Using Electronic Signatures for SEC Filings
The Securities and Exchange Commission (SEC) rules require public companies to file annual and quarterly financial statements to provide transparency for investors. In 2021, the SEC received roughly 916,000 electronic filings through EDGAR, which is an increase of over 42% from the 644,000 received in 2019.
While a vast majority of filings are done electronically, SEC rules previously required a physical signature authentication page with the electronic filings. SEC current cost estimate to public companies for preparing disclosure documents such as forms 10-K, 10-Q, 8-K, S-1, S-3, S-4, 20-F, and others is well over $4 billion. The direct cost to the SEC for reviewing and processing disclosure documents is over $100 million annually.
Allowing broader use of electronic signatures for EDGAR file submissions
As a result of the SEC’s recent changes to Rule 302, public companies are now allowed to use electronic signatures on SEC signature authentication documents that were formerly submitted only by physical signature. This rule change represents an opportunity for filing companies to cut down on administrative costs and operate more efficiently. It is also a step towards faster, more responsive government.
The rule changes arose from a petition by a group of law firms reacting to the unique challenges of the COVID-19 pandemic. The petition made clear how central electronic signatures are to critical corporate filings, citing the routine use of electronic signatures for board consent and approval for other commercial transactions, as well as the changing nature of how business gets done using digital technology. The petition cited the security and authenticity of electronic signature technology, and the numerous state and federal courts that have upheld the validity of electronic signatures.
While such rule changes typically are not enforced immediately, the SEC provided guidance allowing immediate filings under the new rules’ terms. As long as they adhere to the new rules, companies may expand their use of electronic signatures in their filings today. The revised rules will permit the use of electronic signatures in connection with the filing of a variety of forms including Form 10-K, Form 10-Q and Form 8-K.
An outdated rule
Prior to the change, Rule 302(b) required signatories of electronic filings to manually sign signature authentication documents with a physical signature to authenticate the typed signatures in their filings. The rule also required companies to retain physical copies of the signature authentication documents for five years. This placed companies in the awkward position of having to use a wet ink signature to authorize the use of electronic signatures in the same filing. The inefficiency of this process has been keenly felt during the pandemic, as registrants need to obtain signatures from their board of directors and executive officers, across a remote and distributed work environment. As amended, Rule 302(b) will permit the use of electronic signatures in these signature authentication documents.
Signature requirements for EDGAR file submissions
As part of the rule change, the SEC updated its EDGAR Filer Manual to state that for a signatory to use an electronic signature in a signature authentication document, the signing process for the electronic signature must:
- require the signatory to present a physical, logical or digital credential that authenticates the signatory’s identity;
- reasonably provide for non-repudiation of the signature;
- provide that the signature be attached, affixed or otherwise logically associated with the signature page or document being signed; and
- include a timestamp to record the date and time of the signature.
Finally, before a signatory uses an electronic signature to sign a signature authentication document for the first time, he or she must manually sign a document attesting that the use of an electronic signature in any authentication document constitutes the legal equivalent of a manual signature for purposes of authenticating the signature. This document does not need to be filed but the filing company must retain an electronic or hard copy of the manually signed document for at least seven years after the date of the most recent electronically signed authentication document.
Establishing signature “credential”
The new process relies on authentication through a “credential.” Although the rule itself does not provide further guidance on this point, the EDGAR Manual defines a credential as “an object or data structure exclusively possessed and controlled by an individual to assert identity and provide for authentication.” In other words, a credential is a way to prove the authenticity of the signature.
This is a broad definition and there will likely be differing views on how to fulfill this proof of authenticity requirement for EDGAR file submissions. Some commentators have taken the view that a simple email address can meet this need. Companies that wish to use this method can do so with readily available electronic signature tools such as DocuSign eSignature.
However, others might argue that the filer will need to use a credential that is more closely linked to his or her identity such as a drivers license, passport or other government-issued ID. Certain types of agreements may also require stronger identity verification due to their value, regulations, vulnerability to fraud, or user preference.
For those who want to go beyond standard email-based identification, DocuSign offers ID Verification. ID Verification allows companies to require that a signer verify their identity via a recognized form of identification before accessing the agreement. This ensures compliance for those who take a more conservative view of the new rule.
Finally, for existing DocuSign customers, a log-in to the DocuSign system itself could meet the requirement of being a credential “controlled by an individual to assert identity and provide authentication.” So, for those with sufficient DocuSign accounts, this may provide a way forward to meeting the EDGAR manual definition.
As with any rule change with such broad applicability, there are always a variety of points of view. DocuSign provides options to comply with the SEC’s credential requirement, regardless of a practitioner’s interpretation.
Learn more about how electronic signature authentication works. For more examples of the increasing acceptance of e-signature, read out our related blogs: