SEC Announces Big Changes to EDGAR Access
October 05, 2021
The SEC has proposed a significant revamp of the process by which EDGAR is accessed for filers and filing agents. If you file Section 16 forms on behalf of company insiders, this is something you are going to want to keep an eye on.
Why Change? Fake EDGAR Filings Are a Thing
The SEC is proposing this change to try to mitigate the problem of fake EDGAR filings. Back in 2015, I blogged about several false filings and TheCorporateCounsel.net has chronicled the ongoing saga. These filings can harm investors and the SEC has determined that action to prevent them is now warranted.
Background: The Current Process
Currently, EDGAR filers submit a notarized Form ID to gain access to EDGAR. After the filer’s Form ID is accepted, the SEC issues the filer a CIK and passphrase. The filer then uses the CIK and passphrase to generate the rest of the EDGAR codes necessary to submit filings and maintain their EDGAR account. These are the CCC number, password, and password modification authorization code (PMAC).
Anyone that knows a filer’s CIK and CCC numbers can submit filings on behalf of the insider. Thus, currently, CCC numbers should be very carefully guarded (CIK numbers are public).
If you are responsible for submitting filings on behalf of the insiders at your company, you can currently use either of the following approaches to do so:
- Apply for your own access to EDGAR and submit filings through your own account using insiders’ CIK and CCC numbers. (This is the approach I recommend.)
- Log in using insiders’ credentials and submit their filings through their accounts.
Proposed Change #1: Designated Filer Administrators and Users
The first proposed change is that each filer (i.e., insider, for our purposes) will be required to designate a filer administrator who will be able to manage their EDGAR account and submit filings on their behalf. Presumably insiders can act as their own filer administrators if they want (who am I kidding—no one wants that).
Filer administrators can then designate users who can also submit filings on behalf of the insider, but that don’t have the ability to manage the insider’s account.
As a result of this proposed change, only designated individuals/entities will be able to submit filings on behalf of an insider. It will no longer be possible for just anyone who has managed to come across an insider’s CIK and CCC number to submit filings on their behalf.
Personally, I think this is a helpful additional security measure. It means that you no longer need to change all of your insiders’ CCC numbers whenever someone on your staff who had access to those numbers leaves. Or, if you weren’t changing their CCC numbers, it means you are no longer relying on the discretion of those former employees to ensure the integrity of your insiders’ EDGAR filings and accounts.
Proposed Change #2: Multifactor Authentication
The second proposed change is that the SEC would require multifactor identification to log into the EDGAR website. In addition to entering a user ID and password to log in, the user would have to select an additional authentication method, such as a one-time code sent to the user’s phone or an authentication app.
The SEC has proposed several possible authentication methods and I’m not familiar with all of them, but I think the upshot here is that it’s going to get harder, maybe even impossible, for you to log into EDGAR using any account other than your own. Which means that approach #2 above, where you log into your insiders’ EDGAR accounts to submit filings on their behalf, may no longer be an alternative. You may have to have your own EDGAR account.
Form ID Still Required
Filers and filer administrators would still be required to submit a notarized Form ID to the SEC. They would also be required to create an account with the third-party service that manages the multifactor identification for the SEC. Filers would be able to designate their filer administrator(s) on their Form ID.
Users would not need to submit Form ID but would still need to create an account with the third-party service that manages the multifactor identification.
The SEC is launching a beta program on October 12. If you participate in the beta and would be open to sharing your feedback with me, I am interested in hearing it. I am considering submitting a comment letter on the program to the SEC; your feedback would help me determine what to comment on.
Don’t Panic: Comment Period and Transition
No need to panic: nothing is happening right away. The comment period will be open until at least December 1. If the SEC goes forward with the proposal, they expect to transition filers over a six-month period beginning in the spring of 2022.
You probably have a lot of questions. I have a ton of questions. I’m sure I will have more blogs on this topic as I learn more. And I will for sure write more blogs if the proposal moves forward.