89 FR 248 pgs. 106168-106229 - EDGAR Filer Access and Account Management
Type: RULEVolume: 89Number: 248Pages: 106168 - 106229
Pages: 106168, 106169, 106170, 106171, 106172, 106173, 106174, 106175, 106176, 106177, 106178, 106179, 106180, 106181, 106182, 106183, 106184, 106185, 106186, 106187106188, 106189, 106190, 106191, 106192, 106193, 106194, 106195, 106196, 106197, 106198, 106199, 106200, 106201, 106202, 106203, 106204, 106205, 106206, 106207, 106208, 106209, 106210, 106211, 106212, 106213, 106214, 106215, 106216, 106217, 106218, 106219, 106220, 106221, 106222, 106223, 106224, 106225, 106226, 106227, 106228, 106229, Docket number: [Release Nos. 33-11313; 34-101209; 39-2557; IC-35343; File No. S7-15-23]
FR document: [FR Doc. 2024-30494 Filed 12-19-24; 4:15 pm]
Agency: Securities and Exchange Commission
Official PDF Version: PDF Version
[top]
SECURITIES AND EXCHANGE COMMISSION
17 CFR Parts 232, 239, 249, 269, and 274
[Release Nos. 33-11313; 34-101209; 39-2557; IC-35343; File No. S7-15-23]
RIN 3235-AM58
EDGAR Filer Access and Account Management
AGENCY:
Securities and Exchange Commission.
ACTION:
Final rule.
SUMMARY:
The Securities and Exchange Commission ("Commission") is adopting rule and form amendments concerning access to and management of accounts on the Commission's Electronic Data Gathering, Analysis, and Retrieval system ("EDGAR") that are related to certain technical changes to EDGAR (collectively referred to as "EDGAR Next"). EDGAR Next will improve the security of EDGAR, enhance filers' ability to manage their EDGAR accounts, and modernize connections to EDGAR. The amendments require electronic filers ("filers") to authorize and maintain designated individuals as account administrators and to take certain actions, through their account administrators, to manage their accounts on EDGAR. Further, pursuant to these amendments, filers may only authorize individuals as account administrators or in the other roles described herein if those individuals first obtain individual account credentials in the manner specified in the EDGAR Filer Manual. As part of the EDGAR Next changes, optional Application Programming Interfaces ("APIs") will be offered to filers for machine-to-machine communication with EDGAR. Moreover, we are amending Volume I of the EDGAR Filer Manual to accord with these changes. Filers will have 12 months from the issuance of this release to transition to EDGAR Next.
DATES:
Effective date: The effective date for this rule is March 24, 2025. The incorporation by reference of certain material listed in this rule is approved by the Director of the Federal Register as of March 24, 2025.
Compliance date: The compliance date for amended Form ID is March 24, 2025. The compliance date for all other rule and form amendments (other than the EDGAR Filer Manual changes) is September 15, 2025. See SUPPLEMENTARY INFORMATION for more information on compliance and the EDGAR Filer Manual changes.
FOR FURTHER INFORMATION CONTACT:
Rosemary Filou, Deputy Director and Chief Counsel; Daniel K. Chang, Senior Special Counsel; E. Laurita Finch, Senior Special Counsel; Jane Patterson, Senior Special Counsel; Margaret Marrero, Senior Counsel; Lidian Pereira, Senior Special Counsel; EDGAR Business Office at 202-551-3900, Securities and Exchange Commission, 100 F Street NE, Washington, DC 20549.
SUPPLEMENTARY INFORMATION:
The Commission is adopting amendments to 17 CFR 232.10 ("Rule 10") and 17 CFR 232.11 ("Rule 11") under 17 CFR part 232 ("Regulation S-T"); and amendments to Form ID (referenced in 17 CFR 239.63, 249.446, 269.7, and 274.402). The Commission is also adopting an updated Filer Manual, Volume I: "EDGAR Filing," Version 42 (issued September 27, 2024) and amendments to 17 CFR 232.301 ("Rule 301"). The updated Filer Manual is incorporated by reference into the Code of Federal Regulations.
Table of Contents
I. Introduction
II. Discussion
A. Individual Account Credentials
B. Individual Roles: Account Administrator, User, Technical Administrator
1. Account Administrators
2. Users
3. Technical Administrators
C. Delegated Entities
1. Delegating Authority To File
2. Separation of Authority of Filer and Delegated Entity
3. Delegated Entities
4. Delegated Users
5. User Group Functionality at Delegated Entities
6. Technical Administrators at Delegated Entities
D. Hours of Operation of the Dashboard
E. Optional Application Programming Interfaces
1. APIs That Commission Staff Will Provide
2. API Tokens
F. Final Amendments to Rules and Forms
1. Rule 10 of Regulation S-T
2. Rule 11 of Regulation S-T
3. Form ID
G. EDGAR Filer Manual Changes
H. Transition Process
1. Enrollment Process
2. Compliance
III. Other Matters
IV. Economic Analysis
A. Baseline
B. Consideration of Benefits and Costs as Well as the Effects on Efficiency, Competition, and Capital Formation
1. Benefits
2. Costs
3. Effects on Efficiency, Competition, and Capital Formation
C. Reasonable Alternatives
1. Add and Allow Bulk Confirmation for Related CIKs
2. Extend the ABSCOMP Process to Affiliated Entities
3. Retire the CCC for Filing Submissions
4. Requirements for Individual and Small Filers
5. Implementing Performance-Based Standards
V. Paperwork Reduction Act
A. Summary of Comment Letters on PRA Estimates
B. Form ID
C. The Dashboard
VI. Final Regulatory Flexibility Analysis
A. Need for and Objectives of the Rule and Form Amendments
B. Significant Issues Raised by Public Comments
C. Small Entities Subject to the Rule and Form Amendments
D. Projected Reporting, Recordkeeping, and Other Compliance Requirements
E. Agency Action to Minimize Effects on Small Entities
Statutory Authority
Appendix A-Form ID
I. Introduction
The Commission is seeking to enhance the security of EDGAR, improve the ability of filers? 1 to securely manage and maintain access to their EDGAR accounts, facilitate the responsible management of filer credentials, and simplify procedures for accessing EDGAR. 2
Footnotes:
1 ?For purposes of this release, we use the term "filer" to mean "electronic filer," as defined in Rule 11 of Regulation S-T: "A person or an entity that submits filings electronically pursuant to Rules 100 or 101 of Regulation S-T."
2 ?For a discussion of the current EDGAR access and account management processes, please refer to EDGAR Filer Access and Account Management, Release No. 33-11232 (September 13, 2023) [88 FR 65524 (September 22, 2023)] ("Proposing Release").
[top] In furtherance of these goals, on September 30, 2021, the Commission issued a Request for Comment on Potential Technical Changes to EDGAR Filer Access and Filer Account Management Processes ("2021 Request for Comment"). 3 The Commission received comments in response to the 2021 Request for Comment, 4 and Commission staff subsequently engaged in a dialogue with commenters and other interested parties, 5 considered feedback from these parties, and gathered additional information about filers' interactions with EDGAR. Staff discussed a variety of topics with commenters including the addition of optional APIs for submission and for verifying certain information on
Footnotes:
3 ?For a discussion of the 2021 Request for Comment, please refer to the Proposing Release.
4 ?Comment letters related to the 2021 Request for Comment are available at https://www.sec.gov/comments/s7-12-21/s71221.htm.
5 ?Memoranda describing these meetings with SEC officials are available at https://www.sec.gov/comments/s7-15-23/s71523.htm.
After consideration of the information provided by commenters in response to the 2021 Request for Comment, the Commission issued a Proposing Release on September 13, 2023, that included proposed amendments to Rule 10 of Regulation S-T concerning filer access and account management and related matters; Form ID, the application for EDGAR access; and Rule 11 of Regulation S-T, containing the definitions of terms in Regulation S-T. The Commission proposed changes to Rule 10 and Form ID to require each EDGAR filer to authorize and maintain individual account administrators to manage the filer's EDGAR account on a dashboard on EDGAR and to authorize account administrators and other individuals only if those individuals obtained individual account credentials. The Commission further proposed that each filer, through its account administrators, be required to confirm annually that the filer authorized all individuals and delegated entities reflected on the dashboard to act on its behalf, and that all information about the filer on the dashboard was accurate. The Commission also proposed requirements to maintain accurate and current information on EDGAR concerning the filer's account and securely maintain information relevant to the ability to access the filer's EDGAR account. In addition to the proposed rule and form amendments, the Commission described in the Proposing Release the possible addition of optional APIs to allow machine-to-machine submissions on and retrieval of certain information from EDGAR and indicated that, to connect to the optional APIs, filers, through their account administrators, would be required to authorize at least two technical administrators and present certain security tokens to EDGAR as specified in the EDGAR Filer Manual.
The Commission considered comment letters received in response to the Proposing Release that included both comments on the proposed rule and form changes as well as technical feedback on functionality discussed in the Proposing Release. 6 We considered both the comments on the rule and form amendments as well as feedback on EDGAR Next technical functionality and discuss both aspects together in this release. While we discuss aspects of EDGAR Next technical functionality in this release together with the final rule and form amendments, we anticipate that this technical functionality will evolve over time in response to, for example, changes in filer needs, security requirements, and technological developments, among other circumstances. As is the case today and has been historically, updates to the EDGAR system typically will be communicated through the EDGAR Filer Management website and reflected in amendments to the EDGAR Filer Manual from time to time.
Footnotes:
6 ?The public comments we received are available at https://www.sec.gov/comments/s7-15-23/s71523.htm. A few commenters asserted that the comment period was not sufficient and asked the Commission to extend it. See Comment Letter of XBRL US (October 27, 2023) and Toppan Merrill Comment Letter (November 20, 2023) ("Toppan Merrill Comment Letter"). The comment period for the Proposing Release was open for 60 days, and we do not believe an extension of the comment period is necessary. Moreover, we have considered all comment letters received, including those submitted after the comment period closed.
The Commission is adopting the proposed amendments to Rules 10 and 11 of Regulation S-T and Form ID substantially as proposed. We believe that the rule and form amendments adopted in this release and the related technical changes further the goals of enhancing the security of EDGAR access and improving EDGAR account management and are responsive to the comments received in response to the Proposing Release and the 2021 Request for Comment.
[top] The obligations for filers are generally being codified in Rule 10 of Regulation S-T, new paragraph (d). 7 Under paragraph (d)(1) of Rule 10 as adopted, only those individuals who obtain individual account credentials? 8 can be authorized to act on the filer's behalf on the dashboard on EDGAR. 9 Paragraph (d)(2) of Rule 10 as adopted requires each filer to authorize and maintain individuals as its account administrators? 10 to manage the filer's EDGAR account on the filer's behalf, in accord with the EDGAR account access and account management requirements set forth in this release and in the EDGAR Filer Manual as it is being amended. Pursuant to the amendments to Form ID and the EDGAR Filer Manual, the filer can authorize someone who is not an employee of the filer or its affiliates to be the filer's account administrator if an authorized individual for the filer? 11 provides a relevant notarized power of attorney. 12 Paragraph (d)(3) of Rule 10 as adopted requires any filer that decides to connect to an optional API? 13 to authorize, through its account administrators, at least two technical administrators? 14 to manage the API unless the filer arranges to use the filer API tokens and API connections of its
Footnotes:
7 ?In addition to the changes discussed below, Rule 10 is being amended to implement certain clarifying and conforming changes. See section II.F.1.
8 ?We are amending Rule 11 of Regulation S-T to define "individual account credentials" as credentials issued to individuals for purposes of EDGAR access, as specified in the EDGAR Filer Manual. See the discussion of amendments to Rule 11 in section II.F.2. The EDGAR Filer Manual is being amended to specify that individual account credentials must be obtained through Login.gov, a sign-in service of the U.S. Government that employs multifactor authentication.
9 ?We are amending Rule 11 of Regulation S-T to define the "dashboard" as an interactive function on EDGAR where electronic filers manage their EDGAR accounts and individuals that electronic filers authorize may take relevant actions for electronic filers' accounts. See the discussion of amendments to Rule 11 in section II.F.2. In connection with this rulemaking, the dashboard will be integrated into the EDGAR Filer Management website, https://www.filermanagement.edgarfiling.sec.gov.
10 ?We are amending Rule 11 of Regulation S-T to define an "account administrator" as an individual that an electronic filer authorizes to manage the electronic filer's EDGAR account on EDGAR, and to make filings on EDGAR on the electronic filer's behalf. See the discussion of amendments to Rule 11 in section II.F.2. Applicants (individuals and companies) for EDGAR access must authorize account administrators on Form ID. See amended Form ID.
11 ?We are amending Rule 11 of Regulation S-T to define "authorized individual." This definition mirrors the definition of "authorized individual" in the EDGAR Filer Manual, Volume I. See the discussion of amendments to Rule 11 in section II.F.2 and EDGAR Filer Manual, Volume I.
12 ?For example, if a filer wishes to authorize an individual employed by its filing agent to act as the filer's account administrator, the filer must upload with the Form ID a power of attorney signed by an authorized individual of the filer, with that signature notarized, authorizing the employee of the filing agent to be the filer's account administrator. See amended Form ID, Part 3. The EDGAR Filer Manual, Volume I sets forth the requirements for notarization of the signature of an authorized individual. Among other things, pursuant to Volume I of the EDGAR Filer Manual, notarization may be obtained through a remote online notary recognized by the law of any State or territory in the U.S. or the District of Columbia.
13 ?We are amending Rule 11 of Regulation S-T to define an "Application Programming Interface" or "API" as a software interface that allows computers or applications to communicate with each other. See the discussion of amendments to Rule 11 in section II.F.2.
14 ?We are amending Rule 11 of Regulation S-T to define a "technical administrator" as an individual that the filer authorizes on the dashboard to manage the technical aspects of the filer's use of EDGAR APIs on its behalf. See the discussion of amendments to Rule 11 in section II.F.2. Technical administrators need not be software developers or technical experts to carry out the requirements to manage the filer's use of APIs and filer API tokens, as discussed more fully below.
15 ? See paragraph (d)(3) of Rule 10 as adopted addressing the technical administrator requirements and the provision therein allowing filers to use their delegated entities' API connections and filer API tokens so long as those delegated entities comply with the requirement to maintain two technical administrators.
16 ?We are amending Rule 11 of Regulation S-T to define a "user" as an individual that the filer authorizes on the dashboard to make submissions on EDGAR on the filer's behalf. See the discussion of amendments to Rule 11 in section II.F.2.
17 ?We are amending Rule 11 of Regulation S-T to define a "delegated entity" as an electronic filer that another electronic filer authorizes, on the dashboard, to file on EDGAR on its behalf. See the discussion of amendments to Rule 11 in section II.F.2.
We are amending Form ID to implement the changes to Rule 10, including but not limited to the requirement to provide information about the applicant's account administrators, to make the form more user friendly, 18 and to improve the utility of the form for Commission staff. 19 Moreover, we are amending Rule 11 of Regulation S-T to define new terms related to the rule and form amendments. 20 We are further amending the EDGAR Filer Manual to accord with the EDGAR Next changes.
Footnotes:
18 ?As an example of the changes being made to make the form more user friendly, additional instruction will be added to guide applicants through completion and submission of the form, and the user interface will be improved.
19 ?As an example of the changes being made to improve the utility of the form for Commission staff, a checkbox will be added to each address field for identification of non-U.S. locations, which will improve data analytics.
20 ?Please refer to amended Rule 11 of Regulation S-T, set forth in this release, for definitions of the terms used in the release. The amendments to Rule 11 also update or delete reference to outdated terminology and clarify the definition of the EDGAR Filer Manual.
The EDGAR Next transition process will begin with the issuance of this adopting release. For the initial six months, from September 30, 2024 to March 21, 2025, filers may prepare for the changes by testing in and modifying their internal software systems to accord with an EDGAR Next Adopting Beta environment reflecting the adopted rule and form amendments and related technical changes, including but not limited to testing the optional APIs that will be provided, as well as gathering information necessary to enroll on EDGAR. On Monday, March 24, 2025, a new EDGAR Filer Management website that includes the dashboard will go live, and related changes in the EDGAR Filer Manual, Volume I will be effective. At that time, compliance with amended Form ID will be required, all applicants for EDGAR access must apply on amended Form ID through the dashboard, and the prior version of the form will be ineffective. If Commission staff grant the amended Form ID application, the filer will be in compliance with the EDGAR Next changes, and thus will not be required to subsequently enroll on the dashboard. In addition, beginning Monday, March 24, 2025, existing filers may begin to enroll on the dashboard, and once enrolled may connect to the optional APIs while still being able to use the legacy filing process. Compliance with the remaining EDGAR Next changes will be required on Monday, September 15, 2025, when all EDGAR websites will require, among other things, Login.gov individual account credentials and dashboard authorization to make submissions on EDGAR. Filers who have not enrolled by September 15, 2025 will not be able to make submissions or take other actions in EDGAR other than enroll. Enrollment will be permitted for an additional three months, until December 19, 2025. 21 On December 22, 2025, filers who have not enrolled in EDGAR Next or been granted access through amended Form ID will be required to submit the amended Form ID through the dashboard to apply for access to their existing EDGAR accounts. Section II.H below provides additional information regarding the transition to EDGAR Next.
Footnotes:
21 ?In total, the enrollment period will extend nine months, from March 24, 2025 to December 19, 2025. If filers enroll on the dashboard during this period, they will not be required to apply for access on amended Form ID. Please see section II.H for additional information about enrollment.
Additional details regarding EDGAR Next technical changes, including dashboard functionality and APIs, as well as the transition process are available on the EDGAR Next page on SEC.gov. 22
Footnotes:
22 ? See EDGAR Next-Improving Filer Access and Account Management, U.S. Securities and Exchange Commission, available at https://www.sec.gov/edgar/filer-information/edgar-next.
II. Discussion
We are adopting, substantially as proposed, amendments to Rule 10 of Regulation S-T concerning EDGAR filer access and account management and related matters; Form ID, the application for EDGAR access; and Rule 11 of Regulation S-T, containing the definitions of terms in Regulation S-T. We are further amending the EDGAR Filer Manual in accord with the rule and form amendments. 23 These amendments will, among other things, benefit filers by improving the security of their EDGAR accounts and making it easier for filers to manage and maintain access to their EDGAR accounts.
Footnotes:
23 ?A blackline of the changes to Volume I of the EDGAR Filer Manual is available at www.sec.gov/rules-regulations.
The amendments to Rule 10 and Form ID set forth requirements for each EDGAR filer to authorize and maintain individual account administrators to manage the filer's EDGAR account on a dashboard on EDGAR and to authorize to act on the filer's behalf only those individuals who obtain individual account credentials. The EDGAR Filer Manual is being amended to specify Login.gov as the individual account credential provider. Each filer, through its account administrators, will be required to confirm annually that all account administrators, users, technical administrators, and delegated entities reflected on the filer's dashboard are authorized by the filer to act on its behalf and that all information regarding the filer on the dashboard is accurate; maintain accurate and current information on EDGAR concerning the filer's account; and securely maintain information relevant to the ability to access the filer's EDGAR account.
[top] In addition to the rule and form amendments, this release describes the EDGAR Next functionality that will be offered to filers, including but not limited to optional APIs that will improve the efficiency and accuracy of filers' interactions with EDGAR by providing a machine-to-machine method of making submissions, retrieving information, and performing account management tasks. EDGAR will make available 15 optional APIs in total, which include the three APIs discussed in the Proposing Release and 12 additional APIs, many of which were requested by commenters. Among other things, these APIs will replicate much of
If a filer chooses to connect to the optional APIs, the filer, through its account administrators, must authorize at least two technical administrators, pursuant to paragraph (d)(3) of Rule 10, unless the filer arranges to use the filer API tokens and API connections of its delegated entity (and the delegated entity complies with the requirement to maintain at least two technical administrators), as requested by commenters. Filers choosing to connect to the optional APIs must also present specified security tokens of limited duration in the form of filer API tokens and user API tokens, as set forth in the EDGAR Filer Manual as amended. These token requirements are intended to provide security for API connections. Filers using their delegated entities' API connections must use their delegated entities' filer API tokens, and individuals at those filers must present a user API token to interact with the APIs to allow identification of the individual taking action on EDGAR if those APIs require presentation of a user API token.
Filers that do not connect to the optional EDGAR APIs will not need to comply with these API-related requirements and may continue to make web-based submissions on EDGAR.
A. Individual Account Credentials
Paragraph (d)(1) of Rule 10 as proposed and adopted will require that a filer only authorize an individual to perform functions on the dashboard on the filer's behalf if that individual possesses individual account credentials, obtained in the manner specified in the EDGAR Filer Manual. In addition to what was noted in the Proposing Release, however, and in response to commenter concerns, the EDGAR Filer Manual is being amended to clarify that individual account credentials may not be shared with other individuals as the credentials are intended to identify the individual who takes action on EDGAR.
As contemplated in the Proposing Release, we are amending the EDGAR Filer Manual to specify that individual account credentials must be obtained through Login.gov, a secure sign-in service of the U.S. General Services Administration. 24 Login.gov is used by participating Federal agencies, as well as State, local, and territorial governments to provide a secure login process and to allow members of the public to use a single account that is protected by encryption, multifactor authentication, and additional safeguards. 25 To obtain individual account credentials for EDGAR, an individual must respond to prompts on the Login.gov website to provide an email address, create a password, and select a multifactor authentication option. 26 The EDGAR Filer Manual will specify that the email address provided to Login.gov must match the email address the individual has provided or intends to provide to EDGAR (during enrollment, on amended Form ID, or to the relevant account administrator). 27
Footnotes:
24 ? https://www.login.gov/.
25 ? See Login.gov, "About us," at https://www.login.gov/about-us/.
26 ?As of the date of this release, Login.gov multifactor authentication options include: (1) a security key; (2) Federal government employee or military PIV or CAC cards; (3) authentication application; (4) biometric (face or fingerprint) verification; (5) text message/SMS or telephone call; and (6) backup codes. With respect to option (3), current Login.gov authentication applications include: Android and iOS options (Google Authenticator, Authy, LastPass, 1Password), Windows and Mac apps (1Password and OTP Manager), and Chrome extensions (Authenticator). See generally Login.gov, Authentication Options at https://www.login.gov/help/get-started/authentication-options/. See also generally Login.gov, "Privacy and security: Our security practices," at https://login.gov/policy/our-security-practices/ for information on Login.gov 's security practices.
27 ?If an individual changes the email address that she uses in connection with EDGAR (for example, because of a change of domain name), the individual should first change her email address on the dashboard and then change it on Login.gov. This will prevent interruptions in access to EDGAR. If an individual permanently loses access to her email before taking the steps above, the individual should create another account on Login.gov with a new email address, and the filer's account administrator should add her to the filer's account on the dashboard using the new email address.
In accord with amended paragraph (d) of Rule 10 and the EDGAR Filer Manual, and as proposed, all account administrators, users, and technical administrators must enter their individual account credentials and complete multifactor authentication to log into EDGAR. After entering the email address and the password created on Login.gov, the individual will be prompted to complete the multifactor authentication option the individual selected when obtaining individual account credentials at Login.gov. 28 Thus, through Login.gov, multifactor authentication for individual accounts will be required to access EDGAR.
Footnotes:
28 ?If the individual loses or forgets her Login.gov password, the individual can reset the password through Login.gov, simplifying and automating the process of password retrieval.
The use of multifactor authentication aligns with modern security practices, such as those set forth in Executive Order No. 14028, issued May 12, 2021, directing Federal agencies to modernize and implement stronger cybersecurity standards ("executive order"), 29 including but not limited to the deployment of multifactor authentication as a foundational security tool at Federal agencies. As stated in the executive order, the use of multifactor authentication enhances system security. It further follows digital identity guidelines for Federal agencies issued by the National Institute of Standards and Technology ("NIST"). 30 Multifactor authentication is a widely accepted security tool that will improve the security of access to EDGAR by adding a layer of validation each time an individual signs into EDGAR.
Footnotes:
29 ? See Exec. Order No. 14028 (2021), 60 FR 26633, 26636 (May 17, 2021).
30 ? See Digital Identity Guidelines: Authentication and Lifecycle Management, National Institute of Standards and Technology, NIST SP 800-63, available at https://csrc.nist.gov/pubs/sp/800/63/b/upd2/final, at section 4 of NIST SP 800-63B ("Any PII or other personal information-whether self-asserted or validated-requires multi-factor authentication.").
In sum, EDGAR Next will enhance the security of filers' accounts by requiring anyone seeking to make a submission on EDGAR on behalf of a filer to sign in with individual account credentials, complete multifactor authentication, be authorized by the filer or the filer's account administrator and enter the filer's EDGAR account/central index key number ("CIK") and central index key confirmation code ("CCC").
Commenters generally agreed that requiring individual account credentials for EDGAR access would improve EDGAR security, provide individual accountability and, by implementing multifactor authentication, align EDGAR with current best practices. 31
Footnotes:
31 ? See, e.g., Comment Letter of Cory (September 19, 2023) ("Cory I Comment Letter") ("[This is] essential to verify the identity and legitimacy of those managing financial data, mitigating the risk of unauthorized access and fraud"); Comment Letter of XBRL US (November 21, 2023) ("XBRL II Comment Letter") ("Multi-factor authentication is a step forward in increasing EDGAR security and has become a standard for most companies."); Comment Letter of Block Transfer (November 21, 2023) ("Block Transfer Comment Letter") ("We agree with the [Commission's] position that individual accountability through people-based, not organization-wide, accounts will lead to greater accountability, transparency, and efficiency in the market").
[top] Several commenters expressed concerns that the introduction of individual account credentials could be disruptive or unduly burdensome for individuals with reporting obligations pursuant to section 16 of the Securities Exchange Act of 1934 ("Exchange Act"). 32 For the reasons discussed
Footnotes:
32 ? See, e.g., Comment Letter of Society for Corporate Governance (August 30, 2024) ("SCG Comment Letter") ("[I]t appears that some companies have assumed their third-party filing agents would handle this major EDGAR overhaul without significant disruption or additional work by in-house personnel. However, the comment letters by filing agents and other vendors suggest otherwise."); XBRL II Comment Letter ("[W]e do not believe the rule proposal adequately addresses the needs of Section 16 filers and single individual filers [who] will perform their own code management.").
33 ? See SCG Comment Letter ("[T]here was also concern with respect to the fact that Login.gov is used, in many instances, for individuals' personal matters ( e.g., Social Security). Using a single account for both personal and public filings is likely to lead to confusion and hesitation on the part of the Section 16 filers. Such individuals may not wish to comingle their personal matters with their public filing obligations.").
34 ?Individuals will provide their email addresses on Form ID, during enrollment, and to account administrators to identify themselves. The dashboard will display individuals' email addresses for identification and individuals will receive email notifications from EDGAR at their email addresses. Therefore, individuals should present to Login.gov the email address that they intend to provide to EDGAR, that will identify them to others on EDGAR, and that they will use to receive communications from EDGAR.
35 ? See amended EDGAR Filer Manual, Volume I, at section 3(a).
36 ?By contrast, if individuals currently have Login.gov accounts used in connection with EDGAR, they may choose to rely upon those existing Login.gov individual account credentials.
Several commenters further suggested that it would be a burden on section 16 filers to apply for EDGAR access and to enroll in EDGAR Next themselves and requested that EDGAR permit a corporate secretary or legal personnel of a registrant to obtain EDGAR access for an individual section 16 filer pursuant to a power of attorney. 37 In response to these comments, we clarify that EDGAR will permit this. Individuals with individual or single-member company filer EDGAR accounts may avoid obtaining Login.gov individual account credentials for EDGAR if they authorize an individual at their filing agent or other third party to enroll them in EDGAR Next and during enrollment authorize one or more individuals at these entities to act as their account administrators. 38 For enrollment, presentation of a power of attorney for the person performing enrollment or being authorized as an account administrator will not be necessary, although we urge all filers to carefully coordinate regarding the person they will authorize to enroll them. For enrollment, the codes required to be entered will act as validation of the filer's intent. 39
Footnotes:
37 ? See, e.g., SCG Comment Letter ("We believe that the corporate secretary or legal personnel of the registrant-with a Power of Attorney (POA)-should be able to complete the process for obtaining EDGAR access codes or passphrases without further involvement from an individual Section 16 filer."); XBRL II Comment Letter ("[W]e do not believe the rule proposal adequately addresses the needs of Section 16 filers and single individual filers will perform their own code management.").
38 ?Only one individual (the individual need not be an account administrator so long as the filer authorizes the individual to enroll) would enroll the filer, providing information about authorized account administrators during enrollment. After enrollment, the account administrators would manage the filer's account on the dashboard, adding account administrators, users and technical administrators, if connecting to APIs, and delegating authority to file, if relevant.
39 ? See infra text accompanying and following note 208 (the filer's CIK, CCC, and EDGAR passphrase must be provided to validate the enrollment request as legitimate).
Separately, individual or single-member company filers who apply for access on amended Form ID may authorize one or two individuals at their filing agents or relevant companies as their account administrators on Form ID; however, for Form ID, individual or single-member company applicants must also provide signed, notarized powers of attorney to those persons to be uploaded to EDGAR together with the completed Form ID. Thereafter, the filer's authorized account administrators would obtain individual account credentials from Login.gov and manage the filer's account on the dashboard. In summary, the individual or single-member company filer would not need to obtain Login.gov individual account credentials in these circumstances.
The commenter also expressed concerns regarding how section 16 filers and others would navigate the multifactor authentication process when making filings. 40 As an initial matter, we do not believe that it will be difficult for section 16 filers and other individuals to navigate the Login.gov multifactor authentication process as it is substantially the same as the process used by numerous financial and other websites for verification. It is therefore likely that section 16 filers and other individuals have experience in performing multifactor authentication. Alternatively, as discussed above, section 16 filers and other individual filers may provide notarized powers of attorney to authorize account administrators to manage filers' accounts and make submissions on filers' behalf, eliminating the need for section 16 filers and other individual filers to obtain individual account credentials or perform multifactor authentication themselves. 41
Footnotes:
40 ? See SCG Comment Letter ("[Our members] expressed concerns about how registrants, Section 16 insiders, and their filing agents would navigate the new MFA process when making filings.").
41 ? See sections II.B.1 and II.B.2.
[top] The commenter further raised issues surrounding the security of Login.gov. 42 The matters raised by the commenter pertain to Login.gov 's provision of identity assurance level 2 ("IAL2") services, 43 which generally require gathering certain sensitive personally identifiable information such as copies of drivers' licenses, passports, or similar documents. EDGAR's agreement with Login.gov, however, is to provide identity assurance level 1 ("IAL1") services, which do not require presentation of such sensitive personally identifiable information. To obtain individual account credentials from Login.gov for EDGAR, the
Footnotes:
42 ? See SCG Comment Letter ("Given that the security of Login.gov has been questioned by Congress and the Internal Revenue Service has expressed reservations about using the platform, the Commission should not mandate Login.gov as the sole platform that registrants and their Section 16 filers may use for multi-factor authentication.").
43 ? See "GSA Misled Customers on Login.gov 's Compliance with Digital Identity Standards," Press Release, Office of the Inspector General, U.S. General Services Administration, available at https://www.gsaig.gov/content/gsa-misled-customers-logingovs-compliance-digital-identity-standards ("GSA knowingly billed IAL2 customer agencies over $10 million for services, including alleged IAL2 services that did not meet IAL2 standards.")
Other commenters suggested that EDGAR provide filers with the option to continue to use a password and CCC instead of Login.gov during a transition period to EDGAR Next. 44 In response to these comments, we clarify that from March 24, 2025 to September 12, 2025, EDGAR will continue to allow submissions to be made when the password and CCC are presented. One commenter asked that the Commission allow section 16 filers to continue to log into EDGAR under the existing process for six months after enrollment ends. 45 We are offering the legacy filing process for six months from March 24, 2025 through September 12, 2025, during which time filers may also enroll. In addition, we are allowing filers to continue to enroll on the dashboard for an additional three months after the compliance date. 46 The 12 months that precede compliance, consisting of six months to prepare for the changes and six months to enroll while legacy filing processes continue, plus an additional three months after compliance to enroll, effectively operate as a phased-in implementation of the new requirements, and permits filers multiple means of accessing EDGAR, while they coordinate with their filing agents and other relevant parties regarding how they will manage their accounts, and ensures timely compliance. 47 We considered comments regarding offering the legacy filing process beyond the transition period, but we determined that doing so would increase the risk of EDGAR security issues arising by delaying the implementation of, among other things, multifactor authentication and individual account credentials. 48
Footnotes:
44 ? See, e.g., Comment Letter of Donnelley Financial Solutions (May 8, 2024) ("DFIN II Comment Letter") ("[W]e encourage the Commission to consider supporting the current authentication method for an overlapping period of time as an alternative during the EDGAR Next roll out. This will help with the transition and minimize market disruption."); SCG Comment Letter ("We agree with DFIN's suggestion that registrants and their Section 16 filers should be allowed to use current authentication methods during the transition to EDGAR Next to minimize disruptions or filing delays.")
45 ? See SCG Comment Letter ("We also ask that the Commission consider allowing all Section 16 filers to continue to use the existing EDGAR system for an additional six months after the enrollment period ends, so they do not miss any deadlines while the enroll in EDGAR Next.") (emphasis in original).
46 ?Further, the commenter appeared to base the comment in part upon the assumption that there would be a one-month preparation period prior to enrollment in EDGAR Next. Instead, the Commission is offering filers a six-month preparation period which we believe will allay the commenter's expressed concerns.
47 ? See SCG Comment Letter ("[t]he Commission has prudently provided phased-in implementation for other rules, such as for XBRL tagging and the Form 8-K cybersecurity incident disclosure rules, and we believe that a phased-in approach makes sense given the hundreds of corporate directors who may have to obtain Login.gov accounts and then enroll through the EDGAR Next dashboard.").
48 ?In addition, it is not technically feasible for EDGAR to extend legacy filing processes for one subset of filers.
Several commenters suggested that filers should have the option to use alternatives to Login.gov as technology evolves. 49 Another commenter requested alternatives to Login.gov in the event the service is unavailable but did not suggest what alternatives were appropriate. 50 Another commenter approved of the choice of Login.gov. 51 Login.gov is a secure Federal sign-in service that aligns with the modern security practices set forth in the executive order and follows the digital identity guidelines for Federal agencies issued by NIST, as indicated above. Using a single secure sign-in service strengthens the ability of Commission staff to monitor, identify, and address login issues related to EDGAR. It also increases efficiency in terms of EDGAR and filer programming, maintenance and customer support and ensures that individuals attempting to access EDGAR are able to achieve similar experiences in the login process. Moreover, we are not aware of any recurrent Login.gov outage issues that necessitate implementing additional Federally accepted tools. If in the future it is possible to meet the Commission's goals of individual traceability and multifactor authentication with improved alternative technology, that technology will be considered as appropriate. EDGAR will be able to substitute or add other methods of obtaining individual account credentials and completing multifactor authentication if it is beneficial to do so. If the Commission determines to change or add methods of authentication to EDGAR, we would inform filers in advance and specify the changes in the EDGAR Filer Manual.
Footnotes:
49 ? See DFIN II Comment Letter ("We continue to believe that Edgar filers should have the optionality to use alternatives to Login.Gov as technology offerings evolve."); Comment Letter of the Investment Company Institute (September 11, 2024) ("ICI Comment Letter").
50 ? See SCG Comment Letter ("There will be busy filing periods, such as 40 days after the end of a fiscal quarter when larger companies make their periodic filings, where it would be helpful to have alternative platforms for authentication in case Login.gov is not available.").
51 ? See Toppan Merrill Comment Letter (" Login.gov is a good choice for EDGAR access since it was created and is maintained by the federal government. It is already utilized by other government agencies and some public users.").
Some commenters raised concerns that requiring individual account credentials for EDGAR access could be burdensome and confusing in specific situations, such as where individuals sit on multiple boards of different issuers, or an individual retires or is terminated. 52 The use of individual account credentials and multifactor authentication is a widely used account management process. While we acknowledge that requiring individual account credentials imposes some additional burden in that it interposes a new step in the EDGAR access process, we do not believe that requiring individual account credentials will be unduly burdensome or confusing because the use of individual user permissions is a standard practice in software applications and computer systems. Moreover, certain examples cited by commenters appear to stem from some confusion regarding dashboard authorization as it pertains to individual account credentials.
Footnotes:
52 ? See, e.g., XBRL II Comment Letter (discussing situations involving individual filers who sit on multiple boards of different issuers); Comment Letter of Workiva (November 20, 2023) ("Workiva Comment Letter") (noting that individual account credentials must be managed at an individual level, which could cause problems for filers if individuals retire or are terminated).
[top] Several commenters raised concerns about specific scenarios involving individual account credentials, such as when an individual the filer has authorized to act on her behalf retires or is terminated, 53 or when an individual sits on multiple boards. 54 In the first scenario, an account administrator would be able to remove the authorization of an individual on the dashboard, at which point the individual could no longer use her individual account credentials to access the filer's account. In the second scenario, an individual who sits on multiple boards would be able to make submissions on any of her EDGAR accounts in several different ways. First, the individual need not obtain Login.gov individual account credentials or interact with the dashboard at all if she authorized one or more individuals employed at her filing agents or other relevant companies as her account administrators (up to a total of 20) with notarized powers of attorney, as discussed above. Second, she could log
Footnotes:
53 ? See Workiva Comment Letter.
54 ? See XBRL II Comment Letter.
Commenters also asserted that individual account credentials would not guarantee EDGAR security, since for example individuals could intentionally share their individual account credentials with unauthorized persons or EDGAR could be otherwise compromised. 55 We acknowledge that requiring individual credentials will not entirely remove threats to EDGAR security, but mandating such credentials will improve the overall security of the EDGAR system. For example, even if the individual account credentials were shared, Commission staff and filers would know whose credentials were shared. Moreover, the use of individual account credentials that employ multifactor authentication complies with current best practices for information security at U.S. Federal agencies, such as those described in the executive order and the NIST digital identity guidelines.
Footnotes:
55 ? See, e.g., Workiva Comment Letter (stating that delegated entities may try to share individual account credentials for a single individual among various employees at the delegated entity); XBRL II Comment Letter (noting that multifactor authentication would protect the Filer Management dashboard but would not stop malicious entities who somehow obtained the filer's filer API token and user API token from using those tokens).
Individual account credentials will enhance the ability of filers to securely maintain access to their EDGAR accounts. Filers currently share access codes among multiple individuals, making it difficult to track with whom the codes are shared or to trace a filing to a specific individual. The use of individual account credentials should enable Commission staff and those with filing obligations to determine more easily the individuals making specific filings on EDGAR, because the person-specific nature of the credentials coupled with the individual's multifactor authentication will identify individuals associated with EDGAR actions-unlike access codes, which are tied to a particular EDGAR account rather than to an individual. 56 Linking individuals to the filings they make will be particularly useful for Commission staff and filers when problematic filings are made on EDGAR and will enhance the security and integrity of the system. Thus, for example, without individual account credentials, if an EDGAR filing is submitted that appears on its face to be materially misleading, Commission staff and the filer may confer about the contents of the filing, but it may be difficult for them to ascertain who submitted it given that the filer may have widely shared its access codes.
Footnotes:
56 ? See amended EDGAR Filer Manual, Volume I, at section 3(a).
To address the concern that security may be compromised by individuals intentionally sharing their individual account credentials with unauthorized persons, 57 we are amending the EDGAR Filer Manual to clarify that individual account credentials may not be shared with other individuals. The Commission intends that individual account credentials identify the individual who takes action on EDGAR and sharing of credentials defeats that goal. In addition, the sharing of individual account credentials among multiple individuals undermines the purpose of multifactor authentication, which is intended to be specific to a known individual.
Footnotes:
57 ? See, e.g., Workiva Comment Letter (stating that delegated entities may try to share individual account credentials for a single individual among various employees at the delegated entity).
Use of individual account credentials also will provide additional assurance that only individuals who have been properly authorized by the filer can take actions on the filer's behalf on EDGAR. Currently, filers' interactions with EDGAR require the use of several codes. Because individual account credentials will be used to authenticate individuals accessing EDGAR pursuant to Rule 10 as amended, the EDGAR password, password modification authorization code ("PMAC"), and passphrase will not be needed to make submissions after the compliance date, as discussed in section II.H. 58 The historic use of several codes with differing functions is not in accord with current industry best practices. The use of individual account credentials aligns more closely with modern access processes, including multifactor authentication, as set forth in the executive order and the NIST guidelines discussed above.
Footnotes:
58 ?Filers enrolling during the three-month period after the compliance date will be required to present the CIK, CCC, and passphrase to complete enrollment.
The CCC will continue to function as the code required for filing, but those seeking to make submissions will also need to sign in with individual account credentials, complete multifactor authentication, and be authorized by the filer or an account administrator for the filer. Because of these additional safeguards, the filer's CCC will be displayed on the dashboard for account administrators and users.
One commenter suggested eliminating the CCC as unnecessary given the requirement to authorize individuals through the dashboard. 59 In addition to dashboard authorization, EDGAR will continue to require the CCC to provide additional security, for example, to complement API tokens, as well as to avoid the need to make additional infrastructure and form changes to EDGAR at this time. To maintain the CCC in a secure environment and remove the need for a filer to email or circulate the CCC, the CCC will appear on the dashboard of individuals authorized to make submissions for the filer. 60 The CCC may be eliminated in the future if feasible from a technical and security standpoint.
Footnotes:
59 ? See Comment Letter of the Securities Industry and Financial Markets Association ("SIFMA Comment Letter") ("[I]t would seem that by granting authority to the agent through EDGAR Next, there would not be a need for the CCC.").
60 ?Specifically, this will include the filer's account administrators, users, delegated administrators, and delegated users.
[top] One commenter indicated that certain Login.gov multifactor authentication methods are restricted in certain countries. 61 While we understand that not all the methods for multifactor authentication on Login.gov may be available to those in certain countries, we note that Login.gov offers individuals several different authentication methods, including a security key, certain Federal Government employee or military cards, authentication applications, biometric (face or fingerprint) verification, text message/SMS or telephone call, and backup codes. Further, there are several authentication applications accepted by
Footnotes:
61 ? See SCG Comment Letter ("In addition, some features of Login.gov ( e.g., text or voice MFA options) are restricted in certain countries, which could impose an added burden on filers based outside the United States.").
62 ?Current Login.gov authentication applications include Android and iOS options (Google Authenticator, Authy, LastPass, 1Password), Windows and Mac apps (1Password and OTP Manager), and Chrome extensions (Authenticator). See generally Login.gov, Authentication Options at https://www.login.gov/help/get-started/authentication-options/.
Another commenter asserted that in lieu of individual account credentials and multifactor authentication, as contemplated in the Proposing Release, Login.gov should allow EDGAR authentication via EDGAR Next API keys. 63 API keys alone, however, do not provide the security assurances of multifactor authentication.
Footnotes:
63 ? See Block Transfer Comment Letter ("[W]e respectfully submit to the Commission that Login.gov might present material benefits to issuers if it replaced the proposed security interface using EDGAR Next API keys.").
B. Individual Roles: Account Administrator, User, Technical Administrator
Paragraph (d)(2) of Rule 10 as proposed and adopted requires each filer to authorize and maintain at least two individuals with individual account credentials as account administrators to manage the filer's EDGAR account and to make submissions on EDGAR on behalf of the filer, unless the filer is an individual or single-member company, 64 in which case the filer will be required to authorize and maintain at least one individual with individual account credentials as an account administrator. 65
Footnotes:
64 ?As defined in amended Rule 11 and amended Form ID, a "single-member company" will be a company that has a single individual who acts as the sole equity holder, director, and officer (or, in the case of an entity without directors and officers, holds position(s) performing similar activities as a director and officer).
65 ?Minor revisions to paragraph (d)(2) as proposed were made to the paragraph as adopted to clarify that each individual or single-member company electronic filer must authorize and maintain at least one individual as an account administrator to manage its EDGAR account.
Account administrators, acting on behalf of the filer, may authorize and de-authorize individuals with individual account credentials as users, additional account administrators, or technical administrators for the filer, as needed, using the dashboard (or the optional APIs that will enable filers to access much of the dashboard's functionality via machine-to-machine connections). 66 This process is illustrated in diagram 1 below.
Footnotes:
66 ?See the EDGAR Next page on SEC.gov for guidance regarding actions on the dashboard.
[Federal Register graphic "ER27DE24.011" is not available. Please view the graphic in the PDF version of this document.]
An individual could be authorized to perform more than one role for a filer. For example, one individual could be both an account administrator and a technical administrator, or one individual could be both a technical administrator and a user. An account administrator could not be a user, however, because account administrators can perform all the functions of a user themselves, including making submissions on EDGAR. Analogous roles will exist at delegated entities. The key functions that could be performed by each role are illustrated in diagram 2 below.
[top]
[Federal Register graphic "ER27DE24.012" is not available. Please view the graphic in the PDF version of this document.]
1. Account Administrators
Paragraphs (d)(4), (5), and (6) of Rule 10 as proposed and adopted require that the filer, through its account administrators, maintain accurate and current information on EDGAR concerning the filer's account and confirm such information annually, and securely maintain information relevant to the ability to access the filer's EDGAR account, including but not limited to access through optional APIs. Commenters broadly supported the implementation of account administrators to manage filers' accounts, 67 although commenters raised concerns about specific issues as discussed below.
Footnotes:
67 ? See, e.g., Cory I Comment Letter ("One of the cornerstones of EDGAR Next is the requirement for filers to designate account administrators. . . . In an era of machine-driven manipulation, this human oversight is crucial for detecting and preventing illicit activities."); Toppan Merrill Comment Letter ("Yes, a required account Administrator [sic] role is necessary for every filer (every CIK). Ideally two Administrators [sic] should be required.").
Under EDGAR Next, each filer will be responsible, through its account administrators, for the security of the filer's EDGAR account and the accuracy of the filer's information on EDGAR. Account administrators will manage the filer's account on the dashboard or through optional APIs replicating most dashboard functionality in machine-to-machine connections. The filer will be required, through its account administrators, to perform annual confirmation on the dashboard. Account administrators will also be able to use the dashboard or optional APIs to add and remove users, account administrators and technical administrators (including removing themselves as an account administrator); create and edit groups of users; delegate filing authority to other EDGAR accounts and remove delegation; generate a new CCC; and receive notifications regarding significant events affecting the account (notifications will also be emailed to the account administrator's email address provided to EDGAR). Further, account administrators will be able to make submissions on behalf of the filer on EDGAR, which will allow filers to manage their accounts and make submissions through a limited number of individuals, if they choose. Each account administrator will be co-equal, possessing the same authority and responsibility to manage the filer's EDGAR account. All actions required to be performed by account administrators can be performed by any of them individually and will not require joint action.
[top] In addition, account administrators will serve as the points of contact for questions from Commission staff regarding the filer's account. 68 One commenter suggested that existing filers with a single EDGAR point of contact for information, inquiries, and access codes ("EDGAR POC") typically rely upon legal staff, whereas under EDGAR Next those filers may choose to authorize, for example, services staff as account administrators. 69 The commenter stated that the EDGAR POC for existing filers should be automatically enrolled as a "super administrator" for the filer and notified regarding significant events affecting the account. 70 Because filers may wish to designate a single account administrator as a primary EDGAR POC, EDGAR will offer an option to allow account administrators to designate one account administrator as the filer's EDGAR POC. EDGAR will by default designate the first account administrator listed on Form ID or an existing filer's enrollment as the filer's EDGAR POC. The filer, through its account administrator, may
Footnotes:
68 ?Technical administrators will serve as the Commission staff's points of contact regarding the filer's use of the APIs. See infra section II.B.3.a.
69 ? See Workiva Comment Letter ("The current POC is likely a different type of staff, such as legal staff, from the administrators who are likely to be reporting or services staff.").
70 ? See Workiva Comment Letter ("We further suggest automatically enrolling the current POC as super administrator. The super administrator should be contacted before any severe action on the EDGAR account is taken, such as account deactivation.").
Several commenters stated that the dashboard should provide a mechanism for authorized users or other interested parties to easily identify and contact the filer's account administrators. 71 The dashboard will be enhanced to provide this functionality. In this regard, account administrators will also serve as points of contact for technical administrators, users and delegated entities.
Footnotes:
71 ? See, e.g., XBRL II Comment Letter ("There should be a mechanism in the filing management dashboard where the company ( e.g. technical admin) can identify and contact their administrators . . ."); Workiva Comment Letter ("[A] a user may not necessarily know who the administrators are to contact. We suggest adding a "Contact Administrator" function in the EDGAR Dashboard to facilitate.").
a. Filer Authorization of Account Administrators
As proposed and adopted, applicants for EDGAR access will designate on amended Form ID the individuals that the filer authorizes as account administrators. 72 Pursuant to paragraph (d)(1) of Rule 10 as proposed and adopted, the filer can only authorize individuals as account administrators if those individuals obtain individual account credentials in the manner specified in the EDGAR Filer Manual. We are adopting the amendments to Form ID largely as proposed, as discussed in section II.F.3. In response to commenter concerns, however, it will not be necessary for Form ID to be completed or submitted by one of the applicant's prospective account administrators, as contemplated in the Proposing Release. This change will allow a filer to choose who will complete and submit Form ID so long as the filer complies with the continued requirement that the form be signed by the filer's authorized individual, as that term is defined in Rule 11 of Regulation S-T and Volume I of the EDGAR Filer Manual, and that the signature is notarized. Additionally, given commenter concerns that asset-backed securities ("ABS") issuing entities that make "Request Asset-Backed Securities (ABS) Issuing Entities Creation" submissions ("ABSCOMP" submissions") should have their account information automatically copied to any serial companies, EDGAR will allow for new serial companies requested to be created via the ABSCOMP process to automatically inherit all dashboard information associated with the ABS issuing entity that made the ABSCOMP submission.
Footnotes:
72 ?A separate process of enrollment will be employed to transition existing filers, as discussed in section II.H.
Consistent with current requirements, an applicant must complete Form ID and electronically submit it, and also upload a copy of the completed Form ID signed by an authorized individual of the applicant with the signature notarized. As a departure from what we contemplated in the Proposing Release, it will not be necessary for Form ID to be completed or submitted by one of the applicant's prospective account administrators. Some commenters were concerned that requiring an account administrator to complete and submit Form ID would be burdensome and unnecessarily restrictive. 73 We understand that providing flexibility in terms of who completes and submits Form ID will facilitate the application process.
Footnotes:
73 ? See, e.g., Comment Letter of Donnelley Financial Services (November 21, 2023) ("DFIN Comment Letter") ("[In addition to account administrators,] any "User" should also be allowed to submit a Form ID. The account administrator(s) might be busy, unavailable, or decide it's a menial task."); Workiva Comment Letter ("[I]t is not necessary to require an account administrator to submit the Form ID. A user should also be able to submit the Form ID. The Form ID is already required to be signed and notarized by authorized personnel. . . . A user is adequate for submission.").
As contemplated in the proposal, entity applicants will be able to authorize as account administrators either (i) individuals employed at the filer or an affiliate of the filer or (ii) any other individual provided the filer submits a notarized power of attorney authorizing that individual to be its account administrator. 74 Individual applicants will be able to authorize as account administrators either (i) themselves or (ii) any other individual provided the filer submits a notarized power of attorney authorizing that individual as account administrator. Commenters provided mixed feedback on this issue, with one supporting the notarization requirement as contemplated in the proposal; another advancing that the requirement should not apply to employees of affiliates; and another expressing concern that the notarization requirement as a whole would be unduly burdensome. 75 Although we acknowledge the added time and effort required to obtain a notarized power of attorney, the process is relatively straightforward, analogous to the current process of notarization of the authorized individual signature on Form ID, and not unduly time consuming. Moreover, the process will provide greater assurance that a filer indeed intends to authorize an individual not employed at the filer or an affiliate of the filer to manage the filer's EDGAR account. We therefore are implementing the notarized power of attorney requirements as proposed, and the amended Form ID and EDGAR Filer Manual will reflect those requirements.
Footnotes:
74 ?The amended EDGAR Filer Manual specifies that an "authorized individual" must sign a power of attorney on behalf of the filer in this context. See amended EDGAR Filer Manual, Volume I, at section 3.
75 ? See, e.g., Toppan Merrill Comment Letter ("We support the proposal to have the initial account administrator require a notarized power of attorney, if applicable."); DFIN Comment Letter ("[I]f the account administrator is an employee of the filer's affiliate, they should not be required to be authenticated via a notarized power of attorney."); Workiva Comment Letter ("We believe that a notarized power of attorney should not be required to add an employee of another entity as an administrator. This could significantly increase the burden for the individual reporting owners. . . .").
[top] A commenter questioned why the requirement to present a notarized power of attorney to authorize an employee of an entity other than the filer as account administrator on Form ID is needed when authorization of additional account administrators through the dashboard does not require notarization. 76 The requirement to present a notarized power of attorney to authorize individuals who are not employed at the applicant or an affiliate as account administrators on Form ID provides Commission staff-who review each Form ID to determine whether access should be granted-a means of confirming that these individuals are indeed authorized on behalf of the applicant. The requirement lessens the risk that unauthorized persons will attempt to establish or access an account by submitting a false or misleading Form ID. We did not include a notarization requirement for account administrators added through the dashboard, because once Commission staff grant access to EDGAR, filers are responsible, through their account administrators, for the security of the
Footnotes:
76 ? See Workiva Comment Letter ("In addition, since the power of attorney is only needed initially, and once an administrator is added to the EDGAR Dashboard additional administrators can be added without a new power of attorney; it seems inconsistent and somewhat arbitrary that there is a higher threshold for the first one.").
We also received several comments regarding the authorization of account administrators in situations unique to specific types of filers. One commenter recommended that account administrators associated with ABS issuing entities that make ABSCOMP submissions should automatically be copied to any serial companies created as a result of that submission, and another commenter suggested that all account information associated with the ABS issuing entity should be automatically copied over to the newly created serial companies. 77 Up to 100 serial companies can be created via a single ABSCOMP submission, and we recognize that it would be time consuming to require identical addresses, account administrators, and other information to be manually inputted for each serial company. Consequently, the ABSCOMP process will be available in the dashboard, and new serial companies requested to be created via that process will automatically inherit all dashboard information ( e.g., contact information, account administrators, users, technical administrators, and delegations) associated with the ABS issuing entity that made the ABSCOMP submission. Changes to the inherited information could be made after creation of the new serial companies. For example, individuals could be added or removed on the dashboard by the serial company's account administrators, while filer information such as name, address, and State of incorporation could be updated via Company Update submissions ("COUPDATs"), consistent with current practice.
Footnotes:
77 ? See DFIN Comment Letter ("[T]he Account Administrator and information from the ABS Issuer's Account Administrator should be copied to the new serial account, after which, any changes can be made."); Cadwalader, Wickersham & Taft LLP Comment Letter (November 21, 2023) ("Cadwalader Comment Letter") ("For [commercial mortgage-backed securities] issuers, allowing automatic inheritance by the individual serial trusts of all information from the depositor would be the most efficient approach.").
Another commenter indicated that making the ABSCOMP process available in the dashboard would be sufficient for ABS entities to manage the creation of new EDGAR accounts and suggested that similar functionality should be provided for other issuers that have a structure with multiple related parties, such as co-registrants and beneficial ownership reporting filers, to allow them to more easily manage EDGAR accounts. 78 We have determined not to extend the above-described ABSCOMP process to include other entities such as investment companies and co-registrants, because ABSCOMP is unique in allowing rapid creation of multiple serial companies via a single transaction, predicated in part upon the serial companies all being largely identical ( e.g., contact information, account administrators, etc.). In contrast, although beneficial ownership reporting filers and co-registrants may be related parties, each of these filers typically possesses separate filer-specific information such as name, address, and contact information. Furthermore, these filers could have separate reporting obligations (for example, beneficial ownership reporting filers in the context of different issuers, and co-registrants in the context of different securities offerings). Thus, in the EDGAR Next framework, each of these filers presumably would want to authorize her own account administrators, and it would be inappropriate to automatically assign all such filers the same account administrators. In addition, the optional APIs being added to EDGAR Next should serve to mitigate any additional burdens for these filers by allowing the filers to rapidly add account administrators and make other changes as necessary, as discussed further in section II.E below.
Footnotes:
78 ? See Toppan Merrill Comment Letter ("The proposed functionality for an ABS account administrator to access the dashboard for serial companies could be utilized for other issuers who have a related structure with multiple entities . . . [i]ncluding . . . corporate issuers with co-registrants [and] beneficial ownership reporting filers ( e.g., 144, SC 13D, SC 13G, and section 16 filers), and ABS issuers . . . . If the existing option to create a serial company by the `ABSCOMP' process is available in EDGAR Next functionality that will be sufficient for ABS entities to manage creating new CIKs.").
The Proposing Release also requested comment on whether elimination of the ability of ABS issuers to create new ABS serial companies "on the fly" when filing a 424H submission would cause any problems, given that the EDGAR Next framework would continue to allow ABS issuers to request creation of serial companies via ABSCOMP submissions. We received no comments on this issue. EDGAR data indicates that ABS issuers have not used the "on the fly" process for several years, and accordingly EDGAR will be updated to remove the ability of ABS issuers to create new serial companies "on the fly."
b. Number of Account Administrators
As contemplated in the proposal, paragraph (d)(2) of Rule 10 as adopted requires filers who are individuals or single-member companies to authorize and maintain at least one account administrator; all other filers will be required to authorize and maintain at least two account administrators. The maximum number of account administrators on the dashboard is 20. Although individuals and single-member companies are only required to authorize and maintain at least one account administrator, we encourage them to authorize additional account administrators in the event the sole account administrator becomes unavailable to manage the account.
[top] Commenters generally supported the proposed requirement to maintain a minimum of two account administrators, 79 although various commenters recommended technical changes or additional clarification. One commenter sought clarification regarding whether, for single-member companies and individuals, the required account administrator must be the single member or individual herself. 80 Paragraph (d)(2) of Rule 10 does not require this. Filers will have the flexibility to authorize individuals at their filing agents or other third parties as account administrators, so long as they provide notarized powers of attorney authorizing those individuals. Another commenter requested that an additional warning be provided when the "single-member company" selection is made to alert the filer that she would be unable to manage her EDGAR account if the single account administrator is not available. 81 A warning notice will be added to the online version of Form ID as requested if the "single-member company" selection is made. Separately, although single-member companies will only be required to have a single account administrator, we encourage filers to authorize additional account administrators on the dashboard as
Footnotes:
79 ? See, e.g., Toppan Merrill Comment Letter ("Yes, we believe requiring two account administrators is appropriate."); Workiva Comment Letter ("We believe at least two account administrators for filing entities (other than single-member companies) is appropriate.").
80 ? See Workiva Comment Letter ("For individuals and single-member companies, please clarify if the one minimum administrator must be the individual himself or herself.").
81 ? See Toppan Merrill Comment Letter ("We suggest that additional warnings are provided when the `single-member companies' selection is made. The warning should alert that access to the filer management website will be lost if the single administrator is no longer available, which may lead to loss of ability to file on EDGAR").
Requiring most filers to authorize at least two account administrators will increase the ability of filers to manage their EDGAR accounts without interruption. Thus, if an account administrator unexpectedly resigns or otherwise ceases to be available to manage the filer's account, the remaining account administrators will continue to manage the account and will be able to authorize additional account administrators. If the account administrator who seeks to resign is one of the required two account administrators for an entity filer, then that account administrator could not be removed from the filer's EDGAR account unless the filer first added another account administrator through the dashboard to meet the required minimum of two account administrators. For example, if there are two account administrators for the account and one unexpectedly becomes unavailable, the remaining account administrator could add another account administrator to the account and then remove the unavailable individual. For individual and single-member company filers, at least one account administrator will always be required because those filers typically consist of only one individual. A dashboard limit of 20 account administrators should be sufficient to allow for management of large accounts, while avoiding the confusion that a larger number of account administrators might cause.
We encourage filers to authorize more than the minimum number of account administrators, if possible, because if all account administrators for a filer cease to be available to manage the filer's account, the filer will be required to submit a new Form ID to authorize new account administrators. 82
Footnotes:
82 ?In this case, the filer would select the option on Form ID indicating that it had lost electronic access to its existing CIK account. This option also encompasses other scenarios, such as when a filer loses access due to failure to satisfy required annual confirmation requirements. See infra note 90.
c. Account Administrator Authorization and Removal of Users, Technical Administrators, and Other Account Administrators
An account administrator will be able to add or remove an individual as a user, account administrator, or technical administrator for an EDGAR account through the dashboard, as discussed in the Proposing Release. An account administrator will "add" the individual on the dashboard and EDGAR will send an invitation to the individual by email and through the dashboard (if the individual has a role for any filer on EDGAR) indicating that the account administrator for the filer sought to add her to the filer's account in a particular role or roles. The individual must accept the invitation, either through the email or on the dashboard, to accept the new role(s) and become authorized in those role(s) for the filer. The same process of invitation both through email and the dashboard applies to all invitations, and the individual receiving the invitation may accept via the email or the dashboard invitation.
Commenters expressed general support for notifying filers when an account administrator removes or adds another account administrator. 83 Some commenters, however, expressed the view that while filer notification would be appropriate, filer consent is not necessary and should not be required. 84 In response to this point, EDGAR will be enhanced to provide notifications to all relevant account administrators through the dashboard and by email when individuals are added or removed from an account, or the roles for those individuals are changed. The discussion of this matter in the Proposing Release did not indicate that filers would need to consent to these changes, and EDGAR will not require such consent for the changes to be effective. These notifications will allow account administrators to monitor relevant activity while minimizing the delay that might result from approval of each individual action.
Footnotes:
83 ? See, e.g., XBRL II Comment Letter ("As well as requiring a minimum of two administrators . . . we do think notification is appropriate. Alerting other administrators when an administrator is added or leaves will improve the ability for the network to react to administrator changes."); DFIN Comment letter ("We also think that a filer should be notified when additional account administrators are added or removed.").
84 ? See XBRL II Comment Letter ("Addition without consent should be allowed, to manage emergencies that may arise. . . We understand that there is still a potential risk with rogue actors at firms, but firms are managing the risk of rogue actor employees today and should be left to manage that problem in regard to EDGAR Next."); Workiva Comment Letter ("We believe the filer's consent is not necessary as long as the filer has an administrator that will be notified and can take additional action if needed.").
d. Annual Confirmation
Paragraph (d)(4) of Rule 10 as proposed and adopted requires each filer to perform an annual confirmation on EDGAR that all the filer's users, account administrators, technical administrators, and delegated entities are authorized by the filer to act on its behalf, and that all information related to the filer reflected on the filer's dashboard is accurate. Account administrators will act for the filer to carry out this function. Annual confirmation will assist the filer in tracking those authorized to file on EDGAR and will provide an opportunity for account administrators to confirm the accuracy of those individuals and delegated entities associated with the filer and to remove those no longer authorized. In a change from what was contemplated in the Proposing Release, in response to commenter concerns, we are extending the grace period before account deactivation for filers that fail to timely perform annual confirmation from two weeks (as discussed in the Proposing Release) to three months following the annual confirmation deadline. During the three-month grace period, filers will be able to continue to make submissions and take actions on EDGAR as usual, while account administrators will receive notices reminding them to complete annual confirmation by the end of the grace period, as discussed in more detail below.
To provide flexibility to filers, EDGAR will allow account administrators to select one of four quarterly dates as the filer's ongoing confirmation deadline: March 31, June 30, September 30, and December 31 (or the next business day if the date falls upon a weekend or holiday when EDGAR is not operating). An account administrator need not wait until the deadline to confirm. An account administrator may choose to perform confirmation at an earlier date within the quarter when confirmation is due. Further, an account administrator will be able to perform confirmation on any date in a quarter earlier than the quarter of the current deadline, thereby changing the quarter when confirmation is due going forward. Confirmation in an earlier quarter will result in a confirmation deadline one year after the end of the quarter in which the early confirmation occurred. For example, if a December 31 confirmation deadline were selected by the account administrator for the initial annual confirmation, but the account administrator submitted the confirmation for the following year in August, the filer's annual confirmation deadline for the next year would be September 30 (or the next business day, if the date fell upon a weekend or holiday when EDGAR was not operating).
[top] Commenters generally expressed support for account administrator performance of annual confirmation as contemplated in the Proposing
Footnotes:
85 ? See, e.g., DFIN Comment Letter ("The proposed annual confirmation requirement is sufficient"); Cadwalader Comment Letter (for annual confirmation for serial trusts, "We believe that such an approach is both appropriate and efficient."); Toppan Merrill Comment Letter (asserting that the annual confirmation requirement would create additional burden for filers but expressing agreement with the requirement as proposed.).
86 ? Compare Block Transfer Comment Letter (". . . the benefits of the security measure proposed . . . would outweigh the significant burden it would impose on filers' internal controls.") with Comment Letter of Uchi (September 13, 2023) (requesting a "3 or 6 month renewal check for the company to ensure all administrative accounts assigned to the company are still valid as employees incase [sic] of termination while maintaining administrative access to said company filing permissions."); Comment Letter of Alexander (September 15, 2023) (same).
Several commenters suggested that the Commission allow bulk annual confirmations to be performed for related EDGAR accounts, such as accounts that share the same administrators, users, delegations, and corporate and contact information. 87 As discussed above, related EDGAR accounts (such as co-registrant) may often have different dashboard information, which suggests that bulk confirmation is not appropriate given the need to separately review and confirm the accuracy of dashboard information for each filer. 88 We are further concerned that account administrators might inadvertently perform a bulk confirmation of hundreds of filers without carefully reviewing each filer's information. To ensure the accuracy of the filer's information on EDGAR, a filer must, through its account administrator, carefully inspect the information on the filer's dashboard. As a result, bulk confirmation will not be permitted. Filers may achieve efficiencies in the confirmation process by leveraging optional APIs that will allow them to rapidly add and remove individuals, change authorized roles, and perform delegations to ensure the accuracy of information on the dashboard prior to performing confirmation. For example, in preparation for confirmation, a filer could view all individuals authorized to act on behalf of the filer through an API being made available for that purpose. If updates to the roles or authorization of individuals were needed, the filer could add and remove individuals and change individuals' roles through APIs being made available for those purposes.
Footnotes:
87 ? See Cadwalader Comment Letter ("On an operational level, we do not expect individual serial trusts to have account administrators, technical administrators, users or delegated entities that are not also performing the same functions for the depositor, although the depositor may have certain additional account administrators, technical administrators, users or delegated entities who are not assigned to all of the related serial trusts. Therefore, depositor-level confirmation of its authorized parties would also encompass all individuals assigned roles with respect to each individual serial trust."); Toppan Merrill Comment Letter (responding to a request for comment regarding whether bulk confirmations should be permitted by stating "Yes, affiliated filers with the same administrators, users, delegations, and corporate and contact information should be allowed similar functionality[.]").
88 ? See supra text following note 52.
[top] As noted above, the Proposing Release contemplated a two-week grace period for filers that failed to perform annual confirmation. Some commenters stated that the annual confirmation requirement would impose a significant additional burden on filers and recommended that filers should initially be suspended before they are deactivated, while others requested an extension of the grace period before deactivating the filer's access. 89 After considering these comments, we will expand from two weeks to three months the grace period following a missed confirmation deadline, during which the filer will be able to continue to make submissions and take actions on the filer's account as usual and the filer's account administrators will receive a final series of notices reminding them to complete annual confirmation. If no account administrator performs the annual confirmation by the end of the three-month grace period, EDGAR will deactivate the filer's access and the filer will be required to submit a new Form ID application to request access to file on its account. 90 If Commission staff grant the Form ID, the filer will continue to have the same account number/CIK previously assigned and its filing history will be maintained. The filer's account administrators listed on Form ID, however, will need to invite through the dashboard, as if to a new account, additional account administrators, and any technical administrators and users, and delegate authority to file, if relevant. Although the need to reapply for access and in particular the need to invite account administrators, users, and technical administrators anew will impose an additional burden on filers, failure to perform an annual confirmation, particularly after receipt of multiple notices, could signal that the filer is no longer managing or controlling the account. Removing individuals from the filer's account upon deactivation safeguards information regarding individuals whose information is listed on the filer's dashboard. For example, if someone other than the original filer's account administrators submitted a Form ID application for access to the account, and the original account administrators did not respond to Commission staff inquiries regarding the Form ID, the process outlined above will prevent the new account holder from accessing the names, addresses, and contact information of the individuals formerly associated with the account. Collectively, this framework will provide filers that inadvertently
Footnotes:
89 ? See, e.g., Workiva Comment Letter ("We strongly recommend temporary suspension over account deactivation. . . . Failure to confirm annually may signal a problem occurred in the notification process rather than the filer being no longer in control of the account. . . . Deactivation should only occur after six months of suspension."); XBRL II Comment Letter ("The annual confirmation requirement will create a significant additional burden for filers that use a filing agent's SEC credentials, in particular for those filers who make sporadic submissions such as Section 16 filers. . . . We encourage the Commission to consider imposing a temporary 2-week suspension if the confirmation requirement is not met before deactivating a nd removing information from an existing account.").
90 ?In this case, the filer would select the option on Form ID indicating that it had lost electronic access to its existing CIK account. This option would also encompass other scenarios, such as when all the filer's account administrators cease to be available to manage the filer's account. See supra note 82.
e. User Groups
Largely as contemplated in the Proposing Release, the dashboard will provide functionality to allow an account administrator to group subsets of the filer's users into user groups. The user group function will assist delegated entities to authorize certain of their users to make submissions on behalf of specific filers, as explained below. By employing user groups, the delegated administrator can add or remove the ability to make submissions for a certain filer to all users in the group at once and can give specific groups of users the ability to make submissions for certain filers, leading to efficiencies of time in managing users.
One commenter stated that EDGAR should allow multiple users to be added to a user group simultaneously to ensure that user groups can be built quickly and efficiently. 91 As requested by the commenter, the dashboard will be updated to permit filers to add multiple users to a user group simultaneously. In addition, optional APIs will be provided so that filers can view individuals in any role for a CIK, add individuals, remove individuals, and change roles for individuals; collectively, this should facilitate the ability of filers to manage user groups.
Footnotes:
91 ? See Toppan Merrill Comment Letter ("The system should allow for multiple users to be uploaded at the same time. This will ensure that users groups can be built quickly and efficiently.")
One commenter stated that user group functionality would be improved by allowing wildcard searches to include first and last names. 92 Accordingly, the dashboard will be enhanced to enable first and last name wildcard searches of individuals.
Footnotes:
92 ? See Toppan Merrill Comment Letter ("User group functionality would be improved by allowing for wildcard searches to include first and last names. Currently, the search disregards any name after the space between the first and last name.").
2. Users
Largely as contemplated in the Proposing Release, account administrators will be able to authorize individuals with individual account credentials as users to make submissions on EDGAR on behalf of the filer. 93 Account administrators and Commission staff will be able to determine which users made which submissions; however, this information will not be made public on EDGAR. The dashboard will allow users to generate, view, and copy user API tokens, if using optional APIs that require presentation of a user API token; view relevant notifications (which will also be provided to users by email); and view basic information about the filer's account, including the filer's name, CIK, CCC, corporate and contact information, as well as contact information for account administrators. Users will not, however, be able to add or remove individuals from the dashboard other than themselves. Users also will not be able to generate a new CCC. Separately, users will be able to make COUPDAT submissions to update filer information such as name, address, and State of incorporation, as filers currently do.
Footnotes:
93 ?Commenters were generally supportive of the user role. See comments by Toppan Merrill, DFIN, SIFMA, and XBRL II.
As part of the login and authentication process for the EDGAR filing websites, a user will be able to select the EDGAR account number (CIK) of the entity for which submissions are being made ("login CIK"). That CIK will be reflected in the first part of the unique identifier associated with each submission (the "accession number"). 94 Users will be able to change their login CIK at any time to any other account for which they are authorized.
Footnotes:
94 ?An accession number is a unique identifier assigned automatically to EDGAR submissions for tracking and reference purposes. The first 10 digits are intended to represent the CIK of the entity making the submission, which may be an entity with reporting obligations or a third party (such as a filing agent).
a. Becoming Authorized as a User
An account administrator can "add" an individual through a dashboard function that will generate an invitation to the individual to be a user for the filer's account. Prospective users will receive email invitations from EDGAR and, if the prospective user has a role for any EDGAR account, a notification of the invitation will appear on the prospective user's dashboard. The individual must accept the invitation, through either the email or dashboard invitation, to become a user. As noted, the same process of invitation and acceptance both through email and the dashboard applies to all invitations.
One commenter suggested the addition of functionality to allow filers to directly authorize their financial advisers ( i.e., registered representatives of broker-dealers) to act as users. 95 Although there are additional requirements related to the authorization of third parties as account administrators on Form ID, those requirements will not apply to users. 96 Account administrators will be able to authorize any individual with Login.gov credentials as a user, therefore, for example, account administrators will be able to authorize financial advisers as users to make submissions on the filer's behalf.
Footnotes:
95 ? See SIFMA Comment Letter ("We recommend that the SEC provide functionality that would allow retail clients to directly authorize their financial advisers ( i.e., registered representatives of the broker-dealer) to act as a `user' for the sole purpose of filing the Form 144s.").
96 ? See supra note 75 and accompanying and following text (discussing notarization requirements for individuals who are not employed at the filer or an affiliate of the filer).
b. Number of Users
There will be no minimum number of users because account administrators will be able to make submissions on behalf of the filer. We are setting the maximum number of users per filer on the dashboard at 500, as proposed.
[top] The Proposing Release discussed a maximum of 500 users per filer, based in part on feedback received from commenters on the 2021 Request for Comment. One commenter that responded to the 2021 Request for Comment conducted a filer survey that indicated that 4% of the filers it surveyed would be interested in authorizing 20 or more users, up to a maximum of 150 users per filer. 97 In response to the 500-user limit contemplated in the Proposing Release, one commenter agreed that a limit of 500 users would be sufficient. 98 In contrast, one commenter suggested that the limit should be increased but did not provide a specific number, while another suggested that the limit should be tripled to 1500 users per filer on the grounds that doing so would "accommodate larger entities."? 99 We believe that a maximum of 500 users per filer on the dashboard should be sufficient to accommodate sophisticated filers making a large number of varied
Footnotes:
97 ? See Workiva Comment Letter (November 30, 2021) ("Based on the survey we conducted, about 1% of respondents indicated their plan to set up as high as 10-30 account administrators, while 4% indicated 20-150 users.").
98 ? See XBRL II Comment Letter ("We believe that the limit of 500 authorized users per filer is sufficient.").
99 ? See Toppan Merrill Comment Letter ("Additionally, EDGAR Next should allow an organization to add more than 500 authorized users, as needed."); DFIN Comment Letter ("To accommodate larger entities, we suggest an increase to the authorized user limit from 500 to 1,500.").
100 ?In the future, if it seems that there is a need for additional users to be added, the limit on the number of users may be reevaluated.
101 ? See supra notes 97-98.
102 ? See generally section II.E.
3. Technical Administrators
Paragraph (d)(3) of Rule 10 as adopted and largely as proposed requires filers that opt to connect to the EDGAR APIs to authorize, through their account administrators, at least two technical administrators to manage the technical aspects of a filer's connection to the APIs, unless the filer arranges to use its delegated entity's API connections and the delegated entity is in compliance with the requirement to authorize at least two technical administrators. We anticipate that the role of technical administrator could be filled by someone with a primarily administrative background because the requirements of the role are to generate and provide filer API tokens and to manage the filer's connections to APIs. We are not requiring that the technical administrator role be filled by software developers or other technically expert staff; rather, the technical administrator should have a basic understanding of API processes and be available to communicate with Commission staff and the filer's developers or other technical experts expeditiously, in addition to generating and managing the filer API tokens.
Commenters generally indicated support for adding a technical administrator role as beneficial to help manage a filer's connection to APIs. 103 One commenter suggested that it saw "material problems" with the role of technical administrator but did not enumerate what those problems were. 104 The commenter suggested Congressional consideration regarding creation of a "unified, government-wide platform that ensures robust authentication and streamlined management of API interaction for various Federal services, including EDGAR."? 105 We note that such an undertaking is outside the scope of this rulemaking.
Footnotes:
103 ? See Toppan Merrill Comment Letter ("[We] believe a technical administrator role is beneficial to help manage a filer's use of APIs."); Workiva Comment Letter ("[W]e agree with the option to have a technical administrator role for those who wish to utilize IT support to manage API tokens . . . . .").
104 ? See Block Transfer Comment Letter ("We respectfully submit . . . an innovative approach . . . because(i) the role of technical administrator has material problems and (ii) other Federal agencies require machine-to-machine data submission from the private sector, most generally from financial services firms.").
105 ? See Block Transfer Comment Letter ("We respectfully submit . . . an innovative approach . . . [that] envisages a unified, government-wide platform that ensures robust authentication and streamlined management of API interactions for various Federal services, including EDGAR. . . . For these reasons and more, we respectfully submit . . . that a brief Congressional consideration is in order to ponder the creation of a report as to the strengths and weaknesses a unified Login.gov machine-to-machine authentication system may bestow upon on our cybersecurity interests both domestically and abroad. . . .").
We are adopting paragraph (d)(3) of Rule 10 with a modification to permit a filer to use the API connections and filer API tokens of its delegated entity (as long as that delegated entity is in compliance with the requirement to authorize at least two technical administrators); and a filer that does so will not be required to authorize at least two technical administrators and generate a filer API token itself. 106 The relevant individual at the filer interacting with the API, however, must present a valid user API token to the API if the relevant API requires presentation of a user API token, to allow identification of the individual taking action on EDGAR. To accommodate this change and to better reflect the technical connection of filers to the optional APIs, paragraph (d)(3) of Rule 10 will refer to filers that "connect to" APIs rather than filers that "use" APIs. This option is being offered for filers who would like their account administrators and users to be able to interact with the APIs directly, but who do not wish to undertake the expense to connect to the APIs and authorize technical administrators. 107
Footnotes:
106 ? See generally section II.C.6.
107 ?As set forth in paragraph (d)(3) of Rule 10, filers who do not want their account administrators or users to generate user API tokens could alternatively allow their delegated entities to make submissions on their behalf through APIs, and individuals at the delegated entities would present their own user API tokens to make submissions.
a. Authority of Technical Administrators
A technical administrator will issue and deactivate filer API tokens required to connect to the optional APIs. Technical administrators will also serve as points of contact for questions from Commission staff regarding the filer's connections to the APIs and will receive relevant notifications on the dashboard and by email, such as reminders regarding upcoming expiration dates for filer API tokens.
Two commenters suggested that the technical administrator and account administrator roles could be filled by the same person. 108 As discussed in the Proposing Release, a filer will have the option of designating the same individual to serve as both its technical administrator and account administrator, but the filer may also choose to authorize different individuals to serve in these roles provided those individuals possess individual account credentials obtained in the manner specified in the EDGAR Filer Manual.
Footnotes:
108 ? See Workiva Comment Letter ("[W]e believe that the administrator and the technical administrator can be the same person and would likely be most of the time."); XBRL II Comment Letter ("We do not understand the difference between a technical administrator and an account administrator. The addition of a technical administrator role may further complicate the process. It could be useful if this role were optional and could be combined into the account administrator if the company chose to, for example if the account administrator could generate the filer token.").
b. Becoming a Technical Administrator
To authorize an individual as a technical administrator, an account administrator will add the individual in that role on the dashboard, triggering an invitation to the individual. The prospective technical administrator will receive the invitation by email, and, if the individual already has a role for any EDGAR account, on the dashboard. The prospective technical administrator must accept either the dashboard or the email invitation to become authorized as a technical administrator.
c. Number of Technical Administrators
Paragraph (d)(3) of Rule 10 as proposed and adopted will require filers that choose to connect to an API to authorize, through its account administrators, at least two technical administrators. In a change to what was proposed, however, paragraph (d)(3) of Rule 10 will not impose a requirement to authorize at least two technical administrators if the filer arranges to use its delegated entity's API connections and filer API tokens and the delegated entity is in compliance with the requirement to authorize at least two technical administrators. Further, while the Proposing Release indicated that filers would be able to authorize a maximum of 10 technical administrators, in response to requests from commenters, the maximum number of technical administrators will be increased to 20.
[top] One commenter generally supported the designation of at least two technical
Footnotes:
109 ? See Toppan Merrill Comment Letter ("[A] minimum of two technical administrators should be required to manage a filer's APIs. . . .").
110 ? See Workiva Comment Letter ("[I]ndividuals or single-member firms should have the option to handle everything directly without involving an additional party. The requirement of at least two technical administrators would impose the need to involve a second person purely for the purpose of using software to file."); DFIN Comment Letter ("We think the technical administrator minimum requirements should parallel the account administrator minimum requirements.").
111 ? See Block Transfer Comment Letter.
As noted, as a departure from what was contemplated in the Proposing Release, a filer may use its delegated entity's filer API tokens and API connections if the delegated entity is in compliance with the paragraph (d)(3) requirement of Rule 10 to authorize two technical administrators. The filer must delegate authority to file through the dashboard and coordinate with the relevant delegated entity to use the delegated entity's API connections and filer API tokens, and the individual at the filer making the submission must present her own user API token to the API, if the relevant API requires presentation of a user API token. This change will obviate the need for filers to create their own API connections and authorize their own technical administrators should they want their account administrators and users to make submissions and interact with EDGAR through the optional APIs, and further responds to suggestions raised by a commenter. 112 These filers may leverage the API connections and filer API tokens of filers' delegated entities, and the individual at the filer need only supply her user API token to the API, if the relevant API requires presentation of a user API token. 113
Footnotes:
112 ? See Workiva Comment Letter ("One solution would be to allow the registrant's authorized user to use their token with the delegated filing software's filer token.").
113 ?Alternatively, if filers wish to make submissions through APIs but do not wish their staff to be required to generate user API tokens, filers could arrange for their delegated entities to make submissions through APIs on their behalf. In this case, delegated entities would create the API connections, maintain at least two technical administrators, and generate filer API tokens, and the relevant delegated administrators and delegated users for these filers (at the delegated entities) would present their own user API tokens, if the APIs require presentation of a user API token. Of course, filers who wish to make submissions through APIs may also determine to create their own API connections to EDGAR, authorize at least two technical administrators, present their own filer API tokens, and have their account administrators and users generate and present their user API tokens, if the APIs require presentation of a user API token.
Because paragraph (d)(3) of Rule 10 as amended will require a filer to authorize, through its account administrators, at least two technical administrators to connect to the optional APIs, the dashboard will not allow a technical administrator to be removed from a filer's account when only two technical administrators are authorized on the account. An account administrator will first need to add another technical administrator on the dashboard.
In a change from the contemplated maximum of 10 technical administrators per filer, there will be a maximum of 20 technical administrators per filer. Several commenters suggested that this limit be increased to parallel the limit for the maximum number of account administrators. 114 Having the same maximum limit for account administrators and technical administrators will facilitate the ability of filers to authorize the same individuals in those roles.
Footnotes:
114 ? See Toppan Merrill Comment Letter ("A minimum of two technical administrators should be required to manage a filer's APIs, as proposed. We would prefer that the maximum number of technical administrators match the number of account administrators (20). This ensures that larger entities will not encounter any limitations."); Workiva Comment Letter ("[T]he technical administrator and administrators can often be the same person. Thus, we believe the limits for administrators and technical administrators can be the same.").
C. Delegated Entities
Largely as contemplated in the Proposing Release, a filer will be able to delegate authority to file on its behalf to any other EDGAR account, such as a filing agent, which will become a delegated entity for the filer. As discussed above, the CCC will appear on the dashboard of individuals authorized to make submissions for the filer, including delegated administrators and delegated users. 115
Footnotes:
115 ? See supra note 60.
1. Delegating Authority To File
A filer's account administrator may delegate authority to file to another EDGAR account through a function on the dashboard, as discussed in the Proposing Release. 116 After the account administrator selects the EDGAR account to which the filer seeks to delegate authority to file, EDGAR will send both email and dashboard invitations to the account administrators for that account. One account administrator for the prospective delegated entity must accept either the email or the dashboard invitation for the delegation to become effective. If the filer's account administrators wish to terminate the delegation, they can do so on the dashboard. Removal of delegation will not require acceptance by the delegated entity. An account administrator will be able to delegate authority to file to an unlimited number of EDGAR accounts, allowing filers to delegate to multiple filing agents, for example, should they so choose. Similarly, an EDGAR account can accept an unlimited number of delegations from filers.
Footnotes:
116 ?An optional delegation API will be offered in addition to the delegation capabilities of the dashboard.
In response to commenter suggestions, the dashboard will be enhanced to: (1) provide bulk delegation functionality to allow filers to delegate to multiple EDGAR accounts more easily; (2) enable prospective delegated entities to send delegation requests to filers; and (3) allow EDGAR accounts to automatically accept delegations and become delegated entities if they choose.
[top] Commenters generally supported the ability to delegate, 117 although various commenters raised concerns about certain situations or recommended
Footnotes:
117 ? See, e.g., DFIN Comment Letter ("Filers should be able to delegate to anyone they want to file on their behalf."); Toppan Merrill Comment Letter ("We agree that an account administrator should be able to delegate filing authority to any EDGAR filer.").
118 ? See, e.g., Comment Letter of Wanda Welch (November 13, 2023) ("Welch Comment Letter") ("We would like the ability to delegate to more than one CIK at a time and receipt of one email invite."); XBRL II Comment Letter ("[We] recommend that a bulk delegation function be made available to assist filers that have multiple CIKs, and that this capability be allowed using a single invitation request (rather than multiple invitations for multiple CIKs."); DFIN Comment Letter ("We think that a bulk delegation function would be beneficial for filers that have multiple CIKs. Also, the bulk delegation should produce one invitation request. The recipient would then only need to accept one invitation as opposed to several invitations."); ICI Comment Letter ("There should be consideration for bulk delegation for a group of CIKs.").
Multiple commenters also asked that prospective delegated entities be able to request delegation. 119 This process would enable filing agents, for example, to assist their client filers in delegating to the correct EDGAR accounts. In response to these comments, the dashboard will be enhanced to enable prospective delegated entities to send delegation requests to filers. The delegation requests will prompt filers' account administrators to send delegation invitations to the delegated entities, and filers' account administrators can determine whether they wish to send such delegation invitations. If the filers' account administrators send the delegation invitations, the delegated entities' account administrators must accept the invitations for the delegation to be effective.
Footnotes:
119 ? See, e.g., SIFMA Comment Letter ("We recommend that the system permit filing agents . . . to affirmatively request delegated authority (on an individual or bulk basis) from a given filer or filers."); Workiva Comment Letter ("[We] recommend adding the capability for an entity to request delegation."); XBRL II Comment Letter ("Vendors should be able to proactively request delegation from the registrant and receive confirmation [of delegation] on the site.").
Separately, several commenters requested that prospective delegated entities be able to automatically accept delegation invitations to lessen the burden on delegated entities' account administrators to manually accept each invitation. 120 The dashboard will be enhanced accordingly to allow prospective delegated entities to opt to automatically accept delegation invitations.
Footnotes:
120 ? See Workiva Comment Letter ("[We] also suggest adding an option to allow filing agent-type CIKs to auto-accept delegations."); XBRL II Comment Letter (asserting that filing agents/vendors should be able to request delegation, which could "be automatically approved by the registrant.").
One commenter was critical of the proposal's delegation of authority capabilities, warning that broad permissions granted to delegated entities to make submissions for the filer represent a significant risk regarding the accuracy and authenticity of filings. 121 We do not believe a delegated entity with permissions to make submissions for the filer will pose a significant risk because such risk is mitigated through the authorization requirements and verification. For example, delegated entities must be authorized and confirmed by a filer's account administrator on the dashboard, ensuring that only authorized and trusted entities are able to make submissions for the filer. Additionally, a delegated entity must have an EDGAR account and will be subject to the same requirements applicable to all filers. For the delegation to become effective, an account administrator of the delegated entity must accept the invitation, which means the account administrator at the delegated entity must first log into EDGAR using her individual account credentials and perform multifactor authentication.
Footnotes:
121 ? See Block Transfer Comment Letter ("There is real risk that delegates, armed with expansive filing capabilities, might submit false or misleading information, either inadvertently or maliciously.").
Commenters also raised concerns regarding burdens potentially associated with delegating authority to make submissions to co-registrants and asked for clarity regarding how such delegations would work. 122 Commenters further urged the Commission not to require that co-registrants be added to an EDGAR account as a user, account administrator, delegated user, or delegated administrator to make submissions, so long as the individual making the submission had the correct role-based permissions for the primary registrant and had provided the correct CCCs for the co-registrants, as currently required. 123 We acknowledge that requiring separate dashboard permissions for each co-registrant to make submissions could potentially be confusing. We also recognize concerns that commenters separately raised about the need for additional optional APIs, including APIs to verify filing credentials, view filer account information, and replicate dashboard functionality that would assist filers if co-registrants were required to have dashboard permissions to make submissions. 124 EDGAR will not require role-based permissions for co-registrants at this time, and the addition of co-registrants to a filing will continue to be performed the same way it is currently performed ( i.e., simply by listing the CIK and CCC of each co-registrant).
Footnotes:
122 ? See, e.g., Welch Comment Letter ("Does the Subject Company and the Co-registrants need to be delegated??"); DFIN Comment Letter ("[F]ilers would face difficulties in delegating co-registrants. Especially when it relates to merger acquisitions that may include hundreds of co-registrants.").
123 ? See, e.g., Workiva Comment Letter ("Only the primary registrant's set of valid credentials should be required to file for all co-registrants, and delegation or a function to designate as `co-registrant' is not necessary. Adding designation requirements significantly increases the risk for the overall filing submission."); XBRL II Comment Letter ("We encourage the Commission to continue the existing beta implementation [for co-registrants], which only forces the Filer and User Token requirements for the primary registrant, into the final rule/implementation phase.").
124 ? See infra section II.E.
2. Separation of Authority of Filer and Delegated Entity
[top] A filer's account administrator will not be able to access its delegated entity's dashboard or account or add or remove delegated users at the delegated entity, as discussed in the proposal. While delegated administrators and delegated users will be able to make EDGAR submissions and access the "Retrieve/Edit Data" section of the EDGAR Filing website on the filer's behalf, 125 delegated administrators and delegated users similarly will not be able to access the filer's dashboard? 126 or
Footnotes:
125 ?The "Retrieve/Edit Data" section of the EDGAR Filing website currently allows filers to perform certain administrative actions. Among other things, filers may view/edit their account information (such as the filer's name, contact information, and corporate information like State of incorporation and fiscal year-end), view the filer's current account balances and request the return of unused funds, and change the filer's password or CCC. As part of the transition to EDGAR Next, some of this functionality will be shifted to the dashboard, such as the filer's EDGAR POC. See infra note [125] and accompanying text.
126 ?As discussed further below in section II.C, the dashboard will generally be used to manage a filer's EDGAR account, including management of individuals authorized to act as account administrators, users, and technical administrators; management of entities authorized to act as delegated entities; and management of filer and user API tokens. Delegated entities will not need to access the filer's dashboard in order to make filings on the filer's behalf, since filings will be made directly on the EDGAR filing websites or through the optional APIs, as opposed to through the filer's dashboard.
Separately, as one commenter requested, the dashboard will be modified to allow delegated administrators and delegated users to make both COUPDAT and series and class update ("SCUPDAT") submissions. The Proposing Release contemplated that delegated administrators and delegated users would be able to submit SCUPDAT submissions on the filer's behalf to update series and class information (such as a new share class) but would not be able to make COUPDAT submissions to update the filer's company information (such as a new business address). One commenter asserted that delegated administrators and delegated users should be able to submit both COUPDATs and SCUPDATs on behalf of the filer. 127 Because allowing delegated administrators and delegated users to make both COUPDAT and SCUPDAT submissions provides consistency and reduces burdens associated with these updates, to the extent that such updates could then be delegated by the filer, this capability will be implemented in EDGAR. The filer's account administrators would receive notice of COUPDAT and SCUPDAT submissions on the dashboard and could take appropriate action should any unauthorized activity occur.
Footnotes:
127 ? See DFIN Comment Letter ("Delegated administrators and delegated users should have the ability to submit COUPDAT (company update submissions) and SCUPDAT (series & class updates).").
Delegated entities will not be able to further delegate authority to file to other entities on behalf of filers that delegate authority to them. 128
Footnotes:
128 ?For example, Filer A could delegate authority to file on its behalf to Filer B. Separately, Filer B could delegate authority to file on its behalf to Filer C. In this scenario, however, Filer B could not delegate to Filer C the authority to file on behalf of Filer A, and Filer C could not file on behalf of Filer A.
3. Delegated Entities
Because a delegated entity must have an EDGAR account, it must comply with the same requirements applicable to all filers. A delegated entity will therefore maintain its own EDGAR account with its own account administrators, users, and technical administrators. A delegated entity can be any EDGAR account, including but not limited to filing agents, 129 issuers making submissions on behalf of individuals filing pursuant to section 16 of the Exchange Act,a?nd parent companies of large groups of related filers. On the dashboard, a delegated entity will be able to receive delegated authority to file for an unlimited number of filers.
Footnotes:
129 ?We are adopting amendments to Rule 11 of Regulation S-T to define a "filing agent" as any person or entity engaged in the business of making submissions on EDGAR on behalf of filers. This definition includes law firms, financial services companies, broker dealers when making submissions on behalf of individuals filing pursuant to section 16 of the Exchange Act, and other entities engaged in the business of submitting EDGAR filings on behalf of their clients. See the discussion of amendments to Rule 11 in section II.F.2.
Several commenters provided comments on delegation specifically related to individuals with filing obligations pursuant to section 16 of the Exchange Act. Commenters indicated that the delegation framework contemplated by the Proposing Release would help section 16 filers comply with their filing obligations. 130 Individuals with section 16 filing obligations will be able to delegate authority to make submissions to filing agents or any other representative with an EDGAR account on the dashboard. This process will allow those individuals to obtain assistance with their filings, while permitting each filing to be associated with a specific individual at the delegated entity. One commenter asserted that section 16 filers would face compliance burdens, however, that would not be adequately addressed by the proposal. 131 The commenter stated that section 16 filers can sit on the boards of multiple companies and concluded that section 16 filers need an easier method to delegate permissions. As discussed above and as separately requested by commenters, the dashboard will include bulk delegation functionality, which should assist filers with multiple filing agents or other representatives with EDGAR accounts, including section 16 filers delegating authority to make submissions to related issuers. 132 The staff will provide detailed information about bulk delegation and other account management topics to section 16 filers to prevent confusion. Moreover, section 16 filers may choose to execute notarized powers of attorney to authorize relevant individuals at their filing agents, related issuers, or other representative entities as account administrators, thereby avoiding the need to obtain individual account credentials, log into the dashboard, make filings or delegate authority on the dashboard.
Footnotes:
130 ? See XBRL II Comment Letter ("Yes, the ability to delegate authority would help infrequent filers such as Section 16 filers."); Workiva Comment Letter (responding to the Commission's request for comment regarding section 16 filers by stating: "We believe the proposed framework is adequate to support filing responsibilities.").
131 ? See XBRL II Comment Letter ("[W]e do not believe the rule proposal adequately addresses the needs of Section 16 filers and single individual filers [who] will perform their own code management. For these filers, the rule does not specifically address how they can manage this. Many sit on boards of multiple companies, some as many as 20, and will need to set up or designate each individual as an account administrator. The Commission needs to address how there can be an easier method to delegate permission for someone to file on their behalf.").
132 ? See supra note 107 and accompanying and following text; see also Toppan Merrill Comment Letter ("Allow bulk delegation for a group of CIKs. This would be useful for an Administrator of an Issuer and all of their Section 16 filer CIKs to delegate to Filing Agents as well as affiliated CIKs.").
If a filer authorizes a delegated entity to file on its behalf, one of the delegated entity's account administrators must accept either the dashboard or the email invitation for the delegation to be effective; further, upon acceptance, all the delegated entity's account administrators will automatically become delegated administrators for the filer. All delegated administrators for the filer will have co-equal authority with regard to that filer. If the delegated entity adds or removes one of the account administrators for its own EDGAR account, then that individual will also be added or removed as a delegated administrator for the filer. These relationships are illustrated in diagram 3 below.
[top]
[Federal Register graphic "ER27DE24.013" is not available. Please view the graphic in the PDF version of this document.]
4. Delegated Users
As described in the Proposing Release, if a delegated entity accepts a delegation from a filer, the delegated administrators can authorize specific users at the delegated entity to become delegated users with respect to that filer. As discussed below, delegated administrators will be able to authorize delegated users in accordance with the process outlined in the Proposing Release. In addition to what was discussed in the Proposing Release and taking account of a commenter's suggestion, the dashboard will be updated to generally enable bulk actions in various contexts, including delegation.
Delegated users will not count as part of the 500-user limit on the dashboard for the delegating filer. If delegated administrators want all their users to become delegated users with respect to a filer, a delegated administrator can check a box on the dashboard to automatically authorize all users at the delegated entity as delegated users for the filer. Alternately, delegated administrators will be able to authorize a subset of the delegated entity's users as delegated users; authorize all of the delegated entity's users as delegated users for the filer; or not authorize any delegated users (because the delegated administrators will be able to file on behalf of the filer). 133 After the delegated user accepts the initial invitation from the delegated administrator, the user will receive notifications regarding further changes to its role (including changes to filers for which it will be a delegated user, and changes to the user groups it will be affiliated with), but the user will not need to accept those notifications or take any further action for the changes to be effective.
Footnotes:
133 ?For this reason, delegated administrators could not be authorized as delegated users regarding the delegating filer, because doing so would be redundant.
One commenter stated that delegated administrators should be able to remove a delegated user from all delegations via a single bulk action without having to manually edit each delegation. 134 The commenter further asserted that delegated users should be able to remove themselves from all delegations without editing each delegation. 135 In these circumstances, we believe that it is more likely that a delegated administrator would remove a delegated user, or the delegated user would remove herself, as a user for the delegated filer, and thus the dashboard will not specifically provide these requested features. The dashboard will be enhanced, however, to generally enable bulk actions in various contexts, including with respect to delegation. 136 In addition, optional APIs will be offered to allow filers to add and remove individuals' authorizations rapidly and easily. These accommodations should largely address commenters' concerns; in addition, further technical enhancements to the dashboard will continue to be considered.
Footnotes:
134 ? See Workiva Comment Letter ("[D]elegated admins should be able to remove a delegated user from all delegations without having to edit each delegation one by one as the person may need to remain on the Dashboard for a role other than the delegated role.").
135 ? See Workiva Comment Letter ("[D]elegated users should have the ability to remove themselves from all delegations without editing one by one.").
136 ? See text following note 118 (discussing the dashboard's bulk delegation functionality).
Delegated users will be able to submit filings on behalf of the filer on the EDGAR filing websites or through the optional submission API, as discussed below.
5. User Group Functionality at Delegated Entities
Delegated entities, through their delegated administrators, will be able to employ user groups to assign certain users to different filers for which they possess delegated authority to file, as described in the Proposing Release. An example is provided in diagram 4 below.
[top]
[Federal Register graphic "ER27DE24.014" is not available. Please view the graphic in the PDF version of this document.]
• In diagram 4, the account administrators for Filer A and Filer B delegated to Filer C. As a result, Filer C's account administrators became delegated administrators for Filers A and B. In this example, Filer C might be a filing agent to which Filer A or Filer B gave authority to make filings on its behalf, and Filer A and Filer B might be public companies or investment companies.
• A delegated administrator at Filer C created User Group 1 containing Filer C's Users 1, 2, and 3. The delegated administrator assigned authority to file for Filer A to User Group 1. Users 1, 2, and 3 are thus delegated users for Filer A because they are members of User Group 1. If additional users from Filer C were added to User Group 1, those additional users would also become delegated users for Filer A.
• The delegated administrator at Filer C also created User Group 2 containing Filer C's User 3. The delegated administrator assigned authority to file for Filer B to User Group 2. User 3 is a delegated user for Filer B.
• By employing the user group function, the delegated administrator at Filer C restricted delegated filing permissions for Filer A to Filer C Users 1, 2, and 3 only (via User Group 1) and delegated filing permissions for Filer B to Filer C User 3 only (via User Group 2). Filer C User 4 has not been authorized as a delegated user for any filers.
• In diagram 4, each user group has only been assigned authority to file for a single filer, but user groups could be assigned authority to file for multiple filers.
Delegated administrators will also be able to authorize a default user group of individuals who will be automatically assigned as delegated users for all future delegations. The ability to have a default user group will provide an efficient way for delegated administrators to authorize groups of their users as delegated users for any filer.
Users will receive notifications when added to or removed from a user group, and when the user group to which they belonged becomes authorized to make submissions for a filer, or when that authorization is removed. As noted, users will not need to accept or otherwise take any action on these notifications.
As discussed above, in response to comments received, the dashboard will be enhanced to allow wildcard searches including first and last names, which should make it easier for filers to construct user groups and to generally manage individuals on the dashboard. 137
Footnotes:
137 ? See supra note 92 and accompanying and following text.
6. Technical Administrators at Delegated Entities
If the delegated entity chooses to connect to APIs, the delegated entity will be required to authorize its own technical administrators, as discussed in the Proposing Release, and required by paragraph (d)(3) of Rule 10 as adopted. The delegated entity's technical administrators will be responsible for managing the API connections and the filer API tokens for the delegated entity. The delegated entity may make submissions for any filers that delegate authority to it using the delegated entity's API connections and filer API tokens, and the individual at the delegated entity making submissions for the filer would present his user API token generated on the dashboard, if the relevant API requires presentation of a user API token.
In addition, as discussed above, in a change from what was contemplated in the Proposing Release, paragraph (d)(3) of Rule 10 as adopted now specifies that a filer may use its delegated entity's API connections and filer API tokens so long as the delegated entity complies with the requirement to maintain at least two technical administrators. The delegated entity's technical administrators may share the delegated entity's filer API tokens with its filers, as discussed further below. The delegated entity's technical administrators will not need to generate different filer API tokens for different delegating filers that use the delegated entity's API connections. The individual at the filer using the delegated entity's API connections and filer API tokens must present her own user API token to the APIs, if the particular APIs require presentation of a user API token.
D. Hours of Operation of the Dashboard
As contemplated in the Proposing Release, the dashboard will be available during EDGAR operating hours, 6 a.m. to 10 p.m. Eastern Time each day except Saturdays, Sundays, and Federal holidays. Optional APIs that provide much of the same functionality as the dashboard will also be available during those hours because the APIs rely on dashboard availability.
[top] Several commenters requested increased dashboard operating hours, including requests that the dashboard be available during weekends and/or 24 hours a day. 138 While we acknowledge
Footnotes:
138 ? See, e.g., Toppan Merrill Comment Letter ("It would be beneficial to allow the dashboard to be open 24 hours a day, Monday through Friday."); Block Transfer Comment Letter ("We respectfully believe the Commission should not limit EDGAR Next operations to the DC workweek. . . . [W]e believe a 24/7 EDGAR would revolutionize international capital markets by providing a standard for all issuers.").
139 ?Regulation S-T provides that filings "may be submitted to the Commission each day, except Saturdays, Sundays, and Federal holidays, from 6 a.m. to 10 p.m., Eastern Standard Time or Eastern Daylight Saving Time, whichever is currently in effect." 17 CFR 232.12(c).
E. Optional Application Programming Interfaces
Commenters broadly supported the addition of optional APIs to EDGAR, including those listed in the Proposing Release. 140 EDGAR will therefore offer the optional APIs detailed below to provide filers with secure, efficient and automated methods of interacting with EDGAR. These optional APIs will be available to enrolled filers upon the effective date of the rule and form changes on March 24, 2025. The optional APIs include those discussed in the Proposing Release-a submission API to allow filers to make both live and test submissions on EDGAR ("submission API"); a submission status API to allow filers to check the status of an EDGAR submission ("submission status API"); and an operational status API to allow filers to check EDGAR operational status ("EDGAR operational status API")-as well as 12 additional optional APIs requested by commenters, detailed below.
Footnotes:
140 ? See, e.g., Comment Letter of Andrew Danneffel (November 20, 2023) ("Danneffel II Comment Letter") ("The introduction of APIs to interact with EDGAR is very much welcome."); Toppan Merrill Comment Letter ("The proposed APIs accomplish the objectives of secure, efficient, and automated machine-to-machine communication."); Comment Letter of Chris V. (Nov 21, 2023) ("Chris V. Comment Letter") ("For this proposal, I believe specifically the API access outlined in Rule 10(d)(3) is the most crucial item which should be added to the regulations.").
Commenters recommended that optional APIs mirroring the functionality in the dashboard be added to those discussed in the Proposing Release to reduce the burden associated with manual dashboard tasks. 141 We will offer the majority of APIs that commenters requested, which should largely address commenters' concerns regarding account administrators' manual management of numerous individuals and accounts on the dashboard, as well as commenters' request for enhanced EDGAR automation. For example, APIs will assist individuals who are account administrators for multiple EDGAR accounts, such as investment company fund families or asset-backed securities issuers with potentially hundreds of affiliated EDGAR accounts. 142 We previously indicated that more APIs would be added if feasible, and the additional APIs requested by commenters will be made available to enrolled filers when the EDGAR Filer Management dashboard goes live on March 24, 2025. In addition, filers whose application on amended Form ID is granted on or after March 24, 2025, will be able to connect to the optional APIs. Collectively, the optional APIs will provide in machine-to-machine connections the majority of functions on the dashboard for those filers that choose to manage their EDGAR accounts in a more automated manner. 143 Additional APIs may be made available in the future as feasible. Connection to APIs is optional.
Footnotes:
141 ? See, e.g., Workiva Comment Letter ("All functionality provided by the EDGAR Dashboard should be available via APIs. . . . The administration burden and ongoing maintenance costs [of manually using the dashboard] will be significant and could ultimately impact the cost burden on the filers"); XBRL II Comment Letter ("A complete set of Filer Management APIs must be made available for effective management by filing agents and other entities that support large numbers of registrants. . . . This scale is not manageable using the Filer Management dashboard and would result in an overwhelming amount of email and incur a significant support burden and associated costs."); Chris V. Comment Letter ("My suggestion for improving the proposal is to provide the API on a wider scale.").
142 ? See, e.g., ICI Comment Letter ("EDGAR Next should provide a mechanism to provide for filers who have a multi-filer structure, such as Funds."); Toppan Merrill Comment Letter ("EDGAR Next should provide a mechanism to affiliate and manage filers who have a multi-filer structure.").
143 ?The APIs will be available concurrently with EDGAR Filer Management dashboard availability-during EDGAR business hours, from 6 a.m. to 10 p.m. Eastern Time, each day except Saturdays, Sundays, and Federal holidays. See section II.D.
If filers choose to connect to APIs, filers must comply with the requirement of paragraph (d)(3) of Rule 10, as adopted, to authorize, through their account administrators, at least two technical administrators, unless the filer uses the filer API tokens and API connections of its delegated entity (so long as that entity is in compliance with the requirement to maintain at least two technical administrators pursuant to paragraph (d)(3) of Rule 10), as discussed further herein. Additionally, filers that choose to connect to the APIs must comply with the requirements of the EDGAR Filer Manual as amended to present filer API tokens and user API tokens to EDGAR generated on the dashboard on a periodic basis, unless filers use the filer API tokens and API connections of their delegated entity (and the individual at the filer presents her user API token, if required by that API). Filers, including delegated entities, that maintain at least two technical administrators and connect to APIs must present a filer API token and the individual at the filer must present a user API token to the APIs (if the relevant API requires a user API token). If a filer chooses to use the filer API token and API connections of its delegated entity, that filer's individual account administrator or user must still present to the API a user API token the individual generates on the dashboard (if the relevant API requires a user API token). 144
Footnotes:
144 ?This requirement is included in the EDGAR Filer Manual, as amended. See amended EDGAR Filer Manual, Volume I. We note that specific required inputs vary by API. For example, the EDGAR operational status API will not require user API tokens, as discussed further below.
The API tokens represent a security requirement that eliminates the need for manually entering individual account credentials and performing multifactor authentication each time a submission is made. Instead, multifactor authentication and individual identification occurs when the technical administrator logs into the dashboard to generate the filer API token annually and when the relevant account administrator or user logs into the dashboard to generate a user API token every 30 days, in accord with the time durations of the tokens specified in the EDGAR Filer Manual as amended.
[top] Filers who choose to connect to optional APIs will need to create certain software to make technical connections to the APIs, as they would any other API. Commission staff are providing filers with open-source code for a sample filing application that will facilitate filers' connections to the three APIs noted in the Proposing Release in the EDGAR API Development Toolkit ("API Toolkit"), available on SEC.gov. The sample filing application will
Footnotes:
145 ?The sample filing application code is a starting point for smaller filers that may not already have a filing application and want to enter the API space. This sample code can serve as a troubleshooting guide/reference material for all developers because it uses specific technologies ( e.g., PostgreSQL, NodeJS, Angular) that are well documented, standard, and can be understood by a mid-level programmer.
1. APIs That Commission Staff Will Provide
a. Submission API
Consistent with the discussion in the Proposing Release, the submission API will give filers the option to submit test and live filer-constructed EDGAR submissions. 146 This API should allow filers to rapidly and efficiently submit large numbers of filings in an automated manner, instead of requiring them to manually log into EDGAR to make filings one at a time. 147 Successful connection to the submission API will transmit a filer-constructed submission to EDGAR, at which point the submission will be subject to routine EDGAR validation checks and processing.
Footnotes:
146 ?Currently, EDGAR accepts approximately 525 submission types, of which approximately 500 (95%) permit filer construction.
147 ?Filers who do not wish to use the API to make filer-constructed submissions, and filers making other types of submissions, could continue to file through the web-based EDGAR filing websites. Whether submissions were made through the API or the EDGAR filing websites, filers will specify the CIK for which they are making submissions. That CIK number will be reflected in the accession number associated with those submissions. Filers could change the login CIK reflected in the accession number at any time to any other CIK for which the filer is authorized to file on EDGAR. For example, a filing agent could choose to submit filings for a client filer using its own login CIK, or by using its client filer's login CIK.
One commenter suggested the introduction of submission endpoints specific to major forms offered to filers. 148 The commenter asserted this could be used to control filing permissions for specific forms so that, for example, a filer could delegate permissions for only certain specific form types. Although some filers may wish to engage in limited delegations of authority, there is no current plan to introduce that level of granularity to EDGAR. Under EDGAR Next, a filer's account administrators will receive a notification when the delegated entity makes a submission for the filer, and if that submission is made without the filer's authorization, the filer's account administrators will be able to remove the delegated entity's authority to make submissions on the filer's behalf and take other corrective actions. Moreover, providing form-specific filing permissions could be logistically difficult to administer as EDGAR currently accepts 525 submission types.
Footnotes:
148 ? See Block Transfer Comment Letter ("We respectfully present to the Commission that there should be submission endpoints specific to major forms offered to filers. Specific routes for each filing enable the Commission to check for route-specific endpoint authorization. That way, an issuer that authorizes another filer to submit automated insider transaction reports does not have to worry about the agent submitting a Form 10-K.").
b. Submission Status API
As discussed in the Proposing Release, a submission status API will allow filers to leverage their filing application to simultaneously check the status of multiple submissions in a batch process, instead of manually logging into EDGAR and individually checking the status of each submission. The submission status API will indicate whether each submission has been submitted and accepted, but not yet publicly disseminated;? 149 submitted and accepted, and publicly disseminated; or submitted and suspended.
Footnotes:
149 ?Generally, filings are first accepted and then subsequently disseminated. Certain filings, however, remain nonpublic and are never disseminated. Therefore, those filings never progress from accepted to disseminated status.
One commenter requested that the submission status API be modified to provide additional information so that filers could more fully understand the exact status of their EDGAR submissions. 150 As requested by the commenter, the submission status API will be enhanced to provide all information currently contained in EDGAR submission notifications.
Footnotes:
150 ? See Workiva Comment Letter ("Missing information includes, but is not limited to, warning/error labels (as shown on https://www.sec.gov/edgar/messages ), the number of documents processed, the received and filing dates, series/class information, Section 16 reporting owner/issuer details, Subject Company, file number(s), and Item Submission accession number and type information for combined filings. The current Submission Notification HTML document contains this information and the API should be modified to include this document . . . .").
c. EDGAR Operational Status API
As discussed in the Proposing Release, an EDGAR operational status API will allow filers to leverage their filing application to check the operational status of EDGAR at any given time. The EDGAR operational status API will indicate whether EDGAR is fully operational, unavailable (after business hours), or not fully operational in whatever regard at that point in time (for example, if EDGAR is not disseminating to SEC.gov ). We did not receive any comments specifically regarding the EDGAR operational status API.
In addition to the APIs discussed in the Proposing Release, the following APIs will be offered in response to commenter requests, as described below.
d. Filing Credentials Verification API
Several commenters requested the addition of an API to allow filers to confirm the validity of all credentials involved in an API-based filing. 151 One commenter asserted that this API would be used thousands of times per day and would help detect authorization errors prior to submission, which would in turn reduce the amount of invalid filing submissions and reduce the load on both filing software and EDGAR systems. 152 A "filing credentials verification API" will be added, as requested by commenters, which should assist filers in verifying the status of their credentials, allowing them to accurately schedule and submit filings. The API will indicate if the provided credentials have filing permissions with regarding the provided CIK, and if so, will also provide the upcoming account confirmation deadline and the expiration dates of the provided API tokens.
Footnotes:
151 ? See, e.g., Workiva Comment Letter ("We suggest adding an API which would return specific, comprehensive information about the status of all credentials involved in an API-based filing."); Danneffel II Comment Letter ("I'd like to suggest an additional API be added that tests the validity of a user/filer token combination . . . ., The proposed API would check:-If the user token is valid (exists and is not expired)-If the filer token is valid (exists and is not expired)-If the user token is authorized to file using the filer token . . . .").
152 ? See Workiva Comment Letter ("This new API would be accessed prior to every filing submission, so it could be expected to be called thousands of times per day-although detecting authorization errors prior to submitting a filing would reduce the amount of invalid filing submissions and would reduce the load on both filing software and EDGAR systems.").
[top]
e. APIs To View Individuals, Add Individuals, Remove Individuals, and Change Roles
Several commenters requested the addition of optional APIs to replicate dashboard functionality to allow filing agents and other entities that support large numbers of registrants to more easily manage filer accounts. 153 Separate optional APIs will be provided so that filers may view individuals authorized for a CIK, add individuals, remove individuals, and change roles for individuals. 154 Collectively, these APIs should enable filing agents and other entities that support large numbers of filers to rapidly and efficiently manage individual authorizations and roles for those filers.
Footnotes:
153 ? See Workiva Comment Letter ("All functionality provided by the EDGAR Dashboard should be available via APIs. While the Dashboard may be sufficient for individual registrants, it will be unworkable for many filing agents."); XBRL II Comment Letter ("A complete set of Filer Management APIs must be made available for effective management by filing agents and other entities that support large numbers of registrants. . . . This scale is not manageable using the Filer Management dashboard and would result in an overwhelming amount of email and incur a significant support burden and associated cost.").
154 ?In addition, APIs will be provided related to delegation and CCCs.
f. APIs To Send Delegation Invitations, Request Delegation Invitations, and View Delegations
As discussed above, commenters requested the addition of optional APIs to replicate dashboard functionality to allow filing agents and other entities that support large numbers of registrants to more easily manage filer accounts. 155 Separate optional APIs will be provided to allow filers to send delegation invitations to prospective delegated entities, request delegation invitations from prospective delegating filers, and view delegations currently in place (including both delegations received from filers and also delegations provided to delegated entities). Collectively, these optional APIs should enable filing agents and other entities that support large numbers of filers to manage delegations rapidly and efficiently for those filers.
Footnotes:
155 ? See supra note 141153.
g. APIs To View Filer Account Information, Generate CCC, and Create Custom CCC
Several commenters requested the addition of an optional API to make available on a machine-to-machine basis the same functionality that is currently provided within the "Retrieve/Edit Data" section of the EDGAR Filing website. 156 That functionality includes, but is not limited to, the ability to view/edit filer account information such as the filer's name, contact information, and corporate information like State of incorporation and fiscal year-end, view the filer's current account balances and request the return of unused funds, and change the filer's password or CCC. As part of the transition to EDGAR Next, some of this functionality will be shifted to the dashboard, such as the filer's EDGAR POC. In addition, the fee-related aspects of this functionality raise unique technical challenges that make providing APIs for those functions more difficult due to the current systems and processes surrounding payment and fee information. 157 For those reasons, separate APIs will not be added at this time for each of the functions currently provided in the "Retrieve/Edit Data" section of the EDGAR Filing website.
Footnotes:
156 ? See XBRL II Comment Letter ("All functionality provided under the Retrieve/edit data section of the EDGAR site should have an equivalent API implementation. . . ."); Toppan Merrill Comment Letter ("Ideally, all functionality that is currently available within the `Retrieve/Edit' data under a CIK within EDGAR will be available through an API in EDGAR Next.").
157 ?Filing fee information will remain in the "Retrieve/Edit Data" section of the EDGAR Filing website; it will not be accessible on the dashboard.
To address commenter concerns, however, a "view filer account information API," as well as a "generate CCC API" and a "create custom CCC API," will be added. The optional view filer account information API will allow filers to view the filer's name, contact information, CCC, CIK type (company, single-member company, or individual), and next confirmation date. The optional generate CCC and create custom CCC APIs will allow filers to generate a new CCC at any time to enhance filer security without causing filing delays.
h. Enrollment API
To facilitate the requirement that existing filers enroll in EDGAR Next, an optional API designed to automate the enrollment process will be added. As stated in the Proposing Release, filers may enroll in EDGAR Next either through, (a) manual enrollment of single accounts on an account-by-account basis or (b) enrollment of multiple accounts simultaneously, by completing and uploading a spreadsheet of up to 100 filers (100 rows) per bulk enrollment. Several commenters expressed concerns regarding the volume and complexity of enrollment and requested that some form of automation or increased flexibility be provided regarding the enrollment process. 158 The "enrollment API" should help address these concerns by streamlining the enrollment process.
Footnotes:
158 ? See, e.g., Workiva Comment Letter ("[W]e suggest automatically enrolling the current POC as a super administrator by default. . . . We highly recommend that the initial transition should include preloaded delegations based on filing history, with the option of automatic acceptance by filing agents. . . ."); XBRL II Comment Letter ("We recommend that the CSV limit be increased to 500, from the proposed limit of 100.").
2. API Tokens
For filers that opt to connect to APIs, filer API tokens and user API tokens if the relevant API requires presentation of a user API token, will be required by the EDGAR Filer Manual as amended, as discussed in the Proposing Release. The use of tokens to connect to optional APIs is a security requirement designed to minimize the potential for unauthorized access to filers' accounts on EDGAR.
As discussed in the Proposing Release, the EDGAR Filer Manual will be amended to require that filers that connect to the optional APIs have a technical administrator generate a filer API token on the dashboard to authenticate the filer. The filer API token will remain valid for up to one year. In a change to what was discussed in the proposal, a filer will be allowed to use its delegated entities' filer API tokens and API connections (and rely upon its delegated entities' technical administrators), so long as the filer's delegated entity has authorized at least two technical administrators pursuant to paragraph (d)(3) of Rule 10 and the individual at the filer using its delegated entity's filer API tokens and API connections provides a valid user API token if the relevant API requires presentation of a user API token, as set forth below. Further, as discussed in the Proposing Release, the EDGAR Filer Manual will be amended to require that an individual user or account administrator generate a user API token on the dashboard to authenticate herself. In a change to the discussion in the Proposing Release indicating that the EDGAR Filer Manual would require that the user API token would remain valid for up to one year so long as the user logged into EDGAR at least every 30 days, the EDGAR Filer Manual will specify that the user API token will remain valid for 30 days from the time the token is generated.
[top] One commenter recommended that a filer be able to use the filer API token generated by the filer's delegated entity. 159 This suggestion will be
Footnotes:
159 ?Workiva Comment Letter ("[T]he proposed delegation scenario is not well suited for automated filing solutions, since while the filing software can use its filer token, an employee of the filing software provider would not typically be involved to provide their user token. One solution would be to allow the registrant's authorized user to use their user token with the delegated filing software's filer token.").
Another commenter expressed concern that expiring API tokens could frustrate the ability of filers to plan ahead to make filings and suggested that the Commission provide an API to allow filers to programmatically check expiration dates for relevant filer API tokens and user API tokens. 160 As discussed further above, an optional filing credentials API will be offered so that filers can check filing credentials, including information regarding API token expiration dates and account confirmation deadlines.
Footnotes:
160 ? See XBRL II Comment Letter ("We also suggest that the Commission give users the ability to see information about the token, for example what is the upcoming expiration date. This could be executed through an API that provides visibility into whether the token should work, and if it is not functional, an explanation as to why it is not working.").
Many commenters objected to the 30-day login requirement for the user API token discussed in the proposal and stated that it would be especially burdensome for infrequent filers. 161 One commenter also expressed concerns about the complexity and multiple layers of requirements contemplated for user API tokens, citing the one-year validity period and 30-day login requirements. 162 Another commenter supported the 30-day login requirement as being justified in terms of providing additional security. 163
Footnotes:
161 ? See, e.g., XBRL II Comment Letter ("[T]he requirement to log into an EDGAR website, interactively, every 30 days means that many Section 16 reporting owners will be continuously inactivated."); SIFMA Comment Letter ("[W]e recommend that EDGAR Next access credentials not be removed for mere inactivity, which the Commission indicates would happen with API tokens that are not used during a 30 day period."); Workiva Comment Letter ("According to our customer survey, about 72% of the respondents indicated that [the 30-day login requirement for user API tokens] poses a significant burden or risk to their filing teams. We strongly recommend that the Commission eliminate this requirement.").
162 ? See XBRL II Comment Letter ("[W]e are concerned about the multiple layers of requirements for the token API, for example, the expiration and 30-day login requirements, which will be challenging, particularly for sporadic filers.").
163 ? See Chris V. Comment Letter ("In the vein of additional security, the proposal as written also currently suggests requiring monthly logins to maintain access to an API access code which is open for one year. I feel this could be considered heavyhanded in comparison to the fairly lax standards which exist today, but I do think it's worth the additional security and expectation from those submitting data.").
We considered these comments as well as the need to enhance system security. As a result, in a change to what was discussed in the Proposing Release, the EDGAR Filer Manual as amended will specify that the user API token will expire 30 days after the individual generates the token. The Proposing Release by contrast contemplated that the user API token would remain valid for one year so long as the user logged into the dashboard every 30 days. Thus, rather than logging in every 30 days to keep the user API token active, as discussed in the Proposing Release, the individual is required to log in every 30 days to generate a new user API token. The shorter duration of the user API token will enhance the security of APIs, especially in light of the annual duration of the filer API token. Shorter validity periods and more frequent expiration dates limit the risk exposure of a token being lost or stolen during the validity period, and thus more frequent expiration dates are generally preferable from a security perspective. Separately, the 30-day duration of the user API token avoids the potential confusion posed by a token that persists for one year only if the user logs into EDGAR every 30 days, a concern expressed by one commenter noted above. 164 We note that an optional API will be offered, as requested by commenters and discussed above, to allow filers easily to retrieve the expiration dates of the filer API token and user API token.
Footnotes:
164 ? See XBRL II Comment Letter ("[W]e are concerned about the multiple layers of requirements for the token API, for example, the expiration and 30-day login requirements, which will be challenging, particularly for sporadic filers.").
While we understand the concerns raised by commenters, we do not think it is unduly burdensome for section 16 and other periodic filers who choose to make submissions through APIs to log into the dashboard and generate a new user API token once per month or otherwise prior to making an infrequent filing. Further, as is the case currently, the individual making the submission need not be the filer itself. Section 16 and other periodic filers could authorize through powers of attorney relevant individuals at their filing agents or other representatives as account administrators, eliminating the need for the section 16 or other periodic filer to obtain individual account credentials or otherwise interact with the dashboard. Alternatively, section 16 and other periodic filers could delegate authority to file to one of these entities (so long as that entity has an EDGAR account), thereby eliminating the need for the section 16 filer herself to log into the dashboard to generate user API tokens. In addition, as noted elsewhere in this release, generating a user API token is a straightforward process accomplished on the dashboard, and we estimate that a user API token could be generated within approximately one minute of logging into the dashboard. Moreover, the ability of a filer to authorize multiple account administrators and users, each with a user API token expiring at a different time, lessens concerns about the need to generate a new user API token for a particular user when a filing deadline is approaching.
A commenter suggested that the SEC allow the use of "organizational user tokens" that would represent the filer as a whole, as opposed to identifying a specific individual. 165 Similarly, another commenter suggested that filers using third-party filing software should be able to submit filings by presenting a user API token belonging to an individual at the third-party filing software company, so that the individual who was making the filing would not need to obtain a user API token to identify herself. 166 We decline to implement these suggestions because they would frustrate the Commission's objective of identifying the individual making the filings and taking actions on EDGAR through APIs.
Footnotes:
165 ? See Workiva Comment Letter (indicating that the SEC should allow an organizational user token that represents the organization as a whole and that could be managed the same way as an individual user API token).
166 ? See Comment Letter of Martin Francisco (November 21, 2023) ("Would it be deemed permissible to use a single user token belonging to the administrator of a third-party filing solution to submit filings created by independent users of that third-party filing solution? Such a deployment would make it easier for users of that third-party solution (no individual token management needed).").
[top] Other commenters suggested that API tokens should have no expiration dates or alternately should be automatically
Footnotes:
167 ? See XBRL II Comment Letter ("We recommend never letting the token expire, or at a minimum setting a longer time for the token expiration period."); Comment Letter of Jacob Halstead (January 17, 2024) (suggesting the SEC should "allow applications to . . . renew the token without user interaction.").
One commenter suggested that filers and filing agents may in practice share filer API tokens and user API tokens across multiple organizations with the result that submissions will not be as secure as anticipated and not necessarily be associated with the individual who generated the user API token. 168 To be clear, Rule 10 as amended requires that individuals access EDGAR by logging in with their own Login.gov individual account credentials and employ multifactor authentication. The EDGAR Filer Manual as amended will further require that user API tokens be associated with the individual logging into EDGAR. As discussed in this release, the Commission seeks to trace submissions to the individual who logs into EDGAR with individual account credentials and completes multifactor authentication. For APIs, presentation of the individual's user API token allows the Commission to identify who makes each submission or takes action on EDGAR, a primary goal of this rulemaking. We agree that the potential scenario described by the commenter compromises EDGAR security, and we reiterate that we expect filers to comply with the requirements of Rule 10 and the EDGAR Filer Manual as amended.
Footnotes:
168 ? See Workiva Comment Letter ("We feel that the proposed filer and user tokens system may be less secure in practice than anticipated. Since many registrant and reporting owner filings are handled by multiple filing agents and due to additional administration and management requirements in the EDGAR Next proposal, these long-lived tokens will likely be shared amongst multiple organizations and may provide no actual assurance that a filing is being submitted by the user associated with the token.").
EDGAR Next provides filers flexibility to manage the security tokens required for connection to optional APIs. Filers may generate an unlimited number of filer API tokens on the dashboard. Filers may use the filer API tokens and API connections of their delegated entities. With respect to user API tokens, filers have several options to authorize up to 500 individuals to make submissions. Filers may authorize up to 20 account administrators in total (including individuals not employed at the filer or its affiliates through notarized powers of attorney), and those account administrators may authorize up to 500 users, all of whom would be authorized to make submissions on behalf of the filer and would be able to generate user API tokens. Filers may delegate authority to filing agents or any other EDGAR account to file on their behalf, and those entities may each have up to 20 account administrators and 500 users. Any of these individuals would be able to generate a user API token and make submissions on behalf of the filer in compliance with EDGAR Next.
F. Final Amendments to Rules and Forms
1. Rule 10 of Regulation S-T
The Commission proposed to amend Rule 10 of Regulation S-T to add new paragraph (d) and to make certain clarifying and conforming changes in paragraph (b) and in the note to Rule 10. We did not receive any comments concerning the proposed amendments to Rule 10. We received one comment peripheral to paragraph (b)(2) of Rule 10 requesting that the technical process of uploading PDFs to EDGAR be improved. As discussed in more detail below, that improvement to EDGAR will be made. 169
Footnotes:
169 ?EDGAR will be enhanced to ensure that when a Form ID PDF is created from the dashboard, that PDF will not contain hyperlinks that may interfere with the upload of the document to EDGAR. To be clear, this technical change is unrelated to the amendments to Rule 10.
We are adopting, largely as proposed, amendments to Rule 10 of Regulation S-T to add paragraph (d). New paragraphs (d)(1) through (4) are discussed in full above. As discussed above, we are adopting paragraph (d)(3) of Rule 10 with a few slight modifications from the proposal: paragraph (d)(3) of Rule 10 will refer to filers that "connect to" APIs rather than filers that "use" APIs, and will not apply to a filer that has delegated authority to file on the dashboard to a delegated entity that is in compliance with the rule's requirements. In addition, as noted above, minor revisions to paragraph (d)(2) as proposed were made to the paragraph as adopted to clarify that each individual or single-member company electronic filer must authorize and maintain at least one individual as an account administrator to manage its EDGAR account.
We are adopting amendments, as proposed, to add new paragraph (d)(5) of Rule 10 to require that the filer, through its authorized account administrators, maintain accurate and current information on EDGAR concerning the filer's account, including but not limited to accurate corporate information and contact information, such as mailing and business addresses, email addresses, and telephone numbers. This constitutes an ongoing obligation for the filer to update its information on EDGAR as necessary. New paragraph (d)(5) is analogous to the existing requirements set forth in the EDGAR Filer Manual, Volume I to maintain accurate company information on EDGAR, which we are amending accordingly to reference new paragraph (d)(5). 170 The requirement in paragraph (d)(5) of Rule 10 will provide greater assurance to Commission staff and the public about the accuracy of the filer's information contained in EDGAR.
Footnotes:
170 ? Compare current EDGAR Filer Manual, Volume I, at section 5 ("Filers must maintain accurate company information on EDGAR, including but not limited to a filer's current name, business mailing address, and business email address.") with amended EDGAR Filer Manual, Volume I, at section 4 ("As required by Rule 10(d)(5) of Regulation S-T, 17 CFR 232.10(d)(5), filers must maintain accurate and current company information on EDGAR concerning the filer's account, including but not limited to accurate contact information and corporate information, if relevant.").
We are also adopting amendments, as proposed, to add paragraph (d)(6) of Rule 10, which requires the filer, through its authorized account administrators, to securely maintain information relevant to the ability to access the filer's EDGAR account, including access through any EDGAR API. This requirement is designed to ensure that information relevant to the ability to access the filer's account, such as individual account credentials and API tokens, is securely maintained and not publicly exposed or otherwise compromised. New paragraph (d)(6) of Rule 10 is analogous to requirements set forth in the EDGAR Filer Manual, Volume I to securely maintain EDGAR access and to maintain accurate company information on EDGAR. 171
Footnotes:
171 ? Compare current EDGAR Filer Manual, Volume I, at section 4 ("Filers must securely maintain all EDGAR access codes and limit the number of persons who possess the codes. EDGAR access codes include the password, passphrase, CCC, and password modification authorization code (PMAC).") with amended EDGAR Filer Manual, Volume I, at section 3 ("Each applicant or filer may only authorize to act on its behalf on EDGAR those individuals who have obtained individual account credentials through Login.gov . . . . Individual account credentials are intended for the use of the individual who obtained them to allow identification of the individual taking action on EDGAR. Individual account credentials must not be shared with other individuals.").
[top]
The Commission is also adopting, substantially as proposed, amendments to Rule 10 to make certain clarifying and conforming changes. Paragraph (b) of Rule 10 is being revised to refer to "each electronic filer" required to submit Form ID before filing on EDGAR, instead of "each registrant, third party filer, or filing agent."? 172 This change is not intended to alter the scope of who is subject to paragraph (b) of Rule 10, but instead clarifies that all new electronic filers are required to submit Form ID for review and approval by Commission staff before they may file on EDGAR.
Footnotes:
172 ? Compare current paragraph (b) of Rule 10 of Regulation S-T ("Each registrant, third party filer, or filing agent must, before filing on EDGAR . . ." with amended paragraph (b) of Rule 10 of Regulation S-T ("Each electronic filer must, before filing on EDGAR . . .").
In addition, we are adopting as proposed an amendment to paragraph (b)(2) of Rule 10, which currently states that an authenticating document for Form ID must be signed by the applicant, to also state that the authenticating document may be signed by an authorized individual of the applicant. 173 This final amendment is intended to conform the language in paragraph (b)(2) of Rule 10 with the text of the EDGAR Filer Manual, which provides that the authenticating document shall be signed by an authorized individual, including a person with a relevant power of attorney. 174 We proposed to separately amend paragraph (b) of Rule 10 of Regulation S-T to require Form ID to be completed by an individual authorized by the electronic filer as its account administrator. In a modification from the proposal, however, as discussed in section II.B.1.a, it will not be necessary for Form ID to be completed or submitted by one of the applicant's prospective account administrators. Thus, that proposed amendment to paragraph (b) of Rule 10 is not being adopted.
Footnotes:
173 ? Compare current paragraph (b)(2) of Rule 10 of Regulation S-T ("File . . . a notarized document, signed by the applicant . . ." with amended paragraph (b)(2) of Rule 10 of Regulation S-T ("File . . . a notarized document, signed by the electronic filer or its authorized individual . . .").
174 ? See EDGAR Filer Manual, Volume I, at section 3(b).
As noted above, we received one comment requesting additional details concerning the PDF requirements for Form ID authenticating documents required to be uploaded to EDGAR pursuant to proposed paragraph (b)(2) of Rule 10. 175 The commenter stated that Form ID authenticating documents could not be successfully uploaded to EDGAR because those PDFs contained hyperlinks which prevented the documents from being accepted by EDGAR. PDF documents required to be uploaded pursuant to paragraph (b)(2) of Rule 10 are subject to the same EDGAR validation requirements that apply to all PDF documents uploaded to EDGAR, including prohibitions on active content ( e.g., embedded JavaScript) and external references (hyperlinks, etc.). 176 Any URLs contained in PDFs must be in plain text. To facilitate the process of uploading PDFs to EDGAR pursuant to paragraph (b)(2) of Rule 10, EDGAR will be enhanced to ensure that when a Form ID authenticating document PDF is created from the dashboard, that PDF will not contain hyperlinks.
Footnotes:
175 ? See Toppan Merrill Comment Letter ("Additional detail around the requirements for PDF documents under 232.10(b)(2) would be helpful ( e.g., what PDF formats acceptable [sic], is the PDF required to be searchable, are hyperlinks allowed, etc.) Currently, the Form ID application contains many URLs, which when printed to PDF, electronically signed and uploaded do not pass validation. It would be helpful to hide these URLs from the printed version of the Form ID authentication document.").
176 ? See EDGAR Filer Manual, Volume II, at section 5.2.3.2 (discussing EDGAR validation requirements for PDFs).
Finally, we are adopting revisions to the note to Rule 10 largely as proposed to state that the Commission staff carefully review each Form ID application and that filers should expect that the Commission staff will require sufficient time to approve and review the Form ID. For clarity, the final amendments express this as an affirmative statement ("filers should expect that the Commission staff will require sufficient time to review the Form ID") as opposed to how this concept was proposed ("filers should not assume that the Commission staff will automatically approve the Form ID"). Therefore, the final amendments provide that filers should submit Form ID "well in advance" of their first required filing. 177 We believe this revised language makes clear that Commission staff need an appropriate amount of time to review the Form ID. Due to the frequently high volume of Form ID applications submitted for Commission staff review, potential applicants should allow sufficient time for the review process to be conducted in the event that staff is concurrently reviewing a high volume of applications.
Footnotes:
177 ?As adopted, the note to Rule 10 states: "The Commission staff carefully review each Form ID application, and electronic filers should expect that the Commission staff will require sufficient time to review the Form ID upon its submission. Therefore, any applicant seeking EDGAR access is encouraged to submit the Form ID for review well in advance of the first required filing to allow sufficient time for staff to review the application." Current staff guidelines regarding the minimum time needed for Commission staff to review Form ID can be found in the "Prepare and Submit my Form ID Application" section of the "EDGAR - How Do I" FAQs, at https://www.sec.gov/submit-filings/filer-support-resources/how-do-i-guides/prepare-submit-my-form-id-application.
2. Rule 11 of Regulation S-T
As proposed, we are adopting amendments to Rule 11 of Regulation S-T, "Definitions of terms used in this part," to add and define new terms and update the definitions of certain existing terms. The amendments include terms and definitions specific to the rule and form amendments that delineate how individuals and entities access, file on, and manage EDGAR accounts.
Under the final amendments, certain terms define the new roles for individuals under EDGAR Next. Those roles are as follows:
"Account administrator" means the individual that the filer authorizes to manage its EDGAR account and to make filings on EDGAR on the filer's behalf. The designation of an account administrator helps to ensure that only authorized persons are able to file and take other actions on behalf of the filer.
"Authorized individual" means an individual with the authority to legally bind an entity or individual for purposes of Form ID, or an individual with a power of attorney from an individual with the authority to legally bind an entity or individual for purposes of Form ID. The adopted definition specifies that the power of attorney document must clearly state that the individual receiving the power of attorney has general legal authority to bind the entity or individual or specific legal authority to bind the entity or individual for purposes of Form ID.
"Delegated entity" means a filer that another filer authorizes on the dashboard to file on its behalf. As itself a filer, a delegated entity is subject to all applicable rules for filing on EDGAR. Delegated entities are not permitted to further delegate authority to file for the delegating filer, nor are they permitted to take action on the delegating filer's dashboard.
[top] "Filing agent" means any person or entity engaged in the business of making submissions on EDGAR on behalf of filers. As discussed above in section II.C., to act as a delegated entity for a
"Single-member company" describes a company that only has a single individual who acts as the sole equity holder, director, and officer (or, in the case of an entity without directors and officers, holds position(s) performing similar activities as a director and officer).
"Technical administrator" means an individual that the filer authorizes on the dashboard to manage the technical aspects of the filer's connection to EDGAR APIs on the filer's behalf.
"User" means an individual that the filer authorizes on the dashboard to make submissions on EDGAR on the filer's behalf.
Other terms identify new applications and upgrades to access and maintain filers' accounts on EDGAR, including the following:
"Application Programming Interface" (API) means a software interface that allows computers or applications to communicate with each other.
"Dashboard" means an interactive function on EDGAR where filers manage their EDGAR accounts and where individuals that filers authorize may take relevant actions for filers' accounts.
"Individual account credentials" means credentials issued to individuals for purposes of EDGAR access, as specified in the EDGAR Filer Manual, and used by those individuals to access EDGAR. The EDGAR Filer Manual as amended specifies that individual account credentials must be obtained through Login.gov, a sign-in service of the United States Government that employs multifactor authentication.
The final amendments also update or delete outdated terminology from certain definitions in Rule 11, such as references to "telephone sessions" in the definition of "direct transmission." Although some filers may still use dial-up internet to access EDGAR, we expect that nearly all filers currently rely on broadband, cable, or other internet technologies.
Finally, we are adopting amendments to update the definition of "EDGAR Filer Manual" to more clearly describe its contents. Rule 11 currently describes the "EDGAR Filer Manual" as ". . . setting out the technical format requirements for an electronic submission." The EDGAR Filer Manual has been updated over time, however, to include additional requirements for filers, including those pertaining to EDGAR access, maintaining EDGAR company information, and submitting online filings. Accordingly, we are updating the EDGAR Filer Manual definition to indicate the inclusion of these procedural requirements. We believe that the final amendments to the definition will better inform filers of the scope of the EDGAR Filer Manual requirements.
We received three comments on the proposed definitions in the Proposing Release. Two commenters agreed that the proposed amendments to the definitions in Rule 11 were appropriate. 178 One of the commenters also requested that the terms "Filer API Token" and "User API Token" be defined. 179 We do not think it is necessary to amend Regulation S-T to provide definitions of "Filer API Token" and "User API Token" because those terms are not referenced in Regulation S-T. Further, we are making one change to the definition of Technical Administrator to accord with the change from the word "use" in proposed paragraph (d)(3) of Rule 10 to the word "connect" in adopted paragraph (d)(3) of Rule 10. The word "connect" will similarly be substituted for the word "use" in the definition of technical administrator for the reasons given above.
Footnotes:
178 ? See DFIN Comment Letter; Toppan Merrill Comment Letter.
179 ? See DFIN Comment Letter ("?`Filer API Token' and `User API Token' should be defined.").
3. Form ID
Form ID is an online fillable form that must be completed and submitted to the Commission by individuals, companies, and other organizations that seek access to file electronically on EDGAR. 180 Among other things, Form ID seeks information about the identity and contact information of the applicant. The applicant is required to print? 181 the completed online Form ID application, obtain the notarized signature of the applicant's authorized individual? 182 on the printed document, and upload the signed notarized document (the Form ID authentication document) to EDGAR to confirm the authenticity of the application. In certain cases, applicants may also be required to upload additional documentation to assist Commission staff in determining the nature and legitimacy of the application. 183
Footnotes:
180 ? Compare current Rule 10(b) (providing that each registrant, third party filer, or agent seeking EDGAR access must submit Form ID) with Rule 10(b) as adopted (providing that each electronic filer seeking EDGAR access must submit Form ID).
181 ?The applicant may print the form to PDF and need not print a physical hard copy of the form.
182 ?The term "authorized individual" is defined in the EDGAR Filer Manual, Volume I as well as Rule 11, as amended.
183 ?For example, if an applicant represents that it has acquired or otherwise assumed control of the filer listed on the existing EDGAR account, then the applicant must also supply documents to Commission staff to establish the legal transition from the filer on record in EDGAR to the applicant claiming authority to file on the existing EDGAR account.
We are adopting amendments to Form ID largely as proposed to include changes to information required to be reported on the form as well as technical changes. As a departure from what we contemplated in the Proposing Release, however, and as discussed above, it will not be necessary for Form ID to be completed or submitted by one of the applicant's prospective account administrators.
As outlined above, the final amendments to Form ID will require an applicant for EDGAR access to provide certain additional information, including:
(1) Designating on Form ID specific individuals the applicant authorizes to act as its account administrators to manage its EDGAR account on a dedicated dashboard on EDGAR. Applicants will generally be required to authorize at least two account administrators, although individuals and single-member companies will only be required to authorize at least one account administrator. If a prospective account administrator is not (1) the applicant (in the case of an individual applicant) or (2) an employee of the applicant or its affiliate (in the case of a company applicant), the applicant will also be required to disclose the prospective account administrator's employer and CIK, if any, and provide a notarized power of attorney to authorize the individual to manage the applicant's EDGAR account as an account administrator. As discussed above, as a departure from the proposal, amended Form ID will also include information to alert applicants that EDGAR will by default designate the first account administrator listed on Form ID as the filer's EDGAR POC. 184
Footnotes:
184 ? See supra text accompanying and following note 70.
[top] (2) The applicant's Legal Entity Identifier? 185 ("LEI") number, if any.
Footnotes:
185 ?The LEI is a global, 20-character, alphanumeric, identifier standard that uniquely and unambiguously identifies a legal entity. Initially developed by the International Organization for Standardization as ISO 17442, the LEI is nonproprietary and the LEI data is made publicly available under an open license. The LEI is used worldwide in the private and public sectors and, in certain jurisdictions, including the United States, is used for regulatory reporting. In some cases, the LEI can be used to identify the filer of a particular report, as well as entities related to the filer, such as its subsidiaries or parents. The Commission and eight other Federal agencies recently proposed establishing joint data standards, which would include LEI, under the Financial Data Transparency Act of 2022. See Financial Data Transparency Act Joint Data Standards, Release No. 33-11295 (August 2, 2024) [89 FR 67890 (August 22, 2024)].
(3) Providing more specific contact information about the filer, and the filer's account administrator(s), authorized individual (the individual authorized to sign Form ID on the filer's behalf, as defined in the EDGAR Filer Manual), and billing contact (including mailing, business, and billing information, as applicable). More specific contact information will allow Commission staff to reach account administrators, the authorized individual, and billing contacts associated with the filer when necessary.
To streamline the form, some of the specific contact information that was proposed to be collected on Form ID will not be included. For example, Form ID will not require secondary phone numbers or email addresses in addition to the filer's mailing and business addresses. We believe that the additional contact information we will collect on amended Form ID will be sufficient to meet Commission staff's needs. Similarly, although we proposed amendments to the filer's mailing address that would allow filers to input "care of" information so that a company applicant could list a filing agent, for example, we are not amending Form ID to implement that change. We believe that including a separate address line for "care of" information could encourage applicants to list the names of specific individuals who might not want to be publicly listed in EDGAR as part of the filer's mailing address. The Form ID fields related to the filer's mailing address will continue to have multiple street address lines, as proposed, which we believe will provide sufficient opportunity for applicants that wish to include such information to do so.
(4) Specifying whether the applicant, its authorized individual, person signing a power of attorney (if applicable), account administrator, or billing contact has been criminally convicted as a result of a Federal or State securities law violation, or civilly or administratively enjoined, barred, suspended, or banned in any capacity, as a result of a Federal or State securities law violation. Information about whether the applicant or certain individuals named on Form ID may be subject to relevant bars and prohibitions (including but not limited to officer and director bars, prohibitions from associating with brokers, dealers, investment advisers, and/or other securities entities, and bars from participation in certain industries) will allow Commission staff to determine whether such bars or prohibitions are relevant to the application for EDGAR access. Individuals disclosing the existence of a criminal conviction, or civil or administrative injunction, bar, suspension, or ban may be contacted by Commission staff to determine the applicant's eligibility for EDGAR access.
(5) Indicating whether the applicant, if a company, is in good standing with its State or country of incorporation. Good standing is a term widely used by State divisions of corporations and/or secretaries of State to refer generally to whether a company is legally authorized to do business in the relevant State (or country).
One commenter inquired what action the SEC will take if the Form ID applicant indicates that it is not in good standing with its State or country of incorporation. 186 Although the lack of good standing will not prevent a company from obtaining EDGAR access, this information could be relevant in determining whether it may be appropriate for the staff to review additional documentation as part of its assessment of the application.
Footnotes:
186 ? See DFIN Comment Letter ("The `Violations of federal or state securities laws' section in the proposal has a Yes or No question. When yes is selected a message [says] `If you indicate `Yes', the SEC staff may contact you to determine your eligibility for EDGAR access.' However, the `Is the company in good standing in its state or country of incorporation?' section does not provide any additional information when `No' is selected. If `No' is selected what actions are taken by the SEC?")
(6) Requiring submission of a new Form ID for an existing filer that indicates that it has: (i) lost electronic access to its existing CIK account or (ii) is the legal successor of the filer named on the existing CIK account but did not receive access from that filer. As a technical change from the proposal, amended Form ID will refer to applicants that are "the legal successor of the filer named on the existing CIK account but did not receive access from that filer" as opposed to applicants that "assumed legal control of the filer listed on the existing CIK account but did not receive EDGAR access," as proposed.
Currently, applicants seeking to obtain control of an existing EDGAR account are required to submit certain summary information but are not required to submit a full application on Form ID. To assist Commission staff in determining whether applicants seeking to obtain control of existing EDGAR accounts are legitimate, we will require such applicants to submit a new Form ID. To facilitate the application process, certain publicly available corporate and contact information (such as the filer's name, "doing business as" name, foreign name, mailing and business addresses, State/country of incorporation, and fiscal year end) will be automatically prepopulated from EDGAR so that applicants will not need to resubmit that information, although applicants could update that information on Form ID as necessary. 187
Footnotes:
187 ?The filer will nevertheless need to submit a COUPDAT to update its existing corporate and contact information on EDGAR (other than the filer's account administrator information) if the Form ID is granted. As they presently do, broker-dealers will submit a Form BD amendment to FINRA to update their corporate and contact information.
(7) Requiring those seeking access to an existing EDGAR account to upload to EDGAR the documents that establish the applicant's authority over the company or individual listed in EDGAR on the existing account. 188
Footnotes:
188 ?The EDGAR Filer Manual currently provides guidance regarding what documents are sufficient to establish the applicant's authority. See EDGAR Filer Manual, Volume I.
[top] In addition, we will make certain conforming, formatting, and ancillary changes to modernize Form ID without significantly altering the information required to be reported on the form. For example, a checkbox will be added to each address field for identification of non-U.S. locations, which will improve data analytics. As another example, company applicants will be required to provide their primary website address, if any, to provide staff additional contact and other information regarding the filer. Further, certain warnings that are currently listed in the EDGAR Filer Manual and the landing page of the EDGAR Filing website will be incorporated into Form ID to more clearly provide notice of those matters to filers. 189 Additionally, as a technical change to what was proposed, language in amended Form ID and the amended Instructions to Form ID that advises
Footnotes:
189 ?Amended Form ID will include a section titled "Important information" that will include the following warning: "Misstatements or omissions of fact in connection with an application for EDGAR access and/or in a submission on EDGAR may constitute a criminal violation under 18 U.S.C. 1001 and 1030 and/or a violation of other criminal and civil laws. If the SEC has reason to believe that an application for EDGAR access and/or a submission on EDGAR is misleading, manipulative, and/or unauthorized, the SEC may prevent acceptance or dissemination of the application/submission and/or prevent future submissions or otherwise remove a filer's access to EDGAR pursuant to Rule 15 of Regulation S-T, 17 CFR 232.15."
190 ?The proposed Instructions to Form ID stated that filers should select "none" for State of incorporation and "N/A" for fiscal year end if they had "not yet incorporated." In contrast, the amended Instructions to Form ID provide that filers should select "none" for State of incorporation and "N/A" for fiscal year end if they had "not incorporated."
191 ?For example, language in Part 6 of the Instructions will be revised to replace "Authorized Person" with "Authorized Individual," and to conform with the usage of the term "authorized individual" elsewhere in the form.
Two commenters suggested that we amend Form ID to permit applicants to indicate that they have an urgent upcoming filing deadline. One specifically requested that a checkbox be included in Form ID to indicate a rush service, and that we provide guidance for which filing scenarios could prompt a rush process. 192 The other recommended that filers be able to input the date they anticipate needing EDGAR codes in order to submit a filing, thereby allowing the SEC to prioritize applications more effectively. 193 While we acknowledge the commenters' requests, we believe that allowing filers with pending filing deadlines to "skip the queue" for Form ID processing would encourage filers to delay preparing for their filing and increase Form ID processing times for other filers that timely submit their EDGAR access applications. As noted above, we are revising the note to Rule 10 to clarify that the Commission staff carefully review each Form ID application and that filers should expect that the Commission staff will require sufficient time to review the Form ID upon its submission. Therefore, filers should submit EDGAR access applications on Form ID "well in advance" of their first required filing.
Footnotes:
192 ? See DFIN Comment Letter ("A checkbox included in the Form ID to indicate a rush service and provide guidance for what filing scenarios could prompt a rush process may be beneficial.").
193 ? See Toppan Merrill Comment Letter ("It may be helpful for filers who have an urgent need to complete a filing to input the date they anticipate needing EDGAR codes to file. This may allow the SEC to prioritize the applications more effectively.").
Another commenter suggested there should be a mechanism for an individual to modify her email information without imposing the undue burden of submitting a new Form ID. 194 Filers will be able to continue to update their EDGAR POC information, including email address on file, as they currently do, by submitting a COUPDAT, until the compliance date or the filer enrolls in EDGAR Next, whichever comes first. Beginning March 24, 2025, filers that enroll must make all updates to their EDGAR POC on the dashboard by updating the EDGAR POC account administrator information or changing the account administrator designated as the EDGAR POC. Filers that have not enrolled will be able to submit a COUPDAT to update EDGAR POC information until September 12, 2025. Beginning September 15, 2025, all filers must make updates to their EDGAR POC information on the dashboard.
Footnotes:
194 ? See Block Transfer Comment Letter ("There ought to exist more reasonable documentation as to how an individual without access to EDGAR Next or their old EDGAR Next dashboard email might modify their email without imposing the undue burden of submitting a new Form ID (for example, because of a change of domain name).").
A commenter asked that the Form ID application process be streamlined, asserting that the process of printing and uploading documents was not intuitive, based on its experience in the beta environment that was provided during the comment period to allow commenters to test the EDGAR Next functionality discussed in the Proposing Release ("Proposing Beta"). 195 The Proposing Beta required applicants to complete Form ID online, including attaching any additional documentation required by Part 5 of proposed Form ID, inputting their name and title in the signature page in Part 6 of proposed Form ID, and then returning to Part 5 of proposed Form ID to print the completed electronic form (or save it as a PDF). The printed form (or PDF) would then be manually (or electronically) signed by the applicant and notarized to serve as the proposed Form ID authenticating document. This authenticating document would then be uploaded and submitted in Part 5 of proposed Form ID. We will continue to require the Form ID authenticating document, which we believe is a helpful means to verify the identity of the applicant. However, to address the commenter's concern, we will change the order of Parts 5 and 6 in Form ID, so that applicants will be able to complete Parts 1-5 of the form and then will only need to attach, print (or save as a PDF), and upload documents in Part 6 (as opposed to going back and forth between Parts 5 and 6 as in the Proposing Beta).
Footnotes:
195 ? See Toppan Merrill Comment Letter ("The Form ID process should be streamlined, technically. Currently the EDGAR Next Beta system requires the user to upload power of attorney documents and then print the application. After which, users must exit the application before uploading the signed authentication document. We recommend streamlining the process so that all the steps are intuitive and built into the process.").
The commenter also asked that hyperlinks included in Form ID be suppressed when the Form ID authenticating document is created, on the grounds that those hyperlinks cause Form ID authenticating documents that were saved as PDFs to fail EDGAR validation when those PDFs are uploaded to EDGAR. 196 As discussed above, we will implement this suggestion.
Footnotes:
196 ? See Toppan Merrill Comment Letter ("Remove hyperlinks when creating the PDF. When the PDF is printed and electronically signed, the hyperlinks cause the filing to fail validation upload.").
[top] Collectively, the final amendments to Form ID will enhance the security of EDGAR by allowing Commission staff to obtain more information about the applicant and its contacts. This, in turn, will help staff to confirm the identity of the applicant and the individuals associated with the applicant, assess whether the application is properly authorized, and determine whether there are any other issues relevant to the application for EDGAR access for staff's consideration.
G. EDGAR Filer Manual Changes
As discussed throughout this release, the Commission is amending Volume I of the EDGAR Filer Manual in accord with the rule and form amendments. The Filer Manual contains information needed for filers to make submissions on EDGAR. Filers must comply with the applicable provisions of the Filer Manual in order to assure the timely acceptance and processing of filings made in electronic format. 197 Filers must consult the Filer Manual in conjunction with our rules governing mandated electronic filings when preparing documents for electronic submission.
Footnotes:
197 ? See Rule 301 of Regulation S-T.
Amendments to Volume I of the EDGAR Filer Manual are being made to reflect the EDGAR Next changes, including the following in particular:
(1) The requirement that each applicant or filer may only authorize to act on its behalf on EDGAR those individuals who have obtained individual account credentials, and instructions regarding how those individuals must obtain those individual account credentials through Login.gov; ? 198
Footnotes:
198 ? See generally section II.A.
(2) The requirement to submit a new Form ID for an existing filer seeking EDGAR access if the filer indicates it has: (i) lost electronic access to its existing CIK account because, for example, the filer failed timely to perform annual confirmation or (ii) is the legal successor of the filer named on the existing CIK account but did not receive access from that filer;? 199
Footnotes:
199 ? Id. 187.
(3) The requirement for applicants seeking access to an existing EDGAR account to upload to EDGAR the documents that establish the applicant's authority over the company or individual listed in EDGAR on the existing account;? 200 and
Footnotes:
200 ? Id. 188.
(4) Instructions regarding filer API tokens and user API tokens, including information on when these tokens will be required and how they will be used. 201
Footnotes:
201 ? See generally section II.E.2.
Along with the adoption of the amendments to Volume I of the Filer Manual, we are amending Rule 301 of Regulation S-T to provide for the incorporation by reference into the Code of Federal Regulations of the current revisions. This incorporation by reference was approved by the Director of the Federal Register in accordance with 5 U.S.C. 552(a) and 1 CFR part 51. The updated EDGAR Filer Manual, issued September 27, 2024, is available at https://www.sec.gov/edgar/filerinformation/current-edgar-filer-manual.
In addition, prior to the compliance date for all other rule and form amendments on September 15, 2025, the Commission expects to adopt additional changes to Volume II of the EDGAR Filer Manual in accord with the rule and form amendments. These changes will be addressed in a separate release.
H. Transition Process
Compliance with EDGAR Next will be required 12 months from the issuance of this release. An initial six-month preparation period for the EDGAR Next changes will begin September 30, 2024 and extend until March 21, 2025, as requested by several commenters. On March 24, 2025, the EDGAR Filer Management dashboard will go live and compliance with the amended Form ID, which must be submitted through the dashboard, will be required. In addition, beginning March 24, 2025, filers may begin to enroll on the dashboard and connect to optional EDGAR APIs if they wish to do so, while still being able to file pursuant to the legacy filing process. Legacy filing on the EDGAR filing websites will continue until September 12, 2025. Compliance with all rule and form changes is required on September 15, 2025. Filers may continue to enroll after the compliance period for another three months, until December 19, 2025. Beginning December 22, 2025, filers that have not enrolled in EDGAR Next or received access through submission of amended Form ID will be required to submit amended Form ID to request access to their existing accounts.
The transition period is consistent with certain commenters' recommendations, which suggested that filers would need preparation time of approximately six months and enrollment time of approximately six months, as detailed in further detail below. We are offering preparation time of six months, enrollment prior to compliance of six months, and enrollment after compliance of three months. We address commenters' feedback on the transition period in the compliance section below.
An Adopting Beta will be available shortly after the issuance of this release and will remain open throughout the transition period until at least December 19, 2025. We believe this Adopting Beta will help filers to test the EDGAR Next functionality and will also bring awareness to the public regarding the forthcoming changes. Commenters were broadly in favor of additional beta testing and for additional public outreach regarding the EDGAR Next changes, as discussed below. 202
Footnotes:
202 ? See, e.g., SCG Comment Letter (urging the Commission to consider a third round of beta testing for the EDGAR Next platform, and to conduct additional outreach during the enrollment period to educate market participants). Cf. DFIN II Comment Letter (supporting a third beta testing session before the Commission finalizes the rulemaking so that testing allows for end-to-end processing through filing.); ICI Comment Letter (same).
The following graphic illustrates the transition period to EDGAR Next:
[top]
[Federal Register graphic "ER27DE24.015" is not available. Please view the graphic in the PDF version of this document.]
From Monday, September 30, 2024 to Friday, March 21, 2025, filers will be afforded a preparation period of approximately six months during which they may test in the Adopting Beta and conduct related development, including but not limited to connection to beta versions of all APIs to be offered as part of EDGAR Next. In addition, individuals that filers intend to authorize to act on their behalf may obtain Login.gov individual account credentials. Further, filers may assemble information they will need to enroll in EDGAR Next, including but not limited to ensuring that they possess their current passphrase and determining whom they will authorize as account administrators.
On Monday, March 24, 2025, the new EDGAR Filer Management website including the dashboard will go live, enrollment of existing filers will commence, and applicants for EDGAR access will be required to comply with the amended Form ID. Existing filers will enroll on the dashboard. Prospective new filers and other filers that are unable to enroll must complete and submit amended Form ID on the dashboard. Individuals will need Login.gov individual account credentials to log into the dashboard.
[top] A person authorized by the filer will log into the dashboard to enroll the filer. On the dashboard, the person authorized by the filer will enter the filer's CIK, CCC, and passphrase, as well as the names of and relevant information about the individuals the filer is authorizing as its account administrators. If the information is accurate, enrollment could be effective the same day submitted. Enrolled filers will be able to make submissions through the optional APIs if they otherwise satisfy the requirements to connect to the APIs, while still being able to file pursuant to the legacy filing process. Submissions on the legacy EDGAR filing websites (EDGAR Online Forms and EDGAR Filing) will continue to be made using the legacy EDGAR
In addition, on March 24, 2025, compliance will be required with amended Form ID. On that date, prospective new filers and existing EDGAR filers that are unable to enroll must apply for EDGAR access on the amended Form ID. They will do so by logging into the dashboard on the new EDGAR Filer Management website with Login.gov individual account credentials, navigating to Apply for Access, and completing the requirements of the form. Those required to apply for EDGAR access on amended Form ID include both prospective filers seeking access to EDGAR for the first time and existing filers that must apply for access to EDGAR because they: (i) lost electronic access to their existing EDGAR account; (ii) are a legal successor of the filer named on the existing EDGAR account but did not receive access from that filer; or (iii) are a broker-dealer or "paper filer" seeking electronic access for the first time in order to file electronically on an existing EDGAR account in their name. If Commission staff grant the amended Form ID application, the filer will be in compliance with the EDGAR Next changes, and thus will not be required to subsequently enroll on the dashboard.
The EDGAR filing websites will continue to employ the current submission process for all filers until Friday, September 12, 2025. On Monday, September 15, 2025, the compliance date, all EDGAR websites will require filers' compliance with the EDGAR Next rule and form changes in order to make submissions, including but not limited to Login.gov individual account credentials and authorization through the dashboard.
On September 15, 2025, the compliance date, EDGAR will require individual account credentials on the EDGAR filing websites (as well as the EDGAR Filer Management website). At that time, individuals who seek to make submissions and take other actions for filers on EDGAR will be required to enter Login.gov individual account credentials and be authorized to access EDGAR through enrollment, on amended Form ID, or on the dashboard.
After the compliance date, until December 19, 2025, filers who have not yet enrolled will not be able to make submissions or take other actions in EDGAR other than enroll on the EDGAR Filer Management dashboard. The enrollment process will remain the same as prior to the compliance date-requiring the filer to provide their CIK, CCC, passphrase, and names and information about authorized account administrators. If filers do not possess their CCC or passphrase, methods will be available for them to reset those codes in order to enroll. 203 After December 19, 2025, filers who have not enrolled in EDGAR Next will be required to submit the amended Form ID on the dashboard to apply for access to their existing EDGAR accounts.
Footnotes:
203 ? See supra note 208.
The detailed transition timeline is as follows:
September 30, 2024-Prepare for EDGAR Next changes
? Adopting Beta will open.
? Adopting Beta will reflect the new EDGAR Filer Management website and the dashboard including all dashboard functionality discussed in this release. Testers can submit a "test" amended Form ID to establish fictional testing accounts.
? Adopting Beta will contain beta versions of all optional APIs that will be available in March 2025: Submission, submission status, EDGAR operational status, filing credentials verification, view individuals, add individuals, remove individuals, change role, send delegation invitations, request delegation invitations, view delegations, view filer account information, create custom CCC, generate CCC, and EDGAR Next enrollment.
? The Overview of EDGAR APIs and API Toolkit will be available to filers.
? Adopting Beta will reflect the current versions of the two legacy EDGAR filing websites with the current submission process, because filers making submissions on the two legacy EDGAR filing websites (EDGAR Online Forms and EDGAR Filing) between March 24, 2025 and September 12, 2025, will do so according to current EDGAR processes.
March 24, 2025-Enrollment of existing filers begins; application for access on amended Form ID required for prospective new filers and filers unable to enroll
? New EDGAR Filer Management website including the dashboard will go live and will require Login.gov individual account credentials for login.
? Amended Form ID will be required.
New applicants seeking access to EDGAR must submit the amended Form ID through the dashboard on the new EDGAR Filer Management website.
Existing filers required to submit Form ID must submit the amended Form ID through the dashboard on the new EDGAR Filer Management website. 204
Footnotes:
204 ?Existing filers may need to submit a new Form ID in the following situations: (i) the filer is a broker-dealer or "paper filer" seeking electronic access for the first time in order to file electronically on EDGAR; (ii) the filer lost electronic access to its existing CIK account; or (iii) the applicant is a legal successor of the filer named on the existing CIK account but did not receive access from that filer.
If Commission staff grant the amended Form ID application, the filer will be in compliance with the EDGAR Next changes, and thus will not be required to subsequently enroll on the dashboard.
? Enrollment for EDGAR Next will begin.
? All APIs provided in the Adopting Beta will go live and be available to filers enrolled in EDGAR Next and filers whose amended Form ID applications have been granted by Commission staff.
? Filers will make submissions on the legacy EDGAR filing websites using the current EDGAR process until September 12, 2025.
? ABSCOMP submissions will be made through the dashboard, as opposed to through the "Retrieve/Edit Data" section of the EDGAR Filing website as is currently the case. Because new serial companies requested to be created via the ABSCOMP process will automatically inherit all dashboard information ( e.g., contact information, account administrators, users, technical administrators, and delegations) associated with the ABS issuing entity that made the ABSCOMP submission, an ABS issuing entity will need to enroll in EDGAR Next to populate its information in the dashboard before making an ABSCOMP submission. Existing serial companies can be enrolled in EDGAR Next at any time up until the compliance date just as any other filer, since their enrollment will not affect the ability of the ABS issuing entity to make an ABSCOMP submission.
? The Adopting Beta will continue to be available and will be updated to reflect new versions of the EDGAR filing websites to enable filers to prepare for compliance with EDGAR Next on September 15, 2025, as discussed further below.
September 15, 2025-Compliance with all EDGAR Next rule and form amendments required; enrollment continues
[top]
? Access to all EDGAR websites-EDGAR Online Forms, EDGAR Filing, and EDGAR Filer Management-will require Login.gov individual account credentials.
? Filers must comply with all requirements of Rule 10 and the EDGAR Filer Manual to make submissions on EDGAR.
? The Adopting Beta will continue to be available until at least December 19, 2025.
? Because individual account credentials will be required to access all EDGAR websites, legacy EDGAR access codes (password, passphrase, and PMAC) will no longer be used to access EDGAR. (Filers who seek to enroll between September 15, 2025 and December 19, 2025, however, must enter a CCC and a passphrase to do so, therefore, the ability to reset the CCC and the passphrase will remain available.).
? Filers may continue to enroll after the compliance date, until December 19, 2025.
December 19, 2025-Enrollment ends
? Enrollment ends on December 19, 2025.
December 22, 2025-Application on amended Form ID required for all existing and prospective filers seeking access to EDGAR
? Existing filers that have not enrolled or otherwise no longer have access and all prospective filers must apply for access to EDGAR on amended Form ID on the dashboard beginning December 22, 2025.
1. Enrollment Process
Existing filers will enroll in EDGAR Next through the dashboard on the new EDGAR Filer Management website and will not be required to submit a Form ID. The enrollment section of the dashboard will provide two options: (i) manual enrollment of single EDGAR accounts on an account-by-account basis; and (ii) enrollment of multiple accounts simultaneously. In addition, as discussed in section II.E.1.b.v, an enrollment API will be provided to help streamline the enrollment process. Although the enrollment API will be available to all filers, we expect it will generally be used by filing agents, service providers, or corporate affiliates that will manually enroll themselves earlier in the transition period and then connect to the enrollment API to enroll their clients and affiliated entities.
Two commenters appeared to suggest that enrollment should occur automatically without filer involvement, so that filing agents would be automatically authorized as account administrators and delegated entities for any CIK for which the filing agent had previously made a submission. 205 We decline to adopt the commenters' suggestion. To enroll, an individual authorized by the filer to perform enrollment on its behalf must enter the file's CIK, CCC and passphrase, as well as information about the individuals being authorized as account administrators. 206 The entry of account administrator information during enrollment represents the filer's affirmative authorization of account administrators, who play a key role in the EDGAR Next framework as the individuals who manage the filer's account. Further, if the filer determined to authorize individuals employed at the filer or at a different filing agent as its account administrators due to business needs, personal preference, or whatever other reason, a process of affirmative enrollment ensures that the filer indeed intends to authorize those individuals to manage its account.
Footnotes:
205 ? See DFIN II Comment Letter ("We believe that, in connection with the final rule, the SEC should create a new role, `Trusted Filer'. . . . By grandfathering in existing Filing Agents and their filing activity, this would establish a baseline of existing EDGAR filers."); ICI Comment Letter ("Grandfathering existing filing agents and their filing activity would establish a baseline of existing EDGAR filers.").
206 ?Individual and single-member company filers do not need to themselves enroll in EDGAR Next, although they may do so if they choose. As with other filers, individual or single-member company filers may authorize a representative to enroll them, so long as they provide that representative with the necessary codes and account administrator information. The representative authorized to enroll the filer need not be an "authorized individual" as that term is defined in amended Rule 11 and Volume I of the EDGAR Filer Manual.
a. Preparing for Enrollment-Individual Account Credentials
Individuals may obtain individual account credentials from Login.gov in advance of enrollment. Individuals with existing Login.gov credentials based upon a personal email address may create separate Login.gov credentials for EDGAR based upon a different email address that they will use in connection with EDGAR. 207
Footnotes:
207 ? See supra text accompanying note 36.
As a result, when enrollment begins, filers will be able to immediately enroll any individuals who have obtained individual account credentials.
b. Manual Enrollment for a Single EDGAR Account
As a preliminary matter, each filer will be required to authorize at least two individuals to manage the filer's EDGAR account as account administrators, with the exception of individuals and single-member companies, which will be required to authorize at least one account administrator. On behalf of each filer, an individual authorized to enroll the filer will enter her individual account credentials to log into the dashboard to enroll. That individual will manually enter the filer's CIK, CCC, and EDGAR passphrase, 208 to confirm to EDGAR that the individual is authorized by the filer. If EDGAR authenticates that data, the individual authorized to enroll the filer will proceed to enter account administrator names, contact information, and the email addresses each individual used to obtain Login.gov individual account credentials. By entering that information, the filer will indicate its authorization of the listed individuals as the filer's account administrators, as well as the accuracy of the information provided.
Footnotes:
208 ?Filers that have lost or forgotten their CCC will be able to reset it by providing their CIK and passphrase and using the "Generate New EDGAR Access Codes" option in the Filer Management website until March 21, 2025. Similarly, filers that have lost or forgotten their passphrase will be able to reset it by selecting the "Update Passphrase" option on the EDGAR Filer Management website to send a security token to the email associated with the account until March 21, 2025, and, until that date, if the POC email address is not current, filers can first submit a COUPDAT to update the email address associated with the account. Filers that have lost or forgotten their passphrase, no longer have access to the email associated with the account, and cannot submit a COUPDAT through the "Retrieve/Edit Data" section of the EDGAR Filing website to update the email associated with the account, must reapply for EDGAR access on Form ID. We encourage filers that have lost or forgotten their access codes to reset their credentials on or before March 21, 2025, to avoid delay in enrollment. The current "Generate New EDGAR Access Codes" and "Update Passphrase" options will no longer be available on the EDGAR Filer Management website after that website is updated on March 24, 2025. From March 24, 2025 through December 19, 2025, filers will be able to update their passphrase on the dashboard by selecting "Enroll in EDGAR Next," following the prompts to request a passphrase reset token and resetting the passphrase. The email address associated with the account must be current to use the dashboard passphrase reset process, and filers would similarly need to update the email address in EDGAR before using this process should the email address on file be inaccessible. The ability to reset the CCC will also be provided to filers during this time.
[top] Commenters generally agreed that CIK, CCC, and EDGAR passphrase would be sufficient to authenticate filers for transition purposes, but noted that filing agents typically do not retain filers' passphrases and expressed concerns regarding burdens associated with obtaining filers' passphrases. 209
Footnotes:
209 ? See, e.g., DFIN Comment Letter ("We think those credentials are sufficient. However, Filing Agents do not typically ask for or retain the passphrases. Unless the EDGAR contact in the company information is able to use the security token process to obtain a new passphrase, the manual process of obtaining a new passphrase is time consuming."); Workiva Comment Letter ("Passphrases are used to reset accounts, and they are likely infrequently used. Many administrators and individual reporting owners may not know the passphrase or how to obtain it . . . If the passphrase must be required, the Commission may want to consider a process for inactive entities to refresh their passphrase.").
210 ?If a filer cannot reset its passphrase by following this guidance, it may submit a manual passphrase update request. To do so, an authorized individual of the filer must submit a signed and notarized document to Commission staff that includes an explanation of why the request is being made, the CIK of the EDGAR account to which access is sought, the filer name on the account, and the contact information of the requesting entity purporting to have current control over the filer associated with the account. Commission staff may request the applicant to submit additional documents for staff review. Filers submitting manual passphrase update requests should expect that Commission staff may need a substantial amount of time to review their requests, especially if a large volume of requests is received. As discussed above, the manual passphrase update option available via "Update Passphrase" will no longer be available on the EDGAR Filer Management website after that website is updated on March 24, 2025. Instead, from March 24, 2025 through December 19, 2025, filers will be able to update their passphrase on the dashboard. See supra note 208.
We requested comment on whether a filer's CCC should be automatically reset as a security measure following enrollment. Commenters generally opposed this measure on the grounds that it would impose burdens on filers to communicate the updated CCC to those that should have access and could impose burdens and risks to the filing process. 211 Separately, one commenter stated that if the Commission decides to change a filer's CCC after enrollment then similar precautions should also be taken regarding the passphrase. 212 Although we are sensitive to the concerns raised by commenters that resetting the filer's CCC after enrollment could be burdensome, we balance those concerns with our efforts to protect the security of EDGAR. Just as with someone's personal password, security is improved by frequently changing access codes. Changing the CCC is particularly important in the context of enrollment because the code could be shared insecurely when preparing to enroll. Further, for filers that have not reset their CCC for some period of time, changing the CCC upon enrollment represents a clean start, and assures that someone who possesses the legacy CCC but is not authorized by the filer at or after enrollment could not continue to make submissions for the filer from March 24, 2025 to September 12, 2025, when legacy filing codes will continue to be used to make web-based submissions. Moreover, the presence of the CCC on the dashboard after it is reset will ensure that it is available for all individuals that the filer is currently authorizing to take action on its account. Accordingly, following a filer's enrollment in EDGAR Next, the filer's CCC will be automatically reset. To minimize burdens associated with communicating the new CCC to relevant individuals, however, the new CCC will appear on the dashboard for all individuals with the ability to make submissions on the filer's behalf ( i.e., account administrators, users, delegated administrators, and delegated users). In addition, APIs will be offered to view filer account information, including CCC, and verify filing credentials, including CCC. Collectively, these APIs should minimize burdens associated with notifying relevant individuals regarding changes to a filer's CCC, both in the enrollment context and as a general matter. 213
Footnotes:
211 ? See, e.g., Workiva Comment Letter ("A sweeping change of CCCs should especially be avoided as it could pose a significant burden and risks to the filing process. Filers concerned about the CCC could choose to change it themselves. A filer led approach puts the security responsibility and control in the filer's hand to ensure the CCC update happens at a time that does not put their immediate filings at risk."); Toppan Merrill Comment Letter ("It would be unnecessary to reset the CCC upon enrollment. If bulk enrollment is utilized it would most likely be completed by an entity [. . .] that already has access to the filer's CCC. It would be burdensome for the filer if the CCC is automatically changed as they would need to communicate the updated CCC to those that should have access."); ICI Comment Letter ("Bulk enrollment should be permitted without reset CCCs upon re-enrollment.").
212 ? See DFIN Comment Letter ("We agree that notification of a completed enrollment should be provided to all account administrators.").
213 ? See supra section II.E.1.b.i (discussing the filing credentials verification API) and section II.E.1.b.iv (discussing the view filer account information API).
Separately, on the compliance date of September 15, 2025, legacy EDGAR access codes will be deactivated, including the passphrase, password and PMAC, because the filer will no longer have any need for these codes. For example, the passphrase is used to authenticate the generation of access codes such as CCC and password, but after enrollment, use of the passphrase and password will be discontinued, and filers will generate the CCC on the dashboard. The EDGAR Next framework of individual account credentials, account administrator dashboard invitation, and CCC will supplant these codes.
[top] Successful enrollment will result in notifications being provided to all newly authorized account administrators, as recommended by a commenter. 214 These notifications will be sent both by email and through the dashboard, consistent with all other notifications to individuals who are authorized on the dashboard. One commenter suggested that the existing EDGAR POC should also be notified in the event of a successful enrollment. 215 Another commenter noted that currently no notification is provided to the previous EDGAR POC when the contact email address is updated, and asserted that such a notification would be redundant to the extent it would be going to the same person who enrolled the filer and who listed herself as the filer's account administrator. 216 After considering these comments, EDGAR will be enhanced to notify the existing EDGAR POC in the event of a successful enrollment. Although in some cases this will result in redundant notifications (if the existing EDGAR POC is one of the new account administrators being authorized during enrollment), sending uniform notifications to all existing
Footnotes:
214 ? See DFIN Comment Letter ("We agree that notification of a completed enrollment should be provided to all account administrators.").
215 ? See Workiva Comment Letter ("We support auto-notification to the POC about the enrollment if the POC is not also enrolled as an administrator . . .").
216 ? See Toppan Merrill Comment Letter ("Currently, there is no alert to the previous/existing EDGAR Contact when the EDGAR Contact email address is updated. We do not believe it is necessary to alert the current EDGAR POC during the transition to EDGAR Next. It is possible that many of the EDGAR POCs will have been recently updated to reset the passphrase as part of the EDGAR Next transition. Therefore, this alert would go to the person who completed the EDGAR Next transition and may be redundant.").
We will not require the existing EDGAR POC to consent to the filer's enrollment. As mentioned by one commenter, the filer's EDGAR POC on record may not be current, and missing or outdated EDGAR POCs could cause confusion and delays in the enrollment process. 217 Separately, we believe that requiring CIK, CCC, and passphrase will be sufficient to authenticate filers for transition purposes, as discussed above and as supported by commenters. 218
Footnotes:
217 ? See Workiva Comment Letter ("We believe that confirmation from the current POC should not be required. When a POC was set up a long time ago, there may have been turnover, and the contact information may not be up to date even with an email on file. The administrators also may not know who their POCs are. POC confirmation should not be required because this is a mandatory transition and missing or outdated POC could be a prohibiting factor and a serious risk of chaos for the enrollment process.").
218 ? See supra note 209 and accompanying text.
Each EDGAR account will enroll once. If there is an attempt to enroll an EDGAR account that is already enrolled, the subsequent attempted enrollment will be denied. An individual filer who makes submissions related to multiple companies ( e.g., the CEO of one company who is also on the board of directors of other companies) may have more than one filing agent and/or representative at such companies who have access to her CIK, CCC, and EDGAR passphrase. Accordingly, an individual filer should authorize one representative to enroll her EDGAR account and determine whom she will authorize as her initial account administrator(s) during enrollment. After enrollment, the authorized account administrator(s) would communicate with the filer's other filing agents and/or company representatives and add such other filing agents and/or company representatives to the filer's account as account administrators, users, or delegated entities through the dashboard. Any individuals to be authorized on the filer's account will be required to possess individual account credentials.
c. Bulk Enrollment of Multiple EDGAR Accounts
Simultaneous bulk enrollment of multiple EDGAR accounts, together with those filers' account administrators, will be available. This process should prove efficient and time saving for filing agents, as well as individuals and entities that control multiple EDGAR accounts, such as serial companies created by ABS issuing entities or investment companies under the control of a single investment adviser.
To begin bulk enrollment, an individual authorized to enroll the relevant filer accounts will log in to an enrollment page on EDGAR with his individual account credentials. The individual will complete and upload a spreadsheet accommodating multiple rows of data, with each row pertaining to a single filer. The individual will enter data for each filer on each row, including CIK, CCC, and EDGAR passphrase to ensure that enrollment is being performed by a properly authenticated individual. In addition, the individual will enter on each row information regarding the filer's prospective account administrators, including names, contact information, and the email addresses associated with the individual account credentials of the account administrators, to indicate that the filer authorizes those account administrators to manage its EDGAR account. The bulk enrollment process will allow a filer to list two account administrators. Although all filers are encouraged to list two account administrators for bulk enrollment purposes, single-member companies and individuals who self-identify as such will be permitted to list only one account administrator. There will be a limit of 100 filers (100 rows) per bulk enrollment. Commenters generally supported the bulk enrollment option as contemplated in the Proposing Release, including the limitation of 100 filers per spreadsheet, although one commenter suggested that the limit per spreadsheet be increased to 500 filers. 219 There will be a limit of 100 rows per spreadsheet as it appears that number is sufficient for most filers. Filers that wish to submit bulk enrollment requests on behalf of more than 100 CIKs may engage in multiple, separate bulk enrollments.
Footnotes:
219 ? See Toppan Merrill Comment Letter ("Yes, bulk enrollment should be permitted as planned."); DFIN Comment Letter ("We agree that the limitation of 100 is acceptable for bulk enrollment."); ICI Comment Letter ("Bulk enrollment should be permitted. . .."); XBRL II Comment Letter ("We agree with the proposed approach to allow bulk enrollment of multiple EDGAR accounts. We recommend that the CSV limit be increased to 500, from the proposed limit of 100.").
As discussed above, each successful enrollment will result in notifications to all newly authorized account administrators, as recommended by a commenter. 220 In addition, EDGAR will be enhanced to notify the existing EDGAR POC in the event of a successful notification. 221 Following a filer's enrollment in EDGAR Next, EDGAR will automatically reset the filer's CCC and deactivate the filer's passphrase for security reasons. 222 Also as discussed above, enrollment will only occur once per EDGAR account, and each filer should carefully coordinate with its staff and other representatives to determine the person to be authorized to enroll the filer and the persons to be authorized as account administrators during the enrollment. Authorized account administrators may thereafter manage the account ( e.g., adding additional account administrators, users and technical administrators) on the dashboard.
Footnotes:
220 ? See supra note 214 and accompanying and following text.
221 ? See supra note 215 and accompanying and following text.
222 ? See supra note 211 and accompanying and following text.
2. Compliance
Compliance with the final amendments and transition to EDGAR Next will be required on September 15, 2025, 12 months after the issuance of this adopting release. Filers may begin to enroll on March 24, 2025, six months prior to the compliance date. Filers will be able to enroll until December 19, 2025, three months after the compliance date.
[top] Commenters requested varied periods of time to prepare, enroll and transition to EDGAR Next. One commenter recommended a transition period of 12 months. 223 The commenter requested three months prior to the enrollment period within which to prepare for enrollment, noting that filers need to do more than enrolling to complete transition, including but not limited to creating and modifying software and processes, studying the rule, and providing information and instructions to filers. 224 The commenter further stated that according to its customer survey a majority of respondents indicated that six months would be an
Footnotes:
223 ? See Workiva Comment Letter ("Moreover, we recommend extending the transition period to twelve months to allow time for process and system changes.").
224 ? See Workiva Comment Letter ("With the above considerations, we suggest three months from final rule adoption to start enrollment instead of one month.") ("However, we strongly believe that six months is not adequate for the full transition. Filers need to do more than enrolling to completely transition. They have to modify their processes based on the new EDGAR Next requirements and the filing software that they use. Likewise, filing agents and software providers do not only have to enroll their own users and ensure all delegations are properly set up (which again could be in the tens of thousands), they also need to learn about the final rule, provide information and instructions to their filers, do software development, roll out changes to their filers, potentially with a beta process of their own.").
225 ? See Workiva Comment Letter ("Based on the enrollment activities described in the proposed rule, we believe that six months is adequate to enroll. According to our customer survey, over 53% of respondents indicated that six months work fine, provided that it is after the annual filing season.").
226 ? See DFIN II Comment Letter ("DFIN is reinforcing our responses to Question 59 [of DFIN I Comment Letter], a nine-month enrollment period, as numerous registrants are not participating in the Beta.") and DFIN I Comment Letter ("If filers are allowed six months after the proposed rule goes final and before enrollment, we agree that the compliance timeline is sufficient. If the six-month period before enrollment is not met, we suggest a nine-month enrollment period.").
227 ?XBRL II Comment Letter ("We recommend a 12-month transition period for filers to enroll their EDGAR accounts into EDGAR Next.").
228 ? See SCG Comment Letter (requesting a 12-month enrollment period, with an additional six months for section 16 filers to transition).
229 ? See ICI Comment Letter ("ICI recommends a minimum of nine months for implementation given the complexity and number of Fund filings. The outreach and coordination necessary for Funds to appropriately delegate filing authority to their filing agents makes an extended transition period for bulk EDGAR filers vital. The proposed transition period would give these bulk filers only one month to establish processes and procedures for using EDGAR Next.").
We have considered these comments and noted that several commenters expressed a need for adequate time after adoption to prepare for enrollment. 230 As a result, we determined to significantly extend the time for filers to prepare for enrollment from one month as proposed to six months as adopted, which aligns with the recommendation of those commenters. 231 During this time, the beta environment will be available to filers to test the EDGAR Next changes, prepare their systems and develop any necessary software. In addition, filers will be able to ensure they have all the information needed to enroll, such as their CIK, CCC, and passphrase (and will have time to reset their passphrase if necessary). Filers will have time to determine whom they will authorize as account administrators and make arrangements with potential delegated entities and individuals, as well as to execute relevant notarized powers of attorney if needed. Filing agents will have an opportunity to communicate with their current client filers about enrollment. Section 16 filers may determine how they wish to authorize management of their EDGAR account. Filers may further test the enrollment process in the beta environment and be fully prepared to enroll at the end of the six-month preparation period.
Footnotes:
230 ? See DFIN II Comment Letter; Workiva Comment Letter; ICI Comment Letter.
231 ? See DFIN II Comment Letter; Workiva Comment Letter; ICI Comment Letter.
We believe that the 12-month transition process, including a six-month preparation period and a six-month enrollment period, that we are providing is consistent with commenters' recommendations. As noted above, filers will have six months to conduct preparations and testing prior to the beginning of enrollment. When enrollment commences, individuals whom filers have authorized to perform enrollment should be prepared to log into the new dashboard with individual account credentials they have obtained from Login.gov and to enter filers' CIK, CCC, and passphrase, as well as information to authorize account administrators to enroll on the dashboard. Filers will have six months within which to enroll prior to the compliance date. Once enrolled, account administrators can delegate authority to file and otherwise set up filers' accounts on the dashboard. Once authorized by account administrators, technical administrators can generate filer API tokens for filers connecting to APIs, and filers can begin to connect to those APIs to make submissions and otherwise communicate with EDGAR.
One commenter requested an additional six months for section 16 filers to transition to EDGAR Next. 232 We believe that the additional three months after the compliance date for enrollment that we are offering should assist periodic filers, such as section 16 filers, to enroll in EDGAR Next and meet their filing obligations if they do not enroll prior to the compliance date. Further, we believe that the transition period affords sufficient time for section 16 and other filers to prepare for EDGAR Next and enroll prior to the compliance date. The staff plans to provide information to section 16 filers through the EDGAR Next page on SEC.gov and other communications.
Footnotes:
232 ? See SCG Comment Letter (requesting an additional six months for section 16 filers to transition).
A bulk enrollment option will allow enrollment of multiple filers simultaneously. In addition, as discussed above, an enrollment API will be available to streamline enrollment. As soon as filers enroll in EDGAR Next, they will be able to connect to all available APIs. We believe that filers will be incentivized to enroll by the availability of APIs upon enrollment, and they will have had time to develop connections and test those APIs. The Adopting Beta will be available throughout the transition period until at least December 19, 2025. We believe the transition period will provide sufficient time for filers to prepare and enroll in EDGAR Next, while maintaining security and efficiency for filers and EDGAR operation. 233
Footnotes:
233 ?Of 208,000 active EDGAR accounts (those in which a filing has been made in the past two years), approximately 140,000 represent entity filers and approximately 68,000 represent individual filers. In total, regardless of account activity, there are approximately 1,000,000 filer accounts in EDGAR, however, we believe that most of the approximately 800,000 inactive EDGAR filer accounts are defunct and therefore would not transition to EDGAR Next.
To assist filers in their transition to EDGAR Next, Commission staff will begin public outreach immediately after the issuance of this release. Staff will publicize the transition to EDGAR Next and link to additional information in announcements and email distributions, SEC social media, and the homepage of SEC.gov . Commission staff also will provide multiple resources on a dedicated EDGAR Next web page to assist with the transition, including but not limited to, written step-by-step guidance for testing a range of functionality in the Adopting Beta environment and information about staff webinars and API technical help sessions for the public. On the SEC YouTube channel, staff will post videos to walk filers through various aspects of the EDGAR Next changes. To assist filers with any issues that may arise, Commission staff will provide dedicated telephone support and an email help desk- EDGARNextBeta@sec.gov -as well as an online form (available in the Adopting Beta) to report technical bugs.
III. Other Matters
[top] If any of the provisions of these rules, or the application thereof to any person or circumstance, is held to be invalid, such invalidity shall not affect other provisions or application of such provisions to other persons or circumstances that can be given effect without the invalid provision or application.
Pursuant to the Congressional Review Act, the Office of Information and Regulatory Affairs has designated these rules as a "major rule," as defined by 5 U.S.C. 804(2).
IV. Economic Analysis
Individuals and entities submit filings electronically with the Commission through EDGAR in order to comply with various provisions of the Federal securities laws. While EDGAR has provided an effective means for individuals and entities to satisfy their electronic filing obligations, there are limitations to the current system. EDGAR does not currently track a filing to the specific individual who made it. EDGAR access is currently governed by a complex combination of several codes with differing functions. 234 In addition, the Commission is aware that some filers may have failed to maintain secure access to their EDGAR accounts. 235
Footnotes:
234 ? See EDGAR Filer Manual, Volume I, at section 4. For a discussion of the functions of these access codes, please see the "Understand and utilize EDGAR CIKs, passphrases, and access codes" section of the "EDGAR-How Do I" FAQs, at https://www.sec.gov/edgar/filer-information/how-do-i .
235 ? See EDGAR Filer Management, available at https://www.filermanagement.edgarfiling.sec.gov ; EDGAR Filing, available at https://www.edgarfiling.sec.gov/Welcome/EDGARLogin.htm ; and EDGAR Online Forms, available at https://www.edgarfiling.sec.gov/Welcome/EDGAROnlineFormsLogin.htm .
EDGAR Next will improve the ability of filers to securely manage and maintain access to their EDGAR accounts and simplify procedures for accessing EDGAR by modernizing the mechanism by which filers and individuals they authorize act on filers' behalf on EDGAR and streamlining the management of filers' accounts in EDGAR. Various technical features and optional APIs will also be integrated into EDGAR to facilitate communication with EDGAR, thus enhancing filing efficiency and providing automation for filers that wish to connect to the optional APIs. EDGAR Next will benefit both filers and the Commission by simplifying procedures for accessing EDGAR and identifying the specific individuals submitting filings, thereby facilitating the responsible management of filer credentials and enhancing the security of EDGAR. Enhancing the security of EDGAR will better protect against unauthorized access to the system, thereby decreasing the likelihood of unauthorized filings that might result in economic costs for the public, filers, and the Commission.
The discussion below addresses the potential benefits and costs that may result from the final rule and form amendments the Commission is adopting in this release, and certain related technical changes, as well as the likely effects of EDGAR Next on efficiency, competition, and capital formation. 236 We also discuss the potential economic effects of certain alternatives to the approaches taken in this release. Where possible, we have attempted to quantify the benefits, costs, and effects on efficiency, competition, and capital formation expected to result from the final amendments. In many cases, however, the Commission is unable to quantify certain economic effects because it lacks the information necessary to provide estimates or ranges. In those circumstances where we do not have the requisite data to assess the quantitative impact of the EDGAR Next changes, we have analyzed their economic impact qualitatively.
Footnotes:
236 ?Section 2(b) of the Securities Act (15 U.S.C. 77b(b)), section 3(f) of the Exchange Act (17 U.S.C. 78c(f)) and section 2(c) of the Investment Company Act (15 U.S.C. 80a-2(c)) require the Commission, when engaging in rulemaking where it is required to consider or determine whether an action is necessary or appropriate in (or, with respect to the Investment Company Act, consistent with) the public interest, to consider, in addition to the protection of investors, whether the action will promote efficiency, competition, and capital formation. Further, section 23(a)(2) of the Exchange Act (17 U.S.C. 78w(a)(2)) requires the Commission, when making rules under the Exchange Act, to consider the impact that the rules will have on competition, and prohibits the Commission from adopting any rule that would impose a burden on competition not necessary or appropriate in furtherance of the purposes of the Exchange Act. The technological changes contemplated by EDGAR Next will work together with the final rule and form amendments to enhance EDGAR access requirements. Because it is difficult to isolate the economic effects associated with the technological changes from those attributable solely to the final rule and form amendments, for purposes of this economic analysis, we have considered these effects collectively.
A. Baseline
Our baseline includes the current requirements to obtain access to and file on the Commission's EDGAR system, as well as the account management practices as they exist today. The main parties directly affected by EDGAR Next are current and prospective filers as well as relevant individuals or entities acting on the filers' behalf. Filers are individuals or entities ( e.g., public operating companies, investment companies, broker-dealers, transfer agents, and other institutions that have filing obligations with the Commission) that make a submission electronically through EDGAR. For example, beneficial ownership reporting filers (such as individual filers who are officers and/or directors with reporting obligations under section 16 of the Exchange Act) routinely rely upon the companies for which they serve to make filings on their behalf on EDGAR. 237 Other filers may make filings on behalf of affiliated or related entities, such as investment companies on behalf of other companies in their fund family or asset-backed securities issuers on behalf of the serial companies they create. In 2023, the Commission received approximately 73,600 Form ID submissions. 238 From 2018 to 2023, an average of approximately 63,984 Form IDs were submitted per year to the Commission. 239
Footnotes:
237 ? See 15 U.S.C. 78p.
238 ?This number includes 63,676 applications from prospective filers without CIKs, 9,602 applications from filers that had lost EDGAR access and were seeking to regain access to EDGAR (currently submitted as passphrase updates, but pursuant to EDGAR Next will be submitted on Form ID), and 322 applications from filers with CIKs who had not yet filed electronically on EDGAR.
239 ?Similarly, this number includes applications from prospective filers without CIKs, applications from filers that had lost EDGAR access and were seeking to regain access to EDGAR (currently submitted as passphrase updates, but pursuant to EDGAR Next will be submitted on Form ID), and applications from filers with CIKs who had not yet filed electronically on EDGAR.
[top] Individuals and entities that seek to file on EDGAR must apply for access in accordance with Rule 10 of Regulation S-T by completing the Form ID application online. Applicants must then print a copy of the completed form. An authorized individual, as defined in the EDGAR Filer Manual, Volume I, must sign the completed form, and this signature must be notarized, pursuant to the EDGAR Filer Manual, Volume I. Filers have the flexibility to obtain notarization of the authorized individual's signature on Form ID through manual, electronic, or remote online notarization in accord with Volume I of the EDGAR Filer Manual and Rule 10 of Regulation S-T. 240 The signed, notarized copy of the completed Form ID is the Form ID authenticating document, and the applicant must upload that document for Commission staff review. 241 Form ID currently collects information including but not limited to the applicant's contact information and EDGAR POC. If the application is granted by Commission staff, the filer receives a unique CIK, and the EDGAR POC generates access codes, including but not limited to a password and a CCC, by using its CIK and passphrase. These codes allow the filer to make submissions on its EDGAR account. The current co-registrant filing process does not require the
Footnotes:
240 ? See supra note 12.
241 ? See Regulation S-T, Rule 10; EDGAR Filer Manual, Volume I.
If a filer loses or must update its passphrase, it can request that a security token be sent to the POC email address on record with EDGAR. If necessary, the filer can first update the POC email address to ensure it receives the security token. If, for some reason, a filer is unable to update its passphrase via a security token, a manual passphrase update request must be submitted. 242 In conjunction with a manual passphrase update request, the authorized individual must submit a signed and notarized document to Commission staff that includes an explanation of why the request is being made, the CIK of the EDGAR account to which access is sought, the filer name on the account, and the contact information of the requesting entity purporting to have current control over the filer associated with the account. Depending upon the circumstances of the access request, additional documents may need to be submitted to Commission staff for review. For example, additional documents would need to be provided when the applicant indicates it has assumed control of the entity on the EDGAR account so that Commission staff can establish whether a legal transition from the filer on the account to the applicant occurred.
Footnotes:
242 ? See EDGAR Filer Manual, Volume I, at section 4(b).
EDGAR filers are subject to certain requirements set forth in the EDGAR Filer Manual, according to which they must: (1) renew their EDGAR password annually; (2) maintain accurate company information on EDGAR; and (3) securely maintain EDGAR access codes. 243 Filers can update their POC information, including email address on file, by submitting a COUPDAT via the Retrieve/Edit Company Submission Data tab on the EDGAR filing website. Filers can similarly submit a SCUPDAT or ABSCOMP using the Retrieve/Edit Company Submission Data tab. Filers can submit up to 100 ABS issuing entities in a single submission. 244
Footnotes:
243 ? See EDGAR Filer Manual, Volume I, at section 5 ("Filers must maintain accurate company information on EDGAR, including but not limited to a filer's current name, business mailing address, and business email address."); see also EDGAR Filer Manual, Volume I, at section 4 ("Filers must securely maintain all EDGAR access codes and limit the number of persons who possess the codes. EDGAR access codes include the password, passphrase, CCC, and password modification authorization code (PMAC).").
244 ? See Staff Guidance for EDGAR Filing for Asset-Backed Securities Issuers, available at https://www.sec.gov/divisions/corpfin/abs092418.pdf . This guidance represents the views of Commission staff. It is not a rule, regulation, or statement of the Commission. The Commission has neither approved nor disapproved its content. Staff statements have no legal force or effect: they do not alter or amend applicable law, and they create no new or additional obligations for any person.
Currently, access to EDGAR does not incorporate individual account credentials or multifactor authentication. Commission staff have no systematic way to determine with whom the filer has shared EDGAR access codes, or when the filer has revoked an individual's authorization to file. Filers are responsible for safeguarding their access codes and limiting the number of individuals who receive the codes. 245 Certain filers and filing agents currently devise their own internal systems to track who possesses their EDGAR access codes. Because the Commission does not collect the personal information of the specific individual who makes the submission, nor does the Commission issue identifying credentials to individuals acting on behalf of filers, it is currently difficult for Commission staff to match filings to specific individuals who made the filings.
Footnotes:
245 ? See EDGAR Filer Manual, Volume I, at section 4 ("Filers must securely maintain all EDGAR access codes and limit the number of persons who possess the codes.").
EDGAR receives a large volume of filings, typically more than 500,000 per calendar year, and has approximately 208,000 active filers, of which approximately 140,000 represent entities and approximately 68,000 represent individuals. 246 Filers make submissions on EDGAR through one of three web-based user interfaces, depending on the type of submission made. 247
Footnotes:
246 ? See supra note 233.
247 ? See EDGAR Filer Management website available at https://www.filermanagement.edgarfiling.sec.gov ; EDGAR Filing website available at https://www.edgarfiling.sec.gov/Welcome/EDGARLogin.htm ; and EDGAR Online Forms website available at https://www.edgarfiling.sec.gov/Welcome/EDGAROnlineFormsLogin.htm .
The majority of EDGAR filings are made by filing agents on behalf of their client filers. 248 Certain filing agents and filers use proprietary custom software to interface with EDGAR to eliminate the need for human web-based interaction with the EDGAR filing websites. To create this custom software, these filing agents and filers extract data from the EDGAR filing websites and then configure their custom software to mimic a web-based interaction. This mode of interaction with EDGAR requires frequent maintenance of the custom software; however, since whenever EDGAR filing websites change their content or structure, those changes impact the custom software. Although Commission staff do not provide technical or other support for custom software interaction with EDGAR, staff seeks to minimize filing disruptions and strives to provide notice to filers prior to making website changes. As a result, technical changes to the EDGAR system ( e.g., maintenance, updates, etc.) may be slowed by the fact that staff is mindful of the downstream effect of such technical changes on the custom software used by filing agents and filers.
Footnotes:
248 ? See CompSci Resources Comment Letter (November 19, 2021); Workiva Comment Letter (November 30, 2021).
B. Consideration of Benefits and Costs as Well as the Effects on Efficiency, Competition, and Capital Formation
1. Benefits
EDGAR Next is designed to: provide a more secure framework for filers to manage and maintain access to their EDGAR accounts; facilitate the responsible management of filer credentials; and simplify procedures for accessing EDGAR. We anticipate the main economic benefits of the final amendments will be to enhance the security of EDGAR by reducing the risks of unauthorized access to filers' accounts and unauthorized filings. Reducing these risks will in turn mitigate the adverse economic consequences, such as financial harms, to filers and market participants that could result from unauthorized access and filings. EDGAR Next will also streamline the management of filer credentials and accounts, simplify procedures to access EDGAR, and allow for a more automated filing process and preparation. This may result in cost savings for some filers and delegated filers and help enhance the Commission's regulatory oversight through greater prevention and timely detection of unauthorized access and filings. We discuss below the benefits of specific provisions of EDGAR Next.
a. Form ID
[top] As discussed in section II.F.3, Form ID as adopted, will include changes to information required to be reported on the form as well as technical changes. Individuals, companies, and other organizations that seek access to file electronically on EDGAR, or to establish or re-establish their electronic access to an existing account, will be required to submit Form ID as amended. 249 The
Footnotes:
249 ?Applicants will, among other things: (1) designate on Form ID specific individuals that the filer authorizes to take action on its behalf as account administrator(s); (2) provide the applicant's LEI, if any; (3) provide more specific contact information about the filer and the filer's account administrator(s), authorized individual, and billing contact; (4) specify whether the applicant, its authorized individual, person signing a power of attorney, account administrator, or billing contact has been criminally convicted or civilly or administratively enjoined barred, suspended, or banned in any capacity as a result of a Federal or State securities law violation; (5) indicate whether the company seeking access is in good standing with its State or country of incorporation; and (6) require those seeking access to an existing EDGAR account to upload documents establishing their authority over the account.
250 ?The EDGAR Filer Manual will provide guidance regarding what documents are sufficient to establish the applicant's authority. See amended EDGAR Filer Manual, Volume I, at section 3.
b. Individual Account Credentials
As discussed in section II.B.1, paragraph (d)(1) of Rule 10 as adopted, will require that all existing and prospective filers authorize individuals on the dashboard to act on their behalf only if those individuals have obtained individual account credentials. The EDGAR Filer Manual, Volume I is being amended to specify that individual account credentials be obtained through Login.gov, a U.S. agency site that employs multifactor authentication. Paragraph (d)(1) of Rule 10 as proposed and adopted will generally improve the security of the EDGAR system by: eliminating the use of multiple EDGAR access codes and the sharing of them with others in an unsecure manner outside of the EDGAR system; associating a filing with the relevant individual who submitted the filing (due to the person-specific nature of individual account credentials); and providing an additional layer of validation with multifactor authentication. Improving the security of EDGAR will generally minimize the risk of unauthorized access to filers' accounts as well as unauthorized filings, thereby also minimizing any resulting adverse economic consequences, such as market manipulation or financial harm to a company or its investors. For instance, unauthorized filings can lead to the release of false information about a public company, which could negatively impact its investors, investors' trust in the company, and the company's access to capital markets.
Some commenters agreed that the individual account credential requirements will improve security, promote individual accountability, and adhere to current best practices. 251 Other commenters questioned the benefit of paragraph (d)(1) of Rule 10, asserting that individual account credentials could intentionally be shared with unauthorized persons. 252 The EDGAR Filer Manual is being amended to clarify that individual account credentials may not be shared with other individuals as individual account credentials are intended to identify the individual taking action on EDGAR. 253 To the extent that authorized persons nonetheless inadvertently share their individual account credentials, this could limit the benefits described above. Because we anticipate that such instances will be rare, we believe that requiring individual account credentials will meaningfully enhance the overall security of the EDGAR system.
Footnotes:
251 ? See supra note 31.
252 ? See, e.g., Workiva Comment Letter (stating that individuals may share their individual account credentials among various employees at the delegated entity); XBRL II Comment Letter (noting that multifactor authentication is "only required to administer the Filer Management dashboard and obtain [] filer and user tokens which could leave the system vulnerable to a malicious entity" that somehow obtained the filer's filer API token and user API token from using those tokens for 30 days).
253 ? See amended EDGAR Filer Manual, Volume I, at section 3(a).
c. Account Administrators
As discussed in section II.B.1, amended paragraph (d)(2) of Rule 10 will require filers to authorize account administrators to act on the filers' behalf to manage their accounts on the dashboard. The addition of account administrators will help ensure that filers' accounts are secure by preventing unauthorized access, thereby reducing the risk of security incidents and the resulting financial harms. Account administrators will be able to authorize, view, and de-authorize the individuals and delegated entities on the dashboard as warranted. Requiring filers to authorize account administrators will enhance security and improve filer compliance with EDGAR Next requirements by facilitating the prevention and timely detection of potential economic harms resulting from unauthorized access. For example, account administrators will oversee the filer's EDGAR account and can promptly revoke access for users who are no longer authorized by the filer. Moreover, by granting account administrators direct authority to oversee the filer's account, account administrators can promptly address user access problems and correct errors in a timely manner, ensuring faster resolution of issues that may affect filers' accounts.
d. Final Amendments to Paragraphs (d)(4), (d)(5), and (d)(6) of Rule 10 and Rule 11
[top] As discussed in section II, the final amendments to paragraphs (d)(4), (d)(5), and (d)(6) of Rule 10 require the filer, through its authorized account administrators: to annually confirm that all individuals reflected on the dashboard for the filer's EDGAR account are authorized by the filer and that all information regarding the filer on the dashboard is accurate; to maintain accurate and current information about the filer on EDGAR; and to securely maintain information relevant to the ability to access the filer's EDGAR account. The final amendments will assist the filer in tracking and confirming those individuals and delegated entities authorized to act on behalf of the filer and to remove those no longer authorized. Confirming the accuracy of information about individuals authorized to act on behalf of filers while safeguarding access to account-related information will reduce the risk of unauthorized access to filers' accounts and the potential for unauthorized filings, thereby enhancing the security of EDGAR. Taking measures that help prevent unauthorized access is inherently more efficient than remediating the consequences of such events after they have occurred, which may include damage to public confidence in the filings provided, with corresponding adverse effects for markets.
The final amendments to Rule 11 of Regulation S-T will define new terms related to EDGAR Next, update the definitions of certain existing terms, and delete outdated terminology from certain definitions in Rule 11. Rule 11 also defines "dashboard" as an interactive function on EDGAR where filers manage their EDGAR accounts and where individuals that filers authorize may take relevant actions for filers' accounts. These amendments should help facilitate compliance by filers and filing agents with the EDGAR Next filing requirements.
The dedicated EDGAR dashboard will offer a range of benefits to filers related to their obligations under paragraphs (d)(4), (d)(5) and (d)(6) of Rule 10 in the form of: (1) simplified management of EDGAR accounts because account administrators can manage the filer's account through a number of functions on the dashboard; (2) streamlined compliance because account administrators can utilize efficient account management functions, including editing filer information and performing the required annual confirmation on the dashboard; (3) enhanced security by allowing account administrators to remove individuals and entities no longer authorized to act on behalf of the filer, and requiring individual account credentials and multifactor authentication to access the dashboard; and (4) increased efficiency by providing a secure and centralized way to manage the filer's EDGAR account, reducing the risk of human error in managing account information or compromised access codes.
Commission staff are aware that certain filers and filing agents currently have internal systems that track which individuals possess their EDGAR access codes. While the cost to these filers of transitioning to the dashboard is expected to be the same as that for filers that do not have internal systems, filers with internal systems will benefit on an ongoing basis if they use the dashboard instead of their current system due to the elimination of ongoing maintenance costs for their internal tracking system. Moreover, the dashboard will offer the advantage of being a uniform system for all filers that additionally allows Commission staff visibility into which individuals are authorized to act for the filer, thereby enhancing regulatory oversight and subsequently the reliability of the information made available through EDGAR. Furthermore, filers without a system for tracking individuals in possession of EDGAR codes will be afforded a tool to do so through EDGAR, thereby facilitating compliance with existing EDGAR Filer Manual requirements and amended EDGAR Next obligations in Rule 10 and the EDGAR Filer Manual to securely maintain access to their accounts.
As proposed and adopted, paragraph (d)(6) of Rule 10 is analogous to requirements set forth in the EDGAR Filer Manual requiring a filer to securely maintain its EDGAR access codes. As adopted, filers, through their account administrators, will be required to securely maintain information relevant to their ability to access their EDGAR accounts. Because an existing analogous obligation is currently set forth in the EDGAR Filer Manual, the benefits of final paragraph (d)(6) of Rule 10 are expected to be marginal. However, in the context of the adopted amendments, paragraph (d)(6) of Rule 10 makes clear that this obligation persists under EDGAR Next and that filers are responsible for meeting the obligation through their account administrators.
e. Optional APIs and Technical Administrators
As discussed in section II.E, EDGAR Next will introduce optional APIs. 254 Filers may choose to connect to these APIs in order to facilitate the transmission of information to, and retrieval of information from, EDGAR. The optional APIs will particularly benefit larger filers with numerous users and CIKs by increasing filing efficiency and timeliness, thereby potentially reducing costs associated with making filings. In addition, the optional APIs aim to automate most of the functions of the dashboard, thereby increasing the efficiency of accurately managing EDGAR accounts for filers that use the optional APIs.
Footnotes:
254 ? See supra section II.E.1 for a description of the APIs.
The APIs will streamline the submission and retrieval process by allowing automated server-to-server interaction. As discussed above, many filing agents employ a web scraping process to retrieve information from EDGAR and create custom software that allows filing agents to make submissions on and retrieve information from EDGAR in an automated manner. Filing agents' custom software depends on the underlying content and structure of the EDGAR web pages being scraped. Thus, filing agents continually incur costs to adjust their custom software, and could experience system downtime, because minor changes to EDGAR content and structure are frequently made, as with any major system. The optional APIs will provide a more reliable automated way for filers to interact with EDGAR because filers will not be dependent upon web scraping and impacted by EDGAR content and web page changes. This should further reduce the ongoing maintenance and personnel costs associated with custom software. Also, the optional APIs will reduce the likelihood of errors and inconsistencies in several ways. For example, the submission API will streamline the filing process by enabling filers to submit large volumes of filings rapidly and efficiently in an automated manner. This will eliminate the need to manually log into EDGAR and submit filings one by one, reducing the reliance on manual processes, which are more prone to human error. 255 The submission status API also will allow filers to check the status of multiple submissions in a batch process. In addition, the submission status API will provide all information currently contained in EDGAR submission notifications, enabling the filer to engage in prompt identification and correction of any inconsistencies. 256
Footnotes:
255 ? See supra note 147.
256 ? See supra section II.E.1 for a description of the APIs. In the event that a filer connects to the submission status API, they will continue to receive EDGAR submission notifications.
As described in sections II.E.1.a.ii and iii, filers and filing agents, as well as those using third-party custom applications, continuously interact with the EDGAR system to inquire as to the status of submissions or the operating status of EDGAR. These frequent inquiries may generate significant network traffic to and from EDGAR. Instead of manually logging into EDGAR and individually checking the status of each submission, the submission status and operational status APIs will benefit filers by allowing them to simultaneously check the status of multiple submissions in a machine-to-machine batch process, thereby reducing network traffic for filers.
[top] Paragraph (d)(3) of Rule 10 as adopted requires any filer that decides to connect to an optional API to authorize, through its account administrator(s), at least two technical administrators to manage the API, unless the filer arranges to use its delegated entity's filer API tokens and API connections so long as the delegated entity has authorized at least two technical administrators pursuant to paragraph (d)(3) of Rule 10. Filers will be allowed a maximum of 20 technical administrators to facilitate communication with Commission staff on API-related technical issues. This requirement will benefit filers because it will reduce the chance that filers' API access would be interrupted for any
f. Adopting Beta and Transition Period
The Commission will provide an Adopting Beta environment shortly after issuance of this release, which will be available to filers throughout the transition period until at least December 19, 2025. The Adopting Beta will benefit filers by providing them with time and resources to prepare for the EDGAR Next changes. Filers will be able to test in the Adopting Beta and conduct related development, including but not limited to creation of connections to the optional APIs, should they choose to do so. Testing, identification, and resolution of issues in the deployment of a new system will benefit filers by reducing the risk of errors and minimizing disruptions to filers' EDGAR operations during the transition. During the 12-month transition period, individuals that filers intend to authorize to act on their behalf may obtain Login.gov individual account credentials and filers may assemble information that they will need to enroll in EDGAR Next, such as their current CIK, CCC and passphrase, and information about the individuals that they will authorize as account administrators. The transition period will enable filers to transition to EDGAR Next in a planned and flexible manner, allowing filers to coordinate their own specifics onboarding needs and processes over the 12-month period. This degree of flexibility afforded to filers in timing their transition activities will facilitate compliance to EDGAR Next and reduce the risk of non-compliance. This is especially advantageous to small filers with fewer resources that may need more time to adapt to the new requirements.
2. Costs
The costs associated with EDGAR Next include one-time costs for filers (including filing agents) to setup their EDGAR dashboard, create connecting API internal filing applications and adjust any other relevant internal software if they opt to connect to the APIs. 257 The costs associated with EDGAR Next also include ongoing costs for filers (including filing agents) to comply with new Rule 10 requirements related to access and management of EDGAR accounts. The compliance costs associated with EDGAR Next will vary depending on the size of the filer, the number of individuals acting on behalf of the filer, the filer's existing software, and the complexity of a filer's EDGAR application. EDGAR Next, however, may not increase filers' overall net compliance costs since modernizing the EDGAR access and account management processes will likely reduce ongoing compliance costs for some activities and for some reporting entities, such as filing agents and larger filers, due to streamlined management of filer credentials and accounts, simplified procedures to access EDGAR, and a more automated process for filing on EDGAR and retrieval of account information.
Footnotes:
257 ? See infra section V.
Filers that opt to interact with the APIs will need to create internal applications to connect to APIs and discontinue or modify their current usage of any custom software, but the one-time cost of doing these tasks will be mitigated by the elimination of these filers' current ongoing maintenance costs associated with scraping EDGAR and adjusting custom software each time EDGAR undergoes changes. To facilitate filers' use of the optional APIs and help mitigate the associated costs, Commission staff have developed technical resources to assist filers in creating software to connect to APIs. Filers will be offered a list of technical standards for the APIs, the expected inputs and outputs, and additional API token information. Commission staff will also offer an open-source code for a sample filing application to facilitate connection to the initial three APIs in the API Toolkit and serve as a model for connection to the other APIs being offered.
a. Form ID
The Commission is adopting amendments to Form ID requiring all filers seeking electronic access to EDGAR to submit certain additional information for review and approval by Commission staff before such access may be granted. 258 As filers are already subject to the requirements of Form ID, the additional requirements for Form ID will entail certain incremental compliance costs. 259 The Commission estimates that compliance costs associated with the new Form ID will increase by approximatively $100 per filer for each Form ID submission. 260 For applicants seeking access to an existing EDGAR account, this cost may be mitigated by the fact that certain fields of the form will be prepopulated with certain publicly available information of the filer, which may reduce the cost associated with completing the amended form. 261
Footnotes:
258 ? See supra section II.F.3.
259 ? See infra section V.B.
260 ?The $100 estimate is based on the following calculations: $101 (hourly rate for an operations specialist at $168 for 0.6 hours) ? $100. Salaries for estimates are derived from SIFMA's Management & Professional Earnings in the Securities Industry 2013, modified to account for an 1,800-hour work-year and inflation, and multiplied by 5.35 to account for bonuses, firm size, employee benefits and overhead. See infra section V.B.
261 ? See supra note 187.
One commenter argued that requiring a notarized power of attorney to add an employee of another entity as an account administrator could significantly increase the burden for individual reporting owners and render the option of using an outside account administrator practically not viable. 262 We disagree that requiring a notarized power of attorney in this instance creates an additional cost because, as stated in the baseline, the EDGAR Filer Manual currently requires filers to provide a notarized power of attorney. Therefore, given that the power of attorney requirement is consistent with an existing requirement, we do not expect a material difference in cost compared to the baseline.
Footnotes:
262 ?Workiva Comment Letter ("We believe that a notarized power of attorney should not be required to add an employee of another entity as an administrator. This could significantly increase the burden for the individual reporting owners, especially considering staffing changes at the affiliated entities. The burden could render the option of using an outside administrator practically not viable.").
[top] One commenter opposed the notarization requirement for non-employee account administrators authorized on Form ID, stating that the notarization may not be readily accessible for everyone, which might result in unaccounted for burdens such as travel time and notarization costs. 263 Though we acknowledge the commenter's concern, we do not believe these additional costs are likely to be significant because the notarization process is relatively straightforward and analogous to the current requirement for all filers to obtain the notarized signature of the authorized individual on Form ID contained in the EDGAR Filer Manual. Furthermore, for filers that may not have access to physical notaries, online remote notarization is
Footnotes:
263 ?Block Transfer Comment Letter ("Notaries can pose challenges for an ever-increasing population with less and less access to physical bank branches and a distinct lack of other no-cost notarization providers.").
264 ? See EDGAR Filer Manual, Volume I, at section 3. The EDGAR Filer Manual specifies the instructions filers must follow when making electronic filings on EDGAR and is incorporated by reference in the Code of Federal Regulations by 17 CFR 232.301 (Regulation S-T, Rule 301). Rule 10 of Regulation S-T and the EDGAR Filer Manual permit manual, electronic, and remote online notarizations, authorized by the law of any State or territory of the U.S. or DC See 17 CFR 232.10 and EDGAR Filer Manual, Volume I, at section 3. An "authorized individual" for purposes of the Form ID notarization process is an individual with the authority to legally bind an entity or individual, or an individual with a power of attorney from an individual with the authority to legally bind an entity or individual, as defined in Volume I of the EDGAR Filer Manual and Rule 11 of Regulation S-T.
b. Individual Account Credentials, Account Administrators
Final paragraph (d)(1) of Rule 10 will require that all existing and prospective filers only authorize an individual to perform functions on the dashboard on their behalf if that individual possesses individual account credentials obtained through Login.gov . Requiring individual account credentials will impose the minimal step of obtaining individual account credentials from Login.gov in the EDGAR access process resulting in some additional time burden for individuals who will have an EDGAR role for filers. Because the use of individual user permissions is a standard practice in software applications and computer systems, and Login.gov is free to use, we do not believe that requiring individual account credentials will be unduly burdensome or confusing.
One commenter stated that the introduction of individual account credentials could be disruptive and unduly burdensome for section 16 filers. 265 The commenter argued that section 16 filers will face additional burdens when applying for EDGAR access and enrolling in EDGAR Next themselves and requested that EDGAR permit a corporate secretary or legal personnel of a registrant to obtain EDGAR access for an individual section 16 filer pursuant to a power of attorney. 266 We acknowledge the commenter's concern; however, we do not believe that section 16 filers will face additional costs beyond the costs that other filers incur, given the various compliance options available to them. For example, as discussed above in section II.B, section 16 filers with existing accounts may avoid obtaining Login.gov individual account credentials for EDGAR if they authorize an individual at their filing agent or other third party to enroll them in EDGAR Next and during enrollment authorize one or more individuals at these entities to act as their account administrators. Likewise, section 16 filers who are applying for access on amended Form ID may use a notarized power of attorney to delegate to another person the process of obtaining individual account credentials and making filings on their behalf. The commenter also stated that some features of Login.gov ( e.g., text or voice MFA options) are restricted in certain countries, which could impose an added burden on filers based outside the United States. 267 As discussed in section II.A, Login.gov offers individuals several different authentication methods and individuals need only choose one method available to them. Therefore, we do not anticipate any additional costs for filers based outside of the United States.
Footnotes:
265 ? See SCG Comment Letter.
266 ? See SCG Comment Letter.
267 ? See SCG Comment Letter.
Final paragraph (d)(2) of Rule 10 will require filers to authorize at least two account administrators to act on the filers' behalf to manage their accounts. Filers that are individuals or single-member companies will be required to authorize and maintain at least one account administrator. Prospective EDGAR filers will designate on amended Form ID the individuals that the filer authorizes as account administrators. As such, the compliance costs associated with the new Form ID? 268 reflects the burden associated with the enrollment of account administrators. Existing filers will authorize their account administrators through a function on the dashboard, which is encompassed in the one-time cost that filers will incur to set up their accounts on the EDGAR Next dashboard. 269 Additionally, other costs associated with account administrators are encompassed by the costs associated with ongoing maintenance of the dashboard. 270
Footnotes:
268 ? See supra note 260.
269 ? See infra note 274.
270 ? See infra note 275.
We do not expect individual or single-member filers to hire additional personnel in order to comply with final paragraph (d)(2) of Rule 10 because individual or single-member filers may act as their own account administrators or authorize an individual at their filing agent or other representative entity as an account administrator. Existing filers also may authorize an individual at their filing agent or other third party to enroll them in EDGAR Next and during enrollment authorize one or more individuals at these entities to act as their account administrators. Similarly, filers who apply for access on amended Form ID may authorize one or two individuals at their filing agents or relevant companies as their account administrators, so long as they execute a relevant notarized power of attorney. Nevertheless, this requirement will result in the opportunity cost of personnel being less available to attend to other matters while performing their account administrator duties.
Two commenters asserted that the Proposing Release's economic analysis did not sufficiently account for additional non-developmental support costs imposed on filing agents and law firms that may need to hire additional personnel to manage the administrative aspects of the dashboard, which likely will be passed on to registrants. 271 One commenter acknowledged that the additional support and management burden for filing agents is difficult to quantify, which makes it hard for the Commission to evaluate. 272 As stated in the Proposing Release, filers with a large number of users would spend a greater amount of time managing their dashboard accounts. 273 We anticipate that most large filers and filing agents will authorize their own employees or affiliates in order to comply with final paragraph (d)(2) of Rule 10 and will not need to hire additional personnel. However, we acknowledge that a large filer or filing agent will face additional costs if it needs to hire additional personnel to comply, and we recognize that, although only two account administrators are required, a filer or filing agent may hire as many as 20 account administrators. To the extent additional personnel need to be hired, there will be costs associated with the hiring process.
Footnotes:
271 ?XBRL Comment Letter ("[t]he economic [analysis] described in the proposed rule does not include the additional non-developmental support costs. Filing agents and law firms are estimated to be responsible for over 90% of EDGAR filings. Additional support costs are likely to be passed on to registrants."); Workiva Comment Letter ("[t]he economic [?] analysis also does not include the additional non-developmental support costs imposed on filing agents and law firms, estimated to be responsible for over 90% of EDGAR filings, which would presumably be passed on to their customers/registrants. The additional support and management burden for filing agents will be substantial but hard to quantify at this point.").
272 ?Workiva Comment Letter.
273 ?Proposing Release at 65549 ("[w]e recognize that due to these factors, the burden incurred would vary across filers. Filers with a large number of users and significant turnover would likely spend a greater amount of time managing their dashboard accounts."); see also infra note 277.
[top]
c. Final Amendments to Paragraphs (d)(4), (d)(5), and (d)(6) of Rule 10, and Rule 11
As adopted, paragraph (d)(4) of Rule 10 will require each filer through its account administrators to perform an annual confirmation on EDGAR that all account administrators, users, technical administrators, and delegated entities reflected on its dashboard are authorized by the filer to act on its behalf and that all information about the filer on the dashboard is accurate. The annual confirmation requirement will impose additional compliance costs on filers to review the accuracy of their EDGAR account information on the dashboard. We estimate that, in the first year, there will be a one-time cost of approximatively $200 per filer, on average, to set-up the filer's account on the EDGAR Next dashboard. 274 We also estimate that, there will be a recurring cost, including in the first year, of approximatively $200 per filer, on average, to manage the filer's dashboard. 275 These costs will likely vary with the number of users that the filer authorizes and the amount of turnover of relevant personnel. 276 For example, a filer with a large number of users that experiences high turnover in users could have to spend more time managing its dashboard, in which instance it will incur additional costs to do so. 277 Filing agents are also likely to face higher dashboard management costs if they authorize a large number of individuals and have multiple accepted delegations and user groups for which delegated users will need to be maintained. 278 Such costs will likely be mitigated by active notifications and other efficiencies provided by the dashboard, and the optional APIs as an account management tool.
Footnotes:
274 ?The $200 estimate is based on the following calculations: $168 (hourly rate for an operations specialist at $168 for 1 hour) ? $200. Salaries for estimates are derived from SIFMA's Management & Professional Earnings in the Securities Industry 2013, modified to account for an 1,800-hour work-year and inflation, and multiplied by 5.35 to account for bonuses, firm size, employee benefits and overhead. See infra section V.C.
275 ?The $200 estimate is based on the following calculations: $168 (hourly rate for an operations specialist at $168 for 1 hour) ? $200. Salaries for estimates are derived from SIFMA's Management & Professional Earnings in the Securities Industry 2013, modified to account for an 1,800-hour work-year and inflation, and multiplied by 5.35 to account for bonuses, firm size, employee benefits and overhead. See infra section V.C.
276 ? See infra section V.C.
277 ?If a filer fails to perform a timely annual confirmation, after a three-month grace period, it must complete and submit a Form ID to apply for access to file on EDGAR. If Commission staff grant the Form ID, a filer will need to re-invite any users, technical administrators, and additional account administrators to its account, and reissue delegation invitations, if relevant. Re-issuing invitations will take longer for larger filers and filing agents with many users acting on behalf of the filer.
278 ? See infra section V.C.
We have sought to ease the transition to EDGAR Next for filers by allowing enrollment of multiple accounts simultaneously on the dashboard, via bulk enrollment of up to 100 filers and their account administrators. The bulk enrollment feature will particularly benefit large filing agents enrolling multiple accounts by saving time and labor costs, which will help mitigate against any higher compliance costs these entities would otherwise incur. We are also offering an optional API to facilitate the enrollment process and lower costs.
As adopted, paragraphs (d)(5) and (d)(6) of Rule 10 are analogous to existing requirements set forth in the EDGAR Filer Manual, and filers are not expected to incur significant incremental costs of compliance given they should already be complying with these requirements when using the EDGAR system. 279 We also do not expect filers to incur compliance costs related to the new terms defined in amended Rule 11.
Footnotes:
279 ? See supra notes 170 and 171.
One commenter said that proposed paragraph (d)(4) of Rule 10 contributes to an overall higher complexity for filing agents with a large number of accounts and associated individuals due to the sheer amount of information required to review. 280 The provision of multiple notices of the impending confirmation deadline to account administrators via email and dashboard notifications, 281 as well as the three-month grace period provided after the confirmation deadline has passed before deactivation occurs, 282 will help ensure that the filer's account administrators receive adequate notice and opportunity to timely perform confirmation without negatively affecting their submission preparation lead time. This will help minimize the administrative burden and ongoing maintenance costs related to the requirement to perform annual confirmation on the dashboard. In addition, delegated entities such as filing agents will be able to use the "view filer account information API" to programmatically check impending confirmation deadlines for filers that have delegated filing authority to them. 283 This will allow filing agents to remind their client filer's account administrators to perform annual confirmation in a timely manner. 284
Footnotes:
280 ?Workiva Comment Letter ("The annual confirmation requirement would increase the burden on all filers due to the amount of user content to review, and it contributes to the overall higher complexity for filers to manage in order to file.").
281 ? See supra section II.B.1.
282 ?These notices will be provided in the dashboard and also be sent via email to all account administrators' email addresses ( e.g., the confirmation deadline notices will be periodically provided in both email and via the dashboard multiple times leading up to the deadline to ensure that the account administrators are fully aware of the pending deadlines). See supra section II.1 (discussing account administrators).
283 ? See supra section II.E.2.
284 ?Delegated account administrators cannot perform annual confirmation for the filer.
Filers will have the flexibility to perform annual confirmation on any date prior to the confirmation deadline, thus allowing filers to comply with the requirement at a time that is best suited for them and thereby lessening this compliance cost. Filers are required to authorize at least two account administrators to act on the filers' behalf to manage their accounts and they may authorize up to 20 account administrators on the dashboard. 285 Having multiple account administrators facilitates the management of large accounts since each account administrator will possess the same authority to manage the filer's EDGAR account and perform the confirmation. This will reduce the burden on any one account administrator by making the confirmation more manageable and reducing the likelihood of a single account administrator failure. Furthermore, the dashboard is structured to facilitate the annual confirmation review by allowing account administrators to manage the filer's account on the dashboard and through optional APIs. The optional APIs will enable cost efficiencies in the review process by allowing filers to rapidly add and remove individuals, change roles, and perform delegations to ensure the accuracy of information on the dashboard in advance of confirmation.
Footnotes:
285 ?Single member companies and individuals are only required to authorize and maintain at least one account administrator.
[top] Two commenters argued that the annual confirmation requirement would impose a significant burden on those who file infrequently, such as section 16 filers. 286 We do not believe that the annual confirmation requirement would impose a significant burden on infrequent filers, such as section 16 filers. While section 16 filers who wish to act as their own account
Footnotes:
286 ?XBRL Comment Letter ("The annual confirmation requirement will create a significant additional burden for filers that use a filing agent's SEC credentials, in particular for those filers who make sporadic submissions such as Section 16 filers."). See also Toppan Merrill Comment Letter ("This update particularly impacts Section 16 filers who do not frequently file or rely on the Issuer to submit their filings.").
287 ? See supra note 281.
288 ? See supra note 282.
One commenter further stated that the current annual password renewal requirement does not represent a similar burden to the annual confirmation requirement since filers can retain their EDGAR access by using a filing agent's CIK and password. 289 As discussed above, all filers will receive, both via email and through the dashboard, notices of an impending confirmation deadline, and daily notices of failure to timely confirm over a three-month period prior to deactivation of the account. Further, an optional filing credentials API will be provided to allow filers that opt to connect to APIs to programmatically check upcoming confirmation deadlines.
Footnotes:
289 ? See Toppan Merrill Comment Letter ("This is not currently a burden with the EDGAR annual password expiration. Filers can continue to access EDGAR, as well as submit filings on EDGAR, using a filing agent's valid CIK and Password").
One commenter asserted that suspension of the filer's account due to failure to complete the annual confirmation requirement by the end of the two-week grace period as proposed would pose undue burden on American small businesses and hinder small business' access to capital. 290 Another commenter expressed concerns about deactivation risk and recommended a temporary suspension over account deactivation since failure to confirm may result from other circumstances rather than account abandonment. 291 We acknowledge these concerns and have extended the grace period following a missed confirmation deadline from two weeks to three months, which should help reduce the burdens associated with unanticipated account deactivation. Filers will maintain their EDGAR access through the three-month grace period and will receive daily notifications reminding them to satisfy their annual confirmation requirement. Further, following account deactivation, EDGAR will preserve the filer's filing history. While filers with deactivated accounts will incur the cost of having to reapply for access and re-invite all individuals previously authorized, such burden may be alleviated for filers that use the APIs offered by EDGAR. The APIs will allow filers to: change individuals' roles; send delegation invitations; request delegations; add individuals to CIKs in various roles; and remove individuals from CIKs.
Footnotes:
290 ? See Block Transfer Comment Letter ("[W]e respectfully believe that automatically closing accounts without annual verifications as proposed on page 88 would hinder SBAC [Small Business Access to Capital] and pose an undue burden on American small businesses.").
291 ? See Workiva Comment Letter ("We strongly recommend temporary suspension over account deactivation with removal of all user and delegation information. Failure to confirm annually may signal a problem occurred in the notification process rather than the filer being no longer in control of the account. For example, email blocking or email going to the spam folder could lead to the filer not receiving the annual confirmation reminders. It is also possible that the administrator(s) may be on leave or out of office. Based on our customer survey, about 23% of the respondents indicated the annual confirmation requirement is a low burden, while over 33% indicated that the annual confirmation requirement is a high burden and they are "concerned" to "highly concerned" about the potential account deactivation risk.").
d. Optional APIs and Technical Administrators
Filers or filing agents that choose to connect to the available APIs will incur a one-time cost to adjust their internal software systems to the optional APIs. We have estimated the direct costs to filers or filing agents that wish to connect to the optional APIs, including time and personnel costs to build a filing application integrated with all functions to successfully connect to the EDGAR APIs. These expenses are likely to vary across filers depending on their existing software and the complexity of their application and individual business models, among other factors. Based on the experience of Commission staff in developing the sample filing application to connect to certain EDGAR APIs being offered to filers, the total estimated cost per filer for filing applications to connect to an EDGAR API by an external programmer analyst? 292 should be approximatively $33,000? 293 for filers with a preexisting filing application and approximatively $41,000 for filers that do not have a preexisting filing application. 294 Given that the APIs are optional, filers may choose to incur this cost to the extent that they expect the benefit of using the APIs to exceed the cost of doing so.
Footnotes:
292 ?We do not expect this programming work to be performed by technical administrators. As indicated below, we expect technical administrators will be operations specialists, see infra note 307.
293 ?The $33,000 estimate is based on the following calculations: $32,544 (hourly rate for a senior programmer analyst at $339 for 96 hours) ? $33,000. Salaries for estimates are derived from Payscale, available at www.payscale.com. Using data from the 75th percentile in February 2023, adjusting for an 1,800 hour work year and inflation, and multiplying by the 5.35 factor which normally is used to include benefits but here is used as an approximation to offset the fact that New York salaries are typically higher than the rest of the country, the result is $324 per hour.
294 ?The $41,000 estimate is based on the following calculations: $40,680 (hourly rate for a senior programmer analyst at $339 for 120 hours) ? $41,000. Salaries for estimates are derived from Payscale, available at www.payscale.com. Using data from the 75th percentile in February 2023, adjusting for an 1,800 hour work year and inflation, and multiplying by the 5.35 factor which normally is used to include benefits but here is used as an approximation to offset the fact that New York salaries are typically higher than the rest of the country, the result is $324 per hour.
Filers will need to create connections to the optional APIs and may modify other existing internal software systems to comport with connections to APIs. For filers that have been scraping EDGAR web pages and creating custom software, the one-time cost of setting up API connections and adjusting internal software systems will be mitigated by the elimination of these filers' current ongoing maintenance costs associated with scraping EDGAR web pages and adjusting custom software each time EDGAR undergoes changes. Not all filers currently use custom software to interface with EDGAR, however, and some filers instead submit their filings directly through the EDGAR filing website. We have observed, for instance, that small filers typically do not use custom filing software and are unlikely to choose to connect to the optional APIs, therefore we do not expect they will incur this cost. Small filers that do not currently use custom software or lack the resources to develop their own API connections or employ their own technical administrators may use the APIs that their delegated entity develops and maintains as set forth in paragraph (d)(3) of Rule 10.
[top] One commenter recommended revising the APIs to accept path parameters rather than raw XML and to consider this revision in the economic analysis. 295 The commenter asserted
Footnotes:
295 ?Block Transfer Comment Letter ("[T]here should be certain simplified endpoints which accept path parameters rather than raw XML. This would simplify the machine-to-machine reporting of important market information for all issuers. It would also drastically streamline the technical inclusion of route-specific authorizations).
Despite the vast efficiencies that the detail-oriented XML framework brought to the industry over the past 27 years through standardized reporting, we respectfully submit to the Commission that the markup language is not friendly to developers, international locale standards, or efficient machine-to-machine code. Modern APIs use path parameters, eliminating the need to compile variables into a file before submission.").
296 ? Id.
A commenter stated that the economic analysis in the Proposing Release failed to account for the costs of filing agents likely needing to update or develop an application to manage delegation. 297 We disagree with the commenter that this is a significant cost that should have been accounted for in the Proposing Release. Because EDGAR Next already offers multiple ways to manage delegations, we do not believe that filers and filing agents will need to update or develop an application for this purpose. As stated in the Proposing Release and herein, the filer's account administrator may delegate authority to file to another EDGAR account through a function on the dashboard where they can also terminate delegation. 298 The dashboard will be enhanced to: (1) provide bulk delegation functionality to allow filers to delegate to multiple CIKs more easily; (2) enable prospective delegated entities to send delegation requests to filers; and (3) allow filers to automatically accept delegations and become delegated entities if they choose. These three enhancements are available on the dashboard, and do not require creation or updating of an application. Moreover, for filers that opt to use the available APIs, an optional delegation API will also be offered replicating most dashboard functionality in machine-to-machine connections. Although filers who wish to use the delegation API will need to create connections to the API to do so, this is no different from how filers will connect to the other APIs and we do not expect any unique costs will apply in this context. Account administrators will be able to delegate authority to file to an unlimited number of EDGAR accounts, allowing filers to delegate to multiple filing agents, for example.
Footnotes:
297 ? See DFIN Comment Letter ("Estimated cost should include the likelihood that filing agents would need to update or create an application to manage delegations.").
298 ? See Proposing Release, section III.C.1; see also supra section II.C.1.
Another commenter stated that the proposed API connective software development time was overly optimistic, and that the proposal's costs estimates failed to account for many important items, such as API integration time, the software changes for token management and filing preparation, customer discovery and beta testing. 299 We agree with the commenter that API connective software development time should encompass API integration time, the software changes for token management and filing preparation, customer discovery and beta testing. Our cost estimate in the proposal and herein captures these items. First, our cost estimate assumes that the sample application will be built from scratch with no documentation or open-source code base. Second, our estimate includes building a basic application with limited user interface functions that submits LIVE and TEST filings and requests system status and submission status from the EDGAR API, which are essential for beta testing and filing preparation. To further facilitate API integration time and mitigate some of the aforementioned development costs, Commission staff will offer filers technical resources, such as an API Development Toolkit and a sample filing application, to assist filers in developing their own connective filing software. The sample filing application will provide technical details and a working code base that could be either copied into existing filing applications or used as a base for developing a new filing application. The sample filing application code is a starting point for smaller filers that may not already have a filing application and want to enter the API space. This sample code can serve as a troubleshooting guide/reference material for all developers because it uses specific technologies ( e.g., PostgreSQL, NodeJS, Angular) that are well-documented, commonly used, and can be understood by a mid-level programmer.
Footnotes:
299 ? See Workiva Comment Letter ("If an actual user must be associated with the process due to the need to present a user token, this could potentially impose additional services . . ."); ("In our opinion, the development time estimate of 96-120 hours is a very low estimate. Considering the API integration time, the software changes for token management and filing preparation, customer discovery and beta testing time, the estimate could be an order of magnitude higher. In addition, monitoring and adapting to changes in the EDGAR Next beta environment will incur ongoing costs through March 2024. The economic [?] analysis also does not include the additional non-developmental support costs imposed on filing agents and law firms . . .").
One commenter questioned the implementation of filer and user tokens within the delegation framework and asserted that the EDGAR Next framework could lead to longer filing preparation time and hinder the efficiency of an automated filing process. 300 To address the commenter's concern, and in a change from the proposal, filers that utilize a delegated entity also have, under the final amendments, the option of using a delegated entity's filer API token and API connections to make submissions on behalf of the filer, so long as the delegated entity has authorized at least two technical administrators in accordance with paragraph (d)(3) of Rule 10. This change may further serve to mitigate concerns about development costs. As a result, APIs may be more accessible for smaller filers that may not have the resources to develop API connections or employ their own technical administrators, as they may instead delegate to a larger filer or filing agent that can develop API connections and obtain and maintain filer API tokens and two technical administrators.
Footnotes:
300 ? See Workiva Comment Letter ("[c]hange of provider could require longer lead time due to the delegation set up and acceptance process, as well as making the tokens available in the filing systems. This could put pressure on the filers when they need to respond to unforeseen situations.").
[top] Two commenters were critical of the proposal's use of filer and user tokens. 301 One commenter claimed the use of specific user tokens would subject filing agents to a higher cost of service and longer filing preparation lead time. 302 We do not think the use of specific user tokens is unduly burdensome for filers that choose to make submissions through APIs. Generating a filer API token or a user API token is a straightforward process accomplished on the dashboard within approximately one minute of logging in. Furthermore, the use of tokens to
Footnotes:
301 ? See Workiva Comment Letter and XBRL Comment Letter.
302 ? See Workiva Comment Letter ("the potential impact on increased manual intervention resulting in higher services costs, which are hard to accurately estimate at this point although we expect it to be far reaching due to the percentage of public registrants potentially impacted by this.").
Two commenters argued that the monthly user multifactor authentication login requirement would create a significant burden for their filing teams and their section 16 filers. 303 In a change to the proposing release, rather than the user API token remaining valid for up to one year so long as the user logged into EDGAR at least every 30 days, the individual will need to log in to generate a new user API token every 30 days or otherwise prior to making an infrequent filing. While we acknowledge that the requirement that a person log in to generate a new user API token every 30 days (if necessary to make a filing) may inconvenience some filers, the cost of this burden will not be significant because generating a user API token is a straightforward process accomplished on the dashboard. We estimate that a user API token could be generated within approximately one minute of logging into the dashboard. Section 16 filers may either authorize an individual at their filing agent or other third party to enroll them in EDGAR Next and during enrollment authorize one or more individuals at these entities to act as their account administrators or, when applying for access on amended Form ID, authorize individuals at their filing agents or other representative entity as their account administrators using a notarized power of attorney, each of whom may file on their behalf. Also, any incremental burdens imposed by the monthly user multifactor authentication login requirement must be considered in light of the potential benefits it will provide. User API tokens will enhance authentication, provide traceability for filings, and improve EDGAR security.
Footnotes:
303 ? See Workiva Comment Letter ("We believe a user role that has only the authority to file and manage its credentials and membership is appropriate. However, one proposed requirement for users is to log into one of the three EDGAR sites at least once every 30 days in order to keep the user token active. According to our customer survey, about 72% of the respondents indicated that this requirement poses a significant burden or risk to their filing teams."); Block Transfer Comment Letter ("We respectfully submit to the Commission that development based access keys should not be subject to monthly user MFA checks. We believe that imposing such checks on these keys may introduce unnecessary complexities and hinder the efficiency of development teams working on various projects.").
Another commenter estimated a total of 240 developer hours towards securely storing and managing the filer and user API tokens. 304 We believe, however, that the commenter's estimate of 240 additional developer hours due to the API token requirements is likely overstated. As discussed above, we estimate that it will take between 96 and 120 hours to configure the filer's filing application correctly to be able to interact with the API. 305 This estimate includes the time that filers will spend to implement a method to store the tokens in a database and to use the tokens within filers' applications to connect to the EDGAR APIs. Thus, we believe that the API application development cost estimate provided above already adequately incorporate the above steps of integrating and managing the API tokens.
Footnotes:
304 ? See XBRL Comment Letter ("Furthermore, the changes to securely store and manage Filer and User Tokens could easily add 240 developer hours.").
305 ? See supra notes 293 and 294, estimating 96 hours for filers with an existing filing application and 120 hours for filers that do not have a preexisting filing application.
Filers that choose to connect to the APIs will also incur the additional cost of authorizing, through their account administrator(s), at least two technical administrators to manage the technical aspects of the APIs. 306 The Commission estimates that annually, on average, each filer that chooses to connect to the APIs will incur approximately $170 in compliance costs per CIK with respect to the technical administrators' responsibilities. 307 These costs may vary depending on the size of the filer, the number of filer API tokens the filer employs at any given time, and the business needs of the filer with regards to the usage and management of APIs (including but not limited to the security standards imposed by the filer). We do not expect that filers will need to hire new employees to fill the technical administrator role since the primary responsibilities for the technical administrator are to generate the filer API token on an annual basis and securely store it within a filer's application and to be available in the event that a technical issue arises with APIs. We believe that larger filers and filing agents using APIs will have sufficient staff to authorize at least two technical administrators. Smaller filers who choose to connect to APIs will likely employ a delegated entity to avoid the burden of obtaining and maintaining their own filer API tokens, engineering their own API connections, and designating two technical administrators. Final paragraph (d)(3) of Rule 10's requirement that a filer authorize, through its account administrator(s), at least two technical administrators will not apply to a filer that uses the filer API token and API connections of its delegated entity, so long as the delegated entity has authorized its own technical administrators in accordance with paragraph (d)(3) of Rule 10. Filers that rely upon their delegated entity's filer API token and API connections will not need to obtain and maintain their own filer API tokens or engineer their own API connections, although their account administrators and users will need to supply their own user API tokens to the APIs, if those APIs require presentation of a user API token.
Footnotes:
306 ? See paragraph (d)(3) of Rule 10 as adopted.
307 ?The $170 estimate is based on the following calculations: $168 (hourly rate for an operations specialist at $168 for 1 hour) ? $170. Salaries for estimates are derived from SIFMA's Management & Professional Earnings in the Securities Industry 2013, modified to account for an 1,800-hour work-year and inflation, and multiplied by 5.35 to account for bonuses, firm size, employee benefits and overhead. These represent costs beyond the quantified costs for technical administrators that are associated with dashboard management. See supra note 275 for an estimate of the annual cost of dashboard management. Based on Commission staff experience and knowledge regarding the filing agent industry, we estimate there will be 208 filers that will be required to satisfy the technical administrator requirements.
e. Adopting Beta and Transition Period
[top] During the transition process to EDGAR Next, filers will incur certain ancillary costs related to testing and quality assurance. These costs may also include documentation and technical support cost for personnel managing the transition at the filer. For example, one commenter estimated 8 hours per week to track changes in the Proposing Beta through March 2024. 308 We expect that there will be a similar cost to track changes in the Adopting Beta. However, to help mitigate some of these costs, Commission staff will provide dedicated telephone support and an email help desk- EDGARNextBeta@sec.gov -as well as an online form (available in the Adopting Beta) to report technical bugs. A more improved user experience will ultimately reduce the possibility of errors and disruption for filers, thus minimizing the cost burden associated with transitioning to the new filing regime. The Adopting Beta will help
Footnotes:
308 ?XBRL Comment Letter ("There is also an estimated 8 hours per week to track changes in the beta through March 2024.").
Filers will have six months prior to the compliance date and three months after the compliance date within which to enroll through a function on the dashboard. Once a filer enrolls in EDGAR Next, the filer's CCC will be automatically reset. One commenter stated that requiring the CCC to be reset after a filer enrolls will negatively impact filing preparation lead time as individuals must first log in to view any CCC changes before submission. 309 We disagree with the commenter's characterization of the additional cost associated with viewing any CCC changes. To protect the security of the filer's EDGAR account, EDGAR will automatically reset the filer's CCC following the filer's enrollment in EDGAR Next. To leave the CCC unchanged after enrollment would frustrate the Commission's effort to enhance the security of EDGAR. We do not expect a one-time reset of the filer's CCC to cause any major disruptions because filers should be aware that the CCC will change and that they can manage it themselves on the dashboard after enrollment. To reduce the cost associated with resetting the CCC, the new CCC will be visible on the dashboard to all individuals with the ability to make submissions on the filer's behalf. Further, EDGAR will offer APIs to view filer account information and verify filing credentials, including the filer's CCC. We therefore do not believe that resetting the CCC upon enrollment will negatively impact filing preparation lead time.
Footnotes:
309 ?Workiva Comment Letter ("As discussed in the response to question 35, sweeping changes to CCC is a big disruption and risk factor to the filing chain. Coordination issues could be easily resolvable on a small scale, but at this large scale even for filing agents that have been delegated to or added as account administrators, the time requirement to log in and view CCC changes could significantly impact filing lead time given the volume and the concentration of these issues.").
3. Effects on Efficiency, Competition, and Capital Formation
The final amendments will enhance the security of EDGAR by improving the security of submissions, the individual traceability of filings, and regulatory oversight into filings. The amendments will also streamline the filing process, including filing preparations, and enhance the efficiency of the Commission's review and processing of EDGAR submissions. The amendments therefore will better protect against unauthorized access to filers' accounts and unauthorized filings on the EDGAR system. This will reduce the risk that unauthorized access and filings disrupt market efficiency and affect capital formation by affected filers. The amendments will also enhance investor confidence in, and therefore use of, the financial information available through EDGAR filings, thereby helping investors make more informed investment decisions.
We do not expect the EDGAR Next changes to impact competition because the final rules and amendments are designed to impose modest compliance costs, which are largely one-time in nature and not expected to significantly affect small filers. As discussed in sections IV.B.2.d and IV.B.2.c, the Commission is making certain technical resources available to all filers in connection with the final amendments, such as optional APIs and open-source software to connect to certain APIs, which should mitigate compliance costs, including for small filers. Larger filers and filing agents could experience ongoing compliance cost savings under EDGAR Next due to the streamlined management of filer credentials and accounts, simplified access procedures, and greater automation of the filing process and preparation. This need not disproportionately disadvantage smaller filers, however, as smaller filers will have the option to rely on delegated entities to supply API connections and filer API tokens. To the extent that, as discussed above, delegated entities experience ongoing compliance cost savings under EDGAR Next, then competition among delegated entities may lead them to pass on some of these cost savings to their clients in the form of lower fees, including to smaller filers.
C. Reasonable Alternatives
1. Add and Allow Bulk Confirmation for Related CIKs
As adopted, paragraph (d)(4) of Rule 10 will require each filer to perform an annual confirmation on EDGAR of all of the filer's users, account administrators, technical administrators, and delegated entities, as well as any other information related to the filer appearing on the dashboard. Several technical features will be introduced to facilitate compliance with the rule and form requirements. For example, bulk enrollment will permit filers and filing agents to simultaneously enroll up to 100 filers, along with their authorized account administrators, in a single batch. Several commenters suggested that the Commission should also allow bulk confirmations to be performed for related CIKs, such as CIKs that share the same administrators, users, delegations, and corporate and contact information. 310 This alternative might facilitate the confirmation of multiple filers simultaneously, but the annual confirmation for related CIKs does not lend itself to bulk processing. While some related CIKs may share the same administrators, users, delegations, and corporate and contact information, not all of them do. Related CIKs (such as CIKs for co-registrants or filers with beneficial ownership obligations) will often have different information that is to be provided on the dashboard; for example, co-registrants may have different individuals authorized to act on their behalf. 311 Thus, adding a bulk confirmation feature for related CIKs could lead to the inadvertent confirmation of dashboard information without proper review and verification for accuracy, thus undermining the intended benefits of the annual confirmation requirement. For this reason, we are not implementing this alternative. Filers may already achieve under EDGAR Next efficiencies in the confirmation process by leveraging the newly added APIs that will allow them to reduce confirmation preparation lead time by rapidly adding and removing individuals, changing roles, and performing delegations in advance of confirmation.
Footnotes:
310 ?Cadwalader Comment Letter ("On an operational level, we do not expect individual serial trusts to have account administrators, technical administrators, users or delegated entities that are not also performing the same functions for the depositor, although the depositor may have certain additional account administrators, technical administrators, users or delegated entities who are not assigned to all of the related serial trusts. Therefore, depositor-level confirmation of its authorized parties would also encompass all individuals assigned roles with respect to each individual serial trust."); Toppan Merrill Comment Letter (responding to a question regarding whether bulk confirmations should be permitted by stating "[y]es, affiliated filers with the same administrators, users, delegations, and corporate and contact information should be allowed similar functionality . . .").
311 ? See supra section II.B.1.
2. Extend the ABSCOMP Process to Affiliated Entities
[top] EDGAR permits certain filings to be submitted on behalf of multiple filers, that are treated as co-registrants for purposes of the filing. Examples of several types of issuers that manage and file with related entities include investment companies filing on behalf of other affiliated investment companies, corporate issuers with co-registrants, beneficial ownership reporting filers ( e.g., Form 144, Schedule 13D, Schedule 13G, and section 16 filers), and ABS issuers. While these registrants have a separate CIK for each filer, they are managed by one entity. In particular, ABS issuers,
One commenter recommended expanding the ABSCOMP process to other issuers that have a related structure with multiple related parties. 312 This alternative, however, would not provide the same benefits to filers with related party structure as it does for ABS issuers because the same dashboard information would be disseminated to all related entities involved in the ABSCOMP process. While ABS issuers and their serial companies share the same underlying dashboard information, other related party entities, such as investment companies and co-registrants, do not share this characteristic, as each of these filers typically possesses separate filer-specific information such as name, address, and contact information, as well as separate reporting obligations. Thus, expanding the ABSCOMP process to other related party filers could increase the risk of filing errors and inconsistencies, resulting in additional administrative burden and delays in the submission process for the related party filers in scope. For this reason, we are not implementing this alternative. The added APIs under EDGAR Next should already substantially address the commenter's concerns by allowing filers to rapidly add account administrators and make other changes as necessary, as discussed further in section II.E above.
Footnotes:
312 ? See Toppan Merrill Comment Letter ("The proposed functionality for an ABS account administrator to access the dashboard for serial companies could be utilized for other issuers who have a related structure with multiple entities . . . including corporate issuers with co-registrants [and] beneficial ownership reporting filers. . . . If the existing option to create a serial company by the `ABSCOMP' process is available in EDGAR Next functionality that will be sufficient for ABS entities to manage creating new CIKs.").
3. Retire the CCC for Filing Submissions
The final amendments will maintain the CCC as the code required for filing. The CCC code will be displayed on the dashboard. Alternatively, one commenter suggested eliminating the use of a filer's CCC to submit a filing. The commenter stated that the CCC requirement will be redundant as individuals accessing the CCC through the dashboard will also need to sign in with their respective individual account credentials, complete multifactor authentication, and be authorized by the filer.
Retiring the CCC could result in a modest efficiency gain for filers by eliminating the additional step of presenting the CCC as a requirement for submission authorization resulting in a moderate reduction in submission preparation time. The CCC could be eliminated in the future if feasible from a technical and security standpoint. 313 At this time, however, we continue to believe that the required use of the CCC enhances submission security. Moreover, some commenters? 314 expressed their preferences for maintaining the current co-registrant filings process unchanged, and this process requires both the CCC and CIK for submission success. Also, EDGAR Next will introduce a view account information API that will allow filers and filing agents to view the filer's CCC via an API (so long as the user API token belongs to an individual who has permissions to view the CCC and use the filer API token). Facilitating access to the CCC via the dashboard and the APIs should ease the burden of submitting the CCC for each filing.
Footnotes:
313 ? See supra section II.A.
314 ? See supra note 123.
4. Requirements for Individual and Small Filers
EDGAR Next will apply to all prospective and existing filers regardless of size. Alternatively, the Commission could implement scaled requirements for small entities and individual filers. For example, the Commission could consider exempting section 16 filers from amended paragraph (d)(4) of Rule 10(d)(4), which will require filers, through their authorized account administrators, to confirm annually that all account administrators, users, and delegated entities, and technical administrators reflected on the dashboard for the filer's EDGAR account are authorized by the filer and that all information regarding the filer on the dashboard is accurate. Further, the Commission could exempt small filers from amended paragraph (d)(1) of Rule 10(d)(1), and instead allow small filers to independently develop practices and recordkeeping to track individuals acting on their behalf and safeguard their account access codes. Such scaled requirements would lower the compliance costs for small entities and individual filers.
Exempting any subgroup of filers from paragraph (d)(1) or (d)(4) of Rule 10(d)(1) or Rule 10(d)(4), or the other EDGAR Next changes, would lessen the security benefits of EDGAR Next with regard to these filers. The EDGAR Next changes are designed to enhance the security of EDGAR filings, including by, among other things, strengthening the security of access to filers' EDGAR accounts by establishing a uniform method for authorizing, identifying, and tracking all individuals authorized to act on each filer's behalf. Exempting small filers from obtaining individual account credentials would increase the risks that small entities and individual filers are subject to unauthorized access to their EDGAR accounts and unauthorized filings, thereby undermining the benefits of EDGAR Next. Also, as discussed in sections IV.B.2.d and IV.B.2.c, (the Commission is making certain technical resources available to filers in connection with the final amendments, such as optional APIs, 315 the Adopting Beta, and a transition period, all of which should help mitigate compliance costs for smaller entities and individual filers.
Footnotes:
315 ?As discussed above in section IV.B.2.d, while we do not expect smaller entities to develop their own software, they may be able to use the optional APIs of a delegated entity pursuant to adopted paragraph (d)(3) of Rule 10.
[top] As another alternative, the Commission could allow smaller filers additional time to come into compliance. One commenter suggested that Section 16 filers be granted an additional six months after the enrollment period ends so that they do not miss any deadlines while they enroll in EDGAR Next. 316 A longer enrollment period would lower the compliance cost for small filers by enabling a transition to EDGAR Next at a pace that suits their needs, allowing these filers with fewer resources more time to adapt to the new requirements. EDGAR Next will allow filers an additional three months after compliance within which to enroll, although the legacy filing regime will not be extended beyond the compliance date. Extending the legacy filing regime would lessen the security benefits of EDGAR Next by delaying the implementation of the multifactor authentication and individual account credential requirements. 317
Footnotes:
316 ?SCG Comment Letter ("We also ask that the Commission consider allowing all Section 16 filers to continue to use the existing EDGAR system for an additional six months after the enrollment period ends, so they do not miss any deadlines while they enroll in EDGAR Next.") (emphasis in original).
317 ? See supra note 48.
5. Implementing Performance-Based Standards
EDGAR Next mandates certain prescribed requirements to enhance the security of EDGAR's filing regime. We could consider an alternative with a more performance-based approach that would not spell out the precise actions filers need to take in order to improve the security of EDGAR. For instance, we could simply state that filers should have practices and recordkeeping that allow the Commission to more easily identify anyone who takes action on EDGAR on the filer's behalf and also ensure that only individuals authorized by the filer are privy to the filer's access codes. This could, for instance, lead beneficial ownership reporting filers to opt to forgo authorizing account administrators to manage their EDGAR account, or other filers could determine that they do not need multifactor authentication for designated individuals authorized to act on their behalf on the dashboard.
The benefits of a more performance-based approach would be that filers would have more flexibility in what their practices and recordkeeping cover. For instance, they could tailor their EDGAR access compliance requirements to their specific circumstances and have greater discretion in how they manage their EDGAR accounts and safeguard their account access codes. While this approach would provide more flexibility for filers, we are not implementing this alternative as allowing individual filers to decide which security measures to implement would undermine our objective of enhancing the existing security requirements for the EDGAR system. In particular, individual account credential requirements, including multifactor authentication, are a key security enhancement that allows us to modernize and implement stronger cybersecurity standards, consistent with current best practices, as described in Executive Order No. 14028 and the NIST guidelines. 318
Footnotes:
318 ? See supra notes 29 and 30 and accompanying text.
V. Paperwork Reduction Act
Certain provisions of our rules and forms that will be affected by the final amendments contain "collection of information" requirements within the meaning of the Paperwork Reduction Act of 1995 ("PRA"). 319 The Commission published a notice requesting comment on changes to these collection of information requirements in the Proposing Release and submitted these requirements to the Office of Management and Budget ("OMB") for review in accordance with the PRA. 320 An agency may not conduct or sponsor, and a person is not required to respond to, a collection of information unless it displays a currently valid OMB control number. Compliance with the information collection is mandatory. Responses to the information collection are not kept confidential, and there is no mandatory retention period for the information disclosed. The title for the existing collection of information that we are amending is "Form ID-EDGAR Password" (OMB Control No. 3235-0328). We also are adding a new collection of information titled "the dashboard." The final amendments to Form ID and the implementation of the dashboard are designed to harness the benefits of improved technology and to modernize the EDGAR access and account management functions. A detailed description of the final amendments, including the amendments to Form ID and the implementation of the dashboard, including the need for the information and its intended use, as well as a description of the likely respondents, can be found in section II above, and a discussion of the expected economic impact of the amendments can be found in section IV above.
Footnotes:
319 ?44 U.S.C. 3501 et seq.
320 ?44 U.S.C. 3507(d); 5 CFR 1320.11.
A. Summary of Comment Letters on PRA Estimates
In the Proposing Release, the Commission requested comment on the PRA burden hour and cost estimates and the analysis used to derive the estimates. We received two comment letters addressing the PRA estimates. One letter inquired whether notarization had been accounted for in our burden estimates. 321 We affirm that the PRA estimates, both previously approved by OMB and the estimates contained in these final amendments, reflect the overall burden of compliance with Form ID, including the notarization requirements. 322 The second letter recommended that the amendments lead to an update to the "Paperwork Reduction Act" as it will require more filings by companies through EDGAR. 323 To the extent that the filer was referring to the PRA burden estimates associated with EDGAR Next, as discussed below, we are revising those estimates to reflect the EDGAR Next changes, although we do not expect the EDGAR Next changes to cause a significant increase in the number of filings on EDGAR.
Footnotes:
321 ? See Block Transfer Comment Letter.
322 ?The burden represents an estimate of the average compliance burden. Consequently, the burden could be lower for some filers (such as those that do not need to add notarizations for account administrators), and higher for other filers (such as those that do need to include notarizations for account administrators).
323 ? See comment Letter of Akash Chand (September 13, 2023).
B. Form ID
Form ID must be completed online and submitted to the Commission by individuals, companies, and other organizations that seek access to file electronically on EDGAR.
[top] As outlined above, the final amendments to Form ID will require an applicant for EDGAR access to undertake certain additional obligations, including most significantly: (1) designating on Form ID specific individuals the applicant authorizes as its account administrator(s) to manage its EDGAR account on a dedicated dashboard on EDGAR; (2) indicating the applicant's LEI, if any; (3) providing more specific contact information about the filer, its account administrator(s), its authorized individual (the individual authorized to sign Form ID on the filer's behalf as defined in the EDGAR Filer Manual), and its billing contact (including mailing, business, and billing information, as applicable); (4) specifying whether the applicant, its authorized individual, person signing a power of attorney (if applicable), account administrator, or billing contact has been criminally convicted as a result of a Federal or State securities law violation, or civilly or administratively enjoined, barred, suspended, or banned in any capacity, as a result of a Federal or State securities law violation; (5) indicating whether the applicant, if a company, is in good standing with its State or country of incorporation; (6) requiring submission of a new Form ID for both prospective filers seeking access to EDGAR for the first time and existing filers that must apply for access to EDGAR because they: (i) are the legal successor of the filer named on the existing CIK account but did not receive access from that filer, (ii) lost electronic access to their existing CIK account, or (iii) are broker-dealers or "paper filers" seeking electronic access for the first time in order to file electronically on EDGAR; and (7) requiring those seeking access to an existing EDGAR account to
For purposes of the Paperwork Reduction Act, the currently approved collection of information includes an estimate of 57,329 Form ID filings annually and further estimates approximately 0.30 hours per response to prepare and file Form ID, for a total of 17,199 annual burden hours. Those estimates include the number of Form ID filings for filers without CIKs (48,089 filings), filers with CIKs that are seeking to regain access to EDGAR (8,836 filings), and filers with CIKs that have not filed electronically on EDGAR (404 filings). 324 These estimates assume that filers are responsible for 100% of the total burden hours.
Footnotes:
324 ?48,089 filings for users without CIKs + 8,836 filings for filers who are seeking to regain access to EDGAR + 404 filings for filers with CIKs who have not yet filed electronically on EDGAR = 57,329 filings.
There were 73,600 Form ID filings in calendar year 2023. The estimate includes the number of filers without CIKs, filers with CIKs that have not filed electronically on EDGAR, and filers with CIKs that are seeking to regain access EDGAR. 325 For purposes of the Paperwork Reduction Act, we estimate that the number of Form ID filings under the final amendments will remain the same and that the number of hours to prepare Form ID will increase by 0.30 hours as a result of the adoption of the access changes and Form ID amendments. 326
Footnotes:
325 ?63,676 filings for users without CIKs + 9,602 filings for filers who are seeking to regain access to EDGAR + 322 filings for filers with CIKs who have not yet filed electronically on EDGAR = 73,600 filings.
326 ?The increase in burden will vary by applicant depending on whether certain of their responses required additional information ( e.g., explaining the circumstances surrounding any specified individuals who are currently subject to Federal or State securities law investigations, proceedings, convictions, suspensions, or bars, and for applicants seeking access to an existing CIK account, providing the documents that establish the applicant's authority over the company or individual currently listed in EDGAR as corresponding to the existing CIK account).
Thus, for purposes of the Paperwork Reduction Act, the estimated total number of annual Form ID filings will increase from 57,329 filings to 73,600 filings. The estimate of 0.30 hours per response will increase to 0.60 hours per response. The estimated total annual burden will increase from 17,199 hours to 44,160 hours. 327 The estimate that the filers are responsible for 100% of the total burden hours will remain the same.
Footnotes:
327 ?73,600 filings × 0.60 hours/filing = 44,160 hours.
[Federal Register graphic "ER27DE24.016" is not available. Please view the graphic in the PDF version of this document.]
C. The Dashboard
As outlined above, pursuant to paragraph (d) of Rule 10 as adopted each filer will be required to authorize individuals to act on its behalf on the dashboard, and those individuals must have obtained individual account credentials for EDGAR in the manner specified in the EDGAR Filer Manual. Moreover, pursuant to paragraph (d) of Rule 10 as adopted, each filer, through its account administrators, will be required to: (i) authorize and maintain at least two individuals as authorized account administrators to act on the filer's behalf to manage the filer's EDGAR account, except a filer who is an individual or single-member company must authorize and maintain at least one individual as an account administrator; (ii) confirm annually on EDGAR that all users, account administrators, technical administrators, and/or delegated entities reflected on the dashboard for the filer's EDGAR account are authorized by the filer, and that the filer's information on the dashboard is accurate; (iii) maintain accurate and current information on EDGAR concerning the filer's account, including but not limited to accurate corporate information and contact information (such as mailing and business addresses, email addresses, and telephone numbers); (iv) securely maintain information relevant to the ability to access the filer's EDGAR account, including but not limited to access through any EDGAR API; and (v) if the filer chooses to connect to an EDGAR API, authorize, through its account administrator(s) at least two technical administrators to manage technical matters related to the filer's connection to the API, or the filer may use the API connections and filer API tokens of its delegated entity so long as the delegated entity is in compliance with the technical administrator and other API requirements.
EDGAR will facilitate account administrators' management of filers' accounts by allowing them to: (i) add and remove users, account administrators, and technical administrators (including removing themselves as an account administrator); (ii) create and edit groups of users; (iii) delegate filing authority to other EDGAR accounts and remove such delegations; (iv) generate a new CCC; and (v) receive notifications regarding significant events affecting the account (which will also be provided via email to the account administrators' email addresses).
[top] For purposes of the PRA, we estimate that each filer will spend approximately one hour in the first year setting up the dashboard, and additionally, on average, approximately one hour per annum managing the filer's account on the dashboard. This burden will vary across filers depending on the size of the filer, the number of users, account administrators, technical administrators, and delegated entities authorized by the filer, as well as the amount of annual staff turnover for those individuals and entities, among other factors. For a small number of filers, the annual burden may significantly exceed our estimate ( e.g., filing agents that may authorize a large number of individuals and that have multiple accepted delegations and user groups for which delegated users will need to be maintained). On the other hand, for the vast majority of filers, the annual burden will presumably be less than our estimate because we expect most filers will authorize a small number of individuals and will experience little or no annual turnover
Footnotes:
328 ?A filer survey conducted by a filing agent found that at least 64% of its respondents planned to have three or fewer account administrators, and 96% of its respondents planned to have fewer than 20 users. See Workiva Comment Letter (November 30, 2021). Moreover, since filers are not required to authorize users, technical administrators, or delegations, filers who did not choose to authorize such individuals or third parties would not have any associated burdens.
329 ?The estimate of 1.3 hours per filer is based on the following calculations: For dashboard set up, 1 hour in the first year ÷ 3 years = 0.3 hours on average; for dashboard management, 1 hour per year ÷ 3 years = 1 hour on average; 0.3 hours for dashboard set up + 1 hour for dashboard management = 1.3 hours on average for all dashboard responsibilities. The estimate of 270,400 hours is based on the following calculations: 0.3 hours for dashboard set up × 208,000 filers = 62,400 hours; 1 hour for dashboard management × 208,000 filers = 208,000 hours; 62,400 hours + 208,000 hours = 270,400 hours.
[Federal Register graphic "ER27DE24.017" is not available. Please view the graphic in the PDF version of this document.]
VI. Final Regulatory Flexibility Analysis
The Regulatory Flexibility Act ("RFA")? 330 requires an agency, when issuing a rulemaking adoption, to prepare and make available a Final Regulatory Flexibility Analysis ("FRFA") that describes the impact of the final rule on small entities. 331 This FRFA has been prepared in accordance with the RFA and relates to the amendments to Rules 10 and 11 of Regulation S-T and Form ID described in section II.F above.
Footnotes:
330 ?5 U.S.C. 601 et seq.
331 ? Id.
A. Need for and Objectives of the Rule and Form Amendments
The purpose of the final amendments is to enhance the security of EDGAR accounts, improve the ability of filers to securely maintain access to their EDGAR accounts, facilitate the responsible management of EDGAR filer credentials, and simplify procedures for accessing EDGAR. Among other things, the final amendments will require each filer to:
Authorize individuals to act on its behalf on the dashboard only if those individuals have obtained individual account credentials in the manner specified in the EDGAR Filer Manual;
Authorize and maintain individuals as account administrators to manage their EDGAR accounts on the dashboard;
Confirm annually on EDGAR, through their account administrators, that all account administrators, users, technical administrators and delegated entities reflected on the dashboard for the filer's EDGAR account are authorized by the filer to act on its behalf, and that all information about the filer on the dashboard is accurate;
Maintain accurate and current information on EDGAR concerning the filer's account; and
Securely maintain information relevant to the ability to access the filer's EDGAR account.
Filers that choose to connect to the optional EDGAR APIs to make submissions on EDGAR and take other actions, will, among other things, generally be required through their account administrators to authorize at least two technical administrators to manage tokens and other technical aspects of the EDGAR APIs unless they use the API connections and filer API tokens of their delegated entities that have authorized at least two technical administrators, in which case an individual at the relevant filer need only supply a user API token, if the relevant API requires presentation of a user API token.
B. Significant Issues Raised by Public Comments
We received no comments on the Initial Regulatory Flexibility Analysis contained in the Proposing Release. Commenters did state, however, that several aspects of the rulemaking would have both financial and workload impacts on their business and services offered, including: the requirement to obtain individual account credentials resulting in "additional costs and confusion for individuals and small entity filers,"? 332 dashboard requirements resulting in "administrative burden and ongoing maintenance costs,"? 333 and requirements for API tokens resulting in "higher service costs."? 334
Footnotes:
332 ? See Toppan Merrill Comment Letter (regarding the individual account credential requirement: "Yes, there will be additional costs and confusion for individuals and entity filers. It will be beneficial for the SEC to provide a well-publicized education and an information campaign to help prepare filers for the EDGAR Next mandate. We commend the SEC for providing the EDGAR Next Beta testing environment and hosting introductory webinars. To encourage more registrant participation, it would be beneficial for the SEC to post step-by-step videos on its YouTube channel of each essential part of the EDGAR Next process.").
333 ? See Workiva Comment Letter, discussed supra note 141 ("All functionality provided by the EDGAR Dashboard should be available via APIs . . . . The administration burden and ongoing maintenance costs [of manually using the dashboard] will be significant and could ultimately impact the cost burden on the filers").
334 ? See Workiva Comment Letter, discussed supra note 302 (asserting regarding the requirement that API tokens be manually obtained pursuant to multifactor authentication, that "manual intervention result[s] in higher services costs, which are hard to accurately estimate at this point although we expect it to be far reaching due to the percentage of public registrants potentially impacted by this.").
[top] As noted above, to further facilitate individuals' and small entity filers' experience with the EDGAR Next transition, Commission staff will begin public outreach immediately after the
Footnotes:
335 ? See section II.H.2.
336 ? See generally section II.H.
In addition, to minimize administrative burden and ongoing maintenance costs related to the dashboard, we are extending the grace period for filers to timely perform annual confirmations from two weeks to three months. 337 Commission staff will also offer 12 optional APIs beyond what was contemplated in the proposal, as well as an API Development Toolkit and a sample filing application to assist filers in developing their own filing software to connect to the APIs. 338 As discussed above, these new optional APIs will replicate much of the account management functionality provided on the dashboard, which should allow filers to reduce burdens and manage their EDGAR accounts in a more automated manner. 339
Footnotes:
337 ? See supra text accompanying and following note 89.
338 ? See generally section II.E.
339 ? See supra text accompanying note 141.
Furthermore, in a change from the proposal, filers with delegated entities will be able to use the API connections and filer API tokens of their delegated entities? 340 and will not need to authorize technical administrators, so long as the delegated entity maintains at least two technical administrators. This will alleviate the need for filers with delegated entities to authorize at least two technical administrators, create API connections and maintain their own filer API tokens in order for their users to interact with EDGAR through APIs, although individuals at these filers will need to generate and present user API tokens to interact with the APIs, if those APIs require presentation of a user API. While filers could rely completely on their delegated entities to interact with EDGAR on their behalf, certain filers may wish to retain the ability to have their users interact with EDGAR through APIs. This change allows them to do so in a cost-effective fashion and, as a result, may make APIs more accessible for smaller filers that may not have the resources to connect to the APIs or employ their own technical administrators. Individuals at filers using their delegated entities' filer API tokens and API connections must nevertheless supply their own user API tokens to interact with the EDGAR APIs, if those APIs require presentation of a user API token.
Footnotes:
340 ?See supra text accompanying note 112.
C. Small Entities Subject to the Rule and Form Amendments
The final amendments will affect individuals and entities that have EDGAR accounts or that seek to open EDGAR accounts. The RFA defines "small entity" to mean "small business," "small organization," or "small governmental jurisdiction."? 341 For purposes of the RFA, under our rules, an issuer, other than an investment company, is a small entity if it had total assets of $5 million or less on the last day of its most recent fiscal year. 342 We estimate there are 800 issuers that file with the Commission-other than investment companies-that will be considered small entities for purposes of this analysis. 343
Footnotes:
341 ?5 U.S.C. 601(6).
342 ? See 17 CFR 240.0-10(a)).
343 ?This estimate is based on staff analysis of issuers potentially subject to the final amendments, excluding co-registrants, with EDGAR filings on Form 10-K, or amendments thereto, filed during the calendar year of January 1, 2023 to December 31, 2023. This analysis is based on data from XBRL filings, Compustat, Ives Group Audit Analytics, and manual review of filings submitted to the Commission.
With respect to investment companies and investment advisers, an investment company, including a business development company, is considered to be a small entity if it, together with other investment companies in the same group of related investment companies, has net assets of $50 million or less as of the end of its most recent fiscal year. 344 We estimate that there are 87 registered investment companies (including business development companies and unit-investment trusts) that will be considered small entities. 345 An investment adviser is generally considered a small entity if it: (1) has assets under management having a total value of less than $25 million; (2) did not have total assets of $5 million or more on the last day of the most recent fiscal year; and (3) does not control, is not controlled by, and is not under common control with another investment adviser that has assets under management of $25 million or more, or any person (other than a natural person) that had total assets of $5 million or more on the last day of its most recent fiscal year. 346 We estimate that there are 471 investment advisers that will be considered small entities. 347
Footnotes:
344 ? See 17 CFR 270.0-10.
345 ?This estimate is derived from an analysis of data obtained from Morningstar Direct as well as data filed with the Commission (on Forms N-CSR, NPORT-P, 10-Q, and 10-K) for the last quarter of 2023.
346 ?17 CFR 275.0-7.
347 ?We based this estimate on registered investment adviser responses to Item 12 of Form ADV.
[top] A transfer agent is considered to be a small entity if it: (1) received less than 500 items for transfer and less than 500 items for processing during the preceding six months (or in the time that it has been in business, if shorter); (2) transferred items only of issuers that would be deemed "small businesses" or "small organizations" as defined in 17 CFR 240.0-10; (3) maintained master shareholder files that in the aggregate contained less than 1,000 shareholder accounts or was the named transfer agent for less than 1,000 shareholder accounts at all times during the preceding fiscal year (or in the time that it has been in business, if shorter); and (4) is not affiliated with any person (other than a natural person) that is not a small business or small organization under 17 CFR 240.0-10. 348 We estimate
Footnotes:
348 ?17 CFR 240.0-10(h).
349 ?We based this estimate on transfer agent responses to questions 4(a) and 5(a) on their latest filing on Form TA-2.
With respect to municipal securities dealers and broker-dealers, a municipal securities dealer that is a bank (including any separately identifiable department or division of a bank) is a small entity if it: (1) had, or is a department of a bank that had, total assets of less than $10 million at all times during the preceding fiscal year (or in the time that it has been in business, if shorter); (2) had an average monthly volume of municipal securities transactions in the preceding fiscal year (or in the time it has been registered, if shorter) of less than $100,000; and (3) is not affiliated with any person (other than a natural person) that is not a small business or small organization as defined in 17 CFR 240.0-10. 350 We estimate there are 185 municipal securities dealers that will be considered small entities. 351 A broker-dealer is a small entity if it: (1) had total capital (net worth plus subordinated liabilities) of less than $500,000 on the date in the prior fiscal year as of which its audited financial statements were prepared pursuant to §?240.17a-5(d) or, if not required to file such statements, a broker or dealer that had total capital (net worth plus subordinated liabilities) of less than $500,000 on the last business day of the preceding fiscal year (or in the time that it has been in business, if shorter); and (2) is not affiliated with any person (other than a natural person) that is not a small business or small organization as defined in 17 CFR 240.0-10. 352 We estimate that there are 737 broker-dealers that will be considered small entities. 353
Footnotes:
350 ?17 CFR 240.0-10(f).
351 ?This estimate is based on MSRB data filed during the calendar year of January 1, 2023 to December 31, 2023.
352 ?17 CFR 240.0-10(c).
353 ?This estimate is based on FOCUS Report data filed during the calendar year of January 1, 2023 to December 31, 2023.
A clearing agency is a small entity if it: (1) compared, cleared and settled less than $500 million in securities transactions during the preceding fiscal year (or in the time that it has been in business, if shorter); (2) had less than $200 million of funds and securities in its custody or control at all times during the preceding fiscal year (or in the time that it has been in business, if shorter); and (3) is not affiliated with any person (other than a natural person) that is not a small business or small organization as defined in 17 CFR 240.0-10. 354 We estimate there are zero clearing agencies that are small entities, as of December 31, 2023.
Footnotes:
354 ?17 CFR 240.0-10(d).
An exchange is a small entity if it: (1) has been exempted from the reporting requirements of §?242.601 of this chapter; and (2) is not affiliated with any person (other than a natural person) that is not a small business or small organization as defined in 17 CFR 240.0-10. 355 We estimate there are zero exchanges that are small entities, as of December 31, 2023. A securities information processor is a small entity if it: (1) had gross revenues of less than $10 million during the preceding fiscal year (or in the time it has been in business, if shorter); (2) provided service to fewer than 100 interrogation devices or moving tickers at all times during the preceding fiscal year (or in the time that it has been in business, if shorter); and (3) is not affiliated with any person (other than a natural person) that is not a small business or small organization under 17 CFR 240.0-10. 356 We estimate there are zero securities information processors that are small entities, as of December 31, 2023.
Footnotes:
355 ?17 CFR 240.0-10(e).
356 ?17 CFR 240.0-10(g).
Collectively, we estimate that there are 2,411 small entities that will be potentially subject to the amendments, based on our review of data reported as of December 31, 2023.
D. Projected Reporting, Recordkeeping, and Other Compliance Requirements
As noted above, the purpose of the amendments will be to update access and provide secure management of individual and entity filers' EDGAR accounts. The amendments will apply to all applicants and current EDGAR accounts and will apply to small entities to the same extent as other entities, irrespective of size. Therefore, we generally expect the nature of any benefits and cost associated with the amendments to be similar for large and small entities. As discussed above, 357 all existing and new EDGAR filers will be subject to certain fixed costs to update and maintain an EDGAR account under the amendments, which may result in a proportionally larger burden on small filers.
Footnotes:
357 ? See section III.C.2.
We expect that the amendments to the rules and form to update requirements regarding access and management of EDGAR accounts will have a small incremental effect on existing reporting, recordkeeping and other compliance burdens for all existing and new EDGAR filers, including small entities. At the same time, the EDGAR Next changes will simplify account management by providing an interactive dashboard on EDGAR, populated with EDGAR account information, as the central platform for account administrators and other delegated individuals to manage access to the account, update account information and send communications and notifications. Some of the amendments, including requirements for all filers to confirm the accuracy of their account information, including authorizations for all account administrators, users, technical administrators, and/or delegated entities, will require the use of administrative and technical skills, and increase compliance costs for registrants, although, as discussed in further detail in section IV, we do not expect these additional costs will be significant.
E. Agency Action To Minimize Effects on Small Entities
The RFA directs us to consider alternatives that will accomplish our stated objectives, while minimizing any significant adverse impact on small entities. In connection with the amendments, we considered the following alternatives:
i. Establishing different compliance requirements for individual and entity EDGAR account managers that take into account the resources available to small entities;
ii. Clarifying, consolidating, or simplifying compliance and reporting requirements under the rules for small entities;
iii. Using performance rather than design standards;? 358 and
Footnotes:
358 ?See the discussion of performance-based standards in section IV.D.3.
iv. Exempting small entities from all or part of the requirements.
[top] Regarding the first, third, and fourth alternatives, 359 we do not believe that establishing different compliance requirements, using performance rather than design standards, or exempting small entities from the requirements will permit us to obtain our desired objectives. We are concerned that each of these alternatives would undermine our efforts to enhance the security of EDGAR, improve the ability of filers to securely manage and maintain access to their EDGAR accounts, facilitate the responsible management of EDGAR filer credentials, and simplify procedures for accessing EDGAR. The amendments set forth uniform requirements for each filer
Footnotes:
359 ?See the discussion of compliance requirements in section IV.D.2.
360 ? See Proposing Release, at notes 28-29 (indicating that 60 to 90% of EDGAR filings may be submitted by filing agents).
As noted above, 361 the Commission considered using a performance-based approach rather than the design standards used in the EDGAR Next changes and the amended rules and forms. A more performance-based approach would reduce the regulatory burden for certain filers by permitting them to tailor their EDGAR access compliance requirements to fit their own particular circumstances. For example, small filers could determine that they do not need the additional security provided by multifactor authentication for designated individuals to be authorized to act on their behalf on the dashboard. Furthermore, larger filers might opt to authorize and maintain only one account administrator rather than authorize and maintain two such individuals. However, after consideration, we believe that permitting filers to tailor their EDGAR access compliance requirements to fit their own particular circumstances would diminish the intended benefits of the EDGAR Next changes. As discussed earlier, 362 bypassing the individual account credential requirements would make it difficult for the Commission to match specific filings to the relevant individual who made the submissions. Likewise, generally allowing filers to have only one account administrator would increase the likelihood that Commission staff could not reach an account administrator when it had time-sensitive questions about access to or activity on the account. Overall, a performance-based approach would create inconsistencies in improving the overall security of EDGAR, facilitating the responsible management of EDGAR filer credentials, and simplifying procedures for accessing EDGAR. In addition, any cost savings associated with a performance-based approach would likely be minimal because filers would still incur costs to adjust to new EDGAR access requirements. Further, this alternative would limit the magnitude of the benefits for filers that would result from the contemplated EDGAR Next changes.
Footnotes:
361 ? See section III.D.3.
362 ? Id.
In addition, establishing different compliance requirements, using performance rather than design standards, or exempting small entities could permit individuals to access EDGAR accounts for small filers without being authorized on the dashboard, without multifactor authentication, and without their EDGAR permissions being individually verified by EDGAR. Furthermore, if these exemptions or alternatives for small entities were implemented so that individuals acting on behalf of small entities were not required to obtain individual account credentials, the Commission would not be able to associate individuals with the specific filings they submitted on behalf of small entities. Collectively, this would reduce the security of EDGAR accounts for small entities, hinder the ability of the Commission and filers to prevent and resolve problematic and unauthorized filings, and frustrate our efforts to require all entities to responsibly manage EDGAR filer credentials.
Regarding the second alternative, we believe the rulemaking is clear, and that clarifying, consolidating, or simplifying compliance requirements for EDGAR filers, including small entities, is not necessary. All EDGAR users currently follow the same process and rules to access and maintain their EDGAR accounts. The changes to EDGAR account management will in many ways simplify procedures for accessing EDGAR and EDGAR account management. Among other things, the changes will eliminate the need for individuals to track and share EDGAR passwords, PMACs, and passphrase codes for each CIK. Instead, each individual will only be responsible for tracking a single set of individual account credentials, which will be issued by Login.gov . Once the individual logs into EDGAR using those credentials, the dashboard will automatically authenticate the individual and provide her with the appropriate access to each CIK for which she had been authorized to take action. The dashboard will also display any relevant individual codes or tokens (such as user API tokens or CCCs), instead of requiring the individual to personally track or record those codes or tokens. This should result in more streamlined, modern access processes that will benefit all filers, including individuals and small entities.
Statutory Authority
We are amending Rules 10 and 11 of Regulation S-T and Form ID under the authority in sections 6, 7, 8, 10, and 19(a) of the Securities Act, 363 sections 3, 4A, 4B, 12, 13, 14, 15, 15B, 23, and 35A of the Exchange Act, 364 section 319 of the Trust Indenture Act of 1939, 365 and sections 8, 30, 31, and 38 of the Investment Company Act. 366
Footnotes:
363 ?15 U.S.C. 77f, 77g, 77h, 77j, and 77s (a).
364 ?15 U.S.C. 78c, 78 l, 78m, 78n, 78 o, 78 o -4, 78w, and 78 ll.
365 ?15 U.S.C. 77sss.
366 ?15 U.S.C. 80a-8, 80a-29, 80a-30, and 80a-37.
List of Subjects
17 CFR Part 232
Administrative practice and procedure, Confidential business information, Electronic filing, Incorporation by reference, Reporting and recordkeeping requirements, Securities.
17 CFR Part 239
Administrative practice and procedure, Confidential business information, Reporting and recordkeeping requirements, Securities.
17 CFR Part 249
Administrative practice and procedure, Brokers, Fraud, Reporting and recordkeeping requirements, Securities.
17 CFR Part 269
Reporting and recordkeeping requirements, Securities, Trusts and trustees.
17 CFR Part 274
[top] Administrative practice and procedure, Electronic funds transfers,
For the reasons discussed above, we are amending title 17, chapter II of the Coe of Federal Regulations as follows:
PART 232-REGULATION S-T-GENERAL RULES AND REGULATIONS FOR ELECTRONIC FILINGS
1. The general authority citation for part 232 continues to read as follows:
Authority:
15 U.S.C. 77c, 77f, 77g, 77h, 77j, 77s(a), 77z-3, 77sss(a), 78c(b), 78 l, 78m, 78n, 78n-1, 78o(d), 78w(a), 78 ll, 80a-6(c), 80a-8, 80a-29, 80a-30, 80a-37, 7201 et seq.; and 18 U.S.C. 1350, unless otherwise noted.
2. Amend §?232.10 by revising paragraph (b), adding paragraph (d), and revising the note to §?232.10 to read as follows:
§?232.10 Application of part 232.
(b) Each electronic filer must, before filing on EDGAR:
(1) File electronically the information required by Form ID (§§?239.63, 249.446, 269.7, and 274.402 of this chapter), the application for EDGAR access and
(2) File, by uploading as a Portable Document Format (PDF) attachment to the Form ID filing, a notarized document, signed by the electronic filer or its authorized individual, that includes the information required to be included in the Form ID filing and confirms the authenticity of the Form ID filing.
(d) To file on EDGAR, each electronic filer must comply with the EDGAR account access and account management requirements set forth in this section and in the EDGAR Filer Manual.
(1) The electronic filer may only authorize individuals to act on its behalf on the dashboard if those individuals have obtained individual account credentials for EDGAR in the manner specified in the EDGAR Filer Manual;
(2) Each electronic filer must authorize and maintain at least two individuals as account administrators to act on the electronic filer's behalf to manage its EDGAR account, except each individual or single-member company electronic filer must authorize and maintain at least one individual as an account administrator to manage its EDGAR account;
(3) If the electronic filer chooses to connect to an EDGAR Application Programming Interface, the electronic filer, through its authorized account administrator(s), must authorize at least two technical administrators to manage technical matters related to the electronic filer's connection to any EDGAR Application Programming Interface, unless the electronic filer delegates to a delegated entity that is in compliance with the technical administrator requirements of this paragraph and connects to the EDGAR Application Programming Interface using its delegated entity's filer API tokens and API connections;
(4) The electronic filer, through its authorized account administrator(s), must confirm annually on EDGAR that all account administrators, users, technical administrators, and/or delegated entities reflected on the dashboard for its EDGAR account are authorized by the electronic filer to act on its behalf, and that all information about the filer on the dashboard is accurate;
(5) The electronic filer, through its authorized account administrator(s), must maintain accurate and current information on EDGAR concerning the electronic filer's account, including but not limited to accurate corporate information and contact information; and
(6) The electronic filer, through its authorized account administrator(s), must securely maintain information relevant to the ability to access the electronic filer's EDGAR account, including but not limited to access through any EDGAR Application Programming Interfaces.
Note 1 to §?232.10:
The Commission staff carefully review each Form ID, and electronic filers should expect that the Commission staff will require sufficient time to review the Form ID upon its submission. Therefore, any applicant seeking EDGAR access is encouraged to submit the Form ID for review well in advance of the first required filing to allow sufficient time for staff to review the application.
3. Amend §?232.11 by:
a. Adding definitions for "Account administrator", "Application Programming Interface", "Authorized individual", "Dashboard", and "Delegated entity" in alphabetical order;
b. Revising the definitions of "Direct transmission" and "EDGAR Filer Manual";
c. Removing the note following the definition of "EDGAR Filer Manual"; and
d. Adding definitions for "Filing agent", "Individual account credentials", Single-member company", "Technical administrator", and "User" in alphabetical order.
The additions and revisions read as follows:
§?232.11 Definitions of terms used in this part.
Account administrator. The term account administrator means an individual that the electronic filer authorizes to manage its EDGAR account and to make filings on EDGAR on the electronic filer's behalf.
Application Programming Interface. The term Application Programming Interface, or API, means a software interface that allows computers or applications to communicate with each other.
Authorized individual. The term authorized individual means an individual with the authority to legally bind an entity or individual for purposes of Form ID, or an individual with a power of attorney from an individual with the authority to legally bind an entity or individual for purposes of Form ID. The power of attorney document must clearly state that the individual receiving the power of attorney has either general legal authority to bind the entity or individual or specific legal authority to bind the entity or individual for purposes of Form ID.
Dashboard. The term dashboard means an interactive function on EDGAR where electronic filers manage their EDGAR accounts and individuals that electronic filers authorize may take relevant actions for electronic filers' accounts.
Delegated entity. The term delegated entity means an electronic filer that another electronic filer authorizes, on the dashboard, to file on EDGAR on its behalf. Delegated entities must themselves be electronic filers and must follow all rules applicable to electronic filers. Delegated entities are not permitted to further delegate authority to file for a delegating electronic filer, nor are they permitted to take action on the delegating electronic filer's dashboard.
Direct transmission. The term direct transmission means the transmission to EDGAR of one or more electronic submissions.
EDGAR Filer Manual. The term EDGAR Filer Manual means the manual that sets forth the requirements for access to EDGAR and the procedural requirements to make electronic submissions on EDGAR. See Rule 301 of Regulation S-T (§?232.301).
[top]
Filing agent. The term filing agent means any person or entity engaged in the business of making submissions on EDGAR on behalf of electronic filers. To act as a delegated entity for an electronic filer, a filing agent must be an electronic filer with an EDGAR account.
Individual account credentials. The term individual account credentials means credentials issued to individuals for purposes of EDGAR access, as specified in the EDGAR Filer Manual, and used by those individuals to access EDGAR.
Single-member company. The term single-member company means a company that has a single individual who acts as the sole equity holder, director, and officer (or, in the case of an entity without directors and officers, holds position(s) performing similar activities as a director and officer).
Technical administrator. The term technical administrator means an individual that the electronic filer authorizes on the dashboard to manage the technical aspects of the electronic filer's connection to EDGAR Application Programming Interfaces on the electronic filer's behalf.
User. The term user means an individual that the electronic filer authorizes on the dashboard to make submissions on EDGAR on the electronic filer's behalf.
4. Section 232.301 is revised to read as follows:
§?232.301 EDGAR Filer Manual.
Filers must prepare electronic filings in the manner prescribed by the EDGAR Filer Manual, promulgated by the Commission, which sets forth the technical formatting requirements for electronic submissions. The requirements for becoming an EDGAR Filer and updating company data are set forth in the EDGAR Filer Manual, Volume I: "General Information," Version 42 (issued September 27, 2024). The requirements for filing on EDGAR are set forth in the updated EDGAR Filer Manual, Volume II: "EDGAR Filing," Version 71 (September 2024). All of these provisions have been incorporated by reference into the Code of Federal Regulations, which action was approved by the Director of the Federal Register in accordance with 5 U.S.C. 552(a) and 1 CFR part 51. You must comply with these requirements in order for documents to be timely received and accepted. The EDGAR Filer Manual is available for inspection at the Commission and at the National Archives and Records Administration (NARA). The EDGAR Filer Manual is available for website viewing and printing in the Commission's Public Reference Room, 100 F Street NE, Washington, DC 20549, on official business days between the hours of 10 a.m. and 3 p.m. Operating conditions may limit access to the Commission's Public Reference Room. For information on the availability of the EDGAR Filer Manual at NARA, visit www.archives.gov/federal-register/cfr/ibr-locations.html or email fr.inspection@nara.gov. The EDGAR Filer Manual may also be obtained from https://www.sec.gov/edgar/filerinformation/current-edgar-filer-manual.
PART 239-FORMS PRESCRIBED UNDER THE SECURITIES ACT OF 1933
4. The authority citation for part 239 continues to read, in part, as follows:
Authority:
15 U.S.C. 77c, 77f, 77g, 77h, 77j, 77s, 77z-2, 77z-3, 77sss, 78c, 78 l, 78m, 78n, 78 o (d), 78 o -7 note, 78u-5, 78w(a), 78 ll, 78mm, 80a-2(a), 80a-3, 80a-8, 80a-9, 80a-10, 80a-13, 80a-24, 80a-26, 80a-29, 80a-30, 80a-37, and sec. 71003 and sec. 84001, Pub. L. 114-94, 129 Stat. 1321, unless otherwise noted.
Sections 239.63 and 239.64 are also issued under 15 U.S.C. 77f, 77g, 77h, 77j, 77s(a), 77sss(a), 78c(b), 78 l, 78m, 78n, 78 o (d), 78w(a), 80a-8, 80a-24, 80a-29, and 80a-37.
5. Section 239.63 is revised to read as follows:
§?239.63 Form ID, application for EDGAR access.
Form ID must be filed by electronic filers, or by their account administrators, to request EDGAR access and to authorize account administrators to manage the electronic filer's EDGAR account.
6. Form ID (referenced in §§?239.63, 249.446, 269.7, and 274.402) is revised to read as follows:
Note:
Form ID is attached as Appendix A at the end of this document. Form ID will not appear in the Code of Federal Regulations.
PART 249-FORMS, SECURITIES EXCHANGE ACT OF 1934
7. The general authority citation for part 249 continues to read as follows:
Authority:
15 U.S.C. 78a et seq. and 7201 et seq.; 12 U.S.C. 5461 et seq.; 18 U.S.C. 1350; Sec. 953(b) Pub. L. 111-203, 124 Stat. 1904; Sec. 102(a)(3) Pub. L. 112-106, 126 Stat. 309 (2012), Sec. 107 Pub. L. 112-106, 126 Stat. 313 (2012), Sec. 72001 Pub. L. 114-94, 129 Stat. 1312 (2015), and secs. 2 and 3 Pub. L. 116-222, 134 Stat. 1063 (2020), unless otherwise noted.
8. Section 249.446 is revised to read as follows:
§?249.446 Form ID, application for EDGAR access.
Form ID must be filed by electronic filers, or by their account administrators, to request EDGAR access and to authorize account administrators to manage the electronic filer's EDGAR account.
PART 269-FORMS PRESCRIBED UNDER THE TRUST INDENTURE ACT OF 1939
9. The authority citation for part 269 continues to read as follows:
Authority:
15 U.S.C. 77ddd(c), 77eee, 77ggg, 77hhh, 77iii, 77jjj, 77sss, and 78ll(d), unless otherwise noted.
10. Section 269.7 is revised to read as follows:
§?269.7 Form ID, application for EDGAR access.
Form ID must be filed by electronic filers, or by their account administrators, to request EDGAR access and to authorize account administrators to manage the electronic filer's EDGAR account.
PART 274-FORMS PRESCRIBED UNDER THE INVESTMENT COMPANY ACT OF 1940
11. The authority citation for part 274 continues to read as follows:
Authority:
15 U.S.C. 77f, 77g, 77h, 77j, 77s, 78c(b), 78l, 78m, 78n, 78n-1, 78o(d), 80a-8, 80a-24, 80a-26, 80a-29, and sec. 939A, Pub. L. 111-203, 124 Stat. 1376, unless otherwise noted.
12. Section 274.402 is revised to read as follows:
§?274.402 Form ID, application for EDGAR access.
Form ID must be filed by electronic filers, or by their account administrators, to request EDGAR access and to authorize account administrators to manage the electronic filer's EDGAR account.
By the Commission.
Dated: September 27, 2024
J. Matthew DeLesDernier,
Deputy Secretary.
Note:
The following appendix will not appear in the Code of Federal Regulations.
[top]
APPENDIX A-FORM ID
FORM ID
APPLICATION FOR EDGAR ACCESS
Persons who respond to the collection of information contained in this form are not required to respond unless the form displays a current valid OMB control number.
IMPORTANT INFORMATION
Complete Form ID by reference to:
• Rules 10 and 11 of Regulation S-T, 17 CFR 232.10 and 232.11;
• The requirements set forth in of Volume I of the EDGAR Filer Manual; and
• The Form ID General Instructions on this interface.
On Form ID, the applicant must authorize two (2) individuals as account administrators; except an applicant that is an individual or single-member company must authorize one (1) individual as account administrator.
• The first account administrator listed on Form ID will be considered the applicant's EDGAR point of contact ("EDGAR POC") should the Form ID application be granted.
• SEC staff will attempt to contact the EDGAR POC first but may contact other account administrators if the EDGAR POC is not available.
Information submitted on Form ID may become public.
• Do not enter personal contact information on Form ID that you do not wish to become public.
• Your Form ID application may be rejected if you submit unsolicited sensitive personally identifiable information on the form or in any attachments.
Misstatements or omissions of fact in connection with an application for EDGAR access and/or in a submission on EDGAR may constitute a criminal violation under 18 U.S.C. 1001 and 1030 and/or a violation of other criminal and civil laws. If the SEC has reason to believe that an application for EDGAR access and/or a submission on EDGAR is misleading, manipulative, and/or unauthorized, the SEC may prevent acceptance or dissemination of the application/submission and/or prevent future submissions or otherwise remove a filer's access to EDGAR pursuant to Rule 15 of Regulation S-T, 17 CFR 232.15.
If your Form ID application is granted, be aware that EDGAR filers must comply with the rules and regulations governing access to the EDGAR system set forth in Regulation S-T and the EDGAR Filer Manual, including but not limited to the following:
• Filers must only provide access to EDGAR to persons or entities authorized by the filer to take action on behalf of the filer.
• Immediately upon determining that a person or entity is no longer authorized to take action on the filer's behalf, filers must remove the EDGAR access of that person or entity.
• Filers must inform the SEC immediately upon receiving information of any unauthorized activity in the filer's EDGAR account. Filers should contact EDGAR Filer Support at (202) 551-8900.
Privacy Act Statement
AUTHORITIES: The information is sought pursuant to 15 U.S.C. 77a et seq., 15 U.S.C. 77aaa et seq., 78a et seq., 80a-1 et seq., and 17 CFR 232.10.
PURPOSE: The information solicited on this form will be used to determine whether to allow applicants to make filings on EDGAR, and, where access is granted, to establish and maintain the filer's EDGAR account
ROUTINE USES: Uses for the information collected can be found in the System of Records Notice SEC-33: General Information Technology Records. See https://www.sec.gov/about/privacy/sorn/sec-33_sec_general_information_technology_records.pdf.
DISCLOSURE: Providing this information is voluntary. Failure to provide the information requested on this form, however, may affect the determination whether to allow applicants to make filings on EDGAR.
PART 1-APPLICATION FOR EDGAR ACCESS
(To be completed by all applicants )
Is this application for a new EDGAR account or for access to an existing EDGAR account?
? New EDGAR account (new EDGAR account number, known as a Central Index Key (CIK), will be issued)
? Existing EDGAR account (applicant currently has an EDGAR account and Central Index Key (CIK))
Enter existing CIK account number
Indicate the reason the applicant is seeking access to an existing EDGAR account.
? Broker-dealer or "paper filer" seeks electronic access for the first time in order to file electronically on EDGAR
? Filer lost electronic access to its existing CIK account
? Applicant is the legal successor of the filer named on the existing CIK account but did not receive access from that filer
Applicant Information
Is the applicant a company or an individual?
Only apply as an individual if you seek an EDGAR account for yourself as a natural person. All others should apply as a company.
? Applicant is a company
Enter company's full legal name:
Conformed name ________ (the name that will appear on public EDGAR)
? Applicant is an individual
Enter individual's full legal name, including middle name:
First name
Middle name
? No middle name
Last name
Suffix
Conformed name
Applicant Type
Select one (1) most relevant applicant type.
Select "Filer" if none of the other applicant types listed below apply.
? Filer
? Filing Agent
The "filing agent" applicant type should be selected ONLY if the applicant is engaged in the business of making submissions to EDGAR on behalf of filers and does not intend to make live filings on its own behalf on EDGAR. A filing agent that wishes to make live filings on its own behalf should select the "filer" applicant type.
? Funding Portal
? Institutional Investment Manager (Form 13F Filer)
? Investment Company, Business Development Company or Insurance Company Separate Account
? Large Trader
? Municipal Advisor
? Nationally Recognized Statistical Rating Organization
? Non-Investment Company Applicant under the Investment Company Act of 1940
? Security-Based Swap Data Repository
? Security-Based Swap Dealer and Major Security-Based Swap Participant
? Security-Based Swap Execution Facility
? Transfer Agent
A "transfer agent" CIK may only be used for submitting transfer agent filings on EDGAR.
? Training Agent
A "training agent" CIK may only be used for submitting test filings on EDGAR. This applicant type is typically selected by a filing agent or third-party EDGAR software provider that needs a dedicated EDGAR CIK for testing their script or software configuration interface with EDGAR.
ONLY FOR NON-PUBLIC DRAFT REGISTRATION/OFFERING STATEMENTS (DRS/DOS)
If a company is applying for EDGAR access to submit non-public draft registration/offering statements on submission types DRS or DOS, select Yes.
? Yes
Selecting "Yes" will prevent the new CIK number and EDGAR account information from being made publicly available on SEC.gov until a public filing is made.
This option is only available for companies who plan to submit submission types DRS or DOS.
Applicant's Mailing Address and Preferred Contact Information
The applicant may list its own information, or information for its registered agent, law firm, or filing agent (collectively, "third-party service provider") in this section.
? Address is for a non-U.S. location (do not select if address is for U.S. territory)
Street address (line 1)
Street address (line 2) (optional)
City
State/U.S. Territory
[top] Zip/Postal code (optional for non-U.S. locations)
Province/Country
Telephone number (optional)
Violations of Federal or State Securities Laws
Has the applicant (company or individual) been criminally convicted as a result of a Federal or state securities law violation, or civilly or administratively enjoined, barred, suspended, or banned in any capacity ( e.g., officer or director bar, prohibition from associating with brokers, dealers, investment advisers, and/or other securities entities, or bar from participation in certain industries), as a result of a Federal or state securities law violation?
? Yes
? No
If you indicate "Yes," the SEC staff may contact you to determine your eligibility for EDGAR access.
PART 2-COMPANY APPLICANT INFORMATION
(To be completed only by applicants who are not natural persons)
Company Business Information
Company's Tax or Federal Identification Number ( do not enter Social Security Number )
Legal Entity Identifier (LEI), if any
Legal name
Doing business as name, if different from legal name
U.S. state of incorporation
If foreign issuer, country of incorporation
Foreign issuer name, if different than English name used in U.S. ____(enter only English characters)
Fiscal year end (mm/dd)
Company's primary website, if any
Is the company in good standing in its state or country of incorporation? Generally, this means a company is legally authorized to do business in that state or country and has filed all required reports and paid all related fees to the relevant jurisdiction.
? Yes
? No
Company's Primary Business Information
This must be the applicant company's primary business information, or that of the company's registered agent. Do not enter the address of the company's law firm or filing agent.
You must enter the actual physical address; P.O. boxes are not acceptable.
? Primary business information is the same as the mailing address and preferred contact information in Part 1. If this box is selected, the relevant information will be added below.
? Address is for a non-U.S. location (do not select if address is for U.S. territory)
Street address (line 1)
Street address (line 2) (optional)
City
State/U.S. Territory
Zip/Postal code (optional for non-U.S. locations)
Province/Country
Telephone number
Single-Member Company? You should select "Yes" if the company only has a single individual who acts as the sole equity holder, director, and officer (or, in the case of an entity without directors and officers, holds position(s) performing similar activities as a director and officer).
? Yes
? No
PART 3-PROSPECTIVE ACCOUNT ADMINISTRATOR INFORMATION
(To be completed by all applicants )
Account administrators are individuals authorized by the applicant to manage the applicant's EDGAR account on EDGAR should the Form ID application be granted.
Prospective Account Administrator 1
The first account administrator listed on Form ID will be considered the applicant's EDGAR point of contact ("EDGAR POC") if the Form ID application is granted.
SEC staff will attempt to contact the EDGAR POC first but may contact other account administrators if the EDGAR POC is not available.
Enter full legal name, including middle name
First name
Middle name
? No middle name
Last name
Suffix
Business title/position
Is Prospective Account Administrator 1 the applicant (for an individual applicant), or an employee of the applicant or its affiliate (for a company applicant)?
? Yes
? No
Provide the full legal name of the prospective account administrator's employer and the employer's CIK, if any. In addition, you must attach to your submission a notarized power of attorney authorizing the individual as an account administrator to manage the applicant's EDGAR account, as set forth more fully in Part 6 of this form.
Employer (full legal name)
CIK of employer (if any)
Business Address and Contact Information
? Contact information is the same as the mailing address and preferred contact information in Part 1. If this option is selected, the relevant information will be added below.
? Contact information is the same as the primary business information in Part 2. If this option is selected, the relevant information will be added below.
? New information added below
? Address is for a non-U.S. location (do not select if address is for U.S. territory)
Street address (line 1)
Street address (line 2) (optional)
City
State/U.S. Territory
Zip/Postal code (optional for non-U.S. locations)
Province/Country
Email
Telephone number
Violations of Federal or State Securities Laws
Has the individual being authorized as Prospective Account Administrator 1 been criminally convicted as a result of a Federal or state securities law violation, or civilly or administratively enjoined, barred, suspended, or banned in any capacity ( e.g., officer or director bar, prohibition from associating with brokers, dealers, investment advisers, and/or other securities entities, or bar from participation in certain industries), as a result of a Federal or state securities law violation?
? Yes
? No
If you indicate "Yes," the SEC staff may contact you to determine your eligibility for EDGAR access.
Prospective Account Administrator 2
Enter full legal name, including middle name
First name
Middle name
? No middle name
Last name
Suffix
Business title/position
Is Prospective Account Administrator 2 the applicant (for an individual applicant), or an employee of the applicant or its affiliate (for a company applicant)?
? Yes
? No
Provide the full legal name of the prospective account administrator's employer and the employer's CIK, if any. In addition, you must attach to your submission a notarized power of attorney authorizing the individual as an account administrator to manage the applicant's EDGAR account, as set forth more fully in Part 6 of this form.
Employer (full legal name)
CIK of employer (if any)
Business Address and Contact Information
? Contact information is the same as the mailing address and preferred contact information in Part 1. If this option is selected, the relevant information will be added below.
? Contact information is the same as the primary business information in Part 2. If this option is selected, the relevant information will be added below.
? New information added below
? Address is for a non-U.S. location (do not select if address is for U.S. territory)
Street address (line 1)
Street address (line 2) (optional)
City
State/U.S. Territory
Zip/Postal code (optional for non-U.S. locations)
Province/Country
Email
Telephone number
Violations of Federal or State Securities Laws
[top] Has the individual being authorized as Prospective Account Administrator 2 been criminally convicted as a result of a Federal
? Yes
? No
If you indicate "Yes," the SEC staff may contact you to determine your eligibility for EDGAR access.
PART 4-BILLING INFORMATION
(To be completed only by company applicants and filing agents)
Billing Contact for SEC Fee Account and Billing
Enter full legal name, including middle name
First name
Middle name
? No middle name
Last name
Suffix
Business title/position
Employer
Billing Business Address and Contact Information
? Contact information is the same as the mailing address and preferred contact information in Part 1. If this option is selected, the relevant information will be added below.
? Contact information is the same as the primary business information in Part 2. If this option is selected, the relevant information will be added below.
? New information added below
? Address is for a non-U.S. location (do not select if address is for U.S. territory)
Street address (line 1)
Street address (line 2) (optional)
City
State/U.S. Territory
Zip/Postal code (optional for non-U.S. locations)
Province/Country
Email
Telephone number
Violations of Federal or State Securities Laws
Has the billing contact been criminally convicted as a result of a Federal or state securities law violation, or civilly or administratively enjoined, barred, suspended, or banned in any capacity ( e.g., officer or director bar, prohibition from associating with brokers, dealers, investment advisers, and/or other securities entities, or bar from participation in certain industries), as a result of a Federal or state securities law violation?
? Yes
? No
If you indicate "Yes," the SEC staff may contact you to determine your eligibility for EDGAR access.
PART 5-SIGNATURE
(To be completed by all applicants )
An authorized individual of the applicant must sign Form ID.
Refer to the EDGAR Filer Manual, Volume I for the definition of authorized individual and additional relevant information.
By signing Form ID, the authorized individual authorizes the prospective account administrator(s) listed on Form ID to manage the filer's EDGAR account on EDGAR on the filer's behalf.
Enter full legal name, including middle name
First name
Middle name
? No middle name
Last name
Suffix
Business title/position
Employer
Business Address and Contact Information
? Contact information is the same as the mailing address and preferred contact information in Part 1. If this option is selected, the relevant information will be added below.
? Contact information is the same as the primary business information in Part 2. If this option is selected, the relevant information will be added below.
? New information added below
? Address is for a non-U.S. location (do not select if address is for U.S. territory)
Street address (line 1)
Street address (line 2) (optional)
City
State/U.S. Territory
Zip/Postal code (optional for non-U.S. locations)
Province/Country
Email
Telephone number
Violations of Federal or State Securities Laws
Has the authorized individual signing this application been criminally convicted as a result of a Federal or state securities law violation, or civilly or administratively enjoined, barred, suspended, or banned in any capacity ( e.g., officer or director bar, prohibition from associating with brokers, dealers, investment advisers, and/or other securities entities, or bar from participation in certain industries), as a result of a Federal or state securities law violation?
? Yes
? No
If you indicate "Yes," the SEC staff may contact you to determine your eligibility for EDGAR access.
Authorized individual signature
[Notary seal]
Date
Is Form ID being signed pursuant to a Power of Attorney?
? Yes
? No
Person signing Power of Attorney, if application is made pursuant to a Power of Attorney. Refer to the EDGAR Filer Manual, Volume I for more information.
Enter full legal name, including middle name
First name
Middle name
? No middle name
Last name
Suffix
Business title/position
Employer
Person signing Power of Attorney business address and contact information.
? Contact information is the same as the mailing address and preferred contact information in Part 1. If this option is selected, the relevant information will be added below.
? Contact information is the same as the primary business information in Part 2. If this option is selected, the relevant information will be added below.
? New information added below
? Address is for a non-U.S. location (do not select if address is for U.S. territory)
Street address (line 1)
Street address (line 2) (optional)
City
State/U.S. Territory
Zip/Postal code (optional for non-U.S. locations)
Province/Country
Email
Telephone number
Violations of Federal or State Securities Laws
Has the person who signed the Power of Attorney been criminally convicted as a result of a Federal or state securities law violation, or civilly or administratively enjoined, barred, suspended, or banned in any capacity ( e.g., officer or director bar, prohibition from associating with brokers, dealers, investment advisers, and/or other securities entities, or bar from participation in certain industries), as a result of a Federal or state securities law violation?
? Yes
? No
If you indicate "Yes," the SEC staff may contact you to determine your eligibility for EDGAR access.
PART 6-DOCUMENTS
(To be completed by all applicants )
All filers must upload a notarized Form ID authentication document to EDGAR as a PDF attachment submitted with your Form ID.
See the EDGAR Filer Manual, Volume I, for more information about the notarized authentication document.
Other documents to be uploaded in certain circumstances:
• Prospective account administrator(s) not employed by the applicant, including filing agents and other third parties acting on behalf of the applicant:
? Must upload to EDGAR a notarized Power of Attorney clearly indicating that an authorized individual of the applicant, as defined in the EDGAR Filer Manual, Volume I, gives the individual(s) named as a prospective account administrator(s) the authority to act as the applicant's account administrator(s) and manage the applicant's EDGAR account.
[top] • Applicants for access to an existing CIK account:
? Must upload to EDGAR documents that clearly establish the applicant's authority over the company or individual whose name currently is listed in EDGAR on the existing CIK account.
GENERAL INSTRUCTIONS
All companies and individuals seeking access to file on EDGAR must refer to Rules 10 and 11 of Regulation S-T, Volume I of the EDGAR Filer Manual, and these instructions.
All applicants must:
(1) Complete and submit Form ID in electronic format on the EDGAR Filer Management website; and
(2) Create a copy of the completed, electronically submitted Form ID; have an authorized individual of the filer sign it in the "Form ID: Notarized Authentication" part in the presence of an official notary public; and upload that authenticating document to the EDGAR Filer Management website.
Before beginning: Form ID must be completed and submitted by an individual authorized by the applicant to do so.
• An account administrator is a person authorized by the filer to manage the filer's EDGAR account on EDGAR on behalf of the filer.
• Each applicant must identify one or more prospective account administrator(s) that the applicant authorizes on Form ID. If the Form ID application is granted, the prospective account administrator(s) listed on Form ID will become the initial account administrators of the applicant.
• Account administrators must create individual account credentials in the manner specified in the EDGAR Filer Manual. When entering email addresses for individuals on Form ID, note that email addresses may be visible to other persons with access to the EDGAR Filer Management dashboard. Accordingly, individuals should enter email addresses that they intend to use for EDGAR and other business purposes, which may be different from the email address that they use for personal purposes. Email addresses that individuals provide to Login.gov for individual account credentials should match the email addresses they provide on Form ID.
The "EDGAR Filer Manual Volume I: General Information" contains additional requirements regarding how to file electronically, including how to obtain individual account credentials, authorize account administrators, and use the CIK and CCC.
Note that information submitted on Form ID may become public. Do not include personally identifiable information, such as personal addresses and contact information that the applicant does not wish to become public.
Misstatements or omissions of fact in connection with an application for EDGAR access and/or in a submission on EDGAR may constitute a criminal violation under 18 U.S.C. 1001 and 1030 and/or a violation of other criminal and civil laws. If the SEC has reason to believe that an application for EDGAR access and/or a submission on EDGAR is misleading, manipulative, and/or unauthorized, the SEC may prevent acceptance or dissemination of the application/submission and/or prevent future submissions or otherwise remove a filer's access to EDGAR pursuant to Rule 15 of Regulation S-T, 17 CFR 232.15.
Complete all items that are relevant to the application. If an item does not apply to the application, leave that item blank.
For assistance with procedural and technical questions about electronic filing or substantive questions, see the "EDGAR Filer Manual Volume II: Section 2.3.4 (Getting Help with EDGAR).
PART 1-APPLICATION FOR EDGAR ACCESS
(To be completed by all applicants )
Indicate whether EDGAR access is being requested for a new CIK account or an existing CIK account. If access is being requested for an existing CIK account, indicate the basis for the request-whether the applicant is a broker-dealer or "paper filer" who wants to start filing electronically on EDGAR, lost electronic access to their CIK account, or is the legal successor of the filer named on the existing CIK account but did not receive access from that filer. A filer that has lost electronic access because it failed to satisfy annual confirmation requirements or because its account administrators are no longer available should select the "lost electronic access" option.
If the applicant is applying for access to an existing CIK account, some of the filer's currently publicly available corporate and contact information will be prepopulated into Form ID. That information can be updated on Form ID, but doing so will not update the filer's information in EDGAR (other than the filer's account administrator information). Changes to the filer's corporate and contact information must be made in EDGAR after the applicant's Form ID application is granted. However, filers who are broker-dealers that obtained an EDGAR account by submitting a Form BD to FINRA would need to update their information with FINRA directly. Broker-dealers that have made a full withdrawal of their registration, by submitting a Form BDW that has been accepted, should apply for a new EDGAR account instead of applying for access to the existing EDGAR account associated with the withdrawn registration.
Applicants should identify themselves as individuals or companies.
Provide the applicant's full legal name in English. Note that the applicant's name will be automatically conformed following submission to meet EDGAR standards. Specifically:
1. Leading and trailing blank spaces will be removed. Any embedded sequences of two or more spaces will be replaced with a single space.
2. For companies, the following words will be removed if they are the first word of the name:
A
An
The
3. For companies, the following text substitutions will be applied to all words except the first:
| Original text | Conformed text |
|---|---|
| Company | Co. |
| Corporation | Corp. |
| Incorporated | Inc. |
| Incorporation | Inc. |
| And | & |
4. For companies, the following substitution will be applied if the word is neither the first in the name, nor is immediately followed by the word "Partnership":
| Original text | Conformed text |
|---|---|
| Limited | Ltd. |
5. For individuals, the name components ("Last," "First," "Middle," and "Suffix") will be combined left-to-right (separated by spaces) into a single field and truncated at 150 characters.
6. For individuals with a suffix, the following text substitutions will be applied:
| Original text | Conformed text |
|---|---|
| Junior | JR. |
| Senior | SR. |
Select one (1) applicant type to indicate whether the applicant will send electronic submissions as one of the listed filer types.
Indicate whether the filer is applying for EDGAR access to submit non-public draft registration or offering statements on submission type DRS or DOS. If so, the applicant's new CIK number and EDGAR contact information will not be listed on the public EDGAR company database until the applicant makes a public filing.
Provide the preferred mailing address and contact information for the applicant. A company applicant should provide information for the department, unit, or group most directly responsible for the filer's EDGAR submissions. This may be the applicant's registered agent, law firm, or filing agent. In that case, identify them in the mailing address and contact information, but do not include any specific individuals by name or any personally identifiable information that you do not want to make publicly available because the mailing address and contact information will generally be publicly available.
Indicate whether the applicant has been criminally convicted as a result of a Federal or state securities law violation, or civilly or administratively enjoined, barred, suspended, or banned in any capacity ( e.g., officer or director bar, prohibition from associating with brokers, dealers, investment advisers, and/or other securities entities, or bar from participation in certain industries), as a result of a Federal or state securities law violation.
PART 2-COMPANY INFORMATION
(To be completed only by applicants who are not natural persons )
[top] Provide the applicant's tax or Federal identification number, the number issued by the Internal Revenue Service. (This does not
Provide the applicant's legal entity identifier (LEI), if any.
Indicate whether applicant is in good standing in its state or country of incorporation. Generally, this means a company is legally authorized to do business in that state or country and has filed all required reports and paid all related fees to the relevant jurisdiction.
Provide the filer's state of incorporation and fiscal year end. Select "none" for state of incorporation and "N/A" for fiscal year end if the filer has not incorporated. Foreign filers should also include their country of organization. If the filer's fiscal year does not end on the same date each year ( e.g., falls on last Saturday in December), the filer must enter the date the current fiscal year will end.
Provide the company's primary website, if any.
Provide the applicant company's primary business information or that of the company's registered agent. Do not enter the address of the company's law firm or filing agent.
Indicate whether the filer is a single-member company. This refers to a company that only has a single individual who acts as the sole equity holder, director, and officer (or, in the case of an entity without directors and officers, holds position(s) performing similar activities as a director and officer).
PART 3-PROSPECTIVE ACCOUNT ADMINISTRATOR INFORMATION
(To be completed by all applicants)
Identify the individuals being authorized as prospective account administrator(s) who will manage the filer's EDGAR account on the filer's behalf, should the Form ID application be granted, including the account administrator(s) business title(s)/position(s), address(es), and contact information. Individual filers and single-member companies must authorize at least one prospective account administrator. All other filers must authorize two prospective account administrators on Form ID. Additional account administrators may be added through the Filer Management dashboard, should the Form ID application be granted.
For each individual being authorized as a prospective account administrator, indicate whether the individual has been criminally convicted as a result of a Federal or state securities law violation, or civilly or administratively enjoined, barred, suspended, or banned in any capacity ( e.g., officer or director bar, prohibition from associating with brokers, dealers, investment advisers, and/or other securities entities, or bar from participation in certain industries), as a result of a Federal or state securities law violation.
If an individual being authorized as a prospective account administrator is not the applicant (in the case of an individual applicant), or an employee of the applicant or its affiliate (in the case of a company applicant), disclose that fact and provide the name and CIK (if any) of the prospective account administrator's employer. In addition, a notarized power of attorney authorizing the prospective account administrator must be attached in Part 6.
For more information on account administrators, see Rules 10 and 11 of Regulation S-T and Volume I of the EDGAR Filer Manual.
PART 4-BILLING INFORMATION
(To be completed only by company applicants and filing agents)
Billing information is used if questions arise related to account and billing matters, such as:
1. Accounts activity statements
2. Account receivable letters
3. Refund questions
Identify the individual who should receive account information and/or billing invoices from the SEC and include their email address. Ensure the accuracy of the email address and maintain an accurate, active email address in the EDGAR Filing website. EDGAR will send communications to the email address if there are questions pertaining to the account and billing information, and failure to maintain an accurate, active email address could result in failure to receive EDGAR account statements.
Indicate whether the billing contact has been criminally convicted as a result of a Federal or state securities law violation, or civilly or administratively enjoined, barred, suspended, or banned in any capacity ( e.g., officer or director bar, prohibition from associating with brokers, dealers, investment advisers, and/or other securities entities, or bar from participation in certain industries), as a result of a Federal or state securities law violation.
PART 5-SIGNATURE
(To be completed by all applicants)
If the applicant is not a natural person, indicate the capacity in which the authorized individual signs the Form ID on behalf of the applicant (business title/position). The authorized individual must be an individual with the authority to legally bind the applicant, or an individual with a power of attorney from an individual with the authority to legally bind the applicant for purposes of Form ID.
If the applicant is an individual, the applicant must sign the Form ID and should list their business title/position as "applicant," unless the applicant executes a notarized power of attorney authorizing a third-party individual to sign the Form ID on the applicant's behalf.
Indicate whether the authorized individual signing the Form ID has been criminally convicted as a result of a Federal or state securities law violation, or civilly or administratively enjoined, barred, suspended, or banned in any capacity ( e.g., officer or director bar, prohibition from associating with brokers, dealers, investment advisers, and/or other securities entities, or bar from participation in certain industries), as a result of a Federal or state securities law violation.
Indicate whether Form ID is being signed pursuant to a power of attorney.
If another person signs on behalf of the applicant, confirm in writing the authority of that person to sign by attaching a notarized power of attorney to the Form ID. For more information on the documentation needed to confirm the authority of a person signing the Form ID on behalf of the applicant, see Volume I of the EDGAR Filer Manual.
• If relevant, provide the name, address, and contact information for the person signing the power of attorney. Indicate whether the person signing the power of attorney has been criminally convicted as a result of a Federal or state securities law violation, or civilly or administratively enjoined, barred, suspended, or banned in any capacity ( e.g., officer or director bar, prohibition from associating with brokers, dealers, investment advisers, and/or other securities entities, or bar from participation in certain industries), as a result of a Federal or state securities law violation.
• For Form IDs signed in connection with a power of attorney document, the person signing the power of attorney should indicate in the business title/position field: "By POA from [(a) name of the authorized individual signing the power of attorney (if opening an account for a natural person); or (b) name and business title/position of the authorized individual signing the power of attorney (if opening an account for a company)]." For example, a filing agent signing Form ID pursuant to a power of attorney from Roger Smith, the Chief Executive Officer of the applicant, could provide in the business title/position field: "By POA from Roger Smith, CEO."
The applicant must upload a notarized copy of Form ID and any other required attachments to the electronic Form ID filing. The Form ID authenticating document must be attached to the electronic Form ID filing in PDF format. PDF attachments cannot: (i) be blank; (ii) be image-only; or (iii) contain active contents (Actions, embedded JavaScript, etc.), external references (Destinations, Hyperlinks, etc.), passwords, or document security controls.
PART 6-DOCUMENTS
(To be completed by all applicants)
Attach the mandatory notarized authenticating document in PDF format (Form ID authenticating document). The mandatory Form ID authenticating document must include the following information:
• Signature of Authorized Individual
• Printed Name of Signature
• Title of Person Signing
• Notary Signature and Seal
[top] Other documents to be provided with the Form ID must be attached in this part as well, including power of attorney documents. If an account administrator is not an employee of
[FR Doc. 2024-30494 Filed 12-19-24; 4:15 pm]
BILLING CODE 8011-01-P