SEC Modernizes Filing Process by Permitting Electronic Signatures
On November 17, the SEC adopted changes to Rule 302 of Regulation S-T to permit the use of electronic signatures for filings made through EDGAR, provided certain conditions are met. The new rules were adopted following a formal rule-making petition, supported by almost 100 public companies, which cited recent advancements to electronic signature software technology and the difficulties presented by the COVID-19 pandemic.
We expect the new rules to significantly ease administrative hurdles in the signature process for filings. Previously, companies were required to collect and retain a manually signed (i.e., "wet ink") signature page or other document (which the SEC refers to as an "authentication document") that adopted the signature appearing in typed form within the electronic filing. The rule amendments permit these authentication documents to also be executed with electronic signatures, provided that the signatory has previously signed (in wet ink) a document attesting to their agreement to the use of electronic signatures and the e-signature process meets four requirements. There are company retention requirements for both the attestation and the authentication document. Below we provide a diagram of the signature process, as well as answers to common questions companies may have. In addition, we have prepared a suggested form for the attestation.
Common Questions Companies May Have in Moving to Electronic Signatures for SEC Filings
When can we start using electronic signatures?
While the new rules will be effective once published in the Federal Register, the staff provided guidance on November 20, 2020, that it would not recommend enforcement action if a company complies with the new rules in advance of the effective date. Accordingly, a company may begin using electronic signatures in compliance with the new rules as soon as it collects the required attestation from the relevant signatory (which we discuss in more detail below).
What forms can we have signed with electronic signatures?
Companies can utilize electronic signatures for:
- Registration statements under the Securities Act of 1933, as amended (e.g., Forms S-1, S-3, S-4, S-8, F-1, F-3, and F-4).
- Reports and other documents filed pursuant to the Securities Exchange Act of 1934, as amended, for example:
- Forms 8-A, 8-K, 10, 10-K, and 10-Q, as well as Section 302 and Section 906 certifications,
- Beneficial ownership reports filed pursuant to Section 16 and Sections 13(d) and 13(g) and Schedule TO, and
- Foreign private issuer filings such as Form 20-F and Form 6-K.
- Certain filings under the Investment Company Act of 1940.
- Applying for EDGAR access codes on Form ID (but note any state-specific notary requirements will still apply).
- Notice of an exempt offering of securities on Form D.
What is the attestation that we need to collect?
The company needs to collect a manually signed attestation from each signatory, acknowledging that their use of an electronic signature in any authentication document constitutes the legal equivalent of their manual signature. This attestation must be retained by the company for as long as the signatory may use an electronic signature to sign authentication documents, and at least seven years after the date of the most recent electronically signed authentication document. The new rules allow the company the flexibility to retain and store this manually signed attestation in electronic format (i.e., the signatory must sign the attestation in "wet ink", but the company need only retain and store a scan of the attestation for the required time period).
We have provided a suggested form for the attestation.
One of our signatories doesn't want to use electronic signatures—what do we do?
Electronic signatures are not required, so companies can still rely on the existing procedure of having the signatory manually execute the signature page and retaining such page for a period of five years. However, the new rules also permit more flexibility here in allowing companies to retain and store such manually signed signature page via electronic means (i.e., the signatory must sign the signature page in wet ink, but the company need only retain a scan of the signature page for the required time period).
What methods or service providers can we use to gather electronic signatures?
An electronic signing process must meet four requirements outlined in the updated EDGAR Filer Manual. Companies should review these requirements with regards to any proposed electronic signature process method or service provider, but we do expect that companies will be able to use commercially available e-signature platforms.
The chart below walks through the four signature process requirements and some practical considerations.
Requirements for Any Electronic Signature Process |
Practical Considerations and Application Examples |
The signatory must present a physical, logical, or digital credential that authenticates the signatory's individual identity. |
Examples of these credentials include: driver's license (physical), a signature provided through an e-signature platform (logical), or an email signed with a digital certificate (digital). |
The signing process must reasonably provide for nonrepudiation of the signature. |
This requirement provides assurance that the signatory cannot falsely deny having signed the document. Nonrepudiation is typically provided by commercially available e-signature platforms and may include the use of a digital signature combined with public key encryption. |
The signature must be attached, affixed, or otherwise logically associated with the signature page or document being signed. |
Be sure to include the document being signed when sending signature pages, and ensure the signatory is able to read it. For example, upload the full document being signed to the e-signature platform request. |
Because the applicable rules require that an authentication document be signed at or prior to the time of the filing, the signing process must include a timestamp to record the date and time of the signature. |
Adding a "date" tag to the electronic signature request is likely unnecessary; most e-signature platforms automatically generate a summary of the signature process that includes the date and time of each signature. |
As further clarification, the SEC defined "electronic signature" as "an electronic sound, symbol, or process, attached to or logically associated with a record and executed or adopted by a person with the intent to sign the record." While this is substantially similar to the definition in the E-SIGN Act, the SEC specifically noted that the E-SIGN Act does not apply to its requirements related to authentication documents.
Can an email response be an electronic signature (i.e., can we send the document to be signed over email and state we will use their affirmative email response as an electronic signature)?
Companies should confer with their information technology (IT) department, but an email response alone may not meet these four e-signature process requirements and if it does not, could not be used as an electronic signature. Note that the SEC's requirements are designed to ensure verification and security, including through authentication and nonrepudiation. A simple email response without added security measures may not satisfy the authentication requirement and may be subject to later repudiation by the officer.
However, an email that is signed with a digital certificate may meet the SEC's four e-signature process requirements. Companies that opt to use electronic signature process other than a commercially available e-signature platform should work with their IT department to understand whether they have a tool for secure electronic certifications that complies with the new rule. There may also be limitations to such tools, such as requiring an officer or director to use a single device for all emails that contain digital certificates.
If we collected electronic signatures in advance of the filing, should the signature page filed with the SEC bear the date that matches the date/time stamp of the electronic signature, or can we use the date of the filing?
There is no hard and fast rule here, but generally companies have taken the approach that signatures to filings can be collected in advance and will be dated as of the filing date. The company's procedures should make it clear that a signatory's responsibilities to approve the finalized filing do not end when they have authenticated their signature, and that the signature of the filing will be dated as of the filing date.
Companies can take several steps to ensure that signatories are clear on this practice and understand the scope of their responsibilities, including:
- Remind signatories with each signature request—for example, include in the e-signature platform message field.
- Insert "[Date of Filing]" over the date field when requesting electronic signatures, or simply leave the date field blank. If the date field option within the e-signature platform is utilized (which would result in the program automatically filling in the date field with the date the electronic signature request is fulfilled), it may imply that the signature only speaks of such date. As discussed above, companies should ensure that the auto-generated report provided by the e-signature program otherwise includes a date/time stamp of the signature for purposes of the company's records.
Of course, signatories should be kept updated as to the status of the document being filed and any changes. If there are any material changes to the filing, companies may want to re-collect signatures to ensure their records reflect that the signatories signed off on the later document.
Is there anything else we should be thinking about?
With the new rules, companies will likely want to revisit their rules and procedures around electronic signatures and signature process. In revisiting these policies, consider:
- Working with the company's IT department early to understand the company's e-signature options and to develop and/or implement e-signature processes that meet the SEC's requirements.
- Requiring that electronic signatures and the auto-generated report are pulled out of the e-signature platform and saved with the company files. Companies will want to avoid having to reopen e-signature platform accounts of departed employees to retrieve electronic signature packets and the signature reports.
- Confirming that all employees who are sending signatures are aware of any new policies, especially those implemented in light of the SEC rules discussed above (e.g., attaching the document being signed to the signature request and reminding signatories that the date of their signature will be the filing date).
- Whether or to what extent the company wants to adopt a policy of sending signature requests separately, rather than "tagging" each signatory to sign one document. If all signatories are tagged in one document request, the program reports the document signature process completed only when all those signatures are completed. This approach might pose logistical issues if a director delivers their signature through another method, or where the company can't connect with certain signatories to collect their signature but can file the document without such signatory (e.g., if filing the Form 10-K and a majority of directors have otherwise signed).
- Including the attestation form in any onboarding documents signed by new officers and directors (or in any similar process for officers who are promoted internally), so that the company has the manually signed attestation before such officer or director's signature is needed for a filing. Those who have power of attorney for executing Section 16 filings for officers and directors should also sign an attestation form.
- Developing a process for tracking which individuals have delivered an attestation and can sign documents electronically, including noting when the retention requirement expires (e.g., for a departed director, identify the date that is seven years from the date of the last filing signed by such departed director).
- Briefing the company's directors and officers on the SEC's new rules, the company's available e-signature options, and any limitations or requirements to ensure a smooth process in adopting electronic signatures for SEC filings.
© 2020 Perkins Coie LLP