One of the stranger things during the height of the pandemic was ordering take-out and when I went to pick it up, they asked me to sign the receipt. With a pen that many others had touched. Why? Why! What do they do with all those receipts anyway?
Don't they know that over time, my signature has been worn down to merely a squiggly line. Let's call it a tilde. This thing > ~. I'm sure I'm not alone using the bare minimum as a signature.
But this blog isn't about the pointless role that signatures play in today's society. It's more upbeat. The SEC's much-welcomed move to finally allow electronic signatures in filings made with the agency. It's crazy to even write that down. That it took this long for this to occur.
The SEC amended Rule 302 of Regulation S-T a year and a half ago so that electronic signatures "authenticating" typewritten signatures can be included as part of a company's SEC filings. At the same time, the SEC amended its Edgar Filer Manual to provide the all-important process requirements that dictate how companies can accomplish this – Section 5.1.2 of Volume II of the Filer Manual includes these four requirements:
1. Require presentation of a physical, logical or digital credential that authenticates the signer's identity;
2. Reasonably provide for non-repudiation of the signature;
3. Provide that the signature be attached, affixed or otherwise logically associated with the signature page or document being signed; and
4. Include a timestamp to record the date and time of the signature.
I know what you're thinking, "Please Broc, don't tell me I have to crack the Edgar Filer Manual. Wait. What, there's two volumes?"
Understanding this development has been tricky for many of us because we're not familiar with some of the new terms mentioned in the Edgar Filer Manual that are borrowed from data security and privacy laws, including:
- Non-repudiation (insider can't deny that the signature isn't theirs)
- Credentials (association between an email address and your individual identity)
- Authentication (to authenticate)
The SEC's explanation of these terms is in Section 5.1.2 of Volume II of the Filer Manual as follows:
For purposes of this authentication document, the term electronic signature means an electronic sound, symbol, or process, attached to or logically associated with a record and executed or adopted by a person with the intent to sign the record. The term credential means an object or data structure exclusively possessed and controlled by an individual to assert identity and provide for authentication. The term non-repudiation means assurance that an individual cannot falsely deny having performed a particular action.
In addition, Rule 302(b)(2) of Regulation S-T requires that, before a signatory may electronically sign an authentication document, the signatory must manually sign an initial electronic signature authentication document attesting that, when using electronic signatures for purposes of a Rule 302(b) authentication document, the signatory agrees that the use of an electronic signature constitutes the legal equivalent of such signatory's manual signature for purposes of authenticating the signature to any filing for which it is provided.
You must retain this document for as long as the signatory may make use of an electronic signature when signing an authentication document and for a minimum period of seven years after the date of the most recent electronically signed authentication document. You must furnish a copy of this manually signed document upon request to the Commission or its staff.
As you might be able to glean now, the SEC's long-awaited change winds up being more complicated than it would seem at first blush. This blog builds on the excellent client memo that our firm put out back then - with a flow chart and a bunch of FAQs - shortly after the SEC changed its rules. But here in this blog over the next month or so, we're going to dig a little differently into four specific issues that folks may face when considering whether to make the move to e-signatures:
1. Should we stick with the manual signature process we already have?
2. What should be in the form of attestation that we ask our insiders to manually sign?
3. Should outside directors follow a different process than our senior managers?
4. What should our disclosure controls consist of for an e-signature process?
A casual sidebar to end this train of thought. Bear in mind that obtaining a signature isn't necessarily the same thing as approval to make a filing with the SEC. Don't conflate signatures with the actual authorization to file.
What do I mean by this? You may well have a process that the CEO won't approve a filing with the SEC unless the CFO signs off on the document first. But that shouldn't stop you from collecting the CEO's signature before the CFO, with the understanding that the filing won't be made with the SEC until the CFO's signature is also collected…