraph (d)(5) is analogous to
the requirements currently set forth in the EDGAR Filer Manual, Volume
I to securely maintain EDGAR access \88\ and to maintain accurate
company information on EDGAR.\89\ The proposed requirement in paragraph
(d)(5) would allow Commission staff and the public to rely upon the
accuracy of the filer's information contained in EDGAR.
---------------------------------------------------------------------------
\88\ EDGAR Filer Manual, Volume I, at Section 4.
\89\ EDGAR Filer Manual, Volume I, at Section 5.
---------------------------------------------------------------------------
Proposed paragraph (d)(6) would require the filer, through its
authorized account administrators, to securely maintain information
relevant to the ability to access the filer's EDGAR account, including
access through any EDGAR API. This requirement is designed to ensure
that information relevant to the ability to access the filer's account,
such as individual account credentials and API tokens, is securely
maintained and not publicly exposed or otherwise compromised. Similar
to proposed paragraphs (d)(4) and (d)(5), proposed paragraph (d)(6) is
analogous to the requirements currently set forth in the EDGAR Filer
Manual, Volume I to securely maintain EDGAR access and to maintain
accurate company information on EDGAR.
The Commission also proposes to amend Rule 10 to make certain
technical and conforming changes. Rule 10(b) would be revised to refer
to ``each electronic filer'' who would be required to submit Form ID
before filing on EDGAR, instead of ``each registrant, third party
filer, or filing agent.'' \90\ This change is not intended to alter the
scope of who would be subject to Rule 10(b), but instead clarifies that
all new electronic filers would be required to submit Form ID for
review and approval by Commission staff before they may file on EDGAR.
---------------------------------------------------------------------------
\90\ Compare Rule 10(b) of Regulation S-T (``Each registrant,
third party filer, or filing agent must, before filing on EDGAR . .
.'' with proposed Rule 10(b) of Regulation S-T (``Each electronic
filer must, before filing on EDGAR . . .'').
---------------------------------------------------------------------------
In addition, we propose to amend Rule 10(b)(2), which currently
states that an authenticating document for Form ID must be signed by
the applicant, to also state that the authenticating document may be
signed by an authorized individual of the prospective filer.\91\ This
change is intended to conform the language in Rule 10(b)(2) with the
text of the EDGAR Filer Manual, which currently provides that the
authenticating document shall be signed by an authorized individual,
including a person with a power of attorney.\92\
---------------------------------------------------------------------------
\91\ Compare Rule 10(b)(2) of Regulation S-T (``File . . . a
notarized document, signed by the applicant . . .'' with proposed
Rule 10(b)(2) of Regulation S-T (``File . . . a notarized document,
signed by the electronic filer or its authorized individual . .
.'').
\92\ See EDGAR Filer Manual, Volume I, at Section 3(a).
---------------------------------------------------------------------------
Finally, we propose to revise the note to Rule 10 that currently
``strongly urges'' potential applicants for EDGAR access to state that
the Commission staff carefully reviews each Form ID application and
filers should not assume that the Commission staff will automatically
approve the Form ID. Therefore, filers should submit Form ID ``well in
advance'' of their first required filing.\93\ We believe this makes
clear that Commission staff requires time to review the Form ID. Due to
the often high volume of Form ID applications for Commission staff
review, potential applicants should allow sufficient time for the
review process to be conducted in the event that staff is concurrently
reviewing a high volume of applications.
---------------------------------------------------------------------------
\93\ As proposed, the note states: ``The Commission staff
carefully reviews each Form ID application, and electronic filers
should not assume that the Commission staff will automatically
approve the Form ID upon its submission. Therefore, any applicant
seeking EDGAR access is encouraged to submit the Form ID for review
well in advance of the first required filing to allow sufficient
time for staff to review the application.''
---------------------------------------------------------------------------
Requests for Comment
25. Do the proposed amendments to Rule 10 described above
appropriately implement the proposed technical and conforming changes?
Should additional or fewer changes be made to Rule 10 and, if so, why?
For example, should specific requirements be added to Rule 10 that
place requirements directly upon users, delegated entities, and
technical administrators, as opposed to placing requirements upon
account administrators to manage users, delegated entities, and
technical administrators? Why or why not? Are there any technical,
conforming, or clarifying changes to Rule 10 that should be made, and
if so, why?
2. Rule 11 Under Regulation S-T
We also propose to amend Rule 11 under Regulation S-T,
``Definitions of terms used in this part,'' to add and define new terms
discussed in this proposing release and update the definitions of
certain existing terms. The proposed amendments include terms and
definitions specific to the proposed rule and form amendments that
would change how individuals and entities access, file on, and manage
EDGAR accounts.
Certain terms would define the new roles for individuals
contemplated by EDGAR Next, as follows:
[[Page 65540]]
``Account administrator'' would mean the individual that the filer
authorizes to manage its EDGAR account and to make filings on EDGAR on
the filer's behalf. The designation of an account administrator would
help ensure that only authorized persons are able to file and take
other actions on behalf of the filer.
``Authorized individual'' would mean an individual with the
authority to legally bind the entity or individual applying for access
to EDGAR on Form ID, or an individual with a power of attorney from an
individual with the authority to legally bind the applicant. The power
of attorney document must clearly state that the individual receiving
the power of attorney has general legal authority to bind the applicant
or specific legal authority to bind the applicant for purposes of
applying for access to EDGAR on Form ID.
``Delegated entity'' would mean a filer that another filer
authorizes on the dashboard to file on its behalf. As itself a filer, a
delegated entity would be subject to all applicable rules for filing on
EDGAR. Delegated entities would not be permitted to further delegate
authority to file for the delegating filer, nor would they be permitted
to take action on the delegating filer's dashboard.
``Filing agent'' would mean any person or entity engaged in the
business of making submissions on EDGAR on behalf of filers. As
discussed above in Section III.C., to act as a delegated entity for a
filer, a filing agent would be a filer with an EDGAR account.
``Single-member company'' would describe a company that only has a
single individual who acts as the sole equity holder, director, and
officer (or, in the case of an entity without directors and officers,
holds position(s) performing similar activities as a director and
officer).
``Technical administrator'' would mean an individual that the filer
authorizes on the dashboard to manage the technical aspects of the
filer's use of EDGAR APIs on the filer's behalf.
``User'' would mean an individual that the filer authorizes on the
dashboard to make submissions on EDGAR on the filer's behalf.
Other terms would identify new applications and upgrades to access
and maintain filers' accounts on EDGAR, including:
``Application Programming Interface'' (API) would be defined as a
software interface that allows computers or applications to communicate
with each other. As discussed in Section III. D., the relevant APIs
would include those that give filers the option to automate submissions
on EDGAR and to retrieve certain submission-related information.
``Dashboard'' would mean an interactive function on EDGAR where
filers manage their EDGAR accounts and where individuals that filers
authorize may take relevant actions for filers' accounts.
``Individual account credentials'' would mean credentials issued to
individuals for purposes of EDGAR access, as specified in the EDGAR
Filer Manual, and used by those individuals to access EDGAR. (As
previously mentioned, we currently anticipate that the EDGAR Filer
Manual would specify that individual account credentials must be
obtained through <a href="http://Login.gov">Login.gov</a>, a sign-in service of the United States
Government that employs multi-factor authentication.)
Collectively, these terms would assist in implementing the proposed
rule and form amendments by clarifying how the proposed requirements
would apply.
The amendments would also update or delete outdated terminology
from certain definitions in Rule 11, such as references to ``telephone
sessions'' in the definition of ``direct transmission.'' \94\ Although
some filers may still use dial-up internet to access EDGAR, we expect
that nearly all filers currently rely on broadband, cable, or other
internet technologies.
---------------------------------------------------------------------------
\94\ Compare the definition of ``direct transmission'' in Rule
11 of Regulation S-T (``the transmission of one or more electronic
submissions via a telephonic communication session'') with the
definition of ``direct transmission'' in proposed Rule 11 of
Regulation S-T (``the transmission of one or more electronic
submissions'').
---------------------------------------------------------------------------
Finally, we propose updating the definition of ``EDGAR Filer
Manual'' to more clearly describe its contents. Rule 11 currently
defines ``EDGAR Filer Manual'' as ``. . . setting out the technical
format requirements for an electronic submission.'' The EDGAR Filer
Manual has been updated over time, however, to include additional
requirements for filers, including those pertaining to seeking EDGAR
access, maintaining EDGAR company information, and submitting online
filings. We therefore propose to update the EDGAR Filer Manual
definition accordingly to indicate the inclusion of these procedural
requirements. We believe that the amended definition, if adopted, would
better inform filers of the scope of the EDGAR Filer Manual
requirements.
Requests for Comment
26. Do the proposed amendments to Rule 11 appropriately define the
necessary terms in EDGAR Next? If not, please explain. Are there any
additional terms that should be defined and, if so, why?
27. As proposed, should we amend certain terms to update
terminology or more clearly define existing definitions? Are there any
proposed terms that are inconsistent with existing definitions or
concepts or that otherwise should not be defined? Should any additional
terms be revised to update outdated terminology or to clarify existing
definitions? Please be specific.
3. Form ID
Form ID is an online fillable form that must be completed and
submitted to the Commission by all individuals, companies, and other
organizations who seek access to file electronically on EDGAR.\95\
Among other things, Form ID seeks information about the identity and
contact information of the applicant. The proposed amendments to Form
ID include proposed changes to information required to be reported on
the form as well as technical changes.
---------------------------------------------------------------------------
\95\ Compare Rule 10(b) (providing that each registrant, third
party filer, or agent seeking EDGAR access must submit Form ID) with
proposed Rule 10(b) (providing that each electronic filer seeking
EDGAR access must submit Form ID).
---------------------------------------------------------------------------
As outlined above, the proposed amendments to Form ID would require
an applicant for EDGAR access to undertake certain additional
disclosure obligations, including most significantly:
(1) Designating on Form ID specific individuals the applicant
authorizes to act as its account administrators to manage its EDGAR
account on a dedicated dashboard on EDGAR. Applicants would generally
be required to authorize two account administrators, although
individuals and single-member companies would only be required to
authorize one account administrator. If a prospective account
administrator was not (1) the applicant (in the case of an individual
applicant) or (2) an employee of the applicant or its affiliate (in the
case of a company applicant), the applicant would also be required to
disclose the prospective account administrator's employer and CIK, if
any, and provide a notarized power of attorney to authorize the
individual to manage the applicant's EDGAR account as an account
administrator.
(2) The applicant's Legal Entity Identifier (``LEI'') number if
any.
<bullet> The LEI is a unique identifier associated with a single
corporate entity and is intended to provide a uniform international
standard for identifying counterparties to a transaction.
<bullet> Although there are certain modest costs to obtain and
maintain an LEI, fees
[[Page 65541]]
are not imposed on data users for usage of or access to LEIs, and all
of the associated reference data needed to understand, process, and
utilize the LEIs are widely and freely available and not subject to any
usage restrictions.\96\
---------------------------------------------------------------------------
\96\ The cost of obtaining and maintaining an LEI is
approximately $50 to $65 per year. See LEI Price List, LEI Register,
available at https://www.lei-identifier.com/lei-price-list/
#:~:text=LEI%20application%20and%20registration%20price,%2D%20%24250(
%24%2050%20%2F%20year).
---------------------------------------------------------------------------
<bullet> Applicants that have not yet obtained an LEI would not be
required to obtain one.
<bullet> The inclusion of LEI information would facilitate the
ability of Commission staff to link the identity of the applicant with
information reported on other filings or sources that are currently or
will be reported elsewhere, if LEIs become more widely used by
regulators and the financial industry.
(3) Providing more specific contact information about the filer,
and the filer's account administrator(s), authorized individual (the
individual authorized to submit Form ID on the filer's behalf, as
defined in the EDGAR Filer Manual), and billing contact (including
mailing, business, and billing information, as applicable).
<bullet> More specific contact information would allow Commission
staff to reach account administrators, authorized individuals, and
billing contacts associated with the filer when necessary.
(4) Specifying whether the applicant, its authorized individual,
person signing a power of attorney (if applicable), account
administrator, or billing contact has been criminally convicted as a
result of a Federal or State securities law violation, or civilly or
administratively enjoined, barred, suspended, or banned in any
capacity, as a result of a Federal or State securities law violation.
<bullet> Information about whether the applicant or certain
individuals named on Form ID may be subject to relevant bars and
prohibitions (including but not limited to officer and director bars,
prohibitions from associating with brokers, dealers, investment
advisers, and/or other securities entities, and bars from participation
in certain industries) would allow Commission staff to determine
whether such bars or prohibitions are relevant to the application for
EDGAR access.
<bullet> Individuals disclosing the existence of a criminal
conviction, or civil or administrative injunction, bar, suspension, or
ban may be contacted by SEC staff to determine the applicant's
eligibility for EDGAR access.
(5) Indicating whether the applicant, if a company, is in good
standing with its state or country of incorporation.
<bullet> Good standing generally means a company is legally
authorized to do business in the relevant state or country and has
filed all required reports and paid all related fees to the relevant
jurisdiction.
<bullet> Although the lack of good standing would not prevent a
company from obtaining EDGAR access, this information could be relevant
in determining whether it may be appropriate for the staff to review
additional documentation as part of its assessment of the application.
(6) Requiring submission of a new Form ID if the applicant claims
to have (i) lost electronic access to its existing CIK account or (ii)
assumed legal control of a filer listed on an existing CIK account but
did not receive EDGAR access from that filer.
<bullet> Currently, applicants seeking to obtain control of an
existing EDGAR account are required to submit certain summary
information but are not required to submit a full application on Form
ID. To assist Commission staff in determining whether applicants
seeking to obtain control of existing EDGAR accounts are legitimate, we
propose to require such applicants to submit a new Form ID. To
facilitate the application process, certain publicly available
corporate and contact information (such as the filer's name, ``doing
business as'' name, foreign name, mailing and business addresses,
state/country of incorporation, and fiscal year end) would be
automatically prepopulated from EDGAR so that applicants would not need
to resubmit that information, although applicants could update that
information on Form ID as necessary.\97\
---------------------------------------------------------------------------
\97\ The filer would nevertheless need to submit a COUPDAT to
update its existing corporate and contact information on EDGAR
(other than the filer's account administrator information) if the
Form ID were granted. As they presently do, broker-dealers would
submit a Form BD amendment to FINRA to update their corporate and
contact information.
---------------------------------------------------------------------------
(7) Requiring those seeking access to an existing EDGAR account to
upload to EDGAR the documents that establish the applicant's authority
over the company or individual listed in EDGAR on the existing
account.\98\
---------------------------------------------------------------------------
\98\ The EDGAR Filer Manual currently provides guidance
regarding what documents would be sufficient to establish the
applicant's authority. See EDGAR Filer Manual, Volume I, at Section
4(b).
---------------------------------------------------------------------------
In addition, we would make certain conforming, formatting, and
ancillary changes to modernize Form ID without significantly altering
current disclosure obligations. For example, a checkbox would be added
to each address field for identification of non-U.S. locations, which
would improve data analytics. As another example, company applicants
would be required to provide their primary website address, if any, to
provide staff additional contact and other information regarding the
filer. Further, certain disclosure warnings that are currently listed
in the EDGAR Filer Manual and the landing page of the EDGAR Filing
website would be incorporated into Form ID to more clearly provide
notice of those matters to filers.\99\
---------------------------------------------------------------------------
\99\ Proposed Form ID would include a section titled ``Important
information'' that would include the following disclosure warning:
``Misstatements or omissions of fact in connection with an
application for EDGAR access and/or in a submission on EDGAR may
constitute a criminal violation under 18 U.S.C. 1001 and 1030 and/or
a violation of other criminal and civil laws. If the SEC has reason
to believe that an application for EDGAR access and/or a submission
on EDGAR is misleading, manipulative, and/or unauthorized, the SEC
may prevent acceptance or dissemination of the application/
submission and/or prevent future submissions or otherwise remove a
filer's access to EDGAR pursuant to Rule 15 of Regulation S-T, 17
CFR 232.15.''
---------------------------------------------------------------------------
Collectively, the proposed amendments would enhance the security of
EDGAR by allowing Commission staff to obtain more information about the
applicant and its contacts for staff to confirm the identity of the
applicant and the individuals associated with the applicant, assess
whether the application is properly authorized, and determine whether
there are any other issues relevant to the application for EDGAR access
for staff's consideration.
Requests for Comment
28. Should any of the proposed amendments to Form ID be revised or
removed and, if so, why or why not? For example, should any limits or
qualifiers be placed on the proposed disclosure requirement regarding
whether the applicant, its authorized individual, person signing a
power of attorney (if applicable), account administrator, or billing
contact has been criminally convicted as a result of a Federal or State
securities law violation, or civilly or administratively enjoined,
barred, suspended, or banned as a result of a Federal or State
securities law violation? If so, why? Should this requirement apply to
each of the applicant, its authorized individual, person signing a
power of attorney (if applicable), account administrator, and billing
contact, or only to certain categories of the aforementioned groups?
Please explain your answer. Likewise, should the proposed requirement
regarding whether the applicant is in good standing be revised or
removed and, if
[[Page 65542]]
so, why? For example, if applicable, should we also require an
explanation of why the applicant is not in good standing? Why or why
not?
29. Would the proposed amendments to Form ID appropriately support
the EDGAR Next changes to filer access and account management? Why or
why not? Should Form ID require any additional information, or should
any of the information proposed to be required be revised or deleted?
Please explain.
30. Should Form ID be revised to require or allow applicants to
provide the reason they are applying for access? For example, if
applicants have an urgent upcoming filing deadline, should applicants
be required or permitted to provide that information?
F. Transition Process
We believe that, if the proposed rule and form amendments are
adopted and the technical changes are implemented, it would be
efficient for the Commission and for the approximately 220,000 active
EDGAR filers--those who made a submission on EDGAR in the last two
years--to accomplish the transition to EDGAR Next over a period of
several months, as set forth below.\100\ We anticipate that mandatory
enrollment would begin one month after adoption and remain open for six
months thereafter (the ``Enrollment Period'').
---------------------------------------------------------------------------
\100\ Of these 220,000 EDGAR accounts, approximately 149,000
represent entity filers and approximately 71,000 represent
individual filers. In total, regardless of account activity, there
are approximately 1,000,000 filer accounts in EDGAR. We believe that
the vast majority of the approximately 800,000 EDGAR filer accounts
for which no filings have been made in the last two years are
defunct and therefore would not transition to EDGAR Next.
---------------------------------------------------------------------------
During the Enrollment Period, existing filers would continue to
file on EDGAR using the EDGAR filing websites, as they presently do, by
logging on with the relevant CIK and password. The individual account
credentials would not yet be used, nor would use of the dashboard to
manage the account be required.
Applicants that seek EDGAR access subsequent to the compliance date
would be immediately subject to the EDGAR Next requirements, if
adopted.
1. Individual Account Credentials
If the Commission adopts the proposed amendments, individuals could
seek individual account credentials in the manner to be specified in
the EDGAR Filer Manual in advance of the required Enrollment Period. As
a result, when the Enrollment Period begins, filers could immediately
enroll the individuals with individual account credentials. Further, if
the Commission adopts the proposed amendments and implements the EDGAR
Next changes, and requires <a href="http://Login.gov">Login.gov</a> as the individual account
credential provider, we anticipate that individuals with existing
<a href="http://Login.gov">Login.gov</a> accounts would be able to use those accounts as their
individual account credentials for purposes of EDGAR access.
2. Enrollment
Existing filers would enroll on an enrollment page on the EDGAR
Filer Management website without submitting a Form ID. We intend to
provide two options: (a) manual enrollment of single EDGAR accounts on
an account-by-account basis; and (b) enrollment of multiple accounts
simultaneously.
a. Manual Enrollment for a Single EDGAR Account
As a preliminary matter, each existing filer would be required to
authorize two individuals to manage the filer's EDGAR account as
account administrators, with the exception of individuals and single-
member companies, which would be required to authorize one account
administrator. On behalf of each existing filer, one account
administrator would enter their individual account credentials to log
in to an enrollment page on EDGAR. The account administrator would
manually enter the filer's CIK, CCC, and EDGAR passphrase\101\ to
ensure that a properly authenticated individual is enrolling the filer.
If EDGAR authenticated that data, the account administrator would enter
account administrator names, business contact information, and the
email addresses used to obtain individual account credentials. By
entering that information, the filer would indicate its authorization
of the listed individuals as the filer's account administrators, as
well as the accuracy of the information provided.
---------------------------------------------------------------------------
\101\ Filers that have forgotten or lost their CCC could change
or regenerate it using their PMAC or passphrase. Filers that have
lost or forgotten their passphrase could reset it by sending a
security token to the email associated with the account. Filers that
have lost or forgotten their passphrase and that no longer have
access to the email associated with the account would have to
reapply for EDGAR access on Form ID.
---------------------------------------------------------------------------
Each EDGAR account would enroll once. If there was an attempt to
enroll an EDGAR account that had already been enrolled, the subsequent
attempted enrollment would be denied. An individual filer who makes
filings with respect to multiple companies (e.g., the CEO of one
company who is also on the board of directors of other companies) may
have more than one filing agent and/or representatives at such
companies who have access to her CIK, CCC, and EDGAR passphrase.
Accordingly, it would be advisable for any such filer to designate one
filing agent or company representative to enroll her EDGAR account and
to then communicate such enrollment to the other filing agent(s) and/or
company representatives. Such other filing agent(s) and/or company
representatives may then be added as an account administrator, user, or
delegated entity through the dashboard.
After enrolling the filer, an account administrator could access
the filer's dashboard. There, the account administrator, on behalf of
the filer, would be able to add account administrators, users, and
technical administrators, and delegate authority to file to other
filers. Any individuals to be authorized on the filer's account would
be required to possess individual account credentials.
b. Bulk Enrollment of Multiple EDGAR Accounts
We plan to permit the simultaneous bulk enrollment of multiple
EDGAR accounts, together with those filers' account administrators. We
expect that filing agents, as well as individuals and entities that
control multiple EDGAR accounts, would find this an efficient and time-
saving function.
An individual authorized to enroll the relevant filer accounts
would log in to an enrollment page on EDGAR with their individual
account credentials. There, the individual would complete and upload a
spreadsheet in a format to be specified that could accommodate multiple
rows of data. Each row would pertain to a single existing filer. The
individual would enter data for each filer on each row, including CIK,
CCC, and EDGAR passphrase to ensure that enrollment is being performed
by a properly authenticated individual. In addition, the individual
would enter on each row information regarding the filer's prospective
account administrators, including names, business contact information,
and email addresses associated with the individual account credentials
of the account administrators, to indicate that the filer authorizes
those account administrators to manage its EDGAR account. Under the
bulk enrollment method, two account administrators would be required
for each filer (including individuals and single-member companies), in
part due to logistical difficulties associated with simultaneously
validating the minimum number of account administrators for multiple
filers, and in part because we
[[Page 65543]]
expect that bulk enrollment would be used by larger filers and filers
using filing agents likely to have at least two account administrators.
We intend to set a limit of 100 existing filers (100 rows) per bulk
enrollment.
As discussed above, enrollment would only occur once per EDGAR
account. Any additional changes that are needed to be made (e.g.,
adding additional account administrators) would have to be performed by
the account administrators who had been added during the enrollment
process. After the filer was enrolled, the account administrators could
access the dashboard to add additional account administrators, users,
technical administrators, and delegated entities.
3. Compliance
We anticipate that the compliance period would start six months
after the beginning of the Enrollment Period. In response to our 2021
Request for Comment, commenters requested a transition period ranging
from 12 months to three years.\102\ We considered those comments, and
we believe that the transition process we are contemplating should
provide sufficient opportunity for existing filers to transition to
EDGAR Next. The transition process would include an initial, separate
period during which individual account credentials could be
established, as well as a six-month Enrollment Period during which
filers would access the dashboard, authorize individuals in relevant
roles, and make any needed delegations. We further contemplate
providing a bulk enrollment option to allow enrollment of multiple
filers simultaneously.
---------------------------------------------------------------------------
\102\ See, e.g., McGuire Woods Comment Letter (recommending at
least 12 months for individual filers, on the grounds that filers
would need that time to create individual account credentials,
enable multifactor authentication, and designate a filer
administrator); DFIN Comment Letter (asserting that it could take
12-18 months for filers to migrate, and recommending a 18-24 month
transition period with longer lead times for smaller filers);
Workiva Comment Letter (recommending a transition period of one
year, and separately citing its own survey results indicating more
than 66% of respondents indicated a transition period of one to
three years would be appropriate).
---------------------------------------------------------------------------
If the rule and form changes are adopted, and the related technical
changes are to be implemented, we plan to provide an EDGAR Next
Adopting Beta environment to allow commenters to evaluate and test the
EDGAR Next changes, to prepare necessary software, and to assist filers
in preparing for the changes.
Existing EDGAR filers that fail to enroll by the compliance date
would lose EDGAR access and would be required to reapply for EDGAR
access on Form ID.
If the Commission adopts the proposed rule and form changes, we
expect that staff would provide additional support for filers
transitioning to EDGAR Next, such as by posting practical information
and guidance on the EDGAR--Information for Filers \103\ and EDGAR--How
Do I \104\ pages on <a href="http://SEC.gov">SEC.gov</a>, as well as providing a devoted help desk
to assist filers.
---------------------------------------------------------------------------
\103\ See ``EDGAR--Information for Filers'' web page at <a href="https://www.sec.gov/edgar/filer-information">https://www.sec.gov/edgar/filer-information</a>.
\104\ See ``EDGAR--How Do I'' FAQs at <a href="https://www.sec.gov/edgar/filer-information/how-do-i">https://www.sec.gov/edgar/filer-information/how-do-i</a>.
---------------------------------------------------------------------------
Requests for Comment
31. Does the planned transition process adequately address the
needs of filers and filing agents with regard to implementation of
EDGAR Next? If not, what changes should be made to the transition
process, and why?
32. How long would it take existing filers to transition to EDGAR
Next? As planned, the Enrollment Period would begin one month after
adoption of the proposed rule and form changes. Is this a sufficient
amount of time for filers to prepare for enrollment and, if not, why?
Is an Enrollment Period of six months sufficient for filers to enroll
their EDGAR accounts via manual or bulk enrollment and, if not, why?
Should existing filers transition their EDGAR accounts on a specific
schedule during the Enrollment Period (e.g., large filers must
transition by date X, medium filers by date Y, etc.) or, as
contemplated, should we allow filers to decide when to transition to
EDGAR Next so long as they do so prior to the compliance date?
33. We plan to require CIK, CCC, and EDGAR passphrase in order for
both individual and bulk enrollments to be accepted by EDGAR. Would
alternate credentials be more appropriate and, if so, what credentials
should be used? In particular, are passphrases typically maintained by
filing agents and, if not, how burdensome would it be for filing agents
to obtain and maintain their clients' passphrases? In situations where
filers no longer know their passphrases or those passphrases are no
longer recognized in EDGAR, how burdensome would it be for filers to
obtain new passphrases?
34. Following enrollment, what notification, if any, should be
provided to the existing EDGAR POC for the filer? Although filers are
currently required to list a contact address, telephone number, and
email address as part of their EDGAR contact information, we understand
that many EDGAR filer accounts that were created before email addresses
became mandatory never added an email address. Should we require
acknowledgment or confirmation from the existing EDGAR POC to complete
enrollment of an EDGAR filer account, or should completion of
enrollment be delayed until a certain period of time has passed without
objection from the existing EDGAR POC? If so, what should be the
waiting period before enrollment could be completed, keeping in mind
the interest of filers seeking to quickly transition to EDGAR Next?
35. Should we permit the bulk enrollment of multiple EDGAR
accounts, as planned? Are there particular steps the Commission should
take to minimize risks associated with enrollment? For example, should
the CCCs of enrolled filers be automatically reset as a security
precaution after enrollment is accepted? If the CCC is automatically
reset, what notification, if any, should be provided to the existing
EDGAR contact for the filer?
36. To what extent would bulk enrollment present logistical or
other burdens for filers with multiple filing agents or unaffiliated
third-party account administrators? For example, if the filer's CCC
were automatically reset after bulk enrollment, to what extent could
this cause confusion if the filer had multiple filing agents and some
of them were inadvertently not included as account administrators in
the bulk enrollment? Instead of the CCC being reset after enrollment,
should the CCC be reset at the compliance date for each enrolled CIK?
37. Are there any extenuating circumstances that would justify
filers being exempted from having to enroll by the compliance date, or
that would allow non-complying existing filers to maintain their EDGAR
access following the compliance date? If so, please explain.
G. General Request for Comment and EDGAR Next Proposing Beta
In conjunction with this proposing release, the Commission will
make available an EDGAR Next Proposing Beta environment where filers
may preview and test the planned EDGAR Next changes. The EDGAR Next
Proposing Beta generally should allow filers to view how the proposed
changes would be reflected in EDGAR. We currently anticipate that the
EDGAR Next Proposing Beta will be available on or about September 18,
2023, and will remain available for at least six months thereafter. Any
filer may sign up to access the EDGAR Next Beta. The Commission will
provide more information regarding the EDGAR Next
[[Page 65544]]
Proposing Beta through an information page on <a href="http://SEC.gov">SEC.gov</a>.
We request and encourage any interested person to submit comments
on any aspect of EDGAR Next, other matters that might have an impact on
EDGAR Next, and suggestions for additional changes. Comments are of
particular assistance if accompanied by analysis of the issues
addressed in those comments and any data that may support the analysis.
We urge commenters to be as specific as possible.
In particular, we request comment on the following issues.
38. Would the proposed rule and form changes facilitate the
responsible management of EDGAR filer credentials? Are there additional
changes that would encourage such responsible management? Would the
changes create any undue burdens for filers? If so, how could the
proposed rule and form changes be modified to ease such burdens? Are
there any other concerns that the Commission should be aware of with
implementation of EDGAR Next? Are there any conforming or parallel
changes that the Commission should make to effectively implement EDGAR
Next?
39. Are there alternatives to the dashboard that we should
consider? For example, are there alternative methods that would enable
filers to take the same actions as they would using the dashboard that
would be easier to implement or more user friendly? If so, what are
those alternatives? Please be specific.
40. In connection with the EDGAR Next changes, we intend to provide
APIs as described above to make EDGAR submissions and to check EDGAR
submission status and operational status. Are there alternatives that
would better accomplish the objectives of secure, efficient, and
automated machine-to-machine communication with EDGAR? If so, please
describe.
41. Are there any issues specific to certain types of filers that
should be considered with regard to the EDGAR Next changes? For
example, asset-backed securities (``ABS'') issuers, usually the
depositor in an ABS transaction, often create one or more serial
companies each year, each of which is a separate legal entity with its
own CIK, even though each generally has the same contact information as
the ABS issuer. Should new serial companies have their account
administrator information automatically copied from the ABS issuer's
account administrator information, so those account administrators
could access the dashboards for those serial companies? Likewise,
should other information be automatically inherited by new serial
companies from the ABS issuer, such as the ABS issuer's contact
information, users, and technical administrators (if any)? If so, in
order to ensure that the ABS issuer has account administrator
information and other information that could be copied to the new
serial company, would there be any issues associated with requiring ABS
issuers to have transitioned to individual account credentials before
the ABS issuer can create new serial companies? To what extent are
these concerns already addressed by the delegation function, given that
delegation would allow filers to delegate the authority to file to
another EDGAR account?
42. Separately, should we allow the annual confirmations of
administrators and users for an ABS issuer to also apply to the serial
companies associated with that ABS issuer, if the same administrators,
users, delegations, and corporate and contact information are
associated with each serial company? Why or why not? If so, should we
allow this more generally with regards to any situation where the same
administrators, users, delegations, and corporate and contact
information are associated with multiple CIKs? If some but not all of
that information is identical for multiple CIKs (e.g., each CIK has a
different P.O. box or email address listed for its business address),
should we allow a single confirmation to apply to each of those CIKs
and, if so, what validation if any should we apply to ensure that an
account administrator has properly reviewed the CIK's administrators,
users, delegations, and corporate and contact information?
43. While ABS issuers have been able to create new CIKs, non-ABS
related filers have attempted to use the process to create new CIKs
without submitting a Form ID. Would ABS issuers be significantly
impacted if the process were limited only to existing CIKs that have an
EDGAR filing history that includes ABS-related filings (including but
not limited to the following submission types and forms--ABS-EE, 10-K,
ABS-15G, 10-D, SF-1, SF-3 and 424H)?
44. Recent filing experience has shown that ABS issuers have not
been using the ability to create new ABS serial companies ``on the
fly'' when filing a 424H submission.\105\ If, as a result of EDGAR
Next, the EDGAR system no longer supported creating ABS ``on the fly''
via filing either a 424H or 424B submission, would that cause any
problems for ABS issuers? ABS issuers would continue to be able to
create new CIKs for serial companies via the ``Request Asset-Backed
Securities (ABS) Issuing Entities Creation'' option in the EDGAR Filing
website (known in EDGAR as an ``ABSCOMP'' submission).\106\
---------------------------------------------------------------------------
\105\ See generally ``EDGAR--How Do I'' FAQs at the section
titled ``Create and obtain EDGAR access for asset-backed securities
(ABS) issuing entities,'' available at <a href="https://www.sec.gov/page/edgar-how-do-i-create-and-obtain-edgar-access-asset-backed-securities-abs-issuing-entities#section3">https://www.sec.gov/page/edgar-how-do-i-create-and-obtain-edgar-access-asset-backed-securities-abs-issuing-entities#section3</a> (discussing the ``on the
fly'' process).
\106\ Id. (discussing the creation of ABS issuing entities).
---------------------------------------------------------------------------
45. Currently, EDGAR permits certain filings to be submitted on
behalf of multiple filers, who are treated as co-registrants for
purposes of the filing. Would filers face difficulties in delegating to
co-registrants or authorizing individuals to act as users or account
administrators for both the filer and the co-registrant(s)? To what
extent, if any, should the EDGAR Next changes provide special
consideration or treatment for EDGAR submissions by co-registrants? For
example, should the dashboard allow filers to designate other filers as
``co-registrants'' similar to how filers would delegate other filers as
delegated entities, except that filing authority would only exist with
regards to co-registrant submissions (e.g., the co-registrant could not
submit a filing solely on behalf of the filer)? If so, to what extent
should co-registrants be treated differently from delegated entities
(e.g., with regards to user groups, delegated admins, etc.)?
Alternately, should a user or account administrator for a filer be able
to submit a co-registrant filing jointly on behalf of the co-registrant
by using the co-registrant's CIK and CCC (as is currently the case),
without being a user or account administrator of the co-registrant? Why
or why not? Please note that for purposes of EDGAR Next Proposing Beta,
a filer will be able to submit a co-registrant filing by inputting the
CCC and CIK of the co-registrant(s), as is currently the case.
46. Should the Commission consider other changes to EDGAR filer
access and account management processes in the future? Why? Please be
specific.
IV. Economic Analysis
The Commission is sensitive to the economic effects, including the
costs and benefits, of its rules. The discussion below addresses the
potential economic effects that may result from the rule and form
amendments we are proposing in this release, and certain related
technical changes, including the
[[Page 65545]]
benefits and costs to investors and other market participants as well
as the broader implications of the EDGAR Next project for efficiency,
competition, and capital formation.\107\
---------------------------------------------------------------------------
\107\ Section 2(b) of the Securities Act (15 U.S.C. 77b(b)),
section 3(f) of the Exchange Act (17 U.S.C. 78c(f)) and section 2(c)
of the Investment Company Act (15 U.S.C. 80a-2(c)) require the
Commission, when engaging in rulemaking where it is required to
consider or determine whether an action is necessary or appropriate
in (or, with respect to the Investment Company Act, consistent with)
the public interest, to consider, in addition to the protection of
investors, whether the action will promote efficiency, competition,
and capital formation. Further, section 23(a)(2) of the Exchange Act
(17 U.S.C. 78w(a)(2)) requires the Commission, when making rules
under the Exchange Act, to consider the impact that the rules will
have on competition, and prohibits the Commission from adopting any
rule that would impose a burden on competition not necessary or
appropriate in furtherance of the purposes of the Exchange Act. The
technological changes contemplated by EDGAR Next would work together
with the proposed rule and form amendments to enhance EDGAR access
requirements. Because it is difficult to isolate the economic
effects associated with the technological changes from those
attributable solely to the proposed rule and form amendments, for
purposes of this economic analysis, we have considered these effects
collectively.
---------------------------------------------------------------------------
A. Introduction
Individuals and entities submit filings electronically with the
Commission through EDGAR in order to comply with various provisions of
the Federal securities laws. Filings on EDGAR are not currently linked
to a specific individual authorized by the filer. EDGAR access codes
represent a complex combination of several codes with differing
functions.\108\ This access method is not aligned with standard access
processes and is hard to monitor and manage. The Commission is also
aware that some filers may have failed to maintain secure access to
their EDGAR accounts.\109\
---------------------------------------------------------------------------
\108\ See supra note 26.
\109\ See supra note 27.
---------------------------------------------------------------------------
The changes contemplated by EDGAR Next would modernize the
mechanism by which filers and designated individuals acting on filers'
behalf obtain access to EDGAR, streamline the management of filers'
accounts, and offer three optional APIs that would allow filers to
interface with the EDGAR system. EDGAR Next would benefit both the
Commission and filers by enabling the Commission to identify specific
individuals making filings on behalf of filers and by simplifying
procedures for accessing EDGAR in a way that allows filers to leverage
the Commission's web function to reduce cost. Enhancing the security of
EDGAR would better protect against unauthorized access to the EDGAR
system thereby decreasing the likelihood of unauthorized filings
impacting the market and potentially imposing economic and reputational
costs on the public, the filer, and the Commission.
As discussed in greater detail in Section III above, EDGAR Next
would:
<bullet> Offer a dashboard where filers would manage their EDGAR
accounts and where individuals that filers authorize could take
relevant actions for filers' accounts.
<bullet> Require each filer to authorize and maintain individuals
as its account administrators to act on behalf of the filer to manage
the filer's EDGAR account in accordance with the EDGAR account access
and account management requirements set forth in this proposal and the
EDGAR Filer Manual. Only those individuals who obtained individual
account credentials could be authorized to act on the filer's behalf to
manage its EDGAR account.
<bullet> Require each filer, through its authorized account
administrators, to confirm annually that all account administrators,
users, delegated entities, and technical administrators reflected on
the dashboard for the filer's EDGAR account are authorized by the filer
and that all information regarding the filer is accurate (generally
including the filer's corporate and contact information).
<bullet> Require each filer, through its authorized account
administrator(s), to maintain accurate and current information on EDGAR
concerning the filer's account, and securely maintain information
relevant to the ability to access the filer's EDGAR account.
<bullet> Allow individuals designated as account administrators to
file on EDGAR on the filer's behalf and authorize other individuals as
users to file.
<bullet> Allow filers to authorize delegated entities to file on
their behalf. Delegated entities would be subject to the same
requirements applicable to all filers.
<bullet> Offer optional APIs for machine-to-machine submissions and
retrieval of related filing information. Require filers who opt to use
the APIs to, through their account administrator(s), authorize at least
two technical administrators to manage the technical aspects of the
APIs.
<bullet> Amend Rules 10 and 11 under Regulation S-T and Form ID to
codify the above requirements for filers, to add and define new terms
as part of this proposal, and to capture additional information during
the application for EDGAR access, respectively.
The discussion below addresses the potential economic effects of
the EDGAR Next changes, including the likely benefits and costs, as
well as the likely effects on efficiency, competition, and capital
formation. At the outset, we note that, where possible, we have
attempted to quantify the benefits, costs, and effects on efficiency,
competition, and capital formation expected to result from the
contemplated changes. In many cases, however, the Commission is unable
to quantify certain economic effects because it lacks the information
necessary to provide estimates or ranges. In those circumstances in
which we do not have the requisite data to assess the impact of the
EDGAR Next changes, we have analyzed their economic impact
qualitatively.
B. Baseline
The current set of requirements to obtain access to and file on the
Commission's EDGAR system, as well as the account management practices
as they exist today, serve as the baseline from which we analyze the
economic effects of the EDGAR Next changes. Filers are comprised of any
individuals and entities that make a submission electronically through
EDGAR. For example, directors and executives of many public companies
have reporting obligations under section 16 of the Securities Exchange
Act of 1934.\110\ Entities consist of public operating companies,
investment companies, broker-dealers, transfer-agents, and other
institutions who have filing obligations with the Commission. The
parties directly affected by EDGAR Next are current and prospective
filers as well as relevant individuals or entities acting on filers'
behalf. In 2022, the Commission received approximately 79,457 Form ID
submissions.\111\ From 2018 to 2022, an average of approximately 62,061
Form IDs were submitted per year to the Commission.\112\
---------------------------------------------------------------------------
\110\ See 15 U.S.C. 78p.
\111\ This number includes 69,651 applications from prospective
filers without CIKs, 9,390 applications from filers who had lost
EDGAR access and were seeking to regain access to EDGAR (currently
submitted as passphrase updates, but under the proposal would be
submitted on Form ID), and 416 applications from filers with CIKs
who had not yet filed electronically on EDGAR.
\112\ Similarly, this number includes applications from
prospective filers without CIKs, applications from filers who had
lost EDGAR access and were seeking to regain access to EDGAR
(currently submitted as passphrase updates, but under the proposal
would be submitted on Form ID), and applications from filers with
CIKs who had not yet filed electronically on EDGAR.
---------------------------------------------------------------------------
Individuals and entities who seek to file on EDGAR apply for access
in accordance with Rule 10 of Regulation S-T by completing Form ID, the
uniform application for access codes to file on EDGAR.\113\ Form ID
currently
[[Page 65546]]
collects the applicant's contact information, along with the
applicant's EDGAR POC. Upon approval, the filer receives a unique CIK,
and the EDGAR POC generates access codes (including a password), using
their CIK and passphrase from the Filer Management website, which
allows the filer to make submissions on its EDGAR account. EDGAR filers
are required to renew their EDGAR password annually. Currently, EDGAR
system access has not incorporated multi-factor authentication to
validate individuals accessing EDGAR and simplify password retrieval.
Additionally, the Commission has no systematic way to determine with
whom the filer has shared EDGAR access codes, or when the filer has
revoked authorization. Filers are responsible for safeguarding their
access codes and monitoring the number of individuals authorized to
receive the codes.\114\ Certain filers and filing agents currently
devise their own internal systems to track who possesses their EDGAR
access codes. Because the Commission does not collect the personal
information of the specific individual who makes the submission, nor
does the Commission issue identifying credentials to individuals acting
on behalf of filers when filings are submitted, the Commission is
currently unable to match filings to specific individuals who made the
filings. EDGAR receives a large volume of filings, typically more than
500,000 per calendar year, and has approximately 220,000 active filers,
of which approximately 149,000 represent entities and approximately
71,000 represent individuals.\115\
---------------------------------------------------------------------------
\113\ See supra note 23.
\114\ See supra note 27.
\115\ See supra note 100.
---------------------------------------------------------------------------
The majority of Commission filings are made by filing agents on
behalf of their client filers.\116\ Certain filing agents and filers
use proprietary custom software to interface with EDGAR to mimic a
machine-to-machine submission process and eliminate the need for
individual human web-based interaction with the EDGAR filing websites.
To create this custom software, data are extracted from the EDGAR
filing websites and the custom software is configured to mimic a web-
based interaction. This model of interaction with EDGAR requires
frequent maintenance, however, since whenever EDGAR filing websites
change their content or structure, those changes impact the custom
software. Although Commission staff does not provide technical or other
support for custom software for interaction with EDGAR, staff seeks to
minimize filing disruptions and strives to provide notice to filers
prior to making website changes. As a result, however, technical
changes (e.g., maintenance, updates, etc.) to be implemented in EDGAR
may be slowed by the fact that staff has to consider downstream custom
software configurations.
---------------------------------------------------------------------------
\116\ See supra note 28.
---------------------------------------------------------------------------
C. Consideration of Benefits and Costs as Well as the Effects on
Efficiency, Competition, and Capital Formation
1. Benefits
The EDGAR Next changes seek to enhance the security of EDGAR,
improve filers' ability to securely manage and maintain access to their
EDGAR accounts, facilitate the responsible management of filer
credentials, and simplify procedures for accessing EDGAR. EDGAR Next
aims to improve access by filers and enhance security by identifying
individuals who submit filings on EDGAR. Improving access by filers and
the security of EDGAR may increase the accuracy of submissions to the
Commission and thereby the quality of the information available on
EDGAR, thus also improving regulatory oversight. After an initial setup
burden described below,\117\ these changes could potentially reduce the
burden for reporting entities because modernizing the EDGAR filing
regime could improve the accuracy and efficiency of filing preparation.
Additionally, the improved accuracy and efficiency of the filings
submitted to the Commission could reduce the costs associated with
receiving and processing such submissions, in part by reducing the
time, processing, and search costs, and accordingly aid the
Commission's examination and oversight functions. An increase in the
accuracy and quality of submissions would boost the efficiency of the
Commission's document review, processing, and quality assurance.
Further, the public would generally benefit from the implied increase
in informational efficiency resulting from EDGAR Next changes as they
use EDGAR filings for investment decisions.
---------------------------------------------------------------------------
\117\ See infra Section IV.C.2.
---------------------------------------------------------------------------
EDGAR Next would impose new requirements on existing filers,
relevant individuals acting on their behalf, and applicants for EDGAR
access. These requirements are designed to enhance the security of
EDGAR, and prevent the unauthorized access to information and systems
by: (1) identifying and authenticating individuals accessing EDGAR; (2)
requiring filers to authorize account administrators to manage their
accounts; (3) providing an account management dashboard to simplify the
management of EDGAR accounts and facilitate account administrators in
their compliance; (4) requiring filers, through their account
administrators, to annually confirm the individuals with roles on the
filer's dashboard, and to maintain accurate and current information on
EDGAR concerning the filer's account while securely maintaining
information relevant to access the filer's EDGAR account; and (5)
providing a machine-to-machine solution for filers to interface with
EDGAR.
a. Individual Account Credentials
The amendments to Rule 10 would provide that filers may only
authorize individuals on the dashboard if those individuals have
obtained individual account credentials in a manner to be specified in
the EDGAR Filer Manual. The Commission also anticipates requiring
multi-factor authentication (which we anticipate would be performed
through <a href="http://Login.gov">Login.gov</a>).\118\ We believe that by imposing the requirement to
require individual account credentials for the individuals accessing
the dashboards for all existing and prospective EDGAR filers, EDGAR
Next would generally improve the security of the EDGAR system in three
different ways. First, this requirement would eliminate the need for
filers to share their EDGAR access codes with various individuals
acting on behalf of the filer, reducing the likelihood of an
unauthorized individual gaining access to the filer's account. For
example, a personnel change or management reorganization at the filer
could create a situation where previously authorized filing agents or
former employees of the filer lose their privileges, but still possess
the EDGAR access codes. The risk of unauthorized access is heightened
when there is no internal method of tracking possession of EDGAR access
codes. Second, individual account credentials provide a means of
associating any given filing with the particular individual who
submitted such filing. The ability to associate the relevant
individuals to the filings they submitted would benefit the Commission
and the filer in resolving issues with problematic filings. Third,
individual account credentials would provide an additional layer of
validation with the anticipated requirement of multi-factor
authentication that would
[[Page 65547]]
require users to present a combination of two or more credentials for
access verification, thereby strengthening identity verification and
the security of access to EDGAR.\119\
---------------------------------------------------------------------------
\118\ In connection with the proposed amendments, the Commission
also proposes to amend Rule 11 under Regulation S-T, ``Definitions
of terms used in this part,'' to add and define new terms as part of
this rulemaking, and update the definitions of existing terms as
needed.
\119\ See supra text following note 59.
---------------------------------------------------------------------------
b. Account Administrators
The proposed amendments to Rule 10 also would require filers to
authorize account administrators to act on the filers' behalf to manage
their accounts. Currently, anyone who possesses a filer's access codes
can make a filing on that filer's EDGAR account. If the codes are
shared or left unprotected by the people who have them, they may be
obtained by someone who could use them to make an unauthorized filing,
and neither the filer nor Commission staff would be able to easily
trace the unauthorized filing through EDGAR to the individual who made
it. Under EDGAR Next, account administrators would improve the security
of EDGAR because account administrators would oversee and monitor the
filer's account. Account administrators would have the ability to
authorize, remove authority, and track all individuals acting on the
filer's behalf, thereby reducing the risk of unauthorized access to the
filer's account. The account administrator's monitoring of the filer's
account would allow for prevention and timely detection of potential
harms resulting from unauthorized access. It is difficult to quantify
the potential benefits to filers of these aspects of the proposed
changes because they would depend, in part, on the security risks faced
by filers and the effectiveness of their existing systems to protect
against unauthorized use of EDGAR access codes.
Individual filers and filers who are single-member companies would
be required, under proposed Rule 10(d)(2), to authorize and maintain at
least one account administrator. The designation of account
administrators would also help facilitate communication between filers
and the Commission, thus reducing the risk of possible interruptions in
filer EDGAR activities. Currently, filers designate a point of contact
on their Form ID to enable communication with the Commission.
Correspondence between the Commission and the EDGAR POC regarding the
filers' account activities may be delayed in the event that the EDGAR
POC is no longer associated with the filer, because the filer may not
update their EDGAR POC information with the Commission. All filers who
are not individuals or single-member companies would be required to
authorize and maintain at least two account administrators. The minimum
requirement of two account administrators would lower the likelihood of
the previously mentioned scenario. In addition, though the current
EDGAR POC receives the access codes on behalf of the filer, he is not
necessarily authorized to act on behalf of the filer. Under EDGAR Next,
the account administrator, on behalf of the filer, would oversee all
other designated roles and would be responsible for the management of
the filer's account.
c. Dashboard
Commission staff is also aware that certain filers and filing
agents currently have internal systems that track which individuals
possess their EDGAR access codes. The cost to these filers in
transitioning to the dashboard would be the same as if they did not
have an internal system. We can infer that the cost to these filers
would be less on an ongoing basis if they use the dashboard instead of
their current system due to the elimination of ongoing maintenance
costs for their system. Moreover, the dashboard would offer the
advantage of being a uniform system for all filers that additionally
allows Commission staff visibility into individuals authorized to act
for the filer. This additional qualitative benefit is not present for
current filer internal tracking systems. Furthermore, filers without a
system for tracking individuals in possession of EDGAR codes currently
would be afforded a tool to do so through EDGAR, thereby facilitating
compliance with their existing and proposed obligation to securely
maintain access to their accounts.
As proposed, Rule 10(d)(6) essentially codifies the current
requirement for a filer to securely maintain its EDGAR access codes.
Under the proposal, filers, through their account administrators, would
be required to securely maintain information relevant to the ability to
access their EDGAR accounts. Access to the dashboard would require
individual account credentials, completion of the anticipated
requirement of multi-factor authentication steps, and authorization
from account administrators. Because of these security features,
individuals in designated roles on the dashboard could safely access
the CCC code to file on behalf of the filers.\120\ This added security
feature would eliminate the need to share the CCC codes with various
individuals thus minimizing the risk of unauthorized access.
---------------------------------------------------------------------------
\120\ See supra note 26.
---------------------------------------------------------------------------
Additionally, the dashboard functionality of EDGAR Next would
provide time and labor efficiencies in managing filers' EDGAR accounts,
while facilitating compliance with the proposed rule requirements:
First, the dashboard would have a flexible user interface that
would provide time and labor efficiencies to account administrators by
facilitating the management of filers' EDGAR accounts, and compliance
with the proposed changes. Through the dashboard's interface, an
account administrator would have access to readily available
information that would facilitate compliance with proposed Rule
10(d)(4), assist in tracking those authorized to file on EDGAR, and
provide an opportunity for account administrators to confirm the
accuracy of all information contained on the dashboard. Furthermore,
through the dashboard's interface, account administrators could add an
individual as a user, account administrator, or technical administrator
for an EDGAR account on the dashboard. Additionally, using API tokens
as a method of authentication would eliminate the need for manual
individual account credential multi-factor authentication. This would
decrease the time required to submit filings, facilitate the ability to
pre-schedule and perform bulk filings, and reduce the potential for
error due to manual processing and the risk of missing deadlines.
Moreover, through the dashboard's interface, account administrators
could generate a CCC for newly issued CIKs. The CCC would be securely
saved in the dashboard visible to all authorized account administrators
and users. The CCC would remain as the code required for filing in the
account.
Second, the dashboard would provide additional time and labor
efficiencies through the user groups feature. This functionality would
particularly benefit delegated entities in managing multiple users and
multiple filers' delegations of authority. EDGAR Next would allow up to
500 users per filer, and delegated users would be able to make
submissions on behalf of the delegating filer. Assigning multiple users
on an individual basis to a given filer would be time consuming and
labor intensive, which would be detrimental to filers when they may
need to make time-sensitive filings. The user group feature would
streamline that process and allow delegated entities to assign multiple
users to a specific filer at once. The dashboard would harness the
benefits of technology and modernize the EDGAR access and management
functions while providing filers the flexibility to adapt to changes
rapidly, which is significant particularly in scenarios that could
negatively impact filing times.
[[Page 65548]]
The institution of the user role would particularly benefit large
filers or filing agents submitting multiple forms, for multiple
entities. Allowing up to 500 users per filer would increase the
likelihood of filling success for large filers and filing agents by
providing these entities flexibility in assigning multiple users to
various user-groups. Users would be able to remove themselves as a user
for a given filer, thereby facilitating the maintenance of updated
dashboard information that would benefit all affected parties.
d. Proposed Rules 10(d)(4), (d)(5), and (d)(6)
The proposed Rules 10(d)(4), (d)(5), and (d)(6) would require the
filer, through its authorized account administrators: to annually
confirm that all individuals reflected on the dashboard for the filer's
EDGAR account are authorized by the filer and that all information
regarding the filer on the dashboard is accurate; to maintain accurate
and current information about the filer on EDGAR; and to securely
maintain information relevant to the ability to access the filer's
EDGAR account. It would assist the filer in tracking and confirming
those individuals and delegated entities authorized to act on behalf of
the filer, and to remove those no longer authorized. Confirming the
accuracy of individuals authorized to act on behalf of filers while
ensuring the safeguard of account access related information would
enhance the security of EDGAR by reducing the risk of unauthorized
access therefore reducing the likelihood of unauthorized filings. The
Commission preliminarily believes that to the extent that the risk of
unauthorized access is reduced, taking measures that may prevent
unauthorized filings is inherently more efficient than remediating the
consequences of such events after it occurred.
Additionally, failure to perform the annual confirmation of the
information on the dashboard would result in the deactivation of the
filer's access and the removal of individuals from the filer's account
upon deactivation. Failure to perform annual confirmation could signal
that the account has been abandoned. Deactivation would further benefit
filers and all individuals associated with the filer's account by
protecting their information listed on the dashboard. Proposed Rule
10(d)(5) is analogous to the current requirements to securely maintain
EDGAR access and to maintain accurate company information on
EDGAR.\121\ Ensuring the accuracy of filer's relevant information
contained in EDGAR would increase the reliability of such available
information and thus would enhance the Commission's oversight
capabilities, which benefits both the Commissions and the public.
Furthermore, accurate and reliable EDGAR information would benefit the
filer by facilitating a timelier remediation of problematic filings.
---------------------------------------------------------------------------
\121\ See supra note 88.
---------------------------------------------------------------------------
e. Optional APIs
In connection with the EDGAR Next changes, the Commission would
provide optional APIs that would permit filers to interface on a
machine-to-machine basis with the EDGAR platform. These APIs would
benefit filers and the Commission by automating filers' connection to
EDGAR for submission and retrieval of certain filing-related data and
by reducing network traffic to the Commission. The Commission would
offer three APIs: a submission API, a submission status API, and an
operational status API.
With respect to the process for submissions, the submission API
would benefit filers by allowing for more secure submissions since
prior to using the APIs, the filer's technical administrator would be
required to generate a filer API token to authenticate the filer, and
the user would be required to generate a user API token to authenticate
the user. The API tokens would be confidential and generated through
the dashboard. The above requirements would provide additional
assurance that the user is indeed authorized to submit the relevant
filing.
The APIs would further streamline the submission and retrieval
process since the use of APIs and user tokens would allow automated
server-to-server authentication without the need for manual login and
multi-factor authentication. As mentioned before, many filing agents'
software use web scraping to retrieve information from EDGAR for filing
purposes and to make submissions. Though widely used, scraping depends
on the underlying structure of the external web page being scraped.
Thus, any minor changes to the underlying structure of the EDGAR
websites could impact the filers' software. The APIs would provide a
more reliable way for filers to interact with EDGAR since future
changes to EDGAR would likely not impact filers' software.
Further, the submission status API would allow filers to assess
information regarding submission status via machine-to-machine
communication. The submission status API would allow filers and filing
agents to use their filing application to simultaneously check the
status of multiple EDGAR submissions in a batch process as opposed to
individually checking the submission status of each submission after
manually logging into EDGAR. The submission status API would increase
the likelihood that the Commission receives submissions promptly by
limiting the risk of a failed submission through early communication
with the filers or their authorized representatives, benefiting the
Commission, filers and filing agents. An increase in the certainty and
timeliness of submission boosts the overall information quality of the
EDGAR system.
By opting to use the APIs, filers would further benefit by using
direct machine-to-machine connections that would be approved and
maintained by the Commission (as opposed to current third-party custom
applications). As described in Sections III.D.2 and 3, filers and
filing agents, as well as those using third-party custom applications
continuously interact with the EDGAR system inquiring as to the status
of submissions, or the operating status of EDGAR. Such inquiries into
EDGAR create significant network traffic. For example, this network
traffic could be more severe in the case of a large filing agent
checking the status of multiple submissions. Instead of manually
logging into EDGAR and individually checking the status of each
submission, the submission status and operational status APIs would
benefit the Commission and filers by allowing filers to simultaneously
check the status of multiple submissions in a batch process as opposed
to checking the status of each submission individually, thereby
reducing network traffic created when filers are repeatedly requesting
the status of their submissions, or the operational status of EDGAR.
Additionally, a filer who opts to use APIs would be required to
authorize at least two technical administrators, and would be allowed a
maximum of ten technical administrators to facilitate communication
with the Commission on API-related technical issues. This would reduce
the chance that filers' API access would be interrupted for any
unforeseen technical issues.
2. Costs
We believe that the costs associated with EDGAR Next would
primarily result from compliance costs borne by filers as described in
the Paperwork Reduction Act (``PRA'') analysis below, associated costs
to comply with new
[[Page 65549]]
Rule 10 requirements, and the one-time burden for filers to adjust
their internal filing application software to interface with the
APIs.\122\ While filers are not currently subject to analogous specific
requirements regarding access, they are nevertheless subject to the
same general requirements regarding securely maintaining EDGAR access
codes and limiting the number of persons who possess the codes.
---------------------------------------------------------------------------
\122\ See infra Section V.
---------------------------------------------------------------------------
The proposed additional disclosure requirements for Form ID would
entail certain incremental compliance costs.\123\ For example, filers
are already subject to the disclosure requirements of Form ID and under
EDGAR Next we estimate for purposes of the PRA that Form ID's burden
hours would increase by 0.3 burden hours.\124\ Collectively, we
estimate the burden to all filers to comply with the proposed
amendments to Form ID would be 47,674 hours per year.\125\ Filers would
also incur labor costs associated with authorizing account
administrators, along with fees associated with authorized individuals
granting powers of attorney to designated individuals and delegated
entities if those individuals being designated as account
administrators are not employees of the filer. However, such costs
would be mitigated by the six-month enrollment period of EDGAR Next,
which would allow existing and prospective filers to enroll their
account administrators without submitting a Form ID. Other costs that
could arise from the proposal would stem from a filer's failure to
perform, through its authorized account administrator, the required
annual confirmation pursuant to proposed Rule 10(d)(4). Failure to
perform the annual confirmation of the information on the dashboard
would result in the deactivation of the filer's access, and the removal
of individuals associated with the filer's account upon
deactivation.\126\ Filers would incur an additional burden of
submitting a new Form ID application to regain access to file on EDGAR,
and re-issuing invitations to any technical administrators, users, and
technical administrators associated with their account prior to
deactivation. However, these costs would potentially be mitigated by
EDGAR's multiple notices of the impending confirmation deadline to
account administrators on the dashboard and by email.\127\
---------------------------------------------------------------------------
\123\ See infra Section V.
\124\ See infra note 140.
\125\ See infra note 141141.
\126\ See supra note 71.
\127\ See supra note 70.
---------------------------------------------------------------------------
The Commission would further ease the transition for filers by
allowing relevant individuals of the filer to submit bulk enrollment of
up to 100 filers and their account administrators. This would
particularly benefit large filing agents enrolling multiple accounts by
saving time and labor costs. The dashboard would require filers to
incur costs to set up their accounts, as set forth in the PRA, and
would require some period of time to maintain accurate and current
information on EDGAR, confirm annually on EDGAR that all users, account
administrators, technical administrators, and/or delegated entities
reflected on the dashboard for the filer's EDGAR account are authorized
by the filer, and that the filer's info
[…truncated; see source link]Indexed from Federal Register on September 22, 2023.
This is legal information, not legal advice. Laws vary by jurisdiction and change frequently. Always verify current law with official sources and consult a licensed attorney in your jurisdiction for advice on your specific situation.