A Close Look at the SEC’s Automation of Form ID

By David T. Copenhafer

E-mail Story Print Story

The catalyst for the move away from paper applications to an electronic system can be found in section 403 of the Sarbanes-Oxley Act, which requires electronic filing of all section 16 ownership reports (Forms 3, 4, and 5). Section 16, like Form ID, had escaped the electronic filing requirement since EDGAR’s beginnings, but for somewhat different reasons. Because most section 16 reports are filed by individuals, the SEC was especially reluctant to impose an electronic filing burden on a large number of system users who may lack the requisite computer skills or access to filing assistance.

Nevertheless, electronic filing of section 16 forms became law on June 30, 2003, and with that change came approximately 100,000 new EDGAR filers, all of whom needed EDGAR access codes. The crush of activity as June 30 approached almost overwhelmed the SEC staff assigned to enter data, generate EDGAR codes, and return codes to applicants.

In addition, officers and directors turn over at a surprisingly steady pace, and each new officer needs new EDGAR codes. The SEC recognized the time for something different had arrived.

The Latest Change: Electronic Form ID

Moving the Form ID from a paper process to an electronic one is not something that the SEC could treat lightly. EDGAR access codes are the key to ensuring the integrity of the entire electronic disclosure system. Investors must have total faith that every filing submitted into the EDGAR system and posted to the many websites devoted to making these filings accessible to a worldwide investor community comes from the issuer whose name is on the cover of the document. Spoofing EDGAR with a phony merger filing, for example, would create major havoc.

The electronic Form ID process initiated by the SEC shows signs of the strain to balance powerful but competing objectives, with the net result being that applicants are not really relieved from the burdens of paper. In fact, for the Form ID applicant, the paper chase is more complex and costly under the new system than it was under the old system.

In the new process, the applicant does all the data entry, thereby saving the SEC resources. But for the applicant to validate its electronic Form ID, as well as to give the SEC the assurances it needs to allow an applicant to get new codes or modify or update existing codes, the work done electronically must be followed up with notarized authenticating documentation faxed to the SEC.

Putting aside the snickers that have accompanied many discussions of sending a notarized document via fax, one quickly realizes that in some respects the Form ID paper shuffle at the SEC just became much tougher. In the past, SEC staff could work through a stack of paper applications in some sort of FIFO order without worrying about organizing the stack. Work could be spread quickly among the data-entry staff without regard to document order.

Now, however, two very separate workflows must physically come together at a single point. Generally, the electronic component of the application will arrive first. Applicants have two days to supply the notarized authenticating documents, but they could also have sent their authentication material to the SEC as much as two days prior to completing the electronic piece. Because SEC staff must match the notarized, authenticating paper documents with the electronic application, one can readily see the time-consuming difficulties that might attend the process.

The SEC appears to be streamlining its internal procedures, however. Electronic applications that had been taking a week to process are now routinely being returned two days following the submission of the electronic component of the application. Much of this improvement is apparently the result of adding more staff to the effort.

Anyone applying for EDGAR access codes today will also find that the new online system is fairly intuitive. Disregarding the fax requirement, accessing and navigating the new web interface is not difficult or time-consuming. Filers should keep two things in mind, however:

• The new system requires everyone to create a master EDGAR code, called a passphrase. This passphrase should be written down immediately because it never appears in plain text anywhere on screen or in a printout and is not recoverable by the SEC. (The SEC’s final Form ID rules are incorrect on this point: Footnote 28 instructs users to redact their passphrases if they elect to fax the SEC a signed printout of the electronic application, but there is, in fact, nothing to redact.)
• The new system includes capabilities that go beyond requesting codes for a new registrant. Self-administration features allow filers to recover from the loss, expiration, or compromise of any EDGAR access code.

Even if a filer loses or forgets the new passphrase, a shortened electronic application can be prepared that, combined with proper authenticating documents, will get the filer back into the system.

A Better Way?

Both the SEC and the user community seem anxious for a solution. One way to eliminate the notarized authentication documentation while assuring the SEC that it is dealing with a trusted partner at another computer is to use what are known as “certificates of authority.” Certificates of authority are nothing new, but moving in this direction would first require the SEC to radically shift its service model. The SEC’s current model is aimed at serving individual section 16 filers who receive no assistance from either the issuer they are associated with or their personal law firm or broker-dealer. Although reliable statistics do not exist, most observers conclude that the great majority of applicants are not individuals doing everything themselves. The great majority of those who need EDGAR access codes are dealing with institutions (law firms, accounting firms, or financial printers), for which having and maintaining a certificate of authority for SEC Form ID purposes would not be a burden.

Granted, the handful of individual insiders who would like to handle the process themselves may need to seek the assistance of a specialized service provider, but most of them will conclude that this is a small price to pay for vastly improved service.

If the SEC elects to use certificates, it should be understood that no system for granting and managing all aspects of EDGAR access codes can be completely hands-free. For example, company or mutual fund names may still require SEC staff involvement. Although much of the work of avoiding duplicates or ensuring that a new name meets the SEC’s naming standards and conventions (or possibly is even spelled correctly) can be done with software, getting it 100% correct will probably require human eyes.

Users will also have to consider whether to participate in a system based on certificates of authority. Liability issues alone should occasion a deep examination. Inadvertently destroying or changing the wrong issuer’s EDGAR codes would not be met kindly by the affected issuer. Therefore, while technology seems to hold great promise in this seemingly simple arena, everyone involved will need to advance the cause with great caution.