[Federal Register Volume 89, Number 248 (Friday, December 27, 2024)]
[Rules and Regulations]
[Pages 106168-106229]
From the Federal Register Online via the Government Publishing Office [www.gpo.gov]
[FR Doc No: 2024-30494]
[[Page 106167]]
Vol. 89
Friday,
No. 248
December 27, 2024
Part VI
Securities and Exchange Commission
-----------------------------------------------------------------------
17 Part 232, 239, 249, et al.
EDGAR Filer Access and Account Management; Final Rule
��Federal Register / Vol. 89 , No. 248 / Friday, December 27, 2024 /
Rules and Regulations��
[[Page 106168]]
-----------------------------------------------------------------------
SECURITIES AND EXCHANGE COMMISSION
17 CFR Parts 232, 239, 249, 269, and 274
[Release Nos. 33-11313; 34-101209; 39-2557; IC-35343; File No. S7-15-
23]
RIN 3235-AM58
EDGAR Filer Access and Account Management
AGENCY: Securities and Exchange Commission.
ACTION: Final rule.
-----------------------------------------------------------------------
SUMMARY: The Securities and Exchange Commission (``Commission'') is
adopting rule and form amendments concerning access to and management
of accounts on the Commission's Electronic Data Gathering, Analysis,
and Retrieval system (``EDGAR'') that are related to certain technical
changes to EDGAR (collectively referred to as ``EDGAR Next''). EDGAR
Next will improve the security of EDGAR, enhance filers' ability to
manage their EDGAR accounts, and modernize connections to EDGAR. The
amendments require electronic filers (``filers'') to authorize and
maintain designated individuals as account administrators and to take
certain actions, through their account administrators, to manage their
accounts on EDGAR. Further, pursuant to these amendments, filers may
only authorize individuals as account administrators or in the other
roles described herein if those individuals first obtain individual
account credentials in the manner specified in the EDGAR Filer Manual.
As part of the EDGAR Next changes, optional Application Programming
Interfaces (``APIs'') will be offered to filers for machine-to-machine
communication with EDGAR. Moreover, we are amending Volume I of the
EDGAR Filer Manual to accord with these changes. Filers will have 12
months from the issuance of this release to transition to EDGAR Next.
DATES:
Effective date: The effective date for this rule is March 24, 2025.
The incorporation by reference of certain material listed in this rule
is approved by the Director of the Federal Register as of March 24,
2025.
Compliance date: The compliance date for amended Form ID is March
24, 2025. The compliance date for all other rule and form amendments
(other than the EDGAR Filer Manual changes) is September 15, 2025. See
SUPPLEMENTARY INFORMATION for more information on compliance and the
EDGAR Filer Manual changes.
FOR FURTHER INFORMATION CONTACT: Rosemary Filou, Deputy Director and
Chief Counsel; Daniel K. Chang, Senior Special Counsel; E. Laurita
Finch, Senior Special Counsel; Jane Patterson, Senior Special Counsel;
Margaret Marrero, Senior Counsel; Lidian Pereira, Senior Special
Counsel; EDGAR Business Office at 202-551-3900, Securities and Exchange
Commission, 100 F Street NE, Washington, DC 20549.
SUPPLEMENTARY INFORMATION: The Commission is adopting amendments to 17
CFR 232.10 (``Rule 10'') and 17 CFR 232.11 (``Rule 11'') under 17 CFR
part 232 (``Regulation S-T''); and amendments to Form ID (referenced in
17 CFR 239.63, 249.446, 269.7, and 274.402). The Commission is also
adopting an updated Filer Manual, Volume I: ``EDGAR Filing,'' Version
42 (issued September 27, 2024) and amendments to 17 CFR 232.301 (``Rule
301''). The updated Filer Manual is incorporated by reference into the
Code of Federal Regulations.
Table of Contents
I. Introduction
II. Discussion
A. Individual Account Credentials
B. Individual Roles: Account Administrator, User, Technical
Administrator
1. Account Administrators
2. Users
3. Technical Administrators
C. Delegated Entities
1. Delegating Authority To File
2. Separation of Authority of Filer and Delegated Entity
3. Delegated Entities
4. Delegated Users
5. User Group Functionality at Delegated Entities
6. Technical Administrators at Delegated Entities
D. Hours of Operation of the Dashboard
E. Optional Application Programming Interfaces
1. APIs That Commission Staff Will Provide
2. API Tokens
F. Final Amendments to Rules and Forms
1. Rule 10 of Regulation S-T
2. Rule 11 of Regulation S-T
3. Form ID
G. EDGAR Filer Manual Changes
H. Transition Process
1. Enrollment Process
2. Compliance
III. Other Matters
IV. Economic Analysis
A. Baseline
B. Consideration of Benefits and Costs as Well as the Effects on
Efficiency, Competition, and Capital Formation
1. Benefits
2. Costs
3. Effects on Efficiency, Competition, and Capital Formation
C. Reasonable Alternatives
1. Add and Allow Bulk Confirmation for Related CIKs
2. Extend the ABSCOMP Process to Affiliated Entities
3. Retire the CCC for Filing Submissions
4. Requirements for Individual and Small Filers
5. Implementing Performance-Based Standards
V. Paperwork Reduction Act
A. Summary of Comment Letters on PRA Estimates
B. Form ID
C. The Dashboard
VI. Final Regulatory Flexibility Analysis
A. Need for and Objectives of the Rule and Form Amendments
B. Significant Issues Raised by Public Comments
C. Small Entities Subject to the Rule and Form Amendments
D. Projected Reporting, Recordkeeping, and Other Compliance
Requirements
E. Agency Action to Minimize Effects on Small Entities
Statutory Authority
Appendix A--Form ID
I. Introduction
The Commission is seeking to enhance the security of EDGAR, improve
the ability of filers \1\ to securely manage and maintain access to
their EDGAR accounts, facilitate the responsible management of filer
credentials, and simplify procedures for accessing EDGAR.\2\
---------------------------------------------------------------------------
\1\ For purposes of this release, we use the term ``filer'' to
mean ``electronic filer,'' as defined in Rule 11 of Regulation S-T:
``A person or an entity that submits filings electronically pursuant
to Rules 100 or 101 of Regulation S-T.''
\2\ For a discussion of the current EDGAR access and account
management processes, please refer to EDGAR Filer Access and Account
Management, Release No. 33-11232 (September 13, 2023) [88 FR 65524
(September 22, 2023)] (``Proposing Release'').
---------------------------------------------------------------------------
In furtherance of these goals, on September 30, 2021, the
Commission issued a Request for Comment on Potential Technical Changes
to EDGAR Filer Access and Filer Account Management Processes (``2021
Request for Comment'').\3\ The Commission received comments in response
to the 2021 Request for Comment,\4\ and Commission staff subsequently
engaged in a dialogue with commenters and other interested parties,\5\
considered feedback from these parties, and gathered additional
information about filers' interactions with EDGAR. Staff discussed a
variety of topics with commenters including the addition of optional
APIs for submission and for verifying certain information on
[[Page 106169]]
EDGAR; filers' annual confirmation of the accuracy of their account
information; whether accession numbers should be traceable to the
individuals making the submissions; bulk submissions and user group
functionality; delegation of authority to file; a potential transition
process to implement the contemplated changes; and other technical
matters.
---------------------------------------------------------------------------
\3\ For a discussion of the 2021 Request for Comment, please
refer to the Proposing Release.
\4\ Comment letters related to the 2021 Request for Comment are
available at https://www.sec.gov/comments/s7-12-21/s71221.htm.
\5\ Memoranda describing these meetings with SEC officials are
available at https://www.sec.gov/comments/s7-15-23/s71523.htm.
---------------------------------------------------------------------------
After consideration of the information provided by commenters in
response to the 2021 Request for Comment, the Commission issued a
Proposing Release on September 13, 2023, that included proposed
amendments to Rule 10 of Regulation S-T concerning filer access and
account management and related matters; Form ID, the application for
EDGAR access; and Rule 11 of Regulation S-T, containing the definitions
of terms in Regulation S-T. The Commission proposed changes to Rule 10
and Form ID to require each EDGAR filer to authorize and maintain
individual account administrators to manage the filer's EDGAR account
on a dashboard on EDGAR and to authorize account administrators and
other individuals only if those individuals obtained individual account
credentials. The Commission further proposed that each filer, through
its account administrators, be required to confirm annually that the
filer authorized all individuals and delegated entities reflected on
the dashboard to act on its behalf, and that all information about the
filer on the dashboard was accurate. The Commission also proposed
requirements to maintain accurate and current information on EDGAR
concerning the filer's account and securely maintain information
relevant to the ability to access the filer's EDGAR account. In
addition to the proposed rule and form amendments, the Commission
described in the Proposing Release the possible addition of optional
APIs to allow machine-to-machine submissions on and retrieval of
certain information from EDGAR and indicated that, to connect to the
optional APIs, filers, through their account administrators, would be
required to authorize at least two technical administrators and present
certain security tokens to EDGAR as specified in the EDGAR Filer
Manual.
The Commission considered comment letters received in response to
the Proposing Release that included both comments on the proposed rule
and form changes as well as technical feedback on functionality
discussed in the Proposing Release.\6\ We considered both the comments
on the rule and form amendments as well as feedback on EDGAR Next
technical functionality and discuss both aspects together in this
release. While we discuss aspects of EDGAR Next technical functionality
in this release together with the final rule and form amendments, we
anticipate that this technical functionality will evolve over time in
response to, for example, changes in filer needs, security
requirements, and technological developments, among other
circumstances. As is the case today and has been historically, updates
to the EDGAR system typically will be communicated through the EDGAR
Filer Management website and reflected in amendments to the EDGAR Filer
Manual from time to time.
---------------------------------------------------------------------------
\6\ The public comments we received are available at https://www.sec.gov/comments/s7-15-23/s71523.htm. A few commenters asserted
that the comment period was not sufficient and asked the Commission
to extend it. See Comment Letter of XBRL US (October 27, 2023) and
Toppan Merrill Comment Letter (November 20, 2023) (``Toppan Merrill
Comment Letter''). The comment period for the Proposing Release was
open for 60 days, and we do not believe an extension of the comment
period is necessary. Moreover, we have considered all comment
letters received, including those submitted after the comment period
closed.
---------------------------------------------------------------------------
The Commission is adopting the proposed amendments to Rules 10 and
11 of Regulation S-T and Form ID substantially as proposed. We believe
that the rule and form amendments adopted in this release and the
related technical changes further the goals of enhancing the security
of EDGAR access and improving EDGAR account management and are
responsive to the comments received in response to the Proposing
Release and the 2021 Request for Comment.
The obligations for filers are generally being codified in Rule 10
of Regulation S-T, new paragraph (d).\7\ Under paragraph (d)(1) of Rule
10 as adopted, only those individuals who obtain individual account
credentials \8\ can be authorized to act on the filer's behalf on the
dashboard on EDGAR.\9\ Paragraph (d)(2) of Rule 10 as adopted requires
each filer to authorize and maintain individuals as its account
administrators \10\ to manage the filer's EDGAR account on the filer's
behalf, in accord with the EDGAR account access and account management
requirements set forth in this release and in the EDGAR Filer Manual as
it is being amended. Pursuant to the amendments to Form ID and the
EDGAR Filer Manual, the filer can authorize someone who is not an
employee of the filer or its affiliates to be the filer's account
administrator if an authorized individual for the filer \11\ provides a
relevant notarized power of attorney.\12\ Paragraph (d)(3) of Rule 10
as adopted requires any filer that decides to connect to an optional
API \13\ to authorize, through its account administrators, at least two
technical administrators \14\ to manage the API unless the filer
arranges to use the filer API tokens and API connections of its
[[Page 106170]]
delegated entities.\15\ Further, the EDGAR Filer Manual is being
amended to require that filers present certain security tokens to
connect to the APIs. As adopted, paragraph (d)(4) of Rule 10 will
require each filer, through its authorized account administrators, to
confirm annually that all account administrators, users,\16\ delegated
entities,\17\ and technical administrators reflected on the dashboard
for the filer's EDGAR account are authorized by the filer and that all
information regarding the filer on the dashboard is accurate. Paragraph
(d)(5) of Rule 10 as adopted will require each filer, through its
authorized account administrators, to maintain accurate and current
information about the filer on EDGAR, and paragraph (d)(6) of Rule 10
as adopted will require each filer, through its authorized account
administrators, to securely maintain information relevant to the
ability to access the filer's EDGAR account.
---------------------------------------------------------------------------
\7\ In addition to the changes discussed below, Rule 10 is being
amended to implement certain clarifying and conforming changes. See
section II.F.1.
\8\ We are amending Rule 11 of Regulation S-T to define
``individual account credentials'' as credentials issued to
individuals for purposes of EDGAR access, as specified in the EDGAR
Filer Manual. See the discussion of amendments to Rule 11 in section
II.F.2. The EDGAR Filer Manual is being amended to specify that
individual account credentials must be obtained through Login.gov, a
sign-in service of the U.S. Government that employs multifactor
authentication.
\9\ We are amending Rule 11 of Regulation S-T to define the
``dashboard'' as an interactive function on EDGAR where electronic
filers manage their EDGAR accounts and individuals that electronic
filers authorize may take relevant actions for electronic filers'
accounts. See the discussion of amendments to Rule 11 in section
II.F.2. In connection with this rulemaking, the dashboard will be
integrated into the EDGAR Filer Management website, https://www.filermanagement.edgarfiling.sec.gov.
\10\ We are amending Rule 11 of Regulation S-T to define an
``account administrator'' as an individual that an electronic filer
authorizes to manage the electronic filer's EDGAR account on EDGAR,
and to make filings on EDGAR on the electronic filer's behalf. See
the discussion of amendments to Rule 11 in section II.F.2.
Applicants (individuals and companies) for EDGAR access must
authorize account administrators on Form ID. See amended Form ID.
\11\ We are amending Rule 11 of Regulation S-T to define
``authorized individual.'' This definition mirrors the definition of
``authorized individual'' in the EDGAR Filer Manual, Volume I. See
the discussion of amendments to Rule 11 in section II.F.2 and EDGAR
Filer Manual, Volume I.
\12\ For example, if a filer wishes to authorize an individual
employed by its filing agent to act as the filer's account
administrator, the filer must upload with the Form ID a power of
attorney signed by an authorized individual of the filer, with that
signature notarized, authorizing the employee of the filing agent to
be the filer's account administrator. See amended Form ID, Part 3.
The EDGAR Filer Manual, Volume I sets forth the requirements for
notarization of the signature of an authorized individual. Among
other things, pursuant to Volume I of the EDGAR Filer Manual,
notarization may be obtained through a remote online notary
recognized by the law of any State or territory in the U.S. or the
District of Columbia.
\13\ We are amending Rule 11 of Regulation S-T to define an
``Application Programming Interface'' or ``API'' as a software
interface that allows computers or applications to communicate with
each other. See the discussion of amendments to Rule 11 in section
II.F.2.
\14\ We are amending Rule 11 of Regulation S-T to define a
``technical administrator'' as an individual that the filer
authorizes on the dashboard to manage the technical aspects of the
filer's use of EDGAR APIs on its behalf. See the discussion of
amendments to Rule 11 in section II.F.2. Technical administrators
need not be software developers or technical experts to carry out
the requirements to manage the filer's use of APIs and filer API
tokens, as discussed more fully below.
\15\ See paragraph (d)(3) of Rule 10 as adopted addressing the
technical administrator requirements and the provision therein
allowing filers to use their delegated entities' API connections and
filer API tokens so long as those delegated entities comply with the
requirement to maintain two technical administrators.
\16\ We are amending Rule 11 of Regulation S-T to define a
``user'' as an individual that the filer authorizes on the dashboard
to make submissions on EDGAR on the filer's behalf. See the
discussion of amendments to Rule 11 in section II.F.2.
\17\ We are amending Rule 11 of Regulation S-T to define a
``delegated entity'' as an electronic filer that another electronic
filer authorizes, on the dashboard, to file on EDGAR on its behalf.
See the discussion of amendments to Rule 11 in section II.F.2.
---------------------------------------------------------------------------
We are amending Form ID to implement the changes to Rule 10,
including but not limited to the requirement to provide information
about the applicant's account administrators, to make the form more
user friendly,\18\ and to improve the utility of the form for
Commission staff.\19\ Moreover, we are amending Rule 11 of Regulation
S-T to define new terms related to the rule and form amendments.\20\ We
are further amending the EDGAR Filer Manual to accord with the EDGAR
Next changes.
---------------------------------------------------------------------------
\18\ As an example of the changes being made to make the form
more user friendly, additional instruction will be added to guide
applicants through completion and submission of the form, and the
user interface will be improved.
\19\ As an example of the changes being made to improve the
utility of the form for Commission staff, a checkbox will be added
to each address field for identification of non-U.S. locations,
which will improve data analytics.
\20\ Please refer to amended Rule 11 of Regulation S-T, set
forth in this release, for definitions of the terms used in the
release. The amendments to Rule 11 also update or delete reference
to outdated terminology and clarify the definition of the EDGAR
Filer Manual.
---------------------------------------------------------------------------
The EDGAR Next transition process will begin with the issuance of
this adopting release. For the initial six months, from September 30,
2024 to March 21, 2025, filers may prepare for the changes by testing
in and modifying their internal software systems to accord with an
EDGAR Next Adopting Beta environment reflecting the adopted rule and
form amendments and related technical changes, including but not
limited to testing the optional APIs that will be provided, as well as
gathering information necessary to enroll on EDGAR. On Monday, March
24, 2025, a new EDGAR Filer Management website that includes the
dashboard will go live, and related changes in the EDGAR Filer Manual,
Volume I will be effective. At that time, compliance with amended Form
ID will be required, all applicants for EDGAR access must apply on
amended Form ID through the dashboard, and the prior version of the
form will be ineffective. If Commission staff grant the amended Form ID
application, the filer will be in compliance with the EDGAR Next
changes, and thus will not be required to subsequently enroll on the
dashboard. In addition, beginning Monday, March 24, 2025, existing
filers may begin to enroll on the dashboard, and once enrolled may
connect to the optional APIs while still being able to use the legacy
filing process. Compliance with the remaining EDGAR Next changes will
be required on Monday, September 15, 2025, when all EDGAR websites will
require, among other things, Login.gov individual account credentials
and dashboard authorization to make submissions on EDGAR. Filers who
have not enrolled by September 15, 2025 will not be able to make
submissions or take other actions in EDGAR other than enroll.
Enrollment will be permitted for an additional three months, until
December 19, 2025.\21\ On December 22, 2025, filers who have not
enrolled in EDGAR Next or been granted access through amended Form ID
will be required to submit the amended Form ID through the dashboard to
apply for access to their existing EDGAR accounts. Section II.H below
provides additional information regarding the transition to EDGAR Next.
---------------------------------------------------------------------------
\21\ In total, the enrollment period will extend nine months,
from March 24, 2025 to December 19, 2025. If filers enroll on the
dashboard during this period, they will not be required to apply for
access on amended Form ID. Please see section II.H for additional
information about enrollment.
---------------------------------------------------------------------------
Additional details regarding EDGAR Next technical changes,
including dashboard functionality and APIs, as well as the transition
process are available on the EDGAR Next page on SEC.gov.\22\
---------------------------------------------------------------------------
\22\ See EDGAR Next-Improving Filer Access and Account
Management, U.S. Securities and Exchange Commission, available at
https://www.sec.gov/edgar/filer-information/edgar-next.
---------------------------------------------------------------------------
II. Discussion
We are adopting, substantially as proposed, amendments to Rule 10
of Regulation S-T concerning EDGAR filer access and account management
and related matters; Form ID, the application for EDGAR access; and
Rule 11 of Regulation S-T, containing the definitions of terms in
Regulation S-T. We are further amending the EDGAR Filer Manual in
accord with the rule and form amendments.\23\ These amendments will,
among other things, benefit filers by improving the security of their
EDGAR accounts and making it easier for filers to manage and maintain
access to their EDGAR accounts.
---------------------------------------------------------------------------
\23\ A blackline of the changes to Volume I of the EDGAR Filer
Manual is available at www.sec.gov/rules-regulations.
---------------------------------------------------------------------------
The amendments to Rule 10 and Form ID set forth requirements for
each EDGAR filer to authorize and maintain individual account
administrators to manage the filer's EDGAR account on a dashboard on
EDGAR and to authorize to act on the filer's behalf only those
individuals who obtain individual account credentials. The EDGAR Filer
Manual is being amended to specify Login.gov as the individual account
credential provider. Each filer, through its account administrators,
will be required to confirm annually that all account administrators,
users, technical administrators, and delegated entities reflected on
the filer's dashboard are authorized by the filer to act on its behalf
and that all information regarding the filer on the dashboard is
accurate; maintain accurate and current information on EDGAR concerning
the filer's account; and securely maintain information relevant to the
ability to access the filer's EDGAR account.
In addition to the rule and form amendments, this release describes
the EDGAR Next functionality that will be offered to filers, including
but not limited to optional APIs that will improve the efficiency and
accuracy of filers' interactions with EDGAR by providing a machine-to-
machine method of making submissions, retrieving information, and
performing account management tasks. EDGAR will make available 15
optional APIs in total, which include the three APIs discussed in the
Proposing Release and 12 additional APIs, many of which were requested
by commenters. Among other things, these APIs will replicate much of
[[Page 106171]]
the dashboard account management functionality, allowing filers to
manage their EDGAR accounts with minimal manual interaction with EDGAR.
If a filer chooses to connect to the optional APIs, the filer,
through its account administrators, must authorize at least two
technical administrators, pursuant to paragraph (d)(3) of Rule 10,
unless the filer arranges to use the filer API tokens and API
connections of its delegated entity (and the delegated entity complies
with the requirement to maintain at least two technical
administrators), as requested by commenters. Filers choosing to connect
to the optional APIs must also present specified security tokens of
limited duration in the form of filer API tokens and user API tokens,
as set forth in the EDGAR Filer Manual as amended. These token
requirements are intended to provide security for API connections.
Filers using their delegated entities' API connections must use their
delegated entities' filer API tokens, and individuals at those filers
must present a user API token to interact with the APIs to allow
identification of the individual taking action on EDGAR if those APIs
require presentation of a user API token.
Filers that do not connect to the optional EDGAR APIs will not need
to comply with these API-related requirements and may continue to make
web-based submissions on EDGAR.
A. Individual Account Credentials
Paragraph (d)(1) of Rule 10 as proposed and adopted will require
that a filer only authorize an individual to perform functions on the
dashboard on the filer's behalf if that individual possesses individual
account credentials, obtained in the manner specified in the EDGAR
Filer Manual. In addition to what was noted in the Proposing Release,
however, and in response to commenter concerns, the EDGAR Filer Manual
is being amended to clarify that individual account credentials may not
be shared with other individuals as the credentials are intended to
identify the individual who takes action on EDGAR.
As contemplated in the Proposing Release, we are amending the EDGAR
Filer Manual to specify that individual account credentials must be
obtained through Login.gov, a secure sign-in service of the U.S.
General Services Administration.\24\ Login.gov is used by participating
Federal agencies, as well as State, local, and territorial governments
to provide a secure login process and to allow members of the public to
use a single account that is protected by encryption, multifactor
authentication, and additional safeguards.\25\ To obtain individual
account credentials for EDGAR, an individual must respond to prompts on
the Login.gov website to provide an email address, create a password,
and select a multifactor authentication option.\26\ The EDGAR Filer
Manual will specify that the email address provided to Login.gov must
match the email address the individual has provided or intends to
provide to EDGAR (during enrollment, on amended Form ID, or to the
relevant account administrator).\27\
---------------------------------------------------------------------------
\24\ https://www.login.gov/.
\25\ See Login.gov, ``About us,'' at https://www.login.gov/about-us/.
\26\ As of the date of this release, Login.gov multifactor
authentication options include: (1) a security key; (2) Federal
government employee or military PIV or CAC cards; (3) authentication
application; (4) biometric (face or fingerprint) verification; (5)
text message/SMS or telephone call; and (6) backup codes. With
respect to option (3), current Login.gov authentication applications
include: Android and iOS options (Google Authenticator, Authy,
LastPass, 1Password), Windows and Mac apps (1Password and OTP
Manager), and Chrome extensions (Authenticator). See generally
Login.gov, Authentication Options at https://www.login.gov/help/get-started/authentication-options/. See also generally Login.gov,
``Privacy and security: Our security practices,'' at https://login.gov/policy/our-security-practices/ for information on
Login.gov's security practices.
\27\ If an individual changes the email address that she uses in
connection with EDGAR (for example, because of a change of domain
name), the individual should first change her email address on the
dashboard and then change it on Login.gov. This will prevent
interruptions in access to EDGAR. If an individual permanently loses
access to her email before taking the steps above, the individual
should create another account on Login.gov with a new email address,
and the filer's account administrator should add her to the filer's
account on the dashboard using the new email address.
---------------------------------------------------------------------------
In accord with amended paragraph (d) of Rule 10 and the EDGAR Filer
Manual, and as proposed, all account administrators, users, and
technical administrators must enter their individual account
credentials and complete multifactor authentication to log into EDGAR.
After entering the email address and the password created on Login.gov,
the individual will be prompted to complete the multifactor
authentication option the individual selected when obtaining individual
account credentials at Login.gov.\28\ Thus, through Login.gov,
multifactor authentication for individual accounts will be required to
access EDGAR.
---------------------------------------------------------------------------
\28\ If the individual loses or forgets her Login.gov password,
the individual can reset the password through Login.gov, simplifying
and automating the process of password retrieval.
---------------------------------------------------------------------------
The use of multifactor authentication aligns with modern security
practices, such as those set forth in Executive Order No. 14028, issued
May 12, 2021, directing Federal agencies to modernize and implement
stronger cybersecurity standards (``executive order''),\29\ including
but not limited to the deployment of multifactor authentication as a
foundational security tool at Federal agencies. As stated in the
executive order, the use of multifactor authentication enhances system
security. It further follows digital identity guidelines for Federal
agencies issued by the National Institute of Standards and Technology
(``NIST'').\30\ Multifactor authentication is a widely accepted
security tool that will improve the security of access to EDGAR by
adding a layer of validation each time an individual signs into EDGAR.
---------------------------------------------------------------------------
\29\ See Exec. Order No. 14028 (2021), 60 FR 26633, 26636 (May
17, 2021).
\30\ See Digital Identity Guidelines: Authentication and
Lifecycle Management, National Institute of Standards and
Technology, NIST SP 800-63, available at https://csrc.nist.gov/pubs/sp/800/63/b/upd2/final, at section 4 of NIST SP 800-63B (``Any PII
or other personal information--whether self-asserted or validated--
requires multi-factor authentication.'').
---------------------------------------------------------------------------
In sum, EDGAR Next will enhance the security of filers' accounts by
requiring anyone seeking to make a submission on EDGAR on behalf of a
filer to sign in with individual account credentials, complete
multifactor authentication, be authorized by the filer or the filer's
account administrator and enter the filer's EDGAR account/central index
key number (``CIK'') and central index key confirmation code (``CCC'').
Commenters generally agreed that requiring individual account
credentials for EDGAR access would improve EDGAR security, provide
individual accountability and, by implementing multifactor
authentication, align EDGAR with current best practices.\31\
---------------------------------------------------------------------------
\31\ See, e.g., Comment Letter of Cory (September 19, 2023)
(``Cory I Comment Letter'') (``[This is] essential to verify the
identity and legitimacy of those managing financial data, mitigating
the risk of unauthorized access and fraud''); Comment Letter of XBRL
US (November 21, 2023) (``XBRL II Comment Letter'') (``Multi-factor
authentication is a step forward in increasing EDGAR security and
has become a standard for most companies.''); Comment Letter of
Block Transfer (November 21, 2023) (``Block Transfer Comment
Letter'') (``We agree with the [Commission's] position that
individual accountability through people-based, not organization-
wide, accounts will lead to greater accountability, transparency,
and efficiency in the market'').
---------------------------------------------------------------------------
Several commenters expressed concerns that the introduction of
individual account credentials could be disruptive or unduly burdensome
for individuals with reporting obligations pursuant to section 16 of
the Securities Exchange Act of 1934 (``Exchange Act'').\32\ For the
reasons discussed
[[Page 106172]]
below, we do not think that the issues raised by these commenters will
be disruptive or unduly burdensome for section 16 filers. One commenter
asserted that many individuals use Login.gov for personal matters and
suggested that these individuals may not wish to use their existing
Login.gov accounts for EDGAR matters.\33\ The EDGAR Filer Manual as
amended will require individuals to present an email address that
matches the email address the individual will use in connection with
EDGAR \34\ to obtain Login.gov individual account credentials for
EDGAR.\35\ The email address will become the individual's username for
Login.gov individual account credentials and will be used for
identification and notification purposes on EDGAR. Therefore, if an
individual currently has a Login.gov account created with her personal
email address and does not intend to use that email address in
connection with EDGAR matters, or is otherwise concerned that her
personal email address may become visible on the EDGAR Filer Management
dashboard, she should create new Login.gov individual account
credentials with the email address she wishes to use in connection with
EDGAR.\36\ This email address could be the one provided to the
individual by her employer or that the individual uses for business
purposes. Individuals can continue to use their Login.gov personal
email address and password for personal matters. They will separately
use the Login.gov individual account credentials they created for use
on EDGAR to log into EDGAR.
---------------------------------------------------------------------------
\32\ See, e.g., Comment Letter of Society for Corporate
Governance (August 30, 2024) (``SCG Comment Letter'') (``[I]t
appears that some companies have assumed their third-party filing
agents would handle this major EDGAR overhaul without significant
disruption or additional work by in-house personnel. However, the
comment letters by filing agents and other vendors suggest
otherwise.''); XBRL II Comment Letter (``[W]e do not believe the
rule proposal adequately addresses the needs of Section 16 filers
and single individual filers [who] will perform their own code
management.'').
\33\ See SCG Comment Letter (``[T]here was also concern with
respect to the fact that Login.gov is used, in many instances, for
individuals' personal matters (e.g., Social Security). Using a
single account for both personal and public filings is likely to
lead to confusion and hesitation on the part of the Section 16
filers. Such individuals may not wish to comingle their personal
matters with their public filing obligations.'').
\34\ Individuals will provide their email addresses on Form ID,
during enrollment, and to account administrators to identify
themselves. The dashboard will display individuals' email addresses
for identification and individuals will receive email notifications
from EDGAR at their email addresses. Therefore, individuals should
present to Login.gov the email address that they intend to provide
to EDGAR, that will identify them to others on EDGAR, and that they
will use to receive communications from EDGAR.
\35\ See amended EDGAR Filer Manual, Volume I, at section 3(a).
\36\ By contrast, if individuals currently have Login.gov
accounts used in connection with EDGAR, they may choose to rely upon
those existing Login.gov individual account credentials.
---------------------------------------------------------------------------
Several commenters further suggested that it would be a burden on
section 16 filers to apply for EDGAR access and to enroll in EDGAR Next
themselves and requested that EDGAR permit a corporate secretary or
legal personnel of a registrant to obtain EDGAR access for an
individual section 16 filer pursuant to a power of attorney.\37\ In
response to these comments, we clarify that EDGAR will permit this.
Individuals with individual or single-member company filer EDGAR
accounts may avoid obtaining Login.gov individual account credentials
for EDGAR if they authorize an individual at their filing agent or
other third party to enroll them in EDGAR Next and during enrollment
authorize one or more individuals at these entities to act as their
account administrators.\38\ For enrollment, presentation of a power of
attorney for the person performing enrollment or being authorized as an
account administrator will not be necessary, although we urge all
filers to carefully coordinate regarding the person they will authorize
to enroll them. For enrollment, the codes required to be entered will
act as validation of the filer's intent.\39\
---------------------------------------------------------------------------
\37\ See, e.g., SCG Comment Letter (``We believe that the
corporate secretary or legal personnel of the registrant--with a
Power of Attorney (POA)--should be able to complete the process for
obtaining EDGAR access codes or passphrases without further
involvement from an individual Section 16 filer.''); XBRL II Comment
Letter (``[W]e do not believe the rule proposal adequately addresses
the needs of Section 16 filers and single individual filers will
perform their own code management.'').
\38\ Only one individual (the individual need not be an account
administrator so long as the filer authorizes the individual to
enroll) would enroll the filer, providing information about
authorized account administrators during enrollment. After
enrollment, the account administrators would manage the filer's
account on the dashboard, adding account administrators, users and
technical administrators, if connecting to APIs, and delegating
authority to file, if relevant.
\39\ See infra text accompanying and following note 208 (the
filer's CIK, CCC, and EDGAR passphrase must be provided to validate
the enrollment request as legitimate).
---------------------------------------------------------------------------
Separately, individual or single-member company filers who apply
for access on amended Form ID may authorize one or two individuals at
their filing agents or relevant companies as their account
administrators on Form ID; however, for Form ID, individual or single-
member company applicants must also provide signed, notarized powers of
attorney to those persons to be uploaded to EDGAR together with the
completed Form ID. Thereafter, the filer's authorized account
administrators would obtain individual account credentials from
Login.gov and manage the filer's account on the dashboard. In summary,
the individual or single-member company filer would not need to obtain
Login.gov individual account credentials in these circumstances.
The commenter also expressed concerns regarding how section 16
filers and others would navigate the multifactor authentication process
when making filings.\40\ As an initial matter, we do not believe that
it will be difficult for section 16 filers and other individuals to
navigate the Login.gov multifactor authentication process as it is
substantially the same as the process used by numerous financial and
other websites for verification. It is therefore likely that section 16
filers and other individuals have experience in performing multifactor
authentication. Alternatively, as discussed above, section 16 filers
and other individual filers may provide notarized powers of attorney to
authorize account administrators to manage filers' accounts and make
submissions on filers' behalf, eliminating the need for section 16
filers and other individual filers to obtain individual account
credentials or perform multifactor authentication themselves.\41\
---------------------------------------------------------------------------
\40\ See SCG Comment Letter (``[Our members] expressed concerns
about how registrants, Section 16 insiders, and their filing agents
would navigate the new MFA process when making filings.'').
\41\ See sections II.B.1 and II.B.2.
---------------------------------------------------------------------------
The commenter further raised issues surrounding the security of
Login.gov.\42\ The matters raised by the commenter pertain to
Login.gov's provision of identity assurance level 2 (``IAL2'')
services,\43\ which generally require gathering certain sensitive
personally identifiable information such as copies of drivers'
licenses, passports, or similar documents. EDGAR's agreement with
Login.gov, however, is to provide identity assurance level 1 (``IAL1'')
services, which do not require presentation of such sensitive
personally identifiable information. To obtain individual account
credentials from Login.gov for EDGAR, the
[[Page 106173]]
individual need only provide her email address, create a password, and
select a multifactor authentication method. The security of Login.gov's
provision of IAL1 services has not been called into question, and as
noted above, numerous Federal and State agencies successfully use
Login.gov on an ongoing basis.
---------------------------------------------------------------------------
\42\ See SCG Comment Letter (``Given that the security of
Login.gov has been questioned by Congress and the Internal Revenue
Service has expressed reservations about using the platform, the
Commission should not mandate Login.gov as the sole platform that
registrants and their Section 16 filers may use for multi-factor
authentication.'').
\43\ See ``GSA Misled Customers on Login.gov's Compliance with
Digital Identity Standards,'' Press Release, Office of the Inspector
General, U.S. General Services Administration, available at https://www.gsaig.gov/content/gsa-misled-customers-logingovs-compliance-digital-identity-standards (``GSA knowingly billed IAL2 customer
agencies over $10 million for services, including alleged IAL2
services that did not meet IAL2 standards.'')
---------------------------------------------------------------------------
Other commenters suggested that EDGAR provide filers with the
option to continue to use a password and CCC instead of Login.gov
during a transition period to EDGAR Next.\44\ In response to these
comments, we clarify that from March 24, 2025 to September 12, 2025,
EDGAR will continue to allow submissions to be made when the password
and CCC are presented. One commenter asked that the Commission allow
section 16 filers to continue to log into EDGAR under the existing
process for six months after enrollment ends.\45\ We are offering the
legacy filing process for six months from March 24, 2025 through
September 12, 2025, during which time filers may also enroll. In
addition, we are allowing filers to continue to enroll on the dashboard
for an additional three months after the compliance date.\46\ The 12
months that precede compliance, consisting of six months to prepare for
the changes and six months to enroll while legacy filing processes
continue, plus an additional three months after compliance to enroll,
effectively operate as a phased-in implementation of the new
requirements, and permits filers multiple means of accessing EDGAR,
while they coordinate with their filing agents and other relevant
parties regarding how they will manage their accounts, and ensures
timely compliance.\47\ We considered comments regarding offering the
legacy filing process beyond the transition period, but we determined
that doing so would increase the risk of EDGAR security issues arising
by delaying the implementation of, among other things, multifactor
authentication and individual account credentials.\48\
---------------------------------------------------------------------------
\44\ See, e.g., Comment Letter of Donnelley Financial Solutions
(May 8, 2024) (``DFIN II Comment Letter'') (``[W]e encourage the
Commission to consider supporting the current authentication method
for an overlapping period of time as an alternative during the EDGAR
Next roll out. This will help with the transition and minimize
market disruption.''); SCG Comment Letter (``We agree with DFIN's
suggestion that registrants and their Section 16 filers should be
allowed to use current authentication methods during the transition
to EDGAR Next to minimize disruptions or filing delays.'')
\45\ See SCG Comment Letter (``We also ask that the Commission
consider allowing all Section 16 filers to continue to use the
existing EDGAR system for an additional six months after the
enrollment period ends, so they do not miss any deadlines while the
enroll in EDGAR Next.'') (emphasis in original).
\46\ Further, the commenter appeared to base the comment in part
upon the assumption that there would be a one-month preparation
period prior to enrollment in EDGAR Next. Instead, the Commission is
offering filers a six-month preparation period which we believe will
allay the commenter's expressed concerns.
\47\ See SCG Comment Letter (``[t]he Commission has prudently
provided phased-in implementation for other rules, such as for XBRL
tagging and the Form 8-K cybersecurity incident disclosure rules,
and we believe that a phased-in approach makes sense given the
hundreds of corporate directors who may have to obtain Login.gov
accounts and then enroll through the EDGAR Next dashboard.'').
\48\ In addition, it is not technically feasible for EDGAR to
extend legacy filing processes for one subset of filers.
---------------------------------------------------------------------------
Several commenters suggested that filers should have the option to
use alternatives to Login.gov as technology evolves.\49\ Another
commenter requested alternatives to Login.gov in the event the service
is unavailable but did not suggest what alternatives were
appropriate.\50\ Another commenter approved of the choice of
Login.gov.\51\ Login.gov is a secure Federal sign-in service that
aligns with the modern security practices set forth in the executive
order and follows the digital identity guidelines for Federal agencies
issued by NIST, as indicated above. Using a single secure sign-in
service strengthens the ability of Commission staff to monitor,
identify, and address login issues related to EDGAR. It also increases
efficiency in terms of EDGAR and filer programming, maintenance and
customer support and ensures that individuals attempting to access
EDGAR are able to achieve similar experiences in the login process.
Moreover, we are not aware of any recurrent Login.gov outage issues
that necessitate implementing additional Federally accepted tools. If
in the future it is possible to meet the Commission's goals of
individual traceability and multifactor authentication with improved
alternative technology, that technology will be considered as
appropriate. EDGAR will be able to substitute or add other methods of
obtaining individual account credentials and completing multifactor
authentication if it is beneficial to do so. If the Commission
determines to change or add methods of authentication to EDGAR, we
would inform filers in advance and specify the changes in the EDGAR
Filer Manual.
---------------------------------------------------------------------------
\49\ See DFIN II Comment Letter (``We continue to believe that
Edgar filers should have the optionality to use alternatives to
Login.Gov as technology offerings evolve.''); Comment Letter of the
Investment Company Institute (September 11, 2024) (``ICI Comment
Letter'').
\50\ See SCG Comment Letter (``There will be busy filing
periods, such as 40 days after the end of a fiscal quarter when
larger companies make their periodic filings, where it would be
helpful to have alternative platforms for authentication in case
Login.gov is not available.'').
\51\ See Toppan Merrill Comment Letter (``Login.gov is a good
choice for EDGAR access since it was created and is maintained by
the federal government. It is already utilized by other government
agencies and some public users.'').
---------------------------------------------------------------------------
Some commenters raised concerns that requiring individual account
credentials for EDGAR access could be burdensome and confusing in
specific situations, such as where individuals sit on multiple boards
of different issuers, or an individual retires or is terminated.\52\
The use of individual account credentials and multifactor
authentication is a widely used account management process. While we
acknowledge that requiring individual account credentials imposes some
additional burden in that it interposes a new step in the EDGAR access
process, we do not believe that requiring individual account
credentials will be unduly burdensome or confusing because the use of
individual user permissions is a standard practice in software
applications and computer systems. Moreover, certain examples cited by
commenters appear to stem from some confusion regarding dashboard
authorization as it pertains to individual account credentials.
---------------------------------------------------------------------------
\52\ See, e.g., XBRL II Comment Letter (discussing situations
involving individual filers who sit on multiple boards of different
issuers); Comment Letter of Workiva (November 20, 2023) (``Workiva
Comment Letter'') (noting that individual account credentials must
be managed at an individual level, which could cause problems for
filers if individuals retire or are terminated).
---------------------------------------------------------------------------
Several commenters raised concerns about specific scenarios
involving individual account credentials, such as when an individual
the filer has authorized to act on her behalf retires or is
terminated,\53\ or when an individual sits on multiple boards.\54\ In
the first scenario, an account administrator would be able to remove
the authorization of an individual on the dashboard, at which point the
individual could no longer use her individual account credentials to
access the filer's account. In the second scenario, an individual who
sits on multiple boards would be able to make submissions on any of her
EDGAR accounts in several different ways. First, the individual need
not obtain Login.gov individual account credentials or interact with
the dashboard at all if she authorized one or more individuals employed
at her filing agents or other relevant companies as her account
administrators (up to a total of 20) with notarized powers of attorney,
as discussed above. Second, she could log
[[Page 106174]]
into the dashboard and delegate to her filing agents and other relevant
companies the authority to make submissions on her behalf. Third, the
individual could log into the dashboard and authorize account
administrators or users of her choice to make submissions on her
behalf. Fourth, she could be her own account administrator or user and
log into the dashboard with her individual account credentials and make
submissions. We further note that for enrollment, she can authorize
individuals as her account administrators without presenting a
notarized power of attorney, although we advise section 16 and other
filers to carefully plan whom they authorize to enroll them in EDGAR
Next. Once a filer has authorized account administrators, the account
administrators would make submissions on the filer's behalf and
otherwise manage the account and perform annual confirmation. Given
these various options and solutions, we do not believe that the final
amendments' requirements are onerous.
---------------------------------------------------------------------------
\53\ See Workiva Comment Letter.
\54\ See XBRL II Comment Letter.
---------------------------------------------------------------------------
Commenters also asserted that individual account credentials would
not guarantee EDGAR security, since for example individuals could
intentionally share their individual account credentials with
unauthorized persons or EDGAR could be otherwise compromised.\55\ We
acknowledge that requiring individual credentials will not entirely
remove threats to EDGAR security, but mandating such credentials will
improve the overall security of the EDGAR system. For example, even if
the individual account credentials were shared, Commission staff and
filers would know whose credentials were shared. Moreover, the use of
individual account credentials that employ multifactor authentication
complies with current best practices for information security at U.S.
Federal agencies, such as those described in the executive order and
the NIST digital identity guidelines.
---------------------------------------------------------------------------
\55\ See, e.g., Workiva Comment Letter (stating that delegated
entities may try to share individual account credentials for a
single individual among various employees at the delegated entity);
XBRL II Comment Letter (noting that multifactor authentication would
protect the Filer Management dashboard but would not stop malicious
entities who somehow obtained the filer's filer API token and user
API token from using those tokens).
---------------------------------------------------------------------------
Individual account credentials will enhance the ability of filers
to securely maintain access to their EDGAR accounts. Filers currently
share access codes among multiple individuals, making it difficult to
track with whom the codes are shared or to trace a filing to a specific
individual. The use of individual account credentials should enable
Commission staff and those with filing obligations to determine more
easily the individuals making specific filings on EDGAR, because the
person-specific nature of the credentials coupled with the individual's
multifactor authentication will identify individuals associated with
EDGAR actions--unlike access codes, which are tied to a particular
EDGAR account rather than to an individual.\56\ Linking individuals to
the filings they make will be particularly useful for Commission staff
and filers when problematic filings are made on EDGAR and will enhance
the security and integrity of the system. Thus, for example, without
individual account credentials, if an EDGAR filing is submitted that
appears on its face to be materially misleading, Commission staff and
the filer may confer about the contents of the filing, but it may be
difficult for them to ascertain who submitted it given that the filer
may have widely shared its access codes.
---------------------------------------------------------------------------
\56\ See amended EDGAR Filer Manual, Volume I, at section 3(a).
---------------------------------------------------------------------------
To address the concern that security may be compromised by
individuals intentionally sharing their individual account credentials
with unauthorized persons,\57\ we are amending the EDGAR Filer Manual
to clarify that individual account credentials may not be shared with
other individuals. The Commission intends that individual account
credentials identify the individual who takes action on EDGAR and
sharing of credentials defeats that goal. In addition, the sharing of
individual account credentials among multiple individuals undermines
the purpose of multifactor authentication, which is intended to be
specific to a known individual.
---------------------------------------------------------------------------
\57\ See, e.g., Workiva Comment Letter (stating that delegated
entities may try to share individual account credentials for a
single individual among various employees at the delegated entity).
---------------------------------------------------------------------------
Use of individual account credentials also will provide additional
assurance that only individuals who have been properly authorized by
the filer can take actions on the filer's behalf on EDGAR. Currently,
filers' interactions with EDGAR require the use of several codes.
Because individual account credentials will be used to authenticate
individuals accessing EDGAR pursuant to Rule 10 as amended, the EDGAR
password, password modification authorization code (``PMAC''), and
passphrase will not be needed to make submissions after the compliance
date, as discussed in section II.H.\58\ The historic use of several
codes with differing functions is not in accord with current industry
best practices. The use of individual account credentials aligns more
closely with modern access processes, including multifactor
authentication, as set forth in the executive order and the NIST
guidelines discussed above.
---------------------------------------------------------------------------
\58\ Filers enrolling during the three-month period after the
compliance date will be required to present the CIK, CCC, and
passphrase to complete enrollment.
---------------------------------------------------------------------------
The CCC will continue to function as the code required for filing,
but those seeking to make submissions will also need to sign in with
individual account credentials, complete multifactor authentication,
and be authorized by the filer or an account administrator for the
filer. Because of these additional safeguards, the filer's CCC will be
displayed on the dashboard for account administrators and users.
One commenter suggested eliminating the CCC as unnecessary given
the requirement to authorize individuals through the dashboard.\59\ In
addition to dashboard authorization, EDGAR will continue to require the
CCC to provide additional security, for example, to complement API
tokens, as well as to avoid the need to make additional infrastructure
and form changes to EDGAR at this time. To maintain the CCC in a secure
environment and remove the need for a filer to email or circulate the
CCC, the CCC will appear on the dashboard of individuals authorized to
make submissions for the filer.\60\ The CCC may be eliminated in the
future if feasible from a technical and security standpoint.
---------------------------------------------------------------------------
\59\ See Comment Letter of the Securities Industry and Financial
Markets Association (``SIFMA Comment Letter'') (``[I]t would seem
that by granting authority to the agent through EDGAR Next, there
would not be a need for the CCC.'').
\60\ Specifically, this will include the filer's account
administrators, users, delegated administrators, and delegated
users.
---------------------------------------------------------------------------
One commenter indicated that certain Login.gov multifactor
authentication methods are restricted in certain countries.\61\ While
we understand that not all the methods for multifactor authentication
on Login.gov may be available to those in certain countries, we note
that Login.gov offers individuals several different authentication
methods, including a security key, certain Federal Government employee
or military cards, authentication applications, biometric (face or
fingerprint) verification, text message/SMS or telephone call, and
backup codes. Further, there are several authentication applications
accepted by
[[Page 106175]]
Login.gov.\62\ Individuals need only choose one method available to
them. Therefore, we expect that filers in such countries will be able
to choose an alternative method on Login.gov to satisfy the multifactor
authentication requirement.
---------------------------------------------------------------------------
\61\ See SCG Comment Letter (``In addition, some features of
Login.gov (e.g., text or voice MFA options) are restricted in
certain countries, which could impose an added burden on filers
based outside the United States.'').
\62\ Current Login.gov authentication applications include
Android and iOS options (Google Authenticator, Authy, LastPass,
1Password), Windows and Mac apps (1Password and OTP Manager), and
Chrome extensions (Authenticator). See generally Login.gov,
Authentication Options at https://www.login.gov/help/get-started/authentication-options/.
_____________________________________-
Another commenter asserted that in lieu of individual account
credentials and multifactor authentication, as contemplated in the
Proposing Release, Login.gov should allow EDGAR authentication via
EDGAR Next API keys.\63\ API keys alone, however, do not provide the
security assurances of multifactor authentication.
---------------------------------------------------------------------------
\63\ See Block Transfer Comment Letter (``[W]e respectfully
submit to the Commission that Login.gov might present material
benefits to issuers if it replaced the proposed security interface
using EDGAR Next API keys.'').
---------------------------------------------------------------------------
B. Individual Roles: Account Administrator, User, Technical
Administrator
Paragraph (d)(2) of Rule 10 as proposed and adopted requires each
filer to authorize and maintain at least two individuals with
individual account credentials as account administrators to manage the
filer's EDGAR account and to make submissions on EDGAR on behalf of the
filer, unless the filer is an individual or single-member company,\64\
in which case the filer will be required to authorize and maintain at
least one individual with individual account credentials as an account
administrator.\65\
---------------------------------------------------------------------------
\64\ As defined in amended Rule 11 and amended Form ID, a
``single-member company'' will be a company that has a single
individual who acts as the sole equity holder, director, and officer
(or, in the case of an entity without directors and officers, holds
position(s) performing similar activities as a director and
officer).
\65\ Minor revisions to paragraph (d)(2) as proposed were made
to the paragraph as adopted to clarify that each individual or
single-member company electronic filer must authorize and maintain
at least one individual as an account administrator to manage its
EDGAR account.
---------------------------------------------------------------------------
Account administrators, acting on behalf of the filer, may
authorize and de-authorize individuals with individual account
credentials as users, additional account administrators, or technical
administrators for the filer, as needed, using the dashboard (or the
optional APIs that will enable filers to access much of the dashboard's
functionality via machine-to-machine connections).\66\ This process is
illustrated in diagram 1 below.
---------------------------------------------------------------------------
\66\ See the EDGAR Next page on SEC.gov for guidance regarding
actions on the dashboard.
[GRAPHIC] [TIFF OMITTED] TR27DE24.011
An individual could be authorized to perform more than one role for
a filer. For example, one individual could be both an account
administrator and a technical administrator, or one individual could be
both a technical administrator and a user. An account administrator
could not be a user, however, because account administrators can
perform all the functions of a user themselves, including making
submissions on EDGAR. Analogous roles will exist at delegated entities.
The key functions that could be performed by each role are illustrated
in diagram 2 below.
[[Page 106176]]
[GRAPHIC] [TIFF OMITTED] TR27DE24.012
1. Account Administrators
Paragraphs (d)(4), (5), and (6) of Rule 10 as proposed and adopted
require that the filer, through its account administrators, maintain
accurate and current information on EDGAR concerning the filer's
account and confirm such information annually, and securely maintain
information relevant to the ability to access the filer's EDGAR
account, including but not limited to access through optional APIs.
Commenters broadly supported the implementation of account
administrators to manage filers' accounts,\67\ although commenters
raised concerns about specific issues as discussed below.
---------------------------------------------------------------------------
\67\ See, e.g., Cory I Comment Letter (``One of the cornerstones
of EDGAR Next is the requirement for filers to designate account
administrators. . . . In an era of machine-driven manipulation, this
human oversight is crucial for detecting and preventing illicit
activities.''); Toppan Merrill Comment Letter (``Yes, a required
account Administrator [sic] role is necessary for every filer (every
CIK). Ideally two Administrators [sic] should be required.'').
---------------------------------------------------------------------------
Under EDGAR Next, each filer will be responsible, through its
account administrators, for the security of the filer's EDGAR account
and the accuracy of the filer's information on EDGAR. Account
administrators will manage the filer's account on the dashboard or
through optional APIs replicating most dashboard functionality in
machine-to-machine connections. The filer will be required, through its
account administrators, to perform annual confirmation on the
dashboard. Account administrators will also be able to use the
dashboard or optional APIs to add and remove users, account
administrators and technical administrators (including removing
themselves as an account administrator); create and edit groups of
users; delegate filing authority to other EDGAR accounts and remove
delegation; generate a new CCC; and receive notifications regarding
significant events affecting the account (notifications will also be
emailed to the account administrator's email address provided to
EDGAR). Further, account administrators will be able to make
submissions on behalf of the filer on EDGAR, which will allow filers to
manage their accounts and make submissions through a limited number of
individuals, if they choose. Each account administrator will be co-
equal, possessing the same authority and responsibility to manage the
filer's EDGAR account. All actions required to be performed by account
administrators can be performed by any of them individually and will
not require joint action.
In addition, account administrators will serve as the points of
contact for questions from Commission staff regarding the filer's
account.\68\ One commenter suggested that existing filers with a single
EDGAR point of contact for information, inquiries, and access codes
(``EDGAR POC'') typically rely upon legal staff, whereas under EDGAR
Next those filers may choose to authorize, for example, services staff
as account administrators.\69\ The commenter stated that the EDGAR POC
for existing filers should be automatically enrolled as a ``super
administrator'' for the filer and notified regarding significant events
affecting the account.\70\ Because filers may wish to designate a
single account administrator as a primary EDGAR POC, EDGAR will offer
an option to allow account administrators to designate one account
administrator as the filer's EDGAR POC. EDGAR will by default designate
the first account administrator listed on Form ID or an existing
filer's enrollment as the filer's EDGAR POC. The filer, through its
account administrator, may
[[Page 106177]]
change its EDGAR POC thereafter on the dashboard. Commission staff may
contact the filer's other account administrators if, for example, the
EDGAR POC cannot be reached or is nonresponsive. The EDGAR POC will not
be a ``super administrator,'' as suggested by the commenter, however,
and each account administrator will have co-equal authority to take
action on EDGAR as well as to receive notices of actions on the filer's
account. Other than acting as a central point of contact, the EDGAR POC
will not differ in any other respect from other account administrators.
---------------------------------------------------------------------------
\68\ Technical administrators will serve as the Commission
staff's points of contact regarding the filer's use of the APIs. See
infra section II.B.3.a.
\69\ See Workiva Comment Letter (``The current POC is likely a
different type of staff, such as legal staff, from the
administrators who are likely to be reporting or services staff.'').
\70\ See Workiva Comment Letter (``We further suggest
automatically enrolling the current POC as super administrator. The
super administrator should be contacted before any severe action on
the EDGAR account is taken, such as account deactivation.'').
---------------------------------------------------------------------------
Several commenters stated that the dashboard should provide a
mechanism for authorized users or other interested parties to easily
identify and contact the filer's account administrators.\71\ The
dashboard will be enhanced to provide this functionality. In this
regard, account administrators will also serve as points of contact for
technical administrators, users and delegated entities.
---------------------------------------------------------------------------
\71\ See, e.g., XBRL II Comment Letter (``There should be a
mechanism in the filing management dashboard where the company (e.g.
technical admin) can identify and contact their administrators . .
.''); Workiva Comment Letter (``[A] a user may not necessarily know
who the administrators are to contact. We suggest adding a ``Contact
Administrator'' function in the EDGAR Dashboard to facilitate.'').
---------------------------------------------------------------------------
a. Filer Authorization of Account Administrators
As proposed and adopted, applicants for EDGAR access will designate
on amended Form ID the individuals that the filer authorizes as account
administrators.\72\ Pursuant to paragraph (d)(1) of Rule 10 as proposed
and adopted, the filer can only authorize individuals as account
administrators if those individuals obtain individual account
credentials in the manner specified in the EDGAR Filer Manual. We are
adopting the amendments to Form ID largely as proposed, as discussed in
section II.F.3. In response to commenter concerns, however, it will not
be necessary for Form ID to be completed or submitted by one of the
applicant's prospective account administrators, as contemplated in the
Proposing Release. This change will allow a filer to choose who will
complete and submit Form ID so long as the filer complies with the
continued requirement that the form be signed by the filer's authorized
individual, as that term is defined in Rule 11 of Regulation S-T and
Volume I of the EDGAR Filer Manual, and that the signature is
notarized. Additionally, given commenter concerns that asset-backed
securities (``ABS'') issuing entities that make ``Request Asset-Backed
Securities (ABS) Issuing Entities Creation'' submissions (``ABSCOMP''
submissions'') should have their account information automatically
copied to any serial companies, EDGAR will allow for new serial
companies requested to be created via the ABSCOMP process to
automatically inherit all dashboard information associated with the ABS
issuing entity that made the ABSCOMP submission.
---------------------------------------------------------------------------
\72\ A separate process of enrollment will be employed to
transition existing filers, as discussed in section II.H.
---------------------------------------------------------------------------
Consistent with current requirements, an applicant must complete
Form ID and electronically submit it, and also upload a copy of the
completed Form ID signed by an authorized individual of the applicant
with the signature notarized. As a departure from what we contemplated
in the Proposing Release, it will not be necessary for Form ID to be
completed or submitted by one of the applicant's prospective account
administrators. Some commenters were concerned that requiring an
account administrator to complete and submit Form ID would be
burdensome and unnecessarily restrictive.\73\ We understand that
providing flexibility in terms of who completes and submits Form ID
will facilitate the application process.
---------------------------------------------------------------------------
\73\ See, e.g., Comment Letter of Donnelley Financial Services
(November 21, 2023) (``DFIN Comment Letter'') (``[In addition to
account administrators,] any ``User'' should also be allowed to
submit a Form ID. The account administrator(s) might be busy,
unavailable, or decide it's a menial task.''); Workiva Comment
Letter (``[I]t is not necessary to require an account administrator
to submit the Form ID. A user should also be able to submit the Form
ID. The Form ID is already required to be signed and notarized by
authorized personnel. . . . A user is adequate for submission.'').
---------------------------------------------------------------------------
As contemplated in the proposal, entity applicants will be able to
authorize as account administrators either (i) individuals employed at
the filer or an affiliate of the filer or (ii) any other individual
provided the filer submits a notarized power of attorney authorizing
that individual to be its account administrator.\74\ Individual
applicants will be able to authorize as account administrators either
(i) themselves or (ii) any other individual provided the filer submits
a notarized power of attorney authorizing that individual as account
administrator. Commenters provided mixed feedback on this issue, with
one supporting the notarization requirement as contemplated in the
proposal; another advancing that the requirement should not apply to
employees of affiliates; and another expressing concern that the
notarization requirement as a whole would be unduly burdensome.\75\
Although we acknowledge the added time and effort required to obtain a
notarized power of attorney, the process is relatively straightforward,
analogous to the current process of notarization of the authorized
individual signature on Form ID, and not unduly time consuming.
Moreover, the process will provide greater assurance that a filer
indeed intends to authorize an individual not employed at the filer or
an affiliate of the filer to manage the filer's EDGAR account. We
therefore are implementing the notarized power of attorney requirements
as proposed, and the amended Form ID and EDGAR Filer Manual will
reflect those requirements.
---------------------------------------------------------------------------
\74\ The amended EDGAR Filer Manual specifies that an
``authorized individual'' must sign a power of attorney on behalf of
the filer in this context. See amended EDGAR Filer Manual, Volume I,
at section 3.
\75\ See, e.g., Toppan Merrill Comment Letter (``We support the
proposal to have the initial account administrator require a
notarized power of attorney, if applicable.''); DFIN Comment Letter
(``[I]f the account administrator is an employee of the filer's
affiliate, they should not be required to be authenticated via a
notarized power of attorney.''); Workiva Comment Letter (``We
believe that a notarized power of attorney should not be required to
add an employee of another entity as an administrator. This could
significantly increase the burden for the individual reporting
owners. . . .'').
---------------------------------------------------------------------------
A commenter questioned why the requirement to present a notarized
power of attorney to authorize an employee of an entity other than the
filer as account administrator on Form ID is needed when authorization
of additional account administrators through the dashboard does not
require notarization.\76\ The requirement to present a notarized power
of attorney to authorize individuals who are not employed at the
applicant or an affiliate as account administrators on Form ID provides
Commission staff--who review each Form ID to determine whether access
should be granted--a means of confirming that these individuals are
indeed authorized on behalf of the applicant. The requirement lessens
the risk that unauthorized persons will attempt to establish or access
an account by submitting a false or misleading Form ID. We did not
include a notarization requirement for account administrators added
through the dashboard, because once Commission staff grant access to
EDGAR, filers are responsible, through their account administrators,
for the security of the
[[Page 106178]]
filer's EDGAR account and the accuracy of the filer's information on
EDGAR. Filers can take the additional steps they determine are
necessary to comply with the Rule 10 and EDGAR Filer Manual
requirements to secure their accounts.
---------------------------------------------------------------------------
\76\ See Workiva Comment Letter (``In addition, since the power
of attorney is only needed initially, and once an administrator is
added to the EDGAR Dashboard additional administrators can be added
without a new power of attorney; it seems inconsistent and somewhat
arbitrary that there is a higher threshold for the first one.'').
---------------------------------------------------------------------------
We also received several comments regarding the authorization of
account administrators in situations unique to specific types of
filers. One commenter recommended that account administrators
associated with ABS issuing entities that make ABSCOMP submissions
should automatically be copied to any serial companies created as a
result of that submission, and another commenter suggested that all
account information associated with the ABS issuing entity should be
automatically copied over to the newly created serial companies.\77\ Up
to 100 serial companies can be created via a single ABSCOMP submission,
and we recognize that it would be time consuming to require identical
addresses, account administrators, and other information to be manually
inputted for each serial company. Consequently, the ABSCOMP process
will be available in the dashboard, and new serial companies requested
to be created via that process will automatically inherit all dashboard
information (e.g., contact information, account administrators, users,
technical administrators, and delegations) associated with the ABS
issuing entity that made the ABSCOMP submission. Changes to the
inherited information could be made after creation of the new serial
companies. For example, individuals could be added or removed on the
dashboard by the serial company's account administrators, while filer
information such as name, address, and State of incorporation could be
updated via Company Update submissions (``COUPDATs''), consistent with
current practice.
---------------------------------------------------------------------------
\77\ See DFIN Comment Letter (``[T]he Account Administrator and
information from the ABS Issuer's Account Administrator should be
copied to the new serial account, after which, any changes can be
made.''); Cadwalader, Wickersham & Taft LLP Comment Letter (November
21, 2023) (``Cadwalader Comment Letter'') (``For [commercial
mortgage-backed securities] issuers, allowing automatic inheritance
by the individual serial trusts of all information from the
depositor would be the most efficient approach.'').
---------------------------------------------------------------------------
Another commenter indicated that making the ABSCOMP process
available in the dashboard would be sufficient for ABS entities to
manage the creation of new EDGAR accounts and suggested that similar
functionality should be provided for other issuers that have a
structure with multiple related parties, such as co-registrants and
beneficial ownership reporting filers, to allow them to more easily
manage EDGAR accounts.\78\ We have determined not to extend the above-
described ABSCOMP process to include other entities such as investment
companies and co-registrants, because ABSCOMP is unique in allowing
rapid creation of multiple serial companies via a single transaction,
predicated in part upon the serial companies all being largely
identical (e.g., contact information, account administrators, etc.). In
contrast, although beneficial ownership reporting filers and co-
registrants may be related parties, each of these filers typically
possesses separate filer-specific information such as name, address,
and contact information. Furthermore, these filers could have separate
reporting obligations (for example, beneficial ownership reporting
filers in the context of different issuers, and co-registrants in the
context of different securities offerings). Thus, in the EDGAR Next
framework, each of these filers presumably would want to authorize her
own account administrators, and it would be inappropriate to
automatically assign all such filers the same account administrators.
In addition, the optional APIs being added to EDGAR Next should serve
to mitigate any additional burdens for these filers by allowing the
filers to rapidly add account administrators and make other changes as
necessary, as discussed further in section II.E below.
---------------------------------------------------------------------------
\78\ See Toppan Merrill Comment Letter (``The proposed
functionality for an ABS account administrator to access the
dashboard for serial companies could be utilized for other issuers
who have a related structure with multiple entities . . .
[i]ncluding . . . corporate issuers with co-registrants [and]
beneficial ownership reporting filers (e.g., 144, SC 13D, SC 13G,
and section 16 filers), and ABS issuers . . . . If the existing
option to create a serial company by the `ABSCOMP' process is
available in EDGAR Next functionality that will be sufficient for
ABS entities to manage creating new CIKs.'').
---------------------------------------------------------------------------
The Proposing Release also requested comment on whether elimination
of the ability of ABS issuers to create new ABS serial companies ``on
the fly'' when filing a 424H submission would cause any problems, given
that the EDGAR Next framework would continue to allow ABS issuers to
request creation of serial companies via ABSCOMP submissions. We
received no comments on this issue. EDGAR data indicates that ABS
issuers have not used the ``on the fly'' process for several years, and
accordingly EDGAR will be updated to remove the ability of ABS issuers
to create new serial companies ``on the fly.''
b. Number of Account Administrators
As contemplated in the proposal, paragraph (d)(2) of Rule 10 as
adopted requires filers who are individuals or single-member companies
to authorize and maintain at least one account administrator; all other
filers will be required to authorize and maintain at least two account
administrators. The maximum number of account administrators on the
dashboard is 20. Although individuals and single-member companies are
only required to authorize and maintain at least one account
administrator, we encourage them to authorize additional account
administrators in the event the sole account administrator becomes
unavailable to manage the account.
Commenters generally supported the proposed requirement to maintain
a minimum of two account administrators,\79\ although various
commenters recommended technical changes or additional clarification.
One commenter sought clarification regarding whether, for single-member
companies and individuals, the required account administrator must be
the single member or individual herself.\80\ Paragraph (d)(2) of Rule
10 does not require this. Filers will have the flexibility to authorize
individuals at their filing agents or other third parties as account
administrators, so long as they provide notarized powers of attorney
authorizing those individuals. Another commenter requested that an
additional warning be provided when the ``single-member company''
selection is made to alert the filer that she would be unable to manage
her EDGAR account if the single account administrator is not
available.\81\ A warning notice will be added to the online version of
Form ID as requested if the ``single-member company'' selection is
made. Separately, although single-member companies will only be
required to have a single account administrator, we encourage filers to
authorize additional account administrators on the dashboard as
[[Page 106179]]
necessary (up to a maximum of 20) to ensure that an account
administrator is always available to take necessary actions.
---------------------------------------------------------------------------
\79\ See, e.g., Toppan Merrill Comment Letter (``Yes, we believe
requiring two account administrators is appropriate.''); Workiva
Comment Letter (``We believe at least two account administrators for
filing entities (other than single-member companies) is
appropriate.'').
\80\ See Workiva Comment Letter (``For individuals and single-
member companies, please clarify if the one minimum administrator
must be the individual himself or herself.'').
\81\ See Toppan Merrill Comment Letter (``We suggest that
additional warnings are provided when the `single-member companies'
selection is made. The warning should alert that access to the filer
management website will be lost if the single administrator is no
longer available, which may lead to loss of ability to file on
EDGAR'').
---------------------------------------------------------------------------
Requiring most filers to authorize at least two account
administrators will increase the ability of filers to manage their
EDGAR accounts without interruption. Thus, if an account administrator
unexpectedly resigns or otherwise ceases to be available to manage the
filer's account, the remaining account administrators will continue to
manage the account and will be able to authorize additional account
administrators. If the account administrator who seeks to resign is one
of the required two account administrators for an entity filer, then
that account administrator could not be removed from the filer's EDGAR
account unless the filer first added another account administrator
through the dashboard to meet the required minimum of two account
administrators. For example, if there are two account administrators
for the account and one unexpectedly becomes unavailable, the remaining
account administrator could add another account administrator to the
account and then remove the unavailable individual. For individual and
single-member company filers, at least one account administrator will
always be required because those filers typically consist of only one
individual. A dashboard limit of 20 account administrators should be
sufficient to allow for management of large accounts, while avoiding
the confusion that a larger number of account administrators might
cause.
We encourage filers to authorize more than the minimum number of
account administrators, if possible, because if all account
administrators for a filer cease to be available to manage the filer's
account, the filer will be required to submit a new Form ID to
authorize new account administrators.\82\
---------------------------------------------------------------------------
\82\ In this case, the filer would select the option on Form ID
indicating that it had lost electronic access to its existing CIK
account. This option also encompasses other scenarios, such as when
a filer loses access due to failure to satisfy required annual
confirmation requirements. See infra note 90.
---------------------------------------------------------------------------
c. Account Administrator Authorization and Removal of Users, Technical
Administrators, and Other Account Administrators
An account administrator will be able to add or remove an
individual as a user, account administrator, or technical administrator
for an EDGAR account through the dashboard, as discussed in the
Proposing Release. An account administrator will ``add'' the individual
on the dashboard and EDGAR will send an invitation to the individual by
email and through the dashboard (if the individual has a role for any
filer on EDGAR) indicating that the account administrator for the filer
sought to add her to the filer's account in a particular role or roles.
The individual must accept the invitation, either through the email or
on the dashboard, to accept the new role(s) and become authorized in
those role(s) for the filer. The same process of invitation both
through email and the dashboard applies to all invitations, and the
individual receiving the invitation may accept via the email or the
dashboard invitation.
Commenters expressed general support for notifying filers when an
account administrator removes or adds another account
administrator.\83\ Some commenters, however, expressed the view that
while filer notification would be appropriate, filer consent is not
necessary and should not be required.\84\ In response to this point,
EDGAR will be enhanced to provide notifications to all relevant account
administrators through the dashboard and by email when individuals are
added or removed from an account, or the roles for those individuals
are changed. The discussion of this matter in the Proposing Release did
not indicate that filers would need to consent to these changes, and
EDGAR will not require such consent for the changes to be effective.
These notifications will allow account administrators to monitor
relevant activity while minimizing the delay that might result from
approval of each individual action.
---------------------------------------------------------------------------
\83\ See, e.g., XBRL II Comment Letter (``As well as requiring a
minimum of two administrators . . . we do think notification is
appropriate. Alerting other administrators when an administrator is
added or leaves will improve the ability for the network to react to
administrator changes.''); DFIN Comment letter (``We also think that
a filer should be notified when additional account administrators
are added or removed.'').
\84\ See XBRL II Comment Letter (``Addition without consent
should be allowed, to manage emergencies that may arise. . . We
understand that there is still a potential risk with rogue actors at
firms, but firms are managing the risk of rogue actor employees
today and should be left to manage that problem in regard to EDGAR
Next.''); Workiva Comment Letter (``We believe the filer's consent
is not necessary as long as the filer has an administrator that will
be notified and can take additional action if needed.'').
---------------------------------------------------------------------------
d. Annual Confirmation
Paragraph (d)(4) of Rule 10 as proposed and adopted requires each
filer to perform an annual confirmation on EDGAR that all the filer's
users, account administrators, technical administrators, and delegated
entities are authorized by the filer to act on its behalf, and that all
information related to the filer reflected on the filer's dashboard is
accurate. Account administrators will act for the filer to carry out
this function. Annual confirmation will assist the filer in tracking
those authorized to file on EDGAR and will provide an opportunity for
account administrators to confirm the accuracy of those individuals and
delegated entities associated with the filer and to remove those no
longer authorized. In a change from what was contemplated in the
Proposing Release, in response to commenter concerns, we are extending
the grace period before account deactivation for filers that fail to
timely perform annual confirmation from two weeks (as discussed in the
Proposing Release) to three months following the annual confirmation
deadline. During the three-month grace period, filers will be able to
continue to make submissions and take actions on EDGAR as usual, while
account administrators will receive notices reminding them to complete
annual confirmation by the end of the grace period, as discussed in
more detail below.
To provide flexibility to filers, EDGAR will allow account
administrators to select one of four quarterly dates as the filer's
ongoing confirmation deadline: March 31, June 30, September 30, and
December 31 (or the next business day if the date falls upon a weekend
or holiday when EDGAR is not operating). An account administrator need
not wait until the deadline to confirm. An account administrator may
choose to perform confirmation at an earlier date within the quarter
when confirmation is due. Further, an account administrator will be
able to perform confirmation on any date in a quarter earlier than the
quarter of the current deadline, thereby changing the quarter when
confirmation is due going forward. Confirmation in an earlier quarter
will result in a confirmation deadline one year after the end of the
quarter in which the early confirmation occurred. For example, if a
December 31 confirmation deadline were selected by the account
administrator for the initial annual confirmation, but the account
administrator submitted the confirmation for the following year in
August, the filer's annual confirmation deadline for the next year
would be September 30 (or the next business day, if the date fell upon
a weekend or holiday when EDGAR was not operating).
Commenters generally expressed support for account administrator
performance of annual confirmation as contemplated in the Proposing
[[Page 106180]]
Release.\85\ One commenter asserted that annual confirmations would be
overly burdensome, while two other commenters recommended that
confirmations be performed more frequently than annually, such as
quarterly or every six months.\86\ We believe that annual confirmation
strikes the appropriate balance of periodically ensuring the accuracy
of filers' information in EDGAR, without unduly burdening filers and
account administrators. To facilitate the confirmation process and
remind account administrators about confirmation deadlines, as
discussed in the Proposing Release, EDGAR will provide periodic notices
to account administrators both by email and on the dashboard regarding
each upcoming confirmation deadline, a notice of completion of
confirmation, and numerous notices of failure to timely confirm prior
to deactivation of the account. Specifically, prior to the confirmation
deadline, EDGAR will send notices six weeks, three weeks and each of
the five business days leading up to the confirmation deadline.If
filers fail to perform annual confirmation on or before the
confirmation deadline, EDGAR will send reminders to all account
administrators for the filer each business day after the confirmation
deadline until expiration of the three-month grace period. EDGAR will
also offer an optional API to allow filers to programmatically check
filing credentials and upcoming confirmation deadlines.
---------------------------------------------------------------------------
\85\ See, e.g., DFIN Comment Letter (``The proposed annual
confirmation requirement is sufficient''); Cadwalader Comment Letter
(for annual confirmation for serial trusts, ``We believe that such
an approach is both appropriate and efficient.''); Toppan Merrill
Comment Letter (asserting that the annual confirmation requirement
would create additional burden for filers but expressing agreement
with the requirement as proposed.).
\86\ Compare Block Transfer Comment Letter (``. . . the benefits
of the security measure proposed . . . would outweigh the
significant burden it would impose on filers' internal controls.'')
with Comment Letter of Uchi (September 13, 2023) (requesting a ``3
or 6 month renewal check for the company to ensure all
administrative accounts assigned to the company are still valid as
employees incase [sic] of termination while maintaining
administrative access to said company filing permissions.'');
Comment Letter of Alexander (September 15, 2023) (same).
---------------------------------------------------------------------------
Several commenters suggested that the Commission allow bulk annual
confirmations to be performed for related EDGAR accounts, such as
accounts that share the same administrators, users, delegations, and
corporate and contact information.\87\ As discussed above, related
EDGAR accounts (such as co-registrant) may often have different
dashboard information, which suggests that bulk confirmation is not
appropriate given the need to separately review and confirm the
accuracy of dashboard information for each filer.\88\ We are further
concerned that account administrators might inadvertently perform a
bulk confirmation of hundreds of filers without carefully reviewing
each filer's information. To ensure the accuracy of the filer's
information on EDGAR, a filer must, through its account administrator,
carefully inspect the information on the filer's dashboard. As a
result, bulk confirmation will not be permitted. Filers may achieve
efficiencies in the confirmation process by leveraging optional APIs
that will allow them to rapidly add and remove individuals, change
authorized roles, and perform delegations to ensure the accuracy of
information on the dashboard prior to performing confirmation. For
example, in preparation for confirmation, a filer could view all
individuals authorized to act on behalf of the filer through an API
being made available for that purpose. If updates to the roles or
authorization of individuals were needed, the filer could add and
remove individuals and change individuals' roles through APIs being
made available for those purposes.
---------------------------------------------------------------------------
\87\ See Cadwalader Comment Letter (``On an operational level,
we do not expect individual serial trusts to have account
administrators, technical administrators, users or delegated
entities that are not also performing the same functions for the
depositor, although the depositor may have certain additional
account administrators, technical administrators, users or delegated
entities who are not assigned to all of the related serial trusts.
Therefore, depositor-level confirmation of its authorized parties
would also encompass all individuals assigned roles with respect to
each individual serial trust.''); Toppan Merrill Comment Letter
(responding to a request for comment regarding whether bulk
confirmations should be permitted by stating ``Yes, affiliated
filers with the same administrators, users, delegations, and
corporate and contact information should be allowed similar
functionality[.]'').
\88\ See supra text following note 52.
---------------------------------------------------------------------------
As noted above, the Proposing Release contemplated a two-week grace
period for filers that failed to perform annual confirmation. Some
commenters stated that the annual confirmation requirement would impose
a significant additional burden on filers and recommended that filers
should initially be suspended before they are deactivated, while others
requested an extension of the grace period before deactivating the
filer's access.\89\ After considering these comments, we will expand
from two weeks to three months the grace period following a missed
confirmation deadline, during which the filer will be able to continue
to make submissions and take actions on the filer's account as usual
and the filer's account administrators will receive a final series of
notices reminding them to complete annual confirmation. If no account
administrator performs the annual confirmation by the end of the three-
month grace period, EDGAR will deactivate the filer's access and the
filer will be required to submit a new Form ID application to request
access to file on its account.\90\ If Commission staff grant the Form
ID, the filer will continue to have the same account number/CIK
previously assigned and its filing history will be maintained. The
filer's account administrators listed on Form ID, however, will need to
invite through the dashboard, as if to a new account, additional
account administrators, and any technical administrators and users, and
delegate authority to file, if relevant. Although the need to reapply
for access and in particular the need to invite account administrators,
users, and technical administrators anew will impose an additional
burden on filers, failure to perform an annual confirmation,
particularly after receipt of multiple notices, could signal that the
filer is no longer managing or controlling the account. Removing
individuals from the filer's account upon deactivation safeguards
information regarding individuals whose information is listed on the
filer's dashboard. For example, if someone other than the original
filer's account administrators submitted a Form ID application for
access to the account, and the original account administrators did not
respond to Commission staff inquiries regarding the Form ID, the
process outlined above will prevent the new account holder from
accessing the names, addresses, and contact information of the
individuals formerly associated with the account. Collectively, this
framework will provide filers that inadvertently
[[Page 106181]]
miss their annual confirmation deadlines an additional three months
within which to perform their confirmation, during which time they will
receive multiple notices, while maintaining good account hygiene by
inactivating defunct accounts and safeguarding information regarding
individuals listed in the dashboard of defunct filers.
---------------------------------------------------------------------------
\89\ See, e.g., Workiva Comment Letter (``We strongly recommend
temporary suspension over account deactivation. . . . Failure to
confirm annually may signal a problem occurred in the notification
process rather than the filer being no longer in control of the
account. . . . Deactivation should only occur after six months of
suspension.''); XBRL II Comment Letter (``The annual confirmation
requirement will create a significant additional burden for filers
that use a filing agent's SEC credentials, in particular for those
filers who make sporadic submissions such as Section 16 filers. . .
. We encourage the Commission to consider imposing a temporary 2-
week suspension if the confirmation requirement is not met before
deactivating a nd removing information from an existing account.'').
\90\ In this case, the filer would select the option on Form ID
indicating that it had lost electronic access to its existing CIK
account. This option would also encompass other scenarios, such as
when all the filer's account administrators cease to be available to
manage the filer's account. See supra note 82.
---------------------------------------------------------------------------
e. User Groups
Largely as contemplated in the Proposing Release, the dashboard
will provide functionality to allow an account administrator to group
subsets of the filer's users into user groups. The user group function
will assist delegated entities to authorize certain of their users to
make submissions on behalf of specific filers, as explained below. By
employing user groups, the delegated administrator can add or remove
the ability to make submissions for a certain filer to all users in the
group at once and can give specific groups of users the ability to make
submissions for certain filers, leading to efficiencies of time in
managing users.
One commenter stated that EDGAR should allow multiple users to be
added to a user group simultaneously to ensure that user groups can be
built quickly and efficiently.\91\ As requested by the commenter, the
dashboard will be updated to permit filers to add multiple users to a
user group simultaneously. In addition, optional APIs will be provided
so that filers can view individuals in any role for a CIK, add
individuals, remove individuals, and change roles for individuals;
collectively, this should facilitate the ability of filers to manage
user groups.
---------------------------------------------------------------------------
\91\ See Toppan Merrill Comment Letter (``The system should
allow for multiple users to be uploaded at the same time. This will
ensure that users groups can be built quickly and efficiently.'')
---------------------------------------------------------------------------
One commenter stated that user group functionality would be
improved by allowing wildcard searches to include first and last
names.\92\ Accordingly, the dashboard will be enhanced to enable first
and last name wildcard searches of individuals.
---------------------------------------------------------------------------
\92\ See Toppan Merrill Comment Letter (``User group
functionality would be improved by allowing for wildcard searches to
include first and last names. Currently, the search disregards any
name after the space between the first and last name.'').
---------------------------------------------------------------------------
2. Users
Largely as contemplated in the Proposing Release, account
administrators will be able to authorize individuals with individual
account credentials as users to make submissions on EDGAR on behalf of
the filer.\93\ Account administrators and Commission staff will be able
to determine which users made which submissions; however, this
information will not be made public on EDGAR. The dashboard will allow
users to generate, view, and copy user API tokens, if using optional
APIs that require presentation of a user API token; view relevant
notifications (which will also be provided to users by email); and view
basic information about the filer's account, including the filer's
name, CIK, CCC, corporate and contact information, as well as contact
information for account administrators. Users will not, however, be
able to add or remove individuals from the dashboard other than
themselves. Users also will not be able to generate a new CCC.
Separately, users will be able to make COUPDAT submissions to update
filer information such as name, address, and State of incorporation, as
filers currently do.
---------------------------------------------------------------------------
\93\ Commenters were generally supportive of the user role. See
comments by Toppan Merrill, DFIN, SIFMA, and XBRL II.
---------------------------------------------------------------------------
As part of the login and authentication process for the EDGAR
filing websites, a user will be able to select the EDGAR account number
(CIK) of the entity for which submissions are being made (``login
CIK''). That CIK will be reflected in the first part of the unique
identifier associated with each submission (the ``accession
number'').\94\ Users will be able to change their login CIK at any time
to any other account for which they are authorized.
---------------------------------------------------------------------------
\94\ An accession number is a unique identifier assigned
automatically to EDGAR submissions for tracking and reference
purposes. The first 10 digits are intended to represent the CIK of
the entity making the submission, which may be an entity with
reporting obligations or a third party (such as a filing agent).
---------------------------------------------------------------------------
a. Becoming Authorized as a User
An account administrator can ``add'' an individual through a
dashboard function that will generate an invitation to the individual
to be a user for the filer's account. Prospective users will receive
email invitations from EDGAR and, if the prospective user has a role
for any EDGAR account, a notification of the invitation will appear on
the prospective user's dashboard. The individual must accept the
invitation, through either the email or dashboard invitation, to become
a user. As noted, the same process of invitation and acceptance both
through email and the dashboard applies to all invitations.
One commenter suggested the addition of functionality to allow
filers to directly authorize their financial advisers (i.e., registered
representatives of broker-dealers) to act as users.\95\ Although there
are additional requirements related to the authorization of third
parties as account administrators on Form ID, those requirements will
not apply to users.\96\ Account administrators will be able to
authorize any individual with Login.gov credentials as a user,
therefore, for example, account administrators will be able to
authorize financial advisers as users to make submissions on the
filer's behalf.
---------------------------------------------------------------------------
\95\ See SIFMA Comment Letter (``We recommend that the SEC
provide functionality that would allow retail clients to directly
authorize their financial advisers (i.e., registered representatives
of the broker-dealer) to act as a `user' for the sole purpose of
filing the Form 144s.'').
\96\ See supra note 75 and accompanying and following text
(discussing notarization requirements for individuals who are not
employed at the filer or an affiliate of the filer).
---------------------------------------------------------------------------
b. Number of Users
There will be no minimum number of users because account
administrators will be able to make submissions on behalf of the filer.
We are setting the maximum number of users per filer on the dashboard
at 500, as proposed.
The Proposing Release discussed a maximum of 500 users per filer,
based in part on feedback received from commenters on the 2021 Request
for Comment. One commenter that responded to the 2021 Request for
Comment conducted a filer survey that indicated that 4% of the filers
it surveyed would be interested in authorizing 20 or more users, up to
a maximum of 150 users per filer.\97\ In response to the 500-user limit
contemplated in the Proposing Release, one commenter agreed that a
limit of 500 users would be sufficient.\98\ In contrast, one commenter
suggested that the limit should be increased but did not provide a
specific number, while another suggested that the limit should be
tripled to 1500 users per filer on the grounds that doing so would
``accommodate larger entities.'' \99\ We believe that a maximum of 500
users per filer on the dashboard should be sufficient to accommodate
sophisticated filers making a large number of varied
[[Page 106182]]
filings.\100\ Five hundred users is more than three times the high-end
number cited in the commenter survey conducted in connection with the
2021 Request for Comment, and was deemed to be sufficient by an
industry membership organization.\101\ Moreover, filers will be able to
more efficiently and rapidly make submissions through optional APIs,
mitigating the need to have more than 500 users per filer.\102\
---------------------------------------------------------------------------
\97\ See Workiva Comment Letter (November 30, 2021) (``Based on
the survey we conducted, about 1% of respondents indicated their
plan to set up as high as 10-30 account administrators, while 4%
indicated 20-150 users.'').
\98\ See XBRL II Comment Letter (``We believe that the limit of
500 authorized users per filer is sufficient.'').
\99\ See Toppan Merrill Comment Letter (``Additionally, EDGAR
Next should allow an organization to add more than 500 authorized
users, as needed.''); DFIN Comment Letter (``To accommodate larger
entities, we suggest an increase to the authorized user limit from
500 to 1,500.'').
\100\ In the future, if it seems that there is a need for
additional users to be added, the limit on the number of users may
be reevaluated.
\101\ See supra notes 97-98.
\102\ See generally section II.E.
---------------------------------------------------------------------------
3. Technical Administrators
Paragraph (d)(3) of Rule 10 as adopted and largely as proposed
requires filers that opt to connect to the EDGAR APIs to authorize,
through their account administrators, at least two technical
administrators to manage the technical aspects of a filer's connection
to the APIs, unless the filer arranges to use its delegated entity's
API connections and the delegated entity is in compliance with the
requirement to authorize at least two technical administrators. We
anticipate that the role of technical administrator could be filled by
someone with a primarily administrative background because the
requirements of the role are to generate and provide filer API tokens
and to manage the filer's connections to APIs. We are not requiring
that the technical administrator role be filled by software developers
or other technically expert staff; rather, the technical administrator
should have a basic understanding of API processes and be available to
communicate with Commission staff and the filer's developers or other
technical experts expeditiously, in addition to generating and managing
the filer API tokens.
Commenters generally indicated support for adding a technical
administrator role as beneficial to help manage a filer's connection to
APIs.\103\ One commenter suggested that it saw ``material problems''
with the role of technical administrator but did not enumerate what
those problems were.\104\ The commenter suggested Congressional
consideration regarding creation of a ``unified, government-wide
platform that ensures robust authentication and streamlined management
of API interaction for various Federal services, including EDGAR.''
\105\ We note that such an undertaking is outside the scope of this
rulemaking.
---------------------------------------------------------------------------
\103\ See Toppan Merrill Comment Letter (``[We] believe a
technical administrator role is beneficial to help manage a filer's
use of APIs.''); Workiva Comment Letter (``[W]e agree with the
option to have a technical administrator role for those who wish to
utilize IT support to manage API tokens . . . . .'').
\104\ See Block Transfer Comment Letter (``We respectfully
submit . . . an innovative approach . . . because(i) the role of
technical administrator has material problems and (ii) other Federal
agencies require machine-to-machine data submission from the private
sector, most generally from financial services firms.'').
\105\ See Block Transfer Comment Letter (``We respectfully
submit . . . an innovative approach . . . [that] envisages a
unified, government-wide platform that ensures robust authentication
and streamlined management of API interactions for various Federal
services, including EDGAR. . . . For these reasons and more, we
respectfully submit . . . that a brief Congressional consideration
is in order to ponder the creation of a report as to the strengths
and weaknesses a unified Login.gov machine-to-machine authentication
system may bestow upon on our cybersecurity interests both
domestically and abroad. . . .'').
---------------------------------------------------------------------------
We are adopting paragraph (d)(3) of Rule 10 with a modification to
permit a filer to use the API connections and filer API tokens of its
delegated entity (as long as that delegated entity is in compliance
with the requirement to authorize at least two technical
administrators); and a filer that does so will not be required to
authorize at least two technical administrators and generate a filer
API token itself.\106\ The relevant individual at the filer interacting
with the API, however, must present a valid user API token to the API
if the relevant API requires presentation of a user API token, to allow
identification of the individual taking action on EDGAR. To accommodate
this change and to better reflect the technical connection of filers to
the optional APIs, paragraph (d)(3) of Rule 10 will refer to filers
that ``connect to'' APIs rather than filers that ``use'' APIs. This
option is being offered for filers who would like their account
administrators and users to be able to interact with the APIs directly,
but who do not wish to undertake the expense to connect to the APIs and
authorize technical administrators.\107\
---------------------------------------------------------------------------
\106\ See generally section II.C.6.
\107\ As set forth in paragraph (d)(3) of Rule 10, filers who do
not want their account administrators or users to generate user API
tokens could alternatively allow their delegated entities to make
submissions on their behalf through APIs, and individuals at the
delegated entities would present their own user API tokens to make
submissions.
---------------------------------------------------------------------------
a. Authority of Technical Administrators
A technical administrator will issue and deactivate filer API
tokens required to connect to the optional APIs. Technical
administrators will also serve as points of contact for questions from
Commission staff regarding the filer's connections to the APIs and will
receive relevant notifications on the dashboard and by email, such as
reminders regarding upcoming expiration dates for filer API tokens.
Two commenters suggested that the technical administrator and
account administrator roles could be filled by the same person.\108\ As
discussed in the Proposing Release, a filer will have the option of
designating the same individual to serve as both its technical
administrator and account administrator, but the filer may also choose
to authorize different individuals to serve in these roles provided
those individuals possess individual account credentials obtained in
the manner specified in the EDGAR Filer Manual.
---------------------------------------------------------------------------
\108\ See Workiva Comment Letter (``[W]e believe that the
administrator and the technical administrator can be the same person
and would likely be most of the time.''); XBRL II Comment Letter
(``We do not understand the difference between a technical
administrator and an account administrator. The addition of a
technical administrator role may further complicate the process. It
could be useful if this role were optional and could be combined
into the account administrator if the company chose to, for example
if the account administrator could generate the filer token.'').
---------------------------------------------------------------------------
b. Becoming a Technical Administrator
To authorize an individual as a technical administrator, an account
administrator will add the individual in that role on the dashboard,
triggering an invitation to the individual. The prospective technical
administrator will receive the invitation by email, and, if the
individual already has a role for any EDGAR account, on the dashboard.
The prospective technical administrator must accept either the
dashboard or the email invitation to become authorized as a technical
administrator.
c. Number of Technical Administrators
Paragraph (d)(3) of Rule 10 as proposed and adopted will require
filers that choose to connect to an API to authorize, through its
account administrators, at least two technical administrators. In a
change to what was proposed, however, paragraph (d)(3) of Rule 10 will
not impose a requirement to authorize at least two technical
administrators if the filer arranges to use its delegated entity's API
connections and filer API tokens and the delegated entity is in
compliance with the requirement to authorize at least two technical
administrators. Further, while the Proposing Release indicated that
filers would be able to authorize a maximum of 10 technical
administrators, in response to requests from commenters, the maximum
number of technical administrators will be increased to 20.
One commenter generally supported the designation of at least two
technical
[[Page 106183]]
administrators for filers connecting to APIs.\109\ Two commenters
generally supported the minimum of two technical administrators for
companies, but asserted that only one technical administrator should be
required for individuals and single-member companies, in order to
parallel the minimum number of account administrators needed for those
entities.\110\ One commenter stated that ``requiring two technical
admins presents many material legal, efficiency and operational
risks,'' but did not specify the anticipated risks or how many
technical administrators would be sufficient to address those
anticipated risks.\111\ We believe that requiring a minimum of two
technical administrators for filers that choose to connect to optional
APIs will increase the likelihood that Commission staff can contact one
of the filer's technical administrators and reduce the chance of
disruption of API connections. We believe that larger filers and filing
agents using APIs should have sufficient staff to authorize two
technical administrators. In addition, if individuals and single-member
companies choose to connect to APIs, we anticipate that they will
either employ filing agents, use their delegated entities' API
connections, or otherwise have available staff to comply with the
paragraph (d)(3) requirement of Rule 10 to authorize at least two
technical administrators.
---------------------------------------------------------------------------
\109\ See Toppan Merrill Comment Letter (``[A] minimum of two
technical administrators should be required to manage a filer's
APIs. . . .'').
\110\ See Workiva Comment Letter (``[I]ndividuals or single-
member firms should have the option to handle everything directly
without involving an additional party. The requirement of at least
two technical administrators would impose the need to involve a
second person purely for the purpose of using software to file.'');
DFIN Comment Letter (``We think the technical administrator minimum
requirements should parallel the account administrator minimum
requirements.'').
\111\ See Block Transfer Comment Letter.
---------------------------------------------------------------------------
As noted, as a departure from what was contemplated in the
Proposing Release, a filer may use its delegated entity's filer API
tokens and API connections if the delegated entity is in compliance
with the paragraph (d)(3) requirement of Rule 10 to authorize two
technical administrators. The filer must delegate authority to file
through the dashboard and coordinate with the relevant delegated entity
to use the delegated entity's API connections and filer API tokens, and
the individual at the filer making the submission must present her own
user API token to the API, if the relevant API requires presentation of
a user API token. This change will obviate the need for filers to
create their own API connections and authorize their own technical
administrators should they want their account administrators and users
to make submissions and interact with EDGAR through the optional APIs,
and further responds to suggestions raised by a commenter.\112\ These
filers may leverage the API connections and filer API tokens of filers'
delegated entities, and the individual at the filer need only supply
her user API token to the API, if the relevant API requires
presentation of a user API token.\113\
---------------------------------------------------------------------------
\112\ See Workiva Comment Letter (``One solution would be to
allow the registrant's authorized user to use their token with the
delegated filing software's filer token.'').
\113\ Alternatively, if filers wish to make submissions through
APIs but do not wish their staff to be required to generate user API
tokens, filers could arrange for their delegated entities to make
submissions through APIs on their behalf. In this case, delegated
entities would create the API connections, maintain at least two
technical administrators, and generate filer API tokens, and the
relevant delegated administrators and delegated users for these
filers (at the delegated entities) would present their own user API
tokens, if the APIs require presentation of a user API token. Of
course, filers who wish to make submissions through APIs may also
determine to create their own API connections to EDGAR, authorize at
least two technical administrators, present their own filer API
tokens, and have their account administrators and users generate and
present their user API tokens, if the APIs require presentation of a
user API token.
---------------------------------------------------------------------------
Because paragraph (d)(3) of Rule 10 as amended will require a filer
to authorize, through its account administrators, at least two
technical administrators to connect to the optional APIs, the dashboard
will not allow a technical administrator to be removed from a filer's
account when only two technical administrators are authorized on the
account. An account administrator will first need to add another
technical administrator on the dashboard.
In a change from the contemplated maximum of 10 technical
administrators per filer, there will be a maximum of 20 technical
administrators per filer. Several commenters suggested that this limit
be increased to parallel the limit for the maximum number of account
administrators.\114\ Having the same maximum limit for account
administrators and technical administrators will facilitate the ability
of filers to authorize the same individuals in those roles.
---------------------------------------------------------------------------
\114\ See Toppan Merrill Comment Letter (``A minimum of two
technical administrators should be required to manage a filer's
APIs, as proposed. We would prefer that the maximum number of
technical administrators match the number of account administrators
(20). This ensures that larger entities will not encounter any
limitations.''); Workiva Comment Letter (``[T]he technical
administrator and administrators can often be the same person. Thus,
we believe the limits for administrators and technical
administrators can be the same.'').
---------------------------------------------------------------------------
C. Delegated Entities
Largely as contemplated in the Proposing Release, a filer will be
able to delegate authority to file on its behalf to any other EDGAR
account, such as a filing agent, which will become a delegated entity
for the filer. As discussed above, the CCC will appear on the dashboard
of individuals authorized to make submissions for the filer, including
delegated administrators and delegated users.\115\
---------------------------------------------------------------------------
\115\ See supra note 60.
---------------------------------------------------------------------------
1. Delegating Authority To File
A filer's account administrator may delegate authority to file to
another EDGAR account through a function on the dashboard, as discussed
in the Proposing Release.\116\ After the account administrator selects
the EDGAR account to which the filer seeks to delegate authority to
file, EDGAR will send both email and dashboard invitations to the
account administrators for that account. One account administrator for
the prospective delegated entity must accept either the email or the
dashboard invitation for the delegation to become effective. If the
filer's account administrators wish to terminate the delegation, they
can do so on the dashboard. Removal of delegation will not require
acceptance by the delegated entity. An account administrator will be
able to delegate authority to file to an unlimited number of EDGAR
accounts, allowing filers to delegate to multiple filing agents, for
example, should they so choose. Similarly, an EDGAR account can accept
an unlimited number of delegations from filers.
---------------------------------------------------------------------------
\116\ An optional delegation API will be offered in addition to
the delegation capabilities of the dashboard.
---------------------------------------------------------------------------
In response to commenter suggestions, the dashboard will be
enhanced to: (1) provide bulk delegation functionality to allow filers
to delegate to multiple EDGAR accounts more easily; (2) enable
prospective delegated entities to send delegation requests to filers;
and (3) allow EDGAR accounts to automatically accept delegations and
become delegated entities if they choose.
Commenters generally supported the ability to delegate,\117\
although various commenters raised concerns about certain situations or
recommended
[[Page 106184]]
certain changes as discussed further herein. Multiple commenters
requested that bulk delegation be permitted, so that filers could
delegate to multiple EDGAR accounts simultaneously via a single
invitation.\118\ After considering these comments, bulk delegation
functionality will be added to the dashboard to allow filers to
delegate to multiple EDGAR accounts more easily. For recordkeeping and
administrative purposes, delegated administrators will receive separate
invitations for each delegation, but they will be able to accept
multiple invitations in bulk, which should address commenters' concerns
about minimizing burdens on delegated administrators who receive bulk
delegations.
---------------------------------------------------------------------------
\117\ See, e.g., DFIN Comment Letter (``Filers should be able to
delegate to anyone they want to file on their behalf.''); Toppan
Merrill Comment Letter (``We agree that an account administrator
should be able to delegate filing authority to any EDGAR filer.'').
\118\ See, e.g., Comment Letter of Wanda Welch (November 13,
2023) (``Welch Comment Letter'') (``We would like the ability to
delegate to more than one CIK at a time and receipt of one email
invite.''); XBRL II Comment Letter (``[We] recommend that a bulk
delegation function be made available to assist filers that have
multiple CIKs, and that this capability be allowed using a single
invitation request (rather than multiple invitations for multiple
CIKs.''); DFIN Comment Letter (``We think that a bulk delegation
function would be beneficial for filers that have multiple CIKs.
Also, the bulk delegation should produce one invitation request. The
recipient would then only need to accept one invitation as opposed
to several invitations.''); ICI Comment Letter (``There should be
consideration for bulk delegation for a group of CIKs.'').
---------------------------------------------------------------------------
Multiple commenters also asked that prospective delegated entities
be able to request delegation.\119\ This process would enable filing
agents, for example, to assist their client filers in delegating to the
correct EDGAR accounts. In response to these comments, the dashboard
will be enhanced to enable prospective delegated entities to send
delegation requests to filers. The delegation requests will prompt
filers' account administrators to send delegation invitations to the
delegated entities, and filers' account administrators can determine
whether they wish to send such delegation invitations. If the filers'
account administrators send the delegation invitations, the delegated
entities' account administrators must accept the invitations for the
delegation to be effective.
---------------------------------------------------------------------------
\119\ See, e.g., SIFMA Comment Letter (``We recommend that the
system permit filing agents . . . to affirmatively request delegated
authority (on an individual or bulk basis) from a given filer or
filers.''); Workiva Comment Letter (``[We] recommend adding the
capability for an entity to request delegation.''); XBRL II Comment
Letter (``Vendors should be able to proactively request delegation
from the registrant and receive confirmation [of delegation] on the
site.'').
---------------------------------------------------------------------------
Separately, several commenters requested that prospective delegated
entities be able to automatically accept delegation invitations to
lessen the burden on delegated entities' account administrators to
manually accept each invitation.\120\ The dashboard will be enhanced
accordingly to allow prospective delegated entities to opt to
automatically accept delegation invitations.
---------------------------------------------------------------------------
\120\ See Workiva Comment Letter (``[We] also suggest adding an
option to allow filing agent-type CIKs to auto-accept
delegations.''); XBRL II Comment Letter (asserting that filing
agents/vendors should be able to request delegation, which could
``be automatically approved by the registrant.'').
---------------------------------------------------------------------------
One commenter was critical of the proposal's delegation of
authority capabilities, warning that broad permissions granted to
delegated entities to make submissions for the filer represent a
significant risk regarding the accuracy and authenticity of
filings.\121\ We do not believe a delegated entity with permissions to
make submissions for the filer will pose a significant risk because
such risk is mitigated through the authorization requirements and
verification. For example, delegated entities must be authorized and
confirmed by a filer's account administrator on the dashboard, ensuring
that only authorized and trusted entities are able to make submissions
for the filer. Additionally, a delegated entity must have an EDGAR
account and will be subject to the same requirements applicable to all
filers. For the delegation to become effective, an account
administrator of the delegated entity must accept the invitation, which
means the account administrator at the delegated entity must first log
into EDGAR using her individual account credentials and perform
multifactor authentication.
---------------------------------------------------------------------------
\121\ See Block Transfer Comment Letter (``There is real risk
that delegates, armed with expansive filing capabilities, might
submit false or misleading information, either inadvertently or
maliciously.'').
---------------------------------------------------------------------------
Commenters also raised concerns regarding burdens potentially
associated with delegating authority to make submissions to co-
registrants and asked for clarity regarding how such delegations would
work.\122\ Commenters further urged the Commission not to require that
co-registrants be added to an EDGAR account as a user, account
administrator, delegated user, or delegated administrator to make
submissions, so long as the individual making the submission had the
correct role-based permissions for the primary registrant and had
provided the correct CCCs for the co-registrants, as currently
required.\123\ We acknowledge that requiring separate dashboard
permissions for each co-registrant to make submissions could
potentially be confusing. We also recognize concerns that commenters
separately raised about the need for additional optional APIs,
including APIs to verify filing credentials, view filer account
information, and replicate dashboard functionality that would assist
filers if co-registrants were required to have dashboard permissions to
make submissions.\124\ EDGAR will not require role-based permissions
for co-registrants at this time, and the addition of co-registrants to
a filing will continue to be performed the same way it is currently
performed (i.e., simply by listing the CIK and CCC of each co-
registrant).
---------------------------------------------------------------------------
\122\ See, e.g., Welch Comment Letter (``Does the Subject
Company and the Co-registrants need to be delegated? ''); DFIN
Comment Letter (``[F]ilers would face difficulties in delegating co-
registrants. Especially when it relates to merger acquisitions that
may include hundreds of co-registrants.'').
\123\ See, e.g., Workiva Comment Letter (``Only the primary
registrant's set of valid credentials should be required to file for
all co-registrants, and delegation or a function to designate as
`co-registrant' is not necessary. Adding designation requirements
significantly increases the risk for the overall filing
submission.''); XBRL II Comment Letter (``We encourage the
Commission to continue the existing beta implementation [for co-
registrants], which only forces the Filer and User Token
requirements for the primary registrant, into the final rule/
implementation phase.'').
\124\ See infra section II.E.
---------------------------------------------------------------------------
2. Separation of Authority of Filer and Delegated Entity
A filer's account administrator will not be able to access its
delegated entity's dashboard or account or add or remove delegated
users at the delegated entity, as discussed in the proposal. While
delegated administrators and delegated users will be able to make EDGAR
submissions and access the ``Retrieve/Edit Data'' section of the EDGAR
Filing website on the filer's behalf,\125\ delegated administrators and
delegated users similarly will not be able to access the filer's
dashboard \126\ or
[[Page 106185]]
take dashboard actions on behalf of the filer.
---------------------------------------------------------------------------
\125\ The ``Retrieve/Edit Data'' section of the EDGAR Filing
website currently allows filers to perform certain administrative
actions. Among other things, filers may view/edit their account
information (such as the filer's name, contact information, and
corporate information like State of incorporation and fiscal year-
end), view the filer's current account balances and request the
return of unused funds, and change the filer's password or CCC. As
part of the transition to EDGAR Next, some of this functionality
will be shifted to the dashboard, such as the filer's EDGAR POC. See
infra note [125] and accompanying text.
\126\ As discussed further below in section II.C, the dashboard
will generally be used to manage a filer's EDGAR account, including
management of individuals authorized to act as account
administrators, users, and technical administrators; management of
entities authorized to act as delegated entities; and management of
filer and user API tokens. Delegated entities will not need to
access the filer's dashboard in order to make filings on the filer's
behalf, since filings will be made directly on the EDGAR filing
websites or through the optional APIs, as opposed to through the
filer's dashboard.
---------------------------------------------------------------------------
Separately, as one commenter requested, the dashboard will be
modified to allow delegated administrators and delegated users to make
both COUPDAT and series and class update (``SCUPDAT'') submissions. The
Proposing Release contemplated that delegated administrators and
delegated users would be able to submit SCUPDAT submissions on the
filer's behalf to update series and class information (such as a new
share class) but would not be able to make COUPDAT submissions to
update the filer's company information (such as a new business
address). One commenter asserted that delegated administrators and
delegated users should be able to submit both COUPDATs and SCUPDATs on
behalf of the filer.\127\ Because allowing delegated administrators and
delegated users to make both COUPDAT and SCUPDAT submissions provides
consistency and reduces burdens associated with these updates, to the
extent that such updates could then be delegated by the filer, this
capability will be implemented in EDGAR. The filer's account
administrators would receive notice of COUPDAT and SCUPDAT submissions
on the dashboard and could take appropriate action should any
unauthorized activity occur.
---------------------------------------------------------------------------
\127\ See DFIN Comment Letter (``Delegated administrators and
delegated users should have the ability to submit COUPDAT (company
update submissions) and SCUPDAT (series & class updates).'').
---------------------------------------------------------------------------
Delegated entities will not be able to further delegate authority
to file to other entities on behalf of filers that delegate authority
to them.\128\
---------------------------------------------------------------------------
\128\ For example, Filer A could delegate authority to file on
its behalf to Filer B. Separately, Filer B could delegate authority
to file on its behalf to Filer C. In this scenario, however, Filer B
could not delegate to Filer C the authority to file on behalf of
Filer A, and Filer C could not file on behalf of Filer A.
---------------------------------------------------------------------------
3. Delegated Entities
Because a delegated entity must have an EDGAR account, it must
comply with the same requirements applicable to all filers. A delegated
entity will therefore maintain its own EDGAR account with its own
account administrators, users, and technical administrators. A
delegated entity can be any EDGAR account, including but not limited to
filing agents,\129\ issuers making submissions on behalf of individuals
filing pursuant to section 16 of the Exchange Act,a nd parent companies
of large groups of related filers. On the dashboard, a delegated entity
will be able to receive delegated authority to file for an unlimited
number of filers.
---------------------------------------------------------------------------
\129\ We are adopting amendments to Rule 11 of Regulation S-T to
define a ``filing agent'' as any person or entity engaged in the
business of making submissions on EDGAR on behalf of filers. This
definition includes law firms, financial services companies, broker
dealers when making submissions on behalf of individuals filing
pursuant to section 16 of the Exchange Act, and other entities
engaged in the business of submitting EDGAR filings on behalf of
their clients. See the discussion of amendments to Rule 11 in
section II.F.2.
---------------------------------------------------------------------------
Several commenters provided comments on delegation specifically
related to individuals with filing obligations pursuant to section 16
of the Exchange Act. Commenters indicated that the delegation framework
contemplated by the Proposing Release would help section 16 filers
comply with their filing obligations.\130\ Individuals with section 16
filing obligations will be able to delegate authority to make
submissions to filing agents or any other representative with an EDGAR
account on the dashboard. This process will allow those individuals to
obtain assistance with their filings, while permitting each filing to
be associated with a specific individual at the delegated entity. One
commenter asserted that section 16 filers would face compliance
burdens, however, that would not be adequately addressed by the
proposal.\131\ The commenter stated that section 16 filers can sit on
the boards of multiple companies and concluded that section 16 filers
need an easier method to delegate permissions. As discussed above and
as separately requested by commenters, the dashboard will include bulk
delegation functionality, which should assist filers with multiple
filing agents or other representatives with EDGAR accounts, including
section 16 filers delegating authority to make submissions to related
issuers.\132\ The staff will provide detailed information about bulk
delegation and other account management topics to section 16 filers to
prevent confusion. Moreover, section 16 filers may choose to execute
notarized powers of attorney to authorize relevant individuals at their
filing agents, related issuers, or other representative entities as
account administrators, thereby avoiding the need to obtain individual
account credentials, log into the dashboard, make filings or delegate
authority on the dashboard.
---------------------------------------------------------------------------
\130\ See XBRL II Comment Letter (``Yes, the ability to delegate
authority would help infrequent filers such as Section 16
filers.''); Workiva Comment Letter (responding to the Commission's
request for comment regarding section 16 filers by stating: ``We
believe the proposed framework is adequate to support filing
responsibilities.'').
\131\ See XBRL II Comment Letter (``[W]e do not believe the rule
proposal adequately addresses the needs of Section 16 filers and
single individual filers [who] will perform their own code
management. For these filers, the rule does not specifically address
how they can manage this. Many sit on boards of multiple companies,
some as many as 20, and will need to set up or designate each
individual as an account administrator. The Commission needs to
address how there can be an easier method to delegate permission for
someone to file on their behalf.'').
\132\ See supra note 107 and accompanying and following text;
see also Toppan Merrill Comment Letter (``Allow bulk delegation for
a group of CIKs. This would be useful for an Administrator of an
Issuer and all of their Section 16 filer CIKs to delegate to Filing
Agents as well as affiliated CIKs.'').
---------------------------------------------------------------------------
If a filer authorizes a delegated entity to file on its behalf, one
of the delegated entity's account administrators must accept either the
dashboard or the email invitation for the delegation to be effective;
further, upon acceptance, all the delegated entity's account
administrators will automatically become delegated administrators for
the filer. All delegated administrators for the filer will have co-
equal authority with regard to that filer. If the delegated entity adds
or removes one of the account administrators for its own EDGAR account,
then that individual will also be added or removed as a delegated
administrator for the filer. These relationships are illustrated in
diagram 3 below.
[[Page 106186]]
[GRAPHIC] [TIFF OMITTED] TR27DE24.013
4. Delegated Users
As described in the Proposing Release, if a delegated entity
accepts a delegation from a filer, the delegated administrators can
authorize specific users at the delegated entity to become delegated
users with respect to that filer. As discussed below, delegated
administrators will be able to authorize delegated users in accordance
with the process outlined in the Proposing Release. In addition to what
was discussed in the Proposing Release and taking account of a
commenter's suggestion, the dashboard will be updated to generally
enable bulk actions in various contexts, including delegation.
Delegated users will not count as part of the 500-user limit on the
dashboard for the delegating filer. If delegated administrators want
all their users to become delegated users with respect to a filer, a
delegated administrator can check a box on the dashboard to
automatically authorize all users at the delegated entity as delegated
users for the filer. Alternately, delegated administrators will be able
to authorize a subset of the delegated entity's users as delegated
users; authorize all of the delegated entity's users as delegated users
for the filer; or not authorize any delegated users (because the
delegated administrators will be able to file on behalf of the
filer).\133\ After the delegated user accepts the initial invitation
from the delegated administrator, the user will receive notifications
regarding further changes to its role (including changes to filers for
which it will be a delegated user, and changes to the user groups it
will be affiliated with), but the user will not need to accept those
notifications or take any further action for the changes to be
effective.
---------------------------------------------------------------------------
\133\ For this reason, delegated administrators could not be
authorized as delegated users regarding the delegating filer,
because doing so would be redundant.
---------------------------------------------------------------------------
One commenter stated that delegated administrators should be able
to remove a delegated user from all delegations via a single bulk
action without having to manually edit each delegation.\134\ The
commenter further asserted that delegated users should be able to
remove themselves from all delegations without editing each
delegation.\135\ In these circumstances, we believe that it is more
likely that a delegated administrator would remove a delegated user, or
the delegated user would remove herself, as a user for the delegated
filer, and thus the dashboard will not specifically provide these
requested features. The dashboard will be enhanced, however, to
generally enable bulk actions in various contexts, including with
respect to delegation.\136\ In addition, optional APIs will be offered
to allow filers to add and remove individuals' authorizations rapidly
and easily. These accommodations should largely address commenters'
concerns; in addition, further technical enhancements to the dashboard
will continue to be considered.
---------------------------------------------------------------------------
\134\ See Workiva Comment Letter (``[D]elegated admins should be
able to remove a delegated user from all delegations without having
to edit each delegation one by one as the person may need to remain
on the Dashboard for a role other than the delegated role.'').
\135\ See Workiva Comment Letter (``[D]elegated users should
have the ability to remove themselves from all delegations without
editing one by one.'').
\136\ See text following note 118 (discussing the dashboard's
bulk delegation functionality).
---------------------------------------------------------------------------
Delegated users will be able to submit filings on behalf of the
filer on the EDGAR filing websites or through the optional submission
API, as discussed below.
5. User Group Functionality at Delegated Entities
Delegated entities, through their delegated administrators, will be
able to employ user groups to assign certain users to different filers
for which they possess delegated authority to file, as described in the
Proposing Release. An example is provided in diagram 4 below.
[[Page 106187]]
[GRAPHIC] [TIFF OMITTED] TR27DE24.014
In diagram 4, the account administrators for Filer A and
Filer B delegated to Filer C. As a result, Filer C's account
administrators became delegated administrators for Filers A and B. In
this example, Filer C might be a filing agent to which Filer A or Filer
B gave authority to make filings on its behalf, and Filer A and Filer B
might be public companies or investment companies.
A delegated administrator at Filer C created User Group 1
containing Filer C's Users 1, 2, and 3. The delegated administrator
assigned authority to file for Filer A to User Group 1. Users 1, 2, and
3 are thus delegated users for Filer A because they are members of User
Group 1. If additional users from Filer C were added to User Group 1,
those additional users would also become delegated users for Filer A.
The delegated administrator at Filer C also created User
Group 2 containing Filer C's User 3. The delegated administrator
assigned authority to file for Filer B to User Group 2. User 3 is a
delegated user for Filer B.
By employing the user group function, the delegated
administrator at Filer C restricted delegated filing permissions for
Filer A to Filer C Users 1, 2, and 3 only (via User Group 1) and
delegated filing permissions for Filer B to Filer C User 3 only (via
User Group 2). Filer C User 4 has not been authorized as a delegated
user for any filers.
In diagram 4, each user group has only been assigned
authority to file for a single filer, but user groups could be assigned
authority to file for multiple filers.
Delegated administrators will also be able to authorize a default
user group of individuals who will be automatically assigned as
delegated users for all future delegations. The ability to have a
default user group will provide an efficient way for delegated
administrators to authorize groups of their users as delegated users
for any filer.
Users will receive notifications when added to or removed from a
user group, and when the user group to which they belonged becomes
authorized to make submissions for a filer, or when that authorization
is removed. As noted, users will not need to accept or otherwise take
any action on these notifications.
As discussed above, in response to comments received, the dashboard
will be enhanced to allow wildcard searches including first and last
names, which should make it easier for filers to construct user groups
and to generally manage individuals on the dashboard.\137\
---------------------------------------------------------------------------
\137\ See supra note 92 and accompanying and following text.
---------------------------------------------------------------------------
6. Technical Administrators at Delegated Entities
If the delegated entity chooses to connect to APIs, the delegated
entity will be required to authorize its own technical administrators,
as discussed in the Proposing Release, and required by paragraph (d)(3)
of Rule 10 as adopted. The delegated entity's technical administrators
will be responsible for managing the API connections and the filer API
tokens for the delegated entity. The delegated entity may make
submissions for any filers that delegate authority to it using the
delegated entity's API connections and filer API tokens, and the
individual at the delegated entity making submissions for the filer
would present his user API token generated on the dashboard, if the
relevant API requires presentation of a user API token.
In addition, as discussed above, in a change from what was
contemplated in the Proposing Release, paragraph (d)(3) of Rule 10 as
adopted now specifies that a filer may use its delegated entity's API
connections and filer API tokens so long as the delegated entity
complies with the requirement to maintain at least two technical
administrators. The delegated entity's technical administrators may
share the delegated entity's filer API tokens with its filers, as
discussed further below. The delegated entity's technical
administrators will not need to generate different filer API tokens for
different delegating filers that use the delegated entity's API
connections. The individual at the filer using the delegated entity's
API connections and filer API tokens must present her own user API
token to the APIs, if the particular APIs require presentation of a
user API token.
D. Hours of Operation of the Dashboard
As contemplated in the Proposing Release, the dashboard will be
available during EDGAR operating hours, 6 a.m. to 10 p.m. Eastern Time
each day except Saturdays, Sundays, and Federal holidays. Optional APIs
that provide much of the same functionality as the dashboard will also
be available during those hours because the APIs rely on dashboard
availability.
Several commenters requested increased dashboard operating hours,
including requests that the dashboard be available during weekends and/
or 24 hours a day.\138\ While we acknowledge
[[Page 106188]]
commenters' concerns, the dashboard will be available during current
EDGAR operating hours, the time period during which EDGAR filings can
be submitted,\139\ which is 16 hours per business day. We believe this
availability should generally be sufficient for filers' needs, as it
has been for EDGAR filing availability to date. Further, optional APIs
providing much of the functionality on the dashboard will allow filers
to rapidly make submissions and otherwise transmit and receive
information from EDGAR, significantly increasing filers' efficiency
during EDGAR operating hours. In addition, filers that build internal
systems to connect to the optional APIs could potentially include
features such as scheduling filings for submission, as filers currently
do, reducing the need for the dashboard to be offered 24 hours a day or
during weekends and holidays.
---------------------------------------------------------------------------
\138\ See, e.g., Toppan Merrill Comment Letter (``It would be
beneficial to allow the dashboard to be open 24 hours a day, Monday
through Friday.''); Block Transfer Comment Letter (``We respectfully
believe the Commission should not limit EDGAR Next operations to the
DC workweek. . . . [W]e believe a 24/7 EDGAR would revolutionize
international capital markets by providing a standard for all
issuers.'').
\139\ Regulation S-T provides that filings ``may be submitted to
the Commission each day, except Saturdays, Sundays, and Federal
holidays, from 6 a.m. to 10 p.m., Eastern Standard Time or Eastern
Daylight Saving Time, whichever is currently in effect.'' 17 CFR
232.12(c).
---------------------------------------------------------------------------
E. Optional Application Programming Interfaces
Commenters broadly supported the addition of optional APIs to
EDGAR, including those listed in the Proposing Release.\140\ EDGAR will
therefore offer the optional APIs detailed below to provide filers with
secure, efficient and automated methods of interacting with EDGAR.
These optional APIs will be available to enrolled filers upon the
effective date of the rule and form changes on March 24, 2025. The
optional APIs include those discussed in the Proposing Release--a
submission API to allow filers to make both live and test submissions
on EDGAR (``submission API''); a submission status API to allow filers
to check the status of an EDGAR submission (``submission status API'');
and an operational status API to allow filers to check EDGAR
operational status (``EDGAR operational status API'')--as well as 12
additional optional APIs requested by commenters, detailed below.
---------------------------------------------------------------------------
\140\ See, e.g., Comment Letter of Andrew Danneffel (November
20, 2023) (``Danneffel II Comment Letter'') (``The introduction of
APIs to interact with EDGAR is very much welcome.''); Toppan Merrill
Comment Letter (``The proposed APIs accomplish the objectives of
secure, efficient, and automated machine-to-machine
communication.''); Comment Letter of Chris V. (Nov 21, 2023)
(``Chris V. Comment Letter'') (``For this proposal, I believe
specifically the API access outlined in Rule 10(d)(3) is the most
crucial item which should be added to the regulations.'').
---------------------------------------------------------------------------
Commenters recommended that optional APIs mirroring the
functionality in the dashboard be added to those discussed in the
Proposing Release to reduce the burden associated with manual dashboard
tasks.\141\ We will offer the majority of APIs that commenters
requested, which should largely address commenters' concerns regarding
account administrators' manual management of numerous individuals and
accounts on the dashboard, as well as commenters' request for enhanced
EDGAR automation. For example, APIs will assist individuals who are
account administrators for multiple EDGAR accounts, such as investment
company fund families or asset-backed securities issuers with
potentially hundreds of affiliated EDGAR accounts.\142\ We previously
indicated that more APIs would be added if feasible, and the additional
APIs requested by commenters will be made available to enrolled filers
when the EDGAR Filer Management dashboard goes live on March 24, 2025.
In addition, filers whose application on amended Form ID is granted on
or after March 24, 2025, will be able to connect to the optional APIs.
Collectively, the optional APIs will provide in machine-to-machine
connections the majority of functions on the dashboard for those filers
that choose to manage their EDGAR accounts in a more automated
manner.\143\ Additional APIs may be made available in the future as
feasible. Connection to APIs is optional.
---------------------------------------------------------------------------
\141\ See, e.g., Workiva Comment Letter (``All functionality
provided by the EDGAR Dashboard should be available via APIs. . . .
The administration burden and ongoing maintenance costs [of manually
using the dashboard] will be significant and could ultimately impact
the cost burden on the filers''); XBRL II Comment Letter (``A
complete set of Filer Management APIs must be made available for
effective management by filing agents and other entities that
support large numbers of registrants. . . . This scale is not
manageable using the Filer Management dashboard and would result in
an overwhelming amount of email and incur a significant support
burden and associated costs.''); Chris V. Comment Letter (``My
suggestion for improving the proposal is to provide the API on a
wider scale.'').
\142\ See, e.g., ICI Comment Letter (``EDGAR Next should provide
a mechanism to provide for filers who have a multi-filer structure,
such as Funds.''); Toppan Merrill Comment Letter (``EDGAR Next
should provide a mechanism to affiliate and manage filers who have a
multi-filer structure.'').
\143\ The APIs will be available concurrently with EDGAR Filer
Management dashboard availability--during EDGAR business hours, from
6 a.m. to 10 p.m. Eastern Time, each day except Saturdays, Sundays,
and Federal holidays. See section II.D.
---------------------------------------------------------------------------
If filers choose to connect to APIs, filers must comply with the
requirement of paragraph (d)(3) of Rule 10, as adopted, to authorize,
through their account administrators, at least two technical
administrators, unless the filer uses the filer API tokens and API
connections of its delegated entity (so long as that entity is in
compliance with the requirement to maintain at least two technical
administrators pursuant to paragraph (d)(3) of Rule 10), as discussed
further herein. Additionally, filers that choose to connect to the APIs
must comply with the requirements of the EDGAR Filer Manual as amended
to present filer API tokens and user API tokens to EDGAR generated on
the dashboard on a periodic basis, unless filers use the filer API
tokens and API connections of their delegated entity (and the
individual at the filer presents her user API token, if required by
that API). Filers, including delegated entities, that maintain at least
two technical administrators and connect to APIs must present a filer
API token and the individual at the filer must present a user API token
to the APIs (if the relevant API requires a user API token). If a filer
chooses to use the filer API token and API connections of its delegated
entity, that filer's individual account administrator or user must
still present to the API a user API token the individual generates on
the dashboard (if the relevant API requires a user API token).\144\
---------------------------------------------------------------------------
\144\ This requirement is included in the EDGAR Filer Manual, as
amended. See amended EDGAR Filer Manual, Volume I. We note that
specific required inputs vary by API. For example, the EDGAR
operational status API will not require user API tokens, as
discussed further below.
---------------------------------------------------------------------------
The API tokens represent a security requirement that eliminates the
need for manually entering individual account credentials and
performing multifactor authentication each time a submission is made.
Instead, multifactor authentication and individual identification
occurs when the technical administrator logs into the dashboard to
generate the filer API token annually and when the relevant account
administrator or user logs into the dashboard to generate a user API
token every 30 days, in accord with the time durations of the tokens
specified in the EDGAR Filer Manual as amended.
Filers who choose to connect to optional APIs will need to create
certain software to make technical connections to the APIs, as they
would any other API. Commission staff are providing filers with open-
source code for a sample filing application that will facilitate
filers' connections to the three APIs noted in the Proposing Release in
the EDGAR API Development Toolkit (``API Toolkit''), available on
SEC.gov. The sample filing application will
[[Page 106189]]
provide technical details and a working code base that could be either
copied into existing filing applications or used as a base for
developing a new filing application.\145\ Commission staff are also
offering filers a list of technical standards for the APIs, the
expected inputs and outputs, and information regarding whether only a
filer API token or both filer and user API tokens are required for
particular APIs in the Overview of EDGAR Application Programming
Interfaces (``Overview of EDGAR APIs''), available on SEC.gov. We
anticipate that the API Toolkit and the Overview of EDGAR APIs will
save filers time and effort in connecting to the optional APIs.
---------------------------------------------------------------------------
\145\ The sample filing application code is a starting point for
smaller filers that may not already have a filing application and
want to enter the API space. This sample code can serve as a
troubleshooting guide/reference material for all developers because
it uses specific technologies (e.g., PostgreSQL, NodeJS, Angular)
that are well documented, standard, and can be understood by a mid-
level programmer.
---------------------------------------------------------------------------
1. APIs That Commission Staff Will Provide
a. Submission API
Consistent with the discussion in the Proposing Release, the
submission API will give filers the option to submit test and live
filer-constructed EDGAR submissions.\146\ This API should allow filers
to rapidly and efficiently submit large numbers of filings in an
automated manner, instead of requiring them to manually log into EDGAR
to make filings one at a time.\147\ Successful connection to the
submission API will transmit a filer-constructed submission to EDGAR,
at which point the submission will be subject to routine EDGAR
validation checks and processing.
---------------------------------------------------------------------------
\146\ Currently, EDGAR accepts approximately 525 submission
types, of which approximately 500 (95%) permit filer construction.
\147\ Filers who do not wish to use the API to make filer-
constructed submissions, and filers making other types of
submissions, could continue to file through the web-based EDGAR
filing websites. Whether submissions were made through the API or
the EDGAR filing websites, filers will specify the CIK for which
they are making submissions. That CIK number will be reflected in
the accession number associated with those submissions. Filers could
change the login CIK reflected in the accession number at any time
to any other CIK for which the filer is authorized to file on EDGAR.
For example, a filing agent could choose to submit filings for a
client filer using its own login CIK, or by using its client filer's
login CIK.
---------------------------------------------------------------------------
One commenter suggested the introduction of submission endpoints
specific to major forms offered to filers.\148\ The commenter asserted
this could be used to control filing permissions for specific forms so
that, for example, a filer could delegate permissions for only certain
specific form types. Although some filers may wish to engage in limited
delegations of authority, there is no current plan to introduce that
level of granularity to EDGAR. Under EDGAR Next, a filer's account
administrators will receive a notification when the delegated entity
makes a submission for the filer, and if that submission is made
without the filer's authorization, the filer's account administrators
will be able to remove the delegated entity's authority to make
submissions on the filer's behalf and take other corrective actions.
Moreover, providing form-specific filing permissions could be
logistically difficult to administer as EDGAR currently accepts 525
submission types.
---------------------------------------------------------------------------
\148\ See Block Transfer Comment Letter (``We respectfully
present to the Commission that there should be submission endpoints
specific to major forms offered to filers. Specific routes for each
filing enable the Commission to check for route-specific endpoint
authorization. That way, an issuer that authorizes another filer to
submit automated insider transaction reports does not have to worry
about the agent submitting a Form 10-K.'').
---------------------------------------------------------------------------
b. Submission Status API
As discussed in the Proposing Release, a submission status API will
allow filers to leverage their filing application to simultaneously
check the status of multiple submissions in a batch process, instead of
manually logging into EDGAR and individually checking the status of
each submission. The submission status API will indicate whether each
submission has been submitted and accepted, but not yet publicly
disseminated; \149\ submitted and accepted, and publicly disseminated;
or submitted and suspended.
---------------------------------------------------------------------------
\149\ Generally, filings are first accepted and then
subsequently disseminated. Certain filings, however, remain
nonpublic and are never disseminated. Therefore, those filings never
progress from accepted to disseminated status.
---------------------------------------------------------------------------
One commenter requested that the submission status API be modified
to provide additional information so that filers could more fully
understand the exact status of their EDGAR submissions.\150\ As
requested by the commenter, the submission status API will be enhanced
to provide all information currently contained in EDGAR submission
notifications.
---------------------------------------------------------------------------
\150\ See Workiva Comment Letter (``Missing information
includes, but is not limited to, warning/error labels (as shown on
https://www.sec.gov/edgar/messages), the number of documents
processed, the received and filing dates, series/class information,
Section 16 reporting owner/issuer details, Subject Company, file
number(s), and Item Submission accession number and type information
for combined filings. The current Submission Notification HTML
document contains this information and the API should be modified to
include this document . . . .'').
---------------------------------------------------------------------------
c. EDGAR Operational Status API
As discussed in the Proposing Release, an EDGAR operational status
API will allow filers to leverage their filing application to check the
operational status of EDGAR at any given time. The EDGAR operational
status API will indicate whether EDGAR is fully operational,
unavailable (after business hours), or not fully operational in
whatever regard at that point in time (for example, if EDGAR is not
disseminating to SEC.gov). We did not receive any comments specifically
regarding the EDGAR operational status API.
In addition to the APIs discussed in the Proposing Release, the
following APIs will be offered in response to commenter requests, as
described below.
d. Filing Credentials Verification API
Several commenters requested the addition of an API to allow filers
to confirm the validity of all credentials involved in an API-based
filing.\151\ One commenter asserted that this API would be used
thousands of times per day and would help detect authorization errors
prior to submission, which would in turn reduce the amount of invalid
filing submissions and reduce the load on both filing software and
EDGAR systems.\152\ A ``filing credentials verification API'' will be
added, as requested by commenters, which should assist filers in
verifying the status of their credentials, allowing them to accurately
schedule and submit filings. The API will indicate if the provided
credentials have filing permissions with regarding the provided CIK,
and if so, will also provide the upcoming account confirmation deadline
and the expiration dates of the provided API tokens.
---------------------------------------------------------------------------
\151\ See, e.g., Workiva Comment Letter (``We suggest adding an
API which would return specific, comprehensive information about the
status of all credentials involved in an API-based filing.'');
Danneffel II Comment Letter (``I'd like to suggest an additional API
be added that tests the validity of a user/filer token combination .
. . ., The proposed API would check:--If the user token is valid
(exists and is not expired)--If the filer token is valid (exists and
is not expired)--If the user token is authorized to file using the
filer token . . . .'').
\152\ See Workiva Comment Letter (``This new API would be
accessed prior to every filing submission, so it could be expected
to be called thousands of times per day--although detecting
authorization errors prior to submitting a filing would reduce the
amount of invalid filing submissions and would reduce the load on
both filing software and EDGAR systems.'').
---------------------------------------------------------------------------
[[Page 106190]]
e. APIs To View Individuals, Add Individuals, Remove Individuals, and
Change Roles
Several commenters requested the addition of optional APIs to
replicate dashboard functionality to allow filing agents and other
entities that support large numbers of registrants to more easily
manage filer accounts.\153\ Separate optional APIs will be provided so
that filers may view individuals authorized for a CIK, add individuals,
remove individuals, and change roles for individuals.\154\
Collectively, these APIs should enable filing agents and other entities
that support large numbers of filers to rapidly and efficiently manage
individual authorizations and roles for those filers.
---------------------------------------------------------------------------
\153\ See Workiva Comment Letter (``All functionality provided
by the EDGAR Dashboard should be available via APIs. While the
Dashboard may be sufficient for individual registrants, it will be
unworkable for many filing agents.''); XBRL II Comment Letter (``A
complete set of Filer Management APIs must be made available for
effective management by filing agents and other entities that
support large numbers of registrants. . . . This scale is not
manageable using the Filer Management dashboard and would result in
an overwhelming amount of email and incur a significant support
burden and associated cost.'').
\154\ In addition, APIs will be provided related to delegation
and CCCs.
---------------------------------------------------------------------------
f. APIs To Send Delegation Invitations, Request Delegation Invitations,
and View Delegations
As discussed above, commenters requested the addition of optional
APIs to replicate dashboard functionality to allow filing agents and
other entities that support large numbers of registrants to more easily
manage filer accounts.\155\ Separate optional APIs will be provided to
allow filers to send delegation invitations to prospective delegated
entities, request delegation invitations from prospective delegating
filers, and view delegations currently in place (including both
delegations received from filers and also delegations provided to
delegated entities). Collectively, these optional APIs should enable
filing agents and other entities that support large numbers of filers
to manage delegations rapidly and efficiently for those filers.
---------------------------------------------------------------------------
\155\ See supra note 141153.
---------------------------------------------------------------------------
g. APIs To View Filer Account Information, Generate CCC, and Create
Custom CCC
Several commenters requested the addition of an optional API to
make available on a machine-to-machine basis the same functionality
that is currently provided within the ``Retrieve/Edit Data'' section of
the EDGAR Filing website.\156\ That functionality includes, but is not
limited to, the ability to view/edit filer account information such as
the filer's name, contact information, and corporate information like
State of incorporation and fiscal year-end, view the filer's current
account balances and request the return of unused funds, and change the
filer's password or CCC. As part of the transition to EDGAR Next, some
of this functionality will be shifted to the dashboard, such as the
filer's EDGAR POC. In addition, the fee-related aspects of this
functionality raise unique technical challenges that make providing
APIs for those functions more difficult due to the current systems and
processes surrounding payment and fee information.\157\ For those
reasons, separate APIs will not be added at this time for each of the
functions currently provided in the ``Retrieve/Edit Data'' section of
the EDGAR Filing website.
---------------------------------------------------------------------------
\156\ See XBRL II Comment Letter (``All functionality provided
under the Retrieve/edit data section of the EDGAR site should have
an equivalent API implementation. . . .''); Toppan Merrill Comment
Letter (``Ideally, all functionality that is currently available
within the `Retrieve/Edit' data under a CIK within EDGAR will be
available through an API in EDGAR Next.'').
\157\ Filing fee information will remain in the ``Retrieve/Edit
Data'' section of the EDGAR Filing website; it will not be
accessible on the dashboard.
---------------------------------------------------------------------------
To address commenter concerns, however, a ``view filer account
information API,'' as well as a ``generate CCC API'' and a ``create
custom CCC API,'' will be added. The optional view filer account
information API will allow filers to view the filer's name, contact
information, CCC, CIK type (company, single-member company, or
individual), and next confirmation date. The optional generate CCC and
create custom CCC APIs will allow filers to generate a new CCC at any
time to enhance filer security without causing filing delays.
h. Enrollment API
To facilitate the requirement that existing filers enroll in EDGAR
Next, an optional API designed to automate the enrollment process will
be added. As stated in the Proposing Release, filers may enroll in
EDGAR Next either through, (a) manual enrollment of single accounts on
an account-by-account basis or (b) enrollment of multiple accounts
simultaneously, by completing and uploading a spreadsheet of up to 100
filers (100 rows) per bulk enrollment. Several commenters expressed
concerns regarding the volume and complexity of enrollment and
requested that some form of automation or increased flexibility be
provided regarding the enrollment process.\158\ The ``enrollment API''
should help address these concerns by streamlining the enrollment
process.
---------------------------------------------------------------------------
\158\ See, e.g., Workiva Comment Letter (``[W]e suggest
automatically enrolling the current POC as a super administrator by
default. . . . We highly recommend that the initial transition
should include preloaded delegations based on filing history, with
the option of automatic acceptance by filing agents. . . .''); XBRL
II Comment Letter (``We recommend that the CSV limit be increased to
500, from the proposed limit of 100.'').
---------------------------------------------------------------------------
2. API Tokens
For filers that opt to connect to APIs, filer API tokens and user
API tokens if the relevant API requires presentation of a user API
token, will be required by the EDGAR Filer Manual as amended, as
discussed in the Proposing Release. The use of tokens to connect to
optional APIs is a security requirement designed to minimize the
potential for unauthorized access to filers' accounts on EDGAR.
As discussed in the Proposing Release, the EDGAR Filer Manual will
be amended to require that filers that connect to the optional APIs
have a technical administrator generate a filer API token on the
dashboard to authenticate the filer. The filer API token will remain
valid for up to one year. In a change to what was discussed in the
proposal, a filer will be allowed to use its delegated entities' filer
API tokens and API connections (and rely upon its delegated entities'
technical administrators), so long as the filer's delegated entity has
authorized at least two technical administrators pursuant to paragraph
(d)(3) of Rule 10 and the individual at the filer using its delegated
entity's filer API tokens and API connections provides a valid user API
token if the relevant API requires presentation of a user API token, as
set forth below. Further, as discussed in the Proposing Release, the
EDGAR Filer Manual will be amended to require that an individual user
or account administrator generate a user API token on the dashboard to
authenticate herself. In a change to the discussion in the Proposing
Release indicating that the EDGAR Filer Manual would require that the
user API token would remain valid for up to one year so long as the
user logged into EDGAR at least every 30 days, the EDGAR Filer Manual
will specify that the user API token will remain valid for 30 days from
the time the token is generated.
One commenter recommended that a filer be able to use the filer API
token generated by the filer's delegated entity.\159\ This suggestion
will be
[[Page 106191]]
implemented to make the optional APIs more accessible for smaller
filers. As discussed above, filers may use their delegated entity's API
connections and filer API tokens so long as the delegated entity has
authorized at least two technical administrators pursuant to paragraph
(d)(3) of Rule 10. Filers that do so will not need to authorize their
own technical administrators or obtain and maintain their own filer API
tokens. Individuals at these filers must, however, supply their own
user API tokens, if the relevant API requires presentation of a user
API token. As a result, smaller filers that may not have the resources
to develop API connections or employ their own technical
administrators, but who nevertheless would like their personnel to
interact with EDGAR through APIs, may use the APIs that their delegated
entity develops and maintains.
---------------------------------------------------------------------------
\159\ Workiva Comment Letter (``[T]he proposed delegation
scenario is not well suited for automated filing solutions, since
while the filing software can use its filer token, an employee of
the filing software provider would not typically be involved to
provide their user token. One solution would be to allow the
registrant's authorized user to use their user token with the
delegated filing software's filer token.'').
---------------------------------------------------------------------------
Another commenter expressed concern that expiring API tokens could
frustrate the ability of filers to plan ahead to make filings and
suggested that the Commission provide an API to allow filers to
programmatically check expiration dates for relevant filer API tokens
and user API tokens.\160\ As discussed further above, an optional
filing credentials API will be offered so that filers can check filing
credentials, including information regarding API token expiration dates
and account confirmation deadlines.
---------------------------------------------------------------------------
\160\ See XBRL II Comment Letter (``We also suggest that the
Commission give users the ability to see information about the
token, for example what is the upcoming expiration date. This could
be executed through an API that provides visibility into whether the
token should work, and if it is not functional, an explanation as to
why it is not working.'').
---------------------------------------------------------------------------
Many commenters objected to the 30-day login requirement for the
user API token discussed in the proposal and stated that it would be
especially burdensome for infrequent filers.\161\ One commenter also
expressed concerns about the complexity and multiple layers of
requirements contemplated for user API tokens, citing the one-year
validity period and 30-day login requirements.\162\ Another commenter
supported the 30-day login requirement as being justified in terms of
providing additional security.\163\
---------------------------------------------------------------------------
\161\ See, e.g., XBRL II Comment Letter (``[T]he requirement to
log into an EDGAR website, interactively, every 30 days means that
many Section 16 reporting owners will be continuously
inactivated.''); SIFMA Comment Letter (``[W]e recommend that EDGAR
Next access credentials not be removed for mere inactivity, which
the Commission indicates would happen with API tokens that are not
used during a 30 day period.''); Workiva Comment Letter (``According
to our customer survey, about 72% of the respondents indicated that
[the 30-day login requirement for user API tokens] poses a
significant burden or risk to their filing teams. We strongly
recommend that the Commission eliminate this requirement.'').
\162\ See XBRL II Comment Letter (``[W]e are concerned about the
multiple layers of requirements for the token API, for example, the
expiration and 30-day login requirements, which will be challenging,
particularly for sporadic filers.'').
\163\ See Chris V. Comment Letter (``In the vein of additional
security, the proposal as written also currently suggests requiring
monthly logins to maintain access to an API access code which is
open for one year. I feel this could be considered heavyhanded in
comparison to the fairly lax standards which exist today, but I do
think it's worth the additional security and expectation from those
submitting data.'').
---------------------------------------------------------------------------
We considered these comments as well as the need to enhance system
security. As a result, in a change to what was discussed in the
Proposing Release, the EDGAR Filer Manual as amended will specify that
the user API token will expire 30 days after the individual generates
the token. The Proposing Release by contrast contemplated that the user
API token would remain valid for one year so long as the user logged
into the dashboard every 30 days. Thus, rather than logging in every 30
days to keep the user API token active, as discussed in the Proposing
Release, the individual is required to log in every 30 days to generate
a new user API token. The shorter duration of the user API token will
enhance the security of APIs, especially in light of the annual
duration of the filer API token. Shorter validity periods and more
frequent expiration dates limit the risk exposure of a token being lost
or stolen during the validity period, and thus more frequent expiration
dates are generally preferable from a security perspective. Separately,
the 30-day duration of the user API token avoids the potential
confusion posed by a token that persists for one year only if the user
logs into EDGAR every 30 days, a concern expressed by one commenter
noted above.\164\ We note that an optional API will be offered, as
requested by commenters and discussed above, to allow filers easily to
retrieve the expiration dates of the filer API token and user API
token.
---------------------------------------------------------------------------
\164\ See XBRL II Comment Letter (``[W]e are concerned about the
multiple layers of requirements for the token API, for example, the
expiration and 30-day login requirements, which will be challenging,
particularly for sporadic filers.'').
---------------------------------------------------------------------------
While we understand the concerns raised by commenters, we do not
think it is unduly burdensome for section 16 and other periodic filers
who choose to make submissions through APIs to log into the dashboard
and generate a new user API token once per month or otherwise prior to
making an infrequent filing. Further, as is the case currently, the
individual making the submission need not be the filer itself. Section
16 and other periodic filers could authorize through powers of attorney
relevant individuals at their filing agents or other representatives as
account administrators, eliminating the need for the section 16 or
other periodic filer to obtain individual account credentials or
otherwise interact with the dashboard. Alternatively, section 16 and
other periodic filers could delegate authority to file to one of these
entities (so long as that entity has an EDGAR account), thereby
eliminating the need for the section 16 filer herself to log into the
dashboard to generate user API tokens. In addition, as noted elsewhere
in this release, generating a user API token is a straightforward
process accomplished on the dashboard, and we estimate that a user API
token could be generated within approximately one minute of logging
into the dashboard. Moreover, the ability of a filer to authorize
multiple account administrators and users, each with a user API token
expiring at a different time, lessens concerns about the need to
generate a new user API token for a particular user when a filing
deadline is approaching.
A commenter suggested that the SEC allow the use of
``organizational user tokens'' that would represent the filer as a
whole, as opposed to identifying a specific individual.\165\ Similarly,
another commenter suggested that filers using third-party filing
software should be able to submit filings by presenting a user API
token belonging to an individual at the third-party filing software
company, so that the individual who was making the filing would not
need to obtain a user API token to identify herself.\166\ We decline to
implement these suggestions because they would frustrate the
Commission's objective of identifying the individual making the filings
and taking actions on EDGAR through APIs.
---------------------------------------------------------------------------
\165\ See Workiva Comment Letter (indicating that the SEC should
allow an organizational user token that represents the organization
as a whole and that could be managed the same way as an individual
user API token).
\166\ See Comment Letter of Martin Francisco (November 21, 2023)
(``Would it be deemed permissible to use a single user token
belonging to the administrator of a third-party filing solution to
submit filings created by independent users of that third-party
filing solution? Such a deployment would make it easier for users of
that third-party solution (no individual token management
needed).'').
---------------------------------------------------------------------------
Other commenters suggested that API tokens should have no
expiration dates or alternately should be automatically
[[Page 106192]]
renewed upon expiration.\167\ Although we acknowledge commenters'
concerns that limiting the duration of API tokens could be
inconvenient, we balance those concerns against our goals of
maintaining EDGAR security by requiring authenticating credentials to
be updated periodically via multifactor authentication, and by
requiring new tokens periodically to avoid unauthorized use of a
persistent token. A one-year validity period for filer API tokens is
consistent with current EDGAR security requirements, which require
passwords to be changed once per year before they expire. In addition,
a 30-day validity period for user API tokens will reduce the risk that
a long-persistent token will be compromised.
---------------------------------------------------------------------------
\167\ See XBRL II Comment Letter (``We recommend never letting
the token expire, or at a minimum setting a longer time for the
token expiration period.''); Comment Letter of Jacob Halstead
(January 17, 2024) (suggesting the SEC should ``allow applications
to . . . renew the token without user interaction.'').
---------------------------------------------------------------------------
One commenter suggested that filers and filing agents may in
practice share filer API tokens and user API tokens across multiple
organizations with the result that submissions will not be as secure as
anticipated and not necessarily be associated with the individual who
generated the user API token.\168\ To be clear, Rule 10 as amended
requires that individuals access EDGAR by logging in with their own
Login.gov individual account credentials and employ multifactor
authentication. The EDGAR Filer Manual as amended will further require
that user API tokens be associated with the individual logging into
EDGAR. As discussed in this release, the Commission seeks to trace
submissions to the individual who logs into EDGAR with individual
account credentials and completes multifactor authentication. For APIs,
presentation of the individual's user API token allows the Commission
to identify who makes each submission or takes action on EDGAR, a
primary goal of this rulemaking. We agree that the potential scenario
described by the commenter compromises EDGAR security, and we reiterate
that we expect filers to comply with the requirements of Rule 10 and
the EDGAR Filer Manual as amended.
---------------------------------------------------------------------------
\168\ See Workiva Comment Letter (``We feel that the proposed
filer and user tokens system may be less secure in practice than
anticipated. Since many registrant and reporting owner filings are
handled by multiple filing agents and due to additional
administration and management requirements in the EDGAR Next
proposal, these long-lived tokens will likely be shared amongst
multiple organizations and may provide no actual assurance that a
filing is being submitted by the user associated with the token.'').
---------------------------------------------------------------------------
EDGAR Next provides filers flexibility to manage the security
tokens required for connection to optional APIs. Filers may generate an
unlimited number of filer API tokens on the dashboard. Filers may use
the filer API tokens and API connections of their delegated entities.
With respect to user API tokens, filers have several options to
authorize up to 500 individuals to make submissions. Filers may
authorize up to 20 account administrators in total (including
individuals not employed at the filer or its affiliates through
notarized powers of attorney), and those account administrators may
authorize up to 500 users, all of whom would be authorized to make
submissions on behalf of the filer and would be able to generate user
API tokens. Filers may delegate authority to filing agents or any other
EDGAR account to file on their behalf, and those entities may each have
up to 20 account administrators and 500 users. Any of these individuals
would be able to generate a user API token and make submissions on
behalf of the filer in compliance with EDGAR Next.
F. Final Amendments to Rules and Forms
1. Rule 10 of Regulation S-T
The Commission proposed to amend Rule 10 of Regulation S-T to add
new paragraph (d) and to make certain clarifying and conforming changes
in paragraph (b) and in the note to Rule 10. We did not receive any
comments concerning the proposed amendments to Rule 10. We received one
comment peripheral to paragraph (b)(2) of Rule 10 requesting that the
technical process of uploading PDFs to EDGAR be improved. As discussed
in more detail below, that improvement to EDGAR will be made.\169\
---------------------------------------------------------------------------
\169\ EDGAR will be enhanced to ensure that when a Form ID PDF
is created from the dashboard, that PDF will not contain hyperlinks
that may interfere with the upload of the document to EDGAR. To be
clear, this technical change is unrelated to the amendments to Rule
10.
---------------------------------------------------------------------------
We are adopting, largely as proposed, amendments to Rule 10 of
Regulation S-T to add paragraph (d). New paragraphs (d)(1) through (4)
are discussed in full above. As discussed above, we are adopting
paragraph (d)(3) of Rule 10 with a few slight modifications from the
proposal: paragraph (d)(3) of Rule 10 will refer to filers that
``connect to'' APIs rather than filers that ``use'' APIs, and will not
apply to a filer that has delegated authority to file on the dashboard
to a delegated entity that is in compliance with the rule's
requirements. In addition, as noted above, minor revisions to paragraph
(d)(2) as proposed were made to the paragraph as adopted to clarify
that each individual or single-member company electronic filer must
authorize and maintain at least one individual as an account
administrator to manage its EDGAR account.
We are adopting amendments, as proposed, to add new paragraph
(d)(5) of Rule 10 to require that the filer, through its authorized
account administrators, maintain accurate and current information on
EDGAR concerning the filer's account, including but not limited to
accurate corporate information and contact information, such as mailing
and business addresses, email addresses, and telephone numbers. This
constitutes an ongoing obligation for the filer to update its
information on EDGAR as necessary. New paragraph (d)(5) is analogous to
the existing requirements set forth in the EDGAR Filer Manual, Volume I
to maintain accurate company information on EDGAR, which we are
amending accordingly to reference new paragraph (d)(5).\170\ The
requirement in paragraph (d)(5) of Rule 10 will provide greater
assurance to Commission staff and the public about the accuracy of the
filer's information contained in EDGAR.
---------------------------------------------------------------------------
\170\ Compare current EDGAR Filer Manual, Volume I, at section 5
(``Filers must maintain accurate company information on EDGAR,
including but not limited to a filer's current name, business
mailing address, and business email address.'') with amended EDGAR
Filer Manual, Volume I, at section 4 (``As required by Rule 10(d)(5)
of Regulation S-T, 17 CFR 232.10(d)(5), filers must maintain
accurate and current company information on EDGAR concerning the
filer's account, including but not limited to accurate contact
information and corporate information, if relevant.'').
---------------------------------------------------------------------------
We are also adopting amendments, as proposed, to add paragraph
(d)(6) of Rule 10, which requires the filer, through its authorized
account administrators, to securely maintain information relevant to
the ability to access the filer's EDGAR account, including access
through any EDGAR API. This requirement is designed to ensure that
information relevant to the ability to access the filer's account, such
as individual account credentials and API tokens, is securely
maintained and not publicly exposed or otherwise compromised. New
paragraph (d)(6) of Rule 10 is analogous to requirements set forth in
the EDGAR Filer Manual, Volume I to securely maintain EDGAR access and
to maintain accurate company information on EDGAR.\171\
---------------------------------------------------------------------------
\171\ Compare current EDGAR Filer Manual, Volume I, at section 4
(``Filers must securely maintain all EDGAR access codes and limit
the number of persons who possess the codes. EDGAR access codes
include the password, passphrase, CCC, and password modification
authorization code (PMAC).'') with amended EDGAR Filer Manual,
Volume I, at section 3 (``Each applicant or filer may only authorize
to act on its behalf on EDGAR those individuals who have obtained
individual account credentials through Login.gov. . . . Individual
account credentials are intended for the use of the individual who
obtained them to allow identification of the individual taking
action on EDGAR. Individual account credentials must not be shared
with other individuals.'').
---------------------------------------------------------------------------
[[Page 106193]]
The Commission is also adopting, substantially as proposed,
amendments to Rule 10 to make certain clarifying and conforming
changes. Paragraph (b) of Rule 10 is being revised to refer to ``each
electronic filer'' required to submit Form ID before filing on EDGAR,
instead of ``each registrant, third party filer, or filing agent.''
\172\ This change is not intended to alter the scope of who is subject
to paragraph (b) of Rule 10, but instead clarifies that all new
electronic filers are required to submit Form ID for review and
approval by Commission staff before they may file on EDGAR.
---------------------------------------------------------------------------
\172\ Compare current paragraph (b) of Rule 10 of Regulation S-T
(``Each registrant, third party filer, or filing agent must, before
filing on EDGAR . . .'' with amended paragraph (b) of Rule 10 of
Regulation S-T (``Each electronic filer must, before filing on EDGAR
. . .'').
---------------------------------------------------------------------------
In addition, we are adopting as proposed an amendment to paragraph
(b)(2) of Rule 10, which currently states that an authenticating
document for Form ID must be signed by the applicant, to also state
that the authenticating document may be signed by an authorized
individual of the applicant.\173\ This final amendment is intended to
conform the language in paragraph (b)(2) of Rule 10 with the text of
the EDGAR Filer Manual, which provides that the authenticating document
shall be signed by an authorized individual, including a person with a
relevant power of attorney.\174\ We proposed to separately amend
paragraph (b) of Rule 10 of Regulation S-T to require Form ID to be
completed by an individual authorized by the electronic filer as its
account administrator. In a modification from the proposal, however, as
discussed in section II.B.1.a, it will not be necessary for Form ID to
be completed or submitted by one of the applicant's prospective account
administrators. Thus, that proposed amendment to paragraph (b) of Rule
10 is not being adopted.
---------------------------------------------------------------------------
\173\ Compare current paragraph (b)(2) of Rule 10 of Regulation
S-T (``File . . . a notarized document, signed by the applicant . .
.'' with amended paragraph (b)(2) of Rule 10 of Regulation S-T
(``File . . . a notarized document, signed by the electronic filer
or its authorized individual . . .'').
\174\ See EDGAR Filer Manual, Volume I, at section 3(b).
---------------------------------------------------------------------------
As noted above, we received one comment requesting additional
details concerning the PDF requirements for Form ID authenticating
documents required to be uploaded to EDGAR pursuant to proposed
paragraph (b)(2) of Rule 10.\175\ The commenter stated that Form ID
authenticating documents could not be successfully uploaded to EDGAR
because those PDFs contained hyperlinks which prevented the documents
from being accepted by EDGAR. PDF documents required to be uploaded
pursuant to paragraph (b)(2) of Rule 10 are subject to the same EDGAR
validation requirements that apply to all PDF documents uploaded to
EDGAR, including prohibitions on active content (e.g., embedded
JavaScript) and external references (hyperlinks, etc.).\176\ Any URLs
contained in PDFs must be in plain text. To facilitate the process of
uploading PDFs to EDGAR pursuant to paragraph (b)(2) of Rule 10, EDGAR
will be enhanced to ensure that when a Form ID authenticating document
PDF is created from the dashboard, that PDF will not contain
hyperlinks.
---------------------------------------------------------------------------
\175\ See Toppan Merrill Comment Letter (``Additional detail
around the requirements for PDF documents under 232.10(b)(2) would
be helpful (e.g., what PDF formats acceptable [sic], is the PDF
required to be searchable, are hyperlinks allowed, etc.) Currently,
the Form ID application contains many URLs, which when printed to
PDF, electronically signed and uploaded do not pass validation. It
would be helpful to hide these URLs from the printed version of the
Form ID authentication document.'').
\176\ See EDGAR Filer Manual, Volume II, at section 5.2.3.2
(discussing EDGAR validation requirements for PDFs).
---------------------------------------------------------------------------
Finally, we are adopting revisions to the note to Rule 10 largely
as proposed to state that the Commission staff carefully review each
Form ID application and that filers should expect that the Commission
staff will require sufficient time to approve and review the Form ID.
For clarity, the final amendments express this as an affirmative
statement (``filers should expect that the Commission staff will
require sufficient time to review the Form ID'') as opposed to how this
concept was proposed (``filers should not assume that the Commission
staff will automatically approve the Form ID''). Therefore, the final
amendments provide that filers should submit Form ID ``well in
advance'' of their first required filing.\177\ We believe this revised
language makes clear that Commission staff need an appropriate amount
of time to review the Form ID. Due to the frequently high volume of
Form ID applications submitted for Commission staff review, potential
applicants should allow sufficient time for the review process to be
conducted in the event that staff is concurrently reviewing a high
volume of applications.
---------------------------------------------------------------------------
\177\ As adopted, the note to Rule 10 states: ``The Commission
staff carefully review each Form ID application, and electronic
filers should expect that the Commission staff will require
sufficient time to review the Form ID upon its submission.
Therefore, any applicant seeking EDGAR access is encouraged to
submit the Form ID for review well in advance of the first required
filing to allow sufficient time for staff to review the
application.'' Current staff guidelines regarding the minimum time
needed for Commission staff to review Form ID can be found in the
``Prepare and Submit my Form ID Application'' section of the ``EDGAR
-- How Do I'' FAQs, at https://www.sec.gov/submit-filings/filer-support-resources/how-do-i-guides/prepare-submit-my-form-id-application.
---------------------------------------------------------------------------
2. Rule 11 of Regulation S-T
As proposed, we are adopting amendments to Rule 11 of Regulation S-
T, ``Definitions of terms used in this part,'' to add and define new
terms and update the definitions of certain existing terms. The
amendments include terms and definitions specific to the rule and form
amendments that delineate how individuals and entities access, file on,
and manage EDGAR accounts.
Under the final amendments, certain terms define the new roles for
individuals under EDGAR Next. Those roles are as follows:
``Account administrator'' means the individual that the filer
authorizes to manage its EDGAR account and to make filings on EDGAR on
the filer's behalf. The designation of an account administrator helps
to ensure that only authorized persons are able to file and take other
actions on behalf of the filer.
``Authorized individual'' means an individual with the authority to
legally bind an entity or individual for purposes of Form ID, or an
individual with a power of attorney from an individual with the
authority to legally bind an entity or individual for purposes of Form
ID. The adopted definition specifies that the power of attorney
document must clearly state that the individual receiving the power of
attorney has general legal authority to bind the entity or individual
or specific legal authority to bind the entity or individual for
purposes of Form ID.
``Delegated entity'' means a filer that another filer authorizes on
the dashboard to file on its behalf. As itself a filer, a delegated
entity is subject to all applicable rules for filing on EDGAR.
Delegated entities are not permitted to further delegate authority to
file for the delegating filer, nor are they permitted to take action on
the delegating filer's dashboard.
``Filing agent'' means any person or entity engaged in the business
of making submissions on EDGAR on behalf of filers. As discussed above
in section II.C., to act as a delegated entity for a
[[Page 106194]]
filer, a filing agent must be a filer with an EDGAR account.
``Single-member company'' describes a company that only has a
single individual who acts as the sole equity holder, director, and
officer (or, in the case of an entity without directors and officers,
holds position(s) performing similar activities as a director and
officer).
``Technical administrator'' means an individual that the filer
authorizes on the dashboard to manage the technical aspects of the
filer's connection to EDGAR APIs on the filer's behalf.
``User'' means an individual that the filer authorizes on the
dashboard to make submissions on EDGAR on the filer's behalf.
Other terms identify new applications and upgrades to access and
maintain filers' accounts on EDGAR, including the following:
``Application Programming Interface'' (API) means a software
interface that allows computers or applications to communicate with
each other.
``Dashboard'' means an interactive function on EDGAR where filers
manage their EDGAR accounts and where individuals that filers authorize
may take relevant actions for filers' accounts.
``Individual account credentials'' means credentials issued to
individuals for purposes of EDGAR access, as specified in the EDGAR
Filer Manual, and used by those individuals to access EDGAR. The EDGAR
Filer Manual as amended specifies that individual account credentials
must be obtained through Login.gov, a sign-in service of the United
States Government that employs multifactor authentication.
The final amendments also update or delete outdated terminology
from certain definitions in Rule 11, such as references to ``telephone
sessions'' in the definition of ``direct transmission.'' Although some
filers may still use dial-up internet to access EDGAR, we expect that
nearly all filers currently rely on broadband, cable, or other internet
technologies.
Finally, we are adopting amendments to update the definition of
``EDGAR Filer Manual'' to more clearly describe its contents. Rule 11
currently describes the ``EDGAR Filer Manual'' as ``. . . setting out
the technical format requirements for an electronic submission.'' The
EDGAR Filer Manual has been updated over time, however, to include
additional requirements for filers, including those pertaining to EDGAR
access, maintaining EDGAR company information, and submitting online
filings. Accordingly, we are updating the EDGAR Filer Manual definition
to indicate the inclusion of these procedural requirements. We believe
that the final amendments to the definition will better inform filers
of the scope of the EDGAR Filer Manual requirements.
We received three comments on the proposed definitions in the
Proposing Release. Two commenters agreed that the proposed amendments
to the definitions in Rule 11 were appropriate.\178\ One of the
commenters also requested that the terms ``Filer API Token'' and ``User
API Token'' be defined.\179\ We do not think it is necessary to amend
Regulation S-T to provide definitions of ``Filer API Token'' and ``User
API Token'' because those terms are not referenced in Regulation S-T.
Further, we are making one change to the definition of Technical
Administrator to accord with the change from the word ``use'' in
proposed paragraph (d)(3) of Rule 10 to the word ``connect'' in adopted
paragraph (d)(3) of Rule 10. The word ``connect'' will similarly be
substituted for the word ``use'' in the definition of technical
administrator for the reasons given above.
---------------------------------------------------------------------------
\178\ See DFIN Comment Letter; Toppan Merrill Comment Letter.
\179\ See DFIN Comment Letter (`` `Filer API Token' and `User
API Token' should be defined.'').
---------------------------------------------------------------------------
3. Form ID
Form ID is an online fillable form that must be completed and
submitted to the Commission by individuals, companies, and other
organizations that seek access to file electronically on EDGAR.\180\
Among other things, Form ID seeks information about the identity and
contact information of the applicant. The applicant is required to
print \181\ the completed online Form ID application, obtain the
notarized signature of the applicant's authorized individual \182\ on
the printed document, and upload the signed notarized document (the
Form ID authentication document) to EDGAR to confirm the authenticity
of the application. In certain cases, applicants may also be required
to upload additional documentation to assist Commission staff in
determining the nature and legitimacy of the application.\183\
---------------------------------------------------------------------------
\180\ Compare current Rule 10(b) (providing that each
registrant, third party filer, or agent seeking EDGAR access must
submit Form ID) with Rule 10(b) as adopted (providing that each
electronic filer seeking EDGAR access must submit Form ID).
\181\ The applicant may print the form to PDF and need not print
a physical hard copy of the form.
\182\ The term ``authorized individual'' is defined in the EDGAR
Filer Manual, Volume I as well as Rule 11, as amended.
\183\ For example, if an applicant represents that it has
acquired or otherwise assumed control of the filer listed on the
existing EDGAR account, then the applicant must also supply
documents to Commission staff to establish the legal transition from
the filer on record in EDGAR to the applicant claiming authority to
file on the existing EDGAR account.
---------------------------------------------------------------------------
We are adopting amendments to Form ID largely as proposed to
include changes to information required to be reported on the form as
well as technical changes. As a departure from what we contemplated in
the Proposing Release, however, and as discussed above, it will not be
necessary for Form ID to be completed or submitted by one of the
applicant's prospective account administrators.
As outlined above, the final amendments to Form ID will require an
applicant for EDGAR access to provide certain additional information,
including:
(1) Designating on Form ID specific individuals the applicant
authorizes to act as its account administrators to manage its EDGAR
account on a dedicated dashboard on EDGAR. Applicants will generally be
required to authorize at least two account administrators, although
individuals and single-member companies will only be required to
authorize at least one account administrator. If a prospective account
administrator is not (1) the applicant (in the case of an individual
applicant) or (2) an employee of the applicant or its affiliate (in the
case of a company applicant), the applicant will also be required to
disclose the prospective account administrator's employer and CIK, if
any, and provide a notarized power of attorney to authorize the
individual to manage the applicant's EDGAR account as an account
administrator. As discussed above, as a departure from the proposal,
amended Form ID will also include information to alert applicants that
EDGAR will by default designate the first account administrator listed
on Form ID as the filer's EDGAR POC.\184\
---------------------------------------------------------------------------
\184\ See supra text accompanying and following note 70.
---------------------------------------------------------------------------
(2) The applicant's Legal Entity Identifier \185\ (``LEI'') number,
if any.
[[Page 106195]]
Applicants that have not yet obtained an LEI will not be required to do
so to submit Form ID. For those applicants that have obtained an LEI,
inclusion of this information will facilitate the ability of Commission
staff to link the identity of the applicant with information reported
on other filings or sources that are currently or will be reported
elsewhere in the future, if LEIs become more widely used by regulators
and the financial industry.
---------------------------------------------------------------------------
\185\ The LEI is a global, 20-character, alphanumeric,
identifier standard that uniquely and unambiguously identifies a
legal entity. Initially developed by the International Organization
for Standardization as ISO 17442, the LEI is nonproprietary and the
LEI data is made publicly available under an open license. The LEI
is used worldwide in the private and public sectors and, in certain
jurisdictions, including the United States, is used for regulatory
reporting. In some cases, the LEI can be used to identify the filer
of a particular report, as well as entities related to the filer,
such as its subsidiaries or parents. The Commission and eight other
Federal agencies recently proposed establishing joint data
standards, which would include LEI, under the Financial Data
Transparency Act of 2022. See Financial Data Transparency Act Joint
Data Standards, Release No. 33-11295 (August 2, 2024) [89 FR 67890
(August 22, 2024)].
---------------------------------------------------------------------------
(3) Providing more specific contact information about the filer,
and the filer's account administrator(s), authorized individual (the
individual authorized to sign Form ID on the filer's behalf, as defined
in the EDGAR Filer Manual), and billing contact (including mailing,
business, and billing information, as applicable). More specific
contact information will allow Commission staff to reach account
administrators, the authorized individual, and billing contacts
associated with the filer when necessary.
To streamline the form, some of the specific contact information
that was proposed to be collected on Form ID will not be included. For
example, Form ID will not require secondary phone numbers or email
addresses in addition to the filer's mailing and business addresses. We
believe that the additional contact information we will collect on
amended Form ID will be sufficient to meet Commission staff's needs.
Similarly, although we proposed amendments to the filer's mailing
address that would allow filers to input ``care of'' information so
that a company applicant could list a filing agent, for example, we are
not amending Form ID to implement that change. We believe that
including a separate address line for ``care of'' information could
encourage applicants to list the names of specific individuals who
might not want to be publicly listed in EDGAR as part of the filer's
mailing address. The Form ID fields related to the filer's mailing
address will continue to have multiple street address lines, as
proposed, which we believe will provide sufficient opportunity for
applicants that wish to include such information to do so.
(4) Specifying whether the applicant, its authorized individual,
person signing a power of attorney (if applicable), account
administrator, or billing contact has been criminally convicted as a
result of a Federal or State securities law violation, or civilly or
administratively enjoined, barred, suspended, or banned in any
capacity, as a result of a Federal or State securities law violation.
Information about whether the applicant or certain individuals named on
Form ID may be subject to relevant bars and prohibitions (including but
not limited to officer and director bars, prohibitions from associating
with brokers, dealers, investment advisers, and/or other securities
entities, and bars from participation in certain industries) will allow
Commission staff to determine whether such bars or prohibitions are
relevant to the application for EDGAR access. Individuals disclosing
the existence of a criminal conviction, or civil or administrative
injunction, bar, suspension, or ban may be contacted by Commission
staff to determine the applicant's eligibility for EDGAR access.
(5) Indicating whether the applicant, if a company, is in good
standing with its State or country of incorporation. Good standing is a
term widely used by State divisions of corporations and/or secretaries
of State to refer generally to whether a company is legally authorized
to do business in the relevant State (or country).
One commenter inquired what action the SEC will take if the Form ID
applicant indicates that it is not in good standing with its State or
country of incorporation.\186\ Although the lack of good standing will
not prevent a company from obtaining EDGAR access, this information
could be relevant in determining whether it may be appropriate for the
staff to review additional documentation as part of its assessment of
the application.
---------------------------------------------------------------------------
\186\ See DFIN Comment Letter (``The `Violations of federal or
state securities laws' section in the proposal has a Yes or No
question. When yes is selected a message [says] `If you indicate
`Yes', the SEC staff may contact you to determine your eligibility
for EDGAR access.' However, the `Is the company in good standing in
its state or country of incorporation?' section does not provide any
additional information when `No' is selected. If `No' is selected
what actions are taken by the SEC?'')
---------------------------------------------------------------------------
(6) Requiring submission of a new Form ID for an existing filer
that indicates that it has: (i) lost electronic access to its existing
CIK account or (ii) is the legal successor of the filer named on the
existing CIK account but did not receive access from that filer. As a
technical change from the proposal, amended Form ID will refer to
applicants that are ``the legal successor of the filer named on the
existing CIK account but did not receive access from that filer'' as
opposed to applicants that ``assumed legal control of the filer listed
on the existing CIK account but did not receive EDGAR access,'' as
proposed.
Currently, applicants seeking to obtain control of an existing
EDGAR account are required to submit certain summary information but
are not required to submit a full application on Form ID. To assist
Commission staff in determining whether applicants seeking to obtain
control of existing EDGAR accounts are legitimate, we will require such
applicants to submit a new Form ID. To facilitate the application
process, certain publicly available corporate and contact information
(such as the filer's name, ``doing business as'' name, foreign name,
mailing and business addresses, State/country of incorporation, and
fiscal year end) will be automatically prepopulated from EDGAR so that
applicants will not need to resubmit that information, although
applicants could update that information on Form ID as necessary.\187\
---------------------------------------------------------------------------
\187\ The filer will nevertheless need to submit a COUPDAT to
update its existing corporate and contact information on EDGAR
(other than the filer's account administrator information) if the
Form ID is granted. As they presently do, broker-dealers will submit
a Form BD amendment to FINRA to update their corporate and contact
information.
---------------------------------------------------------------------------
(7) Requiring those seeking access to an existing EDGAR account to
upload to EDGAR the documents that establish the applicant's authority
over the company or individual listed in EDGAR on the existing
account.\188\
---------------------------------------------------------------------------
\188\ The EDGAR Filer Manual currently provides guidance
regarding what documents are sufficient to establish the applicant's
authority. See EDGAR Filer Manual, Volume I.
---------------------------------------------------------------------------
In addition, we will make certain conforming, formatting, and
ancillary changes to modernize Form ID without significantly altering
the information required to be reported on the form. For example, a
checkbox will be added to each address field for identification of non-
U.S. locations, which will improve data analytics. As another example,
company applicants will be required to provide their primary website
address, if any, to provide staff additional contact and other
information regarding the filer. Further, certain warnings that are
currently listed in the EDGAR Filer Manual and the landing page of the
EDGAR Filing website will be incorporated into Form ID to more clearly
provide notice of those matters to filers.\189\ Additionally, as a
technical change to what was proposed, language in amended Form ID and
the amended Instructions to Form ID that advises
[[Page 106196]]
applicants not to provide unsolicited personally identifiable
information will be updated to refer to attachments as well, and to
provide examples including birth certificates, driver's licenses, and
passports. Similarly, as a technical change from the proposal, amended
Form ID and the amended Instructions to Form ID will remind applicants
not to name specific individuals or include personally identifiable
information in the filer's mailing address or contact information
unless the applicant would like that information to become publicly
available. In addition, as a technical change from the proposal, the
amended Instructions to Form ID will be revised to avoid implying that
companies must become incorporated to apply for EDGAR access (since,
for example, EDGAR filers could include unincorporated trusts).\190\
Further, as a technical change from the proposal, instructions for
existing applicants that are broker-dealers or ``paper filers'' seeking
to electronically file on EDGAR will be clarified to indicate that this
option is intended to capture applicants that are seeking electronic
access for the first time. In addition, as a technical change from the
proposal, certain language in Form ID that provided examples related to
authorized individuals and individuals with individual account
credentials will be revised to more generally express those
concepts.\191\ Finally, as a technical change from the proposal,
language in Form ID that instructs filers to upload a Form ID
authenticating document along with their Form ID submission will be
revised to clarify that the upload should be in PDF format.
---------------------------------------------------------------------------
\189\ Amended Form ID will include a section titled ``Important
information'' that will include the following warning:
``Misstatements or omissions of fact in connection with an
application for EDGAR access and/or in a submission on EDGAR may
constitute a criminal violation under 18 U.S.C. 1001 and 1030 and/or
a violation of other criminal and civil laws. If the SEC has reason
to believe that an application for EDGAR access and/or a submission
on EDGAR is misleading, manipulative, and/or unauthorized, the SEC
may prevent acceptance or dissemination of the application/
submission and/or prevent future submissions or otherwise remove a
filer's access to EDGAR pursuant to Rule 15 of Regulation S-T, 17
CFR 232.15.''
\190\ The proposed Instructions to Form ID stated that filers
should select ``none'' for State of incorporation and ``N/A'' for
fiscal year end if they had ``not yet incorporated.'' In contrast,
the amended Instructions to Form ID provide that filers should
select ``none'' for State of incorporation and ``N/A'' for fiscal
year end if they had ``not incorporated.''
\191\ For example, language in Part 6 of the Instructions will
be revised to replace ``Authorized Person'' with ``Authorized
Individual,'' and to conform with the usage of the term ``authorized
individual'' elsewhere in the form.
---------------------------------------------------------------------------
Two commenters suggested that we amend Form ID to permit applicants
to indicate that they have an urgent upcoming filing deadline. One
specifically requested that a checkbox be included in Form ID to
indicate a rush service, and that we provide guidance for which filing
scenarios could prompt a rush process.\192\ The other recommended that
filers be able to input the date they anticipate needing EDGAR codes in
order to submit a filing, thereby allowing the SEC to prioritize
applications more effectively.\193\ While we acknowledge the
commenters' requests, we believe that allowing filers with pending
filing deadlines to ``skip the queue'' for Form ID processing would
encourage filers to delay preparing for their filing and increase Form
ID processing times for other filers that timely submit their EDGAR
access applications. As noted above, we are revising the note to Rule
10 to clarify that the Commission staff carefully review each Form ID
application and that filers should expect that the Commission staff
will require sufficient time to review the Form ID upon its submission.
Therefore, filers should submit EDGAR access applications on Form ID
``well in advance'' of their first required filing.
---------------------------------------------------------------------------
\192\ See DFIN Comment Letter (``A checkbox included in the Form
ID to indicate a rush service and provide guidance for what filing
scenarios could prompt a rush process may be beneficial.'').
\193\ See Toppan Merrill Comment Letter (``It may be helpful for
filers who have an urgent need to complete a filing to input the
date they anticipate needing EDGAR codes to file. This may allow the
SEC to prioritize the applications more effectively.'').
---------------------------------------------------------------------------
Another commenter suggested there should be a mechanism for an
individual to modify her email information without imposing the undue
burden of submitting a new Form ID.\194\ Filers will be able to
continue to update their EDGAR POC information, including email address
on file, as they currently do, by submitting a COUPDAT, until the
compliance date or the filer enrolls in EDGAR Next, whichever comes
first. Beginning March 24, 2025, filers that enroll must make all
updates to their EDGAR POC on the dashboard by updating the EDGAR POC
account administrator information or changing the account administrator
designated as the EDGAR POC. Filers that have not enrolled will be able
to submit a COUPDAT to update EDGAR POC information until September 12,
2025. Beginning September 15, 2025, all filers must make updates to
their EDGAR POC information on the dashboard.
---------------------------------------------------------------------------
\194\ See Block Transfer Comment Letter (``There ought to exist
more reasonable documentation as to how an individual without access
to EDGAR Next or their old EDGAR Next dashboard email might modify
their email without imposing the undue burden of submitting a new
Form ID (for example, because of a change of domain name).'').
---------------------------------------------------------------------------
A commenter asked that the Form ID application process be
streamlined, asserting that the process of printing and uploading
documents was not intuitive, based on its experience in the beta
environment that was provided during the comment period to allow
commenters to test the EDGAR Next functionality discussed in the
Proposing Release (``Proposing Beta'').\195\ The Proposing Beta
required applicants to complete Form ID online, including attaching any
additional documentation required by Part 5 of proposed Form ID,
inputting their name and title in the signature page in Part 6 of
proposed Form ID, and then returning to Part 5 of proposed Form ID to
print the completed electronic form (or save it as a PDF). The printed
form (or PDF) would then be manually (or electronically) signed by the
applicant and notarized to serve as the proposed Form ID authenticating
document. This authenticating document would then be uploaded and
submitted in Part 5 of proposed Form ID. We will continue to require
the Form ID authenticating document, which we believe is a helpful
means to verify the identity of the applicant. However, to address the
commenter's concern, we will change the order of Parts 5 and 6 in Form
ID, so that applicants will be able to complete Parts 1-5 of the form
and then will only need to attach, print (or save as a PDF), and upload
documents in Part 6 (as opposed to going back and forth between Parts 5
and 6 as in the Proposing Beta).
---------------------------------------------------------------------------
\195\ See Toppan Merrill Comment Letter (``The Form ID process
should be streamlined, technically. Currently the EDGAR Next Beta
system requires the user to upload power of attorney documents and
then print the application. After which, users must exit the
application before uploading the signed authentication document. We
recommend streamlining the process so that all the steps are
intuitive and built into the process.'').
---------------------------------------------------------------------------
The commenter also asked that hyperlinks included in Form ID be
suppressed when the Form ID authenticating document is created, on the
grounds that those hyperlinks cause Form ID authenticating documents
that were saved as PDFs to fail EDGAR validation when those PDFs are
uploaded to EDGAR.\196\ As discussed above, we will implement this
suggestion.
---------------------------------------------------------------------------
\196\ See Toppan Merrill Comment Letter (``Remove hyperlinks
when creating the PDF. When the PDF is printed and electronically
signed, the hyperlinks cause the filing to fail validation
upload.'').
---------------------------------------------------------------------------
Collectively, the final amendments to Form ID will enhance the
security of EDGAR by allowing Commission staff to obtain more
information about the applicant and its contacts. This, in turn, will
help staff to confirm the identity of the applicant and the individuals
associated with the applicant, assess whether the application is
properly authorized, and determine whether there are any other issues
relevant to the application for EDGAR access for staff's consideration.
[[Page 106197]]
G. EDGAR Filer Manual Changes
As discussed throughout this release, the Commission is amending
Volume I of the EDGAR Filer Manual in accord with the rule and form
amendments. The Filer Manual contains information needed for filers to
make submissions on EDGAR. Filers must comply with the applicable
provisions of the Filer Manual in order to assure the timely acceptance
and processing of filings made in electronic format.\197\ Filers must
consult the Filer Manual in conjunction with our rules governing
mandated electronic filings when preparing documents for electronic
submission.
---------------------------------------------------------------------------
\197\ See Rule 301 of Regulation S-T.
---------------------------------------------------------------------------
Amendments to Volume I of the EDGAR Filer Manual are being made to
reflect the EDGAR Next changes, including the following in particular:
(1) The requirement that each applicant or filer may only authorize
to act on its behalf on EDGAR those individuals who have obtained
individual account credentials, and instructions regarding how those
individuals must obtain those individual account credentials through
Login.gov; \198\
---------------------------------------------------------------------------
\198\ See generally section II.A.
---------------------------------------------------------------------------
(2) The requirement to submit a new Form ID for an existing filer
seeking EDGAR access if the filer indicates it has: (i) lost electronic
access to its existing CIK account because, for example, the filer
failed timely to perform annual confirmation or (ii) is the legal
successor of the filer named on the existing CIK account but did not
receive access from that filer; \199\
---------------------------------------------------------------------------
\199\ Id.187.
---------------------------------------------------------------------------
(3) The requirement for applicants seeking access to an existing
EDGAR account to upload to EDGAR the documents that establish the
applicant's authority over the company or individual listed in EDGAR on
the existing account; \200\ and
---------------------------------------------------------------------------
\200\ Id.188.
---------------------------------------------------------------------------
(4) Instructions regarding filer API tokens and user API tokens,
including information on when these tokens will be required and how
they will be used.\201\
---------------------------------------------------------------------------
\201\ See generally section II.E.2.
---------------------------------------------------------------------------
Along with the adoption of the amendments to Volume I of the Filer
Manual, we are amending Rule 301 of Regulation S-T to provide for the
incorporation by reference into the Code of Federal Regulations of the
current revisions. This incorporation by reference was approved by the
Director of the Federal Register in accordance with 5 U.S.C. 552(a) and
1 CFR part 51. The updated EDGAR Filer Manual, issued September 27,
2024, is available at https://www.sec.gov/edgar/filerinformation/current-edgar-filer-manual.
In addition, prior to the compliance date for all other rule and
form amendments on September 15, 2025, the Commission expects to adopt
additional changes to Volume II of the EDGAR Filer Manual in accord
with the rule and form amendments. These changes will be addressed in a
separate release.
H. Transition Process
Compliance with EDGAR Next will be required 12 months from the
issuance of this release. An initial six-month preparation period for
the EDGAR Next changes will begin September 30, 2024 and extend until
March 21, 2025, as requested by several commenters. On March 24, 2025,
the EDGAR Filer Management dashboard will go live and compliance with
the amended Form ID, which must be submitted through the dashboard,
will be required. In addition, beginning March 24, 2025, filers may
begin to enroll on the dashboard and connect to optional EDGAR APIs if
they wish to do so, while still being able to file pursuant to the
legacy filing process. Legacy filing on the EDGAR filing websites will
continue until September 12, 2025. Compliance with all rule and form
changes is required on September 15, 2025. Filers may continue to
enroll after the compliance period for another three months, until
December 19, 2025. Beginning December 22, 2025, filers that have not
enrolled in EDGAR Next or received access through submission of amended
Form ID will be required to submit amended Form ID to request access to
their existing accounts.
The transition period is consistent with certain commenters'
recommendations, which suggested that filers would need preparation
time of approximately six months and enrollment time of approximately
six months, as detailed in further detail below. We are offering
preparation time of six months, enrollment prior to compliance of six
months, and enrollment after compliance of three months. We address
commenters' feedback on the transition period in the compliance section
below.
An Adopting Beta will be available shortly after the issuance of
this release and will remain open throughout the transition period
until at least December 19, 2025. We believe this Adopting Beta will
help filers to test the EDGAR Next functionality and will also bring
awareness to the public regarding the forthcoming changes. Commenters
were broadly in favor of additional beta testing and for additional
public outreach regarding the EDGAR Next changes, as discussed
below.\202\
---------------------------------------------------------------------------
\202\ See, e.g., SCG Comment Letter (urging the Commission to
consider a third round of beta testing for the EDGAR Next platform,
and to conduct additional outreach during the enrollment period to
educate market participants). Cf. DFIN II Comment Letter (supporting
a third beta testing session before the Commission finalizes the
rulemaking so that testing allows for end-to-end processing through
filing.); ICI Comment Letter (same).
---------------------------------------------------------------------------
The following graphic illustrates the transition period to EDGAR
Next:
[[Page 106198]]
[GRAPHIC] [TIFF OMITTED] TR27DE24.015
From Monday, September 30, 2024 to Friday, March 21, 2025, filers
will be afforded a preparation period of approximately six months
during which they may test in the Adopting Beta and conduct related
development, including but not limited to connection to beta versions
of all APIs to be offered as part of EDGAR Next. In addition,
individuals that filers intend to authorize to act on their behalf may
obtain Login.gov individual account credentials. Further, filers may
assemble information they will need to enroll in EDGAR Next, including
but not limited to ensuring that they possess their current passphrase
and determining whom they will authorize as account administrators.
On Monday, March 24, 2025, the new EDGAR Filer Management website
including the dashboard will go live, enrollment of existing filers
will commence, and applicants for EDGAR access will be required to
comply with the amended Form ID. Existing filers will enroll on the
dashboard. Prospective new filers and other filers that are unable to
enroll must complete and submit amended Form ID on the dashboard.
Individuals will need Login.gov individual account credentials to log
into the dashboard.
A person authorized by the filer will log into the dashboard to
enroll the filer. On the dashboard, the person authorized by the filer
will enter the filer's CIK, CCC, and passphrase, as well as the names
of and relevant information about the individuals the filer is
authorizing as its account administrators. If the information is
accurate, enrollment could be effective the same day submitted.
Enrolled filers will be able to make submissions through the optional
APIs if they otherwise satisfy the requirements to connect to the APIs,
while still being able to file pursuant to the legacy filing process.
Submissions on the legacy EDGAR filing websites (EDGAR Online Forms and
EDGAR Filing) will continue to be made using the legacy EDGAR
[[Page 106199]]
access codes until September 12, 2025, according to the same process
currently in place. The period during which the legacy filing process
is available after enrollment begins is being set at six months to
minimize the period during which confusion may arise due to
simultaneous EDGAR operations in both the EDGAR Next and the legacy
EDGAR frameworks.
In addition, on March 24, 2025, compliance will be required with
amended Form ID. On that date, prospective new filers and existing
EDGAR filers that are unable to enroll must apply for EDGAR access on
the amended Form ID. They will do so by logging into the dashboard on
the new EDGAR Filer Management website with Login.gov individual
account credentials, navigating to Apply for Access, and completing the
requirements of the form. Those required to apply for EDGAR access on
amended Form ID include both prospective filers seeking access to EDGAR
for the first time and existing filers that must apply for access to
EDGAR because they: (i) lost electronic access to their existing EDGAR
account; (ii) are a legal successor of the filer named on the existing
EDGAR account but did not receive access from that filer; or (iii) are
a broker-dealer or ``paper filer'' seeking electronic access for the
first time in order to file electronically on an existing EDGAR account
in their name. If Commission staff grant the amended Form ID
application, the filer will be in compliance with the EDGAR Next
changes, and thus will not be required to subsequently enroll on the
dashboard.
The EDGAR filing websites will continue to employ the current
submission process for all filers until Friday, September 12, 2025. On
Monday, September 15, 2025, the compliance date, all EDGAR websites
will require filers' compliance with the EDGAR Next rule and form
changes in order to make submissions, including but not limited to
Login.gov individual account credentials and authorization through the
dashboard.
On September 15, 2025, the compliance date, EDGAR will require
individual account credentials on the EDGAR filing websites (as well as
the EDGAR Filer Management website). At that time, individuals who seek
to make submissions and take other actions for filers on EDGAR will be
required to enter Login.gov individual account credentials and be
authorized to access EDGAR through enrollment, on amended Form ID, or
on the dashboard.
After the compliance date, until December 19, 2025, filers who have
not yet enrolled will not be able to make submissions or take other
actions in EDGAR other than enroll on the EDGAR Filer Management
dashboard. The enrollment process will remain the same as prior to the
compliance date--requiring the filer to provide their CIK, CCC,
passphrase, and names and information about authorized account
administrators. If filers do not possess their CCC or passphrase,
methods will be available for them to reset those codes in order to
enroll.\203\ After December 19, 2025, filers who have not enrolled in
EDGAR Next will be required to submit the amended Form ID on the
dashboard to apply for access to their existing EDGAR accounts.
---------------------------------------------------------------------------
\203\ See supra note 208.
---------------------------------------------------------------------------
The detailed transition timeline is as follows:
September 30, 2024--Prepare for EDGAR Next changes
[cir] Adopting Beta will open.
[cir] Adopting Beta will reflect the new EDGAR Filer Management
website and the dashboard including all dashboard functionality
discussed in this release. Testers can submit a ``test'' amended Form
ID to establish fictional testing accounts.
[cir] Adopting Beta will contain beta versions of all optional APIs
that will be available in March 2025: Submission, submission status,
EDGAR operational status, filing credentials verification, view
individuals, add individuals, remove individuals, change role, send
delegation invitations, request delegation invitations, view
delegations, view filer account information, create custom CCC,
generate CCC, and EDGAR Next enrollment.
[cir] The Overview of EDGAR APIs and API Toolkit will be available
to filers.
[cir] Adopting Beta will reflect the current versions of the two
legacy EDGAR filing websites with the current submission process,
because filers making submissions on the two legacy EDGAR filing
websites (EDGAR Online Forms and EDGAR Filing) between March 24, 2025
and September 12, 2025, will do so according to current EDGAR
processes.
March 24, 2025--Enrollment of existing filers begins; application for
access on amended Form ID required for prospective new filers and
filers unable to enroll
[cir] New EDGAR Filer Management website including the dashboard
will go live and will require Login.gov individual account credentials
for login.
[cir] Amended Form ID will be required.
[ssquf] New applicants seeking access to EDGAR must submit the
amended Form ID through the dashboard on the new EDGAR Filer Management
website.
[ssquf] Existing filers required to submit Form ID must submit the
amended Form ID through the dashboard on the new EDGAR Filer Management
website.\204\
---------------------------------------------------------------------------
\204\ Existing filers may need to submit a new Form ID in the
following situations: (i) the filer is a broker-dealer or ``paper
filer'' seeking electronic access for the first time in order to
file electronically on EDGAR; (ii) the filer lost electronic access
to its existing CIK account; or (iii) the applicant is a legal
successor of the filer named on the existing CIK account but did not
receive access from that filer.
---------------------------------------------------------------------------
[ssquf] If Commission staff grant the amended Form ID application,
the filer will be in compliance with the EDGAR Next changes, and thus
will not be required to subsequently enroll on the dashboard.
[cir] Enrollment for EDGAR Next will begin.
[cir] All APIs provided in the Adopting Beta will go live and be
available to filers enrolled in EDGAR Next and filers whose amended
Form ID applications have been granted by Commission staff.
[cir] Filers will make submissions on the legacy EDGAR filing
websites using the current EDGAR process until September 12, 2025.
[cir] ABSCOMP submissions will be made through the dashboard, as
opposed to through the ``Retrieve/Edit Data'' section of the EDGAR
Filing website as is currently the case. Because new serial companies
requested to be created via the ABSCOMP process will automatically
inherit all dashboard information (e.g., contact information, account
administrators, users, technical administrators, and delegations)
associated with the ABS issuing entity that made the ABSCOMP
submission, an ABS issuing entity will need to enroll in EDGAR Next to
populate its information in the dashboard before making an ABSCOMP
submission. Existing serial companies can be enrolled in EDGAR Next at
any time up until the compliance date just as any other filer, since
their enrollment will not affect the ability of the ABS issuing entity
to make an ABSCOMP submission.
[cir] The Adopting Beta will continue to be available and will be
updated to reflect new versions of the EDGAR filing websites to enable
filers to prepare for compliance with EDGAR Next on September 15, 2025,
as discussed further below.
September 15, 2025--Compliance with all EDGAR Next rule and form
amendments required; enrollment continues
[[Page 106200]]
[cir] Access to all EDGAR websites--EDGAR Online Forms, EDGAR
Filing, and EDGAR Filer Management--will require Login.gov individual
account credentials.
[cir] Filers must comply with all requirements of Rule 10 and the
EDGAR Filer Manual to make submissions on EDGAR.
[cir] The Adopting Beta will continue to be available until at
least December 19, 2025.
[cir] Because individual account credentials will be required to
access all EDGAR websites, legacy EDGAR access codes (password,
passphrase, and PMAC) will no longer be used to access EDGAR. (Filers
who seek to enroll between September 15, 2025 and December 19, 2025,
however, must enter a CCC and a passphrase to do so, therefore, the
ability to reset the CCC and the passphrase will remain available.).
[cir] Filers may continue to enroll after the compliance date,
until December 19, 2025.
December 19, 2025--Enrollment ends
[cir] Enrollment ends on December 19, 2025.
December 22, 2025--Application on amended Form ID required for all
existing and prospective filers seeking access to EDGAR
[cir] Existing filers that have not enrolled or otherwise no longer
have access and all prospective filers must apply for access to EDGAR
on amended Form ID on the dashboard beginning December 22, 2025.
1. Enrollment Process
Existing filers will enroll in EDGAR Next through the dashboard on
the new EDGAR Filer Management website and will not be required to
submit a Form ID. The enrollment section of the dashboard will provide
two options: (i) manual enrollment of single EDGAR accounts on an
account-by-account basis; and (ii) enrollment of multiple accounts
simultaneously. In addition, as discussed in section II.E.1.b.v, an
enrollment API will be provided to help streamline the enrollment
process. Although the enrollment API will be available to all filers,
we expect it will generally be used by filing agents, service
providers, or corporate affiliates that will manually enroll themselves
earlier in the transition period and then connect to the enrollment API
to enroll their clients and affiliated entities.
Two commenters appeared to suggest that enrollment should occur
automatically without filer involvement, so that filing agents would be
automatically authorized as account administrators and delegated
entities for any CIK for which the filing agent had previously made a
submission.\205\ We decline to adopt the commenters' suggestion. To
enroll, an individual authorized by the filer to perform enrollment on
its behalf must enter the file's CIK, CCC and passphrase, as well as
information about the individuals being authorized as account
administrators.\206\ The entry of account administrator information
during enrollment represents the filer's affirmative authorization of
account administrators, who play a key role in the EDGAR Next framework
as the individuals who manage the filer's account. Further, if the
filer determined to authorize individuals employed at the filer or at a
different filing agent as its account administrators due to business
needs, personal preference, or whatever other reason, a process of
affirmative enrollment ensures that the filer indeed intends to
authorize those individuals to manage its account.
---------------------------------------------------------------------------
\205\ See DFIN II Comment Letter (``We believe that, in
connection with the final rule, the SEC should create a new role,
`Trusted Filer'. . . . By grandfathering in existing Filing Agents
and their filing activity, this would establish a baseline of
existing EDGAR filers.''); ICI Comment Letter (``Grandfathering
existing filing agents and their filing activity would establish a
baseline of existing EDGAR filers.'').
\206\ Individual and single-member company filers do not need to
themselves enroll in EDGAR Next, although they may do so if they
choose. As with other filers, individual or single-member company
filers may authorize a representative to enroll them, so long as
they provide that representative with the necessary codes and
account administrator information. The representative authorized to
enroll the filer need not be an ``authorized individual'' as that
term is defined in amended Rule 11 and Volume I of the EDGAR Filer
Manual.
---------------------------------------------------------------------------
a. Preparing for Enrollment--Individual Account Credentials
Individuals may obtain individual account credentials from
Login.gov in advance of enrollment. Individuals with existing Login.gov
credentials based upon a personal email address may create separate
Login.gov credentials for EDGAR based upon a different email address
that they will use in connection with EDGAR.\207\
---------------------------------------------------------------------------
\207\ See supra text accompanying note 36.
---------------------------------------------------------------------------
As a result, when enrollment begins, filers will be able to
immediately enroll any individuals who have obtained individual account
credentials.
b. Manual Enrollment for a Single EDGAR Account
As a preliminary matter, each filer will be required to authorize
at least two individuals to manage the filer's EDGAR account as account
administrators, with the exception of individuals and single-member
companies, which will be required to authorize at least one account
administrator. On behalf of each filer, an individual authorized to
enroll the filer will enter her individual account credentials to log
into the dashboard to enroll. That individual will manually enter the
filer's CIK, CCC, and EDGAR passphrase,\208\ to confirm to EDGAR that
the individual is authorized by the filer. If EDGAR authenticates that
data, the individual authorized to enroll the filer will proceed to
enter account administrator names, contact information, and the email
addresses each individual used to obtain Login.gov individual account
credentials. By entering that information, the filer will indicate its
authorization of the listed individuals as the filer's account
administrators, as well as the accuracy of the information provided.
---------------------------------------------------------------------------
\208\ Filers that have lost or forgotten their CCC will be able
to reset it by providing their CIK and passphrase and using the
``Generate New EDGAR Access Codes'' option in the Filer Management
website until March 21, 2025. Similarly, filers that have lost or
forgotten their passphrase will be able to reset it by selecting the
``Update Passphrase'' option on the EDGAR Filer Management website
to send a security token to the email associated with the account
until March 21, 2025, and, until that date, if the POC email address
is not current, filers can first submit a COUPDAT to update the
email address associated with the account. Filers that have lost or
forgotten their passphrase, no longer have access to the email
associated with the account, and cannot submit a COUPDAT through the
``Retrieve/Edit Data'' section of the EDGAR Filing website to update
the email associated with the account, must reapply for EDGAR access
on Form ID. We encourage filers that have lost or forgotten their
access codes to reset their credentials on or before March 21, 2025,
to avoid delay in enrollment. The current ``Generate New EDGAR
Access Codes'' and ``Update Passphrase'' options will no longer be
available on the EDGAR Filer Management website after that website
is updated on March 24, 2025. From March 24, 2025 through December
19, 2025, filers will be able to update their passphrase on the
dashboard by selecting ``Enroll in EDGAR Next,'' following the
prompts to request a passphrase reset token and resetting the
passphrase. The email address associated with the account must be
current to use the dashboard passphrase reset process, and filers
would similarly need to update the email address in EDGAR before
using this process should the email address on file be inaccessible.
The ability to reset the CCC will also be provided to filers during
this time.
---------------------------------------------------------------------------
Commenters generally agreed that CIK, CCC, and EDGAR passphrase
would be sufficient to authenticate filers for transition purposes, but
noted that filing agents typically do not retain filers' passphrases
and expressed concerns regarding burdens associated with obtaining
filers' passphrases.\209\
[[Page 106201]]
While we acknowledge that many filing agents do not know the
passphrases of their filers and some filers have forgotten and may need
to reset their passphrases, we believe that provision of the filer's
passphrase is critical to authenticating a filer and confirming the
filer's intent to enroll. Filers that have lost or forgotten their
passphrase may automatically reset their passphrase by requesting a
security token be sent to their POC email address on record in EDGAR,
consistent with current practice. Filers that have lost or forgotten
their passphrase and that no longer have access to the POC email
associated with the account should update their POC email address on
record by making a COUPDAT submission via the ``Retrieve/Edit Data''
section of the EDGAR Filing website. The staff will provide filers
step-by-step instructions on the EDGAR Next page on SEC.gov when the
Adopting Beta opens regarding how to automatically reset their
passphrase, as well as how to update their POC email address on record.
We anticipate that filers following these instructions should be able
to reset their passphrase relatively quickly.\210\
---------------------------------------------------------------------------
\209\ See, e.g., DFIN Comment Letter (``We think those
credentials are sufficient. However, Filing Agents do not typically
ask for or retain the passphrases. Unless the EDGAR contact in the
company information is able to use the security token process to
obtain a new passphrase, the manual process of obtaining a new
passphrase is time consuming.''); Workiva Comment Letter
(``Passphrases are used to reset accounts, and they are likely
infrequently used. Many administrators and individual reporting
owners may not know the passphrase or how to obtain it . . . If the
passphrase must be required, the Commission may want to consider a
process for inactive entities to refresh their passphrase.'').
\210\ If a filer cannot reset its passphrase by following this
guidance, it may submit a manual passphrase update request. To do
so, an authorized individual of the filer must submit a signed and
notarized document to Commission staff that includes an explanation
of why the request is being made, the CIK of the EDGAR account to
which access is sought, the filer name on the account, and the
contact information of the requesting entity purporting to have
current control over the filer associated with the account.
Commission staff may request the applicant to submit additional
documents for staff review. Filers submitting manual passphrase
update requests should expect that Commission staff may need a
substantial amount of time to review their requests, especially if a
large volume of requests is received. As discussed above, the manual
passphrase update option available via ``Update Passphrase'' will no
longer be available on the EDGAR Filer Management website after that
website is updated on March 24, 2025. Instead, from March 24, 2025
through December 19, 2025, filers will be able to update their
passphrase on the dashboard. See supra note 208.
---------------------------------------------------------------------------
We requested comment on whether a filer's CCC should be
automatically reset as a security measure following enrollment.
Commenters generally opposed this measure on the grounds that it would
impose burdens on filers to communicate the updated CCC to those that
should have access and could impose burdens and risks to the filing
process.\211\ Separately, one commenter stated that if the Commission
decides to change a filer's CCC after enrollment then similar
precautions should also be taken regarding the passphrase.\212\
Although we are sensitive to the concerns raised by commenters that
resetting the filer's CCC after enrollment could be burdensome, we
balance those concerns with our efforts to protect the security of
EDGAR. Just as with someone's personal password, security is improved
by frequently changing access codes. Changing the CCC is particularly
important in the context of enrollment because the code could be shared
insecurely when preparing to enroll. Further, for filers that have not
reset their CCC for some period of time, changing the CCC upon
enrollment represents a clean start, and assures that someone who
possesses the legacy CCC but is not authorized by the filer at or after
enrollment could not continue to make submissions for the filer from
March 24, 2025 to September 12, 2025, when legacy filing codes will
continue to be used to make web-based submissions. Moreover, the
presence of the CCC on the dashboard after it is reset will ensure that
it is available for all individuals that the filer is currently
authorizing to take action on its account. Accordingly, following a
filer's enrollment in EDGAR Next, the filer's CCC will be automatically
reset. To minimize burdens associated with communicating the new CCC to
relevant individuals, however, the new CCC will appear on the dashboard
for all individuals with the ability to make submissions on the filer's
behalf (i.e., account administrators, users, delegated administrators,
and delegated users). In addition, APIs will be offered to view filer
account information, including CCC, and verify filing credentials,
including CCC. Collectively, these APIs should minimize burdens
associated with notifying relevant individuals regarding changes to a
filer's CCC, both in the enrollment context and as a general
matter.\213\
---------------------------------------------------------------------------
\211\ See, e.g., Workiva Comment Letter (``A sweeping change of
CCCs should especially be avoided as it could pose a significant
burden and risks to the filing process. Filers concerned about the
CCC could choose to change it themselves. A filer led approach puts
the security responsibility and control in the filer's hand to
ensure the CCC update happens at a time that does not put their
immediate filings at risk.''); Toppan Merrill Comment Letter (``It
would be unnecessary to reset the CCC upon enrollment. If bulk
enrollment is utilized it would most likely be completed by an
entity [. . .] that already has access to the filer's CCC. It would
be burdensome for the filer if the CCC is automatically changed as
they would need to communicate the updated CCC to those that should
have access.''); ICI Comment Letter (``Bulk enrollment should be
permitted without reset CCCs upon re-enrollment.'').
\212\ See DFIN Comment Letter (``We agree that notification of a
completed enrollment should be provided to all account
administrators.'').
\213\ See supra section II.E.1.b.i (discussing the filing
credentials verification API) and section II.E.1.b.iv (discussing
the view filer account information API).
---------------------------------------------------------------------------
Separately, on the compliance date of September 15, 2025, legacy
EDGAR access codes will be deactivated, including the passphrase,
password and PMAC, because the filer will no longer have any need for
these codes. For example, the passphrase is used to authenticate the
generation of access codes such as CCC and password, but after
enrollment, use of the passphrase and password will be discontinued,
and filers will generate the CCC on the dashboard. The EDGAR Next
framework of individual account credentials, account administrator
dashboard invitation, and CCC will supplant these codes.
Successful enrollment will result in notifications being provided
to all newly authorized account administrators, as recommended by a
commenter.\214\ These notifications will be sent both by email and
through the dashboard, consistent with all other notifications to
individuals who are authorized on the dashboard. One commenter
suggested that the existing EDGAR POC should also be notified in the
event of a successful enrollment.\215\ Another commenter noted that
currently no notification is provided to the previous EDGAR POC when
the contact email address is updated, and asserted that such a
notification would be redundant to the extent it would be going to the
same person who enrolled the filer and who listed herself as the
filer's account administrator.\216\ After considering these comments,
EDGAR will be enhanced to notify the existing EDGAR POC in the event of
a successful enrollment. Although in some cases this will result in
redundant notifications (if the existing EDGAR POC is one of the new
account administrators being authorized during enrollment), sending
uniform notifications to all existing
[[Page 106202]]
EDGAR POCs will provide clarity to filers.
---------------------------------------------------------------------------
\214\ See DFIN Comment Letter (``We agree that notification of a
completed enrollment should be provided to all account
administrators.'').
\215\ See Workiva Comment Letter (``We support auto-notification
to the POC about the enrollment if the POC is not also enrolled as
an administrator . . .'').
\216\ See Toppan Merrill Comment Letter (``Currently, there is
no alert to the previous/existing EDGAR Contact when the EDGAR
Contact email address is updated. We do not believe it is necessary
to alert the current EDGAR POC during the transition to EDGAR Next.
It is possible that many of the EDGAR POCs will have been recently
updated to reset the passphrase as part of the EDGAR Next
transition. Therefore, this alert would go to the person who
completed the EDGAR Next transition and may be redundant.'').
---------------------------------------------------------------------------
We will not require the existing EDGAR POC to consent to the
filer's enrollment. As mentioned by one commenter, the filer's EDGAR
POC on record may not be current, and missing or outdated EDGAR POCs
could cause confusion and delays in the enrollment process.\217\
Separately, we believe that requiring CIK, CCC, and passphrase will be
sufficient to authenticate filers for transition purposes, as discussed
above and as supported by commenters.\218\
---------------------------------------------------------------------------
\217\ See Workiva Comment Letter (``We believe that confirmation
from the current POC should not be required. When a POC was set up a
long time ago, there may have been turnover, and the contact
information may not be up to date even with an email on file. The
administrators also may not know who their POCs are. POC
confirmation should not be required because this is a mandatory
transition and missing or outdated POC could be a prohibiting factor
and a serious risk of chaos for the enrollment process.'').
\218\ See supra note 209 and accompanying text.
---------------------------------------------------------------------------
Each EDGAR account will enroll once. If there is an attempt to
enroll an EDGAR account that is already enrolled, the subsequent
attempted enrollment will be denied. An individual filer who makes
submissions related to multiple companies (e.g., the CEO of one company
who is also on the board of directors of other companies) may have more
than one filing agent and/or representative at such companies who have
access to her CIK, CCC, and EDGAR passphrase. Accordingly, an
individual filer should authorize one representative to enroll her
EDGAR account and determine whom she will authorize as her initial
account administrator(s) during enrollment. After enrollment, the
authorized account administrator(s) would communicate with the filer's
other filing agents and/or company representatives and add such other
filing agents and/or company representatives to the filer's account as
account administrators, users, or delegated entities through the
dashboard. Any individuals to be authorized on the filer's account will
be required to possess individual account credentials.
c. Bulk Enrollment of Multiple EDGAR Accounts
Simultaneous bulk enrollment of multiple EDGAR accounts, together
with those filers' account administrators, will be available. This
process should prove efficient and time saving for filing agents, as
well as individuals and entities that control multiple EDGAR accounts,
such as serial companies created by ABS issuing entities or investment
companies under the control of a single investment adviser.
To begin bulk enrollment, an individual authorized to enroll the
relevant filer accounts will log in to an enrollment page on EDGAR with
his individual account credentials. The individual will complete and
upload a spreadsheet accommodating multiple rows of data, with each row
pertaining to a single filer. The individual will enter data for each
filer on each row, including CIK, CCC, and EDGAR passphrase to ensure
that enrollment is being performed by a properly authenticated
individual. In addition, the individual will enter on each row
information regarding the filer's prospective account administrators,
including names, contact information, and the email addresses
associated with the individual account credentials of the account
administrators, to indicate that the filer authorizes those account
administrators to manage its EDGAR account. The bulk enrollment process
will allow a filer to list two account administrators. Although all
filers are encouraged to list two account administrators for bulk
enrollment purposes, single-member companies and individuals who self-
identify as such will be permitted to list only one account
administrator. There will be a limit of 100 filers (100 rows) per bulk
enrollment. Commenters generally supported the bulk enrollment option
as contemplated in the Proposing Release, including the limitation of
100 filers per spreadsheet, although one commenter suggested that the
limit per spreadsheet be increased to 500 filers.\219\ There will be a
limit of 100 rows per spreadsheet as it appears that number is
sufficient for most filers. Filers that wish to submit bulk enrollment
requests on behalf of more than 100 CIKs may engage in multiple,
separate bulk enrollments.
---------------------------------------------------------------------------
\219\ See Toppan Merrill Comment Letter (``Yes, bulk enrollment
should be permitted as planned.''); DFIN Comment Letter (``We agree
that the limitation of 100 is acceptable for bulk enrollment.'');
ICI Comment Letter (``Bulk enrollment should be permitted. . ..'');
XBRL II Comment Letter (``We agree with the proposed approach to
allow bulk enrollment of multiple EDGAR accounts. We recommend that
the CSV limit be increased to 500, from the proposed limit of
100.'').
---------------------------------------------------------------------------
As discussed above, each successful enrollment will result in
notifications to all newly authorized account administrators, as
recommended by a commenter.\220\ In addition, EDGAR will be enhanced to
notify the existing EDGAR POC in the event of a successful
notification.\221\ Following a filer's enrollment in EDGAR Next, EDGAR
will automatically reset the filer's CCC and deactivate the filer's
passphrase for security reasons.\222\ Also as discussed above,
enrollment will only occur once per EDGAR account, and each filer
should carefully coordinate with its staff and other representatives to
determine the person to be authorized to enroll the filer and the
persons to be authorized as account administrators during the
enrollment. Authorized account administrators may thereafter manage the
account (e.g., adding additional account administrators, users and
technical administrators) on the dashboard.
---------------------------------------------------------------------------
\220\ See supra note 214 and accompanying and following text.
\221\ See supra note 215 and accompanying and following text.
\222\ See supra note 211 and accompanying and following text.
---------------------------------------------------------------------------
2. Compliance
Compliance with the final amendments and transition to EDGAR Next
will be required on September 15, 2025, 12 months after the issuance of
this adopting release. Filers may begin to enroll on March 24, 2025,
six months prior to the compliance date. Filers will be able to enroll
until December 19, 2025, three months after the compliance date.
Commenters requested varied periods of time to prepare, enroll and
transition to EDGAR Next. One commenter recommended a transition period
of 12 months.\223\ The commenter requested three months prior to the
enrollment period within which to prepare for enrollment, noting that
filers need to do more than enrolling to complete transition, including
but not limited to creating and modifying software and processes,
studying the rule, and providing information and instructions to
filers.\224\ The commenter further stated that according to its
customer survey a majority of respondents indicated that six months
would be an
[[Page 106203]]
adequate amount of time to enroll provided that it occurred after
annual filing season.\225\ A second commenter requested a minimum of
nine months to transition to EDGAR Next, and indicated that filers
would need six months to enroll if they were afforded six months after
adoption to prepare for enrollment.\226\ A third commenter recommended
a 12-month transition period for filers to enroll. \227\ A fourth
commenter agreed with a 12-month transition period for filers to
enroll, but requested an additional six months for section 16 filers to
enroll.\228\ A fifth commenter recommended a minimum of nine months for
implementation, and suggested that it would require adequate time in
advance of enrollment to establish processes and procedures for EDGAR
Next.\229\
---------------------------------------------------------------------------
\223\ See Workiva Comment Letter (``Moreover, we recommend
extending the transition period to twelve months to allow time for
process and system changes.'').
\224\ See Workiva Comment Letter (``With the above
considerations, we suggest three months from final rule adoption to
start enrollment instead of one month.'') (``However, we strongly
believe that six months is not adequate for the full transition.
Filers need to do more than enrolling to completely transition. They
have to modify their processes based on the new EDGAR Next
requirements and the filing software that they use. Likewise, filing
agents and software providers do not only have to enroll their own
users and ensure all delegations are properly set up (which again
could be in the tens of thousands), they also need to learn about
the final rule, provide information and instructions to their
filers, do software development, roll out changes to their filers,
potentially with a beta process of their own.'').
\225\ See Workiva Comment Letter (``Based on the enrollment
activities described in the proposed rule, we believe that six
months is adequate to enroll. According to our customer survey, over
53% of respondents indicated that six months work fine, provided
that it is after the annual filing season.'').
\226\ See DFIN II Comment Letter (``DFIN is reinforcing our
responses to Question 59 [of DFIN I Comment Letter], a nine-month
enrollment period, as numerous registrants are not participating in
the Beta.'') and DFIN I Comment Letter (``If filers are allowed six
months after the proposed rule goes final and before enrollment, we
agree that the compliance timeline is sufficient. If the six-month
period before enrollment is not met, we suggest a nine-month
enrollment period.'').
\227\ XBRL II Comment Letter (``We recommend a 12-month
transition period for filers to enroll their EDGAR accounts into
EDGAR Next.'').
\228\ See SCG Comment Letter (requesting a 12-month enrollment
period, with an additional six months for section 16 filers to
transition).
\229\ See ICI Comment Letter (``ICI recommends a minimum of nine
months for implementation given the complexity and number of Fund
filings. The outreach and coordination necessary for Funds to
appropriately delegate filing authority to their filing agents makes
an extended transition period for bulk EDGAR filers vital. The
proposed transition period would give these bulk filers only one
month to establish processes and procedures for using EDGAR
Next.'').
---------------------------------------------------------------------------
We have considered these comments and noted that several commenters
expressed a need for adequate time after adoption to prepare for
enrollment.\230\ As a result, we determined to significantly extend the
time for filers to prepare for enrollment from one month as proposed to
six months as adopted, which aligns with the recommendation of those
commenters.\231\ During this time, the beta environment will be
available to filers to test the EDGAR Next changes, prepare their
systems and develop any necessary software. In addition, filers will be
able to ensure they have all the information needed to enroll, such as
their CIK, CCC, and passphrase (and will have time to reset their
passphrase if necessary). Filers will have time to determine whom they
will authorize as account administrators and make arrangements with
potential delegated entities and individuals, as well as to execute
relevant notarized powers of attorney if needed. Filing agents will
have an opportunity to communicate with their current client filers
about enrollment. Section 16 filers may determine how they wish to
authorize management of their EDGAR account. Filers may further test
the enrollment process in the beta environment and be fully prepared to
enroll at the end of the six-month preparation period.
---------------------------------------------------------------------------
\230\ See DFIN II Comment Letter; Workiva Comment Letter; ICI
Comment Letter.
\231\ See DFIN II Comment Letter; Workiva Comment Letter; ICI
Comment Letter.
---------------------------------------------------------------------------
We believe that the 12-month transition process, including a six-
month preparation period and a six-month enrollment period, that we are
providing is consistent with commenters' recommendations. As noted
above, filers will have six months to conduct preparations and testing
prior to the beginning of enrollment. When enrollment commences,
individuals whom filers have authorized to perform enrollment should be
prepared to log into the new dashboard with individual account
credentials they have obtained from Login.gov and to enter filers' CIK,
CCC, and passphrase, as well as information to authorize account
administrators to enroll on the dashboard. Filers will have six months
within which to enroll prior to the compliance date. Once enrolled,
account administrators can delegate authority to file and otherwise set
up filers' accounts on the dashboard. Once authorized by account
administrators, technical administrators can generate filer API tokens
for filers connecting to APIs, and filers can begin to connect to those
APIs to make submissions and otherwise communicate with EDGAR.
One commenter requested an additional six months for section 16
filers to transition to EDGAR Next.\232\ We believe that the additional
three months after the compliance date for enrollment that we are
offering should assist periodic filers, such as section 16 filers, to
enroll in EDGAR Next and meet their filing obligations if they do not
enroll prior to the compliance date. Further, we believe that the
transition period affords sufficient time for section 16 and other
filers to prepare for EDGAR Next and enroll prior to the compliance
date. The staff plans to provide information to section 16 filers
through the EDGAR Next page on SEC.gov and other communications.
---------------------------------------------------------------------------
\232\ See SCG Comment Letter (requesting an additional six
months for section 16 filers to transition).
---------------------------------------------------------------------------
A bulk enrollment option will allow enrollment of multiple filers
simultaneously. In addition, as discussed above, an enrollment API will
be available to streamline enrollment. As soon as filers enroll in
EDGAR Next, they will be able to connect to all available APIs. We
believe that filers will be incentivized to enroll by the availability
of APIs upon enrollment, and they will have had time to develop
connections and test those APIs. The Adopting Beta will be available
throughout the transition period until at least December 19, 2025. We
believe the transition period will provide sufficient time for filers
to prepare and enroll in EDGAR Next, while maintaining security and
efficiency for filers and EDGAR operation.\233\
---------------------------------------------------------------------------
\233\ Of 208,000 active EDGAR accounts (those in which a filing
has been made in the past two years), approximately 140,000
represent entity filers and approximately 68,000 represent
individual filers. In total, regardless of account activity, there
are approximately 1,000,000 filer accounts in EDGAR, however, we
believe that most of the approximately 800,000 inactive EDGAR filer
accounts are defunct and therefore would not transition to EDGAR
Next.
---------------------------------------------------------------------------
To assist filers in their transition to EDGAR Next, Commission
staff will begin public outreach immediately after the issuance of this
release. Staff will publicize the transition to EDGAR Next and link to
additional information in announcements and email distributions, SEC
social media, and the homepage of SEC.gov. Commission staff also will
provide multiple resources on a dedicated EDGAR Next web page to assist
with the transition, including but not limited to, written step-by-step
guidance for testing a range of functionality in the Adopting Beta
environment and information about staff webinars and API technical help
sessions for the public. On the SEC YouTube channel, staff will post
videos to walk filers through various aspects of the EDGAR Next
changes. To assist filers with any issues that may arise, Commission
staff will provide dedicated telephone support and an email help desk_
[email protected] well as an online form (available in the
Adopting Beta) to report technical bugs.
III. Other Matters
If any of the provisions of these rules, or the application thereof
to any person or circumstance, is held to be invalid, such invalidity
shall not affect other provisions or application of such provisions to
other persons or circumstances that can be given effect without the
invalid provision or application.
[[Page 106204]]
Pursuant to the Congressional Review Act, the Office of Information
and Regulatory Affairs has designated these rules as a ``major rule,''
as defined by 5 U.S.C. 804(2).
IV. Economic Analysis
Individuals and entities submit filings electronically with the
Commission through EDGAR in order to comply with various provisions of
the Federal securities laws. While EDGAR has provided an effective
means for individuals and entities to satisfy their electronic filing
obligations, there are limitations to the current system. EDGAR does
not currently track a filing to the specific individual who made it.
EDGAR access is currently governed by a complex combination of several
codes with differing functions.\234\ In addition, the Commission is
aware that some filers may have failed to maintain secure access to
their EDGAR accounts.\235\
---------------------------------------------------------------------------
\234\ See EDGAR Filer Manual, Volume I, at section 4. For a
discussion of the functions of these access codes, please see the
``Understand and utilize EDGAR CIKs, passphrases, and access codes''
section of the ``EDGAR--How Do I'' FAQs, at https://www.sec.gov/edgar/filer-information/how-do-i.
\235\ See EDGAR Filer Management, available at https://www.filermanagement.edgarfiling.sec.gov; EDGAR Filing, available at
https://www.edgarfiling.sec.gov/Welcome/EDGARLogin.htm; and EDGAR
Online Forms, available at https://www.edgarfiling.sec.gov/Welcome/EDGAROnlineFormsLogin.htm.
---------------------------------------------------------------------------
EDGAR Next will improve the ability of filers to securely manage
and maintain access to their EDGAR accounts and simplify procedures for
accessing EDGAR by modernizing the mechanism by which filers and
individuals they authorize act on filers' behalf on EDGAR and
streamlining the management of filers' accounts in EDGAR. Various
technical features and optional APIs will also be integrated into EDGAR
to facilitate communication with EDGAR, thus enhancing filing
efficiency and providing automation for filers that wish to connect to
the optional APIs. EDGAR Next will benefit both filers and the
Commission by simplifying procedures for accessing EDGAR and
identifying the specific individuals submitting filings, thereby
facilitating the responsible management of filer credentials and
enhancing the security of EDGAR. Enhancing the security of EDGAR will
better protect against unauthorized access to the system, thereby
decreasing the likelihood of unauthorized filings that might result in
economic costs for the public, filers, and the Commission.
The discussion below addresses the potential benefits and costs
that may result from the final rule and form amendments the Commission
is adopting in this release, and certain related technical changes, as
well as the likely effects of EDGAR Next on efficiency, competition,
and capital formation.\236\ We also discuss the potential economic
effects of certain alternatives to the approaches taken in this
release. Where possible, we have attempted to quantify the benefits,
costs, and effects on efficiency, competition, and capital formation
expected to result from the final amendments. In many cases, however,
the Commission is unable to quantify certain economic effects because
it lacks the information necessary to provide estimates or ranges. In
those circumstances where we do not have the requisite data to assess
the quantitative impact of the EDGAR Next changes, we have analyzed
their economic impact qualitatively.
---------------------------------------------------------------------------
\236\ Section 2(b) of the Securities Act (15 U.S.C. 77b(b)),
section 3(f) of the Exchange Act (17 U.S.C. 78c(f)) and section 2(c)
of the Investment Company Act (15 U.S.C. 80a-2(c)) require the
Commission, when engaging in rulemaking where it is required to
consider or determine whether an action is necessary or appropriate
in (or, with respect to the Investment Company Act, consistent with)
the public interest, to consider, in addition to the protection of
investors, whether the action will promote efficiency, competition,
and capital formation. Further, section 23(a)(2) of the Exchange Act
(17 U.S.C. 78w(a)(2)) requires the Commission, when making rules
under the Exchange Act, to consider the impact that the rules will
have on competition, and prohibits the Commission from adopting any
rule that would impose a burden on competition not necessary or
appropriate in furtherance of the purposes of the Exchange Act. The
technological changes contemplated by EDGAR Next will work together
with the final rule and form amendments to enhance EDGAR access
requirements. Because it is difficult to isolate the economic
effects associated with the technological changes from those
attributable solely to the final rule and form amendments, for
purposes of this economic analysis, we have considered these effects
collectively.
---------------------------------------------------------------------------
A. Baseline
Our baseline includes the current requirements to obtain access to
and file on the Commission's EDGAR system, as well as the account
management practices as they exist today. The main parties directly
affected by EDGAR Next are current and prospective filers as well as
relevant individuals or entities acting on the filers' behalf. Filers
are individuals or entities (e.g., public operating companies,
investment companies, broker-dealers, transfer agents, and other
institutions that have filing obligations with the Commission) that
make a submission electronically through EDGAR. For example, beneficial
ownership reporting filers (such as individual filers who are officers
and/or directors with reporting obligations under section 16 of the
Exchange Act) routinely rely upon the companies for which they serve to
make filings on their behalf on EDGAR.\237\ Other filers may make
filings on behalf of affiliated or related entities, such as investment
companies on behalf of other companies in their fund family or asset-
backed securities issuers on behalf of the serial companies they
create. In 2023, the Commission received approximately 73,600 Form ID
submissions.\238\ From 2018 to 2023, an average of approximately 63,984
Form IDs were submitted per year to the Commission.\239\
---------------------------------------------------------------------------
\237\ See 15 U.S.C. 78p.
\238\ This number includes 63,676 applications from prospective
filers without CIKs, 9,602 applications from filers that had lost
EDGAR access and were seeking to regain access to EDGAR (currently
submitted as passphrase updates, but pursuant to EDGAR Next will be
submitted on Form ID), and 322 applications from filers with CIKs
who had not yet filed electronically on EDGAR.
\239\ Similarly, this number includes applications from
prospective filers without CIKs, applications from filers that had
lost EDGAR access and were seeking to regain access to EDGAR
(currently submitted as passphrase updates, but pursuant to EDGAR
Next will be submitted on Form ID), and applications from filers
with CIKs who had not yet filed electronically on EDGAR.
---------------------------------------------------------------------------
Individuals and entities that seek to file on EDGAR must apply for
access in accordance with Rule 10 of Regulation S-T by completing the
Form ID application online. Applicants must then print a copy of the
completed form. An authorized individual, as defined in the EDGAR Filer
Manual, Volume I, must sign the completed form, and this signature must
be notarized, pursuant to the EDGAR Filer Manual, Volume I. Filers have
the flexibility to obtain notarization of the authorized individual's
signature on Form ID through manual, electronic, or remote online
notarization in accord with Volume I of the EDGAR Filer Manual and Rule
10 of Regulation S-T.\240\ The signed, notarized copy of the completed
Form ID is the Form ID authenticating document, and the applicant must
upload that document for Commission staff review.\241\ Form ID
currently collects information including but not limited to the
applicant's contact information and EDGAR POC. If the application is
granted by Commission staff, the filer receives a unique CIK, and the
EDGAR POC generates access codes, including but not limited to a
password and a CCC, by using its CIK and passphrase. These codes allow
the filer to make submissions on its EDGAR account. The current co-
registrant filing process does not require the
[[Page 106205]]
presentation of a password for all entities.
---------------------------------------------------------------------------
\240\ See supra note 12.
\241\ See Regulation S-T, Rule 10; EDGAR Filer Manual, Volume I.
---------------------------------------------------------------------------
If a filer loses or must update its passphrase, it can request that
a security token be sent to the POC email address on record with EDGAR.
If necessary, the filer can first update the POC email address to
ensure it receives the security token. If, for some reason, a filer is
unable to update its passphrase via a security token, a manual
passphrase update request must be submitted.\242\ In conjunction with a
manual passphrase update request, the authorized individual must submit
a signed and notarized document to Commission staff that includes an
explanation of why the request is being made, the CIK of the EDGAR
account to which access is sought, the filer name on the account, and
the contact information of the requesting entity purporting to have
current control over the filer associated with the account. Depending
upon the circumstances of the access request, additional documents may
need to be submitted to Commission staff for review. For example,
additional documents would need to be provided when the applicant
indicates it has assumed control of the entity on the EDGAR account so
that Commission staff can establish whether a legal transition from the
filer on the account to the applicant occurred.
---------------------------------------------------------------------------
\242\ See EDGAR Filer Manual, Volume I, at section 4(b).
---------------------------------------------------------------------------
EDGAR filers are subject to certain requirements set forth in the
EDGAR Filer Manual, according to which they must: (1) renew their EDGAR
password annually; (2) maintain accurate company information on EDGAR;
and (3) securely maintain EDGAR access codes.\243\ Filers can update
their POC information, including email address on file, by submitting a
COUPDAT via the Retrieve/Edit Company Submission Data tab on the EDGAR
filing website. Filers can similarly submit a SCUPDAT or ABSCOMP using
the Retrieve/Edit Company Submission Data tab. Filers can submit up to
100 ABS issuing entities in a single submission.\244\
---------------------------------------------------------------------------
\243\ See EDGAR Filer Manual, Volume I, at section 5 (``Filers
must maintain accurate company information on EDGAR, including but
not limited to a filer's current name, business mailing address, and
business email address.''); see also EDGAR Filer Manual, Volume I,
at section 4 (``Filers must securely maintain all EDGAR access codes
and limit the number of persons who possess the codes. EDGAR access
codes include the password, passphrase, CCC, and password
modification authorization code (PMAC).'').
\244\ See Staff Guidance for EDGAR Filing for Asset-Backed
Securities Issuers, available at https://www.sec.gov/divisions/corpfin/abs092418.pdf. This guidance represents the views of
Commission staff. It is not a rule, regulation, or statement of the
Commission. The Commission has neither approved nor disapproved its
content. Staff statements have no legal force or effect: they do not
alter or amend applicable law, and they create no new or additional
obligations for any person.
---------------------------------------------------------------------------
Currently, access to EDGAR does not incorporate individual account
credentials or multifactor authentication. Commission staff have no
systematic way to determine with whom the filer has shared EDGAR access
codes, or when the filer has revoked an individual's authorization to
file. Filers are responsible for safeguarding their access codes and
limiting the number of individuals who receive the codes.\245\ Certain
filers and filing agents currently devise their own internal systems to
track who possesses their EDGAR access codes. Because the Commission
does not collect the personal information of the specific individual
who makes the submission, nor does the Commission issue identifying
credentials to individuals acting on behalf of filers, it is currently
difficult for Commission staff to match filings to specific individuals
who made the filings.
---------------------------------------------------------------------------
\245\ See EDGAR Filer Manual, Volume I, at section 4 (``Filers
must securely maintain all EDGAR access codes and limit the number
of persons who possess the codes.'').
---------------------------------------------------------------------------
EDGAR receives a large volume of filings, typically more than
500,000 per calendar year, and has approximately 208,000 active filers,
of which approximately 140,000 represent entities and approximately
68,000 represent individuals.\246\ Filers make submissions on EDGAR
through one of three web-based user interfaces, depending on the type
of submission made.\247\
---------------------------------------------------------------------------
\246\ See supra note 233.
\247\ See EDGAR Filer Management website available at https://www.filermanagement.edgarfiling.sec.gov; EDGAR Filing website
available at https://www.edgarfiling.sec.gov/Welcome/EDGARLogin.htm;
and EDGAR Online Forms website available at https://www.edgarfiling.sec.gov/Welcome/EDGAROnlineFormsLogin.htm.
---------------------------------------------------------------------------
The majority of EDGAR filings are made by filing agents on behalf
of their client filers.\248\ Certain filing agents and filers use
proprietary custom software to interface with EDGAR to eliminate the
need for human web-based interaction with the EDGAR filing websites. To
create this custom software, these filing agents and filers extract
data from the EDGAR filing websites and then configure their custom
software to mimic a web-based interaction. This mode of interaction
with EDGAR requires frequent maintenance of the custom software;
however, since whenever EDGAR filing websites change their content or
structure, those changes impact the custom software. Although
Commission staff do not provide technical or other support for custom
software interaction with EDGAR, staff seeks to minimize filing
disruptions and strives to provide notice to filers prior to making
website changes. As a result, technical changes to the EDGAR system
(e.g., maintenance, updates, etc.) may be slowed by the fact that staff
is mindful of the downstream effect of such technical changes on the
custom software used by filing agents and filers.
---------------------------------------------------------------------------
\248\ See CompSci Resources Comment Letter (November 19, 2021);
Workiva Comment Letter (November 30, 2021).
---------------------------------------------------------------------------
B. Consideration of Benefits and Costs as Well as the Effects on
Efficiency, Competition, and Capital Formation
1. Benefits
EDGAR Next is designed to: provide a more secure framework for
filers to manage and maintain access to their EDGAR accounts;
facilitate the responsible management of filer credentials; and
simplify procedures for accessing EDGAR. We anticipate the main
economic benefits of the final amendments will be to enhance the
security of EDGAR by reducing the risks of unauthorized access to
filers' accounts and unauthorized filings. Reducing these risks will in
turn mitigate the adverse economic consequences, such as financial
harms, to filers and market participants that could result from
unauthorized access and filings. EDGAR Next will also streamline the
management of filer credentials and accounts, simplify procedures to
access EDGAR, and allow for a more automated filing process and
preparation. This may result in cost savings for some filers and
delegated filers and help enhance the Commission's regulatory oversight
through greater prevention and timely detection of unauthorized access
and filings. We discuss below the benefits of specific provisions of
EDGAR Next.
a. Form ID
As discussed in section II.F.3, Form ID as adopted, will include
changes to information required to be reported on the form as well as
technical changes. Individuals, companies, and other organizations that
seek access to file electronically on EDGAR, or to establish or re-
establish their electronic access to an existing account, will be
required to submit Form ID as amended.\249\ The
[[Page 106206]]
final amendments to Form ID will enhance the security of EDGAR and
benefit EDGAR users by providing additional identity assurances that
individuals taking actions on EDGAR on behalf of the filer are
authorized to do so, thus minimizing the risk of unauthorized access to
filers' EDGAR accounts. For instance, if the applicant authorizes a
prospective account administrator who is not employed by the applicant
or its affiliate, amended Form ID requires a notarized power of
attorney from the applicant to authorize the designated individual to
be its account administrator. In the case of certain applicants who
seek to re-establish access to an existing account, the amended Form ID
requires an applicant to upload to EDGAR the documents establishing the
applicant's authority over the account, consistent with current
requirements.\250\ The provision of more specific contact information
about the filer, the filer's account administrator(s), authorized
individual, and billing contact will allow Commission staff to reach
the filer's account administrators, authorized individual, and billing
contacts when necessary, which will benefit the filer and the
Commission by facilitating a swift resolution to potential issues that
may affect their accounts.
---------------------------------------------------------------------------
\249\ Applicants will, among other things: (1) designate on Form
ID specific individuals that the filer authorizes to take action on
its behalf as account administrator(s); (2) provide the applicant's
LEI, if any; (3) provide more specific contact information about the
filer and the filer's account administrator(s), authorized
individual, and billing contact; (4) specify whether the applicant,
its authorized individual, person signing a power of attorney,
account administrator, or billing contact has been criminally
convicted or civilly or administratively enjoined barred, suspended,
or banned in any capacity as a result of a Federal or State
securities law violation; (5) indicate whether the company seeking
access is in good standing with its State or country of
incorporation; and (6) require those seeking access to an existing
EDGAR account to upload documents establishing their authority over
the account.
\250\ The EDGAR Filer Manual will provide guidance regarding
what documents are sufficient to establish the applicant's
authority. See amended EDGAR Filer Manual, Volume I, at section 3.
---------------------------------------------------------------------------
b. Individual Account Credentials
As discussed in section II.B.1, paragraph (d)(1) of Rule 10 as
adopted, will require that all existing and prospective filers
authorize individuals on the dashboard to act on their behalf only if
those individuals have obtained individual account credentials. The
EDGAR Filer Manual, Volume I is being amended to specify that
individual account credentials be obtained through Login.gov, a U.S.
agency site that employs multifactor authentication. Paragraph (d)(1)
of Rule 10 as proposed and adopted will generally improve the security
of the EDGAR system by: eliminating the use of multiple EDGAR access
codes and the sharing of them with others in an unsecure manner outside
of the EDGAR system; associating a filing with the relevant individual
who submitted the filing (due to the person-specific nature of
individual account credentials); and providing an additional layer of
validation with multifactor authentication. Improving the security of
EDGAR will generally minimize the risk of unauthorized access to
filers' accounts as well as unauthorized filings, thereby also
minimizing any resulting adverse economic consequences, such as market
manipulation or financial harm to a company or its investors. For
instance, unauthorized filings can lead to the release of false
information about a public company, which could negatively impact its
investors, investors' trust in the company, and the company's access to
capital markets.
Some commenters agreed that the individual account credential
requirements will improve security, promote individual accountability,
and adhere to current best practices.\251\ Other commenters questioned
the benefit of paragraph (d)(1) of Rule 10, asserting that individual
account credentials could intentionally be shared with unauthorized
persons.\252\ The EDGAR Filer Manual is being amended to clarify that
individual account credentials may not be shared with other individuals
as individual account credentials are intended to identify the
individual taking action on EDGAR.\253\ To the extent that authorized
persons nonetheless inadvertently share their individual account
credentials, this could limit the benefits described above. Because we
anticipate that such instances will be rare, we believe that requiring
individual account credentials will meaningfully enhance the overall
security of the EDGAR system.
---------------------------------------------------------------------------
\251\ See supra note 31.
\252\ See, e.g., Workiva Comment Letter (stating that
individuals may share their individual account credentials among
various employees at the delegated entity); XBRL II Comment Letter
(noting that multifactor authentication is ``only required to
administer the Filer Management dashboard and obtain [] filer and
user tokens which could leave the system vulnerable to a malicious
entity'' that somehow obtained the filer's filer API token and user
API token from using those tokens for 30 days).
\253\ See amended EDGAR Filer Manual, Volume I, at section 3(a).
---------------------------------------------------------------------------
c. Account Administrators
As discussed in section II.B.1, amended paragraph (d)(2) of Rule 10
will require filers to authorize account administrators to act on the
filers' behalf to manage their accounts on the dashboard. The addition
of account administrators will help ensure that filers' accounts are
secure by preventing unauthorized access, thereby reducing the risk of
security incidents and the resulting financial harms. Account
administrators will be able to authorize, view, and de-authorize the
individuals and delegated entities on the dashboard as warranted.
Requiring filers to authorize account administrators will enhance
security and improve filer compliance with EDGAR Next requirements by
facilitating the prevention and timely detection of potential economic
harms resulting from unauthorized access. For example, account
administrators will oversee the filer's EDGAR account and can promptly
revoke access for users who are no longer authorized by the filer.
Moreover, by granting account administrators direct authority to
oversee the filer's account, account administrators can promptly
address user access problems and correct errors in a timely manner,
ensuring faster resolution of issues that may affect filers' accounts.
d. Final Amendments to Paragraphs (d)(4), (d)(5), and (d)(6) of Rule 10
and Rule 11
As discussed in section II, the final amendments to paragraphs
(d)(4), (d)(5), and (d)(6) of Rule 10 require the filer, through its
authorized account administrators: to annually confirm that all
individuals reflected on the dashboard for the filer's EDGAR account
are authorized by the filer and that all information regarding the
filer on the dashboard is accurate; to maintain accurate and current
information about the filer on EDGAR; and to securely maintain
information relevant to the ability to access the filer's EDGAR
account. The final amendments will assist the filer in tracking and
confirming those individuals and delegated entities authorized to act
on behalf of the filer and to remove those no longer authorized.
Confirming the accuracy of information about individuals authorized to
act on behalf of filers while safeguarding access to account-related
information will reduce the risk of unauthorized access to filers'
accounts and the potential for unauthorized filings, thereby enhancing
the security of EDGAR. Taking measures that help prevent unauthorized
access is inherently more efficient than remediating the consequences
of such events after they have occurred, which may include damage to
public confidence in the filings provided, with corresponding adverse
effects for markets.
[[Page 106207]]
The final amendments to Rule 11 of Regulation S-T will define new
terms related to EDGAR Next, update the definitions of certain existing
terms, and delete outdated terminology from certain definitions in Rule
11. Rule 11 also defines ``dashboard'' as an interactive function on
EDGAR where filers manage their EDGAR accounts and where individuals
that filers authorize may take relevant actions for filers' accounts.
These amendments should help facilitate compliance by filers and filing
agents with the EDGAR Next filing requirements.
The dedicated EDGAR dashboard will offer a range of benefits to
filers related to their obligations under paragraphs (d)(4), (d)(5) and
(d)(6) of Rule 10 in the form of: (1) simplified management of EDGAR
accounts because account administrators can manage the filer's account
through a number of functions on the dashboard; (2) streamlined
compliance because account administrators can utilize efficient account
management functions, including editing filer information and
performing the required annual confirmation on the dashboard; (3)
enhanced security by allowing account administrators to remove
individuals and entities no longer authorized to act on behalf of the
filer, and requiring individual account credentials and multifactor
authentication to access the dashboard; and (4) increased efficiency by
providing a secure and centralized way to manage the filer's EDGAR
account, reducing the risk of human error in managing account
information or compromised access codes.
Commission staff are aware that certain filers and filing agents
currently have internal systems that track which individuals possess
their EDGAR access codes. While the cost to these filers of
transitioning to the dashboard is expected to be the same as that for
filers that do not have internal systems, filers with internal systems
will benefit on an ongoing basis if they use the dashboard instead of
their current system due to the elimination of ongoing maintenance
costs for their internal tracking system. Moreover, the dashboard will
offer the advantage of being a uniform system for all filers that
additionally allows Commission staff visibility into which individuals
are authorized to act for the filer, thereby enhancing regulatory
oversight and subsequently the reliability of the information made
available through EDGAR. Furthermore, filers without a system for
tracking individuals in possession of EDGAR codes will be afforded a
tool to do so through EDGAR, thereby facilitating compliance with
existing EDGAR Filer Manual requirements and amended EDGAR Next
obligations in Rule 10 and the EDGAR Filer Manual to securely maintain
access to their accounts.
As proposed and adopted, paragraph (d)(6) of Rule 10 is analogous
to requirements set forth in the EDGAR Filer Manual requiring a filer
to securely maintain its EDGAR access codes. As adopted, filers,
through their account administrators, will be required to securely
maintain information relevant to their ability to access their EDGAR
accounts. Because an existing analogous obligation is currently set
forth in the EDGAR Filer Manual, the benefits of final paragraph (d)(6)
of Rule 10 are expected to be marginal. However, in the context of the
adopted amendments, paragraph (d)(6) of Rule 10 makes clear that this
obligation persists under EDGAR Next and that filers are responsible
for meeting the obligation through their account administrators.
e. Optional APIs and Technical Administrators
As discussed in section II.E, EDGAR Next will introduce optional
APIs.\254\ Filers may choose to connect to these APIs in order to
facilitate the transmission of information to, and retrieval of
information from, EDGAR. The optional APIs will particularly benefit
larger filers with numerous users and CIKs by increasing filing
efficiency and timeliness, thereby potentially reducing costs
associated with making filings. In addition, the optional APIs aim to
automate most of the functions of the dashboard, thereby increasing the
efficiency of accurately managing EDGAR accounts for filers that use
the optional APIs.
---------------------------------------------------------------------------
\254\ See supra section II.E.1 for a description of the APIs.
---------------------------------------------------------------------------
The APIs will streamline the submission and retrieval process by
allowing automated server-to-server interaction. As discussed above,
many filing agents employ a web scraping process to retrieve
information from EDGAR and create custom software that allows filing
agents to make submissions on and retrieve information from EDGAR in an
automated manner. Filing agents' custom software depends on the
underlying content and structure of the EDGAR web pages being scraped.
Thus, filing agents continually incur costs to adjust their custom
software, and could experience system downtime, because minor changes
to EDGAR content and structure are frequently made, as with any major
system. The optional APIs will provide a more reliable automated way
for filers to interact with EDGAR because filers will not be dependent
upon web scraping and impacted by EDGAR content and web page changes.
This should further reduce the ongoing maintenance and personnel costs
associated with custom software. Also, the optional APIs will reduce
the likelihood of errors and inconsistencies in several ways. For
example, the submission API will streamline the filing process by
enabling filers to submit large volumes of filings rapidly and
efficiently in an automated manner. This will eliminate the need to
manually log into EDGAR and submit filings one by one, reducing the
reliance on manual processes, which are more prone to human error.\255\
The submission status API also will allow filers to check the status of
multiple submissions in a batch process. In addition, the submission
status API will provide all information currently contained in EDGAR
submission notifications, enabling the filer to engage in prompt
identification and correction of any inconsistencies.\256\
---------------------------------------------------------------------------
\255\ See supra note 147.
\256\ See supra section II.E.1 for a description of the APIs. In
the event that a filer connects to the submission status API, they
will continue to receive EDGAR submission notifications.
---------------------------------------------------------------------------
As described in sections II.E.1.a.ii and iii, filers and filing
agents, as well as those using third-party custom applications,
continuously interact with the EDGAR system to inquire as to the status
of submissions or the operating status of EDGAR. These frequent
inquiries may generate significant network traffic to and from EDGAR.
Instead of manually logging into EDGAR and individually checking the
status of each submission, the submission status and operational status
APIs will benefit filers by allowing them to simultaneously check the
status of multiple submissions in a machine-to-machine batch process,
thereby reducing network traffic for filers.
Paragraph (d)(3) of Rule 10 as adopted requires any filer that
decides to connect to an optional API to authorize, through its account
administrator(s), at least two technical administrators to manage the
API, unless the filer arranges to use its delegated entity's filer API
tokens and API connections so long as the delegated entity has
authorized at least two technical administrators pursuant to paragraph
(d)(3) of Rule 10. Filers will be allowed a maximum of 20 technical
administrators to facilitate communication with Commission staff on
API-related technical issues. This requirement will benefit filers
because it will reduce the chance that filers' API access would be
interrupted for any
[[Page 106208]]
unforeseen technical issues. This requirement will also benefit both
filers and the Commission by providing Commission staff with multiple
points of contact in case of technical issues and increases the
likelihood that an individual familiar with APIs and related technical
issues is available to address any difficulties that may arise.
f. Adopting Beta and Transition Period
The Commission will provide an Adopting Beta environment shortly
after issuance of this release, which will be available to filers
throughout the transition period until at least December 19, 2025. The
Adopting Beta will benefit filers by providing them with time and
resources to prepare for the EDGAR Next changes. Filers will be able to
test in the Adopting Beta and conduct related development, including
but not limited to creation of connections to the optional APIs, should
they choose to do so. Testing, identification, and resolution of issues
in the deployment of a new system will benefit filers by reducing the
risk of errors and minimizing disruptions to filers' EDGAR operations
during the transition. During the 12-month transition period,
individuals that filers intend to authorize to act on their behalf may
obtain Login.gov individual account credentials and filers may assemble
information that they will need to enroll in EDGAR Next, such as their
current CIK, CCC and passphrase, and information about the individuals
that they will authorize as account administrators. The transition
period will enable filers to transition to EDGAR Next in a planned and
flexible manner, allowing filers to coordinate their own specifics
onboarding needs and processes over the 12-month period. This degree of
flexibility afforded to filers in timing their transition activities
will facilitate compliance to EDGAR Next and reduce the risk of non-
compliance. This is especially advantageous to small filers with fewer
resources that may need more time to adapt to the new requirements.
2. Costs
The costs associated with EDGAR Next include one-time costs for
filers (including filing agents) to setup their EDGAR dashboard, create
connecting API internal filing applications and adjust any other
relevant internal software if they opt to connect to the APIs.\257\ The
costs associated with EDGAR Next also include ongoing costs for filers
(including filing agents) to comply with new Rule 10 requirements
related to access and management of EDGAR accounts. The compliance
costs associated with EDGAR Next will vary depending on the size of the
filer, the number of individuals acting on behalf of the filer, the
filer's existing software, and the complexity of a filer's EDGAR
application. EDGAR Next, however, may not increase filers' overall net
compliance costs since modernizing the EDGAR access and account
management processes will likely reduce ongoing compliance costs for
some activities and for some reporting entities, such as filing agents
and larger filers, due to streamlined management of filer credentials
and accounts, simplified procedures to access EDGAR, and a more
automated process for filing on EDGAR and retrieval of account
information.
---------------------------------------------------------------------------
\257\ See infra section V.
---------------------------------------------------------------------------
Filers that opt to interact with the APIs will need to create
internal applications to connect to APIs and discontinue or modify
their current usage of any custom software, but the one-time cost of
doing these tasks will be mitigated by the elimination of these filers'
current ongoing maintenance costs associated with scraping EDGAR and
adjusting custom software each time EDGAR undergoes changes. To
facilitate filers' use of the optional APIs and help mitigate the
associated costs, Commission staff have developed technical resources
to assist filers in creating software to connect to APIs. Filers will
be offered a list of technical standards for the APIs, the expected
inputs and outputs, and additional API token information. Commission
staff will also offer an open-source code for a sample filing
application to facilitate connection to the initial three APIs in the
API Toolkit and serve as a model for connection to the other APIs being
offered.
a. Form ID
The Commission is adopting amendments to Form ID requiring all
filers seeking electronic access to EDGAR to submit certain additional
information for review and approval by Commission staff before such
access may be granted.\258\ As filers are already subject to the
requirements of Form ID, the additional requirements for Form ID will
entail certain incremental compliance costs.\259\ The Commission
estimates that compliance costs associated with the new Form ID will
increase by approximatively $100 per filer for each Form ID
submission.\260\ For applicants seeking access to an existing EDGAR
account, this cost may be mitigated by the fact that certain fields of
the form will be prepopulated with certain publicly available
information of the filer, which may reduce the cost associated with
completing the amended form.\261\
---------------------------------------------------------------------------
\258\ See supra section II.F.3.
\259\ See infra section V.B.
\260\ The $100 estimate is based on the following calculations:
$101 (hourly rate for an operations specialist at $168 for 0.6
hours) [ap] $100. Salaries for estimates are derived from SIFMA's
Management & Professional Earnings in the Securities Industry 2013,
modified to account for an 1,800-hour work-year and inflation, and
multiplied by 5.35 to account for bonuses, firm size, employee
benefits and overhead. See infra section V.B.
\261\ See supra note 187.
---------------------------------------------------------------------------
One commenter argued that requiring a notarized power of attorney
to add an employee of another entity as an account administrator could
significantly increase the burden for individual reporting owners and
render the option of using an outside account administrator practically
not viable.\262\ We disagree that requiring a notarized power of
attorney in this instance creates an additional cost because, as stated
in the baseline, the EDGAR Filer Manual currently requires filers to
provide a notarized power of attorney. Therefore, given that the power
of attorney requirement is consistent with an existing requirement, we
do not expect a material difference in cost compared to the baseline.
---------------------------------------------------------------------------
\262\ Workiva Comment Letter (``We believe that a notarized
power of attorney should not be required to add an employee of
another entity as an administrator. This could significantly
increase the burden for the individual reporting owners, especially
considering staffing changes at the affiliated entities. The burden
could render the option of using an outside administrator
practically not viable.'').
---------------------------------------------------------------------------
One commenter opposed the notarization requirement for non-employee
account administrators authorized on Form ID, stating that the
notarization may not be readily accessible for everyone, which might
result in unaccounted for burdens such as travel time and notarization
costs.\263\ Though we acknowledge the commenter's concern, we do not
believe these additional costs are likely to be significant because the
notarization process is relatively straightforward and analogous to the
current requirement for all filers to obtain the notarized signature of
the authorized individual on Form ID contained in the EDGAR Filer
Manual. Furthermore, for filers that may not have access to physical
notaries, online remote notarization is
[[Page 106209]]
already permitted and will continue to be permitted by the
Commission.\264\
---------------------------------------------------------------------------
\263\ Block Transfer Comment Letter (``Notaries can pose
challenges for an ever-increasing population with less and less
access to physical bank branches and a distinct lack of other no-
cost notarization providers.'').
\264\ See EDGAR Filer Manual, Volume I, at section 3. The EDGAR
Filer Manual specifies the instructions filers must follow when
making electronic filings on EDGAR and is incorporated by reference
in the Code of Federal Regulations by 17 CFR 232.301 (Regulation S-
T, Rule 301). Rule 10 of Regulation S-T and the EDGAR Filer Manual
permit manual, electronic, and remote online notarizations,
authorized by the law of any State or territory of the U.S. or DC
See 17 CFR 232.10 and EDGAR Filer Manual, Volume I, at section 3. An
``authorized individual'' for purposes of the Form ID notarization
process is an individual with the authority to legally bind an
entity or individual, or an individual with a power of attorney from
an individual with the authority to legally bind an entity or
individual, as defined in Volume I of the EDGAR Filer Manual and
Rule 11 of Regulation S-T.
---------------------------------------------------------------------------
b. Individual Account Credentials, Account Administrators
Final paragraph (d)(1) of Rule 10 will require that all existing
and prospective filers only authorize an individual to perform
functions on the dashboard on their behalf if that individual possesses
individual account credentials obtained through Login.gov. Requiring
individual account credentials will impose the minimal step of
obtaining individual account credentials from Login.gov in the EDGAR
access process resulting in some additional time burden for individuals
who will have an EDGAR role for filers. Because the use of individual
user permissions is a standard practice in software applications and
computer systems, and Login.gov is free to use, we do not believe that
requiring individual account credentials will be unduly burdensome or
confusing.
One commenter stated that the introduction of individual account
credentials could be disruptive and unduly burdensome for section 16
filers.\265\ The commenter argued that section 16 filers will face
additional burdens when applying for EDGAR access and enrolling in
EDGAR Next themselves and requested that EDGAR permit a corporate
secretary or legal personnel of a registrant to obtain EDGAR access for
an individual section 16 filer pursuant to a power of attorney.\266\ We
acknowledge the commenter's concern; however, we do not believe that
section 16 filers will face additional costs beyond the costs that
other filers incur, given the various compliance options available to
them. For example, as discussed above in section II.B, section 16
filers with existing accounts may avoid obtaining Login.gov individual
account credentials for EDGAR if they authorize an individual at their
filing agent or other third party to enroll them in EDGAR Next and
during enrollment authorize one or more individuals at these entities
to act as their account administrators. Likewise, section 16 filers who
are applying for access on amended Form ID may use a notarized power of
attorney to delegate to another person the process of obtaining
individual account credentials and making filings on their behalf. The
commenter also stated that some features of Login.gov (e.g., text or
voice MFA options) are restricted in certain countries, which could
impose an added burden on filers based outside the United States.\267\
As discussed in section II.A, Login.gov offers individuals several
different authentication methods and individuals need only choose one
method available to them. Therefore, we do not anticipate any
additional costs for filers based outside of the United States.
---------------------------------------------------------------------------
\265\ See SCG Comment Letter.
\266\ See SCG Comment Letter.
\267\ See SCG Comment Letter.
---------------------------------------------------------------------------
Final paragraph (d)(2) of Rule 10 will require filers to authorize
at least two account administrators to act on the filers' behalf to
manage their accounts. Filers that are individuals or single-member
companies will be required to authorize and maintain at least one
account administrator. Prospective EDGAR filers will designate on
amended Form ID the individuals that the filer authorizes as account
administrators. As such, the compliance costs associated with the new
Form ID \268\ reflects the burden associated with the enrollment of
account administrators. Existing filers will authorize their account
administrators through a function on the dashboard, which is
encompassed in the one-time cost that filers will incur to set up their
accounts on the EDGAR Next dashboard.\269\ Additionally, other costs
associated with account administrators are encompassed by the costs
associated with ongoing maintenance of the dashboard.\270\
---------------------------------------------------------------------------
\268\ See supra note 260.
\269\ See infra note 274.
\270\ See infra note 275.
---------------------------------------------------------------------------
We do not expect individual or single-member filers to hire
additional personnel in order to comply with final paragraph (d)(2) of
Rule 10 because individual or single-member filers may act as their own
account administrators or authorize an individual at their filing agent
or other representative entity as an account administrator. Existing
filers also may authorize an individual at their filing agent or other
third party to enroll them in EDGAR Next and during enrollment
authorize one or more individuals at these entities to act as their
account administrators. Similarly, filers who apply for access on
amended Form ID may authorize one or two individuals at their filing
agents or relevant companies as their account administrators, so long
as they execute a relevant notarized power of attorney. Nevertheless,
this requirement will result in the opportunity cost of personnel being
less available to attend to other matters while performing their
account administrator duties.
Two commenters asserted that the Proposing Release's economic
analysis did not sufficiently account for additional non-developmental
support costs imposed on filing agents and law firms that may need to
hire additional personnel to manage the administrative aspects of the
dashboard, which likely will be passed on to registrants.\271\ One
commenter acknowledged that the additional support and management
burden for filing agents is difficult to quantify, which makes it hard
for the Commission to evaluate.\272\ As stated in the Proposing
Release, filers with a large number of users would spend a greater
amount of time managing their dashboard accounts.\273\ We anticipate
that most large filers and filing agents will authorize their own
employees or affiliates in order to comply with final paragraph (d)(2)
of Rule 10 and will not need to hire additional personnel. However, we
acknowledge that a large filer or filing agent will face additional
costs if it needs to hire additional personnel to comply, and we
recognize that, although only two account administrators are required,
a filer or filing agent may hire as many as 20 account administrators.
To the extent additional personnel need to be hired, there will be
costs associated with the hiring process.
---------------------------------------------------------------------------
\271\ XBRL Comment Letter (``[t]he economic [analysis] described
in the proposed rule does not include the additional non-
developmental support costs. Filing agents and law firms are
estimated to be responsible for over 90% of EDGAR filings.
Additional support costs are likely to be passed on to
registrants.''); Workiva Comment Letter (``[t]he economic [ ]
analysis also does not include the additional non-developmental
support costs imposed on filing agents and law firms, estimated to
be responsible for over 90% of EDGAR filings, which would presumably
be passed on to their customers/registrants. The additional support
and management burden for filing agents will be substantial but hard
to quantify at this point.'').
\272\ Workiva Comment Letter.
\273\ Proposing Release at 65549 (``[w]e recognize that due to
these factors, the burden incurred would vary across filers. Filers
with a large number of users and significant turnover would likely
spend a greater amount of time managing their dashboard
accounts.''); see also infra note 277.
---------------------------------------------------------------------------
[[Page 106210]]
c. Final Amendments to Paragraphs (d)(4), (d)(5), and (d)(6) of Rule
10, and Rule 11
As adopted, paragraph (d)(4) of Rule 10 will require each filer
through its account administrators to perform an annual confirmation on
EDGAR that all account administrators, users, technical administrators,
and delegated entities reflected on its dashboard are authorized by the
filer to act on its behalf and that all information about the filer on
the dashboard is accurate. The annual confirmation requirement will
impose additional compliance costs on filers to review the accuracy of
their EDGAR account information on the dashboard. We estimate that, in
the first year, there will be a one-time cost of approximatively $200
per filer, on average, to set-up the filer's account on the EDGAR Next
dashboard.\274\ We also estimate that, there will be a recurring cost,
including in the first year, of approximatively $200 per filer, on
average, to manage the filer's dashboard.\275\ These costs will likely
vary with the number of users that the filer authorizes and the amount
of turnover of relevant personnel.\276\ For example, a filer with a
large number of users that experiences high turnover in users could
have to spend more time managing its dashboard, in which instance it
will incur additional costs to do so.\277\ Filing agents are also
likely to face higher dashboard management costs if they authorize a
large number of individuals and have multiple accepted delegations and
user groups for which delegated users will need to be maintained.\278\
Such costs will likely be mitigated by active notifications and other
efficiencies provided by the dashboard, and the optional APIs as an
account management tool.
---------------------------------------------------------------------------
\274\ The $200 estimate is based on the following calculations:
$168 (hourly rate for an operations specialist at $168 for 1 hour)
[ap] $200. Salaries for estimates are derived from SIFMA's
Management & Professional Earnings in the Securities Industry 2013,
modified to account for an 1,800-hour work-year and inflation, and
multiplied by 5.35 to account for bonuses, firm size, employee
benefits and overhead. See infra section V.C.
\275\ The $200 estimate is based on the following calculations:
$168 (hourly rate for an operations specialist at $168 for 1 hour)
[ap] $200. Salaries for estimates are derived from SIFMA's
Management & Professional Earnings in the Securities Industry 2013,
modified to account for an 1,800-hour work-year and inflation, and
multiplied by 5.35 to account for bonuses, firm size, employee
benefits and overhead. See infra section V.C.
\276\ See infra section V.C.
\277\ If a filer fails to perform a timely annual confirmation,
after a three-month grace period, it must complete and submit a Form
ID to apply for access to file on EDGAR. If Commission staff grant
the Form ID, a filer will need to re-invite any users, technical
administrators, and additional account administrators to its
account, and reissue delegation invitations, if relevant. Re-issuing
invitations will take longer for larger filers and filing agents
with many users acting on behalf of the filer.
\278\ See infra section V.C.
---------------------------------------------------------------------------
We have sought to ease the transition to EDGAR Next for filers by
allowing enrollment of multiple accounts simultaneously on the
dashboard, via bulk enrollment of up to 100 filers and their account
administrators. The bulk enrollment feature will particularly benefit
large filing agents enrolling multiple accounts by saving time and
labor costs, which will help mitigate against any higher compliance
costs these entities would otherwise incur. We are also offering an
optional API to facilitate the enrollment process and lower costs.
As adopted, paragraphs (d)(5) and (d)(6) of Rule 10 are analogous
to existing requirements set forth in the EDGAR Filer Manual, and
filers are not expected to incur significant incremental costs of
compliance given they should already be complying with these
requirements when using the EDGAR system.\279\ We also do not expect
filers to incur compliance costs related to the new terms defined in
amended Rule 11.
---------------------------------------------------------------------------
\279\ See supra notes 170 and 171.
---------------------------------------------------------------------------
One commenter said that proposed paragraph (d)(4) of Rule 10
contributes to an overall higher complexity for filing agents with a
large number of accounts and associated individuals due to the sheer
amount of information required to review.\280\ The provision of
multiple notices of the impending confirmation deadline to account
administrators via email and dashboard notifications,\281\ as well as
the three-month grace period provided after the confirmation deadline
has passed before deactivation occurs,\282\ will help ensure that the
filer's account administrators receive adequate notice and opportunity
to timely perform confirmation without negatively affecting their
submission preparation lead time. This will help minimize the
administrative burden and ongoing maintenance costs related to the
requirement to perform annual confirmation on the dashboard. In
addition, delegated entities such as filing agents will be able to use
the ``view filer account information API'' to programmatically check
impending confirmation deadlines for filers that have delegated filing
authority to them.\283\ This will allow filing agents to remind their
client filer's account administrators to perform annual confirmation in
a timely manner.\284\
---------------------------------------------------------------------------
\280\ Workiva Comment Letter (``The annual confirmation
requirement would increase the burden on all filers due to the
amount of user content to review, and it contributes to the overall
higher complexity for filers to manage in order to file.'').
\281\ See supra section II.B.1.
\282\ These notices will be provided in the dashboard and also
be sent via email to all account administrators' email addresses
(e.g., the confirmation deadline notices will be periodically
provided in both email and via the dashboard multiple times leading
up to the deadline to ensure that the account administrators are
fully aware of the pending deadlines). See supra section II.1
(discussing account administrators).
\283\ See supra section II.E.2.
\284\ Delegated account administrators cannot perform annual
confirmation for the filer.
---------------------------------------------------------------------------
Filers will have the flexibility to perform annual confirmation on
any date prior to the confirmation deadline, thus allowing filers to
comply with the requirement at a time that is best suited for them and
thereby lessening this compliance cost. Filers are required to
authorize at least two account administrators to act on the filers'
behalf to manage their accounts and they may authorize up to 20 account
administrators on the dashboard.\285\ Having multiple account
administrators facilitates the management of large accounts since each
account administrator will possess the same authority to manage the
filer's EDGAR account and perform the confirmation. This will reduce
the burden on any one account administrator by making the confirmation
more manageable and reducing the likelihood of a single account
administrator failure. Furthermore, the dashboard is structured to
facilitate the annual confirmation review by allowing account
administrators to manage the filer's account on the dashboard and
through optional APIs. The optional APIs will enable cost efficiencies
in the review process by allowing filers to rapidly add and remove
individuals, change roles, and perform delegations to ensure the
accuracy of information on the dashboard in advance of confirmation.
---------------------------------------------------------------------------
\285\ Single member companies and individuals are only required
to authorize and maintain at least one account administrator.
---------------------------------------------------------------------------
Two commenters argued that the annual confirmation requirement
would impose a significant burden on those who file infrequently, such
as section 16 filers.\286\ We do not believe that the annual
confirmation requirement would impose a significant burden on
infrequent filers, such as section 16 filers. While section 16 filers
who wish to act as their own account
[[Page 106211]]
administrators may log into the dashboard, review the information
there, and proceed through a short confirmation process once per year,
they may instead rely upon other individual(s) they authorize as
account administrators to perform the annual confirmation requirement
on their behalf. Additionally, as stated above, account administrators
will receive multiple notices of the impending confirmation deadline
via email and dashboard notifications,\287\ as well as the three-month
grace period provided after the confirmation deadline has passed before
deactivation occurs.\288\ These features will provide ample reminders
to filers, including infrequent filers, of the annual confirmation
requirement process.
---------------------------------------------------------------------------
\286\ XBRL Comment Letter (``The annual confirmation requirement
will create a significant additional burden for filers that use a
filing agent's SEC credentials, in particular for those filers who
make sporadic submissions such as Section 16 filers.''). See also
Toppan Merrill Comment Letter (``This update particularly impacts
Section 16 filers who do not frequently file or rely on the Issuer
to submit their filings.'').
\287\ See supra note 281.
\288\ See supra note 282.
---------------------------------------------------------------------------
One commenter further stated that the current annual password
renewal requirement does not represent a similar burden to the annual
confirmation requirement since filers can retain their EDGAR access by
using a filing agent's CIK and password.\289\ As discussed above, all
filers will receive, both via email and through the dashboard, notices
of an impending confirmation deadline, and daily notices of failure to
timely confirm over a three-month period prior to deactivation of the
account. Further, an optional filing credentials API will be provided
to allow filers that opt to connect to APIs to programmatically check
upcoming confirmation deadlines.
---------------------------------------------------------------------------
\289\ See Toppan Merrill Comment Letter (``This is not currently
a burden with the EDGAR annual password expiration. Filers can
continue to access EDGAR, as well as submit filings on EDGAR, using
a filing agent's valid CIK and Password'').
---------------------------------------------------------------------------
One commenter asserted that suspension of the filer's account due
to failure to complete the annual confirmation requirement by the end
of the two-week grace period as proposed would pose undue burden on
American small businesses and hinder small business' access to
capital.\290\ Another commenter expressed concerns about deactivation
risk and recommended a temporary suspension over account deactivation
since failure to confirm may result from other circumstances rather
than account abandonment.\291\ We acknowledge these concerns and have
extended the grace period following a missed confirmation deadline from
two weeks to three months, which should help reduce the burdens
associated with unanticipated account deactivation. Filers will
maintain their EDGAR access through the three-month grace period and
will receive daily notifications reminding them to satisfy their annual
confirmation requirement. Further, following account deactivation,
EDGAR will preserve the filer's filing history. While filers with
deactivated accounts will incur the cost of having to reapply for
access and re-invite all individuals previously authorized, such burden
may be alleviated for filers that use the APIs offered by EDGAR. The
APIs will allow filers to: change individuals' roles; send delegation
invitations; request delegations; add individuals to CIKs in various
roles; and remove individuals from CIKs.
---------------------------------------------------------------------------
\290\ See Block Transfer Comment Letter (``[W]e respectfully
believe that automatically closing accounts without annual
verifications as proposed on page 88 would hinder SBAC [Small
Business Access to Capital] and pose an undue burden on American
small businesses.'').
\291\ See Workiva Comment Letter (``We strongly recommend
temporary suspension over account deactivation with removal of all
user and delegation information. Failure to confirm annually may
signal a problem occurred in the notification process rather than
the filer being no longer in control of the account. For example,
email blocking or email going to the spam folder could lead to the
filer not receiving the annual confirmation reminders. It is also
possible that the administrator(s) may be on leave or out of office.
Based on our customer survey, about 23% of the respondents indicated
the annual confirmation requirement is a low burden, while over 33%
indicated that the annual confirmation requirement is a high burden
and they are ``concerned'' to ``highly concerned'' about the
potential account deactivation risk.'').
---------------------------------------------------------------------------
d. Optional APIs and Technical Administrators
Filers or filing agents that choose to connect to the available
APIs will incur a one-time cost to adjust their internal software
systems to the optional APIs. We have estimated the direct costs to
filers or filing agents that wish to connect to the optional APIs,
including time and personnel costs to build a filing application
integrated with all functions to successfully connect to the EDGAR
APIs. These expenses are likely to vary across filers depending on
their existing software and the complexity of their application and
individual business models, among other factors. Based on the
experience of Commission staff in developing the sample filing
application to connect to certain EDGAR APIs being offered to filers,
the total estimated cost per filer for filing applications to connect
to an EDGAR API by an external programmer analyst \292\ should be
approximatively $33,000 \293\ for filers with a preexisting filing
application and approximatively $41,000 for filers that do not have a
preexisting filing application.\294\ Given that the APIs are optional,
filers may choose to incur this cost to the extent that they expect the
benefit of using the APIs to exceed the cost of doing so.
---------------------------------------------------------------------------
\292\ We do not expect this programming work to be performed by
technical administrators. As indicated below, we expect technical
administrators will be operations specialists, see infra note 307.
\293\ The $33,000 estimate is based on the following
calculations: $32,544 (hourly rate for a senior programmer analyst
at $339 for 96 hours) [ap] $33,000. Salaries for estimates are
derived from Payscale, available at www.payscale.com. Using data
from the 75th percentile in February 2023, adjusting for an 1,800
hour work year and inflation, and multiplying by the 5.35 factor
which normally is used to include benefits but here is used as an
approximation to offset the fact that New York salaries are
typically higher than the rest of the country, the result is $324
per hour.
\294\ The $41,000 estimate is based on the following
calculations: $40,680 (hourly rate for a senior programmer analyst
at $339 for 120 hours) [ap] $41,000. Salaries for estimates are
derived from Payscale, available at www.payscale.com. Using data
from the 75th percentile in February 2023, adjusting for an 1,800
hour work year and inflation, and multiplying by the 5.35 factor
which normally is used to include benefits but here is used as an
approximation to offset the fact that New York salaries are
typically higher than the rest of the country, the result is $324
per hour.
---------------------------------------------------------------------------
Filers will need to create connections to the optional APIs and may
modify other existing internal software systems to comport with
connections to APIs. For filers that have been scraping EDGAR web pages
and creating custom software, the one-time cost of setting up API
connections and adjusting internal software systems will be mitigated
by the elimination of these filers' current ongoing maintenance costs
associated with scraping EDGAR web pages and adjusting custom software
each time EDGAR undergoes changes. Not all filers currently use custom
software to interface with EDGAR, however, and some filers instead
submit their filings directly through the EDGAR filing website. We have
observed, for instance, that small filers typically do not use custom
filing software and are unlikely to choose to connect to the optional
APIs, therefore we do not expect they will incur this cost. Small
filers that do not currently use custom software or lack the resources
to develop their own API connections or employ their own technical
administrators may use the APIs that their delegated entity develops
and maintains as set forth in paragraph (d)(3) of Rule 10.
One commenter recommended revising the APIs to accept path
parameters rather than raw XML and to consider this revision in the
economic analysis.\295\ The commenter asserted
[[Page 106212]]
that modern APIs use path parameters and implementing path parameters
in the APIs would simplify machine-to-machine information retrieval as
opposed to raw XML, which the commenter stated is not friendly to
developers.\296\ This comment does not accurately reflect the nature of
the APIs that are being provided by Commission staff. The APIs, as
designed, will take advantage of path parameters, which should largely
address the commenter's concerns. Path parameters are intended to be
used to identify specific resources or data points, such as a filer's
CIK, and they are not suitable for providing complex nested data, such
as the information that would be required to be included in an EDGAR
submission. In those cases, XML is better suited for providing
structured data in a format that can be easily interpreted and accepted
by the APIs. Commission staff have developed the APIs accordingly.
---------------------------------------------------------------------------
\295\ Block Transfer Comment Letter (``[T]here should be certain
simplified endpoints which accept path parameters rather than raw
XML. This would simplify the machine-to-machine reporting of
important market information for all issuers. It would also
drastically streamline the technical inclusion of route-specific
authorizations).
Despite the vast efficiencies that the detail-oriented XML
framework brought to the industry over the past 27 years through
standardized reporting, we respectfully submit to the Commission
that the markup language is not friendly to developers,
international locale standards, or efficient machine-to-machine
code. Modern APIs use path parameters, eliminating the need to
compile variables into a file before submission.'').
\296\ Id.
---------------------------------------------------------------------------
A commenter stated that the economic analysis in the Proposing
Release failed to account for the costs of filing agents likely needing
to update or develop an application to manage delegation.\297\ We
disagree with the commenter that this is a significant cost that should
have been accounted for in the Proposing Release. Because EDGAR Next
already offers multiple ways to manage delegations, we do not believe
that filers and filing agents will need to update or develop an
application for this purpose. As stated in the Proposing Release and
herein, the filer's account administrator may delegate authority to
file to another EDGAR account through a function on the dashboard where
they can also terminate delegation.\298\ The dashboard will be enhanced
to: (1) provide bulk delegation functionality to allow filers to
delegate to multiple CIKs more easily; (2) enable prospective delegated
entities to send delegation requests to filers; and (3) allow filers to
automatically accept delegations and become delegated entities if they
choose. These three enhancements are available on the dashboard, and do
not require creation or updating of an application. Moreover, for
filers that opt to use the available APIs, an optional delegation API
will also be offered replicating most dashboard functionality in
machine-to-machine connections. Although filers who wish to use the
delegation API will need to create connections to the API to do so,
this is no different from how filers will connect to the other APIs and
we do not expect any unique costs will apply in this context. Account
administrators will be able to delegate authority to file to an
unlimited number of EDGAR accounts, allowing filers to delegate to
multiple filing agents, for example.
---------------------------------------------------------------------------
\297\ See DFIN Comment Letter (``Estimated cost should include
the likelihood that filing agents would need to update or create an
application to manage delegations.'').
\298\ See Proposing Release, section III.C.1; see also supra
section II.C.1.
---------------------------------------------------------------------------
Another commenter stated that the proposed API connective software
development time was overly optimistic, and that the proposal's costs
estimates failed to account for many important items, such as API
integration time, the software changes for token management and filing
preparation, customer discovery and beta testing.\299\ We agree with
the commenter that API connective software development time should
encompass API integration time, the software changes for token
management and filing preparation, customer discovery and beta testing.
Our cost estimate in the proposal and herein captures these items.
First, our cost estimate assumes that the sample application will be
built from scratch with no documentation or open-source code base.
Second, our estimate includes building a basic application with limited
user interface functions that submits LIVE and TEST filings and
requests system status and submission status from the EDGAR API, which
are essential for beta testing and filing preparation. To further
facilitate API integration time and mitigate some of the aforementioned
development costs, Commission staff will offer filers technical
resources, such as an API Development Toolkit and a sample filing
application, to assist filers in developing their own connective filing
software. The sample filing application will provide technical details
and a working code base that could be either copied into existing
filing applications or used as a base for developing a new filing
application. The sample filing application code is a starting point for
smaller filers that may not already have a filing application and want
to enter the API space. This sample code can serve as a troubleshooting
guide/reference material for all developers because it uses specific
technologies (e.g., PostgreSQL, NodeJS, Angular) that are well-
documented, commonly used, and can be understood by a mid-level
programmer.
---------------------------------------------------------------------------
\299\ See Workiva Comment Letter (``If an actual user must be
associated with the process due to the need to present a user token,
this could potentially impose additional services . . .''); (``In
our opinion, the development time estimate of 96-120 hours is a very
low estimate. Considering the API integration time, the software
changes for token management and filing preparation, customer
discovery and beta testing time, the estimate could be an order of
magnitude higher. In addition, monitoring and adapting to changes in
the EDGAR Next beta environment will incur ongoing costs through
March 2024. The economic [ ] analysis also does not include the
additional non-developmental support costs imposed on filing agents
and law firms . . .'').
---------------------------------------------------------------------------
One commenter questioned the implementation of filer and user
tokens within the delegation framework and asserted that the EDGAR Next
framework could lead to longer filing preparation time and hinder the
efficiency of an automated filing process.\300\ To address the
commenter's concern, and in a change from the proposal, filers that
utilize a delegated entity also have, under the final amendments, the
option of using a delegated entity's filer API token and API
connections to make submissions on behalf of the filer, so long as the
delegated entity has authorized at least two technical administrators
in accordance with paragraph (d)(3) of Rule 10. This change may further
serve to mitigate concerns about development costs. As a result, APIs
may be more accessible for smaller filers that may not have the
resources to develop API connections or employ their own technical
administrators, as they may instead delegate to a larger filer or
filing agent that can develop API connections and obtain and maintain
filer API tokens and two technical administrators.
---------------------------------------------------------------------------
\300\ See Workiva Comment Letter (``[c]hange of provider could
require longer lead time due to the delegation set up and acceptance
process, as well as making the tokens available in the filing
systems. This could put pressure on the filers when they need to
respond to unforeseen situations.'').
---------------------------------------------------------------------------
Two commenters were critical of the proposal's use of filer and
user tokens.\301\ One commenter claimed the use of specific user tokens
would subject filing agents to a higher cost of service and longer
filing preparation lead time.\302\ We do not think the use of specific
user tokens is unduly burdensome for filers that choose to make
submissions through APIs. Generating a filer API token or a user API
token is a straightforward process accomplished on the dashboard within
approximately one minute of logging in. Furthermore, the use of tokens
to
[[Page 106213]]
connect to APIs is a security requirement designed to minimize the
potential for unauthorized intrusions to EDGAR. In addition,
presentation of the individual's user API token allows the Commission
to identify who makes each submission on EDGAR, a primary goal of this
rulemaking. Removing the user API token requirement would frustrate the
Commission's objective of enhancing the security of EDGAR and tracing
filings to the individuals who make them.
---------------------------------------------------------------------------
\301\ See Workiva Comment Letter and XBRL Comment Letter.
\302\ See Workiva Comment Letter (``the potential impact on
increased manual intervention resulting in higher services costs,
which are hard to accurately estimate at this point although we
expect it to be far reaching due to the percentage of public
registrants potentially impacted by this.'').
---------------------------------------------------------------------------
Two commenters argued that the monthly user multifactor
authentication login requirement would create a significant burden for
their filing teams and their section 16 filers.\303\ In a change to the
proposing release, rather than the user API token remaining valid for
up to one year so long as the user logged into EDGAR at least every 30
days, the individual will need to log in to generate a new user API
token every 30 days or otherwise prior to making an infrequent filing.
While we acknowledge that the requirement that a person log in to
generate a new user API token every 30 days (if necessary to make a
filing) may inconvenience some filers, the cost of this burden will not
be significant because generating a user API token is a straightforward
process accomplished on the dashboard. We estimate that a user API
token could be generated within approximately one minute of logging
into the dashboard. Section 16 filers may either authorize an
individual at their filing agent or other third party to enroll them in
EDGAR Next and during enrollment authorize one or more individuals at
these entities to act as their account administrators or, when applying
for access on amended Form ID, authorize individuals at their filing
agents or other representative entity as their account administrators
using a notarized power of attorney, each of whom may file on their
behalf. Also, any incremental burdens imposed by the monthly user
multifactor authentication login requirement must be considered in
light of the potential benefits it will provide. User API tokens will
enhance authentication, provide traceability for filings, and improve
EDGAR security.
---------------------------------------------------------------------------
\303\ See Workiva Comment Letter (``We believe a user role that
has only the authority to file and manage its credentials and
membership is appropriate. However, one proposed requirement for
users is to log into one of the three EDGAR sites at least once
every 30 days in order to keep the user token active. According to
our customer survey, about 72% of the respondents indicated that
this requirement poses a significant burden or risk to their filing
teams.''); Block Transfer Comment Letter (``We respectfully submit
to the Commission that development based access keys should not be
subject to monthly user MFA checks. We believe that imposing such
checks on these keys may introduce unnecessary complexities and
hinder the efficiency of development teams working on various
projects.'').
---------------------------------------------------------------------------
Another commenter estimated a total of 240 developer hours towards
securely storing and managing the filer and user API tokens.\304\ We
believe, however, that the commenter's estimate of 240 additional
developer hours due to the API token requirements is likely overstated.
As discussed above, we estimate that it will take between 96 and 120
hours to configure the filer's filing application correctly to be able
to interact with the API.\305\ This estimate includes the time that
filers will spend to implement a method to store the tokens in a
database and to use the tokens within filers' applications to connect
to the EDGAR APIs. Thus, we believe that the API application
development cost estimate provided above already adequately incorporate
the above steps of integrating and managing the API tokens.
---------------------------------------------------------------------------
\304\ See XBRL Comment Letter (``Furthermore, the changes to
securely store and manage Filer and User Tokens could easily add 240
developer hours.'').
\305\ See supra notes 293 and 294, estimating 96 hours for
filers with an existing filing application and 120 hours for filers
that do not have a preexisting filing application.
---------------------------------------------------------------------------
Filers that choose to connect to the APIs will also incur the
additional cost of authorizing, through their account administrator(s),
at least two technical administrators to manage the technical aspects
of the APIs.\306\ The Commission estimates that annually, on average,
each filer that chooses to connect to the APIs will incur approximately
$170 in compliance costs per CIK with respect to the technical
administrators' responsibilities.\307\ These costs may vary depending
on the size of the filer, the number of filer API tokens the filer
employs at any given time, and the business needs of the filer with
regards to the usage and management of APIs (including but not limited
to the security standards imposed by the filer). We do not expect that
filers will need to hire new employees to fill the technical
administrator role since the primary responsibilities for the technical
administrator are to generate the filer API token on an annual basis
and securely store it within a filer's application and to be available
in the event that a technical issue arises with APIs. We believe that
larger filers and filing agents using APIs will have sufficient staff
to authorize at least two technical administrators. Smaller filers who
choose to connect to APIs will likely employ a delegated entity to
avoid the burden of obtaining and maintaining their own filer API
tokens, engineering their own API connections, and designating two
technical administrators. Final paragraph (d)(3) of Rule 10's
requirement that a filer authorize, through its account
administrator(s), at least two technical administrators will not apply
to a filer that uses the filer API token and API connections of its
delegated entity, so long as the delegated entity has authorized its
own technical administrators in accordance with paragraph (d)(3) of
Rule 10. Filers that rely upon their delegated entity's filer API token
and API connections will not need to obtain and maintain their own
filer API tokens or engineer their own API connections, although their
account administrators and users will need to supply their own user API
tokens to the APIs, if those APIs require presentation of a user API
token.
---------------------------------------------------------------------------
\306\ See paragraph (d)(3) of Rule 10 as adopted.
\307\ The $170 estimate is based on the following calculations:
$168 (hourly rate for an operations specialist at $168 for 1 hour)
[ap] $170. Salaries for estimates are derived from SIFMA's
Management & Professional Earnings in the Securities Industry 2013,
modified to account for an 1,800-hour work-year and inflation, and
multiplied by 5.35 to account for bonuses, firm size, employee
benefits and overhead. These represent costs beyond the quantified
costs for technical administrators that are associated with
dashboard management. See supra note 275 for an estimate of the
annual cost of dashboard management. Based on Commission staff
experience and knowledge regarding the filing agent industry, we
estimate there will be 208 filers that will be required to satisfy
the technical administrator requirements.
---------------------------------------------------------------------------
e. Adopting Beta and Transition Period
During the transition process to EDGAR Next, filers will incur
certain ancillary costs related to testing and quality assurance. These
costs may also include documentation and technical support cost for
personnel managing the transition at the filer. For example, one
commenter estimated 8 hours per week to track changes in the Proposing
Beta through March 2024.\308\ We expect that there will be a similar
cost to track changes in the Adopting Beta. However, to help mitigate
some of these costs, Commission staff will provide dedicated telephone
support and an email help [email protected] well as an
online form (available in the Adopting Beta) to report technical bugs.
A more improved user experience will ultimately reduce the possibility
of errors and disruption for filers, thus minimizing the cost burden
associated with transitioning to the new filing regime. The Adopting
Beta will help
[[Page 106214]]
minimize disruptions to the filing processes for all filers.
---------------------------------------------------------------------------
\308\ XBRL Comment Letter (``There is also an estimated 8 hours
per week to track changes in the beta through March 2024.'').
---------------------------------------------------------------------------
Filers will have six months prior to the compliance date and three
months after the compliance date within which to enroll through a
function on the dashboard. Once a filer enrolls in EDGAR Next, the
filer's CCC will be automatically reset. One commenter stated that
requiring the CCC to be reset after a filer enrolls will negatively
impact filing preparation lead time as individuals must first log in to
view any CCC changes before submission.\309\ We disagree with the
commenter's characterization of the additional cost associated with
viewing any CCC changes. To protect the security of the filer's EDGAR
account, EDGAR will automatically reset the filer's CCC following the
filer's enrollment in EDGAR Next. To leave the CCC unchanged after
enrollment would frustrate the Commission's effort to enhance the
security of EDGAR. We do not expect a one-time reset of the filer's CCC
to cause any major disruptions because filers should be aware that the
CCC will change and that they can manage it themselves on the dashboard
after enrollment. To reduce the cost associated with resetting the CCC,
the new CCC will be visible on the dashboard to all individuals with
the ability to make submissions on the filer's behalf. Further, EDGAR
will offer APIs to view filer account information and verify filing
credentials, including the filer's CCC. We therefore do not believe
that resetting the CCC upon enrollment will negatively impact filing
preparation lead time.
---------------------------------------------------------------------------
\309\ Workiva Comment Letter (``As discussed in the response to
question 35, sweeping changes to CCC is a big disruption and risk
factor to the filing chain. Coordination issues could be easily
resolvable on a small scale, but at this large scale even for filing
agents that have been delegated to or added as account
administrators, the time requirement to log in and view CCC changes
could significantly impact filing lead time given the volume and the
concentration of these issues.'').
---------------------------------------------------------------------------
3. Effects on Efficiency, Competition, and Capital Formation
The final amendments will enhance the security of EDGAR by
improving the security of submissions, the individual traceability of
filings, and regulatory oversight into filings. The amendments will
also streamline the filing process, including filing preparations, and
enhance the efficiency of the Commission's review and processing of
EDGAR submissions. The amendments therefore will better protect against
unauthorized access to filers' accounts and unauthorized filings on the
EDGAR system. This will reduce the risk that unauthorized access and
filings disrupt market efficiency and affect capital formation by
affected filers. The amendments will also enhance investor confidence
in, and therefore use of, the financial information available through
EDGAR filings, thereby helping investors make more informed investment
decisions.
We do not expect the EDGAR Next changes to impact competition
because the final rules and amendments are designed to impose modest
compliance costs, which are largely one-time in nature and not expected
to significantly affect small filers. As discussed in sections IV.B.2.d
and IV.B.2.c, the Commission is making certain technical resources
available to all filers in connection with the final amendments, such
as optional APIs and open-source software to connect to certain APIs,
which should mitigate compliance costs, including for small filers.
Larger filers and filing agents could experience ongoing compliance
cost savings under EDGAR Next due to the streamlined management of
filer credentials and accounts, simplified access procedures, and
greater automation of the filing process and preparation. This need not
disproportionately disadvantage smaller filers, however, as smaller
filers will have the option to rely on delegated entities to supply API
connections and filer API tokens. To the extent that, as discussed
above, delegated entities experience ongoing compliance cost savings
under EDGAR Next, then competition among delegated entities may lead
them to pass on some of these cost savings to their clients in the form
of lower fees, including to smaller filers.
C. Reasonable Alternatives
1. Add and Allow Bulk Confirmation for Related CIKs
As adopted, paragraph (d)(4) of Rule 10 will require each filer to
perform an annual confirmation on EDGAR of all of the filer's users,
account administrators, technical administrators, and delegated
entities, as well as any other information related to the filer
appearing on the dashboard. Several technical features will be
introduced to facilitate compliance with the rule and form
requirements. For example, bulk enrollment will permit filers and
filing agents to simultaneously enroll up to 100 filers, along with
their authorized account administrators, in a single batch. Several
commenters suggested that the Commission should also allow bulk
confirmations to be performed for related CIKs, such as CIKs that share
the same administrators, users, delegations, and corporate and contact
information.\310\ This alternative might facilitate the confirmation of
multiple filers simultaneously, but the annual confirmation for related
CIKs does not lend itself to bulk processing. While some related CIKs
may share the same administrators, users, delegations, and corporate
and contact information, not all of them do. Related CIKs (such as CIKs
for co-registrants or filers with beneficial ownership obligations)
will often have different information that is to be provided on the
dashboard; for example, co-registrants may have different individuals
authorized to act on their behalf.\311\ Thus, adding a bulk
confirmation feature for related CIKs could lead to the inadvertent
confirmation of dashboard information without proper review and
verification for accuracy, thus undermining the intended benefits of
the annual confirmation requirement. For this reason, we are not
implementing this alternative. Filers may already achieve under EDGAR
Next efficiencies in the confirmation process by leveraging the newly
added APIs that will allow them to reduce confirmation preparation lead
time by rapidly adding and removing individuals, changing roles, and
performing delegations in advance of confirmation.
---------------------------------------------------------------------------
\310\ Cadwalader Comment Letter (``On an operational level, we
do not expect individual serial trusts to have account
administrators, technical administrators, users or delegated
entities that are not also performing the same functions for the
depositor, although the depositor may have certain additional
account administrators, technical administrators, users or delegated
entities who are not assigned to all of the related serial trusts.
Therefore, depositor-level confirmation of its authorized parties
would also encompass all individuals assigned roles with respect to
each individual serial trust.''); Toppan Merrill Comment Letter
(responding to a question regarding whether bulk confirmations
should be permitted by stating ``[y]es, affiliated filers with the
same administrators, users, delegations, and corporate and contact
information should be allowed similar functionality . . .'').
\311\ See supra section II.B.1.
---------------------------------------------------------------------------
2. Extend the ABSCOMP Process to Affiliated Entities
EDGAR permits certain filings to be submitted on behalf of multiple
filers, that are treated as co[hyphen]registrants for purposes of the
filing. Examples of several types of issuers that manage and file with
related entities include investment companies filing on behalf of other
affiliated investment companies, corporate issuers with
co[hyphen]registrants, beneficial ownership reporting filers (e.g.,
Form 144, Schedule 13D, Schedule 13G, and section 16 filers), and ABS
issuers. While these registrants have a separate CIK for each filer,
they are managed by one entity. In particular, ABS issuers,
[[Page 106215]]
usually the depositor in an ABS transaction, may create multiple serial
companies each year, each of which represents a distinct legal entity
with its own CIK, even though each generally has the same contact
information as the ABS issuer. The ABSCOMP process streamlines the ABS
issuer's submission process, by allowing for rapid creation of multiple
serial companies and by automatically copying all account information
associated with the ABS issuing entity to any created serial companies.
One commenter recommended expanding the ABSCOMP process to other
issuers that have a related structure with multiple related
parties.\312\ This alternative, however, would not provide the same
benefits to filers with related party structure as it does for ABS
issuers because the same dashboard information would be disseminated to
all related entities involved in the ABSCOMP process. While ABS issuers
and their serial companies share the same underlying dashboard
information, other related party entities, such as investment companies
and co-registrants, do not share this characteristic, as each of these
filers typically possesses separate filer-specific information such as
name, address, and contact information, as well as separate reporting
obligations. Thus, expanding the ABSCOMP process to other related party
filers could increase the risk of filing errors and inconsistencies,
resulting in additional administrative burden and delays in the
submission process for the related party filers in scope. For this
reason, we are not implementing this alternative. The added APIs under
EDGAR Next should already substantially address the commenter's
concerns by allowing filers to rapidly add account administrators and
make other changes as necessary, as discussed further in section II.E
above.
---------------------------------------------------------------------------
\312\ See Toppan Merrill Comment Letter (``The proposed
functionality for an ABS account administrator to access the
dashboard for serial companies could be utilized for other issuers
who have a related structure with multiple entities . . . including
corporate issuers with co-registrants [and] beneficial ownership
reporting filers. . . . If the existing option to create a serial
company by the `ABSCOMP' process is available in EDGAR Next
functionality that will be sufficient for ABS entities to manage
creating new CIKs.'').
---------------------------------------------------------------------------
3. Retire the CCC for Filing Submissions
The final amendments will maintain the CCC as the code required for
filing. The CCC code will be displayed on the dashboard. Alternatively,
one commenter suggested eliminating the use of a filer's CCC to submit
a filing. The commenter stated that the CCC requirement will be
redundant as individuals accessing the CCC through the dashboard will
also need to sign in with their respective individual account
credentials, complete multifactor authentication, and be authorized by
the filer.
Retiring the CCC could result in a modest efficiency gain for
filers by eliminating the additional step of presenting the CCC as a
requirement for submission authorization resulting in a moderate
reduction in submission preparation time. The CCC could be eliminated
in the future if feasible from a technical and security
standpoint.\313\ At this time, however, we continue to believe that the
required use of the CCC enhances submission security. Moreover, some
commenters \314\ expressed their preferences for maintaining the
current co-registrant filings process unchanged, and this process
requires both the CCC and CIK for submission success. Also, EDGAR Next
will introduce a view account information API that will allow filers
and filing agents to view the filer's CCC via an API (so long as the
user API token belongs to an individual who has permissions to view the
CCC and use the filer API token). Facilitating access to the CCC via
the dashboard and the APIs should ease the burden of submitting the CCC
for each filing.
---------------------------------------------------------------------------
\313\ See supra section II.A.
\314\ See supra note 123.
---------------------------------------------------------------------------
4. Requirements for Individual and Small Filers
EDGAR Next will apply to all prospective and existing filers
regardless of size. Alternatively, the Commission could implement
scaled requirements for small entities and individual filers. For
example, the Commission could consider exempting section 16 filers from
amended paragraph (d)(4) of Rule 10(d)(4), which will require filers,
through their authorized account administrators, to confirm annually
that all account administrators, users, and delegated entities, and
technical administrators reflected on the dashboard for the filer's
EDGAR account are authorized by the filer and that all information
regarding the filer on the dashboard is accurate. Further, the
Commission could exempt small filers from amended paragraph (d)(1) of
Rule 10(d)(1), and instead allow small filers to independently develop
practices and recordkeeping to track individuals acting on their behalf
and safeguard their account access codes. Such scaled requirements
would lower the compliance costs for small entities and individual
filers.
Exempting any subgroup of filers from paragraph (d)(1) or (d)(4) of
Rule 10(d)(1) or Rule 10(d)(4), or the other EDGAR Next changes, would
lessen the security benefits of EDGAR Next with regard to these filers.
The EDGAR Next changes are designed to enhance the security of EDGAR
filings, including by, among other things, strengthening the security
of access to filers' EDGAR accounts by establishing a uniform method
for authorizing, identifying, and tracking all individuals authorized
to act on each filer's behalf. Exempting small filers from obtaining
individual account credentials would increase the risks that small
entities and individual filers are subject to unauthorized access to
their EDGAR accounts and unauthorized filings, thereby undermining the
benefits of EDGAR Next. Also, as discussed in sections IV.B.2.d and
IV.B.2.c, (the Commission is making certain technical resources
available to filers in connection with the final amendments, such as
optional APIs,\315\ the Adopting Beta, and a transition period, all of
which should help mitigate compliance costs for smaller entities and
individual filers.
---------------------------------------------------------------------------
\315\ As discussed above in section IV.B.2.d, while we do not
expect smaller entities to develop their own software, they may be
able to use the optional APIs of a delegated entity pursuant to
adopted paragraph (d)(3) of Rule 10.
---------------------------------------------------------------------------
As another alternative, the Commission could allow smaller filers
additional time to come into compliance. One commenter suggested that
Section 16 filers be granted an additional six months after the
enrollment period ends so that they do not miss any deadlines while
they enroll in EDGAR Next.\316\ A longer enrollment period would lower
the compliance cost for small filers by enabling a transition to EDGAR
Next at a pace that suits their needs, allowing these filers with fewer
resources more time to adapt to the new requirements. EDGAR Next will
allow filers an additional three months after compliance within which
to enroll, although the legacy filing regime will not be extended
beyond the compliance date. Extending the legacy filing regime would
lessen the security benefits of EDGAR Next by delaying the
implementation of the multifactor authentication and individual account
credential requirements.\317\
[[Page 106216]]
Nevertheless, filers who must make a required filing within three
months after the compliance date, and who have not yet enrolled, will
be able to quickly enroll and access their EDGAR accounts in order to
make timely submissions.
---------------------------------------------------------------------------
\316\ SCG Comment Letter (``We also ask that the Commission
consider allowing all Section 16 filers to continue to use the
existing EDGAR system for an additional six months after the
enrollment period ends, so they do not miss any deadlines while they
enroll in EDGAR Next.'') (emphasis in original).
\317\ See supra note 48.
---------------------------------------------------------------------------
5. Implementing Performance-Based Standards
EDGAR Next mandates certain prescribed requirements to enhance the
security of EDGAR's filing regime. We could consider an alternative
with a more performance-based approach that would not spell out the
precise actions filers need to take in order to improve the security of
EDGAR. For instance, we could simply state that filers should have
practices and recordkeeping that allow the Commission to more easily
identify anyone who takes action on EDGAR on the filer's behalf and
also ensure that only individuals authorized by the filer are privy to
the filer's access codes. This could, for instance, lead beneficial
ownership reporting filers to opt to forgo authorizing account
administrators to manage their EDGAR account, or other filers could
determine that they do not need multifactor authentication for
designated individuals authorized to act on their behalf on the
dashboard.
The benefits of a more performance-based approach would be that
filers would have more flexibility in what their practices and
recordkeeping cover. For instance, they could tailor their EDGAR access
compliance requirements to their specific circumstances and have
greater discretion in how they manage their EDGAR accounts and
safeguard their account access codes. While this approach would provide
more flexibility for filers, we are not implementing this alternative
as allowing individual filers to decide which security measures to
implement would undermine our objective of enhancing the existing
security requirements for the EDGAR system. In particular, individual
account credential requirements, including multifactor authentication,
are a key security enhancement that allows us to modernize and
implement stronger cybersecurity standards, consistent with current
best practices, as described in Executive Order No. 14028 and the NIST
guidelines.\318\
---------------------------------------------------------------------------
\318\ See supra notes 29 and 30 and accompanying text.
---------------------------------------------------------------------------
V. Paperwork Reduction Act
Certain provisions of our rules and forms that will be affected by
the final amendments contain ``collection of information'' requirements
within the meaning of the Paperwork Reduction Act of 1995
(``PRA'').\319\ The Commission published a notice requesting comment on
changes to these collection of information requirements in the
Proposing Release and submitted these requirements to the Office of
Management and Budget (``OMB'') for review in accordance with the
PRA.\320\ An agency may not conduct or sponsor, and a person is not
required to respond to, a collection of information unless it displays
a currently valid OMB control number. Compliance with the information
collection is mandatory. Responses to the information collection are
not kept confidential, and there is no mandatory retention period for
the information disclosed. The title for the existing collection of
information that we are amending is ``Form ID--EDGAR Password'' (OMB
Control No. 3235-0328). We also are adding a new collection of
information titled ``the dashboard.'' The final amendments to Form ID
and the implementation of the dashboard are designed to harness the
benefits of improved technology and to modernize the EDGAR access and
account management functions. A detailed description of the final
amendments, including the amendments to Form ID and the implementation
of the dashboard, including the need for the information and its
intended use, as well as a description of the likely respondents, can
be found in section II above, and a discussion of the expected economic
impact of the amendments can be found in section IV above.
---------------------------------------------------------------------------
\319\ 44 U.S.C. 3501 et seq.
\320\ 44 U.S.C. 3507(d); 5 CFR 1320.11.
---------------------------------------------------------------------------
A. Summary of Comment Letters on PRA Estimates
In the Proposing Release, the Commission requested comment on the
PRA burden hour and cost estimates and the analysis used to derive the
estimates. We received two comment letters addressing the PRA
estimates. One letter inquired whether notarization had been accounted
for in our burden estimates.\321\ We affirm that the PRA estimates,
both previously approved by OMB and the estimates contained in these
final amendments, reflect the overall burden of compliance with Form
ID, including the notarization requirements.\322\ The second letter
recommended that the amendments lead to an update to the ``Paperwork
Reduction Act'' as it will require more filings by companies through
EDGAR.\323\ To the extent that the filer was referring to the PRA
burden estimates associated with EDGAR Next, as discussed below, we are
revising those estimates to reflect the EDGAR Next changes, although we
do not expect the EDGAR Next changes to cause a significant increase in
the number of filings on EDGAR.
---------------------------------------------------------------------------
\321\ See Block Transfer Comment Letter.
\322\ The burden represents an estimate of the average
compliance burden. Consequently, the burden could be lower for some
filers (such as those that do not need to add notarizations for
account administrators), and higher for other filers (such as those
that do need to include notarizations for account administrators).
\323\ See comment Letter of Akash Chand (September 13, 2023).
---------------------------------------------------------------------------
B. Form ID
Form ID must be completed online and submitted to the Commission by
individuals, companies, and other organizations that seek access to
file electronically on EDGAR.
As outlined above, the final amendments to Form ID will require an
applicant for EDGAR access to undertake certain additional obligations,
including most significantly: (1) designating on Form ID specific
individuals the applicant authorizes as its account administrator(s) to
manage its EDGAR account on a dedicated dashboard on EDGAR; (2)
indicating the applicant's LEI, if any; (3) providing more specific
contact information about the filer, its account administrator(s), its
authorized individual (the individual authorized to sign Form ID on the
filer's behalf as defined in the EDGAR Filer Manual), and its billing
contact (including mailing, business, and billing information, as
applicable); (4) specifying whether the applicant, its authorized
individual, person signing a power of attorney (if applicable), account
administrator, or billing contact has been criminally convicted as a
result of a Federal or State securities law violation, or civilly or
administratively enjoined, barred, suspended, or banned in any
capacity, as a result of a Federal or State securities law violation;
(5) indicating whether the applicant, if a company, is in good standing
with its State or country of incorporation; (6) requiring submission of
a new Form ID for both prospective filers seeking access to EDGAR for
the first time and existing filers that must apply for access to EDGAR
because they: (i) are the legal successor of the filer named on the
existing CIK account but did not receive access from that filer, (ii)
lost electronic access to their existing CIK account, or (iii) are
broker-dealers or ``paper filers'' seeking electronic access for the
first time in order to file electronically on EDGAR; and (7) requiring
those seeking access to an existing EDGAR account to
[[Page 106217]]
upload to EDGAR the documents that establish the applicant's authority
over the company or individual listed in EDGAR on the existing account.
The final amendments will also simplify filer account management by
eliminating the EDGAR password, PMAC, and passphrase.
For purposes of the Paperwork Reduction Act, the currently approved
collection of information includes an estimate of 57,329 Form ID
filings annually and further estimates approximately 0.30 hours per
response to prepare and file Form ID, for a total of 17,199 annual
burden hours. Those estimates include the number of Form ID filings for
filers without CIKs (48,089 filings), filers with CIKs that are seeking
to regain access to EDGAR (8,836 filings), and filers with CIKs that
have not filed electronically on EDGAR (404 filings).\324\ These
estimates assume that filers are responsible for 100% of the total
burden hours.
---------------------------------------------------------------------------
\324\ 48,089 filings for users without CIKs + 8,836 filings for
filers who are seeking to regain access to EDGAR + 404 filings for
filers with CIKs who have not yet filed electronically on EDGAR =
57,329 filings.
---------------------------------------------------------------------------
There were 73,600 Form ID filings in calendar year 2023. The
estimate includes the number of filers without CIKs, filers with CIKs
that have not filed electronically on EDGAR, and filers with CIKs that
are seeking to regain access EDGAR.\325\ For purposes of the Paperwork
Reduction Act, we estimate that the number of Form ID filings under the
final amendments will remain the same and that the number of hours to
prepare Form ID will increase by 0.30 hours as a result of the adoption
of the access changes and Form ID amendments.\326\
---------------------------------------------------------------------------
\325\ 63,676 filings for users without CIKs + 9,602 filings for
filers who are seeking to regain access to EDGAR + 322 filings for
filers with CIKs who have not yet filed electronically on EDGAR =
73,600 filings.
\326\ The increase in burden will vary by applicant depending on
whether certain of their responses required additional information
(e.g., explaining the circumstances surrounding any specified
individuals who are currently subject to Federal or State securities
law investigations, proceedings, convictions, suspensions, or bars,
and for applicants seeking access to an existing CIK account,
providing the documents that establish the applicant's authority
over the company or individual currently listed in EDGAR as
corresponding to the existing CIK account).
---------------------------------------------------------------------------
Thus, for purposes of the Paperwork Reduction Act, the estimated
total number of annual Form ID filings will increase from 57,329
filings to 73,600 filings. The estimate of 0.30 hours per response will
increase to 0.60 hours per response. The estimated total annual burden
will increase from 17,199 hours to 44,160 hours.\327\ The estimate that
the filers are responsible for 100% of the total burden hours will
remain the same.
---------------------------------------------------------------------------
\327\ 73,600 filings x 0.60 hours/filing = 44,160 hours.
[GRAPHIC] [TIFF OMITTED] TR27DE24.016
C. The Dashboard
As outlined above, pursuant to paragraph (d) of Rule 10 as adopted
each filer will be required to authorize individuals to act on its
behalf on the dashboard, and those individuals must have obtained
individual account credentials for EDGAR in the manner specified in the
EDGAR Filer Manual. Moreover, pursuant to paragraph (d) of Rule 10 as
adopted, each filer, through its account administrators, will be
required to: (i) authorize and maintain at least two individuals as
authorized account administrators to act on the filer's behalf to
manage the filer's EDGAR account, except a filer who is an individual
or single-member company must authorize and maintain at least one
individual as an account administrator; (ii) confirm annually on EDGAR
that all users, account administrators, technical administrators, and/
or delegated entities reflected on the dashboard for the filer's EDGAR
account are authorized by the filer, and that the filer's information
on the dashboard is accurate; (iii) maintain accurate and current
information on EDGAR concerning the filer's account, including but not
limited to accurate corporate information and contact information (such
as mailing and business addresses, email addresses, and telephone
numbers); (iv) securely maintain information relevant to the ability to
access the filer's EDGAR account, including but not limited to access
through any EDGAR API; and (v) if the filer chooses to connect to an
EDGAR API, authorize, through its account administrator(s) at least two
technical administrators to manage technical matters related to the
filer's connection to the API, or the filer may use the API connections
and filer API tokens of its delegated entity so long as the delegated
entity is in compliance with the technical administrator and other API
requirements.
EDGAR will facilitate account administrators' management of filers'
accounts by allowing them to: (i) add and remove users, account
administrators, and technical administrators (including removing
themselves as an account administrator); (ii) create and edit groups of
users; (iii) delegate filing authority to other EDGAR accounts and
remove such delegations; (iv) generate a new CCC; and (v) receive
notifications regarding significant events affecting the account (which
will also be provided via email to the account administrators' email
addresses).
For purposes of the PRA, we estimate that each filer will spend
approximately one hour in the first year setting up the dashboard, and
additionally, on average, approximately one hour per annum managing the
filer's account on the dashboard. This burden will vary across filers
depending on the size of the filer, the number of users, account
administrators, technical administrators, and delegated entities
authorized by the filer, as well as the amount of annual staff turnover
for those individuals and entities, among other factors. For a small
number of filers, the annual burden may significantly exceed our
estimate (e.g., filing agents that may authorize a large number of
individuals and that have multiple accepted delegations and user groups
for which delegated users will need to be maintained). On the other
hand, for the vast majority of filers, the annual burden will
presumably be less than our estimate because we expect most filers will
authorize a small number of individuals and will experience little or
no annual turnover
[[Page 106218]]
with regard to those individuals.\328\ Consequently, the anticipated
aggregate average annual burden attributed to the dashboard for all
filers will be approximately 270,400 burden hours, based on a three-
year average burden of 1.3 hours per filer.\329\
---------------------------------------------------------------------------
\328\ A filer survey conducted by a filing agent found that at
least 64% of its respondents planned to have three or fewer account
administrators, and 96% of its respondents planned to have fewer
than 20 users. See Workiva Comment Letter (November 30, 2021).
Moreover, since filers are not required to authorize users,
technical administrators, or delegations, filers who did not choose
to authorize such individuals or third parties would not have any
associated burdens.
\329\ The estimate of 1.3 hours per filer is based on the
following calculations: For dashboard set up, 1 hour in the first
year / 3 years = 0.3 hours on average; for dashboard management, 1
hour per year / 3 years = 1 hour on average; 0.3 hours for dashboard
set up + 1 hour for dashboard management = 1.3 hours on average for
all dashboard responsibilities. The estimate of 270,400 hours is
based on the following calculations: 0.3 hours for dashboard set up
x 208,000 filers = 62,400 hours; 1 hour for dashboard management x
208,000 filers = 208,000 hours; 62,400 hours + 208,000 hours =
270,400 hours.
[GRAPHIC] [TIFF OMITTED] TR27DE24.017
VI. Final Regulatory Flexibility Analysis
The Regulatory Flexibility Act (``RFA'') \330\ requires an agency,
when issuing a rulemaking adoption, to prepare and make available a
Final Regulatory Flexibility Analysis (``FRFA'') that describes the
impact of the final rule on small entities.\331\ This FRFA has been
prepared in accordance with the RFA and relates to the amendments to
Rules 10 and 11 of Regulation S-T and Form ID described in section II.F
above.
---------------------------------------------------------------------------
\330\ 5 U.S.C. 601 et seq.
\331\ Id.
---------------------------------------------------------------------------
A. Need for and Objectives of the Rule and Form Amendments
The purpose of the final amendments is to enhance the security of
EDGAR accounts, improve the ability of filers to securely maintain
access to their EDGAR accounts, facilitate the responsible management
of EDGAR filer credentials, and simplify procedures for accessing
EDGAR. Among other things, the final amendments will require each filer
to:
[ssquf] Authorize individuals to act on its behalf on the dashboard
only if those individuals have obtained individual account credentials
in the manner specified in the EDGAR Filer Manual;
[ssquf] Authorize and maintain individuals as account
administrators to manage their EDGAR accounts on the dashboard;
[ssquf] Confirm annually on EDGAR, through their account
administrators, that all account administrators, users, technical
administrators and delegated entities reflected on the dashboard for
the filer's EDGAR account are authorized by the filer to act on its
behalf, and that all information about the filer on the dashboard is
accurate;
[ssquf] Maintain accurate and current information on EDGAR
concerning the filer's account; and
[ssquf] Securely maintain information relevant to the ability to
access the filer's EDGAR account.
Filers that choose to connect to the optional EDGAR APIs to make
submissions on EDGAR and take other actions, will, among other things,
generally be required through their account administrators to authorize
at least two technical administrators to manage tokens and other
technical aspects of the EDGAR APIs unless they use the API connections
and filer API tokens of their delegated entities that have authorized
at least two technical administrators, in which case an individual at
the relevant filer need only supply a user API token, if the relevant
API requires presentation of a user API token.
B. Significant Issues Raised by Public Comments
We received no comments on the Initial Regulatory Flexibility
Analysis contained in the Proposing Release. Commenters did state,
however, that several aspects of the rulemaking would have both
financial and workload impacts on their business and services offered,
including: the requirement to obtain individual account credentials
resulting in ``additional costs and confusion for individuals and small
entity filers,'' \332\ dashboard requirements resulting in
``administrative burden and ongoing maintenance costs,'' \333\ and
requirements for API tokens resulting in ``higher service costs.''
\334\
---------------------------------------------------------------------------
\332\ See Toppan Merrill Comment Letter (regarding the
individual account credential requirement: ``Yes, there will be
additional costs and confusion for individuals and entity filers. It
will be beneficial for the SEC to provide a well-publicized
education and an information campaign to help prepare filers for the
EDGAR Next mandate. We commend the SEC for providing the EDGAR Next
Beta testing environment and hosting introductory webinars. To
encourage more registrant participation, it would be beneficial for
the SEC to post step-by-step videos on its YouTube channel of each
essential part of the EDGAR Next process.'').
\333\ See Workiva Comment Letter, discussed supra note 141
(``All functionality provided by the EDGAR Dashboard should be
available via APIs . . . . The administration burden and ongoing
maintenance costs [of manually using the dashboard] will be
significant and could ultimately impact the cost burden on the
filers'').
\334\ See Workiva Comment Letter, discussed supra note 302
(asserting regarding the requirement that API tokens be manually
obtained pursuant to multifactor authentication, that ``manual
intervention result[s] in higher services costs, which are hard to
accurately estimate at this point although we expect it to be far
reaching due to the percentage of public registrants potentially
impacted by this.'').
---------------------------------------------------------------------------
As noted above, to further facilitate individuals' and small entity
filers' experience with the EDGAR Next transition, Commission staff
will begin public outreach immediately after the
[[Page 106219]]
issuance of this release.\335\ Staff will publicize the transition to
EDGAR Next and link to additional information in announcements and
email distributions, SEC social media, and the homepage of SEC.gov.
Commission staff also will provide multiple resources on a dedicated
EDGAR Next web page to assist with the transition, including but not
limited to, written step-by-step guidance for testing a range of
functionality in the Adopting Beta environment and information about
staff webinars and API technical help sessions for the public. On the
SEC YouTube channel, staff will post videos to walk filers through
various aspects of the EDGAR Next changes. To assist filers with any
issues that may arise, Commission staff will provide dedicated
telephone support and an email help [email protected]
well as an online form (available in the Adopting Beta) to report
technical bugs. To facilitate the transition to EDGAR Next and mitigate
the associated costs of obtaining individual account credentials and
setting up and managing the dashboard, and obtaining API tokens, we are
extending the transition period for compliance with the final
amendments from seven months (as proposed) to 12 months (as
adopted).\336\ This transition period will provide filers six months to
prepare during which the Adopting Beta will be available, followed by
six months to enroll in EDGAR Next prior to the compliance date,
followed by an additional three months after the compliance date during
which any remaining filers can enroll. The additional three months to
enroll in EDGAR Next after the compliance date should help ease burdens
on small entities that may need more time to transition to EDGAR Next.
---------------------------------------------------------------------------
\335\ See section II.H.2.
\336\ See generally section II.H.
---------------------------------------------------------------------------
In addition, to minimize administrative burden and ongoing
maintenance costs related to the dashboard, we are extending the grace
period for filers to timely perform annual confirmations from two weeks
to three months.\337\ Commission staff will also offer 12 optional APIs
beyond what was contemplated in the proposal, as well as an API
Development Toolkit and a sample filing application to assist filers in
developing their own filing software to connect to the APIs.\338\ As
discussed above, these new optional APIs will replicate much of the
account management functionality provided on the dashboard, which
should allow filers to reduce burdens and manage their EDGAR accounts
in a more automated manner.\339\
---------------------------------------------------------------------------
\337\ See supra text accompanying and following note 89.
\338\ See generally section II.E.
\339\ See supra text accompanying note 141.
---------------------------------------------------------------------------
Furthermore, in a change from the proposal, filers with delegated
entities will be able to use the API connections and filer API tokens
of their delegated entities \340\ and will not need to authorize
technical administrators, so long as the delegated entity maintains at
least two technical administrators. This will alleviate the need for
filers with delegated entities to authorize at least two technical
administrators, create API connections and maintain their own filer API
tokens in order for their users to interact with EDGAR through APIs,
although individuals at these filers will need to generate and present
user API tokens to interact with the APIs, if those APIs require
presentation of a user API. While filers could rely completely on their
delegated entities to interact with EDGAR on their behalf, certain
filers may wish to retain the ability to have their users interact with
EDGAR through APIs. This change allows them to do so in a cost-
effective fashion and, as a result, may make APIs more accessible for
smaller filers that may not have the resources to connect to the APIs
or employ their own technical administrators. Individuals at filers
using their delegated entities' filer API tokens and API connections
must nevertheless supply their own user API tokens to interact with the
EDGAR APIs, if those APIs require presentation of a user API token.
---------------------------------------------------------------------------
\340\ See supra text accompanying note 112.
---------------------------------------------------------------------------
C. Small Entities Subject to the Rule and Form Amendments
The final amendments will affect individuals and entities that have
EDGAR accounts or that seek to open EDGAR accounts. The RFA defines
``small entity'' to mean ``small business,'' ``small organization,'' or
``small governmental jurisdiction.'' \341\ For purposes of the RFA,
under our rules, an issuer, other than an investment company, is a
small entity if it had total assets of $5 million or less on the last
day of its most recent fiscal year.\342\ We estimate there are 800
issuers that file with the Commission--other than investment
companies--that will be considered small entities for purposes of this
analysis.\343\
---------------------------------------------------------------------------
\341\ 5 U.S.C. 601(6).
\342\ See 17 CFR 240.0-10(a)).
\343\ This estimate is based on staff analysis of issuers
potentially subject to the final amendments, excluding co-
registrants, with EDGAR filings on Form 10-K, or amendments thereto,
filed during the calendar year of January 1, 2023 to December 31,
2023. This analysis is based on data from XBRL filings, Compustat,
Ives Group Audit Analytics, and manual review of filings submitted
to the Commission.
---------------------------------------------------------------------------
With respect to investment companies and investment advisers, an
investment company, including a business development company, is
considered to be a small entity if it, together with other investment
companies in the same group of related investment companies, has net
assets of $50 million or less as of the end of its most recent fiscal
year.\344\ We estimate that there are 87 registered investment
companies (including business development companies and unit-investment
trusts) that will be considered small entities.\345\ An investment
adviser is generally considered a small entity if it: (1) has assets
under management having a total value of less than $25 million; (2) did
not have total assets of $5 million or more on the last day of the most
recent fiscal year; and (3) does not control, is not controlled by, and
is not under common control with another investment adviser that has
assets under management of $25 million or more, or any person (other
than a natural person) that had total assets of $5 million or more on
the last day of its most recent fiscal year.\346\ We estimate that
there are 471 investment advisers that will be considered small
entities.\347\
---------------------------------------------------------------------------
\344\ See 17 CFR 270.0-10.
\345\ This estimate is derived from an analysis of data obtained
from Morningstar Direct as well as data filed with the Commission
(on Forms N-CSR, NPORT-P, 10-Q, and 10-K) for the last quarter of
2023.
\346\ 17 CFR 275.0-7.
\347\ We based this estimate on registered investment adviser
responses to Item 12 of Form ADV.
---------------------------------------------------------------------------
A transfer agent is considered to be a small entity if it: (1)
received less than 500 items for transfer and less than 500 items for
processing during the preceding six months (or in the time that it has
been in business, if shorter); (2) transferred items only of issuers
that would be deemed ``small businesses'' or ``small organizations'' as
defined in 17 CFR 240.0-10; (3) maintained master shareholder files
that in the aggregate contained less than 1,000 shareholder accounts or
was the named transfer agent for less than 1,000 shareholder accounts
at all times during the preceding fiscal year (or in the time that it
has been in business, if shorter); and (4) is not affiliated with any
person (other than a natural person) that is not a small business or
small organization under 17 CFR 240.0-10.\348\ We estimate
[[Page 106220]]
that there are 131 transfer agents that will be considered small
entities.\349\
---------------------------------------------------------------------------
\348\ 17 CFR 240.0-10(h).
\349\ We based this estimate on transfer agent responses to
questions 4(a) and 5(a) on their latest filing on Form TA-2.
---------------------------------------------------------------------------
With respect to municipal securities dealers and broker-dealers, a
municipal securities dealer that is a bank (including any separately
identifiable department or division of a bank) is a small entity if it:
(1) had, or is a department of a bank that had, total assets of less
than $10 million at all times during the preceding fiscal year (or in
the time that it has been in business, if shorter); (2) had an average
monthly volume of municipal securities transactions in the preceding
fiscal year (or in the time it has been registered, if shorter) of less
than $100,000; and (3) is not affiliated with any person (other than a
natural person) that is not a small business or small organization as
defined in 17 CFR 240.0-10.\350\ We estimate there are 185 municipal
securities dealers that will be considered small entities.\351\ A
broker-dealer is a small entity if it: (1) had total capital (net worth
plus subordinated liabilities) of less than $500,000 on the date in the
prior fiscal year as of which its audited financial statements were
prepared pursuant to Sec. 240.17a-5(d) or, if not required to file
such statements, a broker or dealer that had total capital (net worth
plus subordinated liabilities) of less than $500,000 on the last
business day of the preceding fiscal year (or in the time that it has
been in business, if shorter); and (2) is not affiliated with any
person (other than a natural person) that is not a small business or
small organization as defined in 17 CFR 240.0-10.\352\ We estimate that
there are 737 broker-dealers that will be considered small
entities.\353\
---------------------------------------------------------------------------
\350\ 17 CFR 240.0-10(f).
\351\ This estimate is based on MSRB data filed during the
calendar year of January 1, 2023 to December 31, 2023.
\352\ 17 CFR 240.0-10(c).
\353\ This estimate is based on FOCUS Report data filed during
the calendar year of January 1, 2023 to December 31, 2023.
---------------------------------------------------------------------------
A clearing agency is a small entity if it: (1) compared, cleared
and settled less than $500 million in securities transactions during
the preceding fiscal year (or in the time that it has been in business,
if shorter); (2) had less than $200 million of funds and securities in
its custody or control at all times during the preceding fiscal year
(or in the time that it has been in business, if shorter); and (3) is
not affiliated with any person (other than a natural person) that is
not a small business or small organization as defined in 17 CFR 240.0-
10.\354\ We estimate there are zero clearing agencies that are small
entities, as of December 31, 2023.
---------------------------------------------------------------------------
\354\ 17 CFR 240.0-10(d).
---------------------------------------------------------------------------
An exchange is a small entity if it: (1) has been exempted from the
reporting requirements of Sec. 242.601 of this chapter; and (2) is not
affiliated with any person (other than a natural person) that is not a
small business or small organization as defined in 17 CFR 240.0-
10.\355\ We estimate there are zero exchanges that are small entities,
as of December 31, 2023. A securities information processor is a small
entity if it: (1) had gross revenues of less than $10 million during
the preceding fiscal year (or in the time it has been in business, if
shorter); (2) provided service to fewer than 100 interrogation devices
or moving tickers at all times during the preceding fiscal year (or in
the time that it has been in business, if shorter); and (3) is not
affiliated with any person (other than a natural person) that is not a
small business or small organization under 17 CFR 240.0-10.\356\ We
estimate there are zero securities information processors that are
small entities, as of December 31, 2023.
---------------------------------------------------------------------------
\355\ 17 CFR 240.0-10(e).
\356\ 17 CFR 240.0-10(g).
---------------------------------------------------------------------------
Collectively, we estimate that there are 2,411 small entities that
will be potentially subject to the amendments, based on our review of
data reported as of December 31, 2023.
D. Projected Reporting, Recordkeeping, and Other Compliance
Requirements
As noted above, the purpose of the amendments will be to update
access and provide secure management of individual and entity filers'
EDGAR accounts. The amendments will apply to all applicants and current
EDGAR accounts and will apply to small entities to the same extent as
other entities, irrespective of size. Therefore, we generally expect
the nature of any benefits and cost associated with the amendments to
be similar for large and small entities. As discussed above,\357\ all
existing and new EDGAR filers will be subject to certain fixed costs to
update and maintain an EDGAR account under the amendments, which may
result in a proportionally larger burden on small filers.
---------------------------------------------------------------------------
\357\ See section III.C.2.
---------------------------------------------------------------------------
We expect that the amendments to the rules and form to update
requirements regarding access and management of EDGAR accounts will
have a small incremental effect on existing reporting, recordkeeping
and other compliance burdens for all existing and new EDGAR filers,
including small entities. At the same time, the EDGAR Next changes will
simplify account management by providing an interactive dashboard on
EDGAR, populated with EDGAR account information, as the central
platform for account administrators and other delegated individuals to
manage access to the account, update account information and send
communications and notifications. Some of the amendments, including
requirements for all filers to confirm the accuracy of their account
information, including authorizations for all account administrators,
users, technical administrators, and/or delegated entities, will
require the use of administrative and technical skills, and increase
compliance costs for registrants, although, as discussed in further
detail in section IV, we do not expect these additional costs will be
significant.
E. Agency Action To Minimize Effects on Small Entities
The RFA directs us to consider alternatives that will accomplish
our stated objectives, while minimizing any significant adverse impact
on small entities. In connection with the amendments, we considered the
following alternatives:
i. Establishing different compliance requirements for individual
and entity EDGAR account managers that take into account the resources
available to small entities;
ii. Clarifying, consolidating, or simplifying compliance and
reporting requirements under the rules for small entities;
iii. Using performance rather than design standards; \358\ and
---------------------------------------------------------------------------
\358\ See the discussion of performance-based standards in
section IV.D.3.
---------------------------------------------------------------------------
iv. Exempting small entities from all or part of the requirements.
Regarding the first, third, and fourth alternatives,\359\ we do not
believe that establishing different compliance requirements, using
performance rather than design standards, or exempting small entities
from the requirements will permit us to obtain our desired objectives.
We are concerned that each of these alternatives would undermine our
efforts to enhance the security of EDGAR, improve the ability of filers
to securely manage and maintain access to their EDGAR accounts,
facilitate the responsible management of EDGAR filer credentials, and
simplify procedures for accessing EDGAR. The amendments set forth
uniform requirements for each filer
[[Page 106221]]
to formally authorize individuals to act on the filer's behalf in EDGAR
as account administrators, users, and technical administrators, which
will allow EDGAR to determine whether individuals authorized by the
filer were accessing and taking actions regarding the filer's EDGAR
account. In connection with the EDGAR Next changes, all individuals
accessing EDGAR will be required to sign in with individual account
credentials and multifactor authentication, which will allow EDGAR to
identify the individuals accessing EDGAR. As discussed above, we
believe that by imposing these requirements on all existing and
prospective EDGAR filers, the EDGAR Next rulemaking will generally
improve the security of the EDGAR system by establishing a uniform
method for authorizing, identifying, and tracking all individuals
authorized to act on each filer's behalf. We anticipate that
establishing different compliance requirements, using performance
rather than design standards, or exempting small entities would result
in a patchwork compliance regime that would frustrate the ability of
filing agents and other service providers to efficiently manage filer
credentials and manage and maintain access to filers' EDGAR accounts,
and would likewise frustrate our efforts to simplify procedures for
accessing EDGAR.\360\
---------------------------------------------------------------------------
\359\ See the discussion of compliance requirements in section
IV.D.2.
\360\ See Proposing Release, at notes 28-29 (indicating that 60
to 90% of EDGAR filings may be submitted by filing agents).
---------------------------------------------------------------------------
As noted above,\361\ the Commission considered using a performance-
based approach rather than the design standards used in the EDGAR Next
changes and the amended rules and forms. A more performance-based
approach would reduce the regulatory burden for certain filers by
permitting them to tailor their EDGAR access compliance requirements to
fit their own particular circumstances. For example, small filers could
determine that they do not need the additional security provided by
multifactor authentication for designated individuals to be authorized
to act on their behalf on the dashboard. Furthermore, larger filers
might opt to authorize and maintain only one account administrator
rather than authorize and maintain two such individuals. However, after
consideration, we believe that permitting filers to tailor their EDGAR
access compliance requirements to fit their own particular
circumstances would diminish the intended benefits of the EDGAR Next
changes. As discussed earlier,\362\ bypassing the individual account
credential requirements would make it difficult for the Commission to
match specific filings to the relevant individual who made the
submissions. Likewise, generally allowing filers to have only one
account administrator would increase the likelihood that Commission
staff could not reach an account administrator when it had time-
sensitive questions about access to or activity on the account.
Overall, a performance-based approach would create inconsistencies in
improving the overall security of EDGAR, facilitating the responsible
management of EDGAR filer credentials, and simplifying procedures for
accessing EDGAR. In addition, any cost savings associated with a
performance-based approach would likely be minimal because filers would
still incur costs to adjust to new EDGAR access requirements. Further,
this alternative would limit the magnitude of the benefits for filers
that would result from the contemplated EDGAR Next changes.
---------------------------------------------------------------------------
\361\ See section III.D.3.
\362\ Id.
---------------------------------------------------------------------------
In addition, establishing different compliance requirements, using
performance rather than design standards, or exempting small entities
could permit individuals to access EDGAR accounts for small filers
without being authorized on the dashboard, without multifactor
authentication, and without their EDGAR permissions being individually
verified by EDGAR. Furthermore, if these exemptions or alternatives for
small entities were implemented so that individuals acting on behalf of
small entities were not required to obtain individual account
credentials, the Commission would not be able to associate individuals
with the specific filings they submitted on behalf of small entities.
Collectively, this would reduce the security of EDGAR accounts for
small entities, hinder the ability of the Commission and filers to
prevent and resolve problematic and unauthorized filings, and frustrate
our efforts to require all entities to responsibly manage EDGAR filer
credentials.
Regarding the second alternative, we believe the rulemaking is
clear, and that clarifying, consolidating, or simplifying compliance
requirements for EDGAR filers, including small entities, is not
necessary. All EDGAR users currently follow the same process and rules
to access and maintain their EDGAR accounts. The changes to EDGAR
account management will in many ways simplify procedures for accessing
EDGAR and EDGAR account management. Among other things, the changes
will eliminate the need for individuals to track and share EDGAR
passwords, PMACs, and passphrase codes for each CIK. Instead, each
individual will only be responsible for tracking a single set of
individual account credentials, which will be issued by Login.gov. Once
the individual logs into EDGAR using those credentials, the dashboard
will automatically authenticate the individual and provide her with the
appropriate access to each CIK for which she had been authorized to
take action. The dashboard will also display any relevant individual
codes or tokens (such as user API tokens or CCCs), instead of requiring
the individual to personally track or record those codes or tokens.
This should result in more streamlined, modern access processes that
will benefit all filers, including individuals and small entities.
Statutory Authority
We are amending Rules 10 and 11 of Regulation S-T and Form ID under
the authority in sections 6, 7, 8, 10, and 19(a) of the Securities
Act,\363\ sections 3, 4A, 4B, 12, 13, 14, 15, 15B, 23, and 35A of the
Exchange Act,\364\ section 319 of the Trust Indenture Act of 1939,\365\
and sections 8, 30, 31, and 38 of the Investment Company Act.\366\
---------------------------------------------------------------------------
\363\ 15 U.S.C. 77f, 77g, 77h, 77j, and 77s (a).
\364\ 15 U.S.C. 78c, 78l, 78m, 78n, 78o, 78o-4, 78w, and 78ll.
\365\ 15 U.S.C. 77sss.
\366\ 15 U.S.C. 80a-8, 80a-29, 80a-30, and 80a-37.
---------------------------------------------------------------------------
List of Subjects
17 CFR Part 232
Administrative practice and procedure, Confidential business
information, Electronic filing, Incorporation by reference, Reporting
and recordkeeping requirements, Securities.
17 CFR Part 239
Administrative practice and procedure, Confidential business
information, Reporting and recordkeeping requirements, Securities.
17 CFR Part 249
Administrative practice and procedure, Brokers, Fraud, Reporting
and recordkeeping requirements, Securities.
17 CFR Part 269
Reporting and recordkeeping requirements, Securities, Trusts and
trustees.
17 CFR Part 274
Administrative practice and procedure, Electronic funds transfers,
[[Page 106222]]
Investment companies, Reporting and recordkeeping requirements,
Securities.
For the reasons discussed above, we are amending title 17, chapter
II of the Coe of Federal Regulations as follows:
PART 232--REGULATION S-T--GENERAL RULES AND REGULATIONS FOR
ELECTRONIC FILINGS
0
1. The general authority citation for part 232 continues to read as
follows:
Authority: 15 U.S.C. 77c, 77f, 77g, 77h, 77j, 77s(a), 77z-3,
77sss(a), 78c(b), 78l, 78m, 78n, 78n-1, 78o(d), 78w(a), 78ll, 80a-
6(c), 80a-8, 80a-29, 80a-30, 80a-37, 7201 et seq.; and 18 U.S.C.
1350, unless otherwise noted.
* * * * *
0
2. Amend Sec. 232.10 by revising paragraph (b), adding paragraph (d),
and revising the note to Sec. 232.10 to read as follows:
Sec. 232.10 Application of part 232.
* * * * *
(b) Each electronic filer must, before filing on EDGAR:
(1) File electronically the information required by Form ID
(Sec. Sec. 239.63, 249.446, 269.7, and 274.402 of this chapter), the
application for EDGAR access and
(2) File, by uploading as a Portable Document Format (PDF)
attachment to the Form ID filing, a notarized document, signed by the
electronic filer or its authorized individual, that includes the
information required to be included in the Form ID filing and confirms
the authenticity of the Form ID filing.
* * * * *
(d) To file on EDGAR, each electronic filer must comply with the
EDGAR account access and account management requirements set forth in
this section and in the EDGAR Filer Manual.
(1) The electronic filer may only authorize individuals to act on
its behalf on the dashboard if those individuals have obtained
individual account credentials for EDGAR in the manner specified in the
EDGAR Filer Manual;
(2) Each electronic filer must authorize and maintain at least two
individuals as account administrators to act on the electronic filer's
behalf to manage its EDGAR account, except each individual or single-
member company electronic filer must authorize and maintain at least
one individual as an account administrator to manage its EDGAR account;
(3) If the electronic filer chooses to connect to an EDGAR
Application Programming Interface, the electronic filer, through its
authorized account administrator(s), must authorize at least two
technical administrators to manage technical matters related to the
electronic filer's connection to any EDGAR Application Programming
Interface, unless the electronic filer delegates to a delegated entity
that is in compliance with the technical administrator requirements of
this paragraph and connects to the EDGAR Application Programming
Interface using its delegated entity's filer API tokens and API
connections;
(4) The electronic filer, through its authorized account
administrator(s), must confirm annually on EDGAR that all account
administrators, users, technical administrators, and/or delegated
entities reflected on the dashboard for its EDGAR account are
authorized by the electronic filer to act on its behalf, and that all
information about the filer on the dashboard is accurate;
(5) The electronic filer, through its authorized account
administrator(s), must maintain accurate and current information on
EDGAR concerning the electronic filer's account, including but not
limited to accurate corporate information and contact information; and
(6) The electronic filer, through its authorized account
administrator(s), must securely maintain information relevant to the
ability to access the electronic filer's EDGAR account, including but
not limited to access through any EDGAR Application Programming
Interfaces.
Note 1 to Sec. 232.10: The Commission staff carefully review
each Form ID, and electronic filers should expect that the
Commission staff will require sufficient time to review the Form ID
upon its submission. Therefore, any applicant seeking EDGAR access
is encouraged to submit the Form ID for review well in advance of
the first required filing to allow sufficient time for staff to
review the application.
0
3. Amend Sec. 232.11 by:
0
a. Adding definitions for ``Account administrator'', ``Application
Programming Interface'', ``Authorized individual'', ``Dashboard'', and
``Delegated entity'' in alphabetical order;
0
b. Revising the definitions of ``Direct transmission'' and ``EDGAR
Filer Manual'';
0
c. Removing the note following the definition of ``EDGAR Filer
Manual''; and
0
d. Adding definitions for ``Filing agent'', ``Individual account
credentials'', Single-member company'', ``Technical administrator'',
and ``User'' in alphabetical order.
The additions and revisions read as follows:
Sec. 232.11 Definitions of terms used in this part.
* * * * *
Account administrator. The term account administrator means an
individual that the electronic filer authorizes to manage its EDGAR
account and to make filings on EDGAR on the electronic filer's behalf.
* * * * *
Application Programming Interface. The term Application Programming
Interface, or API, means a software interface that allows computers or
applications to communicate with each other.
* * * * *
Authorized individual. The term authorized individual means an
individual with the authority to legally bind an entity or individual
for purposes of Form ID, or an individual with a power of attorney from
an individual with the authority to legally bind an entity or
individual for purposes of Form ID. The power of attorney document must
clearly state that the individual receiving the power of attorney has
either general legal authority to bind the entity or individual or
specific legal authority to bind the entity or individual for purposes
of Form ID.
* * * * *
Dashboard. The term dashboard means an interactive function on
EDGAR where electronic filers manage their EDGAR accounts and
individuals that electronic filers authorize may take relevant actions
for electronic filers' accounts.
Delegated entity. The term delegated entity means an electronic
filer that another electronic filer authorizes, on the dashboard, to
file on EDGAR on its behalf. Delegated entities must themselves be
electronic filers and must follow all rules applicable to electronic
filers. Delegated entities are not permitted to further delegate
authority to file for a delegating electronic filer, nor are they
permitted to take action on the delegating electronic filer's
dashboard.
Direct transmission. The term direct transmission means the
transmission to EDGAR of one or more electronic submissions.
* * * * *
EDGAR Filer Manual. The term EDGAR Filer Manual means the manual
that sets forth the requirements for access to EDGAR and the procedural
requirements to make electronic submissions on EDGAR. See Rule 301 of
Regulation S-T (Sec. 232.301).
* * * * *
[[Page 106223]]
Filing agent. The term filing agent means any person or entity
engaged in the business of making submissions on EDGAR on behalf of
electronic filers. To act as a delegated entity for an electronic
filer, a filing agent must be an electronic filer with an EDGAR
account.
* * * * *
Individual account credentials. The term individual account
credentials means credentials issued to individuals for purposes of
EDGAR access, as specified in the EDGAR Filer Manual, and used by those
individuals to access EDGAR.
* * * * *
Single-member company. The term single-member company means a
company that has a single individual who acts as the sole equity
holder, director, and officer (or, in the case of an entity without
directors and officers, holds position(s) performing similar activities
as a director and officer).
* * * * *
Technical administrator. The term technical administrator means an
individual that the electronic filer authorizes on the dashboard to
manage the technical aspects of the electronic filer's connection to
EDGAR Application Programming Interfaces on the electronic filer's
behalf.
* * * * *
User. The term user means an individual that the electronic filer
authorizes on the dashboard to make submissions on EDGAR on the
electronic filer's behalf.
0
4. Section 232.301 is revised to read as follows:
Sec. 232.301 EDGAR Filer Manual.
Filers must prepare electronic filings in the manner prescribed by
the EDGAR Filer Manual, promulgated by the Commission, which sets forth
the technical formatting requirements for electronic submissions. The
requirements for becoming an EDGAR Filer and updating company data are
set forth in the EDGAR Filer Manual, Volume I: ``General Information,''
Version 42 (issued September 27, 2024). The requirements for filing on
EDGAR are set forth in the updated EDGAR Filer Manual, Volume II:
``EDGAR Filing,'' Version 71 (September 2024). All of these provisions
have been incorporated by reference into the Code of Federal
Regulations, which action was approved by the Director of the Federal
Register in accordance with 5 U.S.C. 552(a) and 1 CFR part 51. You must
comply with these requirements in order for documents to be timely
received and accepted. The EDGAR Filer Manual is available for
inspection at the Commission and at the National Archives and Records
Administration (NARA). The EDGAR Filer Manual is available for website
viewing and printing in the Commission's Public Reference Room, 100 F
Street NE, Washington, DC 20549, on official business days between the
hours of 10 a.m. and 3 p.m. Operating conditions may limit access to
the Commission's Public Reference Room. For information on the
availability of the EDGAR Filer Manual at NARA, visit www.archives.gov/federal-register/cfr/ibr-locations.html or email
[email protected]. The EDGAR Filer Manual may also be obtained
from https://www.sec.gov/edgar/filerinformation/current-edgar-filer-manual.
PART 239--FORMS PRESCRIBED UNDER THE SECURITIES ACT OF 1933
0
4. The authority citation for part 239 continues to read, in part, as
follows:
Authority: 15 U.S.C. 77c, 77f, 77g, 77h, 77j, 77s, 77z-2, 77z-
3, 77sss, 78c, 78l, 78m, 78n, 78o(d), 78o-7 note, 78u-5, 78w(a),
78ll, 78mm, 80a-2(a), 80a-3, 80a-8, 80a-9, 80a-10, 80a-13, 80a-24,
80a-26, 80a-29, 80a-30, 80a-37, and sec. 71003 and sec. 84001, Pub.
L. 114-94, 129 Stat. 1321, unless otherwise noted.
* * * * *
Sections 239.63 and 239.64 are also issued under 15 U.S.C. 77f,
77g, 77h, 77j, 77s(a), 77sss(a), 78c(b), 78l, 78m, 78n, 78o(d),
78w(a), 80a-8, 80a-24, 80a-29, and 80a-37.
0
5. Section 239.63 is revised to read as follows:
Sec. 239.63 Form ID, application for EDGAR access.
Form ID must be filed by electronic filers, or by their account
administrators, to request EDGAR access and to authorize account
administrators to manage the electronic filer's EDGAR account.
0
6. Form ID (referenced in Sec. Sec. 239.63, 249.446, 269.7, and
274.402) is revised to read as follows:
Note: Form ID is attached as Appendix A at the end of this
document. Form ID will not appear in the Code of Federal
Regulations.
PART 249--FORMS, SECURITIES EXCHANGE ACT OF 1934
0
7. The general authority citation for part 249 continues to read as
follows:
Authority: 15 U.S.C. 78a et seq. and 7201 et seq.; 12 U.S.C.
5461 et seq.; 18 U.S.C. 1350; Sec. 953(b) Pub. L. 111-203, 124 Stat.
1904; Sec. 102(a)(3) Pub. L. 112-106, 126 Stat. 309 (2012), Sec. 107
Pub. L. 112-106, 126 Stat. 313 (2012), Sec. 72001 Pub. L. 114-94,
129 Stat. 1312 (2015), and secs. 2 and 3 Pub. L. 116-222, 134 Stat.
1063 (2020), unless otherwise noted.
0
8. Section 249.446 is revised to read as follows:
Sec. 249.446 Form ID, application for EDGAR access.
Form ID must be filed by electronic filers, or by their account
administrators, to request EDGAR access and to authorize account
administrators to manage the electronic filer's EDGAR account.
PART 269--FORMS PRESCRIBED UNDER THE TRUST INDENTURE ACT OF 1939
0
9. The authority citation for part 269 continues to read as follows:
Authority: 15 U.S.C. 77ddd(c), 77eee, 77ggg, 77hhh, 77iii,
77jjj, 77sss, and 78ll(d), unless otherwise noted.
0
10. Section 269.7 is revised to read as follows:
Sec. 269.7 Form ID, application for EDGAR access.
Form ID must be filed by electronic filers, or by their account
administrators, to request EDGAR access and to authorize account
administrators to manage the electronic filer's EDGAR account.
PART 274--FORMS PRESCRIBED UNDER THE INVESTMENT COMPANY ACT OF 1940
0
11. The authority citation for part 274 continues to read as follows:
Authority: 15 U.S.C. 77f, 77g, 77h, 77j, 77s, 78c(b), 78l, 78m,
78n, 78n-1, 78o(d), 80a-8, 80a-24, 80a-26, 80a-29, and sec. 939A,
Pub. L. 111-203, 124 Stat. 1376, unless otherwise noted.
* * * * *
0
12. Section 274.402 is revised to read as follows:
Sec. 274.402 Form ID, application for EDGAR access.
Form ID must be filed by electronic filers, or by their account
administrators, to request EDGAR access and to authorize account
administrators to manage the electronic filer's EDGAR account.
By the Commission.
Dated: September 27, 2024
J. Matthew DeLesDernier,
Deputy Secretary.
Note: The following appendix will not appear in the Code of
Federal Regulations.
[[Page 106224]]
APPENDIX A--FORM ID
FORM ID
APPLICATION FOR EDGAR ACCESS
Persons who respond to the collection of information contained
in this form are not required to respond unless the form displays a
current valid OMB control number.
-----------------------------------------------------------------------
IMPORTANT INFORMATION
Complete Form ID by reference to:
Rules 10 and 11 of Regulation S-T, 17 CFR 232.10 and
232.11;
The requirements set forth in of Volume I of the EDGAR
Filer Manual; and
The Form ID General Instructions on this interface.
On Form ID, the applicant must authorize two (2) individuals as
account administrators; except an applicant that is an individual or
single-member company must authorize one (1) individual as account
administrator.
The first account administrator listed on Form ID will
be considered the applicant's EDGAR point of contact (``EDGAR POC'')
should the Form ID application be granted.
SEC staff will attempt to contact the EDGAR POC first
but may contact other account administrators if the EDGAR POC is not
available.
Information submitted on Form ID may become public.
Do not enter personal contact information on Form ID
that you do not wish to become public.
Your Form ID application may be rejected if you submit
unsolicited sensitive personally identifiable information on the
form or in any attachments.
-----------------------------------------------------------------------
Misstatements or omissions of fact in connection with an
application for EDGAR access and/or in a submission on EDGAR may
constitute a criminal violation under 18 U.S.C. 1001 and 1030 and/or
a violation of other criminal and civil laws. If the SEC has reason
to believe that an application for EDGAR access and/or a submission
on EDGAR is misleading, manipulative, and/or unauthorized, the SEC
may prevent acceptance or dissemination of the application/
submission and/or prevent future submissions or otherwise remove a
filer's access to EDGAR pursuant to Rule 15 of Regulation S-T, 17
CFR 232.15.
-----------------------------------------------------------------------
If your Form ID application is granted, be aware that EDGAR
filers must comply with the rules and regulations governing access
to the EDGAR system set forth in Regulation S-T and the EDGAR Filer
Manual, including but not limited to the following:
Filers must only provide access to EDGAR to persons or
entities authorized by the filer to take action on behalf of the
filer.
Immediately upon determining that a person or entity is
no longer authorized to take action on the filer's behalf, filers
must remove the EDGAR access of that person or entity.
Filers must inform the SEC immediately upon receiving
information of any unauthorized activity in the filer's EDGAR
account. Filers should contact EDGAR Filer Support at (202) 551-
8900.
-----------------------------------------------------------------------
Privacy Act Statement
AUTHORITIES: The information is sought pursuant to 15 U.S.C. 77a
et seq., 15 U.S.C. 77aaa et seq., 78a et seq., 80a-1 et seq., and 17
CFR 232.10.
PURPOSE: The information solicited on this form will be used to
determine whether to allow applicants to make filings on EDGAR, and,
where access is granted, to establish and maintain the filer's EDGAR
account
ROUTINE USES: Uses for the information collected can be found in
the System of Records Notice SEC-33: General Information Technology
Records. See https://www.sec.gov/about/privacy/sorn/sec-33_sec_general_information_technology_records.pdf.
DISCLOSURE: Providing this information is voluntary. Failure to
provide the information requested on this form, however, may affect
the determination whether to allow applicants to make filings on
EDGAR.
-----------------------------------------------------------------------
PART 1--APPLICATION FOR EDGAR ACCESS
(To be completed by all applicants)
Is this application for a new EDGAR account or for access to an
existing EDGAR account?
[ballot] New EDGAR account (new EDGAR account number, known as a
Central Index Key (CIK), will be issued)
[ballot] Existing EDGAR account (applicant currently has an
EDGAR account and Central Index Key (CIK))
Enter existing CIK account number
-----------------------------------------------------------------------
Indicate the reason the applicant is seeking access to an
existing EDGAR account.
[ballot] Broker-dealer or ``paper filer'' seeks electronic
access for the first time in order to file electronically on EDGAR
[ballot] Filer lost electronic access to its existing CIK
account
[ballot] Applicant is the legal successor of the filer named on
the existing CIK account but did not receive access from that filer
Applicant Information
Is the applicant a company or an individual?
Only apply as an individual if you seek an EDGAR account for
yourself as a natural person. All others should apply as a company.
[ballot] Applicant is a company
Enter company's full legal name:
-----------------------------------------------------------------------
Conformed name ________ (the name that will appear on public EDGAR)
[ballot] Applicant is an individual
Enter individual's full legal name, including middle name:
First name-------------------------------------------------------------
Middle name------------------------------------------------------------
[ballot] No middle name
Last name--------------------------------------------------------------
Suffix-----------------------------------------------------------------
Conformed name---------------------------------------------------------
Applicant Type
Select one (1) most relevant applicant type.
Select ``Filer'' if none of the other applicant types listed
below apply.
[ballot] Filer
[ballot] Filing Agent
The ``filing agent'' applicant type should be selected ONLY if
the applicant is engaged in the business of making submissions to
EDGAR on behalf of filers and does not intend to make live filings
on its own behalf on EDGAR. A filing agent that wishes to make live
filings on its own behalf should select the ``filer'' applicant
type.
[ballot] Funding Portal
[ballot] Institutional Investment Manager (Form 13F Filer)
[ballot] Investment Company, Business Development Company or
Insurance Company Separate Account
[ballot] Large Trader
[ballot] Municipal Advisor
[ballot] Nationally Recognized Statistical Rating Organization
[ballot] Non-Investment Company Applicant under the Investment
Company Act of 1940
[ballot] Security-Based Swap Data Repository
[ballot] Security-Based Swap Dealer and Major Security-Based Swap
Participant
[ballot] Security-Based Swap Execution Facility
[ballot] Transfer Agent
A ``transfer agent'' CIK may only be used for submitting
transfer agent filings on EDGAR.
[ballot] Training Agent
A ``training agent'' CIK may only be used for submitting test
filings on EDGAR. This applicant type is typically selected by a
filing agent or third-party EDGAR software provider that needs a
dedicated EDGAR CIK for testing their script or software
configuration interface with EDGAR.
-----------------------------------------------------------------------
ONLY FOR NON-PUBLIC DRAFT REGISTRATION/OFFERING STATEMENTS (DRS/DOS)
If a company is applying for EDGAR access to submit non-public
draft registration/offering statements on submission types DRS or
DOS, select Yes.
[ballot] Yes
Selecting ``Yes'' will prevent the new CIK number and EDGAR
account information from being made publicly available on SEC.gov
until a public filing is made.
This option is only available for companies who plan to submit
submission types DRS or DOS.
-----------------------------------------------------------------------
Applicant's Mailing Address and Preferred Contact Information
The applicant may list its own information, or information for
its registered agent, law firm, or filing agent (collectively,
``third-party service provider'') in this section.
[ballot] Address is for a non-U.S. location (do not select if
address is for U.S. territory)
Street address (line 1)------------------------------------------------
Street address (line 2) (optional)-------------------------------------
City-------------------------------------------------------------------
State/U.S. Territory---------------------------------------------------
Zip/Postal code (optional for non-U.S. locations)----------------------
[[Page 106225]]
Province/Country-------------------------------------------------------
Telephone number (optional)--------------------------------------------
Violations of Federal or State Securities Laws
Has the applicant (company or individual) been criminally
convicted as a result of a Federal or state securities law
violation, or civilly or administratively enjoined, barred,
suspended, or banned in any capacity (e.g., officer or director bar,
prohibition from associating with brokers, dealers, investment
advisers, and/or other securities entities, or bar from
participation in certain industries), as a result of a Federal or
state securities law violation?
[ballot] Yes
[ballot] No
If you indicate ``Yes,'' the SEC staff may contact you to
determine your eligibility for EDGAR access.
-----------------------------------------------------------------------
PART 2--COMPANY APPLICANT INFORMATION
(To be completed only by applicants who are not natural persons)
Company Business Information
Company's Tax or Federal Identification Number (do not enter Social
Security Number)-------------------------------------------------------
-----------------------------------------------------------------------
Legal Entity Identifier (LEI), if any----------------------------------
Legal name-------------------------------------------------------------
Doing business as name, if different from legal name-------------------
U.S. state of incorporation--------------------------------------------
If foreign issuer, country of incorporation----------------------------
Foreign issuer name, if different than English name used in U.S.
____(enter only English characters)
Fiscal year end (mm/dd)------------------------------------------------
Company's primary website, if any--------------------------------------
Is the company in good standing in its state or country of
incorporation? Generally, this means a company is legally authorized
to do business in that state or country and has filed all required
reports and paid all related fees to the relevant jurisdiction.
[ballot] Yes
[ballot] No
Company's Primary Business Information
This must be the applicant company's primary business
information, or that of the company's registered agent. Do not enter
the address of the company's law firm or filing agent.
You must enter the actual physical address; P.O. boxes are not
acceptable.
[ballot] Primary business information is the same as the mailing
address and preferred contact information in Part 1. If this box is
selected, the relevant information will be added below.
[ballot] Address is for a non-U.S. location (do not select if
address is for U.S. territory)
Street address (line 1)------------------------------------------------
Street address (line 2) (optional)-------------------------------------
City-------------------------------------------------------------------
State/U.S. Territory---------------------------------------------------
Zip/Postal code (optional for non-U.S. locations)----------------------
Province/Country-------------------------------------------------------
Telephone number-------------------------------------------------------
Single-Member Company? You should select ``Yes'' if the company
only has a single individual who acts as the sole equity holder,
director, and officer (or, in the case of an entity without
directors and officers, holds position(s) performing similar
activities as a director and officer).
[ballot] Yes
[ballot] No
-----------------------------------------------------------------------
PART 3--PROSPECTIVE ACCOUNT ADMINISTRATOR INFORMATION
(To be completed by all applicants)
Account administrators are individuals authorized by the
applicant to manage the applicant's EDGAR account on EDGAR should
the Form ID application be granted.
Prospective Account Administrator 1
The first account administrator listed on Form ID will be
considered the applicant's EDGAR point of contact (``EDGAR POC'') if
the Form ID application is granted.
SEC staff will attempt to contact the EDGAR POC first but may
contact other account administrators if the EDGAR POC is not
available.
Enter full legal name, including middle name
First name-------------------------------------------------------------
Middle name------------------------------------------------------------
[ballot] No middle name
Last name--------------------------------------------------------------
Suffix-----------------------------------------------------------------
Business title/position------------------------------------------------
Is Prospective Account Administrator 1 the applicant (for an
individual applicant), or an employee of the applicant or its
affiliate (for a company applicant)?
[ballot] Yes
[ballot] No
Provide the full legal name of the prospective account
administrator's employer and the employer's CIK, if any. In
addition, you must attach to your submission a notarized power of
attorney authorizing the individual as an account administrator to
manage the applicant's EDGAR account, as set forth more fully in
Part 6 of this form.
Employer (full legal name)---------------------------------------------
CIK of employer (if any)-----------------------------------------------
Business Address and Contact Information
[ballot] Contact information is the same as the mailing address and
preferred contact information in Part 1. If this option is selected,
the relevant information will be added below.
[ballot] Contact information is the same as the primary business
information in Part 2. If this option is selected, the relevant
information will be added below.
[ballot] New information added below
[ballot] Address is for a non-U.S. location (do not select if
address is for U.S. territory)
Street address (line 1)------------------------------------------------
Street address (line 2) (optional)-------------------------------------
City-------------------------------------------------------------------
State/U.S. Territory---------------------------------------------------
Zip/Postal code (optional for non-U.S. locations)----------------------
Province/Country-------------------------------------------------------
Email------------------------------------------------------------------
Telephone number-------------------------------------------------------
Violations of Federal or State Securities Laws
Has the individual being authorized as Prospective Account
Administrator 1 been criminally convicted as a result of a Federal
or state securities law violation, or civilly or administratively
enjoined, barred, suspended, or banned in any capacity (e.g.,
officer or director bar, prohibition from associating with brokers,
dealers, investment advisers, and/or other securities entities, or
bar from participation in certain industries), as a result of a
Federal or state securities law violation?
[ballot] Yes
[ballot] No
If you indicate ``Yes,'' the SEC staff may contact you to
determine your eligibility for EDGAR access.
-----------------------------------------------------------------------
Prospective Account Administrator 2
Enter full legal name, including middle name
First name-------------------------------------------------------------
Middle name------------------------------------------------------------
[ballot] No middle name
Last name--------------------------------------------------------------
Suffix-----------------------------------------------------------------
Business title/position------------------------------------------------
Is Prospective Account Administrator 2 the applicant (for an
individual applicant), or an employee of the applicant or its
affiliate (for a company applicant)?
[ballot] Yes
[ballot] No
Provide the full legal name of the prospective account
administrator's employer and the employer's CIK, if any. In
addition, you must attach to your submission a notarized power of
attorney authorizing the individual as an account administrator to
manage the applicant's EDGAR account, as set forth more fully in
Part 6 of this form.
Employer (full legal name)---------------------------------------------
CIK of employer (if any)-----------------------------------------------
Business Address and Contact Information
[ballot] Contact information is the same as the mailing address and
preferred contact information in Part 1. If this option is selected,
the relevant information will be added below.
[ballot] Contact information is the same as the primary business
information in Part 2. If this option is selected, the relevant
information will be added below.
[ballot] New information added below
[ballot] Address is for a non-U.S. location (do not select if
address is for U.S. territory)
Street address (line 1)------------------------------------------------
Street address (line 2) (optional)-------------------------------------
City-------------------------------------------------------------------
State/U.S. Territory---------------------------------------------------
Zip/Postal code (optional for non-U.S. locations)----------------------
Province/Country-------------------------------------------------------
Email------------------------------------------------------------------
Telephone number-------------------------------------------------------
Violations of Federal or State Securities Laws
Has the individual being authorized as Prospective Account
Administrator 2 been criminally convicted as a result of a Federal
[[Page 106226]]
or state securities law violation, or civilly or administratively
enjoined, barred, suspended, or banned in any capacity (e.g.,
officer or director bar, prohibition from associating with brokers,
dealers, investment advisers, and/or other securities entities, or
bar from participation in certain industries), as a result of a
Federal or state securities law violation?
[ballot] Yes
[ballot] No
If you indicate ``Yes,'' the SEC staff may contact you to
determine your eligibility for EDGAR access.
-----------------------------------------------------------------------
PART 4--BILLING INFORMATION
(To be completed only by company applicants and filing agents)
Billing Contact for SEC Fee Account and Billing
Enter full legal name, including middle name
First name-------------------------------------------------------------
Middle name------------------------------------------------------------
[ballot] No middle name
Last name--------------------------------------------------------------
Suffix-----------------------------------------------------------------
Business title/position------------------------------------------------
Employer---------------------------------------------------------------
Billing Business Address and Contact Information
[ballot] Contact information is the same as the mailing address and
preferred contact information in Part 1. If this option is selected,
the relevant information will be added below.
[ballot] Contact information is the same as the primary business
information in Part 2. If this option is selected, the relevant
information will be added below.
[ballot] New information added below
[ballot] Address is for a non-U.S. location (do not select if
address is for U.S. territory)
Street address (line 1)------------------------------------------------
Street address (line 2) (optional)-------------------------------------
City-------------------------------------------------------------------
State/U.S. Territory---------------------------------------------------
Zip/Postal code (optional for non-U.S. locations)----------------------
Province/Country-------------------------------------------------------
Email------------------------------------------------------------------
Telephone number-------------------------------------------------------
Violations of Federal or State Securities Laws
Has the billing contact been criminally convicted as a result of
a Federal or state securities law violation, or civilly or
administratively enjoined, barred, suspended, or banned in any
capacity (e.g., officer or director bar, prohibition from
associating with brokers, dealers, investment advisers, and/or other
securities entities, or bar from participation in certain
industries), as a result of a Federal or state securities law
violation?
[ballot] Yes
[ballot] No
If you indicate ``Yes,'' the SEC staff may contact you to
determine your eligibility for EDGAR access.
-----------------------------------------------------------------------
PART 5--SIGNATURE
(To be completed by all applicants)
An authorized individual of the applicant must sign Form ID.
Refer to the EDGAR Filer Manual, Volume I for the definition of
authorized individual and additional relevant information.
By signing Form ID, the authorized individual authorizes the
prospective account administrator(s) listed on Form ID to manage the
filer's EDGAR account on EDGAR on the filer's behalf.
Enter full legal name, including middle name
First name-------------------------------------------------------------
Middle name------------------------------------------------------------
[ballot] No middle name
Last name--------------------------------------------------------------
Suffix-----------------------------------------------------------------
Business title/position------------------------------------------------
Employer---------------------------------------------------------------
Business Address and Contact Information
[ballot] Contact information is the same as the mailing address and
preferred contact information in Part 1. If this option is selected,
the relevant information will be added below.
[ballot] Contact information is the same as the primary business
information in Part 2. If this option is selected, the relevant
information will be added below.
[ballot] New information added below
[ballot] Address is for a non-U.S. location (do not select if
address is for U.S. territory)
Street address (line 1)------------------------------------------------
Street address (line 2) (optional)-------------------------------------
City-------------------------------------------------------------------
State/U.S. Territory---------------------------------------------------
Zip/Postal code (optional for non-U.S. locations)----------------------
Province/Country-------------------------------------------------------
Email------------------------------------------------------------------
Telephone number-------------------------------------------------------
Violations of Federal or State Securities Laws
Has the authorized individual signing this application been
criminally convicted as a result of a Federal or state securities
law violation, or civilly or administratively enjoined, barred,
suspended, or banned in any capacity (e.g., officer or director bar,
prohibition from associating with brokers, dealers, investment
advisers, and/or other securities entities, or bar from
participation in certain industries), as a result of a Federal or
state securities law violation?
[ballot] Yes
[ballot] No
If you indicate ``Yes,'' the SEC staff may contact you to
determine your eligibility for EDGAR access.
Authorized individual signature----------------------------------------
[Notary seal]
Date-------------------------------------------------------------------
Is Form ID being signed pursuant to a Power of Attorney?
[ballot] Yes
[ballot] No
Person signing Power of Attorney, if application is made
pursuant to a Power of Attorney. Refer to the EDGAR Filer Manual,
Volume I for more information.
Enter full legal name, including middle name
First name-------------------------------------------------------------
Middle name------------------------------------------------------------
[ballot] No middle name
Last name--------------------------------------------------------------
Suffix-----------------------------------------------------------------
Business title/position------------------------------------------------
Employer---------------------------------------------------------------
Person signing Power of Attorney business address and contact
information.
[ballot] Contact information is the same as the mailing address and
preferred contact information in Part 1. If this option is selected,
the relevant information will be added below.
[ballot] Contact information is the same as the primary business
information in Part 2. If this option is selected, the relevant
information will be added below.
[ballot] New information added below
[ballot] Address is for a non-U.S. location (do not select if
address is for U.S. territory)
Street address (line 1)------------------------------------------------
Street address (line 2) (optional)-------------------------------------
City-------------------------------------------------------------------
State/U.S. Territory---------------------------------------------------
Zip/Postal code (optional for non-U.S. locations)----------------------
Province/Country-------------------------------------------------------
Email------------------------------------------------------------------
Telephone number-------------------------------------------------------
Violations of Federal or State Securities Laws
Has the person who signed the Power of Attorney been criminally
convicted as a result of a Federal or state securities law
violation, or civilly or administratively enjoined, barred,
suspended, or banned in any capacity (e.g., officer or director bar,
prohibition from associating with brokers, dealers, investment
advisers, and/or other securities entities, or bar from
participation in certain industries), as a result of a Federal or
state securities law violation?
[ballot] Yes
[ballot] No
If you indicate ``Yes,'' the SEC staff may contact you to
determine your eligibility for EDGAR access.
-----------------------------------------------------------------------
PART 6--DOCUMENTS
(To be completed by all applicants)
All filers must upload a notarized Form ID authentication
document to EDGAR as a PDF attachment submitted with your Form ID.
See the EDGAR Filer Manual, Volume I, for more information about
the notarized authentication document.
Other documents to be uploaded in certain circumstances:
Prospective account administrator(s) not employed by
the applicant, including filing agents and other third parties
acting on behalf of the applicant:
[rtarr8] Must upload to EDGAR a notarized Power of Attorney
clearly indicating that an authorized individual of the applicant,
as defined in the EDGAR Filer Manual, Volume I, gives the
individual(s) named as a prospective account administrator(s) the
authority to act as the applicant's account administrator(s) and
manage the applicant's EDGAR account.
Applicants for access to an existing CIK account:
[[Page 106227]]
[rtarr8] Must upload to EDGAR documents that clearly establish
the applicant's authority over the company or individual whose name
currently is listed in EDGAR on the existing CIK account.
-----------------------------------------------------------------------
GENERAL INSTRUCTIONS
-----------------------------------------------------------------------
All companies and individuals seeking access to file on EDGAR
must refer to Rules 10 and 11 of Regulation S-T, Volume I of the
EDGAR Filer Manual, and these instructions.
All applicants must:
(1) Complete and submit Form ID in electronic format on the
EDGAR Filer Management website; and
(2) Create a copy of the completed, electronically submitted
Form ID; have an authorized individual of the filer sign it in the
``Form ID: Notarized Authentication'' part in the presence of an
official notary public; and upload that authenticating document to
the EDGAR Filer Management website.
Before beginning: Form ID must be completed and submitted by an
individual authorized by the applicant to do so.
An account administrator is a person authorized by the
filer to manage the filer's EDGAR account on EDGAR on behalf of the
filer.
Each applicant must identify one or more prospective
account administrator(s) that the applicant authorizes on Form ID.
If the Form ID application is granted, the prospective account
administrator(s) listed on Form ID will become the initial account
administrators of the applicant.
Account administrators must create individual account
credentials in the manner specified in the EDGAR Filer Manual. When
entering email addresses for individuals on Form ID, note that email
addresses may be visible to other persons with access to the EDGAR
Filer Management dashboard. Accordingly, individuals should enter
email addresses that they intend to use for EDGAR and other business
purposes, which may be different from the email address that they
use for personal purposes. Email addresses that individuals provide
to Login.gov for individual account credentials should match the
email addresses they provide on Form ID.
The ``EDGAR Filer Manual Volume I: General Information''
contains additional requirements regarding how to file
electronically, including how to obtain individual account
credentials, authorize account administrators, and use the CIK and
CCC.
Note that information submitted on Form ID may become public. Do
not include personally identifiable information, such as personal
addresses and contact information that the applicant does not wish
to become public.
Misstatements or omissions of fact in connection with an
application for EDGAR access and/or in a submission on EDGAR may
constitute a criminal violation under 18 U.S.C. 1001 and 1030 and/or
a violation of other criminal and civil laws. If the SEC has reason
to believe that an application for EDGAR access and/or a submission
on EDGAR is misleading, manipulative, and/or unauthorized, the SEC
may prevent acceptance or dissemination of the application/
submission and/or prevent future submissions or otherwise remove a
filer's access to EDGAR pursuant to Rule 15 of Regulation S-T, 17
CFR 232.15.
Complete all items that are relevant to the application. If an
item does not apply to the application, leave that item blank.
For assistance with procedural and technical questions about
electronic filing or substantive questions, see the ``EDGAR Filer
Manual Volume II: Section 2.3.4 (Getting Help with EDGAR).
-----------------------------------------------------------------------
PART 1--APPLICATION FOR EDGAR ACCESS
(To be completed by all applicants)
Indicate whether EDGAR access is being requested for a new CIK
account or an existing CIK account. If access is being requested for
an existing CIK account, indicate the basis for the request--whether
the applicant is a broker-dealer or ``paper filer'' who wants to
start filing electronically on EDGAR, lost electronic access to
their CIK account, or is the legal successor of the filer named on
the existing CIK account but did not receive access from that filer.
A filer that has lost electronic access because it failed to satisfy
annual confirmation requirements or because its account
administrators are no longer available should select the ``lost
electronic access'' option.
If the applicant is applying for access to an existing CIK
account, some of the filer's currently publicly available corporate
and contact information will be prepopulated into Form ID. That
information can be updated on Form ID, but doing so will not update
the filer's information in EDGAR (other than the filer's account
administrator information). Changes to the filer's corporate and
contact information must be made in EDGAR after the applicant's Form
ID application is granted. However, filers who are broker-dealers
that obtained an EDGAR account by submitting a Form BD to FINRA
would need to update their information with FINRA directly. Broker-
dealers that have made a full withdrawal of their registration, by
submitting a Form BDW that has been accepted, should apply for a new
EDGAR account instead of applying for access to the existing EDGAR
account associated with the withdrawn registration.
Applicants should identify themselves as individuals or
companies.
Provide the applicant's full legal name in English. Note that
the applicant's name will be automatically conformed following
submission to meet EDGAR standards. Specifically:
1. Leading and trailing blank spaces will be removed. Any
embedded sequences of two or more spaces will be replaced with a
single space.
2. For companies, the following words will be removed if they
are the first word of the name:
A
An
The
3. For companies, the following text substitutions will be
applied to all words except the first:
------------------------------------------------------------------------
Original text Conformed text
------------------------------------------------------------------------
Company................................ Co.
Corporation............................ Corp.
Incorporated........................... Inc.
Incorporation.......................... Inc.
And.................................... &
------------------------------------------------------------------------
4. For companies, the following substitution will be applied if
the word is neither the first in the name, nor is immediately
followed by the word ``Partnership'':
------------------------------------------------------------------------
Original text Conformed text
------------------------------------------------------------------------
Limited................................ Ltd.
------------------------------------------------------------------------
5. For individuals, the name components (``Last,'' ``First,''
``Middle,'' and ``Suffix'') will be combined left-to-right
(separated by spaces) into a single field and truncated at 150
characters.
6. For individuals with a suffix, the following text
substitutions will be applied:
------------------------------------------------------------------------
Original text Conformed text
------------------------------------------------------------------------
Junior................................. JR.
Senior................................. SR.
------------------------------------------------------------------------
Select one (1) applicant type to indicate whether the applicant
will send electronic submissions as one of the listed filer types.
Indicate whether the filer is applying for EDGAR access to
submit non-public draft registration or offering statements on
submission type DRS or DOS. If so, the applicant's new CIK number
and EDGAR contact information will not be listed on the public EDGAR
company database until the applicant makes a public filing.
Provide the preferred mailing address and contact information
for the applicant. A company applicant should provide information
for the department, unit, or group most directly responsible for the
filer's EDGAR submissions. This may be the applicant's registered
agent, law firm, or filing agent. In that case, identify them in the
mailing address and contact information, but do not include any
specific individuals by name or any personally identifiable
information that you do not want to make publicly available because
the mailing address and contact information will generally be
publicly available.
Indicate whether the applicant has been criminally convicted as
a result of a Federal or state securities law violation, or civilly
or administratively enjoined, barred, suspended, or banned in any
capacity (e.g., officer or director bar, prohibition from
associating with brokers, dealers, investment advisers, and/or other
securities entities, or bar from participation in certain
industries), as a result of a Federal or state securities law
violation.
-----------------------------------------------------------------------
PART 2--COMPANY INFORMATION
(To be completed only by applicants who are not natural persons)
Provide the applicant's tax or Federal identification number,
the number issued by the Internal Revenue Service. (This does not
[[Page 106228]]
apply to individuals. Accordingly, do not enter a Social Security
number.) If an investment company applicant is organized as a series
company, the investment company may use the tax or Federal
identification number of any one of its constituent series.
Applicants that have applied for but not yet received their tax or
Federal identification number and foreign applicants that do not
have a tax or Federal identification number must include all zeroes.
Provide the applicant's legal entity identifier (LEI), if any.
Indicate whether applicant is in good standing in its state or
country of incorporation. Generally, this means a company is legally
authorized to do business in that state or country and has filed all
required reports and paid all related fees to the relevant
jurisdiction.
Provide the filer's state of incorporation and fiscal year end.
Select ``none'' for state of incorporation and ``N/A'' for fiscal
year end if the filer has not incorporated. Foreign filers should
also include their country of organization. If the filer's fiscal
year does not end on the same date each year (e.g., falls on last
Saturday in December), the filer must enter the date the current
fiscal year will end.
Provide the company's primary website, if any.
Provide the applicant company's primary business information or
that of the company's registered agent. Do not enter the address of
the company's law firm or filing agent.
Indicate whether the filer is a single-member company. This
refers to a company that only has a single individual who acts as
the sole equity holder, director, and officer (or, in the case of an
entity without directors and officers, holds position(s) performing
similar activities as a director and officer).
-----------------------------------------------------------------------
PART 3--PROSPECTIVE ACCOUNT ADMINISTRATOR INFORMATION
(To be completed by all applicants)
Identify the individuals being authorized as prospective account
administrator(s) who will manage the filer's EDGAR account on the
filer's behalf, should the Form ID application be granted, including
the account administrator(s) business title(s)/position(s),
address(es), and contact information. Individual filers and single-
member companies must authorize at least one prospective account
administrator. All other filers must authorize two prospective
account administrators on Form ID. Additional account administrators
may be added through the Filer Management dashboard, should the Form
ID application be granted.
For each individual being authorized as a prospective account
administrator, indicate whether the individual has been criminally
convicted as a result of a Federal or state securities law
violation, or civilly or administratively enjoined, barred,
suspended, or banned in any capacity (e.g., officer or director bar,
prohibition from associating with brokers, dealers, investment
advisers, and/or other securities entities, or bar from
participation in certain industries), as a result of a Federal or
state securities law violation.
If an individual being authorized as a prospective account
administrator is not the applicant (in the case of an individual
applicant), or an employee of the applicant or its affiliate (in the
case of a company applicant), disclose that fact and provide the
name and CIK (if any) of the prospective account administrator's
employer. In addition, a notarized power of attorney authorizing the
prospective account administrator must be attached in Part 6.
For more information on account administrators, see Rules 10 and
11 of Regulation S-T and Volume I of the EDGAR Filer Manual.
-----------------------------------------------------------------------
PART 4--BILLING INFORMATION
(To be completed only by company applicants and filing agents)
Billing information is used if questions arise related to
account and billing matters, such as:
1. Accounts activity statements
2. Account receivable letters
3. Refund questions
Identify the individual who should receive account information
and/or billing invoices from the SEC and include their email
address. Ensure the accuracy of the email address and maintain an
accurate, active email address in the EDGAR Filing website. EDGAR
will send communications to the email address if there are questions
pertaining to the account and billing information, and failure to
maintain an accurate, active email address could result in failure
to receive EDGAR account statements.
Indicate whether the billing contact has been criminally
convicted as a result of a Federal or state securities law
violation, or civilly or administratively enjoined, barred,
suspended, or banned in any capacity (e.g., officer or director bar,
prohibition from associating with brokers, dealers, investment
advisers, and/or other securities entities, or bar from
participation in certain industries), as a result of a Federal or
state securities law violation.
-----------------------------------------------------------------------
PART 5--SIGNATURE
(To be completed by all applicants)
If the applicant is not a natural person, indicate the capacity
in which the authorized individual signs the Form ID on behalf of
the applicant (business title/position). The authorized individual
must be an individual with the authority to legally bind the
applicant, or an individual with a power of attorney from an
individual with the authority to legally bind the applicant for
purposes of Form ID.
If the applicant is an individual, the applicant must sign the
Form ID and should list their business title/position as
``applicant,'' unless the applicant executes a notarized power of
attorney authorizing a third-party individual to sign the Form ID on
the applicant's behalf.
Indicate whether the authorized individual signing the Form ID
has been criminally convicted as a result of a Federal or state
securities law violation, or civilly or administratively enjoined,
barred, suspended, or banned in any capacity (e.g., officer or
director bar, prohibition from associating with brokers, dealers,
investment advisers, and/or other securities entities, or bar from
participation in certain industries), as a result of a Federal or
state securities law violation.
Indicate whether Form ID is being signed pursuant to a power of
attorney.
If another person signs on behalf of the applicant, confirm in
writing the authority of that person to sign by attaching a
notarized power of attorney to the Form ID. For more information on
the documentation needed to confirm the authority of a person
signing the Form ID on behalf of the applicant, see Volume I of the
EDGAR Filer Manual.
If relevant, provide the name, address, and contact
information for the person signing the power of attorney. Indicate
whether the person signing the power of attorney has been criminally
convicted as a result of a Federal or state securities law
violation, or civilly or administratively enjoined, barred,
suspended, or banned in any capacity (e.g., officer or director bar,
prohibition from associating with brokers, dealers, investment
advisers, and/or other securities entities, or bar from
participation in certain industries), as a result of a Federal or
state securities law violation.
For Form IDs signed in connection with a power of
attorney document, the person signing the power of attorney should
indicate in the business title/position field: ``By POA from [(a)
name of the authorized individual signing the power of attorney (if
opening an account for a natural person); or (b) name and business
title/position of the authorized individual signing the power of
attorney (if opening an account for a company)].'' For example, a
filing agent signing Form ID pursuant to a power of attorney from
Roger Smith, the Chief Executive Officer of the applicant, could
provide in the business title/position field: ``By POA from Roger
Smith, CEO.''
The applicant must upload a notarized copy of Form ID and any
other required attachments to the electronic Form ID filing. The
Form ID authenticating document must be attached to the electronic
Form ID filing in PDF format. PDF attachments cannot: (i) be blank;
(ii) be image-only; or (iii) contain active contents (Actions,
embedded JavaScript, etc.), external references (Destinations,
Hyperlinks, etc.), passwords, or document security controls.
-----------------------------------------------------------------------
PART 6--DOCUMENTS
(To be completed by all applicants)
Attach the mandatory notarized authenticating document in PDF
format (Form ID authenticating document). The mandatory Form ID
authenticating document must include the following information:
Signature of Authorized Individual
Printed Name of Signature
Title of Person Signing
Notary Signature and Seal
Other documents to be provided with the Form ID must be attached
in this part as well, including power of attorney documents. If an
account administrator is not an employee of
[[Page 106229]]
the applicant or its affiliates, or if the individual signing Form
ID is doing so pursuant to a power of attorney, a notarized power of
attorney must be attached. Do not upload documents containing
potentially sensitive personally identifiable information, such as
birth certificates, driver's licenses, or passports. Applicants
seeking access to an existing CIK must upload documents that clearly
establish their authority over the company or individual whose name
is currently listed in EDGAR on the existing CIK account. For more
information on documents that may need to be submitted with the Form
ID application, see Volume I, section 3, of the EDGAR Filer Manual.
[FR Doc. 2024-30494 Filed 12-19-24; 4:15 pm]
BILLING CODE 8011-01-P