Technology’s Expanding Role in SEC Compliance

By David T. Copenhafer

E-mail Story Print Story

This technical progression started with the SEC’s electronic data gathering, analysis, and retrieval (EDGAR) system, which moved most compliance from the traditional world of paper, typewriters, photocopiers, and hand delivery into a new, unfamiliar electronic environment. Personal computers, application software, document formats, and electronic communication were all unwelcome intruders into a world that had been stable, manageable, and generally successful for decades. Despite initial shocks and difficulties, the electronic document preparation and filing processes are now comfortable and familiar to many.

Advanced Electronic Filing

Although the addition of hypertext markup language (HTML) in 1999 added another layer of complexity to the U.S. filing and disclosure processes, most issuers took the change in stride. In fact, non-U.S. issuers have shown themselves to be the most aggressive HTML filers: 76% of non-U.S. issuers filed Form 20-F in HTML during 2004, while only 58% of their U.S. counterparts filed their annual reports on Form 10-K in HTML. Foreign issuers have also been leaders in pushing the stylistic limits of HTML in their SEC filings.

While some might wish that electronic filing and document presentation issues were the extent of the technical intrusions into the compliance process, things have not stopped there. Recent accounting and auditing failures have led to a series of regulatory changes that have, in turn, produced a flurry of technology-related initiatives:

• XML (Extensible Markup Language) for Section 16 ownership reports;
• Automated filing solutions from a number of vendors for accelerated 8-K filing;
• Automated filing solutions for international issuers filing Form 6-K;
• Issuer applications to meet Sarbanes-Oxley Act (SOA) section 404 requirements; and
• An XBRL (Extensible Business Reporting Language) pilot project at the SEC.

Some technical changes are simply byproducts of nontechnical changes in the statutes or in the SEC’s disclosure rules. Accelerated filing deadlines, for example, have led many issuers to look to technology for ways to speed up the reporting and disclosure process. Self-service applications for smaller 6-Ks and 8-Ks also fall into this category. But the technology involved in meeting the requirements of SOA section 404 or participating in the XBRL pilot both represent more significant investments.

Companies are finding that an internal controls program that satisfies SOA section 404 and ensures that the issuer receives the needed auditor attestation will touch almost every aspect of a company’s information processing. While the fundamental objectives of section 404 are to ensure that a company’s financial statements are created within a secure, controlled, well-defined, auditable environment, the typical section 404 program must be supported by an extensive set of automated project management applications, report generators, and information-processing audit trails.

The price tag attached to the technical and staff resources needed to ensure successful compliance in this area is only now being recognized, but by most accounts, it is substantial. An SEC public roundtable in mid-April reviewed the cost-benefit implications of section 404 compliance. Issuers are not the only ones relying upon technology to solve compliance problems. The U.S. Congress and the SEC both appear to believe that the time has come to examine how technology might make disclosure data (financial as well as narrative) easier for computers to handle.

Beyond XBRL

XBRL offers recipients and users of disclosure documents “tagged” information that computerized applications can use to locate, extract, manipulate, and summarize in manifold ways. If XBRL meets expectations, it will ultimately become part of every company’s general ledger as a set of tags or markers associated with each accounting entry. Compliance reports filed in XBRL will present the company’s finances, as well as narrative discussions, in a format that could make automated analysis simple for anyone with an analytical software application that understands the XBRL tags.

The SEC is hoping XBRL will help it meet the mandate of SOA section 408, which obligates it to review every listed issuer no less than once every three years. XBRL may even form the basis for the “real-time” disclosure of corporate financial data. But XBRL is a still long way from large-scale implementation. The specifications and technical tools needed to create and effectively use XBRL are only now being refined to the point where they can be considered usable. The SEC’s pilot program is important, however, because it will give everyone involved—issuers, regulators, analysts, investors, as well as software developers—a chance to see if XBRL deserves to be the next big technical leap forward.