EDGAR Filer Access and Account Management, 65524-65575 [2023-20268]

Download as PDF 65524 Federal Register / Vol. 88, No. 183 / Friday, September 22, 2023 / Proposed Rules SECURITIES AND EXCHANGE COMMISSION 17 CFR Parts 232, 239, 249, 269, and 274 [Release Nos. 33–11232; 34–98368; 39– 2551; IC–34996; File No. S7–15–23] RIN 3235–AM58 EDGAR Filer Access and Account Management Securities and Exchange Commission. ACTION: Proposed rule. AGENCY: The Securities and Exchange Commission (‘‘Commission’’) is proposing rule and form amendments concerning access to and management of accounts on the Commission’s Electronic Data Gathering, Analysis, and Retrieval system (‘‘EDGAR’’) that are related to potential technical changes to EDGAR (collectively referred to as ‘‘EDGAR Next’’). We propose to require that electronic filers (‘‘filers’’) authorize and maintain designated individuals as account administrators and that filers, through their account administrators, take certain actions to manage their accounts on a dashboard on EDGAR. Further, we propose that filers may only authorize individuals as account administrators or in the other roles described herein if those individuals first obtain individual account credentials in the manner to be specified in the EDGAR Filer Manual. As part of the EDGAR Next changes, the Commission would offer filers optional Application Programming Interfaces (‘‘APIs’’) for machine-to-machine communication with EDGAR, including submission of filings and retrieval of related information. If the proposed rule and form amendments are adopted, the Commission would make corresponding changes to the EDGAR Filer Manual and implement the potential technical changes. DATES: Comments should be received on or before November 21, 2023. ADDRESSES: Comments may be submitted by any of the following methods: lotter on DSK11XQN23PROD with PROPOSALS3 SUMMARY: Electronic Comments • Use the Commission’s internet comment form (https://www.sec.gov/ rules/submitcomments.htm); or • Send an email to rule-comments@ sec.gov. Please include File Number S7– 15–23 on the subject line. Paper Comments • Send paper comments to Secretary, Securities and Exchange Commission, 100 F Street NE, Washington, DC 20549. VerDate Sep<11>2014 18:08 Sep 21, 2023 Jkt 259001 All submissions should refer to File Number S7–15–23. This file number should be included on the subject line if email is used. To help the Commission process and review your comments more efficiently, please use only one method of submission. The Commission will post all submitted comments on the Commission’s website (https://www.sec.gov/rules/ proposed.shtml). Comments are also available for website viewing and printing in the Commission’s Public Reference Room, 100 F Street NE, Washington, DC 20549, on official business days between the hours of 10 a.m. and 3 p.m. Operating conditions may limit access to the Commission’s Public Reference Room. Do not include personal identifiable information in submissions; you should submit only information that you wish to make available publicly. We may redact in part or withhold entirely from publication submitted material that is obscene or subject to copyright protection. Studies, memoranda, or other substantive items may be added by the Commission or staff to the comment file during this rulemaking. A notification of the inclusion in the comment file of any such materials will be made available on our website. To ensure direct electronic receipt of such notifications, sign up through the ‘‘Stay Connected’’ option at www.sec.gov to receive notifications by email. FOR FURTHER INFORMATION CONTACT: Rosemary Filou, Deputy Director and Chief Counsel; Daniel K. Chang, Senior Special Counsel; E. Laurita Finch, Senior Special Counsel; Jane Patterson, Senior Special Counsel; Margaret Marrero, Senior Counsel; Lidian Pereira, Senior Special Counsel; EDGAR Business Office at 202–551–3900, Securities and Exchange Commission, 100 F Street NE, Washington, DC 20549. The Commission is proposing amendments to 17 CFR 232.10 (‘‘Rule 10’’) and 17 CFR 232.11 (‘‘Rule 11’’) under 17 CFR 232.10 through 232.903 (‘‘Regulation S– T’’); and amendments to Form ID (referenced in 17 CFR 239.63, 17 CFR 249.446, 17 CFR 269.7, and 17 CFR 274.402). SUPPLEMENTARY INFORMATION: Table of Contents I. Introduction II. Background A. Current EDGAR Access and Account Management B. The Commission’s September 2021 Request for Comment III. Discussion A. Individual Account Credentials PO 00000 Frm 00002 Fmt 4701 Sfmt 4702 B. Individual Roles: Account Administrator, User, Technical Administrator 1. Account Administrators 2. Users 3. Technical Administrators C. Delegated Entities 1. Delegating Authority To File 2. Separation of Authority of Filer and Delegated Entity 3. Delegated Entities 4. Delegated Users 5. User Groups at Delegated Entities 6. Technical Administrators at Delegated Entities D. Application Programming Interfaces 1. Submission API 2. Submission Status API 3. EDGAR Operational Status API E. Proposed Amendments to Rules and Forms 1. Rule 10 Under Regulation S–T 2. Rule 11 Under Regulation S–T 3. Form ID F. Transition Process 1. Individual Account Credentials 2. Enrollment 3. Compliance G. General Request for Comment and EDGAR Next Proposing Beta IV. Economic Analysis A. Introduction B. Baseline C. Consideration of Benefits and Costs as Well as the Effects on Efficiency, Competition, and Capital Formation 1. Benefits 2. Costs 3. Effects on Efficiency, Competition, and Capital Formation D. Reasonable Alternatives 1. Require Personally Identifiable Information in Addition to Individual Account Credentials 2. Requirements for Individual and Small Filers 3. Implementing Performance-Based Standards 4. Institute Phased Compliance Dates by Filer Category or Form Type E. Requests for Comment V. Paperwork Reduction Act A. Form ID B. The Dashboard C. Request for Comment VI. Small Business Regulatory Enforcement Act VII. Initial Regulatory Flexibility Analysis A. Reasons for, and Objectives of, the Proposed Action B. Legal Basis C. Small Entities Subject to the Proposed Rule and Form Amendments D. Reporting, Recordkeeping, and Other Compliance Requirements E. Duplicative, Overlapping, or Conflicting Federal Rules F. Significant Alternatives G. Request for Comment Statutory Authority Appendix A I. Introduction We are seeking comment on proposed rule and form amendments concerning EDGAR filer access and account E:\FR\FM\22SEP3.SGM 22SEP3 Federal Register / Vol. 88, No. 183 / Friday, September 22, 2023 / Proposed Rules lotter on DSK11XQN23PROD with PROPOSALS3 management. Separately, we welcome feedback on related EDGAR technical functionality. The Commission is seeking to enhance the security of EDGAR, improve the ability of filers 1 to securely manage and maintain access to their EDGAR accounts, facilitate the responsible management of filer credentials, and simplify procedures for accessing EDGAR.2 In furtherance of these goals, on September 30, 2021, the Commission issued a Request for Comment on Potential Technical Changes to EDGAR Filer Access and Filer Account Management Processes (‘‘2021 Request for Comment’’).3 The Commission received comments from and engaged in a dialogue with interested parties, considered feedback from these parties, and gathered additional information about filers’ interactions with EDGAR.4 The rule and form amendments we are proposing in this release and the related technical changes seek to achieve the Commission’s goals for secure EDGAR access and account management while addressing many of the comments and concerns expressed in response to the 2021 Request for Comment. The obligations for filers contemplated by EDGAR Next would generally be codified in Rule 10 of Regulation S–T.5 Form ID would be amended to implement those changes and require information about, among other things, the filer’s account administrators,6 and to improve the utility of the form for Commission staff. Moreover, Rule 11 of Regulation S–T 1 For purposes of this release, we use the term ‘‘filer’’ to mean ‘‘electronic filer,’’ as defined in Rule 11 of Regulation S–T: ‘‘A person or an entity that submits filings electronically pursuant to Rules 100 or 101 of Regulation S–T.’’ 2 Please refer to proposed Rule 11 of Regulation S–T, set forth in this release, for definitions of the terms used in this release, including ‘‘account administrator,’’ ‘‘dashboard,’’ ‘‘user,’’ ‘‘delegated entity,’’ ‘‘APIs,’’ and ‘‘technical administrator.’’ 3 In the 2021 Request for Comment, we referred to filer administrators. That term has been changed herein to refer to account administrators, which we believe is in keeping with industry nomenclature and is less confusing in context. See Potential Technical Changes to EDGAR Filer Access and Filer Account Management Processes, Release No. 33– 10993 (Sept. 30, 2021) [86 FR 55029 (Oct. 5, 2021)]. 4 Comment letters related to the 2021 Request for Comment are available at https://www.sec.gov/ comments/s7-12-21/s71221.htm. 5 In addition to the changes discussed below, Rule 10 would also be amended to implement certain technical and conforming changes. See Section III.E.1. 6 We are proposing amendments to Rule 11 under Regulation S–T to define an ‘‘account administrator’’ as an individual authorized by an electronic filer to manage the electronic filer’s EDGAR account on EDGAR, and to make filings on EDGAR on the electronic filer’s behalf. See the discussion of proposed amendments to Rule 11 in Section III.E.2. VerDate Sep<11>2014 18:08 Sep 21, 2023 Jkt 259001 would be amended to provide clarity regarding certain new terms related to the proposed rule and form amendments.7 Under proposed Rule 10(d)(1), only those individuals who obtained individual account credentials 8 could be authorized to act on the filer’s behalf on a dashboard 9 on the EDGAR Filer Management website.10 Proposed Rule 10(d)(2) would require each filer to authorize and maintain individuals as its account administrators 11 to manage the filer’s EDGAR account on the filer’s behalf, in accord with the EDGAR account access and account management requirements set forth in this proposal and in the EDGAR Filer Manual. The filer could authorize someone who is not an employee of the filer 12 as the filer’s account administrator, if the authorized individual for the filer 13 provided a relevant notarized power of attorney authorizing that individual to be the filer’s account administrator.14 On the dashboard, account administrators would take actions on behalf of the filer to add and remove authorized users, account 7 The amendments to Rule 11 would also update or delete outdated terminology and clarify the definition of the EDGAR Filer Manual. 8 We are proposing amendments to Rule 11 under Regulation S–T to define ‘‘individual account credentials’’ as credentials issued to individuals for purposes of EDGAR access, as specified in the EDGAR Filer Manual. See the discussion of proposed amendments to Rule 11 in Section III.E.2. We currently anticipate that, if the proposal is adopted, the EDGAR Filer Manual would specify that individual account credentials must be obtained through Login.gov, a sign in service of the United States Government that employs multifactor authentication. 9 We are proposing amendments to Rule 11 under Regulation S–T to define the ‘‘dashboard’’ as an interactive function on EDGAR where electronic filers manage their EDGAR accounts and individuals that electronic filers authorize may take relevant actions for electronic filers’ accounts. See the discussion of proposed amendments to Rule 11 in Section III.E.2. 10 See EDGAR Filer Management website at https://www.filermanagement.edgarfiling.sec.gov. 11 Applicants (individuals and companies) for EDGAR access would designate account administrators on Form ID. See proposed Form ID. 12 For example, if a filer wished to authorize an individual employed by its filing agent to act as the filer’s account administrator, the authorized individual for the filer would be required to upload a notarized power of attorney authorizing the individual to be the filer’s account administrator. See proposed Form ID, Part 3. 13 We are proposing amendments to Rule 11 under Regulation S–T to define ‘‘authorized individual.’’ See the discussion of proposed amendments to Rule 11 in Section III.E.2. 14 Foreign filers who do not have access to a U.S. notary public could use the foreign local equivalent of a notary public (e.g., apostille) or obtain notarization by a remote online notary recognized by the law of any State or territory in the U.S. or the District of Columbia. See EDGAR Filer Manual, Volume I, at Section 3. PO 00000 Frm 00003 Fmt 4701 Sfmt 4702 65525 administrators, and technical administrators; and annually confirm the accuracy of the filer’s information on the dashboard. Additionally, on the dashboard, account administrators could delegate authority to file on behalf of the filer to any other EDGAR account, such as a filing agent, making that account a delegated entity of the filer, and could remove a delegated entity’s authority to file on the filer’s behalf. A delegated entity would have its own EDGAR account and dashboard to manage its account. Because it would itself be a filer, a delegated entity would be subject to the same requirements as other filers. Through its dashboard, a delegated entity could manage the delegated authority it received from filers. If a delegated entity accepted a delegation from a filer, the delegated entity’s account administrators would become delegated administrators with respect to that filer. Each delegated administrator could thereafter manage which of the users of the delegated entity would become delegated users for particular filers. A delegated entity could not further delegate authority to file on behalf of that filer, nor could delegated administrators take action on the filer’s dashboard. Similarly, the filer’s account administrators could not view or take action on the delegated entity’s dashboard.15 As proposed, Rule 10(d)(4) would require each filer, through its authorized account administrators, to confirm annually that all account administrators, users,16 delegated entities,17 and technical administrators 18 reflected on the dashboard for the filer’s EDGAR account are authorized by the filer and that all information regarding the filer on the dashboard is accurate (generally including the filer’s corporate and contact information). Pursuant to proposed Rule 10(d)(5), each filer, through its authorized 15 Please see the illustration in diagram 3 in Section III.C. 16 We are proposing amendments to Rule 11 under Regulation S–T to define a ‘‘user’’ as an individual that the filer authorizes on the dashboard to make submissions on EDGAR on the filer’s behalf. See the discussion of proposed amendments to Rule 11 in Section III.E.2. 17 We are proposing amendments to Rule 11 under Regulation S–T to define a ‘‘delegated entity’’ as an electronic filer that another electronic filer authorizes, on the dashboard, to file on EDGAR on its behalf. See the discussion of proposed amendments to Rule 11 in Section III.E.2. 18 We are proposing amendments to Rule 11 under Regulation S–T to define a ‘‘technical administrator’’ as an individual that the filer authorizes on the dashboard to manage the technical aspects of the filer’s use of EDGAR Application Programming Interfaces on its behalf. See the discussion of proposed amendments to Rule 11 in Section III.E.2. E:\FR\FM\22SEP3.SGM 22SEP3 65526 Federal Register / Vol. 88, No. 183 / Friday, September 22, 2023 / Proposed Rules lotter on DSK11XQN23PROD with PROPOSALS3 account administrators, would further be required to maintain accurate and current information about the filer on EDGAR, and, pursuant to proposed Rule 10(d)(6), to securely maintain information relevant to the ability to access the filer’s EDGAR account. As part of EDGAR Next, the Commission would offer filers optional APIs 19 to facilitate machine-to-machine communication with EDGAR, including submission of filings and retrieval of related information. Pursuant to proposed Rule 10(d)(3), if the filer decided to use an optional API, the filer would be required to authorize two individuals to be technical administrators to manage the API.20 In addition, the filer would present security tokens to EDGAR, which would be reissued annually, and which the technical administrators would manage on the filer’s dashboard. Individuals using the APIs would be required to sign in with their individual account credentials and complete multi-factor authentication on a monthly basis. The Commission intends to make available to filers an EDGAR Next Proposing Beta environment 21 that reflects the proposed rule and form amendments and related technical changes. In addition to public comment on the proposed rule and form amendments, the Commission welcomes feedback from filers about the technical aspects of EDGAR Next.22 19 We are proposing amendments to Rule 11 under Regulation S–T to define an ‘‘Application Programming Interface’’ or ‘‘API’’ as a software interface that allows computers or applications to communicate with each other. See the discussion of proposed amendments to Rule 11 in Section III.E.2. 20 See proposed Rule 10(d)(3). 21 The Commission staff will make available an EDGAR Next Proposing Beta environment shortly after the issuance of this release, and it will remain open to filers for at least 6 months thereafter. The EDGAR Next Proposing Beta will reflect the proposed rule and form changes as well as the technical changes to EDGAR set forth in this release. The EDGAR Next Proposing Beta environment will therefore contain functionality, including APIs, not included in the 2021 Request for Comment beta environment. If the Commission later adopts the proposed rule and form changes set forth in this release, staff would make available to filers an EDGAR Next Adopting Beta environment that reflects the rule and form changes as adopted and the technical changes to EDGAR to be made in connection with adoption. The EDGAR Next Adopting Beta would allow filers to prepare for the transition to the rule and form changes as adopted and the final version of the technical changes to EDGAR. 22 Technical feedback may be submitted to the public comment file. VerDate Sep<11>2014 18:08 Sep 21, 2023 Jkt 259001 II. Background A. Current EDGAR Access and Account Management Presently, those seeking to file on EDGAR apply for access pursuant to Rule 10 of Regulation S–T by completing the Form ID application for access on the EDGAR Filer Management website and submitting a notarized copy of that application signed by an authorized individual of the filer.23 Form ID is an online fillable form that requires the applicant to provide the applicant’s name and contact information, the applicant’s point of contact for EDGAR information, inquiries, and access codes (‘‘EDGAR POC’’), and its contact for SEC account information and billing invoices (‘‘billing contact’’).24 Further, when the applicant entity or individual submits the Form ID, the applicant must create and retain a passphrase to be used to create access codes if the application is granted. If Commission staff approves the Form ID application, an account in the filer’s name is opened on EDGAR, denoted by a central index key number (‘‘CIK’’) unique to that filer, if needed.25 The EDGAR POC may then generate access codes to allow the filer to make submissions on its EDGAR account. To do so, the EDGAR POC uses the CIK provided in an email from EDGAR and the passphrase the filer created on EDGAR when the filer submitted the Form ID to generate a password, central index key confirmation code (‘‘CCC’’), and password modification authorization code (‘‘PMAC’’).26 23 See EDGAR Filer Manual, Volume I, at Section 3. The EDGAR Filer Manual specifies the instructions filers must follow when making electronic filings on EDGAR and is incorporated by reference in the Code of Federal Regulations by 17 CFR 232.301 (Rule 301 of Regulation S–T). Rule 10 of Regulation S–T and the EDGAR Filer Manual permit manual, electronic, and remote online notarizations, authorized by the law of any State or territory of the United States or the District of Columbia. See 17 CFR 232.10 and EDGAR Filer Manual, Volume I, at Section 3. An ‘‘authorized individual’’ for purposes of the Form ID notarization process is an individual with the authority to legally bind the applicant, or an individual with a power of attorney from an individual with the authority to legally bind the applicant. See EDGAR Filer Manual, Volume I, at Section 3. 24 17 CFR 239.63, 249.446, 269.7, and 274.402. 25 While most applicants that submit Form ID have not previously been assigned a CIK, a small number of other applicants have already been assigned a CIK but have not filed electronically on EDGAR. These applicants continue to use the same CIK when they receive access to EDGAR and are not assigned a new CIK. 26 See EDGAR Filer Manual, Volume I, at Section 4. For a discussion of the functions of these access codes, please see the ‘‘Understand and utilize EDGAR CIKs, passphrases, and access codes’’ section of the ‘‘EDGAR—How Do I’’ FAQs, at PO 00000 Frm 00004 Fmt 4701 Sfmt 4702 Together with the CIK, the filer’s password, passphrase, CCC, and PMAC constitute the EDGAR access codes. Filers make submissions on EDGAR using their CIK, password, and CCC. Filings on EDGAR are therefore traceable to the filer’s CIK. EDGAR does not presently issue identifying credentials to individuals making filings on EDGAR; an individual’s authority to file on EDGAR is predicated on possession of the password and CCC. Thus, filings are not easily traceable to individuals, and the Commission currently does not provide a technical solution through which filers may manage individuals who make submissions on filers’ behalf. As a result, Commission staff and affected filers often encounter delays in addressing potentially problematic filings. Because filers are required to securely maintain their EDGAR access codes,27 Commission staff understands that many filers have devised their own internal methods of tracking the individuals who possess the password and CCC. Other filers, however, may not have closely tracked the individuals who possess the password and CCC and/or otherwise maintained secure access to filers’ EDGAR accounts. For example, Commission staff understands that some filers have shared EDGAR access codes with co-registrants, filing agents, and various employees through non-secure means and without tracking or recording the names and identities of the recipients. EDGAR does not currently employ multi-factor authentication. As noted, if an individual has the password and CCC, then no other authentication is required to access EDGAR. Multi-factor authentication would increase the level of assurance that an individual is indeed the person authorized to access an account by requiring provision of an additional data point to gain access. Filers routinely hire filing agents, which include law firms and third-party software providers, to assist with filing on EDGAR. Indeed, EDGAR data reveals that, at a minimum, more than 60% of filings on EDGAR are made by a filing agent on the filer’s behalf,28 and https://www.sec.gov/edgar/filer-information/howdo-i. 27 See EDGAR Filer Manual, Volume I, at 4 (‘‘Filers must securely maintain all EDGAR access codes and limit the number of persons who possess the codes.’’). 28 In calendar year 2021, 63% of all EDGAR submissions were made by filers that identified themselves as ‘‘filing agents.’’ Because filing agents are not required to self-identify in EDGAR as such, however, and instead could simply identity themselves as a ‘‘filer,’’ the actual percentage of E:\FR\FM\22SEP3.SGM 22SEP3 Federal Register / Vol. 88, No. 183 / Friday, September 22, 2023 / Proposed Rules lotter on DSK11XQN23PROD with PROPOSALS3 commenters have indicated that 81– 90% of EDGAR filings are not manually submitted to EDGAR.29 While EDGAR does not require the use of filing agents, a filer may decide to hire a filing agent to assist with EDGAR filing. Further, as noted in comments submitted in response to the 2021 Request for Comment, individual filers who are officers and/or directors with obligations to file on EDGAR pursuant to section 16 of the Securities Exchange Act of 1934 (‘‘Exchange Act’’) 30 routinely rely upon the companies for which they serve as officers and/or directors to make filings on their behalf on EDGAR.31 Likewise, other filers may make filings on behalf of affiliated or related entities, such as asset-backed securities issuers on behalf of their serial companies.32 Filers make submissions on EDGAR through one of three web-based user interfaces, depending on the type of submission made.33 Commission staff is aware that filers and filing agents have for years sought to automate submissions on EDGAR so as not to rely upon web-based interfaces, and many filers and filing agents have engineered their own automated processes to make submissions and otherwise interact with EDGAR. These filers and filing agents extract data and content from, or ‘‘scrape,’’ the EDGAR filing websites and use that data to create custom software that allows them to interact with the websites in a machine-tomachine fashion to accomplish tasks such as scheduling filings and making a large volume of submissions on numerous different CIK accounts.34 Filers and filing agents must modify their custom software periodically to accord with underlying changes to EDGAR submissions made by filing agents may be significantly higher. 29 See Workiva Comment Letter (Nov. 30, 2021) (‘‘Workiva Comment Letter’’); XBRL US Comment Letter (Dec. 1, 2021) (‘‘XBRL Comment Letter’’). 30 15 U.S.C. 78p. 31 See Orrick, Herrington & Sutcliffe LLP Comment Letter (Feb. 23, 2022) (‘‘Orrick Comment Letter’’); McGuireWoods, LLP and Brownstein Hyatt Farber Schreck, LLP (Dec. 1, 2021) (‘‘McGuireWoods Comment Letter’’); Brandon Norman Egren, Associate General Counsel & Assistant Secretary, Verizon (Dec. 1, 2021) (‘‘Verizon Comment Letter’’); Toppan Merrill (Nov. 22, 2021) (‘‘Toppan Comment Letter’’). 32 See Donnelly Financial Solutions Comment Letter (Dec. 1, 2021) (‘‘DFIN Comment Letter’’); XBRL Comment Letter. 33 See EDGAR Filer Management website at https://www.filermanagement.edgarfiling.sec.gov; EDGAR Filing website at https://www.edgarfiling. sec.gov/Welcome/EDGARLogin.htm; and EDGAR Online Forms website at https://www.edgarfiling. sec.gov/Welcome/EDGAROnlineFormsLogin.htm. 34 See CompSci Comment Letter (Nov. 19, 2021); Workiva Comment Letter (Nov. 30, 2021); CompSci Resources LLC Comment Letter (Nov. 19, 2021). VerDate Sep<11>2014 18:08 Sep 21, 2023 Jkt 259001 EDGAR code. Similarly, when Commission staff makes EDGAR software changes, staff has coordinated with filers and filing agents using custom software to prevent filing disruptions. As a result, efficient implementation of certain technical changes in EDGAR may be delayed while such coordination and software adjustments take place. B. The Commission’s September 2021 Request for Comment The 2021 Request for Comment sought feedback from filers about potential technical changes to EDGAR access and account management, including the addition of individual account credentials with multi-factor authentication, a dashboard on EDGAR where a filer would manage its EDGAR account, administrators to manage the filer’s account and annually confirm the filer’s information, and the time period required to implement the potential technical changes. To assist filers in assessing the potential technical changes, the Commission provided filers access to a beta environment that reflected the majority of the potential technical changes. The Commission received over forty comment letters in response to the 2021 Request for Comment.35 Commenters were generally supportive of the Commission’s objectives,36 but were concerned about certain aspects of the potential technical changes. With respect to requiring individual account credentials, many commenters expressed the view that the potential technical changes would prevent filers and filing agents from continuing to use their custom third-party software to make machine-to-machine submissions on EDGAR. Several commenters estimated that currently 81–90% of EDGAR filings are submitted to EDGAR directly through third-party filing systems rather than manually uploaded on an individual basis via EDGAR filing websites.37 Commenters stated that the Login.gov multi-factor authentication process does not support automated machine-to-machine authentication and requested that the Commission consider machine-to-machine authentication to facilitate the ability to pre-schedule and perform bulk filings, reduce the 35 Twenty of these letters were form letters that requested an extension of the deadline to provide comments, as opposed to providing substantive comments. 36 See, e.g., Verizon Comment Letter (Dec. 1, 2021); XBRL US Comment Letter; Workiva Comment Letter; Davis Polk Comment Letter (Dec. 1, 2021). 37 See Workiva Comment Letter; XBRL US Comment Letter. PO 00000 Frm 00005 Fmt 4701 Sfmt 4702 65527 potential for error due to manual processing, reduce the risk of missing deadlines, and decrease the cost of compliance.38 One commenter conducted a survey of filers wherein 70% of respondents believed that the increased time required to submit filings due to the loss of direct submission capability from third-party filing systems would be ‘‘very impactful’’ or ‘‘extremely impactful’’ to their filing success.39 The Commission also requested comment on whether filers should authorize administrators to manage filers’ EDGAR accounts. Certain commenters expressed concerns about the impact that the institution of administrators would have on individual officer and director filers pursuant to section 16 of the Exchange Act.40 Commenters recommended that the Commission allow a company to create and manage a company-specific account for an individual non-employee director or section 16 officer.41 These commenters further suggested that each company be required to obtain a notarized power of attorney from the individual so that the company could create and maintain the companyspecific account on behalf of the individual.42 With respect to the Commission’s request for comment on a requirement to annually confirm users and administrators, commenters generally did not support the requirement,43 38 See, e.g., Workiva Comment Letter; XBRL US Comment Letter. 39 See Workiva Comment Letter (the filer survey included 660 responses from Nov. 15–27, 2021). 40 See, e.g., Workiva Comment Letter; XBRL US Comment Letter. 41 See McGuire Woods, LLP and Brownstein Hyatt Farber Schreck, LLP Comment Letter (Dec. 1, 2021) (‘‘McGuire/Brownstein Comment Letter’’); Orrick, Herrington & Sutcliffe LLP Comment Letter (Feb. 23, 2022) (‘‘Orrick Commenter Letter’’) (reiterating the concern that the new filer administrator position would create an administrative burden on section 16 filers and endorsing instead the company-specific account approach outlined in the McGuire/Brownstein Comment Letter). 42 These commenters also recommended ‘‘grandfathering’’ issuers with existing powers of attorney for section 16 officers and directors. Alternatively, they recommended a ‘‘negative consent’’ construct, according to which a company would be deemed to have authority to create a new company-specific account unless an officer or director expressly objected during a set period of time. See McGuire/Brownstein Comment Letter; Orrick Comment Letter. 43 See, e.g., McGuire/Brownstein Comment Letter; XBRL US Comment Letter. A few commenters also requested enhancement of the beta environment to reflect ‘‘a complete testing environment’’ or the ‘‘full life cycle of an SEC EDGAR filing which would enable full and appropriate analysis.’’ See, e.g., Toppan Comment Letter (Nov. 30, 2021); Donnelley Financial Solutions Comment Letter (Nov. 18, 2021). E:\FR\FM\22SEP3.SGM 22SEP3 65528 Federal Register / Vol. 88, No. 183 / Friday, September 22, 2023 / Proposed Rules lotter on DSK11XQN23PROD with PROPOSALS3 noting that it would increase the number of required confirmations, would be duplicative, and would necessitate additional management effort for filers, thus increasing the administrative burden.44 Certain commenters recommended limiting confirmation to administrators.45 Others suggested that the Commission implement an active notification process to inform filers of impending expiration 46 and recommended a grace period after failure to make a confirmation.47 Several commenters recommended that denying EDGAR access until the administrator has reconfirmed would be less burdensome than deactivating accounts.48 With respect to the time period required to effectuate the potential technical changes to EDGAR access and account management, one commenter indicated that 66% of its surveyed respondents expressed the view that an appropriate transition period would be 1–3 years,49 one commenter suggested a transition period of 18–24 months, and another commenter recommended a transition period of at least one year.50 The staff engaged in additional dialogue with commenters and other interested parties regarding the 2021 Request for Comment and further approaches to EDGAR access improvements.51 Among the topics discussed were APIs for submission and for checking accession numbers (numbers filers receive from EDGAR indicating receipt of a filing), filing status, and other information; annual confirmation of individuals authorized to make submissions on a filer’s behalf; whether accession numbers should be traceable to the individuals making submissions or instead to the CIK numbers associated with the submissions; bulk submissions and user group functionality; delegation of authority to file; a potential transition process to implement the changes contemplated by the 2021 Request for Comment; and other technical topics. 44 See XBRL US Comment Letter; Workiva Comment Letter; DFIN Comment Letter. 45 See XBRL US Comment Letter; Workiva Comment Letter; DFIN Comment Letter. 46 See DFIN Comment Letter; Workiva Comment Letter. 47 See DFIN Comment Letter; Workiva Comment Letter; XBRL US Comment Letter. 48 See Workiva Comment Letter; XBRL US Comment Letter. 49 Workiva Comment Letter (referencing the same filer survey discussed above). 50 See XBRL US Comment Letter; McGuire/ Brownstein Comment Letter. 51 Staff invited interested parties to participate in the dialogue through the Commission’s EDGAR Next web page. VerDate Sep<11>2014 18:08 Sep 21, 2023 Jkt 259001 Having considered the significant additional information provided by commenters in response to the 2021 Request for Comment and the subsequent dialogue with interested parties, we are contemplating a number of changes in connection with the EDGAR Next project, including proposed amendments to Rules 10 and 11 under Regulation S–T and to Form ID; changes to enhance dashboard functionality; and the addition of optional APIs to allow machine-tomachine submissions on EDGAR as an alternative to submission through the EDGAR filing websites. III. Discussion We are proposing amendments to Rule 10 under Regulation S–T concerning EDGAR filer access and account management and related matters; Form ID, the application for EDGAR access; and Rule 11 under Regulation S–T, containing the definitions of terms in Regulation S–T. Proposed amendments to Rule 10 and Form ID would set forth requirements for each EDGAR filer to authorize and maintain individual account administrators to manage the filer’s EDGAR account on a dashboard on EDGAR, and to authorize account administrators, users, and technical administrators only if those individuals obtained individual account credentials.52 Each filer, through its account administrators, would be required to confirm annually that all account administrators, users, technical administrators, and delegated entities reflected on the filer’s dashboard are authorized by the filer to act on its behalf, and that all information about the filer on the dashboard is accurate; maintain accurate and current information on EDGAR concerning the filer’s account; and securely maintain information relevant to the ability to access the filer’s EDGAR account. On the dashboard, account administrators could add and remove authorized users, account administrators, and technical administrators; delegate and remove delegated authority to file to other EDGAR accounts; and annually confirm the accuracy of all information on the dashboard. The dashboard would contain the filer’s corporate and contact information, generally corresponding to the company information currently 52 We are proposing amendments to Rule 11 under Regulation S–T to define ‘‘individual account credentials’’ as credentials issued to individuals for purposes of EDGAR access. See the discussion of proposed amendments to Rule 11 in Section III.E.2. PO 00000 Frm 00006 Fmt 4701 Sfmt 4702 maintained on EDGAR.53 The dashboard would be available during EDGAR operating hours,54 such that filers could manage their EDGAR accounts during the same time period that they would file on EDGAR. The Commission would provide optional APIs for machine-to-machine communication with EDGAR, including to submit filings and to facilitate filers’ retrieval of information regarding their submissions. To use APIs, filers would be required to authorize two technical administrators and present certain tokens to EDGAR that we plan to specify in the EDGAR Filer Manual. Filers who did not wish to use the APIs would not need to do so and therefore would not need to comply with the API-related requirements. Those filers could continue to make submissions through the web-based EDGAR filing websites. A. Individual Account Credentials Under proposed Rule 10(d)(1), a filer could only authorize an individual to perform functions on the dashboard on the filer’s behalf if the individual possessed individual account credentials, obtained in the manner specified in the EDGAR Filer Manual. This requirement would pertain to all existing filers and all individuals acting on behalf of those filers, as well as all applicants for access to EDGAR. We anticipate requiring, through the EDGAR Filer Manual, that individual account credentials be obtained through Login.gov, a secure sign in service of the U.S. General Services Administration.55 Login.gov is used by participating Federal agencies, as well as State, local, and territorial governments to provide a secure login process and to allow members of the public to use a single account that is protected by encryption, multi-factor authentication, and additional safeguards.56 On the Login.gov website, the individual would respond to prompts to provide an email address and select a multi-factor authentication option.57 53 The information corresponds to information that filers presently amend through a ‘‘Company Update’’ or ‘‘COUPDAT’’ submission. Filers would continue to be able to edit their company information through COUPDATs under the EDGAR Next changes. 54 Regulation S–T provides that filings ‘‘may be submitted to the Commission each day, except Saturdays, Sundays, and Federal holidays, from 6 a.m. to 10 p.m., Eastern Standard Time or Eastern Daylight Saving Time, whichever is currently in effect.’’ 17 CFR 232.12(c). The dashboard would be available from 6.a.m.–10 p.m. as described above, so that filers could manage their accounts during the period when EDGAR filings could be submitted. 55 https://www.login.gov/. 56 See Login.gov, ‘‘About us,’’ at https:// www.login.gov/about-us/. 57 As of the date of this proposal, Login.gov multifactor authentication options include: (1) a security E:\FR\FM\22SEP3.SGM 22SEP3 lotter on DSK11XQN23PROD with PROPOSALS3 Federal Register / Vol. 88, No. 183 / Friday, September 22, 2023 / Proposed Rules 65529 The email address provided to Login.gov would be required to match the email address the filer provides to EDGAR, for example, on Form ID.58 After the individual confirmed her email address and completed multi-factor authentication, Login.gov would issue individual account credentials to the individual to sign in to EDGAR. In accord with proposed Rule 10(d), all account administrators, users, and technical administrators would be required to use their individual account credentials, and multi-factor authentication, to sign into all EDGAR filing websites. After entering the Login.gov username and password, each individual would be prompted to enter a one-time passcode received through the multi-factor authentication option the individual selected when obtaining individual account credentials at Login.gov.59 Individual account credentials would enhance EDGAR security and improve the ability of filers to securely maintain access to their EDGAR accounts. As noted, filers currently share access codes among multiple individuals, making it difficult to track with whom the codes are shared or to trace a filing to a specific individual. The use of individual account credentials would enable Commission staff and filers to easily determine the individuals making specific filings on EDGAR. Linking individuals to the filings they make would be particularly useful for filers and Commission staff when problematic filings are made on EDGAR and would enhance the security and integrity of the system. The use of individual account credentials would provide additional assurance that only individuals who have been properly authorized by the filer or the filer’s account administrator could take actions on the filer’s behalf on EDGAR. Currently, the process of filing on EDGAR requires the filer to use certain EDGAR access codes. EDGAR Next would enhance security by requiring an individual seeking to make a filing on EDGAR to sign in with individual account credentials, complete multi-factor authentication, be authorized by the filer or the filer’s account administrator, and enter the filer’s CIK and CCC. Multi-factor authentication for individual accounts would be required to access EDGAR. Multi-factor authentication is a widely accepted security tool that would improve the security of access to EDGAR by adding a layer of validation each time an individual signed into EDGAR. Consistent with general industry practice, and standard Login.gov processes, individuals could check a box labeled ‘‘remember this browser’’ during the Login.gov sign-in process to preserve their multi-factor authentication for 30 days if they used the same web browser for login.60 Under EDGAR Next, the EDGAR password, PMAC, and passphrase would no longer be used. The historic use of several codes with differing functions is not in accord with standard access processes. The use of individual account credentials aligns more closely with streamlined, modern access processes, including individual login using multi-factor authentication. The CCC would persist as the code required for filing, but, as noted, individuals seeking to file would also need to sign in with individual account credentials, complete multi-factor authentication, and be authorized by the filer or an account administrator for the filer. Because of these additional safeguards, the filer’s CCC would be displayed on the dashboard for account administrators and users. Requests for Comment 1. Should we require the use of individual account credentials, as proposed under Rule 10(d)(1), and multi-factor authentication for all existing filers, individuals acting on their behalf, and applicants for access to EDGAR? Under proposed Rule 10(d)(2), each filer would be required as an initial matter to authorize and maintain at least two individuals with individual account credentials as account administrators to manage the filer’s EDGAR account and to make submissions on EDGAR on behalf of the filer,61 unless the filer were an individual or single-member company,62 in which case it would be required to authorize and maintain at least one individual with individual account credentials as an account administrator. Using the dashboard on EDGAR, account administrators, acting on behalf of the filer, would authorize individuals with individual account credentials to be users, additional account administrators, or technical administrators for the filer, as needed. This process is illustrated in diagram 1 below. Further, account administrators could de-authorize account administrators, users, and technical administrators for the filer. key; (2) Government employee or military PIV or CAC cards; (3) authentication application; (4) text message/SMS or telephone call; and (5) backup codes, with (1), (2), and (3) being the most secure methods, and (5) being the least secure authentication option according to Login.gov. See generally Login.gov, Authentication Options at https://www.login.gov/help/get-started/ authentication-options/. See also generally Login.gov, ‘‘Privacy and security: Our security practices,’’ at https://login.gov/policy/our-securitypractices/ for information on Login.gov’s security practices. 58 While Login.gov permits multiple email addresses to be associated with a single Login.gov account, EDGAR would require a single email address related to the need to access EDGAR be associated with the individual account credentials. To change an email address (for example, because of a change of domain name), the individual would change the email in the dashboard and then change it on Login.gov to maintain access to EDGAR. 59 If the individual lost or forgot her Login.gov password, the individual would reset the password through Login.gov, simplifying and automating the process of password retrieval. 60 Consistent with current practice, an individual logged into EDGAR would be automatically logged out if the individual were idle for more than 60 minutes, as well as at the end of EDGAR’s hours of operation (10:00 p.m. ET on business days). In each of those cases, the individual would need to complete multi-factor authentication in order to log back into EDGAR unless the individual had successfully signed into EDGAR and checked the ‘‘remember this browser’’ box within the last 30 days. 61 See EDGAR Filer Manual, Volume I, at Section 4. 62 As defined in proposed Rule 11 and proposed Form ID, a ‘‘single-member company’’ would be a company that has a single individual who acts as the sole equity holder, director, and officer (or, in the case of an entity without directors and officers, holds position(s) performing similar activities as a director and officer). VerDate Sep<11>2014 18:08 Sep 21, 2023 Jkt 259001 PO 00000 Frm 00007 Fmt 4701 Sfmt 4702 2. Does the filing community have experience with obtaining account credentials from third-party service providers including or similar to Login.gov that the Commission should consider? If so, which third-party service party service providers, and what experience? Would the use of third-party service providers give rise to any security concerns for individual or entity filers? 3. Would the use of individual account credentials give rise to any concerns regarding costs, confusion, or complexity for individual or entity filers? Are there specific concerns for individual or entity filers that make filings with respect to more than one subject company (e.g., an individual filer who is a board member for more than one company)? If so, what concerns? Please be specific. B. Individual Roles: Account Administrator, User, Technical Administrator E:\FR\FM\22SEP3.SGM 22SEP3 65530 Federal Register / Vol. 88, No. 183 / Friday, September 22, 2023 / Proposed Rules Individuals in each role would perform different functions for the filer, and an individual’s dashboard would display functionality that corresponded to the respective individual’s role, as explained more fully below. An individual could be authorized to perform more than one role for a filer. For example, one individual could be both an account administrator and a technical administrator, or one individual could be both a technical administrator and a user. An account administrator could not be a user, however, given that account administrators are able to perform all the functions of a user, including the ability to file on EDGAR, themselves. Analogous additional roles would exist at delegated entities—filers, including filing agents, to which another filer delegates authority to file on its behalf. Specifically, the delegated entity’s account administrators would become delegated administrators for the filer, and delegated administrators would have the ability to authorize one or more of the delegated entity’s users as delegated users who could make submissions on behalf of that filer. The key functions that could be performed by each role are illustrated in diagram 2 below. DIAGRAM 2—KEY FUNCTIONS FOR EACH ROLE Role Submit filings, view CCC Generate/ change CCC Manage account administrators, users, technical administrators, and delegated entities Delegate to/accept delegated entity status from another filer Manage delegated users Manage filer API token Manage user API token Account Administrator ............................ User ........................................................ Technical Administrator ......................... Delegated Administrator ........................ Delegated User ...................................... X X .................. X X X .................. .................. .................. .................. X ............................ ............................ ............................ ............................ X ........................ ........................ ........................ ........................ .................. .................. .................. X .................. .................. .................. X .................. .................. X X .................. X X Proposed Rule 10 paragraphs (d)(4), (d)(5), and (d)(6) would require that the filer, through its account administrators, be responsible to maintain accurate and current information on EDGAR concerning the filer’s account and to confirm that information annually, as well as to securely maintain information relevant to the ability to access the filer’s EDGAR account, including but not limited to access through any APIs. Under EDGAR Next, account administrators, on behalf of the filer, would be responsible for the security of the filer’s EDGAR account and the accuracy of the filer’s information on EDGAR. Account administrators would manage the filer’s account on the VerDate Sep<11>2014 18:08 Sep 21, 2023 Jkt 259001 dashboard, which would display relevant functionality for them to: • Add and remove users, account administrators, and technical administrators (including removing themselves as account administrators); • Create and edit groups of users; • Delegate filing authority to other EDGAR accounts, such as a filing agent’s account, and remove such delegations; • Make the required annual confirmation of all of the filer’s information on the dashboard; • Generate a new CCC for the filer; and • View and correct their own profile information (name, address, phone number, etc.). PO 00000 Frm 00008 Fmt 4701 Sfmt 4702 Account administrators could also make submissions on behalf of the filer on EDGAR, allowing filers to make submissions on EDGAR through their account administrators without adding individuals as users on the account. In addition, account administrators would serve as the points of contact for questions from Commission staff regarding the filer’s account.63 Each account administrator would be co-equal, possessing the same authority and responsibility to manage the filer’s EDGAR account. There would be no primary account administrator. All actions that would be required to be 63 Technical administrators would serve as the Commission staff’s points of contact regarding the filer’s use of the APIs. See infra Section III.B.3.a. E:\FR\FM\22SEP3.SGM 22SEP3 EP22SE23.001</GPH> lotter on DSK11XQN23PROD with PROPOSALS3 1. Account Administrators Federal Register / Vol. 88, No. 183 / Friday, September 22, 2023 / Proposed Rules performed by account administrators could be performed by any of them individually and would not require joint action by the filer’s account administrators. a. Filer Authorization of Account Administrators lotter on DSK11XQN23PROD with PROPOSALS3 Under the proposal, prospective EDGAR filers would designate on Form ID the individuals that the filer authorized as account administrators.64 As noted above, pursuant to proposed Rule 10(d)(1), the filer could only authorize individuals as account administrators if those individuals had obtained individual account credentials in the manner specified in the EDGAR Filer Manual. Prospective company filers could authorize as account administrators either (i) individuals employed at the filer or an affiliate of the filer or (ii) any other individual, provided the filer submitted a notarized power of attorney authorizing such other individual to be its account administrator. Prospective individual filers could authorize as account administrators either (i) themselves or (ii) any other individual, provided the filer submitted a notarized power of attorney authorizing such other individual to be the individual filer’s account administrator. A prospective account administrator would complete the prospective filer’s Form ID and electronically submit it, and also upload a notarized copy of the prospective filer’s Form ID signed by an authorized individual of the prospective filer, as currently required. The signature of the authorized individual would constitute the filer’s authorization of the account administrators listed on Form ID. If the prospective filer sought to authorize another individual as an account administrator, the prospective filer would additionally be required to provide Commission staff with a notarized power of attorney executed by an authorized individual of the prospective filer granting authority to that individual to be an account administrator. The power of attorney would be uploaded with the prospective filer’s completed, notarized Form ID.65 64 A unique process would be employed to transition existing filers, as discussed in the transition section below (see Section III.F). 65 Currently, a person with a power of attorney from an individual filer may sign the Form ID application for the individual filer; in that case, the power of attorney document must accompany the notarized Form ID application. See EDGAR Filer Manual, Volume I, at Section 3. Existing Commission practice also permits the Form ID to be signed by an individual with a power of attorney from a filing entity, such as a corporation. VerDate Sep<11>2014 18:08 Sep 21, 2023 Jkt 259001 If, after reviewing the Form ID application, Commission staff granted access to EDGAR to the filer, EDGAR would email the account administrators listed on Form ID the filer’s CIK number and a link to the relevant EDGAR website, similar to the current process. The account administrators could then access the filer’s dashboard by logging into EDGAR with their individual account credentials and completing multi-factor authentication. On the dashboard, account administrators could generate a CCC for the newly issued CIK. The CCC would be securely saved in the dashboard and would be visible to all account administrators and users, delegated administrators, and delegated users for that CIK to facilitate their ability to make submissions on behalf of the filer. Account administrators could authorize additional account administrators via the dashboard. Thus, if the initial account administrators are determined to be properly authorized to act for the filer on EDGAR, those initial account administrators would be authorized to add account administrators. b. Number of Account Administrators As proposed in Rule 10(d)(2), filers who are individuals or single-member companies would be required to authorize and maintain at least one account administrator; all other filers would be required to authorize and maintain at least two account administrators. On the dashboard, any account administrator could add account administrators to the filer’s EDGAR account; the maximum number of account administrators would be twenty. After an account administrator invited the individual on the dashboard, EDGAR would send an email invitation to the individual at the email address used to create individual account credentials. Requiring most filers to authorize at least two account administrators would increase the ability of filers to manage their EDGAR accounts without interruption. Thus, if an account administrator unexpectedly resigned or otherwise ceased to be available to manage the filer’s account, the remaining account administrators would continue to manage the filer’s account and could authorize additional account administrators. If the account administrator who sought to resign was one of the required two account administrators for an entity filer, then that account administrator could not be removed from the filer’s EDGAR account unless the filer first added another account administrator through PO 00000 Frm 00009 Fmt 4701 Sfmt 4702 65531 the dashboard to meet the required minimum of two account administrators. For individual filers and single-member companies, at least one account administrator would always be required because those filers typically consist of only one individual. A limit of twenty account administrators would likely be sufficient to allow for management of large accounts, while avoiding the confusion that a larger number of account administrators might cause. If all the account administrators for a filer ceased to be available to manage the filer’s account, the filer would be required to submit a new Form ID to authorize new account administrators. c. Account Administrator Authorization and Removal of Users, Technical Administrators, and Other Account Administrators An account administrator could add an individual as a user, account administrator, or technical administrator for an EDGAR account through the dashboard. The account administrator would enter on the dashboard the prospective individual’s first and last name and email address, and EDGAR would send an email invitation to that address. The email address would be required to match the email address provided by the individual when they obtained individual account credentials. In addition, EDGAR would send a notification to the individual through the dashboard if the individual to be added had existing access to the dashboard for another role or filer. The individual’s designation as user, account administrator, or technical administrator would be effective when the individual accepted the invitation. Individuals would have fourteen days within which to accept the invitation.66 If the individual did not accept within that time period, the individual would not be added, and the invitation would become void. The account administrator could re-initiate the invitation thereafter, however, to afford the individual another opportunity to accept. Account administrators could change roles of individuals who had already been authorized to act on behalf of the filer, by adding or removing roles as account administrator, user, and/or technical administrator. The relevant individuals would not be required to accept additional invitations or de66 If the deadline fell upon a day when the dashboard was not available (e.g., a holiday or weekend), the deadline would be deferred until the following business day. E:\FR\FM\22SEP3.SGM 22SEP3 65532 Federal Register / Vol. 88, No. 183 / Friday, September 22, 2023 / Proposed Rules lotter on DSK11XQN23PROD with PROPOSALS3 authorizations for their role to be changed. An account administrator could perform all the functions of a user, therefore, an account administrator could not also be a user since it would be redundant for an individual to hold both roles for the same filer. An individual could, however, be both an account administrator and a technical administrator for the same filer, or a user and a technical administrator for the same filer. d. Account Administrator Performance of Annual Confirmation As proposed under Rule 10(d)(4), each filer would be required to perform an annual confirmation on EDGAR of all of the filer’s users, account administrators, technical administrators, and delegated entities, as well as any other information related to the filer appearing on the dashboard.67 Account administrators would act for the filer to carry out this function.68 Annual confirmation would assist the filer in tracking those authorized to file on EDGAR and would provide an opportunity for account administrators to confirm the accuracy of those individuals and delegated entities associated with the filer and to remove those no longer authorized. To provide flexibility to filers, EDGAR would allow account administrators to select one of four quarterly dates as the filer’s ongoing confirmation deadline: March 31, June 30, September 30, and December 31 (or the next business day, if the date fell upon a weekend or holiday when EDGAR was not operating). An account administrator need not wait until the deadline to confirm and could confirm at any earlier date. An account administrator could further change the quarter when confirmation was due by confirming the account at a date in a quarter earlier than the currently selected deadline quarter. Confirmation in an earlier quarter would result in a confirmation deadline one year after the end of the quarter in which the early confirmation occurred. For example, if a December 31 confirmation deadline was selected by the account administrator for the initial annual confirmation, but the account administrator submitted the confirmation for the following year in August, the filer’s annual confirmation deadline for the next year would be September 30 (or the next business day, if the date fell upon a weekend or holiday when EDGAR was not operating). EDGAR would provide several periodic notices to account administrators of the upcoming confirmation deadline, as well as notice of completion of confirmation or failure to timely confirm.69 There would also be a two-week grace period following the confirmation deadline, during which account administrators would receive a final series of notices reminding them to complete annual confirmation.70 If no account administrator performed the annual confirmation by the end of the grace period, EDGAR would deactivate the filer’s access and the filer would be required to submit a new Form ID application to request access to file on EDGAR.71 If Commission staff 67 As discussed above, the dashboard would contain the filer’s corporate and contact information. See supra text accompanying note 53. If the filer’s information contained in the dashboard was not correct, that information could be updated via a COUPDAT submitted by the filer’s account administrator or user. Proposed paragraph (d)(4) is analogous to the requirements currently set forth in the EDGAR Filer Manual, Volume I, to securely maintain EDGAR access and to maintain accurate company information on EDGAR. See EDGAR Filer Manual, Volume I, at Sections 4 and 5. 68 As discussed above, in the 2021 Request for Comment, the Commission sought comment on requiring confirmations to be made by both account administrators and users. Several commenters objected to this requirement on the grounds that it would be duplicative and unduly burdensome for account administrators to confirm all users authorized to act on behalf of the filer, and for those users to separately have to confirm their own authorizations. See supra note 45. Other commenters recommended limiting confirmation to administrators. See supra note 45. To address these commenters’ concerns, our proposal includes the latter group of commenters’ recommendation, requiring only account administrators to confirm users, account administrators, technical administrators, delegations, and other information on the filer’s dashboard. We believe that limiting the confirmation to account administrators should address the concerns from these commenters. 69 As discussed above, in response to the 2021 Request for Comment, some commenters suggested that the Commission implement an active notification process to inform filers of impending expiration, and the proposed process would follow that approach. See supra note 46. 70 These notices would be provided in the dashboard and also be sent via email to all account administrators’ email addresses (e.g., the confirmation deadline notices would be periodically provided in both email and via the dashboard multiple times leading up to the deadline to ensure that the account administrators were fully aware of the pending deadlines). See infra Section III.B.1.f (discussing notifications to account administrators). 71 As discussed above, in response to the 2021 Request for Comment, several commenters urged the Commission to provide a grace period to filers that failed to perform annual confirmation timely (as opposed to immediately removing access) and separately requested that the Commission deny EDGAR access until the administrator performed annual confirmation (as opposed to inactivating the EDGAR account). See supra notes 47–48. As discussed below, as part of the EDGAR Next changes, we would provide multiple notices of the impending confirmation deadline to account administrators on the dashboard and by email and also provide a two-week grace period that would include a series of reminder notices. Collectively, we believe this would ensure that the filer’s account VerDate Sep<11>2014 18:08 Sep 21, 2023 Jkt 259001 PO 00000 Frm 00010 Fmt 4701 Sfmt 4702 approved the Form ID application, the filer would continue to have the same CIK previously assigned and its filing history would be maintained. The filer’s account administrators listed on Form ID would be required, however, to invite through the dashboard, as if to a new account, any additional account administrators, technical administrators, and users. Although the need to reapply for access and, in particular, the need to invite account administrators, users, and technical administrators anew, would impose an additional burden on filers, failure to perform annual confirmation could signal that the filer was no longer managing or controlling the account. Removing individuals from the filer’s account upon deactivation would safeguard information regarding individuals whose information was listed on the filer’s dashboard. For example, if someone other than the original filer’s account administrators submitted a Form ID application for access to the account, and the original account administrators did not respond to Commission staff’s inquiries regarding the new Form ID, the process outlined above would prevent the new account holder from accessing the names, addresses, and contact information of the individuals formerly associated with the account. e. User Groups The dashboard would allow an account administrator to group subsets of the filer’s users into user groups. User groups would: • Be created by an account administrator; • Consist only of users, not account administrators or technical administrators; • Contain only users for the same EDGAR account; • Contain up to 500 users (corresponding to the maximum number of users per filer that would be allowed); and • Not be subject to any numerical limit (i.e., there could be an unlimited number of user groups). The user group function would primarily assist delegated entities to authorize certain delegated users to file on EDGAR for specific filers, as explained in the Delegated Entities section below. By employing user groups, the delegated administrator could add or remove the ability to file administrators would receive adequate notice and opportunity to timely perform confirmation. Deactivating the account due to failure to provide confirmation therefore would immediately protect the filer because failure to perform the required confirmation could be a sign that the account may no longer be managed or controlled by the filer. E:\FR\FM\22SEP3.SGM 22SEP3 Federal Register / Vol. 88, No. 183 / Friday, September 22, 2023 / Proposed Rules for a certain filer to all users in the group at once, leading to efficiencies of time in managing users. If an account administrator added an individual to a user group, the individual would receive an invitation to join the user group. If the individual accepted, the individual would become a member of the user group. 2. Users Under EDGAR Next, account administrators could authorize individuals with individual account credentials as users able to make submissions on EDGAR on behalf of the filer. a. Authority of Users lotter on DSK11XQN23PROD with PROPOSALS3 Users would be able to make submissions on EDGAR on the filer’s behalf. On the dashboard, account administrators and Commission staff could determine which users made which submissions; however, this information would not be made public on EDGAR. In addition, on the dashboard, users could: • Remove themselves as a user for a filer; • If using APIs, generate, view, and copy their user API tokens (as discussed further in Section III.D below); and • View basic information about the filer’s account, including the filer’s name, CIK, CCC, and corporate information and contact information, as well as the contact information for the account administrators. Users could not, however, add or remove individuals from the dashboard other than themselves. Further, users could not generate a new CCC. Separately, users could submit COUPDATs to update filer information such as name, address, and state of incorporation, as filers currently do. As part of the login and authentication process for the EDGAR filing websites, a user would be able to select the CIK of the filer for which submissions were being made, and that CIK would be reflected in the accession number 72 for each of the user’s submissions (‘‘login CIK’’). Users could change their login CIK at any time to any other CIK for which they were authorized. 72 An accession number is a unique identifier assigned automatically to EDGAR submissions for tracking and reference purposes. The first 10 digits comprise the CIK of the entity making the submission, which may be an entity with reporting obligations or a third party (such as a filing agent. The next two digits represent the year. The last series of digits comprise a sequential count of submitted filings from that CIK. The count is usually, but not always, reset to zero at the start of each calendar year. VerDate Sep<11>2014 18:08 Sep 21, 2023 Jkt 259001 b. Becoming Authorized as a User Through the dashboard, an account administrator would invite an individual to be a user for the filer’s account, and the prospective user would receive an email invitation from EDGAR at the email address associated with the prospective user’s individual account credentials. In addition, if the prospective user had a role for any EDGAR account, the notification would also appear on the prospective user’s dashboard. The individual would be required to accept the invitation to become a user. The individual could then sign in as a user to the filer’s EDGAR account by entering her individual account credentials and completing multi-factor authentication. c. Number of Users There would be no minimum number of users because account administrators could make submissions on behalf of the filer. There would be a maximum of 500 users. We anticipate that 500 users would be sufficient to accommodate sophisticated filers making a large number of varied filings. 3. Technical Administrators In connection with the EDGAR Next changes, filers would have an option to use a submission API and related informational APIs, and filers who opted to use the APIs would be required, through their account administrators, to authorize at least two technical administrators to manage API tokens and related technology. Technical administrators could: • Issue and deactivate filer API tokens on the dashboard; • Remove themselves as technical administrators for filers; • View and correct their own profile information; and • View basic information about each filer for which they are designated as a technical administrator, including the filer’s corporate information and contact information. a. Authority of Technical Administrators A technical administrator would issue and deactivate filer API tokens required to use the APIs, as set forth more fully in the API discussion in Section III.D. Technical administrators would also serve as points of contact for questions from Commission staff regarding the filer’s use of the APIs. A technical administrator could not add or remove individuals on the dashboard, except to remove themselves as technical administrator. Nor could a technical administrator make submissions on EDGAR on the filer’s PO 00000 Frm 00011 Fmt 4701 Sfmt 4702 65533 behalf. Additionally, a technical administrator could not generate CCCs and could not change company information. A technical administrator could, however, view relevant filer information on the dashboard. An account administrator could authorize technical administrators to be account administrators or users as well as technical administrators. To the extent that individuals designated as technical administrators also had the role of account administrator or user, they would additionally be able to perform the functions associated with that role. b. Becoming a Technical Administrator Identical to the process for users, an account administrator would invite the prospective technical administrator on the dashboard, and EDGAR would send the invitation to the email address associated with the prospective technical administrator’s individual account credentials. In addition, if the prospective technical administrator already had a role for any EDGAR account, a notification of the invitation would appear on her dashboard. The prospective technical administrator would be required to accept the invitation to become a technical administrator. c. Number of Technical Administrators As proposed, if the filer chose to use an API, the filer, acting through its account administrator, would be required to designate at least two technical administrators. This minimum would parallel the minimum number of individuals required to be account administrators (in the case of filers other than individuals and single-member companies) and would reduce the chance that the filer’s access to the APIs would be interrupted. There would be no exception to the two technicaladministrator minimum for individuals and single-member companies, however, because we anticipate that filers that make a large volume of submissions—typically large filers and filers who use filing agents—would use the APIs, and those filers would have sufficient staff to designate two technical administrators. Because a filer would be required to have at least two technical administrators to use the APIs, the dashboard would not allow a technical administrator to be removed from a filer’s account when only two technical administrators were authorized on the account. An account administrator would be required to first add another technical administrator. E:\FR\FM\22SEP3.SGM 22SEP3 65534 Federal Register / Vol. 88, No. 183 / Friday, September 22, 2023 / Proposed Rules lotter on DSK11XQN23PROD with PROPOSALS3 There would be a maximum of ten technical administrators per filer. This limit would streamline points of contact with the filer and avoid confusion at the filer regarding API tokens. For example, having more than ten possible technical administrators could heighten opportunities for miscommunication between Commission staff and the filer if issues arose regarding the use of APIs. Moreover, based on our understanding of filers’ current practice, we do not anticipate that a filer would require more than ten technical administrators to carry out the functions of managing technical aspects of the APIs. Requests for Comment 4. Should we add a required account administrator role to EDGAR, as set forth in proposed Rule 10(d)? If not, why not? 5. As stated in proposed Rule 10(d), at least two account administrators would be required for filing entities (other than single-member companies) and one account administrator for individual filers and single-member companies. Are these minimum numbers of account administrators appropriate? If not, what minimum numbers of account administrators would be appropriate? Should individual filers and single-member companies be required to have more than one account administrator? If so, why? 6. Should account administrators be permitted to add and/or remove other account administrators without the filer’s consent? If so, why? If the filer’s consent is not required, should the filer be notified when a new account administrator is added or removed? 7. Should a prospective filer’s Form ID be required to be completed and submitted by an account administrator, as set forth in proposed Rule 10(b)? If not, what would be the advantages and disadvantages of allowing an individual who was not an account administrator to complete and submit a Form ID on behalf of an applicant? Please be specific. 8. In proposed Rule 10(d), each filer, through its account administrators, would be required to confirm annually the accuracy of the filer’s information on the dashboard; maintain accurate and current information on EDGAR concerning the filer’s account; and securely maintain information relevant to the ability to access the filer’s EDGAR account, including but not limited to access through any EDGAR APIs. Should any changes or clarifications be made to the proposed responsibilities of filers to be carried out by account administrators in proposed Rule 10(d)? VerDate Sep<11>2014 18:08 Sep 21, 2023 Jkt 259001 If so, how and why should such changes or clarifications be made? Should any guidance be provided with regards to any of these responsibilities and, if so, how and why? 9. Should any changes be made to the authorization process for account administrators? For example, in the case of company filers, should employees of the filer’s affiliate be required to be authenticated via a notarized power of attorney? If so, why? 10. Should any changes be made to the scope of the proposed annual confirmation requirement set forth in proposed Rule 10(d)? Why? Should the confirmation be performed annually, more frequently, or less frequently? Why? As currently contemplated as part of EDGAR Next, in the case of a failure to satisfy the proposed annual confirmation requirement, should there be a grace period for the account administrators to satisfy the confirmation requirements before the account is deactivated? How long should this grace period be, if adopted? Regardless of whether a grace period is provided, should failure to satisfy the proposed annual confirmation requirement result in deactivation of the account with removal of the individuals authorized on the dashboard for the filer, as discussed above, or alternatively, would a temporary suspension of EDGAR access without removal of any of the individuals authorized on the dashboard for the filer be more appropriate, until any of the listed account administrators satisfied the confirmation requirement? Why? How long should the described temporary suspension be, if adopted? Separately, if failure to satisfy the proposed annual confirmation requirements should result in deactivation of the account with removal of the individuals authorized on the dashboard of the filer, as discussed above, should delegated entities and delegating filers also be removed from the dashboard? Why or why not? 11. Would the annual confirmation requirement create any additional burden for filers compared to the current annual EDGAR password update requirement? If so, are there any improvements to the proposed annual confirmation requirement that would reduce the burden for filers? Separately, are there any particular concerns for filers who may only engage in occasional filings, such as filers pursuant to section 16 of the Securities Exchange Act of 1934 who may make sporadic submissions of Forms 3, 4, and 5 less than once per year? If so, to what extent would those concerns be newly PO 00000 Frm 00012 Fmt 4701 Sfmt 4702 implicated by the proposal, given that currently filers must change their password annually or their access to EDGAR is deactivated? 12. Are there any considerations regarding the annual confirmation requirement that are specific to individual or entity filers that make filings with respect to more than one subject company (e.g., an individual filer who is a board member for more than one company)? Should the confirmation requirement differ for such filers? If so, why? 13. Should we add a user role to EDGAR? If not, how would we address our policy concerns regarding the identification and authorization of individuals who make submissions on the filer’s behalf? Is a limit of 500 authorized users per filer appropriate, or should that number be increased or decreased? Should account administrators be able to add users only for a specific filing or for a specific period of time, after which the user’s authorization automatically expires? Should any changes or clarifications be made to the scope of authority of users as part of EDGAR Next? If so, how and why should the scope of authority of users be different, or how could the tasks within the scope of authority for users be clarified? 14. Should we add a technical administrator role to EDGAR, as set forth in proposed Rule 10(d)? If not, how would we address our policy concerns regarding the identification and authorization of the individuals who would manage the filer’s APIs? 15. Would the requirement of at least two technical administrators to manage the filer’s APIs, as set forth in proposed Rule 10(d), create an undue burden for filers? Should this requirement be revised to more fully parallel the limit for account administrators by requiring only one technical administrator for filers who are individuals and singlemember companies? Why or why not? Is a maximum number of ten technical administrators appropriate? Why or why not? Should any changes or clarifications be made to the scope of authority for technical administrators as part of the EDGAR Next changes? 16. For what purposes, if any, would filers need to access the dashboard when EDGAR filing functionality was not available? If the dashboard were made available to filers for a period of time outside of EDGAR operating hours, in addition to during EDGAR operating hours, would filers be impacted by the unavailability of filer telephone and email support and EDGAR submission capabilities during that time period? E:\FR\FM\22SEP3.SGM 22SEP3 Federal Register / Vol. 88, No. 183 / Friday, September 22, 2023 / Proposed Rules How would they be impacted? Please be specific. C. Delegated Entities Under EDGAR Next, a filer could delegate authority to file on its behalf to any other EDGAR filer, such as a filing agent, which would become a delegated entity for the filer. 1. Delegating Authority To File An account administrator would delegate authority to file by entering the prospective delegated entity’s CIK on the dashboard. EDGAR would then send an email invitation to all account administrators of the prospective delegated entity; in addition, the invitation would appear on the dashboard of the prospective delegated entity’s account administrators. One account administrator for the prospective delegated entity would be required to accept the invitation for the delegation to become effective. If no account administrator for the prospective delegated entity accepted within fourteen days of it being issued, the invitation would lapse; however, the filer could again follow the process outlined herein to issue another invitation.73 If the filer’s account administrators wished to terminate the delegation, they could do so on the dashboard by removing the delegated entity’s authority to file. Removal of delegation would not require acceptance by the delegated entity. An account administrator could delegate authority to file to an unlimited number of EDGAR accounts, allowing filers to delegate to multiple filing agents, for example, should they so choose. 3. Delegated Entities An account administrator could not add or remove individual delegated users at the delegated entity, nor could the account administrator access the delegated entity’s dashboard or account. As EDGAR filers, delegated entities would be required to comply with the same requirements applicable to all filers. A delegated entity could be any EDGAR account, including but not limited to: • Filing agents; 77 • Issuers, broker-dealers, and others making submissions on behalf of individuals filing pursuant to section 16 of the Securities Exchange Act of 1934;and • Parent companies of large groups of related filers. A delegated entity would maintain its separate EDGAR account with its own account administrators, users, and technical administrators. 73 If the deadline fell upon a day when the dashboard was not available (e.g., a holiday or weekend), the deadline would be deferred until the following business day. 74 As discussed further below in Section III.C, the dashboard would generally be used to manage a filer’s EDGAR account, including management of individuals authorized to act as account administrators, users, and technical administrators; management of entities authorized to act as delegated entities; and management of filer and user API tokens. Delegated entities would not need to access the filer’s dashboard in order to make filings on the filer’s behalf, since filings would be made directly on the EDGAR filing websites, as opposed to through the filer’s dashboard. 75 As currently planned, delegated administrators and delegated users would not be able to make COUPDAT submissions for the filer. Delegated administrators and delegated users could, however, continue to submit series and company update submissions, or SCUPDATs, for registered investment company clients according to the present process. 76 See Section III.B.1.b. and III.B.2.c (discussing limits of account administrators and users per filer). 2. Separation of Authority of Filer and Delegated Entity lotter on DSK11XQN23PROD with PROPOSALS3 Delegated administrators and delegated users could file on the filer’s behalf, but they could not take any other actions on behalf of the filer. Nor could they access the filer’s dashboard.74 For example, a delegated administrator could not add, remove, or confirm account administrators, users, or technical administrators for the filer. Similarly, delegated administrators would not be able to generate or reset the filer’s CCC, nor would delegated administrators or delegated users be able to make COUPDAT submissions for the filer.75 Delegated administrators and delegated users would not count towards the limits of 20 account administrators and 500 users for the filer under EDGAR Next.76 Delegated entities could receive and provide multiple delegations, but they could not further delegate authority to file to other entities on behalf of filers who delegate authority to them. For example, Filer A could delegate authority to file on its behalf to Filer B. Separately, Filer B could delegate authority to file on its behalf to Filer C. In this scenario, however, Filer B could not delegate to Filer C the authority to file on behalf of Filer A, and Filer C could not file on behalf of Filer A. VerDate Sep<11>2014 18:08 Sep 21, 2023 Jkt 259001 PO 00000 Frm 00013 Fmt 4701 Sfmt 4702 65535 A delegated entity could receive delegated authority to file for an unlimited number of filers. We contemplate that individuals with section 16 filing obligations could delegate authority to file to relevant company filers under the construct set forth herein, if they wished to do so. In response to the 2021 Request for Comment, several commenters suggested that the Commission permit the creation of company-specific accounts for each individual with filing obligations pursuant to section 16 of the Exchange Act.78 Commenters stated that such accounts would allow individuals to delegate their EDGAR account administration responsibilities to the companies for which those individuals had section 16 filing obligations.79 This framework would make it difficult for the Commission and others to track the filings made by a specific individual, however, since each filing would be made by a different company-specific account without linking individuals to the accounts or the filings made therein. The delegation process described herein would make it easier for individuals to obtain assistance with their filings, while allowing the Commission and others to determine filings made by a specific individual. We therefore do not plan to implement the commenters’ suggestion. If a filer authorized a delegated entity to file on its behalf, one of the delegated entity’s account administrators would be required to accept the invitation; further, upon acceptance, all of the delegated entity’s account administrators would automatically become delegated administrators for the filer. All delegated administrators for the filer would have co-equal authority with regard to that filer. If the delegated entity added or removed one of the account administrators for its own EDGAR account, then that individual would also be added or removed as a delegated administrator for the filer. These relationships are illustrated in diagram 3 below. 77 We are proposing amendments to Rule 11 under Regulation S–T to define a ‘‘filing agent’’ as any person or entity engaged in the business of making submissions on EDGAR on behalf of filers. This would include law firms, financial services companies, and other entities engaged in the business of submitting EDGAR filings on behalf of their clients. See the discussion of proposed amendments to Rule 11 in Section III.E.2. 78 See supra notes 41–42. 79 See supra notes 41–42. E:\FR\FM\22SEP3.SGM 22SEP3 Federal Register / Vol. 88, No. 183 / Friday, September 22, 2023 / Proposed Rules 4. Delegated Users lotter on DSK11XQN23PROD with PROPOSALS3 If a delegated entity accepted a delegation from a filer, the delegated administrators could authorize specific users at the delegated entity to become delegated users with respect to that filer. Delegated users would not count as part of the 500-user limit for the filer.80 Alternately, if delegated administrators wanted all of their users to become delegated users with respect to a filer, the delegated administrators could check a box to automatically designate all of the users at the delegated entity as delegated users for the filer. Thus, delegated administrators would have the following options: 80 See supra Section III.B.2.c. VerDate Sep<11>2014 18:08 Sep 21, 2023 • Authorize a subset of the delegated entity’s users as delegated users, through the user group function, as discussed above and further explained below; • Authorize all of the delegated entity’s users as delegated users for the filer; or • Not authorize any delegated users (because the delegated administrators could file on behalf of the filer 81). Users at the delegated entity would receive notifications if a delegated administrator added or removed them as a delegated user for a particular filer, however, users would not need to accept the notification or take any further action to become a delegated user for a filer. 81 For this reason, delegated administrators could not be designated as delegated users with regards Jkt 259001 PO 00000 Frm 00014 Fmt 4701 Sfmt 4702 Delegated users could submit filings on behalf of the filer on the EDGAR filing websites or through the submission API (which would also require the user to generate and submit a user API token, as discussed further below). 5. User Groups at Delegated Entities We believe that the user group function would provide an efficient method for delegated administrators to manage delegated users. Delegated entities, through their delegated administrators, could employ user groups to assign certain users to different filers for whom they possessed delegated authority to file. An example is provided in diagram 4 below. to the delegating filer, because doing so would be redundant. E:\FR\FM\22SEP3.SGM 22SEP3 EP22SE23.002</GPH> 65536 • In diagram 4, the account administrators for Filer A and Filer B delegated to Filer C. As a result, Filer C’s account administrators became delegated administrators for Filers A and B. In this example, Filer C might be a filing agent to which Filer A or Filer B gave authority to make filings on its behalf, and Filer A and Filer B might be public companies or investment companies. • A delegated administrator at Filer C created User Group 1 containing Filer C’s Users 1, 2, and 3. The delegated administrator assigned authority to file for Filer A to User Group 1. Users 1, 2, and 3 are thus delegated users for Filer A because they are members of User Group 1. If additional users from Filer C were added to User Group 1, those additional users would also become delegated users for Filer A. • The delegated administrator at Filer C also created User Group 2 containing Filer C’s User 3. The delegated administrator assigned authority to file for Filer B to User Group 2. User 3 is a delegated user for Filer B. • By employing the user group function, the delegated administrator at Filer C restricted delegated filing permissions for Filer A to Filer C Users 1, 2, and 3 only (via User Group 1) and delegated filing permissions for Filer B to Filer C User 3 only (via User Group 2). Filer C User 4 has not been authorized as a delegated user for any filers. • In diagram 4, each user group has only been assigned authority to file for a single filer, but user groups could be VerDate Sep<11>2014 18:08 Sep 21, 2023 Jkt 259001 assigned authority to file for multiple filers. Delegated administrators could also designate a default user group of individuals who would be automatically assigned as delegated users for all future delegations. The ability to have a default user group would be an efficient way for delegated administrators to authorize groups of their users as delegated users for any delegating filer. Users would receive notifications when added to or removed from a user group, and when the user group to which they belonged became authorized to make submissions for a filer, or when that authorization was removed. Users would not need to accept or otherwise take any action on these notifications. 6. Technical Administrators at Delegated Entities If the delegated entity chose to use APIs, the delegated entity would be required to designate its own technical administrators. The delegated entity’s technical administrators would be responsible for maintaining the API capabilities for filings by the delegated entity. They would manage the delegated entity’s own filer API tokens, as discussed further in Section III.D.1, and the delegated entity would use the delegated entity’s filer API tokens to make filings for any filers that delegated authority to it. Technical administrators at the delegated entity would not manage any APIs in use by the filer itself. Nor would the technical administrator need different tokens for different filers that delegated to the delegated entity. PO 00000 Frm 00015 Fmt 4701 Sfmt 4702 65537 Requests for Comment 17. Should we add individual roles to EDGAR for delegated administrators and delegated users? If not, how should we address our policy concerns regarding the identification and authorization of the delegated individuals who would submit filings on the filer’s behalf? 18. Should account administrators be able to delegate filing authority to any EDGAR filer (and remove such delegation)? Do commenters have any concerns with the delegation function or any suggested modifications? For example, should delegation be limited to EDGAR filers that selected ‘‘filing agent’’ as the account type on Form ID when opening the account? Or should delegation be permitted to any EDGAR account, as proposed? Why? 19. Would the EDGAR Next delegation framework address concerns raised by commenters about the impact that the contemplated EDGAR Next changes would have on individual officer and director filers pursuant to section 16 of the Exchange Act, in light of the fact that individual officer and director filers could delegate authority to file on their behalf to any related companies, law firms, or filing agents? Why or why not? 20. Should any changes be made to the authority of delegated administrators and delegated users under EDGAR Next? 21. Are there any situations where the EDGAR Next delegation framework could be streamlined? 22. Would user group functionality facilitate the ability of account administrators and delegated E:\FR\FM\22SEP3.SGM 22SEP3 EP22SE23.003</GPH> lotter on DSK11XQN23PROD with PROPOSALS3 Federal Register / Vol. 88, No. 183 / Friday, September 22, 2023 / Proposed Rules 65538 Federal Register / Vol. 88, No. 183 / Friday, September 22, 2023 / Proposed Rules administrators to efficiently add and remove users and delegated users? Why or why not? Should any changes to user group functionality be made? lotter on DSK11XQN23PROD with PROPOSALS3 D. Application Programming Interfaces As part of the EDGAR Next changes, the Commission would offer APIs to filers to allow machine-to-machine communication with EDGAR. The Commission plans initially to provide three APIs to allow filers to: • Make both live and test submissions on EDGAR (‘‘submission API’’); • Check the status of an EDGAR submission (‘‘submission status API’’); and • Check EDGAR operational status (‘‘EDGAR operational status API’’). Pursuant to proposed Rule 10(d)(3), to use the APIs, filers would be required to authorize at least two technical administrators. Additionally, we plan to specify in the EDGAR Filer Manual that, to use the APIs, filers would be required to present filer API tokens and user API tokens to EDGAR that would be generated on the dashboard. The filer’s technical administrators would be required to generate a filer API token to authenticate the filer. Further, the individual user or account administrator who submits the filing would be required to generate a user API token to authenticate herself as an authorized user or account administrator for the filer. We plan that filer and user API tokens would be confidential alphanumeric strings of text separately generated in the dashboard by a technical administrator and a user, respectively, and each would be valid for one year.82 Employing these tokens would allow automated server-to-server authentication without the need for manual individual account credential multi-factor authentication, thus addressing a significant concern raised by commenters in the 2021 Request for Comment.83 In addition, as they would with other similar APIs, filers would need to create, license, or otherwise obtain software (a ‘‘filing application’’) to interface with the APIs. Additional information regarding the APIs is available in the Overview of EDGAR Application Programming Interfaces (‘‘Overview of EDGAR APIs’’) located on the EDGAR Next page on SEC.gov. 82 As a security measure, we contemplate that the user API token would be deactivated if the user had not successfully logged into the EDGAR Filer Management dashboard or one of the EDGAR filing websites (EDGAR Filing or EDGAR Online Forms) within the last 30 days. 83 See supra notes 38–39. VerDate Sep<11>2014 18:08 Sep 21, 2023 Jkt 259001 The use of APIs would be optional. Filers that seek to file on EDGAR, check the status of a submission, or check EDGAR operational status would continue to be able to do so without using an API, as they currently do. 1. Submission API The submission API would provide filers a new option to submit test and live filer-constructed EDGAR submissions through a machine-tomachine connection.84 Filers who do not wish to use the API to make filerconstructed submissions, and filers making other types of submissions, could file through the web-based EDGAR filing websites.85 To use the optional submission API, filers would be required to comply with certain requirements. For filer API tokens, we plan that: • A filer API token would be needed to identify the filer or filing agent accessing the API. • Only the filer’s authorized technical administrator could create filer API tokens. • Filers could have multiple, valid filer API tokens (for example, to identify different subsidiaries or divisions within the filer) in use at the same time. • A technical administrator would need to log into the dashboard and be authenticated with individual account credentials to create a filer API token. • A technical administrator could terminate a filer API token on the dashboard at any time. • A filer API token would remain valid for up to one year. • While valid, a filer API token could be used to submit an unlimited number of filings. For user API tokens, we plan that: • Only a user, delegated user, or account administrator for the filer associated with the filer API token could be authorized as a user for the API. • A user API token would be needed to identify the user associated with each submission. • Users would have only one valid user API token at a given time. 84 Currently, EDGAR accepts approximately 525 submission types, of which approximately 500 (95%) permit filer construction. 85 Whether submissions were made through the API or the EDGAR filing websites, filers would specify the CIK for which they would be making submissions. That CIK number would be reflected in the accession number associated with those submissions. Filers could change the login CIK reflected in the accession number at any time to any other CIK for which the filer was authorized to file on EDGAR. For example, a filing agent could choose to submit filings for a client filer using its own login CIK, or by using its client filer’s login CIK. PO 00000 Frm 00016 Fmt 4701 Sfmt 4702 • A user would log into the dashboard and be authenticated with individual account credentials to create a user API token. • A user API token would remain valid for up to one year provided that the user associated with the token logged into the dashboard or one of the EDGAR filing websites at least every 30 days. If the user did not log in at least every 30 days, the user API token would be deactivated. • A user could terminate its user API token on the dashboard at any time. • While valid, a user API token could be used to submit an unlimited number of filings. The Overview of EDGAR APIs lists certain technical standards for the submission API, as well as the expected inputs and outputs. 2. Submission Status API Currently, EDGAR receives significant network traffic inquiring as to the status of EDGAR submissions. Many filers check EDGAR submission status immediately upon making a filing and again regularly until the submission is accepted and ultimately disseminated, or alternately suspended. This may result in significant network traffic for EDGAR and represent a tedious manual process for filers. Providing a submission status API would allow filers to use their filing application to simultaneously check the status of multiple submissions in a batch process, instead of manually logging into EDGAR and individually checking the status of each submission. The Overview of EDGAR APIs lists certain technical standards for the submission status API, as well as the expected inputs and outputs. Among other things, the submission status API would require a valid filer API token; it would not require a user API token. The submission status API would indicate to the filing application whether each submission was submitted and accepted, but not yet publicly disseminated; 86 submitted and accepted, and publicly disseminated; or submitted and suspended. In turn, the filing application would display this information to the filer. 3. EDGAR Operational Status API Many filers check EDGAR operational status continuously throughout the filing day. This may result in significant network traffic for EDGAR and constitute a tedious manual process for 86 Generally, filings are first accepted and then subsequently disseminated. However, certain filings remain nonpublic and are never disseminated, so those filings will never progress from accepted to disseminated status. E:\FR\FM\22SEP3.SGM 22SEP3 Federal Register / Vol. 88, No. 183 / Friday, September 22, 2023 / Proposed Rules filers. Providing an EDGAR operational status API would allow filers to use their filing application to check the operational status of EDGAR at any given time. The Overview of EDGAR APIs lists certain technical standards for the EDGAR operational status API, as well as the expected inputs and outputs. Among other things, the EDGAR operational status API would require a valid filer API token to be submitted by the filing application; it would not require a user API token. The EDGAR operational status API would indicate to the filing application whether EDGAR was fully operational, unavailable (after business hours), or not fully operational in whatever regard at that point in time (for example, if EDGAR is not disseminating to SEC.gov). In turn, the filing application would display this information to the filer. Requests for Comment 23. Should we add other EDGAR information that could be accessed through APIs, and, if so, why? Please rank in terms of priority any additional information that you would like to see added, and also estimate how much usage you believe that information API would receive (for example, in potential hits per day). 24. The Overview of EDGAR APIs lists certain technical standards for the planned APIs. Are there any considerations we should take into account when determining what technical standards should be used for the planned APIs? E. Proposed Amendments to Rules and Forms lotter on DSK11XQN23PROD with PROPOSALS3 1. Rule 10 Under Regulation S–T We propose to add new paragraph (d) to Rule 10 to implement the changes being contemplated as part of EDGAR Next. Proposed paragraphs (d)(1) through (4), are discussed in full above.87 We further propose to add new paragraph (d)(5) to require that the filer, through its authorized account administrators, maintain accurate and current information on EDGAR concerning the filer’s account, including but not limited to accurate corporate information and contact information, such as mailing and business addresses, email addresses, and telephone numbers. This would constitute an ongoing obligation for the filer to update its information on EDGAR as necessary. Similar to proposed paragraph (d)(4), proposed paragraph (d)(5) is analogous 87 See supra Section I, III.A, III.B, III.C, and III.D. VerDate Sep<11>2014 18:08 Sep 21, 2023 Jkt 259001 to the requirements currently set forth in the EDGAR Filer Manual, Volume I to securely maintain EDGAR access 88 and to maintain accurate company information on EDGAR.89 The proposed requirement in paragraph (d)(5) would allow Commission staff and the public to rely upon the accuracy of the filer’s information contained in EDGAR. Proposed paragraph (d)(6) would require the filer, through its authorized account administrators, to securely maintain information relevant to the ability to access the filer’s EDGAR account, including access through any EDGAR API. This requirement is designed to ensure that information relevant to the ability to access the filer’s account, such as individual account credentials and API tokens, is securely maintained and not publicly exposed or otherwise compromised. Similar to proposed paragraphs (d)(4) and (d)(5), proposed paragraph (d)(6) is analogous to the requirements currently set forth in the EDGAR Filer Manual, Volume I to securely maintain EDGAR access and to maintain accurate company information on EDGAR. The Commission also proposes to amend Rule 10 to make certain technical and conforming changes. Rule 10(b) would be revised to refer to ‘‘each electronic filer’’ who would be required to submit Form ID before filing on EDGAR, instead of ‘‘each registrant, third party filer, or filing agent.’’ 90 This change is not intended to alter the scope of who would be subject to Rule 10(b), but instead clarifies that all new electronic filers would be required to submit Form ID for review and approval by Commission staff before they may file on EDGAR. In addition, we propose to amend Rule 10(b)(2), which currently states that an authenticating document for Form ID must be signed by the applicant, to also state that the authenticating document may be signed by an authorized individual of the prospective filer.91 This change is intended to conform the language in Rule 10(b)(2) with the text of the EDGAR Filer Manual, which currently provides that the authenticating document shall be signed by an Filer Manual, Volume I, at Section 4. Filer Manual, Volume I, at Section 5. 90 Compare Rule 10(b) of Regulation S–T (‘‘Each registrant, third party filer, or filing agent must, before filing on EDGAR . . .’’ with proposed Rule 10(b) of Regulation S–T (‘‘Each electronic filer must, before filing on EDGAR . . .’’). 91 Compare Rule 10(b)(2) of Regulation S–T (‘‘File . . . a notarized document, signed by the applicant . . .’’ with proposed Rule 10(b)(2) of Regulation S– T (‘‘File . . . a notarized document, signed by the electronic filer or its authorized individual . . .’’). 65539 authorized individual, including a person with a power of attorney.92 Finally, we propose to revise the note to Rule 10 that currently ‘‘strongly urges’’ potential applicants for EDGAR access to state that the Commission staff carefully reviews each Form ID application and filers should not assume that the Commission staff will automatically approve the Form ID. Therefore, filers should submit Form ID ‘‘well in advance’’ of their first required filing.93 We believe this makes clear that Commission staff requires time to review the Form ID. Due to the often high volume of Form ID applications for Commission staff review, potential applicants should allow sufficient time for the review process to be conducted in the event that staff is concurrently reviewing a high volume of applications. Requests for Comment 25. Do the proposed amendments to Rule 10 described above appropriately implement the proposed technical and conforming changes? Should additional or fewer changes be made to Rule 10 and, if so, why? For example, should specific requirements be added to Rule 10 that place requirements directly upon users, delegated entities, and technical administrators, as opposed to placing requirements upon account administrators to manage users, delegated entities, and technical administrators? Why or why not? Are there any technical, conforming, or clarifying changes to Rule 10 that should be made, and if so, why? 2. Rule 11 Under Regulation S–T We also propose to amend Rule 11 under Regulation S–T, ‘‘Definitions of terms used in this part,’’ to add and define new terms discussed in this proposing release and update the definitions of certain existing terms. The proposed amendments include terms and definitions specific to the proposed rule and form amendments that would change how individuals and entities access, file on, and manage EDGAR accounts. Certain terms would define the new roles for individuals contemplated by EDGAR Next, as follows: 88 EDGAR 89 EDGAR PO 00000 Frm 00017 Fmt 4701 Sfmt 4702 92 See EDGAR Filer Manual, Volume I, at Section 3(a). 93 As proposed, the note states: ‘‘The Commission staff carefully reviews each Form ID application, and electronic filers should not assume that the Commission staff will automatically approve the Form ID upon its submission. Therefore, any applicant seeking EDGAR access is encouraged to submit the Form ID for review well in advance of the first required filing to allow sufficient time for staff to review the application.’’ E:\FR\FM\22SEP3.SGM 22SEP3 lotter on DSK11XQN23PROD with PROPOSALS3 65540 Federal Register / Vol. 88, No. 183 / Friday, September 22, 2023 / Proposed Rules ‘‘Account administrator’’ would mean the individual that the filer authorizes to manage its EDGAR account and to make filings on EDGAR on the filer’s behalf. The designation of an account administrator would help ensure that only authorized persons are able to file and take other actions on behalf of the filer. ‘‘Authorized individual’’ would mean an individual with the authority to legally bind the entity or individual applying for access to EDGAR on Form ID, or an individual with a power of attorney from an individual with the authority to legally bind the applicant. The power of attorney document must clearly state that the individual receiving the power of attorney has general legal authority to bind the applicant or specific legal authority to bind the applicant for purposes of applying for access to EDGAR on Form ID. ‘‘Delegated entity’’ would mean a filer that another filer authorizes on the dashboard to file on its behalf. As itself a filer, a delegated entity would be subject to all applicable rules for filing on EDGAR. Delegated entities would not be permitted to further delegate authority to file for the delegating filer, nor would they be permitted to take action on the delegating filer’s dashboard. ‘‘Filing agent’’ would mean any person or entity engaged in the business of making submissions on EDGAR on behalf of filers. As discussed above in Section III.C., to act as a delegated entity for a filer, a filing agent would be a filer with an EDGAR account. ‘‘Single-member company’’ would describe a company that only has a single individual who acts as the sole equity holder, director, and officer (or, in the case of an entity without directors and officers, holds position(s) performing similar activities as a director and officer). ‘‘Technical administrator’’ would mean an individual that the filer authorizes on the dashboard to manage the technical aspects of the filer’s use of EDGAR APIs on the filer’s behalf. ‘‘User’’ would mean an individual that the filer authorizes on the dashboard to make submissions on EDGAR on the filer’s behalf. Other terms would identify new applications and upgrades to access and maintain filers’ accounts on EDGAR, including: ‘‘Application Programming Interface’’ (API) would be defined as a software interface that allows computers or applications to communicate with each other. As discussed in Section III. D., the relevant APIs would include those VerDate Sep<11>2014 18:08 Sep 21, 2023 Jkt 259001 that give filers the option to automate submissions on EDGAR and to retrieve certain submission-related information. ‘‘Dashboard’’ would mean an interactive function on EDGAR where filers manage their EDGAR accounts and where individuals that filers authorize may take relevant actions for filers’ accounts. ‘‘Individual account credentials’’ would mean credentials issued to individuals for purposes of EDGAR access, as specified in the EDGAR Filer Manual, and used by those individuals to access EDGAR. (As previously mentioned, we currently anticipate that the EDGAR Filer Manual would specify that individual account credentials must be obtained through Login.gov, a sign-in service of the United States Government that employs multi-factor authentication.) Collectively, these terms would assist in implementing the proposed rule and form amendments by clarifying how the proposed requirements would apply. The amendments would also update or delete outdated terminology from certain definitions in Rule 11, such as references to ‘‘telephone sessions’’ in the definition of ‘‘direct transmission.’’ 94 Although some filers may still use dial-up internet to access EDGAR, we expect that nearly all filers currently rely on broadband, cable, or other internet technologies. Finally, we propose updating the definition of ‘‘EDGAR Filer Manual’’ to more clearly describe its contents. Rule 11 currently defines ‘‘EDGAR Filer Manual’’ as ‘‘. . . setting out the technical format requirements for an electronic submission.’’ The EDGAR Filer Manual has been updated over time, however, to include additional requirements for filers, including those pertaining to seeking EDGAR access, maintaining EDGAR company information, and submitting online filings. We therefore propose to update the EDGAR Filer Manual definition accordingly to indicate the inclusion of these procedural requirements. We believe that the amended definition, if adopted, would better inform filers of the scope of the EDGAR Filer Manual requirements. Requests for Comment 26. Do the proposed amendments to Rule 11 appropriately define the necessary terms in EDGAR Next? If not, 94 Compare the definition of ‘‘direct transmission’’ in Rule 11 of Regulation S–T (‘‘the transmission of one or more electronic submissions via a telephonic communication session’’) with the definition of ‘‘direct transmission’’ in proposed Rule 11 of Regulation S–T (‘‘the transmission of one or more electronic submissions’’). PO 00000 Frm 00018 Fmt 4701 Sfmt 4702 please explain. Are there any additional terms that should be defined and, if so, why? 27. As proposed, should we amend certain terms to update terminology or more clearly define existing definitions? Are there any proposed terms that are inconsistent with existing definitions or concepts or that otherwise should not be defined? Should any additional terms be revised to update outdated terminology or to clarify existing definitions? Please be specific. 3. Form ID Form ID is an online fillable form that must be completed and submitted to the Commission by all individuals, companies, and other organizations who seek access to file electronically on EDGAR.95 Among other things, Form ID seeks information about the identity and contact information of the applicant. The proposed amendments to Form ID include proposed changes to information required to be reported on the form as well as technical changes. As outlined above, the proposed amendments to Form ID would require an applicant for EDGAR access to undertake certain additional disclosure obligations, including most significantly: (1) Designating on Form ID specific individuals the applicant authorizes to act as its account administrators to manage its EDGAR account on a dedicated dashboard on EDGAR. Applicants would generally be required to authorize two account administrators, although individuals and single-member companies would only be required to authorize one account administrator. If a prospective account administrator was not (1) the applicant (in the case of an individual applicant) or (2) an employee of the applicant or its affiliate (in the case of a company applicant), the applicant would also be required to disclose the prospective account administrator’s employer and CIK, if any, and provide a notarized power of attorney to authorize the individual to manage the applicant’s EDGAR account as an account administrator. (2) The applicant’s Legal Entity Identifier (‘‘LEI’’) number if any. • The LEI is a unique identifier associated with a single corporate entity and is intended to provide a uniform international standard for identifying counterparties to a transaction. • Although there are certain modest costs to obtain and maintain an LEI, fees 95 Compare Rule 10(b) (providing that each registrant, third party filer, or agent seeking EDGAR access must submit Form ID) with proposed Rule 10(b) (providing that each electronic filer seeking EDGAR access must submit Form ID). E:\FR\FM\22SEP3.SGM 22SEP3 lotter on DSK11XQN23PROD with PROPOSALS3 Federal Register / Vol. 88, No. 183 / Friday, September 22, 2023 / Proposed Rules are not imposed on data users for usage of or access to LEIs, and all of the associated reference data needed to understand, process, and utilize the LEIs are widely and freely available and not subject to any usage restrictions.96 • Applicants that have not yet obtained an LEI would not be required to obtain one. • The inclusion of LEI information would facilitate the ability of Commission staff to link the identity of the applicant with information reported on other filings or sources that are currently or will be reported elsewhere, if LEIs become more widely used by regulators and the financial industry. (3) Providing more specific contact information about the filer, and the filer’s account administrator(s), authorized individual (the individual authorized to submit Form ID on the filer’s behalf, as defined in the EDGAR Filer Manual), and billing contact (including mailing, business, and billing information, as applicable). • More specific contact information would allow Commission staff to reach account administrators, authorized individuals, and billing contacts associated with the filer when necessary. (4) Specifying whether the applicant, its authorized individual, person signing a power of attorney (if applicable), account administrator, or billing contact has been criminally convicted as a result of a Federal or State securities law violation, or civilly or administratively enjoined, barred, suspended, or banned in any capacity, as a result of a Federal or State securities law violation. • Information about whether the applicant or certain individuals named on Form ID may be subject to relevant bars and prohibitions (including but not limited to officer and director bars, prohibitions from associating with brokers, dealers, investment advisers, and/or other securities entities, and bars from participation in certain industries) would allow Commission staff to determine whether such bars or prohibitions are relevant to the application for EDGAR access. • Individuals disclosing the existence of a criminal conviction, or civil or administrative injunction, bar, suspension, or ban may be contacted by SEC staff to determine the applicant’s eligibility for EDGAR access. 96 The cost of obtaining and maintaining an LEI is approximately $50 to $65 per year. See LEI Price List, LEI Register, available at https://www.leiidentifier.com/lei-price-list/#:∼:text= LEI%20application%20and%20registration%20 price,%2D%20%24250 (%24%2050%20%2F%20year). VerDate Sep<11>2014 18:08 Sep 21, 2023 Jkt 259001 (5) Indicating whether the applicant, if a company, is in good standing with its state or country of incorporation. • Good standing generally means a company is legally authorized to do business in the relevant state or country and has filed all required reports and paid all related fees to the relevant jurisdiction. • Although the lack of good standing would not prevent a company from obtaining EDGAR access, this information could be relevant in determining whether it may be appropriate for the staff to review additional documentation as part of its assessment of the application. (6) Requiring submission of a new Form ID if the applicant claims to have (i) lost electronic access to its existing CIK account or (ii) assumed legal control of a filer listed on an existing CIK account but did not receive EDGAR access from that filer. • Currently, applicants seeking to obtain control of an existing EDGAR account are required to submit certain summary information but are not required to submit a full application on Form ID. To assist Commission staff in determining whether applicants seeking to obtain control of existing EDGAR accounts are legitimate, we propose to require such applicants to submit a new Form ID. To facilitate the application process, certain publicly available corporate and contact information (such as the filer’s name, ‘‘doing business as’’ name, foreign name, mailing and business addresses, state/country of incorporation, and fiscal year end) would be automatically prepopulated from EDGAR so that applicants would not need to resubmit that information, although applicants could update that information on Form ID as necessary.97 (7) Requiring those seeking access to an existing EDGAR account to upload to EDGAR the documents that establish the applicant’s authority over the company or individual listed in EDGAR on the existing account.98 In addition, we would make certain conforming, formatting, and ancillary changes to modernize Form ID without significantly altering current disclosure obligations. For example, a checkbox would be added to each address field for 97 The filer would nevertheless need to submit a COUPDAT to update its existing corporate and contact information on EDGAR (other than the filer’s account administrator information) if the Form ID were granted. As they presently do, brokerdealers would submit a Form BD amendment to FINRA to update their corporate and contact information. 98 The EDGAR Filer Manual currently provides guidance regarding what documents would be sufficient to establish the applicant’s authority. See EDGAR Filer Manual, Volume I, at Section 4(b). PO 00000 Frm 00019 Fmt 4701 Sfmt 4702 65541 identification of non-U.S. locations, which would improve data analytics. As another example, company applicants would be required to provide their primary website address, if any, to provide staff additional contact and other information regarding the filer. Further, certain disclosure warnings that are currently listed in the EDGAR Filer Manual and the landing page of the EDGAR Filing website would be incorporated into Form ID to more clearly provide notice of those matters to filers.99 Collectively, the proposed amendments would enhance the security of EDGAR by allowing Commission staff to obtain more information about the applicant and its contacts for staff to confirm the identity of the applicant and the individuals associated with the applicant, assess whether the application is properly authorized, and determine whether there are any other issues relevant to the application for EDGAR access for staff’s consideration. Requests for Comment 28. Should any of the proposed amendments to Form ID be revised or removed and, if so, why or why not? For example, should any limits or qualifiers be placed on the proposed disclosure requirement regarding whether the applicant, its authorized individual, person signing a power of attorney (if applicable), account administrator, or billing contact has been criminally convicted as a result of a Federal or State securities law violation, or civilly or administratively enjoined, barred, suspended, or banned as a result of a Federal or State securities law violation? If so, why? Should this requirement apply to each of the applicant, its authorized individual, person signing a power of attorney (if applicable), account administrator, and billing contact, or only to certain categories of the aforementioned groups? Please explain your answer. Likewise, should the proposed requirement regarding whether the applicant is in good standing be revised or removed and, if 99 Proposed Form ID would include a section titled ‘‘Important information’’ that would include the following disclosure warning: ‘‘Misstatements or omissions of fact in connection with an application for EDGAR access and/or in a submission on EDGAR may constitute a criminal violation under 18 U.S.C. 1001 and 1030 and/or a violation of other criminal and civil laws. If the SEC has reason to believe that an application for EDGAR access and/or a submission on EDGAR is misleading, manipulative, and/or unauthorized, the SEC may prevent acceptance or dissemination of the application/submission and/or prevent future submissions or otherwise remove a filer’s access to EDGAR pursuant to Rule 15 of Regulation S–T, 17 CFR 232.15.’’ E:\FR\FM\22SEP3.SGM 22SEP3 65542 Federal Register / Vol. 88, No. 183 / Friday, September 22, 2023 / Proposed Rules so, why? For example, if applicable, should we also require an explanation of why the applicant is not in good standing? Why or why not? 29. Would the proposed amendments to Form ID appropriately support the EDGAR Next changes to filer access and account management? Why or why not? Should Form ID require any additional information, or should any of the information proposed to be required be revised or deleted? Please explain. 30. Should Form ID be revised to require or allow applicants to provide the reason they are applying for access? For example, if applicants have an urgent upcoming filing deadline, should applicants be required or permitted to provide that information? F. Transition Process We believe that, if the proposed rule and form amendments are adopted and the technical changes are implemented, it would be efficient for the Commission and for the approximately 220,000 active EDGAR filers—those who made a submission on EDGAR in the last two years—to accomplish the transition to EDGAR Next over a period of several months, as set forth below.100 We anticipate that mandatory enrollment would begin one month after adoption and remain open for six months thereafter (the ‘‘Enrollment Period’’). During the Enrollment Period, existing filers would continue to file on EDGAR using the EDGAR filing websites, as they presently do, by logging on with the relevant CIK and password. The individual account credentials would not yet be used, nor would use of the dashboard to manage the account be required. Applicants that seek EDGAR access subsequent to the compliance date would be immediately subject to the EDGAR Next requirements, if adopted. lotter on DSK11XQN23PROD with PROPOSALS3 1. Individual Account Credentials If the Commission adopts the proposed amendments, individuals could seek individual account credentials in the manner to be specified in the EDGAR Filer Manual in advance of the required Enrollment Period. As a result, when the Enrollment Period begins, filers could immediately enroll the individuals with individual account credentials. Further, 100 Of these 220,000 EDGAR accounts, approximately 149,000 represent entity filers and approximately 71,000 represent individual filers. In total, regardless of account activity, there are approximately 1,000,000 filer accounts in EDGAR. We believe that the vast majority of the approximately 800,000 EDGAR filer accounts for which no filings have been made in the last two years are defunct and therefore would not transition to EDGAR Next. VerDate Sep<11>2014 18:08 Sep 21, 2023 Jkt 259001 if the Commission adopts the proposed amendments and implements the EDGAR Next changes, and requires Login.gov as the individual account credential provider, we anticipate that individuals with existing Login.gov accounts would be able to use those accounts as their individual account credentials for purposes of EDGAR access. 2. Enrollment Existing filers would enroll on an enrollment page on the EDGAR Filer Management website without submitting a Form ID. We intend to provide two options: (a) manual enrollment of single EDGAR accounts on an account-by-account basis; and (b) enrollment of multiple accounts simultaneously. a. Manual Enrollment for a Single EDGAR Account As a preliminary matter, each existing filer would be required to authorize two individuals to manage the filer’s EDGAR account as account administrators, with the exception of individuals and singlemember companies, which would be required to authorize one account administrator. On behalf of each existing filer, one account administrator would enter their individual account credentials to log in to an enrollment page on EDGAR. The account administrator would manually enter the filer’s CIK, CCC, and EDGAR passphrase101 to ensure that a properly authenticated individual is enrolling the filer. If EDGAR authenticated that data, the account administrator would enter account administrator names, business contact information, and the email addresses used to obtain individual account credentials. By entering that information, the filer would indicate its authorization of the listed individuals as the filer’s account administrators, as well as the accuracy of the information provided. Each EDGAR account would enroll once. If there was an attempt to enroll an EDGAR account that had already been enrolled, the subsequent attempted enrollment would be denied. An individual filer who makes filings with respect to multiple companies (e.g., the CEO of one company who is also on the board of directors of other companies) may have more than one filing agent 101 Filers that have forgotten or lost their CCC could change or regenerate it using their PMAC or passphrase. Filers that have lost or forgotten their passphrase could reset it by sending a security token to the email associated with the account. Filers that have lost or forgotten their passphrase and that no longer have access to the email associated with the account would have to reapply for EDGAR access on Form ID. PO 00000 Frm 00020 Fmt 4701 Sfmt 4702 and/or representatives at such companies who have access to her CIK, CCC, and EDGAR passphrase. Accordingly, it would be advisable for any such filer to designate one filing agent or company representative to enroll her EDGAR account and to then communicate such enrollment to the other filing agent(s) and/or company representatives. Such other filing agent(s) and/or company representatives may then be added as an account administrator, user, or delegated entity through the dashboard. After enrolling the filer, an account administrator could access the filer’s dashboard. There, the account administrator, on behalf of the filer, would be able to add account administrators, users, and technical administrators, and delegate authority to file to other filers. Any individuals to be authorized on the filer’s account would be required to possess individual account credentials. b. Bulk Enrollment of Multiple EDGAR Accounts We plan to permit the simultaneous bulk enrollment of multiple EDGAR accounts, together with those filers’ account administrators. We expect that filing agents, as well as individuals and entities that control multiple EDGAR accounts, would find this an efficient and time-saving function. An individual authorized to enroll the relevant filer accounts would log in to an enrollment page on EDGAR with their individual account credentials. There, the individual would complete and upload a spreadsheet in a format to be specified that could accommodate multiple rows of data. Each row would pertain to a single existing filer. The individual would enter data for each filer on each row, including CIK, CCC, and EDGAR passphrase to ensure that enrollment is being performed by a properly authenticated individual. In addition, the individual would enter on each row information regarding the filer’s prospective account administrators, including names, business contact information, and email addresses associated with the individual account credentials of the account administrators, to indicate that the filer authorizes those account administrators to manage its EDGAR account. Under the bulk enrollment method, two account administrators would be required for each filer (including individuals and single-member companies), in part due to logistical difficulties associated with simultaneously validating the minimum number of account administrators for multiple filers, and in part because we E:\FR\FM\22SEP3.SGM 22SEP3 Federal Register / Vol. 88, No. 183 / Friday, September 22, 2023 / Proposed Rules expect that bulk enrollment would be used by larger filers and filers using filing agents likely to have at least two account administrators. We intend to set a limit of 100 existing filers (100 rows) per bulk enrollment. As discussed above, enrollment would only occur once per EDGAR account. Any additional changes that are needed to be made (e.g., adding additional account administrators) would have to be performed by the account administrators who had been added during the enrollment process. After the filer was enrolled, the account administrators could access the dashboard to add additional account administrators, users, technical administrators, and delegated entities. 3. Compliance lotter on DSK11XQN23PROD with PROPOSALS3 We anticipate that the compliance period would start six months after the beginning of the Enrollment Period. In response to our 2021 Request for Comment, commenters requested a transition period ranging from 12 months to three years.102 We considered those comments, and we believe that the transition process we are contemplating should provide sufficient opportunity for existing filers to transition to EDGAR Next. The transition process would include an initial, separate period during which individual account credentials could be established, as well as a six-month Enrollment Period during which filers would access the dashboard, authorize individuals in relevant roles, and make any needed delegations. We further contemplate providing a bulk enrollment option to allow enrollment of multiple filers simultaneously. If the rule and form changes are adopted, and the related technical changes are to be implemented, we plan to provide an EDGAR Next Adopting Beta environment to allow commenters to evaluate and test the EDGAR Next changes, to prepare necessary software, and to assist filers in preparing for the changes. Existing EDGAR filers that fail to enroll by the compliance date would lose EDGAR access and would be 102 See, e.g., McGuire Woods Comment Letter (recommending at least 12 months for individual filers, on the grounds that filers would need that time to create individual account credentials, enable multifactor authentication, and designate a filer administrator); DFIN Comment Letter (asserting that it could take 12–18 months for filers to migrate, and recommending a 18–24 month transition period with longer lead times for smaller filers); Workiva Comment Letter (recommending a transition period of one year, and separately citing its own survey results indicating more than 66% of respondents indicated a transition period of one to three years would be appropriate). VerDate Sep<11>2014 18:08 Sep 21, 2023 Jkt 259001 required to reapply for EDGAR access on Form ID. If the Commission adopts the proposed rule and form changes, we expect that staff would provide additional support for filers transitioning to EDGAR Next, such as by posting practical information and guidance on the EDGAR—Information for Filers 103 and EDGAR—How Do I 104 pages on SEC.gov, as well as providing a devoted help desk to assist filers. Requests for Comment 31. Does the planned transition process adequately address the needs of filers and filing agents with regard to implementation of EDGAR Next? If not, what changes should be made to the transition process, and why? 32. How long would it take existing filers to transition to EDGAR Next? As planned, the Enrollment Period would begin one month after adoption of the proposed rule and form changes. Is this a sufficient amount of time for filers to prepare for enrollment and, if not, why? Is an Enrollment Period of six months sufficient for filers to enroll their EDGAR accounts via manual or bulk enrollment and, if not, why? Should existing filers transition their EDGAR accounts on a specific schedule during the Enrollment Period (e.g., large filers must transition by date X, medium filers by date Y, etc.) or, as contemplated, should we allow filers to decide when to transition to EDGAR Next so long as they do so prior to the compliance date? 33. We plan to require CIK, CCC, and EDGAR passphrase in order for both individual and bulk enrollments to be accepted by EDGAR. Would alternate credentials be more appropriate and, if so, what credentials should be used? In particular, are passphrases typically maintained by filing agents and, if not, how burdensome would it be for filing agents to obtain and maintain their clients’ passphrases? In situations where filers no longer know their passphrases or those passphrases are no longer recognized in EDGAR, how burdensome would it be for filers to obtain new passphrases? 34. Following enrollment, what notification, if any, should be provided to the existing EDGAR POC for the filer? Although filers are currently required to list a contact address, telephone number, and email address as part of their EDGAR contact information, we understand that many EDGAR filer accounts that were created before email 103 See ‘‘EDGAR—Information for Filers’’ web page at https://www.sec.gov/edgar/filer-information. 104 See ‘‘EDGAR—How Do I’’ FAQs at https:// www.sec.gov/edgar/filer-information/how-do-i. PO 00000 Frm 00021 Fmt 4701 Sfmt 4702 65543 addresses became mandatory never added an email address. Should we require acknowledgment or confirmation from the existing EDGAR POC to complete enrollment of an EDGAR filer account, or should completion of enrollment be delayed until a certain period of time has passed without objection from the existing EDGAR POC? If so, what should be the waiting period before enrollment could be completed, keeping in mind the interest of filers seeking to quickly transition to EDGAR Next? 35. Should we permit the bulk enrollment of multiple EDGAR accounts, as planned? Are there particular steps the Commission should take to minimize risks associated with enrollment? For example, should the CCCs of enrolled filers be automatically reset as a security precaution after enrollment is accepted? If the CCC is automatically reset, what notification, if any, should be provided to the existing EDGAR contact for the filer? 36. To what extent would bulk enrollment present logistical or other burdens for filers with multiple filing agents or unaffiliated third-party account administrators? For example, if the filer’s CCC were automatically reset after bulk enrollment, to what extent could this cause confusion if the filer had multiple filing agents and some of them were inadvertently not included as account administrators in the bulk enrollment? Instead of the CCC being reset after enrollment, should the CCC be reset at the compliance date for each enrolled CIK? 37. Are there any extenuating circumstances that would justify filers being exempted from having to enroll by the compliance date, or that would allow non-complying existing filers to maintain their EDGAR access following the compliance date? If so, please explain. G. General Request for Comment and EDGAR Next Proposing Beta In conjunction with this proposing release, the Commission will make available an EDGAR Next Proposing Beta environment where filers may preview and test the planned EDGAR Next changes. The EDGAR Next Proposing Beta generally should allow filers to view how the proposed changes would be reflected in EDGAR. We currently anticipate that the EDGAR Next Proposing Beta will be available on or about September 18, 2023, and will remain available for at least six months thereafter. Any filer may sign up to access the EDGAR Next Beta. The Commission will provide more information regarding the EDGAR Next E:\FR\FM\22SEP3.SGM 22SEP3 lotter on DSK11XQN23PROD with PROPOSALS3 65544 Federal Register / Vol. 88, No. 183 / Friday, September 22, 2023 / Proposed Rules Proposing Beta through an information page on SEC.gov. We request and encourage any interested person to submit comments on any aspect of EDGAR Next, other matters that might have an impact on EDGAR Next, and suggestions for additional changes. Comments are of particular assistance if accompanied by analysis of the issues addressed in those comments and any data that may support the analysis. We urge commenters to be as specific as possible. In particular, we request comment on the following issues. 38. Would the proposed rule and form changes facilitate the responsible management of EDGAR filer credentials? Are there additional changes that would encourage such responsible management? Would the changes create any undue burdens for filers? If so, how could the proposed rule and form changes be modified to ease such burdens? Are there any other concerns that the Commission should be aware of with implementation of EDGAR Next? Are there any conforming or parallel changes that the Commission should make to effectively implement EDGAR Next? 39. Are there alternatives to the dashboard that we should consider? For example, are there alternative methods that would enable filers to take the same actions as they would using the dashboard that would be easier to implement or more user friendly? If so, what are those alternatives? Please be specific. 40. In connection with the EDGAR Next changes, we intend to provide APIs as described above to make EDGAR submissions and to check EDGAR submission status and operational status. Are there alternatives that would better accomplish the objectives of secure, efficient, and automated machine-to-machine communication with EDGAR? If so, please describe. 41. Are there any issues specific to certain types of filers that should be considered with regard to the EDGAR Next changes? For example, assetbacked securities (‘‘ABS’’) issuers, usually the depositor in an ABS transaction, often create one or more serial companies each year, each of which is a separate legal entity with its own CIK, even though each generally has the same contact information as the ABS issuer. Should new serial companies have their account administrator information automatically copied from the ABS issuer’s account administrator information, so those account administrators could access the VerDate Sep<11>2014 18:08 Sep 21, 2023 Jkt 259001 dashboards for those serial companies? Likewise, should other information be automatically inherited by new serial companies from the ABS issuer, such as the ABS issuer’s contact information, users, and technical administrators (if any)? If so, in order to ensure that the ABS issuer has account administrator information and other information that could be copied to the new serial company, would there be any issues associated with requiring ABS issuers to have transitioned to individual account credentials before the ABS issuer can create new serial companies? To what extent are these concerns already addressed by the delegation function, given that delegation would allow filers to delegate the authority to file to another EDGAR account? 42. Separately, should we allow the annual confirmations of administrators and users for an ABS issuer to also apply to the serial companies associated with that ABS issuer, if the same administrators, users, delegations, and corporate and contact information are associated with each serial company? Why or why not? If so, should we allow this more generally with regards to any situation where the same administrators, users, delegations, and corporate and contact information are associated with multiple CIKs? If some but not all of that information is identical for multiple CIKs (e.g., each CIK has a different P.O. box or email address listed for its business address), should we allow a single confirmation to apply to each of those CIKs and, if so, what validation if any should we apply to ensure that an account administrator has properly reviewed the CIK’s administrators, users, delegations, and corporate and contact information? 43. While ABS issuers have been able to create new CIKs, non-ABS related filers have attempted to use the process to create new CIKs without submitting a Form ID. Would ABS issuers be significantly impacted if the process were limited only to existing CIKs that have an EDGAR filing history that includes ABS-related filings (including but not limited to the following submission types and forms—ABS–EE, 10–K, ABS–15G, 10–D, SF–1, SF–3 and 424H)? 44. Recent filing experience has shown that ABS issuers have not been using the ability to create new ABS serial companies ‘‘on the fly’’ when filing a 424H submission.105 If, as a 105 See generally ‘‘EDGAR—How Do I’’ FAQs at the section titled ‘‘Create and obtain EDGAR access for asset-backed securities (ABS) issuing entities,’’ available at https://www.sec.gov/page/edgar-howdo-i-create-and-obtain-edgar-access-asset-backed- PO 00000 Frm 00022 Fmt 4701 Sfmt 4702 result of EDGAR Next, the EDGAR system no longer supported creating ABS ‘‘on the fly’’ via filing either a 424H or 424B submission, would that cause any problems for ABS issuers? ABS issuers would continue to be able to create new CIKs for serial companies via the ‘‘Request Asset-Backed Securities (ABS) Issuing Entities Creation’’ option in the EDGAR Filing website (known in EDGAR as an ‘‘ABSCOMP’’ submission).106 45. Currently, EDGAR permits certain filings to be submitted on behalf of multiple filers, who are treated as coregistrants for purposes of the filing. Would filers face difficulties in delegating to co-registrants or authorizing individuals to act as users or account administrators for both the filer and the co-registrant(s)? To what extent, if any, should the EDGAR Next changes provide special consideration or treatment for EDGAR submissions by co-registrants? For example, should the dashboard allow filers to designate other filers as ‘‘co-registrants’’ similar to how filers would delegate other filers as delegated entities, except that filing authority would only exist with regards to co-registrant submissions (e.g., the coregistrant could not submit a filing solely on behalf of the filer)? If so, to what extent should co-registrants be treated differently from delegated entities (e.g., with regards to user groups, delegated admins, etc.)? Alternately, should a user or account administrator for a filer be able to submit a co-registrant filing jointly on behalf of the co-registrant by using the co-registrant’s CIK and CCC (as is currently the case), without being a user or account administrator of the coregistrant? Why or why not? Please note that for purposes of EDGAR Next Proposing Beta, a filer will be able to submit a co-registrant filing by inputting the CCC and CIK of the co-registrant(s), as is currently the case. 46. Should the Commission consider other changes to EDGAR filer access and account management processes in the future? Why? Please be specific. IV. Economic Analysis The Commission is sensitive to the economic effects, including the costs and benefits, of its rules. The discussion below addresses the potential economic effects that may result from the rule and form amendments we are proposing in this release, and certain related technical changes, including the securities-abs-issuing-entities#section3 (discussing the ‘‘on the fly’’ process). 106 Id. (discussing the creation of ABS issuing entities). E:\FR\FM\22SEP3.SGM 22SEP3 Federal Register / Vol. 88, No. 183 / Friday, September 22, 2023 / Proposed Rules benefits and costs to investors and other market participants as well as the broader implications of the EDGAR Next project for efficiency, competition, and capital formation.107 A. Introduction lotter on DSK11XQN23PROD with PROPOSALS3 Individuals and entities submit filings electronically with the Commission through EDGAR in order to comply with various provisions of the Federal securities laws. Filings on EDGAR are not currently linked to a specific individual authorized by the filer. EDGAR access codes represent a complex combination of several codes with differing functions.108 This access method is not aligned with standard access processes and is hard to monitor and manage. The Commission is also aware that some filers may have failed to maintain secure access to their EDGAR accounts.109 The changes contemplated by EDGAR Next would modernize the mechanism by which filers and designated individuals acting on filers’ behalf obtain access to EDGAR, streamline the management of filers’ accounts, and offer three optional APIs that would allow filers to interface with the EDGAR system. EDGAR Next would benefit both the Commission and filers by enabling the Commission to identify specific individuals making filings on behalf of filers and by simplifying procedures for accessing EDGAR in a way that allows filers to leverage the Commission’s web function to reduce cost. Enhancing the security of EDGAR would better protect against unauthorized access to the EDGAR system thereby decreasing the likelihood of unauthorized filings 107 Section 2(b) of the Securities Act (15 U.S.C. 77b(b)), section 3(f) of the Exchange Act (17 U.S.C. 78c(f)) and section 2(c) of the Investment Company Act (15 U.S.C. 80a–2(c)) require the Commission, when engaging in rulemaking where it is required to consider or determine whether an action is necessary or appropriate in (or, with respect to the Investment Company Act, consistent with) the public interest, to consider, in addition to the protection of investors, whether the action will promote efficiency, competition, and capital formation. Further, section 23(a)(2) of the Exchange Act (17 U.S.C. 78w(a)(2)) requires the Commission, when making rules under the Exchange Act, to consider the impact that the rules will have on competition, and prohibits the Commission from adopting any rule that would impose a burden on competition not necessary or appropriate in furtherance of the purposes of the Exchange Act. The technological changes contemplated by EDGAR Next would work together with the proposed rule and form amendments to enhance EDGAR access requirements. Because it is difficult to isolate the economic effects associated with the technological changes from those attributable solely to the proposed rule and form amendments, for purposes of this economic analysis, we have considered these effects collectively. 108 See supra note 26. 109 See supra note 27. VerDate Sep<11>2014 18:08 Sep 21, 2023 Jkt 259001 impacting the market and potentially imposing economic and reputational costs on the public, the filer, and the Commission. As discussed in greater detail in Section III above, EDGAR Next would: • Offer a dashboard where filers would manage their EDGAR accounts and where individuals that filers authorize could take relevant actions for filers’ accounts. • Require each filer to authorize and maintain individuals as its account administrators to act on behalf of the filer to manage the filer’s EDGAR account in accordance with the EDGAR account access and account management requirements set forth in this proposal and the EDGAR Filer Manual. Only those individuals who obtained individual account credentials could be authorized to act on the filer’s behalf to manage its EDGAR account. • Require each filer, through its authorized account administrators, to confirm annually that all account administrators, users, delegated entities, and technical administrators reflected on the dashboard for the filer’s EDGAR account are authorized by the filer and that all information regarding the filer is accurate (generally including the filer’s corporate and contact information). • Require each filer, through its authorized account administrator(s), to maintain accurate and current information on EDGAR concerning the filer’s account, and securely maintain information relevant to the ability to access the filer’s EDGAR account. • Allow individuals designated as account administrators to file on EDGAR on the filer’s behalf and authorize other individuals as users to file. • Allow filers to authorize delegated entities to file on their behalf. Delegated entities would be subject to the same requirements applicable to all filers. • Offer optional APIs for machine-tomachine submissions and retrieval of related filing information. Require filers who opt to use the APIs to, through their account administrator(s), authorize at least two technical administrators to manage the technical aspects of the APIs. • Amend Rules 10 and 11 under Regulation S–T and Form ID to codify the above requirements for filers, to add and define new terms as part of this proposal, and to capture additional information during the application for EDGAR access, respectively. The discussion below addresses the potential economic effects of the EDGAR Next changes, including the likely benefits and costs, as well as the likely effects on efficiency, competition, PO 00000 Frm 00023 Fmt 4701 Sfmt 4702 65545 and capital formation. At the outset, we note that, where possible, we have attempted to quantify the benefits, costs, and effects on efficiency, competition, and capital formation expected to result from the contemplated changes. In many cases, however, the Commission is unable to quantify certain economic effects because it lacks the information necessary to provide estimates or ranges. In those circumstances in which we do not have the requisite data to assess the impact of the EDGAR Next changes, we have analyzed their economic impact qualitatively. B. Baseline The current set of requirements to obtain access to and file on the Commission’s EDGAR system, as well as the account management practices as they exist today, serve as the baseline from which we analyze the economic effects of the EDGAR Next changes. Filers are comprised of any individuals and entities that make a submission electronically through EDGAR. For example, directors and executives of many public companies have reporting obligations under section 16 of the Securities Exchange Act of 1934.110 Entities consist of public operating companies, investment companies, broker-dealers, transfer-agents, and other institutions who have filing obligations with the Commission. The parties directly affected by EDGAR Next are current and prospective filers as well as relevant individuals or entities acting on filers’ behalf. In 2022, the Commission received approximately 79,457 Form ID submissions.111 From 2018 to 2022, an average of approximately 62,061 Form IDs were submitted per year to the Commission.112 Individuals and entities who seek to file on EDGAR apply for access in accordance with Rule 10 of Regulation S–T by completing Form ID, the uniform application for access codes to file on EDGAR.113 Form ID currently 110 See 15 U.S.C. 78p. number includes 69,651 applications from prospective filers without CIKs, 9,390 applications from filers who had lost EDGAR access and were seeking to regain access to EDGAR (currently submitted as passphrase updates, but under the proposal would be submitted on Form ID), and 416 applications from filers with CIKs who had not yet filed electronically on EDGAR. 112 Similarly, this number includes applications from prospective filers without CIKs, applications from filers who had lost EDGAR access and were seeking to regain access to EDGAR (currently submitted as passphrase updates, but under the proposal would be submitted on Form ID), and applications from filers with CIKs who had not yet filed electronically on EDGAR. 113 See supra note 23. 111 This E:\FR\FM\22SEP3.SGM 22SEP3 lotter on DSK11XQN23PROD with PROPOSALS3 65546 Federal Register / Vol. 88, No. 183 / Friday, September 22, 2023 / Proposed Rules collects the applicant’s contact information, along with the applicant’s EDGAR POC. Upon approval, the filer receives a unique CIK, and the EDGAR POC generates access codes (including a password), using their CIK and passphrase from the Filer Management website, which allows the filer to make submissions on its EDGAR account. EDGAR filers are required to renew their EDGAR password annually. Currently, EDGAR system access has not incorporated multi-factor authentication to validate individuals accessing EDGAR and simplify password retrieval. Additionally, the Commission has no systematic way to determine with whom the filer has shared EDGAR access codes, or when the filer has revoked authorization. Filers are responsible for safeguarding their access codes and monitoring the number of individuals authorized to receive the codes.114 Certain filers and filing agents currently devise their own internal systems to track who possesses their EDGAR access codes. Because the Commission does not collect the personal information of the specific individual who makes the submission, nor does the Commission issue identifying credentials to individuals acting on behalf of filers when filings are submitted, the Commission is currently unable to match filings to specific individuals who made the filings. EDGAR receives a large volume of filings, typically more than 500,000 per calendar year, and has approximately 220,000 active filers, of which approximately 149,000 represent entities and approximately 71,000 represent individuals.115 The majority of Commission filings are made by filing agents on behalf of their client filers.116 Certain filing agents and filers use proprietary custom software to interface with EDGAR to mimic a machine-to-machine submission process and eliminate the need for individual human web-based interaction with the EDGAR filing websites. To create this custom software, data are extracted from the EDGAR filing websites and the custom software is configured to mimic a webbased interaction. This model of interaction with EDGAR requires frequent maintenance, however, since whenever EDGAR filing websites change their content or structure, those changes impact the custom software. Although Commission staff does not provide technical or other support for custom software for interaction with EDGAR, staff seeks to minimize filing 114 See supra note 27. supra note 100. 116 See supra note 28. disruptions and strives to provide notice to filers prior to making website changes. As a result, however, technical changes (e.g., maintenance, updates, etc.) to be implemented in EDGAR may be slowed by the fact that staff has to consider downstream custom software configurations. C. Consideration of Benefits and Costs as Well as the Effects on Efficiency, Competition, and Capital Formation 1. Benefits The EDGAR Next changes seek to enhance the security of EDGAR, improve filers’ ability to securely manage and maintain access to their EDGAR accounts, facilitate the responsible management of filer credentials, and simplify procedures for accessing EDGAR. EDGAR Next aims to improve access by filers and enhance security by identifying individuals who submit filings on EDGAR. Improving access by filers and the security of EDGAR may increase the accuracy of submissions to the Commission and thereby the quality of the information available on EDGAR, thus also improving regulatory oversight. After an initial setup burden described below,117 these changes could potentially reduce the burden for reporting entities because modernizing the EDGAR filing regime could improve the accuracy and efficiency of filing preparation. Additionally, the improved accuracy and efficiency of the filings submitted to the Commission could reduce the costs associated with receiving and processing such submissions, in part by reducing the time, processing, and search costs, and accordingly aid the Commission’s examination and oversight functions. An increase in the accuracy and quality of submissions would boost the efficiency of the Commission’s document review, processing, and quality assurance. Further, the public would generally benefit from the implied increase in informational efficiency resulting from EDGAR Next changes as they use EDGAR filings for investment decisions. EDGAR Next would impose new requirements on existing filers, relevant individuals acting on their behalf, and applicants for EDGAR access. These requirements are designed to enhance the security of EDGAR, and prevent the unauthorized access to information and systems by: (1) identifying and authenticating individuals accessing EDGAR; (2) requiring filers to authorize account administrators to manage their accounts; (3) providing an account 115 See VerDate Sep<11>2014 18:08 Sep 21, 2023 117 See Jkt 259001 PO 00000 infra Section IV.C.2. Frm 00024 Fmt 4701 Sfmt 4702 management dashboard to simplify the management of EDGAR accounts and facilitate account administrators in their compliance; (4) requiring filers, through their account administrators, to annually confirm the individuals with roles on the filer’s dashboard, and to maintain accurate and current information on EDGAR concerning the filer’s account while securely maintaining information relevant to access the filer’s EDGAR account; and (5) providing a machine-to-machine solution for filers to interface with EDGAR. a. Individual Account Credentials The amendments to Rule 10 would provide that filers may only authorize individuals on the dashboard if those individuals have obtained individual account credentials in a manner to be specified in the EDGAR Filer Manual. The Commission also anticipates requiring multi-factor authentication (which we anticipate would be performed through Login.gov).118 We believe that by imposing the requirement to require individual account credentials for the individuals accessing the dashboards for all existing and prospective EDGAR filers, EDGAR Next would generally improve the security of the EDGAR system in three different ways. First, this requirement would eliminate the need for filers to share their EDGAR access codes with various individuals acting on behalf of the filer, reducing the likelihood of an unauthorized individual gaining access to the filer’s account. For example, a personnel change or management reorganization at the filer could create a situation where previously authorized filing agents or former employees of the filer lose their privileges, but still possess the EDGAR access codes. The risk of unauthorized access is heightened when there is no internal method of tracking possession of EDGAR access codes. Second, individual account credentials provide a means of associating any given filing with the particular individual who submitted such filing. The ability to associate the relevant individuals to the filings they submitted would benefit the Commission and the filer in resolving issues with problematic filings. Third, individual account credentials would provide an additional layer of validation with the anticipated requirement of multi-factor authentication that would 118 In connection with the proposed amendments, the Commission also proposes to amend Rule 11 under Regulation S–T, ‘‘Definitions of terms used in this part,’’ to add and define new terms as part of this rulemaking, and update the definitions of existing terms as needed. E:\FR\FM\22SEP3.SGM 22SEP3 Federal Register / Vol. 88, No. 183 / Friday, September 22, 2023 / Proposed Rules lotter on DSK11XQN23PROD with PROPOSALS3 require users to present a combination of two or more credentials for access verification, thereby strengthening identity verification and the security of access to EDGAR.119 b. Account Administrators The proposed amendments to Rule 10 also would require filers to authorize account administrators to act on the filers’ behalf to manage their accounts. Currently, anyone who possesses a filer’s access codes can make a filing on that filer’s EDGAR account. If the codes are shared or left unprotected by the people who have them, they may be obtained by someone who could use them to make an unauthorized filing, and neither the filer nor Commission staff would be able to easily trace the unauthorized filing through EDGAR to the individual who made it. Under EDGAR Next, account administrators would improve the security of EDGAR because account administrators would oversee and monitor the filer’s account. Account administrators would have the ability to authorize, remove authority, and track all individuals acting on the filer’s behalf, thereby reducing the risk of unauthorized access to the filer’s account. The account administrator’s monitoring of the filer’s account would allow for prevention and timely detection of potential harms resulting from unauthorized access. It is difficult to quantify the potential benefits to filers of these aspects of the proposed changes because they would depend, in part, on the security risks faced by filers and the effectiveness of their existing systems to protect against unauthorized use of EDGAR access codes. Individual filers and filers who are single-member companies would be required, under proposed Rule 10(d)(2), to authorize and maintain at least one account administrator. The designation of account administrators would also help facilitate communication between filers and the Commission, thus reducing the risk of possible interruptions in filer EDGAR activities. Currently, filers designate a point of contact on their Form ID to enable communication with the Commission. Correspondence between the Commission and the EDGAR POC regarding the filers’ account activities may be delayed in the event that the EDGAR POC is no longer associated with the filer, because the filer may not update their EDGAR POC information with the Commission. All filers who are not individuals or single-member companies would be required to authorize and maintain at least two 119 See supra text following note 59. VerDate Sep<11>2014 18:08 Sep 21, 2023 Jkt 259001 account administrators. The minimum requirement of two account administrators would lower the likelihood of the previously mentioned scenario. In addition, though the current EDGAR POC receives the access codes on behalf of the filer, he is not necessarily authorized to act on behalf of the filer. Under EDGAR Next, the account administrator, on behalf of the filer, would oversee all other designated roles and would be responsible for the management of the filer’s account. c. Dashboard Commission staff is also aware that certain filers and filing agents currently have internal systems that track which individuals possess their EDGAR access codes. The cost to these filers in transitioning to the dashboard would be the same as if they did not have an internal system. We can infer that the cost to these filers would be less on an ongoing basis if they use the dashboard instead of their current system due to the elimination of ongoing maintenance costs for their system. Moreover, the dashboard would offer the advantage of being a uniform system for all filers that additionally allows Commission staff visibility into individuals authorized to act for the filer. This additional qualitative benefit is not present for current filer internal tracking systems. Furthermore, filers without a system for tracking individuals in possession of EDGAR codes currently would be afforded a tool to do so through EDGAR, thereby facilitating compliance with their existing and proposed obligation to securely maintain access to their accounts. As proposed, Rule 10(d)(6) essentially codifies the current requirement for a filer to securely maintain its EDGAR access codes. Under the proposal, filers, through their account administrators, would be required to securely maintain information relevant to the ability to access their EDGAR accounts. Access to the dashboard would require individual account credentials, completion of the anticipated requirement of multi-factor authentication steps, and authorization from account administrators. Because of these security features, individuals in designated roles on the dashboard could safely access the CCC code to file on behalf of the filers.120 This added security feature would eliminate the need to share the CCC codes with various individuals thus minimizing the risk of unauthorized access. Additionally, the dashboard functionality of EDGAR Next would provide time and labor efficiencies in 120 See PO 00000 supra note 26. Frm 00025 Fmt 4701 Sfmt 4702 65547 managing filers’ EDGAR accounts, while facilitating compliance with the proposed rule requirements: First, the dashboard would have a flexible user interface that would provide time and labor efficiencies to account administrators by facilitating the management of filers’ EDGAR accounts, and compliance with the proposed changes. Through the dashboard’s interface, an account administrator would have access to readily available information that would facilitate compliance with proposed Rule 10(d)(4), assist in tracking those authorized to file on EDGAR, and provide an opportunity for account administrators to confirm the accuracy of all information contained on the dashboard. Furthermore, through the dashboard’s interface, account administrators could add an individual as a user, account administrator, or technical administrator for an EDGAR account on the dashboard. Additionally, using API tokens as a method of authentication would eliminate the need for manual individual account credential multi-factor authentication. This would decrease the time required to submit filings, facilitate the ability to pre-schedule and perform bulk filings, and reduce the potential for error due to manual processing and the risk of missing deadlines. Moreover, through the dashboard’s interface, account administrators could generate a CCC for newly issued CIKs. The CCC would be securely saved in the dashboard visible to all authorized account administrators and users. The CCC would remain as the code required for filing in the account. Second, the dashboard would provide additional time and labor efficiencies through the user groups feature. This functionality would particularly benefit delegated entities in managing multiple users and multiple filers’ delegations of authority. EDGAR Next would allow up to 500 users per filer, and delegated users would be able to make submissions on behalf of the delegating filer. Assigning multiple users on an individual basis to a given filer would be time consuming and labor intensive, which would be detrimental to filers when they may need to make timesensitive filings. The user group feature would streamline that process and allow delegated entities to assign multiple users to a specific filer at once. The dashboard would harness the benefits of technology and modernize the EDGAR access and management functions while providing filers the flexibility to adapt to changes rapidly, which is significant particularly in scenarios that could negatively impact filing times. E:\FR\FM\22SEP3.SGM 22SEP3 65548 Federal Register / Vol. 88, No. 183 / Friday, September 22, 2023 / Proposed Rules The institution of the user role would particularly benefit large filers or filing agents submitting multiple forms, for multiple entities. Allowing up to 500 users per filer would increase the likelihood of filling success for large filers and filing agents by providing these entities flexibility in assigning multiple users to various user-groups. Users would be able to remove themselves as a user for a given filer, thereby facilitating the maintenance of updated dashboard information that would benefit all affected parties. lotter on DSK11XQN23PROD with PROPOSALS3 d. Proposed Rules 10(d)(4), (d)(5), and (d)(6) The proposed Rules 10(d)(4), (d)(5), and (d)(6) would require the filer, through its authorized account administrators: to annually confirm that all individuals reflected on the dashboard for the filer’s EDGAR account are authorized by the filer and that all information regarding the filer on the dashboard is accurate; to maintain accurate and current information about the filer on EDGAR; and to securely maintain information relevant to the ability to access the filer’s EDGAR account. It would assist the filer in tracking and confirming those individuals and delegated entities authorized to act on behalf of the filer, and to remove those no longer authorized. Confirming the accuracy of individuals authorized to act on behalf of filers while ensuring the safeguard of account access related information would enhance the security of EDGAR by reducing the risk of unauthorized access therefore reducing the likelihood of unauthorized filings. The Commission preliminarily believes that to the extent that the risk of unauthorized access is reduced, taking measures that may prevent unauthorized filings is inherently more efficient than remediating the consequences of such events after it occurred. Additionally, failure to perform the annual confirmation of the information on the dashboard would result in the deactivation of the filer’s access and the removal of individuals from the filer’s account upon deactivation. Failure to perform annual confirmation could signal that the account has been abandoned. Deactivation would further benefit filers and all individuals associated with the filer’s account by protecting their information listed on the dashboard. Proposed Rule 10(d)(5) is analogous to the current requirements to securely maintain EDGAR access and to maintain accurate company information VerDate Sep<11>2014 18:08 Sep 21, 2023 Jkt 259001 on EDGAR.121 Ensuring the accuracy of filer’s relevant information contained in EDGAR would increase the reliability of such available information and thus would enhance the Commission’s oversight capabilities, which benefits both the Commissions and the public. Furthermore, accurate and reliable EDGAR information would benefit the filer by facilitating a timelier remediation of problematic filings. e. Optional APIs In connection with the EDGAR Next changes, the Commission would provide optional APIs that would permit filers to interface on a machineto-machine basis with the EDGAR platform. These APIs would benefit filers and the Commission by automating filers’ connection to EDGAR for submission and retrieval of certain filing-related data and by reducing network traffic to the Commission. The Commission would offer three APIs: a submission API, a submission status API, and an operational status API. With respect to the process for submissions, the submission API would benefit filers by allowing for more secure submissions since prior to using the APIs, the filer’s technical administrator would be required to generate a filer API token to authenticate the filer, and the user would be required to generate a user API token to authenticate the user. The API tokens would be confidential and generated through the dashboard. The above requirements would provide additional assurance that the user is indeed authorized to submit the relevant filing. The APIs would further streamline the submission and retrieval process since the use of APIs and user tokens would allow automated server-to-server authentication without the need for manual login and multi-factor authentication. As mentioned before, many filing agents’ software use web scraping to retrieve information from EDGAR for filing purposes and to make submissions. Though widely used, scraping depends on the underlying structure of the external web page being scraped. Thus, any minor changes to the underlying structure of the EDGAR websites could impact the filers’ software. The APIs would provide a more reliable way for filers to interact with EDGAR since future changes to EDGAR would likely not impact filers’ software. Further, the submission status API would allow filers to assess information regarding submission status via 121 See PO 00000 supra note 88. Frm 00026 Fmt 4701 Sfmt 4702 machine-to-machine communication. The submission status API would allow filers and filing agents to use their filing application to simultaneously check the status of multiple EDGAR submissions in a batch process as opposed to individually checking the submission status of each submission after manually logging into EDGAR. The submission status API would increase the likelihood that the Commission receives submissions promptly by limiting the risk of a failed submission through early communication with the filers or their authorized representatives, benefiting the Commission, filers and filing agents. An increase in the certainty and timeliness of submission boosts the overall information quality of the EDGAR system. By opting to use the APIs, filers would further benefit by using direct machine-to-machine connections that would be approved and maintained by the Commission (as opposed to current third-party custom applications). As described in Sections III.D.2 and 3, filers and filing agents, as well as those using third-party custom applications continuously interact with the EDGAR system inquiring as to the status of submissions, or the operating status of EDGAR. Such inquiries into EDGAR create significant network traffic. For example, this network traffic could be more severe in the case of a large filing agent checking the status of multiple submissions. Instead of manually logging into EDGAR and individually checking the status of each submission, the submission status and operational status APIs would benefit the Commission and filers by allowing filers to simultaneously check the status of multiple submissions in a batch process as opposed to checking the status of each submission individually, thereby reducing network traffic created when filers are repeatedly requesting the status of their submissions, or the operational status of EDGAR. Additionally, a filer who opts to use APIs would be required to authorize at least two technical administrators, and would be allowed a maximum of ten technical administrators to facilitate communication with the Commission on API-related technical issues. This would reduce the chance that filers’ API access would be interrupted for any unforeseen technical issues. 2. Costs We believe that the costs associated with EDGAR Next would primarily result from compliance costs borne by filers as described in the Paperwork Reduction Act (‘‘PRA’’) analysis below, associated costs to comply with new E:\FR\FM\22SEP3.SGM 22SEP3 lotter on DSK11XQN23PROD with PROPOSALS3 Federal Register / Vol. 88, No. 183 / Friday, September 22, 2023 / Proposed Rules Rule 10 requirements, and the one-time burden for filers to adjust their internal filing application software to interface with the APIs.122 While filers are not currently subject to analogous specific requirements regarding access, they are nevertheless subject to the same general requirements regarding securely maintaining EDGAR access codes and limiting the number of persons who possess the codes. The proposed additional disclosure requirements for Form ID would entail certain incremental compliance costs.123 For example, filers are already subject to the disclosure requirements of Form ID and under EDGAR Next we estimate for purposes of the PRA that Form ID’s burden hours would increase by 0.3 burden hours.124 Collectively, we estimate the burden to all filers to comply with the proposed amendments to Form ID would be 47,674 hours per year.125 Filers would also incur labor costs associated with authorizing account administrators, along with fees associated with authorized individuals granting powers of attorney to designated individuals and delegated entities if those individuals being designated as account administrators are not employees of the filer. However, such costs would be mitigated by the six-month enrollment period of EDGAR Next, which would allow existing and prospective filers to enroll their account administrators without submitting a Form ID. Other costs that could arise from the proposal would stem from a filer’s failure to perform, through its authorized account administrator, the required annual confirmation pursuant to proposed Rule 10(d)(4). Failure to perform the annual confirmation of the information on the dashboard would result in the deactivation of the filer’s access, and the removal of individuals associated with the filer’s account upon deactivation.126 Filers would incur an additional burden of submitting a new Form ID application to regain access to file on EDGAR, and re-issuing invitations to any technical administrators, users, and technical administrators associated with their account prior to deactivation. However, these costs would potentially be mitigated by EDGAR’s multiple notices of the impending confirmation deadline to account administrators on the dashboard and by email.127 122 See infra Section V. infra Section V. 124 See infra note 140. 125 See infra note 141141. 126 See supra note 71. 127 See supra note 70. 123 See VerDate Sep<11>2014 18:08 Sep 21, 2023 The Commission would further ease the transition for filers by allowing relevant individuals of the filer to submit bulk enrollment of up to 100 filers and their account administrators. This would particularly benefit large filing agents enrolling multiple accounts by saving time and labor costs. The dashboard would require filers to incur costs to set up their accounts, as set forth in the PRA, and would require some period of time to maintain accurate and current information on EDGAR, confirm annually on EDGAR that all users, account administrators, technical administrators, and/or delegated entities reflected on the dashboard for the filer’s EDGAR account are authorized by the filer, and that the filer’s information on the dashboard is accurate, and securely maintain relevant account access information, largely depending on the number of users the filer authorizes and the amount of turnover of relevant personnel.128 We recognize that due to these factors, the burden incurred would vary across filers. Filers with a large number of users and significant turnover would likely spend a greater amount of time managing their dashboard accounts. And filers with few users and little turnover would likely have infrequent need to manage individuals on the dashboard. Similarly, larger filers managing multiple CIKs would spend more time performing their required annual confirmation, and thus would incur a higher associated compliance cost associated. For purposes of the PRA, we estimate that, on average, each filer would incur one burden hour per year managing their account in the dashboard.129 Collectively, we estimate the burden to all filers to comply with the proposed new dashboard requirements would be 220,000 hours per year.130 However, such burden would be mitigated by active notifications and other efficiencies provided by the dashboard as an account management tool. Filers or filing agents who choose to use the optional APIs would incur a one-time cost to adjust their internal software systems to the new EDGAR APIs. Given that the APIs are optional, filers would presumably incur this cost to the extent that the benefits of using the APIs are expected to exceed the cost of doing so. Further, for filers who substitute the optional APIs for custom filing software, the cost of adjusting internal software systems to use the new EDGAR APIs would be mitigated by the 128 See infra Section V.B. infra text preceding note 142. 130 See infra note 143143. 129 See Jkt 259001 PO 00000 Frm 00027 Fmt 4701 Sfmt 4702 65549 elimination of current ongoing maintenance costs associated with adjusting their custom software each time EDGAR undergoes changes. The costs of developing software to use the APIs would not apply to filers who do not generally utilize custom filing software, as these filers could continue using the EDGAR websites to submit their filings. We have observed that small filers typically do not utilize custom filing software and we expect they will generally not incur these costs. Furthermore, the Commission would make available an EDGAR Next Beta to facilitate a smooth transition process for all affected parties. We further estimate the direct costs to filers or filing agents associated with the proposed optional API requirements, including time and personnel costs to build a filing application integrated with all functions to successfully connect to the EDGAR APIs. Depending on their existing software, complexity of their application and individual business models, among other factors, these expenses are likely to vary across filers. Based on Commission experience from developing EDGAR Next the total estimated cost per filer for filing applications to connect to an EDGAR API by an external programmer analyst would range from $31,104 131 for filers with a preexisting filing application to $38,880 assuming the filers do not have a preexisting filing application.132 The total estimated burden hours for filers developing their application internally 131 An outside Senior Programmer Analyst salary range (national averages) is available from www.payscale.com. Using data from the 75th percentile, adjusting for a 1,800 hour work year, and multiplying by the 5.35 factor which normally is used to include benefits but here is used as an approximation to offset the fact that New York salaries are typically higher than the rest of the country, the result is $324 per hour. The estimate of $31,104 is based on the following calculation: $5,184 to simply connect an existing filing application to the API (16 hours = 2 days × 8 hours per day for a Senior Programmer Analyst at a rate of $324/hour) + $25,920 (80 hours = 2 weeks × 5 days per week × 8 hours per day for a Senior Programmer Analyst at a rate of $324/hour to configure the filing application correctly to be able to use the API). 132 An outside Senior Programmer Analyst salary range (national averages) is available from www.payscale.com. Using data from the 75th percentile, adjusting for a 1,800 hour work year, and multiplying by the 5.35 factor which normally is used to include benefits but here is used as an approximation to offset the fact that New York salaries are typically higher than the rest of the country, the result is $324 per hour. The estimate of $38,880 is based on the following calculation: $12,960 to create a new filing application and connect it to the API (40 hours = 5 days × 8 hours per day for a Senior Programmer Analyst at a rate of $324/hour) + $25,920 to configure the filing application correctly to be able to use the API (80 hours = 2 weeks × 5 days per week × 8 hours per day for a Senior Programmer Analyst at a rate of $324/hour). E:\FR\FM\22SEP3.SGM 22SEP3 65550 Federal Register / Vol. 88, No. 183 / Friday, September 22, 2023 / Proposed Rules would range between 96 burden hours 133 and 120 burden hours.134 Filers who choose to use the APIs would also incur the additional cost of authorizing two technical administrators to manage the technical aspects of the APIs. We do not expect that filers would need to hire new employees to fill the technical administrator role since the primary responsibilities for the technical administrator are to generate the filer API token on an annual basis and securely store it within a filer’s application. For purposes of the PRA, we estimate that filers would incur a burden of one hour per year per CIK with respect to the technical administrators’ responsibilities, depending on security standards imposed by the filer or filing agent.135 lotter on DSK11XQN23PROD with PROPOSALS3 3. Effects on Efficiency, Competition, and Capital Formation EDGAR Next would increase the efficiency of filings and filing preparation by improving the accuracy of submissions and improving regulatory oversight into filings. The Commission preliminarily believes that enhancements to EDGAR security from the proposed EDGAR Next changes may improve efficiency by minimizing the risk of unauthorized access thus reducing the likelihood of unauthorized filings. Facilitating access and improving the tracking mechanism of who files on EDGAR would increase public confidence in the large amount of information submitted through EDGAR. Moreover, an increase in the accuracy and timeliness of processing submissions would boost the efficiency of the Commission’s document review, processing, and quality assurance. Enhancing the security of EDGAR would better protect against unauthorized access to the EDGAR system, thereby reducing the possibility of unauthorized filings that could have a distorting impact on the market. Strengthening filing security could marginally increase investor confidence and promote effective and wellfunctioning capital markets. The public 133 The estimate is based on the following calculation: 16 hours to simply connect an existing filing application to the API by a Senior Programmer Analyst (16 hours = 2 days × 8 hours per day) + 80 hours (80 hours = 2 weeks × 5 days per week × 8 hours per day) for a Senior Programmer Analyst to configure the filing application correctly to be able to use the API. 134 This estimate is based on the following calculation: 40 hours to create a new filing application and connect it to the API (40 hours = 5 days × 8 hours per day) + 80 hours to configure the filing application correctly to be able to use the API (80 hours = 2 weeks × 5 days per week × 8 hours per day). 135 See infra note 143 and accompanying text 141. VerDate Sep<11>2014 18:08 Sep 21, 2023 Jkt 259001 would generally benefit from the implied increase in informational efficiency resulting from the improved accuracy and timeliness of processing submissions, as they use EDGAR filings for investment decisions. Overall, however, we do not expect the EDGAR Next changes to have a significant effect on capital formation because the contemplated security enhancements would not necessarily change market price fundamentals. As discussed above, because the EDGAR Next changes would potentially increase the compliance requirements for filers, they could result in an increased demand for delegated entities to the extent that delegated entities find it profitable. This might increase competition among delegated entities, resulting in lower fees for filers with delegated entities. We cannot assess the relative likelihood of the above competitive effects among delegated entities because we are unable to estimate how many filers would choose to use delegated entities as a result of the proposal. D. Reasonable Alternatives 1. Require Personally Identifiable Information in Addition to Individual Account Credentials The proposed amendments would require all filers and relevant individuals acting on filers’ behalf to obtain their individual account credentials prior to being authorized for any EDGAR Next role. Alternatively, the Commission could require that U.S.based individuals provide certain personally identifiable information (‘‘PII’’) in addition to individual account credentials. Compared to the proposed amendments, while requiring PII from U.S.-based individuals and companies may result in a higher identity assurance level for U.S.-based persons, it would not achieve the same benefit for foreign individuals. Foreign individuals use different forms of PII, including different identifying documents, which makes it inherently difficult for a single vendor (database) to reliably identify everyone in the world. Additionally, the costs to the Commission of acquiring and safeguarding PII would exceed the benefits of doing so. Thus, this alternative would represent an extra burden to U.S.-based filers and individuals acting on their behalf, as well as the Commission. 2. Requirements for Individual and Small Filers EDGAR Next would apply to all prospective and existing filers PO 00000 Frm 00028 Fmt 4701 Sfmt 4702 regardless of size. As an alternative, the Commission could simplify compliance requirements designed to address resource constraints of small entities. For example, the Commission could consider exempting small filers from proposed Rule 10(d)(4) that would require filers, through their authorized account administrators, to confirm annually that all account administrators, users, and delegated entities, and technical administrators reflected on the dashboard for the filer’s EDGAR account are authorized by the filer and that all information regarding the filer on the dashboard is accurate. Further, the Commission could exempt small filers from proposed Rule 10(d)(1), and instead allow small filers to independently develop practices and recordkeeping to track individuals acting on their behalf and safeguard their account access codes. To the extent that simplifying these requirements could reduce regulatory burden on small filers, while affording small filers greater discretion into how they manage their accounts and securely maintain their EDGAR access codes, exempting a particular group of users would hinder the Commission’s effort of establishing uniform requirements for all filers and individuals acting on their behalf. For instance, because EDGAR Next would eliminate the use of the several passcodes and eliminate the present requirement to change the EDGAR password annually, exempting small filers from proposed Rule 10(d)(4) would generally lessen the security of their filing regime. Moreover, the Commission believes that any costs savings associated with exempting small filers from parts of EDGAR Next would likely be minimal. Small filers would still incur a cost of implementing their own practices and recordkeeping which might be higher than the cost of complying with the EDGAR Next changes and would impose a burden on small filers due to their limited resources and less established history of implementing such practices and recordkeeping. The EDGAR Next changes are designed to enhance the EDGAR filing regime, including, among other things, strengthening access to filers’ EDGAR accounts by establishing a uniform method for authorizing, identifying, and tracking all individuals authorized to act on each filer’s behalf. Additionally, a benefit of EDGAR Next is the elimination of password sharing. Exempting small filers from obtaining individual account credentials would not achieve that objective and therefore E:\FR\FM\22SEP3.SGM 22SEP3 Federal Register / Vol. 88, No. 183 / Friday, September 22, 2023 / Proposed Rules lotter on DSK11XQN23PROD with PROPOSALS3 would not generally improve the security of EDGAR. 3. Implementing Performance-Based Standards The EDGAR Next proposal mandates the performance of certain prescribed requirements to enhance the security of EDGAR’s filing regime. We could consider an alternative with a more performance-based approach that would not spell out the precise actions filers need to take in order to improve the security of their EDGAR accounts, but instead only state that filers should have in place practices and recordkeeping that would allow the Commission to more easily identify anyone who makes a submission on the filer’s behalf, and ensure that only individuals authorized by the filer are privy to the filer’s access codes. For example, filers might opt to authorize only one account administrator rather than authorize and maintain two such individuals, or filers might determine that they do not need the additional security provided by multi-factor authentication for designated individuals to be authorized to act on their behalf on the dashboard. The benefits of such an approach would be that filers would have more flexibility in what their practices and recordkeeping cover. Such an approach would provide the benefit of reducing the regulatory burden for certain filers by permitting them to tailor their EDGAR access compliance requirements to fit their own particular circumstances, and would provide filers greater discretion into how they manage their EDGAR accounts and safeguard their account access codes. To the extent that this approach provides more flexibility to certain filers, this alternative could also increase compliance cost to the detriment of some filers who may incur higher cost to set up practices and recordkeeping arrangements to manage their account and safeguard their access codes. Furthermore, this approach would diminish the intended benefits of the EDGAR Next changes. Filers who bypass the individual account credential requirements would make it difficult for the Commission to match specific filings to the relevant individual who made the submissions, while authorizing only one account administrator would probably not reduce the likelihood of managing EDGAR accounts without interruptions. Overall, a performance-based approach would create inconsistencies in improving the overall security of EDGAR, facilitating the responsible management of EDGAR filer credentials, and simplifying procedures for VerDate Sep<11>2014 18:08 Sep 21, 2023 Jkt 259001 accessing EDGAR. In addition, any cost savings associated with a performancebased approach would likely be minimal because filers would still incur the cost of compliance. In sum, this alternative would limit the magnitude of the benefits for filers that would result from the contemplated EDGAR Next changes. 4. Institute Phased Compliance Dates by Filer Category or Form Type The proposed amendments would have a single compliance date. As an alternative, we could employ phased compliance dates to either accelerate or postpone compliance for particular filers. Phased compliance would particularly benefit smaller filers by affording them a longer time period to come into compliance with EDGAR Next, while further facilitating compliance with other contemporaneous rules with similar or earlier compliance deadlines. To the extent that a phased compliance would provide filers with more time to comply with EDGAR Next changes, compared to the proposed compliance timeline, postponing compliance would delay the benefits provided by the proposed changes, while accelerating compliance might result in additional transition challenges for these filers. E. Requests for Comment 55. The Commission requests comment on all aspects of the economic effects of the EDGAR Next changes, including any anticipated impacts that are not mentioned here. We are particularly interested in quantitative estimates of the benefits and costs, in general or for particular types of affected parties, including smaller entities. We also request comment on reasonable alternatives to the EDGAR Next changes and on any effect the changes may have on efficiency, competition, and capital formation. 56. Do you agree with the estimated benefits that EDGAR Next would provide to filers? If not, why? 57. Do you agree with the estimated costs associated with the EDGAR Next changes? If not, why? Please provide your views on the burden of complying with the EDGAR Next changes relative to our estimates. In particular, would filers and filing agents switch to using the optional APIs contemplated as part of EDGAR Next? If not, why? 58. Are there any filers for whom the compliance costs associated with EDGAR Next would not be justified by the benefits such that exempting those entities would be advisable? If so, which filers should the Commission exempt, and why? PO 00000 Frm 00029 Fmt 4701 Sfmt 4702 65551 59. Does the contemplated compliance timeline provide filers sufficient time to transition to EDGAR Next? If not, what would be the additional cost incurred in order to meet the contemplated compliance timeline? 60. Would EDGAR Next require any existing filers with delegated authority to file on behalf of a related person or entity to materially change the way they operate? If so, in what ways? What would be the cost associated with such change? For instance, many companies may file on behalf of their section 16 directors and officers, and some investment companies may also make filings on behalf of other funds within their fund family. 61. Prospective filers could designate as account administrators (i) individuals employed at the filer or an affiliate of the filer (in the case of company applicants) or themselves (in the case of individual applicants), as well as (ii) any other individual, provided the filer submitted a notarized power of attorney authorizing such other individual to be its account administrator. Are filers likely to designate individuals other than themselves or their employees or employees of their affiliates? What would be the costs associated with this determination? The Commission also requests comment and supporting empirical data on the burden and cost estimates for the proposed rule, including the costs that filers and potential filers may incur. V. Paperwork Reduction Act Certain provisions of the proposed amendments contain ‘‘collection of information’’ requirements within the meaning of the Paperwork Reduction Act of 1995 (‘‘PRA’’).136 We are submitting the proposed collections of information to the Office of Management and Budget (‘‘OMB’’) for review in accordance with the PRA.137 An agency may not conduct or sponsor, and a person is not required to respond to, a collection of information unless it displays a currently valid OMB control number. Compliance with the information collection is mandatory. Responses to the information collection are not kept confidential, and there is no mandatory retention period for the information disclosed. The title for the existing collection of information that we are proposing to amend is ‘‘Form ID—EDGAR Password’’ (OMB Control No. 3235–0328). Our proposal also includes a new collection of information titled ‘‘the dashboard.’’ The amendments to Form ID and the 136 44 137 44 E:\FR\FM\22SEP3.SGM U.S.C. 3501 et seq. U.S.C. 3507(d); 5 CFR 1320.11. 22SEP3 65552 Federal Register / Vol. 88, No. 183 / Friday, September 22, 2023 / Proposed Rules implementation of the dashboard are designed to harness the benefits of improved technology and to modernize the EDGAR access and management functions. A detailed description of the proposed amendments, including the amendments to Form ID and the implementation of the dashboard, including the need for the information and its proposed use, as well as a description of the likely respondents, can be found in Section III above, and a discussion of the expected economic impact of the proposed amendments can be found in Section IV above. We discuss below the collection of information burdens associated with each initiative. A. Form ID Form ID must be completed online and submitted to the Commission by all individuals, companies, and other organizations who seek access to file electronically on EDGAR. As outlined above, the amendments to Form ID would require an applicant for EDGAR access to undertake certain additional disclosure obligations, including most significantly: (1) designating on Form ID specific individuals the applicant authorizes to act as its account administrator(s) to manage its EDGAR account on a dashboard on EDGAR; (2) indicating the applicant’s LEI, if any; (3) providing more specific contact information about the filer, its account administrators, its authorized individual (individual authorized to submit Form ID on the filer’s behalf), and its billing contact (including mailing, business, and billing information, as applicable); (4) specifying whether the applicant, its authorized individual, person signing a power of attorney (if applicable), account administrator, or billing contact has been criminally convicted as a result of a Federal or State securities law violation, or civilly or administratively enjoined, barred, suspended, or banned in any capacity, as a result of a Federal or State securities law violation; (5) indicating whether the applicant, if a company, is in good standing with its state or country of incorporation; (6) requiring submission of a new Form ID if the applicant claims to have (i) lost electronic access to its existing CIK account or (ii) assumed legal control of a filer listed on an existing CIK account but did not receive EDGAR access from that filer; and (7) requiring those seeking access to an existing EDGAR account to upload to EDGAR the documents that establish the applicant’s authority over the company or individual listed in EDGAR on the existing account. The proposed amendments would also simplify filer account management by eliminating the EDGAR password, PMAC, and passphrase. For purposes of the Paperwork Reduction Act, the currently approved burden includes an estimate of 57,329 Form ID filings annually and further estimates approximately 0.30 hours per response to prepare and file Form ID, for a total of 17,199 annual burden hours. Those estimates include the number of Form ID filings for filers without CIKs (48,089 filings), filers with CIKs who are seeking to regain access to EDGAR (8,836 filings), and filers with CIKs who have not filed electronically on EDGAR (404 filings).138 Filers are responsible for 100% of the total burden hours. There were 79,457 Form ID filings in calendar year 2022. The estimate includes the number of filers without CIKs, filers with CIKs who have not filed electronically on EDGAR, and filers with CIKs who are seeking to regain access EDGAR.139 If the proposed access changes and proposed Form ID amendments are implemented, for purposes of the Paperwork Reduction Act, we estimate that the number of Form ID filings would remain the same and that the number of hours to prepare Form ID would increase by 0.30 hours.140 Thus, for purposes of the Paperwork Reduction Act, the estimated total number of annual Form ID filings would increase from 57,329 filings to 79,457 filings. The estimate of 0.30 hours per response would increase to 0.60 hours per response. The estimated total annual burden would increase from 17,199 hours to 47,674 hours.141 The estimate that the filers are responsible for 100% of the total burden hours would stay the same. Annual number of filings Form ID Form ID ........................................................................................... Previously approved Requested Change Previously approved Requested Change 57,329 79,457 22,128 17,199 47,674 30,475 To file on EDGAR, each filer must also comply with certain account access and management requirements by taking actions on the dashboard. As outlined above, each filer must authorize individuals to act on its behalf on the dashboard, and those individuals must have obtained individual account credentials for EDGAR in the manner specified in the EDGAR Filer Manual. Moreover, each filer, through their account administrators, is required to: (i) authorize and maintain at least two individuals as authorized account administrators to act on the filer’s behalf to manage the filer’s EDGAR account, except a filer who is an individual or single-member company must authorize and maintain at least one individual as an account administrator; (ii) confirm annually on EDGAR that all users, account administrators, technical administrators, and/or delegated entities reflected on the dashboard for the filer’s EDGAR account are authorized by the filer, and that the filer’s information on the dashboard is accurate; (iii) maintain accurate and current information on EDGAR concerning the filer’s account, including but not limited to accurate corporate information and contact information (such as mailing and business addresses, email addresses, and telephone numbers); (iv) securely maintain information relevant to the ability to access the filer’s EDGAR account, including but not limited to access through any EDGAR API; and (v) 138 48,089 filings for users without CIKs + 8,836 filings for filers who are seeking to regain access to EDGAR + 404 filings for filers with CIKs who have not yet filed electronically on EDGAR = 57,329 filings. 139 69,651 filings for users without CIKs + 9,390 filings for filers who are seeking to regain access to EDGAR + 416 filings for filers with CIKs who have not yet filed electronically on EDGAR = 79,457 filings. 140 The increase in burden would vary by applicant depending on whether certain of their responses required additional information (e.g., explaining the circumstances surrounding any of its operatives who are currently subject to Federal or State securities law investigations, proceedings, convictions, suspensions, or bars, and for applicants seeking access to an existing CIK account, providing the documents that establish the applicant’s authority over the company or individual currently listed in EDGAR as corresponding to the existing CIK account). 141 79,457 filings × 0.60 hours/filing = 47,674 hours. B. The Dashboard lotter on DSK11XQN23PROD with PROPOSALS3 Annual time burden (hrs.) VerDate Sep<11>2014 18:08 Sep 21, 2023 Jkt 259001 PO 00000 Frm 00030 Fmt 4701 Sfmt 4702 E:\FR\FM\22SEP3.SGM 22SEP3 Federal Register / Vol. 88, No. 183 / Friday, September 22, 2023 / Proposed Rules if the filer chooses to use an EDGAR API, authorize at least two technical administrators to act on the filer’s behalf to manage technical matters related to the filer’s use of an API. Through the dashboard, account administrators could: (i) add and remove users, account administrators, and technical administrators (including removing themselves as an account administrator); (ii) create and edit groups of users; (iii) delegate filing authority to third parties with EDGAR accounts and remove such delegations; and (iv) generate a new CCC. For purposes of the PRA, we estimate that each filer would spend approximately one hour setting up the dashboard, and approximately one hour per annum managing the filer’s account on the dashboard. This burden would vary across filers depending on the size of the filer, the number of users, account administrators, technical administrators, and delegated entities authorized by the filer, as well as the amount of annual staff turnover for those individuals and entities, among other factors. For a small number of filers, the annual burden could significantly exceed our estimate (e.g., filing agents who may have a large number of authorized individuals, as well as multiple accepted delegations and user groups for which delegated users would need to be maintained). On the other hand, for the vast majority of filers, the annual burden would presumably be less than our estimate because we expect most filers to have a small number of authorized individuals and experience little or no annual turnover with regard to those individuals.142 Consequently, the anticipated total annual burden attributed to the dashboard would be approximately 220,000 burden hours.143 Active filers Total annual burden hours Burden hours Entities ................................................................................................................... Individuals .............................................................................................................. 149,000 71,000 65553 × × 1 1 = = 149,000 71,000 220,000 lotter on DSK11XQN23PROD with PROPOSALS3 C. Request for Comment proposed amendments should direct them to the Office of Management and Budget, Attention Desk Officer for the Securities and Exchange Commission, Office of Information and Regulatory Affairs, Washington, DC 20503, and should send a copy to Vanessa Countryman, Secretary, Securities and Exchange Commission, 100 F Street NE, Washington, DC 20549–1090, with reference to File No. S7–15–23. OMB is required to make a decision concerning the collections of information between 30 and 60 days after publication of this release; therefore, a comment to OMB is best assured of having its full effect if OMB receives it within 30 days after publication of this release. Requests for materials submitted to OMB by the Commission with regard to these collections of information should be in writing, refer to File No. S7–15–23, and be submitted to the Securities and Exchange Commission, Office of FOIA Services, 100 F Street NE, Washington, DC 20549–2736. ‘‘major’’ where, if adopted, it results in or is likely to result in: • An annual effect on the U.S. economy of $100 million or more (either in the form of an increase or decrease); • A major increase in costs or prices for consumers or individual industries; or • Significant adverse effects on competition, investment, or innovation. We request comment on whether the proposed amendments would be a ‘‘major rule’’ for purposes of SBREFA. We solicit comment and empirical data on: • The potential effect of the proposed amendments on the U.S. economy on an annual basis; • Any potential increase in costs or prices for consumers or individual industries; and • Any potential effect on competition, investment, or innovation. Commenters are requested to provide empirical data and other factual support for their views to the extent possible. We request comment on whether our estimates for burden hours and any external costs as described above are reasonable. Pursuant to 44 U.S.C. 3506(c)(2)(B), the Commission solicits comments in order to: (i) evaluate whether the proposed collections of information are necessary for the proper performance of the functions of the Commission, including whether the information will have practical utility; (ii) evaluate the accuracy of the Commission’s estimate of the burden of the proposed collections of information; (iii) determine whether there are ways to enhance the quality, utility, and clarity of the information to be collected; (iv) determine whether there are ways to minimize the burden of the collections of information on those who are to respond, including through the use of automated collection techniques or other forms of information technology; and (v) evaluate whether the proposed amendments would have any effects on any other collection of information not previously identified in this section. Any member of the public may direct to us any comments concerning the accuracy of these burden estimates and any suggestions for reducing these burdens. Persons wishing to submit comments on the collection of information requirements of the For purposes of the Small Business Regulatory Enforcement Fairness Act of 1996 (‘‘SBREFA’’),144 the Commission must advise OMB whether a proposed regulation constitutes a ‘‘major’’ rule. Under SBREFA, a rule is considered The Regulatory Flexibility Act (‘‘RFA’’) 145 requires an agency, when issuing a rulemaking proposal, to prepare and make available for public comment an Initial Regulatory Flexibility Analysis (‘‘IFRA’’) that describes the impact of the proposed rule on small entities.146 This IFRA has 142 A filer survey conducted by a filing agent found that at least 64% of respondents planned to have three or fewer account administrators, and 96% of respondents planned to have fewer than 20 users. See Workiva Comment Letter. Moreover, since filers are not required to authorize users, technical administrators, or delegations, filers who did not choose to authorize such individuals or third parties would not have any associated burdens. 143 149,000 active entity filers on EDGAR × 1 hour = 149,000 burden hours. 71,000 active individual filers on EDGAR × 1 hour = 71,000 burden hours. 149,000 burden hours + 71,000 burden hours = 220,000 total annual burden hours. 144 5 U.S.C. 801 et seq. 145 5 U.S.C. 601 et seq. 146 Id. VerDate Sep<11>2014 18:08 Sep 21, 2023 Jkt 259001 VI. Small Business Regulatory Enforcement Act PO 00000 Frm 00031 Fmt 4701 Sfmt 4702 VII. Initial Regulatory Flexibility Analysis E:\FR\FM\22SEP3.SGM 22SEP3 65554 Federal Register / Vol. 88, No. 183 / Friday, September 22, 2023 / Proposed Rules been prepared in accordance with the RFA and relates to the proposed amendments to Rules 10 and 11 of Regulation S–T and Form ID described in Section III.E above. lotter on DSK11XQN23PROD with PROPOSALS3 A. Reasons for, and Objectives of, the Proposed Action The purpose of the proposed amendments is to enhance the security of EDGAR accounts, improve the ability of filers to securely maintain access to their EDGAR accounts, facilitate the responsible management of EDGAR filer credentials, and simplify procedures for accessing EDGAR. Among other things, the proposed amendments would require each filer to: • Authorize individuals to act on its behalf on the dashboard only if those individuals have obtained individual account credentials in the manner to be specified in the EDGAR Filer Manual; • Authorize and maintain individuals as account administrators to manage their EDGAR accounts; • Confirm annually on EDGAR, through their account administrators, that all account administrators, users, technical administrators and delegated entities reflected on the dashboard for the filer’s EDGAR account are authorized by the filer to act on its behalf, and that all information about the filer on the dashboard is accurate; • Maintain accurate and current information on EDGAR concerning the filer’s account; and • Securely maintain information relevant to the ability to access the filer’s EDGAR account. Filers who chose to use the optional EDGAR APIs that the Commission would offer for machine-to-machine submissions on EDGAR and to facilitate filers’ retrieval of related information, would, among other things, be required through their account administrators to authorize two technical administrators to manage tokens and other technical aspects of the EDGAR APIs. B. Legal Basis We are proposing the amendments contained in this release under the authority set forth in sections 6, 7, 8, 10, and 19(a) of the Securities Act of 1933 (‘‘Securities Act’’),147 sections 3, 4A, 4B, 12, 13, 14, 15, 15B, 23, and 35A of the Exchange Act,148 section 319 of the Trust Indenture Act of 1939,149 and sections 8, 30, 31, and 38 of the Investment Company Act of 1940 (‘‘Investment Company Act’’).150 147 15 U.S.C. 77f, 77g, 77h, 77j, and 77s (a). U.S.C. 78c, 78d–1, 78d–2, 78l, 78m, 78n, 78o, 78o–4, 78w, and 78ll. 149 15 U.S.C. 77sss. 150 15 U.S.C. 80a–8, 80a–29, 80a–30, and 80a–37. 148 15 VerDate Sep<11>2014 18:08 Sep 21, 2023 Jkt 259001 C. Small Entities Subject to the Proposed Rule and Form Amendments The proposed amendments would affect individuals and entities that have EDGAR accounts or that seek to open EDGAR accounts. The RFA defines ‘‘small entity’’ to mean ‘‘small business,’’ ‘‘small organization,’’ or ‘‘small governmental jurisdiction.’’ 151 For purposes of the RFA, under our rules, an issuer, other than an investment company, is a small entity if it had total assets of $5 million or less on the last day of its most recent fiscal year.152 We estimate there are 908 issuers that file with the Commission— other than investment companies—that would be considered small entities for purposes of this analysis.153 With respect to investment companies and investment advisers, an investment company, including a business development company, is considered to be a small entity if it, together with other investment companies in the same group of related investment companies, has net assets of $50 million or less as of the end of its most recent fiscal year.154 We estimate that there are 82 registered investment companies (including business development companies and unit-investment trusts) that would be considered small entities.155 An investment adviser is generally considered a small entity if it: (1) has assets under management having a total value of less than $25 million; (2) did not have total assets of $5 million or more on the last day of the most recent fiscal year; and (3) does not control, is not controlled by, and is not under common control with another investment adviser that has assets under management of $25 million or more, or any person (other than a natural person) that had total assets of $5 million or more on the last day of its most recent fiscal year.156 We estimate that there are 594 investment advisers that would be considered small entities.157 151 5 U.S.C. 601(6). 17 CFR 240.0–10(a)). 153 This estimate is based on staff analysis of issuers potentially subject to the final amendments, excluding co-registrants, with EDGAR filings on Form 10–K, or amendments thereto, filed during the calendar year of Jan. 1, 2022 to Dec. 31, 2022. This analysis is based on data from XBRL filings, Compustat, Ives Group Audit Analytics, and manual review of filings submitted to the Commission. 154 See 17 CFR 270.0–10. 155 This estimate is derived from an analysis of data obtained from Morningstar Direct as well as data filed with the Commission (on Forms N–CSR, NPORT–P, 10–Q, and 10–K) for the last quarter of 2022. 156 17 CFR 275.0–7. 157 We based this estimate on registered investment adviser responses to Items 5.F. and 12 of Form ADV. 152 See PO 00000 Frm 00032 Fmt 4701 Sfmt 4702 A transfer agent is considered to be a small entity if it: (1) received less than 500 items for transfer and less than 500 items for processing during the preceding six months (or in the time that it has been in business, if shorter); (2) transferred items only of issuers that would be deemed ‘‘small businesses’’ or ‘‘small organizations’’ as defined in 17 CFR 240.0–10; (3) maintained master shareholder files that in the aggregate contained less than 1,000 shareholder accounts or was the named transfer agent for less than 1,000 shareholder accounts at all times during the preceding fiscal year (or in the time that it has been in business, if shorter); and (4) is not affiliated with any person (other than a natural person) that is not a small business or small organization under 17 CFR 240.0–10.158 We estimate that there are 126 transfer agents that would be considered small entities.159 With respect to municipal securities dealers and broker-dealers, a municipal securities dealer that is a bank (including any separately identifiable department or division of a bank) is a small entity if it: (1) had, or is a department of a bank that had, total assets of less than $10 million at all times during the preceding fiscal year (or in the time that it has been in business, if shorter); (2) had an average monthly volume of municipal securities transactions in the preceding fiscal year (or in the time it has been registered, if shorter) of less than $100,000; and (3) is not affiliated with any person (other than a natural person) that is not a small business or small organization as defined in 17 CFR 240.0–10.160 We estimate there are 171 municipal securities dealers that would be considered small entities.161 A brokerdealer is a small entity if it: (1) had total capital (net worth plus subordinated liabilities) of less than $500,000 on the date in the prior fiscal year as of which its audited financial statements were prepared pursuant to § 240.17a–5(d) or, if not required to file such statements, a broker or dealer that had total capital (net worth plus subordinated liabilities) of less than $500,000 on the last business day of the preceding fiscal year (or in the time that it has been in business, if shorter); and (2) is not affiliated with any person (other than a natural person) that is not a small business or small organization as 158 17 CFR 240.0–10(h). based this estimate on transfer agent responses to questions 4(a) and 5(a) on their latest filing on Form TA–2. 160 17 CFR 240.0–10(f). 161 This estimate is based on MSRB data filed during the calendar year of Jan. 1, 2022 to Dec. 31, 2022. 159 We E:\FR\FM\22SEP3.SGM 22SEP3 Federal Register / Vol. 88, No. 183 / Friday, September 22, 2023 / Proposed Rules lotter on DSK11XQN23PROD with PROPOSALS3 defined in 17 CFR 240.0–10.162 We estimate that there are 782 brokerdealers that would be considered small entities.163 A clearing agency is a small entity if it: (1) compared, cleared and settled less than $500 million in securities transactions during the preceding fiscal year (or in the time that it has been in business, if shorter); (2) had less than $200 million of funds and securities in its custody or control at all times during the preceding fiscal year (or in the time that it has been in business, if shorter); and (3) is not affiliated with any person (other than a natural person) that is not a small business or small organization as defined in 17 CFR 240.0–10.164 We estimate there are zero clearing agencies that are small entities. An exchange is a small entity if it: (1) has been exempted from the reporting requirements of § 242.601 of this chapter; and (2) is not affiliated with any person (other than a natural person) that is not a small business or small organization as defined in 17 CFR 240.0–10.165 We estimate there are zero exchanges that are small entities. A securities information processor is a small entity if it: (1) had gross revenues of less than $10 million during the preceding fiscal year (or in the time it has been in business, if shorter); (2) provided service to fewer than 100 interrogation devices or moving tickers at all times during the preceding fiscal year (or in the time that it has been in business, if shorter); and (3) is not affiliated with any person (other than a natural person) that is not a small business or small organization under 17 CFR 240.0–10.166 We estimate there are zero securities information processors that are small entities. Collectively, we estimate that there are 2,663 small entities that would be potentially subject to the proposed amendments, based on our review of data reported as of December 31, 2022. D. Reporting, Recordkeeping, and Other Compliance Requirements As noted above, the purpose of the proposed amendments would be to update access and provide secure management of individual and entity filers’ EDGAR accounts. If adopted, the proposed amendments are expected to apply to all applicants and current EDGAR accounts and would apply to small entities to the same extent as other 162 17 CFR 240.0–10(c). 163 This estimate is based on FOCUS Report data filed during the calendar year of Jan. 1, 2022 to Dec. 31, 2022. 164 17 CFR 240.0–10(d). 165 17 CFR 240.0–10(e). 166 17 CFR 240.0–10(g). VerDate Sep<11>2014 18:08 Sep 21, 2023 Jkt 259001 entities, irrespective of size. Therefore, we generally expect the nature of any benefits and cost associated with the proposed amendments to be similar for large and small entities. We note, and as discussed above,167 all existing and new EDGAR filers will be subject to certain fixed costs to update and maintain an EDGAR account under the proposed amendments, which may result in a proportionally larger burden on small filers. We expect that the proposed amendments to the rules and form to update access and management of EDGAR accounts would have a small incremental effect on existing reporting, recordkeeping and other compliance burdens for all existing and new EDGAR filers, including small entities. The proposed amendments would simplify account management by providing an interactive dashboard on EDGAR, populated with EDGAR account information, as the central platform for account administrators and other delegated individuals to manage access to the account, update account information and send communications and notifications. Some of the proposed amendments, including requirements for all filers to confirm the accuracy of their account information, including authorizations for all account administrators, users, technical administrators, and/or delegated entities, would require the use of administrative and technical skills, and increase compliance costs for registrants, although we do not expect these additional costs would be significant. E. Duplicative, Overlapping, or Conflicting Federal Rules We believe that the proposed amendments would not duplicate, overlap, or conflict with other Federal rules. F. Significant Alternatives The RFA directs us to consider alternatives that would accomplish our stated objectives, while minimizing any significant adverse impact on small entities. In connection with the proposed amendments, we considered the following alternatives: i. Establishing different compliance requirements for individual and entity EDGAR account managers that take into account the resources available to small entities; ii. Clarifying, consolidating, or simplifying compliance and reporting requirements under the rules for small entities; 167 See PO 00000 Section IV.C.2. Frm 00033 Fmt 4701 Sfmt 4702 65555 iii. Using performance rather than design standards; 168 and iv. Exempting small entities from all or part of the requirements. Regarding the first, third, and fourth alternatives,169 we do not believe that establishing different compliance requirements, using performance rather than design standards, or exempting small entities from the requirements would permit us to obtain our desired objectives. We are concerned that each of these alternatives would frustrate our efforts to enhance the security of EDGAR, improve the ability of filers to securely manage and maintain access to their EDGAR accounts, facilitate the responsible management of EDGAR filer credentials, and simplify procedures for accessing EDGAR. The proposed amendments set forth uniform requirements for each filer to formally authorize individuals to act on the filer’s behalf in EDGAR as account administrators, users, and technical administrators, which would allow EDGAR to determine whether authorized individuals were accessing and taking actions with regards to the filer’s EDGAR account. As proposed, all individuals accessing EDGAR would be required to sign in with individual account credentials and multi-factor authentication, which would allow EDGAR to identify the individuals accessing EDGAR. As discussed above, we believe that by imposing these requirements on all existing and prospective EDGAR filers, the Commission’s EDGAR Next proposal would generally improve the security of the EDGAR system by establishing a uniform method for authorizing, identifying, and tracking all individuals authorized to act on each filer’s behalf. We anticipate that establishing different compliance requirements, using performance rather than design standards, or exempting small entities would result in a patchwork compliance regime that would frustrate the ability of filing agents and other service providers to efficiently manage filer credentials and manage and maintain access to filers’ EDGAR accounts, and would likewise frustrate our efforts to simplify procedures for accessing EDGAR.170 As noted above,171 the Commission considered using a performance-based approach rather than the design standards of the anticipated EDGAR 168 See the discussion of performance-based standards in Section IV.D.3. 169 See the discussion of compliance requirements in Section IV.D.2. 170 See supra notes 28–29 (indicating that 60– 90% of EDGAR filings may be submitted by filing agents). 171 See Section IV.D.3. E:\FR\FM\22SEP3.SGM 22SEP3 lotter on DSK11XQN23PROD with PROPOSALS3 65556 Federal Register / Vol. 88, No. 183 / Friday, September 22, 2023 / Proposed Rules Next changes and the proposed rule. Revising the EDGAR Next changes to make them more performance-based would reduce the regulatory burden for certain filers by permitting them to tailor their EDGAR access compliance requirements to fit their own particular circumstances. For example, small filers could determine that they do not need the additional security provided by multi-factor authentication for designated individuals to be authorized to act on their behalf on the dashboard. Furthermore, larger filers might opt to authorize only one account administrator rather than authorize and maintain two such individuals. However, after consideration, we believe that permitting filers to tailor their EDGAR access compliance requirements to fit their own particular circumstances would diminish the intended benefits of the EDGAR Next changes. As discussed earlier,172 bypassing the individual account credential requirements would make it difficult for the Commission to match specific filings to the relevant individual who made the submissions. Likewise, generally allowing filers to have only one account administrator would increase the likelihood that Commission staff could not reach an account administrator when it had timesensitive questions about access to or activity on the account. Overall, a performance-based approach would create inconsistencies in improving the overall security of EDGAR, facilitating the responsible management of EDGAR filer credentials, and simplifying procedures for accessing EDGAR. In addition, any cost savings associated with a performance-based approach would likely be minimal because filers would still incur the cost of compliance. Further, this alternative would limit the magnitude of the benefits for filers that would result from the contemplated EDGAR Next changes. In addition, establishing different compliance requirements, using performance rather than design standards, or exempting small entities could permit individuals to access EDGAR accounts for small filers without being authorized on the dashboard, without multi-factor authentication, and without their EDGAR permissions being individually verified by EDGAR. Furthermore, if these exemptions or alternatives for small entities were implemented so that individuals acting on behalf of small entities were not required to obtain individual account credentials, the Commission would not be able to associate individuals with the 172 Id. VerDate Sep<11>2014 18:08 Sep 21, 2023 Jkt 259001 specific filings they submitted on behalf of small entities. Collectively, this would reduce the security of EDGAR accounts for small entities, hinder the ability of the Commission and filers to prevent and resolve problematic and unauthorized filings, and frustrate our efforts to require small entities to responsibly manage EDGAR filer credentials. Regarding the second alternative, we believe the proposal is clear, and that clarifying, consolidating, or simplifying compliance requirements for EDGAR filers, including small entities, is not necessary. All EDGAR users currently follow the same process and rules to access and maintain their EDGAR accounts. The proposed changes to EDGAR account management that are intended in many ways to simplify procedures for accessing EDGAR purposes of EDGAR account management. Among other things, the proposed changes would eliminate the need for individuals to track and share EDGAR passwords, PMACs, and passphrase codes for each CIK. Instead, each individual would only be responsible for tracking a single set of individual account credentials, which we contemplate would be issued by Login.gov. Once the individual logged into EDGAR by using those credentials, the dashboard would automatically authenticate the individual and provide them with the appropriate access to each CIK for which they had been authorized to take action. The dashboard would also display any relevant individual codes or tokens (such as user API tokens or CCCs), instead of requiring the individual to personally track or record those codes or tokens. This should result in more streamlined, modern access processes that would benefit all filers, including individuals and small entities. • Whether there are any Federal rules that duplicate, overlap, or conflict with the proposed amendments. Commenters are asked to describe the nature of any effect and provide empirical data supporting the extent of that effect. Comments will be considered in the preparation of the Final Regulatory Flexibility Analysis, if the proposed rules are adopted, and will be placed in the same public file as comments on the proposed rules themselves. Statutory Authority We are proposing to amend Rules 10 and 11 of Regulation S–T and Form ID under the authority in sections 6, 7, 8, 10, and 19(a) of the Securities Act,173 sections 3, 4A, 4B, 12, 13, 14, 15, 15B, 23, and 35A of the Exchange Act,174 section 319 of the Trust Indenture Act of 1939,175 and sections 8, 30, 31, and 38 of the Investment Company Act.176 List of Subjects 17 CFR Part 232 Administrative practice and procedure, Confidential business information, Electronic filing, Incorporation by reference, Reporting and recordkeeping requirements, Securities. 17 CFR Part 239 Administrative practice and procedure, Confidential business information, Incorporation by reference, Reporting and recordkeeping requirements, Securities. 17 CFR Part 249 Administrative practice and procedure, Brokers, Fraud, Reporting and recordkeeping requirements, Securities. G. Request for Comment 17 CFR Part 269 We encourage the submission of comments with respect to any aspect of this RFA. In particular, we request comments regarding: • How the proposed rule and form amendments can achieve their objective while lowering the burden on individuals and small entities; • The number of individuals and small entities that may be affected by the proposed rule and form amendments; • The existence or nature of the potential effects of the proposed amendments on individuals and small entities discussed in the analysis; and • How to quantify the effects of the proposed amendments; and Reporting and recordkeeping requirements, Securities, Trusts and trustees. PO 00000 Frm 00034 Fmt 4701 Sfmt 4702 17 CFR Part 274 Administrative practice and procedure, Electronic funds transfers, Investment companies, Reporting and recordkeeping requirements, Securities. For the reasons discussed above, we propose to amend 17 CFR chapter II as follows: 173 15 U.S.C. 77f, 77g, 77h, 77j, and 77s (a). U.S.C. 78c, 78l, 78m, 78n, 78o, 78o–4, 78w, and 78ll. 175 15 U.S.C. 77sss. 176 15 U.S.C. 80a–8, 80a–29, 80a–30, and 80a–37. 174 15 E:\FR\FM\22SEP3.SGM 22SEP3 Federal Register / Vol. 88, No. 183 / Friday, September 22, 2023 / Proposed Rules PART 232—REGULATION S–T— GENERAL RULES AND REGULATIONS FOR ELECTRONIC FILINGS 1. The general authority citation for part 232 continues to read as follows: ■ Authority: 15 U.S.C. 77c, 77f, 77g, 77h, 77j, 77s(a), 77z–3, 77sss(a), 78c(b), 78l, 78m, 78n, 78o(d), 78w(a), 78ll, 80a–6(c), 80a–8, 80a–29, 80a–30, 80a–37, 80b–4, 80b–10, 80b– 11, 7201 et seq.; and 18 U.S.C. 1350, unless otherwise noted. * * * * * 2. Amend § 232.10 by: a. Revising paragraph (b); b. Adding paragraph (d); and c. Revising Note to § 232.10. The revisions and additions read as follows: ■ ■ ■ ■ § 232.10 Application of part 232. lotter on DSK11XQN23PROD with PROPOSALS3 * * * * * (b) Each electronic filer must, before filing on EDGAR: (1) File electronically the information required by Form ID (§§ 239.63, 249.446, 269.7 and 274.402 of this chapter), the application for EDGAR access, which must be completed by an individual authorized by the electronic filer as its account administrator, pursuant to paragraph (d)(2) of this section, and (2) File, by uploading as a Portable Document Format (PDF) attachment to the Form ID filing, a notarized document, signed by the electronic filer or its authorized individual, that includes the information required to be included in the Form ID filing and confirms the authenticity of the Form ID filing. * * * * * (d) To file on EDGAR, each electronic filer must comply with the EDGAR account access and account management requirements set forth in this section and in the EDGAR Filer Manual. (1) The electronic filer may only authorize individuals to act on its behalf on the dashboard if those individuals have obtained individual account credentials for EDGAR in the manner specified in the EDGAR Filer Manual; (2) Each electronic filer must authorize and maintain at least two (2) individuals as account administrators to act on the electronic filer’s behalf to manage its EDGAR account, except an electronic filer who is an individual or single-member company must authorize and maintain at least one (1) individual as an account administrator to manage its EDGAR account; (3) If the electronic filer chooses to use an EDGAR Application Programming Interface, the electronic filer, through its authorized account VerDate Sep<11>2014 18:08 Sep 21, 2023 Jkt 259001 administrator(s), must authorize at least two technical administrators to act on the electronic filer’s behalf to manage technical matters related to the electronic filer’s use of any EDGAR Application Programming Interfaces; (4) The electronic filer, through its authorized account administrator(s), must confirm annually on EDGAR that all account administrator(s), users, technical administrators, and/or delegated entities reflected on the dashboard for its EDGAR account are authorized by the electronic filer to act on its behalf, and that all information about the filer on the dashboard is accurate; (5) The electronic filer, through its authorized account administrator(s), must maintain accurate and current information on EDGAR concerning the electronic filer’s account, including but not limited to accurate corporate information and contact information; and (6) The electronic filer, through its authorized account administrator(s), must securely maintain information relevant to the ability to access the electronic filer’s EDGAR account, including but not limited to access through any EDGAR Application Programming Interfaces. Note to § 232.10: The Commission staff carefully reviews each Form ID, and electronic filers should not assume that the Commission staff will automatically approve the Form ID upon its submission. Therefore, any applicant seeking EDGAR access is encouraged to submit the Form ID for review well in advance of the first required filing to allow sufficient time for staff to review the application. 3. Amend § 232.11 by: a. Adding definitions for ‘‘Account administrator’’, ‘‘Application Programming Interface’’, ‘‘Authorized individual’’, ‘‘Dashboard’’, ‘‘Delegated entity’’ in alphabetical order; ■ b. Revising the definitions for ‘‘Direct transmission’’ and ‘‘EDGAR Filer Manual’’; and ■ c. Adding the definitions for ‘‘Filing agent’’, ‘‘Individual account credentials’’, Single-member company’’, ‘‘Technical administrator’’, and ‘‘User’’ in alphabetical order. The additions and revisions read as follows: ■ ■ § 232.11 part. Definitions of terms used in this * * * * * Account administrator. The term account administrator means an individual that the electronic filer authorizes to manage its EDGAR PO 00000 Frm 00035 Fmt 4701 Sfmt 4702 65557 account and to make filings on EDGAR on the electronic filer’s behalf. * * * * * Application Programming Interface. The term Application Programming Interface, or API, means a software interface that allows computers or applications to communicate with each other. * * * * * Authorized individual. The term authorized individual means an individual with the authority to legally bind the entity or individual applying for access to EDGAR on Form ID, or an individual with a power of attorney from an individual with the authority to legally bind the applicant. The power of attorney document must clearly state that the individual receiving the power of attorney has general legal authority to bind the applicant or specific legal authority to bind the applicant for purposes of applying for access to EDGAR on Form ID. * * * * * Dashboard. The term dashboard means an interactive function on EDGAR where electronic filers manage their EDGAR accounts and individuals that electronic filers authorize may take relevant actions for electronic filers’ accounts. Delegated entity. The term delegated entity means an electronic filer that another electronic filer authorizes, on the dashboard, to file on EDGAR on its behalf. Delegated entities must themselves be electronic filers and must follow all rules applicable to electronic filers. Delegated entities are not permitted to further delegate authority to file for a delegating electronic filer, nor are they permitted to take action on the delegating electronic filer’s dashboard. * * * * * Direct transmission. The term direct transmission means the transmission to EDGAR of one or more electronic submissions. * * * * * EDGAR Filer Manual. The term EDGAR Filer Manual means the manual that sets forth the requirements for access to EDGAR and the procedural requirements to make electronic submissions on EDGAR. Note: See Rule 301 of Regulation S–T (§ 232.301). * * * * * Filing agent. The term filing agent means any person or entity engaged in the business of making submissions on EDGAR on behalf of electronic filers. To act as a delegated entity for an electronic filer, a filing agent must be an electronic filer with an EDGAR account. * * * * * E:\FR\FM\22SEP3.SGM 22SEP3 65558 Federal Register / Vol. 88, No. 183 / Friday, September 22, 2023 / Proposed Rules Individual account credentials. The term individual account credentials means credentials issued to individuals for purposes of EDGAR access, as specified in the EDGAR Filer Manual, and used by those individuals to access EDGAR. * * * * * Single-member company. The term single-member company means a company that has a single individual who acts as the sole equity holder, director, and officer (or, in the case of an entity without directors and officers, holds position(s) performing similar activities as a director and officer). * * * * * Technical administrator. The term technical administrator means an individual that the electronic filer authorizes on the dashboard to manage the technical aspects of the electronic filer’s use of EDGAR Application Programming Interfaces on the electronic filer’s behalf. * * * * * User. The term user means an individual that the electronic filer authorizes on the dashboard to make submissions on EDGAR on the electronic filer’s behalf. PART 239—FORMS PRESCRIBED UNDER THE SECURITIES ACT OF 1933 4. The authority citation for part 239 continues to read, in part, as follows: ■ Authority: 15 U.S.C. 77c, 77f, 77g, 77h, 77j, 77s, 77z–2, 77z–3, 77sss, 78c, 78l, 78m, 78n, 78o(d), 78o–7 note, 78u–5, 78w(a), 78ll, 78mm, 80a–2(a), 80a–3, 80a–8, 80a–9, 80a– 10, 80a–13, 80a–24, 80a–26, 80a–29, 80a–30, 80a–37, and sec. 71003 and sec. 84001, Pub. L. 114–94, 129 Stat. 1321, unless otherwise noted. * * * * * lotter on DSK11XQN23PROD with PROPOSALS3 Sections 239.63 and 239.64 are also issued under 15 U.S.C. 77f, 77g, 77h, 77j, 77s(a), VerDate Sep<11>2014 18:08 Sep 21, 2023 Jkt 259001 77sss(a), 78c(b), 78l, 78m, 78n, 78o(d), 78w(a), 80a–8, 80a–24, 80a–29, and 80a–37. ■ 5. Revise § 239.63 to read as follows: § 239.63 access. Form ID, application for EDGAR Form ID must be filed by electronic filers, or by their account administrators, to request EDGAR access and to authorize account administrators to manage the electronic filer’s EDGAR account. ■ 6. Form ID (referenced in §§ 239.63, 249.446, 269.7, and 274.402) is revised: Note: Form ID is attached as Appendix A at the end of this document. Form ID will not appear in the Code of Federal Regulations. PART 249—FORMS, SECURITIES EXCHANGE ACT OF 1934 7. The general authority citation for part 249 continues to read as follows: ■ Authority: 15 U.S.C. 78a et seq. and 7201 et seq.; 12 U.S.C. 5461 et seq.; 18 U.S.C. 1350; Sec. 953(b) Pub. L. 111–203, 124 Stat. 1904; Sec. 102(a)(3) Pub. L. 112–106, 126 Stat. 309 (2012), Sec. 107 Pub. L. 112–106, 126 Stat. 313 (2012), Sec. 72001 Pub. L. 114–94, 129 Stat. 1312 (2015), and secs. 2 and 3 Pub. L. 116–222, 134 Stat. 1063 (2020), unless otherwise noted. * ■ * * * * 8. Revise § 249.446 to read as follows: § 249.446 access. Form ID, application for EDGAR Form ID must be filed by electronic filers, or by their account administrators, to request EDGAR access and to authorize account administrators to manage the electronic filer’s EDGAR account. PART 269—FORMS PRESCRIBED UNDER THE TRUST INDENTURE ACT OF 1939 9. The authority citation for part 269 continues to read as follows: Authority: 15 U.S.C. 77ddd(c), 77eee, 77ggg, 77hhh, 77iii, 77jjj, 77sss, and 78ll(d), unless otherwise noted. ■ 10. Revise § 269.7 to read as follows: § 269.7 Form ID, application for EDGAR access. Form ID must be filed by electronic filers, or by their account administrators, to request EDGAR access and to authorize account administrators to manage the electronic filer’s EDGAR account. PART 274—FORMS PRESCRIBED UNDER THE INVESTMENT COMPANY ACT OF 1940 11. The authority citation for part 274 continues to read as follows: ■ Authority: 15 U.S.C. 77f, 77g, 77h, 77j, 77s, 78c(b), 78l, 78m, 78n, 78o(d), 80a–8, 80a–24, 80a–26, 80a–29, and 80a–37, unless otherwise noted. * * * * * 12. Revise § 274.402 to read as follows: ■ § 274.402 access. Form ID, application for EDGAR Form ID must be filed by electronic filers, or by their account administrators, to request EDGAR access and to authorize account administrators to manage the electronic filer’s EDGAR account. By the Commission. Dated: September 13, 2023. J. Matthew DeLesDernier, Deputy Secretary. Note: Appendix A will not appear in the Code of Federal Regulations. ■ PO 00000 Frm 00036 Fmt 4701 Sfmt 4702 BILLING CODE 8011–01–P E:\FR\FM\22SEP3.SGM 22SEP3 VerDate Sep<11>2014 18:08 Sep 21, 2023 Jkt 259001 PO 00000 Frm 00037 Fmt 4701 Sfmt 4725 E:\FR\FM\22SEP3.SGM 22SEP3 65559 EP22SE23.004</GPH> lotter on DSK11XQN23PROD with PROPOSALS3 Federal Register / Vol. 88, No. 183 / Friday, September 22, 2023 / Proposed Rules VerDate Sep<11>2014 Federal Register / Vol. 88, No. 183 / Friday, September 22, 2023 / Proposed Rules 18:08 Sep 21, 2023 Jkt 259001 PO 00000 Frm 00038 Fmt 4701 Sfmt 4725 E:\FR\FM\22SEP3.SGM 22SEP3 EP22SE23.005</GPH> lotter on DSK11XQN23PROD with PROPOSALS3 65560 VerDate Sep<11>2014 18:08 Sep 21, 2023 Jkt 259001 PO 00000 Frm 00039 Fmt 4701 Sfmt 4725 E:\FR\FM\22SEP3.SGM 22SEP3 65561 EP22SE23.006</GPH> lotter on DSK11XQN23PROD with PROPOSALS3 Federal Register / Vol. 88, No. 183 / Friday, September 22, 2023 / Proposed Rules VerDate Sep<11>2014 Federal Register / Vol. 88, No. 183 / Friday, September 22, 2023 / Proposed Rules 18:08 Sep 21, 2023 Jkt 259001 PO 00000 Frm 00040 Fmt 4701 Sfmt 4725 E:\FR\FM\22SEP3.SGM 22SEP3 EP22SE23.007</GPH> lotter on DSK11XQN23PROD with PROPOSALS3 65562 VerDate Sep<11>2014 18:08 Sep 21, 2023 Jkt 259001 PO 00000 Frm 00041 Fmt 4701 Sfmt 4725 E:\FR\FM\22SEP3.SGM 22SEP3 65563 EP22SE23.008</GPH> lotter on DSK11XQN23PROD with PROPOSALS3 Federal Register / Vol. 88, No. 183 / Friday, September 22, 2023 / Proposed Rules VerDate Sep<11>2014 Federal Register / Vol. 88, No. 183 / Friday, September 22, 2023 / Proposed Rules 18:08 Sep 21, 2023 Jkt 259001 PO 00000 Frm 00042 Fmt 4701 Sfmt 4725 E:\FR\FM\22SEP3.SGM 22SEP3 EP22SE23.009</GPH> lotter on DSK11XQN23PROD with PROPOSALS3 65564 VerDate Sep<11>2014 18:08 Sep 21, 2023 Jkt 259001 PO 00000 Frm 00043 Fmt 4701 Sfmt 4725 E:\FR\FM\22SEP3.SGM 22SEP3 65565 EP22SE23.010</GPH> lotter on DSK11XQN23PROD with PROPOSALS3 Federal Register / Vol. 88, No. 183 / Friday, September 22, 2023 / Proposed Rules VerDate Sep<11>2014 Federal Register / Vol. 88, No. 183 / Friday, September 22, 2023 / Proposed Rules 18:08 Sep 21, 2023 Jkt 259001 PO 00000 Frm 00044 Fmt 4701 Sfmt 4725 E:\FR\FM\22SEP3.SGM 22SEP3 EP22SE23.011</GPH> lotter on DSK11XQN23PROD with PROPOSALS3 65566 VerDate Sep<11>2014 18:08 Sep 21, 2023 Jkt 259001 PO 00000 Frm 00045 Fmt 4701 Sfmt 4725 E:\FR\FM\22SEP3.SGM 22SEP3 65567 EP22SE23.012</GPH> lotter on DSK11XQN23PROD with PROPOSALS3 Federal Register / Vol. 88, No. 183 / Friday, September 22, 2023 / Proposed Rules VerDate Sep<11>2014 Federal Register / Vol. 88, No. 183 / Friday, September 22, 2023 / Proposed Rules 18:08 Sep 21, 2023 Jkt 259001 PO 00000 Frm 00046 Fmt 4701 Sfmt 4725 E:\FR\FM\22SEP3.SGM 22SEP3 EP22SE23.013</GPH> lotter on DSK11XQN23PROD with PROPOSALS3 65568 VerDate Sep<11>2014 18:08 Sep 21, 2023 Jkt 259001 PO 00000 Frm 00047 Fmt 4701 Sfmt 4725 E:\FR\FM\22SEP3.SGM 22SEP3 65569 EP22SE23.014</GPH> lotter on DSK11XQN23PROD with PROPOSALS3 Federal Register / Vol. 88, No. 183 / Friday, September 22, 2023 / Proposed Rules VerDate Sep<11>2014 Federal Register / Vol. 88, No. 183 / Friday, September 22, 2023 / Proposed Rules 18:08 Sep 21, 2023 Jkt 259001 PO 00000 Frm 00048 Fmt 4701 Sfmt 4725 E:\FR\FM\22SEP3.SGM 22SEP3 EP22SE23.015</GPH> lotter on DSK11XQN23PROD with PROPOSALS3 65570 VerDate Sep<11>2014 18:08 Sep 21, 2023 Jkt 259001 PO 00000 Frm 00049 Fmt 4701 Sfmt 4725 E:\FR\FM\22SEP3.SGM 22SEP3 65571 EP22SE23.016</GPH> lotter on DSK11XQN23PROD with PROPOSALS3 Federal Register / Vol. 88, No. 183 / Friday, September 22, 2023 / Proposed Rules VerDate Sep<11>2014 Federal Register / Vol. 88, No. 183 / Friday, September 22, 2023 / Proposed Rules 18:08 Sep 21, 2023 Jkt 259001 PO 00000 Frm 00050 Fmt 4701 Sfmt 4725 E:\FR\FM\22SEP3.SGM 22SEP3 EP22SE23.017</GPH> lotter on DSK11XQN23PROD with PROPOSALS3 65572 VerDate Sep<11>2014 18:08 Sep 21, 2023 Jkt 259001 PO 00000 Frm 00051 Fmt 4701 Sfmt 4725 E:\FR\FM\22SEP3.SGM 22SEP3 65573 EP22SE23.018</GPH> lotter on DSK11XQN23PROD with PROPOSALS3 Federal Register / Vol. 88, No. 183 / Friday, September 22, 2023 / Proposed Rules VerDate Sep<11>2014 Federal Register / Vol. 88, No. 183 / Friday, September 22, 2023 / Proposed Rules 18:08 Sep 21, 2023 Jkt 259001 PO 00000 Frm 00052 Fmt 4701 Sfmt 4725 E:\FR\FM\22SEP3.SGM 22SEP3 EP22SE23.019</GPH> lotter on DSK11XQN23PROD with PROPOSALS3 65574 65575 [FR Doc. 2023–20268 Filed 9–21–23; 8:45 am] BILLING CODE 8011–01–C VerDate Sep<11>2014 18:08 Sep 21, 2023 Jkt 259001 PO 00000 Frm 00053 Fmt 4701 Sfmt 9990 E:\FR\FM\22SEP3.SGM 22SEP3 EP22SE23.020</GPH> lotter on DSK11XQN23PROD with PROPOSALS3 Federal Register / Vol. 88, No. 183 / Friday, September 22, 2023 / Proposed Rules

Agencies

SECURITIES AND EXCHANGE COMMISSION

[Federal Register Volume 88, Number 183 (Friday, September 22, 2023)]
[Proposed Rules]
[Pages 65524-65575]
From the Federal Register Online via the Government Publishing Office [www.gpo.gov]
[FR Doc No: 2023-20268]



[[Page 65523]]

Vol. 88

Friday,

No. 183

September 22, 2023

Part III





Securities and Exchange Commission





-----------------------------------------------------------------------





17 CFR Parts 232, 239, 249, et al.





EDGAR Filer Access and Account Management; Proposed Rule

Federal Register / Vol. 88, No. 183 / Friday, September 22, 2023 / 
Proposed Rules

[[Page 65524]]


-----------------------------------------------------------------------

SECURITIES AND EXCHANGE COMMISSION

17 CFR Parts 232, 239, 249, 269, and 274

[Release Nos. 33-11232; 34-98368; 39-2551; IC-34996; File No. S7-15-23]
RIN 3235-AM58


EDGAR Filer Access and Account Management

AGENCY: Securities and Exchange Commission.

ACTION: Proposed rule.

-----------------------------------------------------------------------

SUMMARY: The Securities and Exchange Commission (``Commission'') is 
proposing rule and form amendments concerning access to and management 
of accounts on the Commission's Electronic Data Gathering, Analysis, 
and Retrieval system (``EDGAR'') that are related to potential 
technical changes to EDGAR (collectively referred to as ``EDGAR 
Next''). We propose to require that electronic filers (``filers'') 
authorize and maintain designated individuals as account administrators 
and that filers, through their account administrators, take certain 
actions to manage their accounts on a dashboard on EDGAR. Further, we 
propose that filers may only authorize individuals as account 
administrators or in the other roles described herein if those 
individuals first obtain individual account credentials in the manner 
to be specified in the EDGAR Filer Manual. As part of the EDGAR Next 
changes, the Commission would offer filers optional Application 
Programming Interfaces (``APIs'') for machine-to-machine communication 
with EDGAR, including submission of filings and retrieval of related 
information. If the proposed rule and form amendments are adopted, the 
Commission would make corresponding changes to the EDGAR Filer Manual 
and implement the potential technical changes.

DATES: Comments should be received on or before November 21, 2023.

ADDRESSES: Comments may be submitted by any of the following methods:

Electronic Comments

     Use the Commission's internet comment form (https://www.sec.gov/rules/submitcomments.htm); or
     Send an email to [email protected]. Please include 
File Number S7-15-23 on the subject line.

Paper Comments

     Send paper comments to Secretary, Securities and Exchange 
Commission, 100 F Street NE, Washington, DC 20549.

All submissions should refer to File Number S7-15-23. This file number 
should be included on the subject line if email is used. To help the 
Commission process and review your comments more efficiently, please 
use only one method of submission. The Commission will post all 
submitted comments on the Commission's website (https://www.sec.gov/rules/proposed.shtml). Comments are also available for website viewing 
and printing in the Commission's Public Reference Room, 100 F Street 
NE, Washington, DC 20549, on official business days between the hours 
of 10 a.m. and 3 p.m. Operating conditions may limit access to the 
Commission's Public Reference Room. Do not include personal 
identifiable information in submissions; you should submit only 
information that you wish to make available publicly. We may redact in 
part or withhold entirely from publication submitted material that is 
obscene or subject to copyright protection.
    Studies, memoranda, or other substantive items may be added by the 
Commission or staff to the comment file during this rulemaking. A 
notification of the inclusion in the comment file of any such materials 
will be made available on our website. To ensure direct electronic 
receipt of such notifications, sign up through the ``Stay Connected'' 
option at www.sec.gov to receive notifications by email.

FOR FURTHER INFORMATION CONTACT: Rosemary Filou, Deputy Director and 
Chief Counsel; Daniel K. Chang, Senior Special Counsel; E. Laurita 
Finch, Senior Special Counsel; Jane Patterson, Senior Special Counsel; 
Margaret Marrero, Senior Counsel; Lidian Pereira, Senior Special 
Counsel; EDGAR Business Office at 202-551-3900, Securities and Exchange 
Commission, 100 F Street NE, Washington, DC 20549.

SUPPLEMENTARY INFORMATION: The Commission is proposing amendments to 17 
CFR 232.10 (``Rule 10'') and 17 CFR 232.11 (``Rule 11'') under 17 CFR 
232.10 through 232.903 (``Regulation S-T''); and amendments to Form ID 
(referenced in 17 CFR 239.63, 17 CFR 249.446, 17 CFR 269.7, and 17 CFR 
274.402).

Table of Contents

I. Introduction
II. Background
    A. Current EDGAR Access and Account Management
    B. The Commission's September 2021 Request for Comment
III. Discussion
    A. Individual Account Credentials
    B. Individual Roles: Account Administrator, User, Technical 
Administrator
    1. Account Administrators
    2. Users
    3. Technical Administrators
    C. Delegated Entities
    1. Delegating Authority To File
    2. Separation of Authority of Filer and Delegated Entity
    3. Delegated Entities
    4. Delegated Users
    5. User Groups at Delegated Entities
    6. Technical Administrators at Delegated Entities
    D. Application Programming Interfaces
    1. Submission API
    2. Submission Status API
    3. EDGAR Operational Status API
    E. Proposed Amendments to Rules and Forms
    1. Rule 10 Under Regulation S-T
    2. Rule 11 Under Regulation S-T
    3. Form ID
    F. Transition Process
    1. Individual Account Credentials
    2. Enrollment
    3. Compliance
    G. General Request for Comment and EDGAR Next Proposing Beta
IV. Economic Analysis
    A. Introduction
    B. Baseline
    C. Consideration of Benefits and Costs as Well as the Effects on 
Efficiency, Competition, and Capital Formation
    1. Benefits
    2. Costs
    3. Effects on Efficiency, Competition, and Capital Formation
    D. Reasonable Alternatives
    1. Require Personally Identifiable Information in Addition to 
Individual Account Credentials
    2. Requirements for Individual and Small Filers
    3. Implementing Performance-Based Standards
    4. Institute Phased Compliance Dates by Filer Category or Form 
Type
    E. Requests for Comment
V. Paperwork Reduction Act
    A. Form ID
    B. The Dashboard
    C. Request for Comment
VI. Small Business Regulatory Enforcement Act
VII. Initial Regulatory Flexibility Analysis
    A. Reasons for, and Objectives of, the Proposed Action
    B. Legal Basis
    C. Small Entities Subject to the Proposed Rule and Form 
Amendments
    D. Reporting, Recordkeeping, and Other Compliance Requirements
    E. Duplicative, Overlapping, or Conflicting Federal Rules
    F. Significant Alternatives
    G. Request for Comment
Statutory Authority
Appendix A

I. Introduction

    We are seeking comment on proposed rule and form amendments 
concerning EDGAR filer access and account

[[Page 65525]]

management. Separately, we welcome feedback on related EDGAR technical 
functionality.
    The Commission is seeking to enhance the security of EDGAR, improve 
the ability of filers \1\ to securely manage and maintain access to 
their EDGAR accounts, facilitate the responsible management of filer 
credentials, and simplify procedures for accessing EDGAR.\2\ In 
furtherance of these goals, on September 30, 2021, the Commission 
issued a Request for Comment on Potential Technical Changes to EDGAR 
Filer Access and Filer Account Management Processes (``2021 Request for 
Comment'').\3\ The Commission received comments from and engaged in a 
dialogue with interested parties, considered feedback from these 
parties, and gathered additional information about filers' interactions 
with EDGAR.\4\ The rule and form amendments we are proposing in this 
release and the related technical changes seek to achieve the 
Commission's goals for secure EDGAR access and account management while 
addressing many of the comments and concerns expressed in response to 
the 2021 Request for Comment.
---------------------------------------------------------------------------

    \1\ For purposes of this release, we use the term ``filer'' to 
mean ``electronic filer,'' as defined in Rule 11 of Regulation S-T: 
``A person or an entity that submits filings electronically pursuant 
to Rules 100 or 101 of Regulation S-T.''
    \2\ Please refer to proposed Rule 11 of Regulation S-T, set 
forth in this release, for definitions of the terms used in this 
release, including ``account administrator,'' ``dashboard,'' 
``user,'' ``delegated entity,'' ``APIs,'' and ``technical 
administrator.''
    \3\ In the 2021 Request for Comment, we referred to filer 
administrators. That term has been changed herein to refer to 
account administrators, which we believe is in keeping with industry 
nomenclature and is less confusing in context. See Potential 
Technical Changes to EDGAR Filer Access and Filer Account Management 
Processes, Release No. 33-10993 (Sept. 30, 2021) [86 FR 55029 (Oct. 
5, 2021)].
    \4\ Comment letters related to the 2021 Request for Comment are 
available at https://www.sec.gov/comments/s7-12-21/s71221.htm.
---------------------------------------------------------------------------

    The obligations for filers contemplated by EDGAR Next would 
generally be codified in Rule 10 of Regulation S-T.\5\ Form ID would be 
amended to implement those changes and require information about, among 
other things, the filer's account administrators,\6\ and to improve the 
utility of the form for Commission staff. Moreover, Rule 11 of 
Regulation S-T would be amended to provide clarity regarding certain 
new terms related to the proposed rule and form amendments.\7\
---------------------------------------------------------------------------

    \5\ In addition to the changes discussed below, Rule 10 would 
also be amended to implement certain technical and conforming 
changes. See Section III.E.1.
    \6\ We are proposing amendments to Rule 11 under Regulation S-T 
to define an ``account administrator'' as an individual authorized 
by an electronic filer to manage the electronic filer's EDGAR 
account on EDGAR, and to make filings on EDGAR on the electronic 
filer's behalf. See the discussion of proposed amendments to Rule 11 
in Section III.E.2.
    \7\ The amendments to Rule 11 would also update or delete 
outdated terminology and clarify the definition of the EDGAR Filer 
Manual.
---------------------------------------------------------------------------

    Under proposed Rule 10(d)(1), only those individuals who obtained 
individual account credentials \8\ could be authorized to act on the 
filer's behalf on a dashboard \9\ on the EDGAR Filer Management 
website.\10\
---------------------------------------------------------------------------

    \8\ We are proposing amendments to Rule 11 under Regulation S-T 
to define ``individual account credentials'' as credentials issued 
to individuals for purposes of EDGAR access, as specified in the 
EDGAR Filer Manual. See the discussion of proposed amendments to 
Rule 11 in Section III.E.2. We currently anticipate that, if the 
proposal is adopted, the EDGAR Filer Manual would specify that 
individual account credentials must be obtained through Login.gov, a 
sign in service of the United States Government that employs multi-
factor authentication.
    \9\ We are proposing amendments to Rule 11 under Regulation S-T 
to define the ``dashboard'' as an interactive function on EDGAR 
where electronic filers manage their EDGAR accounts and individuals 
that electronic filers authorize may take relevant actions for 
electronic filers' accounts. See the discussion of proposed 
amendments to Rule 11 in Section III.E.2.
    \10\ See EDGAR Filer Management website at https://www.filermanagement.edgarfiling.sec.gov.
---------------------------------------------------------------------------

    Proposed Rule 10(d)(2) would require each filer to authorize and 
maintain individuals as its account administrators \11\ to manage the 
filer's EDGAR account on the filer's behalf, in accord with the EDGAR 
account access and account management requirements set forth in this 
proposal and in the EDGAR Filer Manual. The filer could authorize 
someone who is not an employee of the filer \12\ as the filer's account 
administrator, if the authorized individual for the filer \13\ provided 
a relevant notarized power of attorney authorizing that individual to 
be the filer's account administrator.\14\
---------------------------------------------------------------------------

    \11\ Applicants (individuals and companies) for EDGAR access 
would designate account administrators on Form ID. See proposed Form 
ID.
    \12\ For example, if a filer wished to authorize an individual 
employed by its filing agent to act as the filer's account 
administrator, the authorized individual for the filer would be 
required to upload a notarized power of attorney authorizing the 
individual to be the filer's account administrator. See proposed 
Form ID, Part 3.
    \13\ We are proposing amendments to Rule 11 under Regulation S-T 
to define ``authorized individual.'' See the discussion of proposed 
amendments to Rule 11 in Section III.E.2.
    \14\ Foreign filers who do not have access to a U.S. notary 
public could use the foreign local equivalent of a notary public 
(e.g., apostille) or obtain notarization by a remote online notary 
recognized by the law of any State or territory in the U.S. or the 
District of Columbia. See EDGAR Filer Manual, Volume I, at Section 
3.
---------------------------------------------------------------------------

    On the dashboard, account administrators would take actions on 
behalf of the filer to add and remove authorized users, account 
administrators, and technical administrators; and annually confirm the 
accuracy of the filer's information on the dashboard.
    Additionally, on the dashboard, account administrators could 
delegate authority to file on behalf of the filer to any other EDGAR 
account, such as a filing agent, making that account a delegated entity 
of the filer, and could remove a delegated entity's authority to file 
on the filer's behalf. A delegated entity would have its own EDGAR 
account and dashboard to manage its account. Because it would itself be 
a filer, a delegated entity would be subject to the same requirements 
as other filers. Through its dashboard, a delegated entity could manage 
the delegated authority it received from filers. If a delegated entity 
accepted a delegation from a filer, the delegated entity's account 
administrators would become delegated administrators with respect to 
that filer. Each delegated administrator could thereafter manage which 
of the users of the delegated entity would become delegated users for 
particular filers. A delegated entity could not further delegate 
authority to file on behalf of that filer, nor could delegated 
administrators take action on the filer's dashboard. Similarly, the 
filer's account administrators could not view or take action on the 
delegated entity's dashboard.\15\
---------------------------------------------------------------------------

    \15\ Please see the illustration in diagram 3 in Section III.C.
---------------------------------------------------------------------------

    As proposed, Rule 10(d)(4) would require each filer, through its 
authorized account administrators, to confirm annually that all account 
administrators, users,\16\ delegated entities,\17\ and technical 
administrators \18\ reflected on the dashboard for the filer's EDGAR 
account are authorized by the filer and that all information regarding 
the filer on the dashboard is accurate (generally including the filer's 
corporate and contact information).
---------------------------------------------------------------------------

    \16\ We are proposing amendments to Rule 11 under Regulation S-T 
to define a ``user'' as an individual that the filer authorizes on 
the dashboard to make submissions on EDGAR on the filer's behalf. 
See the discussion of proposed amendments to Rule 11 in Section 
III.E.2.
    \17\ We are proposing amendments to Rule 11 under Regulation S-T 
to define a ``delegated entity'' as an electronic filer that another 
electronic filer authorizes, on the dashboard, to file on EDGAR on 
its behalf. See the discussion of proposed amendments to Rule 11 in 
Section III.E.2.
    \18\ We are proposing amendments to Rule 11 under Regulation S-T 
to define a ``technical administrator'' as an individual that the 
filer authorizes on the dashboard to manage the technical aspects of 
the filer's use of EDGAR Application Programming Interfaces on its 
behalf. See the discussion of proposed amendments to Rule 11 in 
Section III.E.2.
---------------------------------------------------------------------------

    Pursuant to proposed Rule 10(d)(5), each filer, through its 
authorized

[[Page 65526]]

account administrators, would further be required to maintain accurate 
and current information about the filer on EDGAR, and, pursuant to 
proposed Rule 10(d)(6), to securely maintain information relevant to 
the ability to access the filer's EDGAR account.
    As part of EDGAR Next, the Commission would offer filers optional 
APIs \19\ to facilitate machine-to-machine communication with EDGAR, 
including submission of filings and retrieval of related information. 
Pursuant to proposed Rule 10(d)(3), if the filer decided to use an 
optional API, the filer would be required to authorize two individuals 
to be technical administrators to manage the API.\20\ In addition, the 
filer would present security tokens to EDGAR, which would be reissued 
annually, and which the technical administrators would manage on the 
filer's dashboard. Individuals using the APIs would be required to sign 
in with their individual account credentials and complete multi-factor 
authentication on a monthly basis.
---------------------------------------------------------------------------

    \19\ We are proposing amendments to Rule 11 under Regulation S-T 
to define an ``Application Programming Interface'' or ``API'' as a 
software interface that allows computers or applications to 
communicate with each other. See the discussion of proposed 
amendments to Rule 11 in Section III.E.2.
    \20\ See proposed Rule 10(d)(3).
---------------------------------------------------------------------------

    The Commission intends to make available to filers an EDGAR Next 
Proposing Beta environment \21\ that reflects the proposed rule and 
form amendments and related technical changes. In addition to public 
comment on the proposed rule and form amendments, the Commission 
welcomes feedback from filers about the technical aspects of EDGAR 
Next.\22\
---------------------------------------------------------------------------

    \21\ The Commission staff will make available an EDGAR Next 
Proposing Beta environment shortly after the issuance of this 
release, and it will remain open to filers for at least 6 months 
thereafter.
    The EDGAR Next Proposing Beta will reflect the proposed rule and 
form changes as well as the technical changes to EDGAR set forth in 
this release. The EDGAR Next Proposing Beta environment will 
therefore contain functionality, including APIs, not included in the 
2021 Request for Comment beta environment.
    If the Commission later adopts the proposed rule and form 
changes set forth in this release, staff would make available to 
filers an EDGAR Next Adopting Beta environment that reflects the 
rule and form changes as adopted and the technical changes to EDGAR 
to be made in connection with adoption. The EDGAR Next Adopting Beta 
would allow filers to prepare for the transition to the rule and 
form changes as adopted and the final version of the technical 
changes to EDGAR.
    \22\ Technical feedback may be submitted to the public comment 
file.
---------------------------------------------------------------------------

II. Background

A. Current EDGAR Access and Account Management

    Presently, those seeking to file on EDGAR apply for access pursuant 
to Rule 10 of Regulation S-T by completing the Form ID application for 
access on the EDGAR Filer Management website and submitting a notarized 
copy of that application signed by an authorized individual of the 
filer.\23\ Form ID is an online fillable form that requires the 
applicant to provide the applicant's name and contact information, the 
applicant's point of contact for EDGAR information, inquiries, and 
access codes (``EDGAR POC''), and its contact for SEC account 
information and billing invoices (``billing contact'').\24\ Further, 
when the applicant entity or individual submits the Form ID, the 
applicant must create and retain a passphrase to be used to create 
access codes if the application is granted.
---------------------------------------------------------------------------

    \23\ See EDGAR Filer Manual, Volume I, at Section 3. The EDGAR 
Filer Manual specifies the instructions filers must follow when 
making electronic filings on EDGAR and is incorporated by reference 
in the Code of Federal Regulations by 17 CFR 232.301 (Rule 301 of 
Regulation S-T). Rule 10 of Regulation S-T and the EDGAR Filer 
Manual permit manual, electronic, and remote online notarizations, 
authorized by the law of any State or territory of the United States 
or the District of Columbia. See 17 CFR 232.10 and EDGAR Filer 
Manual, Volume I, at Section 3. An ``authorized individual'' for 
purposes of the Form ID notarization process is an individual with 
the authority to legally bind the applicant, or an individual with a 
power of attorney from an individual with the authority to legally 
bind the applicant. See EDGAR Filer Manual, Volume I, at Section 3.
    \24\ 17 CFR 239.63, 249.446, 269.7, and 274.402.
---------------------------------------------------------------------------

    If Commission staff approves the Form ID application, an account in 
the filer's name is opened on EDGAR, denoted by a central index key 
number (``CIK'') unique to that filer, if needed.\25\ The EDGAR POC may 
then generate access codes to allow the filer to make submissions on 
its EDGAR account. To do so, the EDGAR POC uses the CIK provided in an 
email from EDGAR and the passphrase the filer created on EDGAR when the 
filer submitted the Form ID to generate a password, central index key 
confirmation code (``CCC''), and password modification authorization 
code (``PMAC'').\26\ Together with the CIK, the filer's password, 
passphrase, CCC, and PMAC constitute the EDGAR access codes.
---------------------------------------------------------------------------

    \25\ While most applicants that submit Form ID have not 
previously been assigned a CIK, a small number of other applicants 
have already been assigned a CIK but have not filed electronically 
on EDGAR. These applicants continue to use the same CIK when they 
receive access to EDGAR and are not assigned a new CIK.
    \26\ See EDGAR Filer Manual, Volume I, at Section 4. For a 
discussion of the functions of these access codes, please see the 
``Understand and utilize EDGAR CIKs, passphrases, and access codes'' 
section of the ``EDGAR--How Do I'' FAQs, at https://www.sec.gov/edgar/filer-information/how-do-i.
---------------------------------------------------------------------------

    Filers make submissions on EDGAR using their CIK, password, and 
CCC. Filings on EDGAR are therefore traceable to the filer's CIK. EDGAR 
does not presently issue identifying credentials to individuals making 
filings on EDGAR; an individual's authority to file on EDGAR is 
predicated on possession of the password and CCC. Thus, filings are not 
easily traceable to individuals, and the Commission currently does not 
provide a technical solution through which filers may manage 
individuals who make submissions on filers' behalf. As a result, 
Commission staff and affected filers often encounter delays in 
addressing potentially problematic filings.
    Because filers are required to securely maintain their EDGAR access 
codes,\27\ Commission staff understands that many filers have devised 
their own internal methods of tracking the individuals who possess the 
password and CCC. Other filers, however, may not have closely tracked 
the individuals who possess the password and CCC and/or otherwise 
maintained secure access to filers' EDGAR accounts. For example, 
Commission staff understands that some filers have shared EDGAR access 
codes with co-registrants, filing agents, and various employees through 
non-secure means and without tracking or recording the names and 
identities of the recipients.
---------------------------------------------------------------------------

    \27\ See EDGAR Filer Manual, Volume I, at 4 (``Filers must 
securely maintain all EDGAR access codes and limit the number of 
persons who possess the codes.'').
---------------------------------------------------------------------------

    EDGAR does not currently employ multi-factor authentication. As 
noted, if an individual has the password and CCC, then no other 
authentication is required to access EDGAR. Multi-factor authentication 
would increase the level of assurance that an individual is indeed the 
person authorized to access an account by requiring provision of an 
additional data point to gain access.
    Filers routinely hire filing agents, which include law firms and 
third-party software providers, to assist with filing on EDGAR. Indeed, 
EDGAR data reveals that, at a minimum, more than 60% of filings on 
EDGAR are made by a filing agent on the filer's behalf,\28\ and

[[Page 65527]]

commenters have indicated that 81-90% of EDGAR filings are not manually 
submitted to EDGAR.\29\ While EDGAR does not require the use of filing 
agents, a filer may decide to hire a filing agent to assist with EDGAR 
filing.
---------------------------------------------------------------------------

    \28\ In calendar year 2021, 63% of all EDGAR submissions were 
made by filers that identified themselves as ``filing agents.'' 
Because filing agents are not required to self-identify in EDGAR as 
such, however, and instead could simply identity themselves as a 
``filer,'' the actual percentage of EDGAR submissions made by filing 
agents may be significantly higher.
    \29\ See Workiva Comment Letter (Nov. 30, 2021) (``Workiva 
Comment Letter''); XBRL US Comment Letter (Dec. 1, 2021) (``XBRL 
Comment Letter'').
---------------------------------------------------------------------------

    Further, as noted in comments submitted in response to the 2021 
Request for Comment, individual filers who are officers and/or 
directors with obligations to file on EDGAR pursuant to section 16 of 
the Securities Exchange Act of 1934 (``Exchange Act'') \30\ routinely 
rely upon the companies for which they serve as officers and/or 
directors to make filings on their behalf on EDGAR.\31\ Likewise, other 
filers may make filings on behalf of affiliated or related entities, 
such as asset-backed securities issuers on behalf of their serial 
companies.\32\
---------------------------------------------------------------------------

    \30\ 15 U.S.C. 78p.
    \31\ See Orrick, Herrington & Sutcliffe LLP Comment Letter (Feb. 
23, 2022) (``Orrick Comment Letter''); McGuireWoods, LLP and 
Brownstein Hyatt Farber Schreck, LLP (Dec. 1, 2021) (``McGuireWoods 
Comment Letter''); Brandon Norman Egren, Associate General Counsel & 
Assistant Secretary, Verizon (Dec. 1, 2021) (``Verizon Comment 
Letter''); Toppan Merrill (Nov. 22, 2021) (``Toppan Comment 
Letter'').
    \32\ See Donnelly Financial Solutions Comment Letter (Dec. 1, 
2021) (``DFIN Comment Letter''); XBRL Comment Letter.
---------------------------------------------------------------------------

    Filers make submissions on EDGAR through one of three web-based 
user interfaces, depending on the type of submission made.\33\ 
Commission staff is aware that filers and filing agents have for years 
sought to automate submissions on EDGAR so as not to rely upon web-
based interfaces, and many filers and filing agents have engineered 
their own automated processes to make submissions and otherwise 
interact with EDGAR. These filers and filing agents extract data and 
content from, or ``scrape,'' the EDGAR filing websites and use that 
data to create custom software that allows them to interact with the 
websites in a machine-to-machine fashion to accomplish tasks such as 
scheduling filings and making a large volume of submissions on numerous 
different CIK accounts.\34\
---------------------------------------------------------------------------

    \33\ See EDGAR Filer Management website at https://www.filermanagement.edgarfiling.sec.gov; EDGAR Filing website at 
https://www.edgarfiling.sec.gov/Welcome/EDGARLogin.htm; and EDGAR 
Online Forms website at https://www.edgarfiling.sec.gov/Welcome/EDGAROnlineFormsLogin.htm.
    \34\ See CompSci Comment Letter (Nov. 19, 2021); Workiva Comment 
Letter (Nov. 30, 2021); CompSci Resources LLC Comment Letter (Nov. 
19, 2021).
---------------------------------------------------------------------------

    Filers and filing agents must modify their custom software 
periodically to accord with underlying changes to EDGAR code. 
Similarly, when Commission staff makes EDGAR software changes, staff 
has coordinated with filers and filing agents using custom software to 
prevent filing disruptions. As a result, efficient implementation of 
certain technical changes in EDGAR may be delayed while such 
coordination and software adjustments take place.

B. The Commission's September 2021 Request for Comment

    The 2021 Request for Comment sought feedback from filers about 
potential technical changes to EDGAR access and account management, 
including the addition of individual account credentials with multi-
factor authentication, a dashboard on EDGAR where a filer would manage 
its EDGAR account, administrators to manage the filer's account and 
annually confirm the filer's information, and the time period required 
to implement the potential technical changes. To assist filers in 
assessing the potential technical changes, the Commission provided 
filers access to a beta environment that reflected the majority of the 
potential technical changes.
    The Commission received over forty comment letters in response to 
the 2021 Request for Comment.\35\ Commenters were generally supportive 
of the Commission's objectives,\36\ but were concerned about certain 
aspects of the potential technical changes.
---------------------------------------------------------------------------

    \35\ Twenty of these letters were form letters that requested an 
extension of the deadline to provide comments, as opposed to 
providing substantive comments.
    \36\ See, e.g., Verizon Comment Letter (Dec. 1, 2021); XBRL US 
Comment Letter; Workiva Comment Letter; Davis Polk Comment Letter 
(Dec. 1, 2021).
---------------------------------------------------------------------------

    With respect to requiring individual account credentials, many 
commenters expressed the view that the potential technical changes 
would prevent filers and filing agents from continuing to use their 
custom third-party software to make machine-to-machine submissions on 
EDGAR. Several commenters estimated that currently 81-90% of EDGAR 
filings are submitted to EDGAR directly through third-party filing 
systems rather than manually uploaded on an individual basis via EDGAR 
filing websites.\37\ Commenters stated that the Login.gov multi-factor 
authentication process does not support automated machine-to-machine 
authentication and requested that the Commission consider machine-to-
machine authentication to facilitate the ability to pre-schedule and 
perform bulk filings, reduce the potential for error due to manual 
processing, reduce the risk of missing deadlines, and decrease the cost 
of compliance.\38\ One commenter conducted a survey of filers wherein 
70% of respondents believed that the increased time required to submit 
filings due to the loss of direct submission capability from third-
party filing systems would be ``very impactful'' or ``extremely 
impactful'' to their filing success.\39\
---------------------------------------------------------------------------

    \37\ See Workiva Comment Letter; XBRL US Comment Letter.
    \38\ See, e.g., Workiva Comment Letter; XBRL US Comment Letter.
    \39\ See Workiva Comment Letter (the filer survey included 660 
responses from Nov. 15-27, 2021).
---------------------------------------------------------------------------

    The Commission also requested comment on whether filers should 
authorize administrators to manage filers' EDGAR accounts. Certain 
commenters expressed concerns about the impact that the institution of 
administrators would have on individual officer and director filers 
pursuant to section 16 of the Exchange Act.\40\ Commenters recommended 
that the Commission allow a company to create and manage a company-
specific account for an individual non-employee director or section 16 
officer.\41\ These commenters further suggested that each company be 
required to obtain a notarized power of attorney from the individual so 
that the company could create and maintain the company-specific account 
on behalf of the individual.\42\
---------------------------------------------------------------------------

    \40\ See, e.g., Workiva Comment Letter; XBRL US Comment Letter.
    \41\ See McGuire Woods, LLP and Brownstein Hyatt Farber Schreck, 
LLP Comment Letter (Dec. 1, 2021) (``McGuire/Brownstein Comment 
Letter''); Orrick, Herrington & Sutcliffe LLP Comment Letter (Feb. 
23, 2022) (``Orrick Commenter Letter'') (reiterating the concern 
that the new filer administrator position would create an 
administrative burden on section 16 filers and endorsing instead the 
company-specific account approach outlined in the McGuire/Brownstein 
Comment Letter).
    \42\ These commenters also recommended ``grandfathering'' 
issuers with existing powers of attorney for section 16 officers and 
directors. Alternatively, they recommended a ``negative consent'' 
construct, according to which a company would be deemed to have 
authority to create a new company-specific account unless an officer 
or director expressly objected during a set period of time. See 
McGuire/Brownstein Comment Letter; Orrick Comment Letter.
---------------------------------------------------------------------------

    With respect to the Commission's request for comment on a 
requirement to annually confirm users and administrators, commenters 
generally did not support the requirement,\43\

[[Page 65528]]

noting that it would increase the number of required confirmations, 
would be duplicative, and would necessitate additional management 
effort for filers, thus increasing the administrative burden.\44\ 
Certain commenters recommended limiting confirmation to 
administrators.\45\ Others suggested that the Commission implement an 
active notification process to inform filers of impending expiration 
\46\ and recommended a grace period after failure to make a 
confirmation.\47\ Several commenters recommended that denying EDGAR 
access until the administrator has reconfirmed would be less burdensome 
than deactivating accounts.\48\
---------------------------------------------------------------------------

    \43\ See, e.g., McGuire/Brownstein Comment Letter; XBRL US 
Comment Letter. A few commenters also requested enhancement of the 
beta environment to reflect ``a complete testing environment'' or 
the ``full life cycle of an SEC EDGAR filing which would enable full 
and appropriate analysis.'' See, e.g., Toppan Comment Letter (Nov. 
30, 2021); Donnelley Financial Solutions Comment Letter (Nov. 18, 
2021).
    \44\ See XBRL US Comment Letter; Workiva Comment Letter; DFIN 
Comment Letter.
    \45\ See XBRL US Comment Letter; Workiva Comment Letter; DFIN 
Comment Letter.
    \46\ See DFIN Comment Letter; Workiva Comment Letter.
    \47\ See DFIN Comment Letter; Workiva Comment Letter; XBRL US 
Comment Letter.
    \48\ See Workiva Comment Letter; XBRL US Comment Letter.
---------------------------------------------------------------------------

    With respect to the time period required to effectuate the 
potential technical changes to EDGAR access and account management, one 
commenter indicated that 66% of its surveyed respondents expressed the 
view that an appropriate transition period would be 1-3 years,\49\ one 
commenter suggested a transition period of 18-24 months, and another 
commenter recommended a transition period of at least one year.\50\
---------------------------------------------------------------------------

    \49\ Workiva Comment Letter (referencing the same filer survey 
discussed above).
    \50\ See XBRL US Comment Letter; McGuire/Brownstein Comment 
Letter.
---------------------------------------------------------------------------

    The staff engaged in additional dialogue with commenters and other 
interested parties regarding the 2021 Request for Comment and further 
approaches to EDGAR access improvements.\51\ Among the topics discussed 
were APIs for submission and for checking accession numbers (numbers 
filers receive from EDGAR indicating receipt of a filing), filing 
status, and other information; annual confirmation of individuals 
authorized to make submissions on a filer's behalf; whether accession 
numbers should be traceable to the individuals making submissions or 
instead to the CIK numbers associated with the submissions; bulk 
submissions and user group functionality; delegation of authority to 
file; a potential transition process to implement the changes 
contemplated by the 2021 Request for Comment; and other technical 
topics.
---------------------------------------------------------------------------

    \51\ Staff invited interested parties to participate in the 
dialogue through the Commission's EDGAR Next web page.
---------------------------------------------------------------------------

    Having considered the significant additional information provided 
by commenters in response to the 2021 Request for Comment and the 
subsequent dialogue with interested parties, we are contemplating a 
number of changes in connection with the EDGAR Next project, including 
proposed amendments to Rules 10 and 11 under Regulation S-T and to Form 
ID; changes to enhance dashboard functionality; and the addition of 
optional APIs to allow machine-to-machine submissions on EDGAR as an 
alternative to submission through the EDGAR filing websites.

III. Discussion

    We are proposing amendments to Rule 10 under Regulation S-T 
concerning EDGAR filer access and account management and related 
matters; Form ID, the application for EDGAR access; and Rule 11 under 
Regulation S-T, containing the definitions of terms in Regulation S-T. 
Proposed amendments to Rule 10 and Form ID would set forth requirements 
for each EDGAR filer to authorize and maintain individual account 
administrators to manage the filer's EDGAR account on a dashboard on 
EDGAR, and to authorize account administrators, users, and technical 
administrators only if those individuals obtained individual account 
credentials.\52\ Each filer, through its account administrators, would 
be required to confirm annually that all account administrators, users, 
technical administrators, and delegated entities reflected on the 
filer's dashboard are authorized by the filer to act on its behalf, and 
that all information about the filer on the dashboard is accurate; 
maintain accurate and current information on EDGAR concerning the 
filer's account; and securely maintain information relevant to the 
ability to access the filer's EDGAR account.
---------------------------------------------------------------------------

    \52\ We are proposing amendments to Rule 11 under Regulation S-T 
to define ``individual account credentials'' as credentials issued 
to individuals for purposes of EDGAR access. See the discussion of 
proposed amendments to Rule 11 in Section III.E.2.
---------------------------------------------------------------------------

    On the dashboard, account administrators could add and remove 
authorized users, account administrators, and technical administrators; 
delegate and remove delegated authority to file to other EDGAR 
accounts; and annually confirm the accuracy of all information on the 
dashboard. The dashboard would contain the filer's corporate and 
contact information, generally corresponding to the company information 
currently maintained on EDGAR.\53\ The dashboard would be available 
during EDGAR operating hours,\54\ such that filers could manage their 
EDGAR accounts during the same time period that they would file on 
EDGAR.
---------------------------------------------------------------------------

    \53\ The information corresponds to information that filers 
presently amend through a ``Company Update'' or ``COUPDAT'' 
submission. Filers would continue to be able to edit their company 
information through COUPDATs under the EDGAR Next changes.
    \54\ Regulation S-T provides that filings ``may be submitted to 
the Commission each day, except Saturdays, Sundays, and Federal 
holidays, from 6 a.m. to 10 p.m., Eastern Standard Time or Eastern 
Daylight Saving Time, whichever is currently in effect.'' 17 CFR 
232.12(c). The dashboard would be available from 6.a.m.-10 p.m. as 
described above, so that filers could manage their accounts during 
the period when EDGAR filings could be submitted.
---------------------------------------------------------------------------

    The Commission would provide optional APIs for machine-to-machine 
communication with EDGAR, including to submit filings and to facilitate 
filers' retrieval of information regarding their submissions. To use 
APIs, filers would be required to authorize two technical 
administrators and present certain tokens to EDGAR that we plan to 
specify in the EDGAR Filer Manual. Filers who did not wish to use the 
APIs would not need to do so and therefore would not need to comply 
with the API-related requirements. Those filers could continue to make 
submissions through the web-based EDGAR filing websites.

A. Individual Account Credentials

    Under proposed Rule 10(d)(1), a filer could only authorize an 
individual to perform functions on the dashboard on the filer's behalf 
if the individual possessed individual account credentials, obtained in 
the manner specified in the EDGAR Filer Manual. This requirement would 
pertain to all existing filers and all individuals acting on behalf of 
those filers, as well as all applicants for access to EDGAR.
    We anticipate requiring, through the EDGAR Filer Manual, that 
individual account credentials be obtained through Login.gov, a secure 
sign in service of the U.S. General Services Administration.\55\ 
Login.gov is used by participating Federal agencies, as well as State, 
local, and territorial governments to provide a secure login process 
and to allow members of the public to use a single account that is 
protected by encryption, multi-factor authentication, and additional 
safeguards.\56\
---------------------------------------------------------------------------

    \55\ https://www.login.gov/.
    \56\ See Login.gov, ``About us,'' at https://www.login.gov/about-us/.
_____________________________________-

    On the Login.gov website, the individual would respond to prompts 
to provide an email address and select a multi-factor authentication 
option.\57\

[[Page 65529]]

The email address provided to Login.gov would be required to match the 
email address the filer provides to EDGAR, for example, on Form ID.\58\ 
After the individual confirmed her email address and completed multi-
factor authentication, Login.gov would issue individual account 
credentials to the individual to sign in to EDGAR.
---------------------------------------------------------------------------

    \57\ As of the date of this proposal, Login.gov multi-factor 
authentication options include: (1) a security key; (2) Government 
employee or military PIV or CAC cards; (3) authentication 
application; (4) text message/SMS or telephone call; and (5) backup 
codes, with (1), (2), and (3) being the most secure methods, and (5) 
being the least secure authentication option according to Login.gov. 
See generally Login.gov, Authentication Options at https://www.login.gov/help/get-started/authentication-options/. See also 
generally Login.gov, ``Privacy and security: Our security 
practices,'' at https://login.gov/policy/our-security-practices/ for 
information on Login.gov's security practices.
    \58\ While Login.gov permits multiple email addresses to be 
associated with a single Login.gov account, EDGAR would require a 
single email address related to the need to access EDGAR be 
associated with the individual account credentials. To change an 
email address (for example, because of a change of domain name), the 
individual would change the email in the dashboard and then change 
it on Login.gov to maintain access to EDGAR.
---------------------------------------------------------------------------

    In accord with proposed Rule 10(d), all account administrators, 
users, and technical administrators would be required to use their 
individual account credentials, and multi-factor authentication, to 
sign into all EDGAR filing websites. After entering the Login.gov 
username and password, each individual would be prompted to enter a 
one-time passcode received through the multi-factor authentication 
option the individual selected when obtaining individual account 
credentials at Login.gov.\59\
---------------------------------------------------------------------------

    \59\ If the individual lost or forgot her Login.gov password, 
the individual would reset the password through Login.gov, 
simplifying and automating the process of password retrieval.
---------------------------------------------------------------------------

    Individual account credentials would enhance EDGAR security and 
improve the ability of filers to securely maintain access to their 
EDGAR accounts. As noted, filers currently share access codes among 
multiple individuals, making it difficult to track with whom the codes 
are shared or to trace a filing to a specific individual. The use of 
individual account credentials would enable Commission staff and filers 
to easily determine the individuals making specific filings on EDGAR. 
Linking individuals to the filings they make would be particularly 
useful for filers and Commission staff when problematic filings are 
made on EDGAR and would enhance the security and integrity of the 
system.
    The use of individual account credentials would provide additional 
assurance that only individuals who have been properly authorized by 
the filer or the filer's account administrator could take actions on 
the filer's behalf on EDGAR. Currently, the process of filing on EDGAR 
requires the filer to use certain EDGAR access codes. EDGAR Next would 
enhance security by requiring an individual seeking to make a filing on 
EDGAR to sign in with individual account credentials, complete multi-
factor authentication, be authorized by the filer or the filer's 
account administrator, and enter the filer's CIK and CCC.
    Multi-factor authentication for individual accounts would be 
required to access EDGAR. Multi-factor authentication is a widely 
accepted security tool that would improve the security of access to 
EDGAR by adding a layer of validation each time an individual signed 
into EDGAR. Consistent with general industry practice, and standard 
Login.gov processes, individuals could check a box labeled ``remember 
this browser'' during the Login.gov sign-in process to preserve their 
multi-factor authentication for 30 days if they used the same web 
browser for login.\60\
---------------------------------------------------------------------------

    \60\ Consistent with current practice, an individual logged into 
EDGAR would be automatically logged out if the individual were idle 
for more than 60 minutes, as well as at the end of EDGAR's hours of 
operation (10:00 p.m. ET on business days). In each of those cases, 
the individual would need to complete multi-factor authentication in 
order to log back into EDGAR unless the individual had successfully 
signed into EDGAR and checked the ``remember this browser'' box 
within the last 30 days.
---------------------------------------------------------------------------

    Under EDGAR Next, the EDGAR password, PMAC, and passphrase would no 
longer be used. The historic use of several codes with differing 
functions is not in accord with standard access processes. The use of 
individual account credentials aligns more closely with streamlined, 
modern access processes, including individual login using multi-factor 
authentication. The CCC would persist as the code required for filing, 
but, as noted, individuals seeking to file would also need to sign in 
with individual account credentials, complete multi-factor 
authentication, and be authorized by the filer or an account 
administrator for the filer. Because of these additional safeguards, 
the filer's CCC would be displayed on the dashboard for account 
administrators and users.
Requests for Comment
    1. Should we require the use of individual account credentials, as 
proposed under Rule 10(d)(1), and multi-factor authentication for all 
existing filers, individuals acting on their behalf, and applicants for 
access to EDGAR?
    2. Does the filing community have experience with obtaining account 
credentials from third-party service providers including or similar to 
Login.gov that the Commission should consider? If so, which third-party 
service party service providers, and what experience? Would the use of 
third-party service providers give rise to any security concerns for 
individual or entity filers?
    3. Would the use of individual account credentials give rise to any 
concerns regarding costs, confusion, or complexity for individual or 
entity filers? Are there specific concerns for individual or entity 
filers that make filings with respect to more than one subject company 
(e.g., an individual filer who is a board member for more than one 
company)? If so, what concerns? Please be specific.

B. Individual Roles: Account Administrator, User, Technical 
Administrator

    Under proposed Rule 10(d)(2), each filer would be required as an 
initial matter to authorize and maintain at least two individuals with 
individual account credentials as account administrators to manage the 
filer's EDGAR account and to make submissions on EDGAR on behalf of the 
filer,\61\ unless the filer were an individual or single-member 
company,\62\ in which case it would be required to authorize and 
maintain at least one individual with individual account credentials as 
an account administrator.
---------------------------------------------------------------------------

    \61\ See EDGAR Filer Manual, Volume I, at Section 4.
    \62\ As defined in proposed Rule 11 and proposed Form ID, a 
``single-member company'' would be a company that has a single 
individual who acts as the sole equity holder, director, and officer 
(or, in the case of an entity without directors and officers, holds 
position(s) performing similar activities as a director and 
officer).
---------------------------------------------------------------------------

    Using the dashboard on EDGAR, account administrators, acting on 
behalf of the filer, would authorize individuals with individual 
account credentials to be users, additional account administrators, or 
technical administrators for the filer, as needed. This process is 
illustrated in diagram 1 below. Further, account administrators could 
de-authorize account administrators, users, and technical 
administrators for the filer.

[[Page 65530]]

[GRAPHIC] [TIFF OMITTED] TP22SE23.001

    Individuals in each role would perform different functions for the 
filer, and an individual's dashboard would display functionality that 
corresponded to the respective individual's role, as explained more 
fully below.
    An individual could be authorized to perform more than one role for 
a filer. For example, one individual could be both an account 
administrator and a technical administrator, or one individual could be 
both a technical administrator and a user. An account administrator 
could not be a user, however, given that account administrators are 
able to perform all the functions of a user, including the ability to 
file on EDGAR, themselves.
    Analogous additional roles would exist at delegated entities--
filers, including filing agents, to which another filer delegates 
authority to file on its behalf. Specifically, the delegated entity's 
account administrators would become delegated administrators for the 
filer, and delegated administrators would have the ability to authorize 
one or more of the delegated entity's users as delegated users who 
could make submissions on behalf of that filer.
    The key functions that could be performed by each role are 
illustrated in diagram 2 below.

                                                         Diagram 2--Key Functions for Each Role
--------------------------------------------------------------------------------------------------------------------------------------------------------
                                                                                 Manage account    Delegate  to/
                                                                                administrators,        accept
                                                        Submit     Generate/    users, technical     delegated        Manage       Manage       Manage
                        Role                           filings,   change  CCC   administrators,    entity status    delegated    filer API     user API
                                                      view  CCC                  and delegated      from another      users        token        token
                                                                                    entities           filer
--------------------------------------------------------------------------------------------------------------------------------------------------------
Account Administrator..............................           X            X                  X                X   ...........  ...........           X
User...............................................           X   ...........  .................  ...............  ...........  ...........           X
Technical Administrator............................  ...........  ...........  .................  ...............  ...........           X   ...........
Delegated Administrator............................           X   ...........  .................  ...............           X   ...........           X
Delegated User.....................................           X   ...........  .................  ...............  ...........  ...........           X
--------------------------------------------------------------------------------------------------------------------------------------------------------

1. Account Administrators
    Proposed Rule 10 paragraphs (d)(4), (d)(5), and (d)(6) would 
require that the filer, through its account administrators, be 
responsible to maintain accurate and current information on EDGAR 
concerning the filer's account and to confirm that information 
annually, as well as to securely maintain information relevant to the 
ability to access the filer's EDGAR account, including but not limited 
to access through any APIs.
    Under EDGAR Next, account administrators, on behalf of the filer, 
would be responsible for the security of the filer's EDGAR account and 
the accuracy of the filer's information on EDGAR. Account 
administrators would manage the filer's account on the dashboard, which 
would display relevant functionality for them to:
     Add and remove users, account administrators, and 
technical administrators (including removing themselves as account 
administrators);
     Create and edit groups of users;
     Delegate filing authority to other EDGAR accounts, such as 
a filing agent's account, and remove such delegations;
     Make the required annual confirmation of all of the 
filer's information on the dashboard;
     Generate a new CCC for the filer; and
     View and correct their own profile information (name, 
address, phone number, etc.).
    Account administrators could also make submissions on behalf of the 
filer on EDGAR, allowing filers to make submissions on EDGAR through 
their account administrators without adding individuals as users on the 
account.
    In addition, account administrators would serve as the points of 
contact for questions from Commission staff regarding the filer's 
account.\63\
---------------------------------------------------------------------------

    \63\ Technical administrators would serve as the Commission 
staff's points of contact regarding the filer's use of the APIs. See 
infra Section III.B.3.a.
---------------------------------------------------------------------------

    Each account administrator would be co-equal, possessing the same 
authority and responsibility to manage the filer's EDGAR account. There 
would be no primary account administrator. All actions that would be 
required to be

[[Page 65531]]

performed by account administrators could be performed by any of them 
individually and would not require joint action by the filer's account 
administrators.
a. Filer Authorization of Account Administrators
    Under the proposal, prospective EDGAR filers would designate on 
Form ID the individuals that the filer authorized as account 
administrators.\64\ As noted above, pursuant to proposed Rule 10(d)(1), 
the filer could only authorize individuals as account administrators if 
those individuals had obtained individual account credentials in the 
manner specified in the EDGAR Filer Manual.
---------------------------------------------------------------------------

    \64\ A unique process would be employed to transition existing 
filers, as discussed in the transition section below (see Section 
III.F).
---------------------------------------------------------------------------

    Prospective company filers could authorize as account 
administrators either (i) individuals employed at the filer or an 
affiliate of the filer or (ii) any other individual, provided the filer 
submitted a notarized power of attorney authorizing such other 
individual to be its account administrator. Prospective individual 
filers could authorize as account administrators either (i) themselves 
or (ii) any other individual, provided the filer submitted a notarized 
power of attorney authorizing such other individual to be the 
individual filer's account administrator.
    A prospective account administrator would complete the prospective 
filer's Form ID and electronically submit it, and also upload a 
notarized copy of the prospective filer's Form ID signed by an 
authorized individual of the prospective filer, as currently required. 
The signature of the authorized individual would constitute the filer's 
authorization of the account administrators listed on Form ID.
    If the prospective filer sought to authorize another individual as 
an account administrator, the prospective filer would additionally be 
required to provide Commission staff with a notarized power of attorney 
executed by an authorized individual of the prospective filer granting 
authority to that individual to be an account administrator. The power 
of attorney would be uploaded with the prospective filer's completed, 
notarized Form ID.\65\
---------------------------------------------------------------------------

    \65\ Currently, a person with a power of attorney from an 
individual filer may sign the Form ID application for the individual 
filer; in that case, the power of attorney document must accompany 
the notarized Form ID application. See EDGAR Filer Manual, Volume I, 
at Section 3. Existing Commission practice also permits the Form ID 
to be signed by an individual with a power of attorney from a filing 
entity, such as a corporation.
---------------------------------------------------------------------------

    If, after reviewing the Form ID application, Commission staff 
granted access to EDGAR to the filer, EDGAR would email the account 
administrators listed on Form ID the filer's CIK number and a link to 
the relevant EDGAR website, similar to the current process. The account 
administrators could then access the filer's dashboard by logging into 
EDGAR with their individual account credentials and completing multi-
factor authentication.
    On the dashboard, account administrators could generate a CCC for 
the newly issued CIK. The CCC would be securely saved in the dashboard 
and would be visible to all account administrators and users, delegated 
administrators, and delegated users for that CIK to facilitate their 
ability to make submissions on behalf of the filer.
    Account administrators could authorize additional account 
administrators via the dashboard. Thus, if the initial account 
administrators are determined to be properly authorized to act for the 
filer on EDGAR, those initial account administrators would be 
authorized to add account administrators.
b. Number of Account Administrators
    As proposed in Rule 10(d)(2), filers who are individuals or single-
member companies would be required to authorize and maintain at least 
one account administrator; all other filers would be required to 
authorize and maintain at least two account administrators. On the 
dashboard, any account administrator could add account administrators 
to the filer's EDGAR account; the maximum number of account 
administrators would be twenty. After an account administrator invited 
the individual on the dashboard, EDGAR would send an email invitation 
to the individual at the email address used to create individual 
account credentials.
    Requiring most filers to authorize at least two account 
administrators would increase the ability of filers to manage their 
EDGAR accounts without interruption. Thus, if an account administrator 
unexpectedly resigned or otherwise ceased to be available to manage the 
filer's account, the remaining account administrators would continue to 
manage the filer's account and could authorize additional account 
administrators. If the account administrator who sought to resign was 
one of the required two account administrators for an entity filer, 
then that account administrator could not be removed from the filer's 
EDGAR account unless the filer first added another account 
administrator through the dashboard to meet the required minimum of two 
account administrators. For individual filers and single-member 
companies, at least one account administrator would always be required 
because those filers typically consist of only one individual. A limit 
of twenty account administrators would likely be sufficient to allow 
for management of large accounts, while avoiding the confusion that a 
larger number of account administrators might cause.
    If all the account administrators for a filer ceased to be 
available to manage the filer's account, the filer would be required to 
submit a new Form ID to authorize new account administrators.
c. Account Administrator Authorization and Removal of Users, Technical 
Administrators, and Other Account Administrators
    An account administrator could add an individual as a user, account 
administrator, or technical administrator for an EDGAR account through 
the dashboard. The account administrator would enter on the dashboard 
the prospective individual's first and last name and email address, and 
EDGAR would send an email invitation to that address. The email address 
would be required to match the email address provided by the individual 
when they obtained individual account credentials. In addition, EDGAR 
would send a notification to the individual through the dashboard if 
the individual to be added had existing access to the dashboard for 
another role or filer. The individual's designation as user, account 
administrator, or technical administrator would be effective when the 
individual accepted the invitation. Individuals would have fourteen 
days within which to accept the invitation.\66\ If the individual did 
not accept within that time period, the individual would not be added, 
and the invitation would become void. The account administrator could 
re-initiate the invitation thereafter, however, to afford the 
individual another opportunity to accept.
---------------------------------------------------------------------------

    \66\ If the deadline fell upon a day when the dashboard was not 
available (e.g., a holiday or weekend), the deadline would be 
deferred until the following business day.
---------------------------------------------------------------------------

    Account administrators could change roles of individuals who had 
already been authorized to act on behalf of the filer, by adding or 
removing roles as account administrator, user, and/or technical 
administrator. The relevant individuals would not be required to accept 
additional invitations or de-

[[Page 65532]]

authorizations for their role to be changed. An account administrator 
could perform all the functions of a user, therefore, an account 
administrator could not also be a user since it would be redundant for 
an individual to hold both roles for the same filer. An individual 
could, however, be both an account administrator and a technical 
administrator for the same filer, or a user and a technical 
administrator for the same filer.
d. Account Administrator Performance of Annual Confirmation
    As proposed under Rule 10(d)(4), each filer would be required to 
perform an annual confirmation on EDGAR of all of the filer's users, 
account administrators, technical administrators, and delegated 
entities, as well as any other information related to the filer 
appearing on the dashboard.\67\ Account administrators would act for 
the filer to carry out this function.\68\ Annual confirmation would 
assist the filer in tracking those authorized to file on EDGAR and 
would provide an opportunity for account administrators to confirm the 
accuracy of those individuals and delegated entities associated with 
the filer and to remove those no longer authorized.
---------------------------------------------------------------------------

    \67\ As discussed above, the dashboard would contain the filer's 
corporate and contact information. See supra text accompanying note 
53. If the filer's information contained in the dashboard was not 
correct, that information could be updated via a COUPDAT submitted 
by the filer's account administrator or user. Proposed paragraph 
(d)(4) is analogous to the requirements currently set forth in the 
EDGAR Filer Manual, Volume I, to securely maintain EDGAR access and 
to maintain accurate company information on EDGAR. See EDGAR Filer 
Manual, Volume I, at Sections 4 and 5.
    \68\ As discussed above, in the 2021 Request for Comment, the 
Commission sought comment on requiring confirmations to be made by 
both account administrators and users. Several commenters objected 
to this requirement on the grounds that it would be duplicative and 
unduly burdensome for account administrators to confirm all users 
authorized to act on behalf of the filer, and for those users to 
separately have to confirm their own authorizations. See supra note 
45. Other commenters recommended limiting confirmation to 
administrators. See supra note 45. To address these commenters' 
concerns, our proposal includes the latter group of commenters' 
recommendation, requiring only account administrators to confirm 
users, account administrators, technical administrators, 
delegations, and other information on the filer's dashboard. We 
believe that limiting the confirmation to account administrators 
should address the concerns from these commenters.
---------------------------------------------------------------------------

    To provide flexibility to filers, EDGAR would allow account 
administrators to select one of four quarterly dates as the filer's 
ongoing confirmation deadline: March 31, June 30, September 30, and 
December 31 (or the next business day, if the date fell upon a weekend 
or holiday when EDGAR was not operating). An account administrator need 
not wait until the deadline to confirm and could confirm at any earlier 
date. An account administrator could further change the quarter when 
confirmation was due by confirming the account at a date in a quarter 
earlier than the currently selected deadline quarter. Confirmation in 
an earlier quarter would result in a confirmation deadline one year 
after the end of the quarter in which the early confirmation occurred. 
For example, if a December 31 confirmation deadline was selected by the 
account administrator for the initial annual confirmation, but the 
account administrator submitted the confirmation for the following year 
in August, the filer's annual confirmation deadline for the next year 
would be September 30 (or the next business day, if the date fell upon 
a weekend or holiday when EDGAR was not operating).
    EDGAR would provide several periodic notices to account 
administrators of the upcoming confirmation deadline, as well as notice 
of completion of confirmation or failure to timely confirm.\69\ There 
would also be a two-week grace period following the confirmation 
deadline, during which account administrators would receive a final 
series of notices reminding them to complete annual confirmation.\70\
---------------------------------------------------------------------------

    \69\ As discussed above, in response to the 2021 Request for 
Comment, some commenters suggested that the Commission implement an 
active notification process to inform filers of impending 
expiration, and the proposed process would follow that approach. See 
supra note 46.
    \70\ These notices would be provided in the dashboard and also 
be sent via email to all account administrators' email addresses 
(e.g., the confirmation deadline notices would be periodically 
provided in both email and via the dashboard multiple times leading 
up to the deadline to ensure that the account administrators were 
fully aware of the pending deadlines). See infra Section III.B.1.f 
(discussing notifications to account administrators).
---------------------------------------------------------------------------

    If no account administrator performed the annual confirmation by 
the end of the grace period, EDGAR would deactivate the filer's access 
and the filer would be required to submit a new Form ID application to 
request access to file on EDGAR.\71\ If Commission staff approved the 
Form ID application, the filer would continue to have the same CIK 
previously assigned and its filing history would be maintained. The 
filer's account administrators listed on Form ID would be required, 
however, to invite through the dashboard, as if to a new account, any 
additional account administrators, technical administrators, and users. 
Although the need to reapply for access and, in particular, the need to 
invite account administrators, users, and technical administrators 
anew, would impose an additional burden on filers, failure to perform 
annual confirmation could signal that the filer was no longer managing 
or controlling the account. Removing individuals from the filer's 
account upon deactivation would safeguard information regarding 
individuals whose information was listed on the filer's dashboard. For 
example, if someone other than the original filer's account 
administrators submitted a Form ID application for access to the 
account, and the original account administrators did not respond to 
Commission staff's inquiries regarding the new Form ID, the process 
outlined above would prevent the new account holder from accessing the 
names, addresses, and contact information of the individuals formerly 
associated with the account.
---------------------------------------------------------------------------

    \71\ As discussed above, in response to the 2021 Request for 
Comment, several commenters urged the Commission to provide a grace 
period to filers that failed to perform annual confirmation timely 
(as opposed to immediately removing access) and separately requested 
that the Commission deny EDGAR access until the administrator 
performed annual confirmation (as opposed to inactivating the EDGAR 
account). See supra notes 47-48. As discussed below, as part of the 
EDGAR Next changes, we would provide multiple notices of the 
impending confirmation deadline to account administrators on the 
dashboard and by email and also provide a two-week grace period that 
would include a series of reminder notices. Collectively, we believe 
this would ensure that the filer's account administrators would 
receive adequate notice and opportunity to timely perform 
confirmation. Deactivating the account due to failure to provide 
confirmation therefore would immediately protect the filer because 
failure to perform the required confirmation could be a sign that 
the account may no longer be managed or controlled by the filer.
---------------------------------------------------------------------------

e. User Groups
    The dashboard would allow an account administrator to group subsets 
of the filer's users into user groups. User groups would:
     Be created by an account administrator;
     Consist only of users, not account administrators or 
technical administrators;
     Contain only users for the same EDGAR account;
     Contain up to 500 users (corresponding to the maximum 
number of users per filer that would be allowed); and
     Not be subject to any numerical limit (i.e., there could 
be an unlimited number of user groups).
    The user group function would primarily assist delegated entities 
to authorize certain delegated users to file on EDGAR for specific 
filers, as explained in the Delegated Entities section below. By 
employing user groups, the delegated administrator could add or remove 
the ability to file

[[Page 65533]]

for a certain filer to all users in the group at once, leading to 
efficiencies of time in managing users.
    If an account administrator added an individual to a user group, 
the individual would receive an invitation to join the user group. If 
the individual accepted, the individual would become a member of the 
user group.
2. Users
    Under EDGAR Next, account administrators could authorize 
individuals with individual account credentials as users able to make 
submissions on EDGAR on behalf of the filer.
a. Authority of Users
    Users would be able to make submissions on EDGAR on the filer's 
behalf. On the dashboard, account administrators and Commission staff 
could determine which users made which submissions; however, this 
information would not be made public on EDGAR. In addition, on the 
dashboard, users could:
     Remove themselves as a user for a filer;
     If using APIs, generate, view, and copy their user API 
tokens (as discussed further in Section III.D below); and
     View basic information about the filer's account, 
including the filer's name, CIK, CCC, and corporate information and 
contact information, as well as the contact information for the account 
administrators.
    Users could not, however, add or remove individuals from the 
dashboard other than themselves. Further, users could not generate a 
new CCC.
    Separately, users could submit COUPDATs to update filer information 
such as name, address, and state of incorporation, as filers currently 
do.
    As part of the login and authentication process for the EDGAR 
filing websites, a user would be able to select the CIK of the filer 
for which submissions were being made, and that CIK would be reflected 
in the accession number \72\ for each of the user's submissions 
(``login CIK''). Users could change their login CIK at any time to any 
other CIK for which they were authorized.
---------------------------------------------------------------------------

    \72\ An accession number is a unique identifier assigned 
automatically to EDGAR submissions for tracking and reference 
purposes. The first 10 digits comprise the CIK of the entity making 
the submission, which may be an entity with reporting obligations or 
a third party (such as a filing agent. The next two digits represent 
the year. The last series of digits comprise a sequential count of 
submitted filings from that CIK. The count is usually, but not 
always, reset to zero at the start of each calendar year.
---------------------------------------------------------------------------

b. Becoming Authorized as a User
    Through the dashboard, an account administrator would invite an 
individual to be a user for the filer's account, and the prospective 
user would receive an email invitation from EDGAR at the email address 
associated with the prospective user's individual account credentials. 
In addition, if the prospective user had a role for any EDGAR account, 
the notification would also appear on the prospective user's dashboard. 
The individual would be required to accept the invitation to become a 
user. The individual could then sign in as a user to the filer's EDGAR 
account by entering her individual account credentials and completing 
multi-factor authentication.
c. Number of Users
    There would be no minimum number of users because account 
administrators could make submissions on behalf of the filer. There 
would be a maximum of 500 users. We anticipate that 500 users would be 
sufficient to accommodate sophisticated filers making a large number of 
varied filings.
3. Technical Administrators
    In connection with the EDGAR Next changes, filers would have an 
option to use a submission API and related informational APIs, and 
filers who opted to use the APIs would be required, through their 
account administrators, to authorize at least two technical 
administrators to manage API tokens and related technology. Technical 
administrators could:
     Issue and deactivate filer API tokens on the dashboard;
     Remove themselves as technical administrators for filers;
     View and correct their own profile information; and
     View basic information about each filer for which they are 
designated as a technical administrator, including the filer's 
corporate information and contact information.
a. Authority of Technical Administrators
    A technical administrator would issue and deactivate filer API 
tokens required to use the APIs, as set forth more fully in the API 
discussion in Section III.D. Technical administrators would also serve 
as points of contact for questions from Commission staff regarding the 
filer's use of the APIs.
    A technical administrator could not add or remove individuals on 
the dashboard, except to remove themselves as technical administrator. 
Nor could a technical administrator make submissions on EDGAR on the 
filer's behalf. Additionally, a technical administrator could not 
generate CCCs and could not change company information. A technical 
administrator could, however, view relevant filer information on the 
dashboard.
    An account administrator could authorize technical administrators 
to be account administrators or users as well as technical 
administrators. To the extent that individuals designated as technical 
administrators also had the role of account administrator or user, they 
would additionally be able to perform the functions associated with 
that role.
b. Becoming a Technical Administrator
    Identical to the process for users, an account administrator would 
invite the prospective technical administrator on the dashboard, and 
EDGAR would send the invitation to the email address associated with 
the prospective technical administrator's individual account 
credentials. In addition, if the prospective technical administrator 
already had a role for any EDGAR account, a notification of the 
invitation would appear on her dashboard. The prospective technical 
administrator would be required to accept the invitation to become a 
technical administrator.
c. Number of Technical Administrators
    As proposed, if the filer chose to use an API, the filer, acting 
through its account administrator, would be required to designate at 
least two technical administrators. This minimum would parallel the 
minimum number of individuals required to be account administrators (in 
the case of filers other than individuals and single-member companies) 
and would reduce the chance that the filer's access to the APIs would 
be interrupted. There would be no exception to the two technical-
administrator minimum for individuals and single-member companies, 
however, because we anticipate that filers that make a large volume of 
submissions--typically large filers and filers who use filing agents--
would use the APIs, and those filers would have sufficient staff to 
designate two technical administrators.
    Because a filer would be required to have at least two technical 
administrators to use the APIs, the dashboard would not allow a 
technical administrator to be removed from a filer's account when only 
two technical administrators were authorized on the account. An account 
administrator would be required to first add another technical 
administrator.

[[Page 65534]]

    There would be a maximum of ten technical administrators per filer. 
This limit would streamline points of contact with the filer and avoid 
confusion at the filer regarding API tokens. For example, having more 
than ten possible technical administrators could heighten opportunities 
for miscommunication between Commission staff and the filer if issues 
arose regarding the use of APIs. Moreover, based on our understanding 
of filers' current practice, we do not anticipate that a filer would 
require more than ten technical administrators to carry out the 
functions of managing technical aspects of the APIs.
Requests for Comment
    4. Should we add a required account administrator role to EDGAR, as 
set forth in proposed Rule 10(d)? If not, why not?
    5. As stated in proposed Rule 10(d), at least two account 
administrators would be required for filing entities (other than 
single-member companies) and one account administrator for individual 
filers and single-member companies. Are these minimum numbers of 
account administrators appropriate? If not, what minimum numbers of 
account administrators would be appropriate? Should individual filers 
and single-member companies be required to have more than one account 
administrator? If so, why?
    6. Should account administrators be permitted to add and/or remove 
other account administrators without the filer's consent? If so, why? 
If the filer's consent is not required, should the filer be notified 
when a new account administrator is added or removed?
    7. Should a prospective filer's Form ID be required to be completed 
and submitted by an account administrator, as set forth in proposed 
Rule 10(b)? If not, what would be the advantages and disadvantages of 
allowing an individual who was not an account administrator to complete 
and submit a Form ID on behalf of an applicant? Please be specific.
    8. In proposed Rule 10(d), each filer, through its account 
administrators, would be required to confirm annually the accuracy of 
the filer's information on the dashboard; maintain accurate and current 
information on EDGAR concerning the filer's account; and securely 
maintain information relevant to the ability to access the filer's 
EDGAR account, including but not limited to access through any EDGAR 
APIs. Should any changes or clarifications be made to the proposed 
responsibilities of filers to be carried out by account administrators 
in proposed Rule 10(d)? If so, how and why should such changes or 
clarifications be made? Should any guidance be provided with regards to 
any of these responsibilities and, if so, how and why?
    9. Should any changes be made to the authorization process for 
account administrators? For example, in the case of company filers, 
should employees of the filer's affiliate be required to be 
authenticated via a notarized power of attorney? If so, why?
    10. Should any changes be made to the scope of the proposed annual 
confirmation requirement set forth in proposed Rule 10(d)? Why? Should 
the confirmation be performed annually, more frequently, or less 
frequently? Why? As currently contemplated as part of EDGAR Next, in 
the case of a failure to satisfy the proposed annual confirmation 
requirement, should there be a grace period for the account 
administrators to satisfy the confirmation requirements before the 
account is deactivated? How long should this grace period be, if 
adopted? Regardless of whether a grace period is provided, should 
failure to satisfy the proposed annual confirmation requirement result 
in deactivation of the account with removal of the individuals 
authorized on the dashboard for the filer, as discussed above, or 
alternatively, would a temporary suspension of EDGAR access without 
removal of any of the individuals authorized on the dashboard for the 
filer be more appropriate, until any of the listed account 
administrators satisfied the confirmation requirement? Why? How long 
should the described temporary suspension be, if adopted? Separately, 
if failure to satisfy the proposed annual confirmation requirements 
should result in deactivation of the account with removal of the 
individuals authorized on the dashboard of the filer, as discussed 
above, should delegated entities and delegating filers also be removed 
from the dashboard? Why or why not?
    11. Would the annual confirmation requirement create any additional 
burden for filers compared to the current annual EDGAR password update 
requirement? If so, are there any improvements to the proposed annual 
confirmation requirement that would reduce the burden for filers? 
Separately, are there any particular concerns for filers who may only 
engage in occasional filings, such as filers pursuant to section 16 of 
the Securities Exchange Act of 1934 who may make sporadic submissions 
of Forms 3, 4, and 5 less than once per year? If so, to what extent 
would those concerns be newly implicated by the proposal, given that 
currently filers must change their password annually or their access to 
EDGAR is deactivated?
    12. Are there any considerations regarding the annual confirmation 
requirement that are specific to individual or entity filers that make 
filings with respect to more than one subject company (e.g., an 
individual filer who is a board member for more than one company)? 
Should the confirmation requirement differ for such filers? If so, why?
    13. Should we add a user role to EDGAR? If not, how would we 
address our policy concerns regarding the identification and 
authorization of individuals who make submissions on the filer's 
behalf? Is a limit of 500 authorized users per filer appropriate, or 
should that number be increased or decreased? Should account 
administrators be able to add users only for a specific filing or for a 
specific period of time, after which the user's authorization 
automatically expires? Should any changes or clarifications be made to 
the scope of authority of users as part of EDGAR Next? If so, how and 
why should the scope of authority of users be different, or how could 
the tasks within the scope of authority for users be clarified?
    14. Should we add a technical administrator role to EDGAR, as set 
forth in proposed Rule 10(d)? If not, how would we address our policy 
concerns regarding the identification and authorization of the 
individuals who would manage the filer's APIs?
    15. Would the requirement of at least two technical administrators 
to manage the filer's APIs, as set forth in proposed Rule 10(d), create 
an undue burden for filers? Should this requirement be revised to more 
fully parallel the limit for account administrators by requiring only 
one technical administrator for filers who are individuals and single-
member companies? Why or why not? Is a maximum number of ten technical 
administrators appropriate? Why or why not? Should any changes or 
clarifications be made to the scope of authority for technical 
administrators as part of the EDGAR Next changes?
    16. For what purposes, if any, would filers need to access the 
dashboard when EDGAR filing functionality was not available? If the 
dashboard were made available to filers for a period of time outside of 
EDGAR operating hours, in addition to during EDGAR operating hours, 
would filers be impacted by the unavailability of filer telephone and 
email support and EDGAR submission capabilities during that time 
period?

[[Page 65535]]

How would they be impacted? Please be specific.

C. Delegated Entities

    Under EDGAR Next, a filer could delegate authority to file on its 
behalf to any other EDGAR filer, such as a filing agent, which would 
become a delegated entity for the filer.
1. Delegating Authority To File
    An account administrator would delegate authority to file by 
entering the prospective delegated entity's CIK on the dashboard. EDGAR 
would then send an email invitation to all account administrators of 
the prospective delegated entity; in addition, the invitation would 
appear on the dashboard of the prospective delegated entity's account 
administrators.
    One account administrator for the prospective delegated entity 
would be required to accept the invitation for the delegation to become 
effective. If no account administrator for the prospective delegated 
entity accepted within fourteen days of it being issued, the invitation 
would lapse; however, the filer could again follow the process outlined 
herein to issue another invitation.\73\
---------------------------------------------------------------------------

    \73\ If the deadline fell upon a day when the dashboard was not 
available (e.g., a holiday or weekend), the deadline would be 
deferred until the following business day.
---------------------------------------------------------------------------

    If the filer's account administrators wished to terminate the 
delegation, they could do so on the dashboard by removing the delegated 
entity's authority to file. Removal of delegation would not require 
acceptance by the delegated entity.
    An account administrator could delegate authority to file to an 
unlimited number of EDGAR accounts, allowing filers to delegate to 
multiple filing agents, for example, should they so choose.
2. Separation of Authority of Filer and Delegated Entity
    An account administrator could not add or remove individual 
delegated users at the delegated entity, nor could the account 
administrator access the delegated entity's dashboard or account.
    Delegated administrators and delegated users could file on the 
filer's behalf, but they could not take any other actions on behalf of 
the filer. Nor could they access the filer's dashboard.\74\ For 
example, a delegated administrator could not add, remove, or confirm 
account administrators, users, or technical administrators for the 
filer. Similarly, delegated administrators would not be able to 
generate or reset the filer's CCC, nor would delegated administrators 
or delegated users be able to make COUPDAT submissions for the 
filer.\75\ Delegated administrators and delegated users would not count 
towards the limits of 20 account administrators and 500 users for the 
filer under EDGAR Next.\76\
---------------------------------------------------------------------------

    \74\ As discussed further below in Section III.C, the dashboard 
would generally be used to manage a filer's EDGAR account, including 
management of individuals authorized to act as account 
administrators, users, and technical administrators; management of 
entities authorized to act as delegated entities; and management of 
filer and user API tokens. Delegated entities would not need to 
access the filer's dashboard in order to make filings on the filer's 
behalf, since filings would be made directly on the EDGAR filing 
websites, as opposed to through the filer's dashboard.
    \75\ As currently planned, delegated administrators and 
delegated users would not be able to make COUPDAT submissions for 
the filer. Delegated administrators and delegated users could, 
however, continue to submit series and company update submissions, 
or SCUPDATs, for registered investment company clients according to 
the present process.
    \76\ See Section III.B.1.b. and III.B.2.c (discussing limits of 
account administrators and users per filer).
---------------------------------------------------------------------------

    Delegated entities could receive and provide multiple delegations, 
but they could not further delegate authority to file to other entities 
on behalf of filers who delegate authority to them. For example, Filer 
A could delegate authority to file on its behalf to Filer B. 
Separately, Filer B could delegate authority to file on its behalf to 
Filer C. In this scenario, however, Filer B could not delegate to Filer 
C the authority to file on behalf of Filer A, and Filer C could not 
file on behalf of Filer A.
3. Delegated Entities
    As EDGAR filers, delegated entities would be required to comply 
with the same requirements applicable to all filers.
    A delegated entity could be any EDGAR account, including but not 
limited to:
     Filing agents; \77\
---------------------------------------------------------------------------

    \77\ We are proposing amendments to Rule 11 under Regulation S-T 
to define a ``filing agent'' as any person or entity engaged in the 
business of making submissions on EDGAR on behalf of filers. This 
would include law firms, financial services companies, and other 
entities engaged in the business of submitting EDGAR filings on 
behalf of their clients. See the discussion of proposed amendments 
to Rule 11 in Section III.E.2.
---------------------------------------------------------------------------

     Issuers, broker-dealers, and others making submissions on 
behalf of individuals filing pursuant to section 16 of the Securities 
Exchange Act of 1934;and
     Parent companies of large groups of related filers.
    A delegated entity would maintain its separate EDGAR account with 
its own account administrators, users, and technical administrators.
    A delegated entity could receive delegated authority to file for an 
unlimited number of filers.
    We contemplate that individuals with section 16 filing obligations 
could delegate authority to file to relevant company filers under the 
construct set forth herein, if they wished to do so. In response to the 
2021 Request for Comment, several commenters suggested that the 
Commission permit the creation of company-specific accounts for each 
individual with filing obligations pursuant to section 16 of the 
Exchange Act.\78\ Commenters stated that such accounts would allow 
individuals to delegate their EDGAR account administration 
responsibilities to the companies for which those individuals had 
section 16 filing obligations.\79\ This framework would make it 
difficult for the Commission and others to track the filings made by a 
specific individual, however, since each filing would be made by a 
different company-specific account without linking individuals to the 
accounts or the filings made therein. The delegation process described 
herein would make it easier for individuals to obtain assistance with 
their filings, while allowing the Commission and others to determine 
filings made by a specific individual. We therefore do not plan to 
implement the commenters' suggestion.
---------------------------------------------------------------------------

    \78\ See supra notes 41-42.
    \79\ See supra notes 41-42.
---------------------------------------------------------------------------

    If a filer authorized a delegated entity to file on its behalf, one 
of the delegated entity's account administrators would be required to 
accept the invitation; further, upon acceptance, all of the delegated 
entity's account administrators would automatically become delegated 
administrators for the filer. All delegated administrators for the 
filer would have co-equal authority with regard to that filer. If the 
delegated entity added or removed one of the account administrators for 
its own EDGAR account, then that individual would also be added or 
removed as a delegated administrator for the filer. These relationships 
are illustrated in diagram 3 below.

[[Page 65536]]

[GRAPHIC] [TIFF OMITTED] TP22SE23.002

4. Delegated Users
    If a delegated entity accepted a delegation from a filer, the 
delegated administrators could authorize specific users at the 
delegated entity to become delegated users with respect to that filer. 
Delegated users would not count as part of the 500-user limit for the 
filer.\80\
---------------------------------------------------------------------------

    \80\ See supra Section III.B.2.c.
---------------------------------------------------------------------------

    Alternately, if delegated administrators wanted all of their users 
to become delegated users with respect to a filer, the delegated 
administrators could check a box to automatically designate all of the 
users at the delegated entity as delegated users for the filer.
    Thus, delegated administrators would have the following options:
     Authorize a subset of the delegated entity's users as 
delegated users, through the user group function, as discussed above 
and further explained below;
     Authorize all of the delegated entity's users as delegated 
users for the filer; or
     Not authorize any delegated users (because the delegated 
administrators could file on behalf of the filer \81\).
---------------------------------------------------------------------------

    \81\ For this reason, delegated administrators could not be 
designated as delegated users with regards to the delegating filer, 
because doing so would be redundant.
---------------------------------------------------------------------------

    Users at the delegated entity would receive notifications if a 
delegated administrator added or removed them as a delegated user for a 
particular filer, however, users would not need to accept the 
notification or take any further action to become a delegated user for 
a filer.
    Delegated users could submit filings on behalf of the filer on the 
EDGAR filing websites or through the submission API (which would also 
require the user to generate and submit a user API token, as discussed 
further below).
5. User Groups at Delegated Entities
    We believe that the user group function would provide an efficient 
method for delegated administrators to manage delegated users. 
Delegated entities, through their delegated administrators, could 
employ user groups to assign certain users to different filers for whom 
they possessed delegated authority to file. An example is provided in 
diagram 4 below.

[[Page 65537]]

[GRAPHIC] [TIFF OMITTED] TP22SE23.003

     In diagram 4, the account administrators for Filer A and 
Filer B delegated to Filer C. As a result, Filer C's account 
administrators became delegated administrators for Filers A and B. In 
this example, Filer C might be a filing agent to which Filer A or Filer 
B gave authority to make filings on its behalf, and Filer A and Filer B 
might be public companies or investment companies.
     A delegated administrator at Filer C created User Group 1 
containing Filer C's Users 1, 2, and 3. The delegated administrator 
assigned authority to file for Filer A to User Group 1. Users 1, 2, and 
3 are thus delegated users for Filer A because they are members of User 
Group 1. If additional users from Filer C were added to User Group 1, 
those additional users would also become delegated users for Filer A.
     The delegated administrator at Filer C also created User 
Group 2 containing Filer C's User 3. The delegated administrator 
assigned authority to file for Filer B to User Group 2. User 3 is a 
delegated user for Filer B.
     By employing the user group function, the delegated 
administrator at Filer C restricted delegated filing permissions for 
Filer A to Filer C Users 1, 2, and 3 only (via User Group 1) and 
delegated filing permissions for Filer B to Filer C User 3 only (via 
User Group 2). Filer C User 4 has not been authorized as a delegated 
user for any filers.
     In diagram 4, each user group has only been assigned 
authority to file for a single filer, but user groups could be assigned 
authority to file for multiple filers.
    Delegated administrators could also designate a default user group 
of individuals who would be automatically assigned as delegated users 
for all future delegations. The ability to have a default user group 
would be an efficient way for delegated administrators to authorize 
groups of their users as delegated users for any delegating filer.
    Users would receive notifications when added to or removed from a 
user group, and when the user group to which they belonged became 
authorized to make submissions for a filer, or when that authorization 
was removed. Users would not need to accept or otherwise take any 
action on these notifications.
6. Technical Administrators at Delegated Entities
    If the delegated entity chose to use APIs, the delegated entity 
would be required to designate its own technical administrators. The 
delegated entity's technical administrators would be responsible for 
maintaining the API capabilities for filings by the delegated entity. 
They would manage the delegated entity's own filer API tokens, as 
discussed further in Section III.D.1, and the delegated entity would 
use the delegated entity's filer API tokens to make filings for any 
filers that delegated authority to it. Technical administrators at the 
delegated entity would not manage any APIs in use by the filer itself. 
Nor would the technical administrator need different tokens for 
different filers that delegated to the delegated entity.
Requests for Comment
    17. Should we add individual roles to EDGAR for delegated 
administrators and delegated users? If not, how should we address our 
policy concerns regarding the identification and authorization of the 
delegated individuals who would submit filings on the filer's behalf?
    18. Should account administrators be able to delegate filing 
authority to any EDGAR filer (and remove such delegation)? Do 
commenters have any concerns with the delegation function or any 
suggested modifications? For example, should delegation be limited to 
EDGAR filers that selected ``filing agent'' as the account type on Form 
ID when opening the account? Or should delegation be permitted to any 
EDGAR account, as proposed? Why?
    19. Would the EDGAR Next delegation framework address concerns 
raised by commenters about the impact that the contemplated EDGAR Next 
changes would have on individual officer and director filers pursuant 
to section 16 of the Exchange Act, in light of the fact that individual 
officer and director filers could delegate authority to file on their 
behalf to any related companies, law firms, or filing agents? Why or 
why not?
    20. Should any changes be made to the authority of delegated 
administrators and delegated users under EDGAR Next?
    21. Are there any situations where the EDGAR Next delegation 
framework could be streamlined?
    22. Would user group functionality facilitate the ability of 
account administrators and delegated

[[Page 65538]]

administrators to efficiently add and remove users and delegated users? 
Why or why not? Should any changes to user group functionality be made?

D. Application Programming Interfaces

    As part of the EDGAR Next changes, the Commission would offer APIs 
to filers to allow machine-to-machine communication with EDGAR. The 
Commission plans initially to provide three APIs to allow filers to:
     Make both live and test submissions on EDGAR (``submission 
API'');
     Check the status of an EDGAR submission (``submission 
status API''); and
     Check EDGAR operational status (``EDGAR operational status 
API'').
    Pursuant to proposed Rule 10(d)(3), to use the APIs, filers would 
be required to authorize at least two technical administrators.
    Additionally, we plan to specify in the EDGAR Filer Manual that, to 
use the APIs, filers would be required to present filer API tokens and 
user API tokens to EDGAR that would be generated on the dashboard. The 
filer's technical administrators would be required to generate a filer 
API token to authenticate the filer. Further, the individual user or 
account administrator who submits the filing would be required to 
generate a user API token to authenticate herself as an authorized user 
or account administrator for the filer. We plan that filer and user API 
tokens would be confidential alphanumeric strings of text separately 
generated in the dashboard by a technical administrator and a user, 
respectively, and each would be valid for one year.\82\ Employing these 
tokens would allow automated server-to-server authentication without 
the need for manual individual account credential multi-factor 
authentication, thus addressing a significant concern raised by 
commenters in the 2021 Request for Comment.\83\
---------------------------------------------------------------------------

    \82\ As a security measure, we contemplate that the user API 
token would be deactivated if the user had not successfully logged 
into the EDGAR Filer Management dashboard or one of the EDGAR filing 
websites (EDGAR Filing or EDGAR Online Forms) within the last 30 
days.
    \83\ See supra notes 38-39.
---------------------------------------------------------------------------

    In addition, as they would with other similar APIs, filers would 
need to create, license, or otherwise obtain software (a ``filing 
application'') to interface with the APIs. Additional information 
regarding the APIs is available in the Overview of EDGAR Application 
Programming Interfaces (``Overview of EDGAR APIs'') located on the 
EDGAR Next page on SEC.gov.
    The use of APIs would be optional. Filers that seek to file on 
EDGAR, check the status of a submission, or check EDGAR operational 
status would continue to be able to do so without using an API, as they 
currently do.
1. Submission API
    The submission API would provide filers a new option to submit test 
and live filer-constructed EDGAR submissions through a machine-to-
machine connection.\84\ Filers who do not wish to use the API to make 
filer-constructed submissions, and filers making other types of 
submissions, could file through the web-based EDGAR filing 
websites.\85\
---------------------------------------------------------------------------

    \84\ Currently, EDGAR accepts approximately 525 submission 
types, of which approximately 500 (95%) permit filer construction.
    \85\ Whether submissions were made through the API or the EDGAR 
filing websites, filers would specify the CIK for which they would 
be making submissions. That CIK number would be reflected in the 
accession number associated with those submissions. Filers could 
change the login CIK reflected in the accession number at any time 
to any other CIK for which the filer was authorized to file on 
EDGAR. For example, a filing agent could choose to submit filings 
for a client filer using its own login CIK, or by using its client 
filer's login CIK.
---------------------------------------------------------------------------

    To use the optional submission API, filers would be required to 
comply with certain requirements. For filer API tokens, we plan that:
     A filer API token would be needed to identify the filer or 
filing agent accessing the API.
     Only the filer's authorized technical administrator could 
create filer API tokens.
     Filers could have multiple, valid filer API tokens (for 
example, to identify different subsidiaries or divisions within the 
filer) in use at the same time.
     A technical administrator would need to log into the 
dashboard and be authenticated with individual account credentials to 
create a filer API token.
     A technical administrator could terminate a filer API 
token on the dashboard at any time.
     A filer API token would remain valid for up to one year.
     While valid, a filer API token could be used to submit an 
unlimited number of filings.
    For user API tokens, we plan that:
     Only a user, delegated user, or account administrator for 
the filer associated with the filer API token could be authorized as a 
user for the API.
     A user API token would be needed to identify the user 
associated with each submission.
     Users would have only one valid user API token at a given 
time.
     A user would log into the dashboard and be authenticated 
with individual account credentials to create a user API token.
     A user API token would remain valid for up to one year 
provided that the user associated with the token logged into the 
dashboard or one of the EDGAR filing websites at least every 30 days. 
If the user did not log in at least every 30 days, the user API token 
would be deactivated.
     A user could terminate its user API token on the dashboard 
at any time.
     While valid, a user API token could be used to submit an 
unlimited number of filings.
    The Overview of EDGAR APIs lists certain technical standards for 
the submission API, as well as the expected inputs and outputs.
2. Submission Status API
    Currently, EDGAR receives significant network traffic inquiring as 
to the status of EDGAR submissions. Many filers check EDGAR submission 
status immediately upon making a filing and again regularly until the 
submission is accepted and ultimately disseminated, or alternately 
suspended. This may result in significant network traffic for EDGAR and 
represent a tedious manual process for filers. Providing a submission 
status API would allow filers to use their filing application to 
simultaneously check the status of multiple submissions in a batch 
process, instead of manually logging into EDGAR and individually 
checking the status of each submission.
    The Overview of EDGAR APIs lists certain technical standards for 
the submission status API, as well as the expected inputs and outputs. 
Among other things, the submission status API would require a valid 
filer API token; it would not require a user API token. The submission 
status API would indicate to the filing application whether each 
submission was submitted and accepted, but not yet publicly 
disseminated; \86\ submitted and accepted, and publicly disseminated; 
or submitted and suspended. In turn, the filing application would 
display this information to the filer.
---------------------------------------------------------------------------

    \86\ Generally, filings are first accepted and then subsequently 
disseminated. However, certain filings remain nonpublic and are 
never disseminated, so those filings will never progress from 
accepted to disseminated status.
---------------------------------------------------------------------------

3. EDGAR Operational Status API
    Many filers check EDGAR operational status continuously throughout 
the filing day. This may result in significant network traffic for 
EDGAR and constitute a tedious manual process for

[[Page 65539]]

filers. Providing an EDGAR operational status API would allow filers to 
use their filing application to check the operational status of EDGAR 
at any given time.
    The Overview of EDGAR APIs lists certain technical standards for 
the EDGAR operational status API, as well as the expected inputs and 
outputs. Among other things, the EDGAR operational status API would 
require a valid filer API token to be submitted by the filing 
application; it would not require a user API token. The EDGAR 
operational status API would indicate to the filing application whether 
EDGAR was fully operational, unavailable (after business hours), or not 
fully operational in whatever regard at that point in time (for 
example, if EDGAR is not disseminating to SEC.gov). In turn, the filing 
application would display this information to the filer.
Requests for Comment
    23. Should we add other EDGAR information that could be accessed 
through APIs, and, if so, why? Please rank in terms of priority any 
additional information that you would like to see added, and also 
estimate how much usage you believe that information API would receive 
(for example, in potential hits per day).
    24. The Overview of EDGAR APIs lists certain technical standards 
for the planned APIs. Are there any considerations we should take into 
account when determining what technical standards should be used for 
the planned APIs?

E. Proposed Amendments to Rules and Forms

1. Rule 10 Under Regulation S-T
    We propose to add new paragraph (d) to Rule 10 to implement the 
changes being contemplated as part of EDGAR Next. Proposed paragraphs 
(d)(1) through (4), are discussed in full above.\87\
---------------------------------------------------------------------------

    \87\ See supra Section I, III.A, III.B, III.C, and III.D.
---------------------------------------------------------------------------

    We further propose to add new paragraph (d)(5) to require that the 
filer, through its authorized account administrators, maintain accurate 
and current information on EDGAR concerning the filer's account, 
including but not limited to accurate corporate information and contact 
information, such as mailing and business addresses, email addresses, 
and telephone numbers. This would constitute an ongoing obligation for 
the filer to update its information on EDGAR as necessary. Similar to 
proposed paragraph (d)(4), proposed paragraph (d)(5) is analogous to 
the requirements currently set forth in the EDGAR Filer Manual, Volume 
I to securely maintain EDGAR access \88\ and to maintain accurate 
company information on EDGAR.\89\ The proposed requirement in paragraph 
(d)(5) would allow Commission staff and the public to rely upon the 
accuracy of the filer's information contained in EDGAR.
---------------------------------------------------------------------------

    \88\ EDGAR Filer Manual, Volume I, at Section 4.
    \89\ EDGAR Filer Manual, Volume I, at Section 5.
---------------------------------------------------------------------------

    Proposed paragraph (d)(6) would require the filer, through its 
authorized account administrators, to securely maintain information 
relevant to the ability to access the filer's EDGAR account, including 
access through any EDGAR API. This requirement is designed to ensure 
that information relevant to the ability to access the filer's account, 
such as individual account credentials and API tokens, is securely 
maintained and not publicly exposed or otherwise compromised. Similar 
to proposed paragraphs (d)(4) and (d)(5), proposed paragraph (d)(6) is 
analogous to the requirements currently set forth in the EDGAR Filer 
Manual, Volume I to securely maintain EDGAR access and to maintain 
accurate company information on EDGAR.
    The Commission also proposes to amend Rule 10 to make certain 
technical and conforming changes. Rule 10(b) would be revised to refer 
to ``each electronic filer'' who would be required to submit Form ID 
before filing on EDGAR, instead of ``each registrant, third party 
filer, or filing agent.'' \90\ This change is not intended to alter the 
scope of who would be subject to Rule 10(b), but instead clarifies that 
all new electronic filers would be required to submit Form ID for 
review and approval by Commission staff before they may file on EDGAR.
---------------------------------------------------------------------------

    \90\ Compare Rule 10(b) of Regulation S-T (``Each registrant, 
third party filer, or filing agent must, before filing on EDGAR . . 
.'' with proposed Rule 10(b) of Regulation S-T (``Each electronic 
filer must, before filing on EDGAR . . .'').
---------------------------------------------------------------------------

    In addition, we propose to amend Rule 10(b)(2), which currently 
states that an authenticating document for Form ID must be signed by 
the applicant, to also state that the authenticating document may be 
signed by an authorized individual of the prospective filer.\91\ This 
change is intended to conform the language in Rule 10(b)(2) with the 
text of the EDGAR Filer Manual, which currently provides that the 
authenticating document shall be signed by an authorized individual, 
including a person with a power of attorney.\92\
---------------------------------------------------------------------------

    \91\ Compare Rule 10(b)(2) of Regulation S-T (``File . . . a 
notarized document, signed by the applicant . . .'' with proposed 
Rule 10(b)(2) of Regulation S-T (``File . . . a notarized document, 
signed by the electronic filer or its authorized individual . . 
.'').
    \92\ See EDGAR Filer Manual, Volume I, at Section 3(a).
---------------------------------------------------------------------------

    Finally, we propose to revise the note to Rule 10 that currently 
``strongly urges'' potential applicants for EDGAR access to state that 
the Commission staff carefully reviews each Form ID application and 
filers should not assume that the Commission staff will automatically 
approve the Form ID. Therefore, filers should submit Form ID ``well in 
advance'' of their first required filing.\93\ We believe this makes 
clear that Commission staff requires time to review the Form ID. Due to 
the often high volume of Form ID applications for Commission staff 
review, potential applicants should allow sufficient time for the 
review process to be conducted in the event that staff is concurrently 
reviewing a high volume of applications.
---------------------------------------------------------------------------

    \93\ As proposed, the note states: ``The Commission staff 
carefully reviews each Form ID application, and electronic filers 
should not assume that the Commission staff will automatically 
approve the Form ID upon its submission. Therefore, any applicant 
seeking EDGAR access is encouraged to submit the Form ID for review 
well in advance of the first required filing to allow sufficient 
time for staff to review the application.''
---------------------------------------------------------------------------

Requests for Comment
    25. Do the proposed amendments to Rule 10 described above 
appropriately implement the proposed technical and conforming changes? 
Should additional or fewer changes be made to Rule 10 and, if so, why? 
For example, should specific requirements be added to Rule 10 that 
place requirements directly upon users, delegated entities, and 
technical administrators, as opposed to placing requirements upon 
account administrators to manage users, delegated entities, and 
technical administrators? Why or why not? Are there any technical, 
conforming, or clarifying changes to Rule 10 that should be made, and 
if so, why?
2. Rule 11 Under Regulation S-T
    We also propose to amend Rule 11 under Regulation S-T, 
``Definitions of terms used in this part,'' to add and define new terms 
discussed in this proposing release and update the definitions of 
certain existing terms. The proposed amendments include terms and 
definitions specific to the proposed rule and form amendments that 
would change how individuals and entities access, file on, and manage 
EDGAR accounts.
    Certain terms would define the new roles for individuals 
contemplated by EDGAR Next, as follows:

[[Page 65540]]

    ``Account administrator'' would mean the individual that the filer 
authorizes to manage its EDGAR account and to make filings on EDGAR on 
the filer's behalf. The designation of an account administrator would 
help ensure that only authorized persons are able to file and take 
other actions on behalf of the filer.
    ``Authorized individual'' would mean an individual with the 
authority to legally bind the entity or individual applying for access 
to EDGAR on Form ID, or an individual with a power of attorney from an 
individual with the authority to legally bind the applicant. The power 
of attorney document must clearly state that the individual receiving 
the power of attorney has general legal authority to bind the applicant 
or specific legal authority to bind the applicant for purposes of 
applying for access to EDGAR on Form ID.
    ``Delegated entity'' would mean a filer that another filer 
authorizes on the dashboard to file on its behalf. As itself a filer, a 
delegated entity would be subject to all applicable rules for filing on 
EDGAR. Delegated entities would not be permitted to further delegate 
authority to file for the delegating filer, nor would they be permitted 
to take action on the delegating filer's dashboard.
    ``Filing agent'' would mean any person or entity engaged in the 
business of making submissions on EDGAR on behalf of filers. As 
discussed above in Section III.C., to act as a delegated entity for a 
filer, a filing agent would be a filer with an EDGAR account.
    ``Single-member company'' would describe a company that only has a 
single individual who acts as the sole equity holder, director, and 
officer (or, in the case of an entity without directors and officers, 
holds position(s) performing similar activities as a director and 
officer).
    ``Technical administrator'' would mean an individual that the filer 
authorizes on the dashboard to manage the technical aspects of the 
filer's use of EDGAR APIs on the filer's behalf.
    ``User'' would mean an individual that the filer authorizes on the 
dashboard to make submissions on EDGAR on the filer's behalf.
    Other terms would identify new applications and upgrades to access 
and maintain filers' accounts on EDGAR, including:
    ``Application Programming Interface'' (API) would be defined as a 
software interface that allows computers or applications to communicate 
with each other. As discussed in Section III. D., the relevant APIs 
would include those that give filers the option to automate submissions 
on EDGAR and to retrieve certain submission-related information.
    ``Dashboard'' would mean an interactive function on EDGAR where 
filers manage their EDGAR accounts and where individuals that filers 
authorize may take relevant actions for filers' accounts.
    ``Individual account credentials'' would mean credentials issued to 
individuals for purposes of EDGAR access, as specified in the EDGAR 
Filer Manual, and used by those individuals to access EDGAR. (As 
previously mentioned, we currently anticipate that the EDGAR Filer 
Manual would specify that individual account credentials must be 
obtained through Login.gov, a sign-in service of the United States 
Government that employs multi-factor authentication.)
    Collectively, these terms would assist in implementing the proposed 
rule and form amendments by clarifying how the proposed requirements 
would apply.
    The amendments would also update or delete outdated terminology 
from certain definitions in Rule 11, such as references to ``telephone 
sessions'' in the definition of ``direct transmission.'' \94\ Although 
some filers may still use dial-up internet to access EDGAR, we expect 
that nearly all filers currently rely on broadband, cable, or other 
internet technologies.
---------------------------------------------------------------------------

    \94\ Compare the definition of ``direct transmission'' in Rule 
11 of Regulation S-T (``the transmission of one or more electronic 
submissions via a telephonic communication session'') with the 
definition of ``direct transmission'' in proposed Rule 11 of 
Regulation S-T (``the transmission of one or more electronic 
submissions'').
---------------------------------------------------------------------------

    Finally, we propose updating the definition of ``EDGAR Filer 
Manual'' to more clearly describe its contents. Rule 11 currently 
defines ``EDGAR Filer Manual'' as ``. . . setting out the technical 
format requirements for an electronic submission.'' The EDGAR Filer 
Manual has been updated over time, however, to include additional 
requirements for filers, including those pertaining to seeking EDGAR 
access, maintaining EDGAR company information, and submitting online 
filings. We therefore propose to update the EDGAR Filer Manual 
definition accordingly to indicate the inclusion of these procedural 
requirements. We believe that the amended definition, if adopted, would 
better inform filers of the scope of the EDGAR Filer Manual 
requirements.
Requests for Comment
    26. Do the proposed amendments to Rule 11 appropriately define the 
necessary terms in EDGAR Next? If not, please explain. Are there any 
additional terms that should be defined and, if so, why?
    27. As proposed, should we amend certain terms to update 
terminology or more clearly define existing definitions? Are there any 
proposed terms that are inconsistent with existing definitions or 
concepts or that otherwise should not be defined? Should any additional 
terms be revised to update outdated terminology or to clarify existing 
definitions? Please be specific.
3. Form ID
    Form ID is an online fillable form that must be completed and 
submitted to the Commission by all individuals, companies, and other 
organizations who seek access to file electronically on EDGAR.\95\ 
Among other things, Form ID seeks information about the identity and 
contact information of the applicant. The proposed amendments to Form 
ID include proposed changes to information required to be reported on 
the form as well as technical changes.
---------------------------------------------------------------------------

    \95\ Compare Rule 10(b) (providing that each registrant, third 
party filer, or agent seeking EDGAR access must submit Form ID) with 
proposed Rule 10(b) (providing that each electronic filer seeking 
EDGAR access must submit Form ID).
---------------------------------------------------------------------------

    As outlined above, the proposed amendments to Form ID would require 
an applicant for EDGAR access to undertake certain additional 
disclosure obligations, including most significantly:
    (1) Designating on Form ID specific individuals the applicant 
authorizes to act as its account administrators to manage its EDGAR 
account on a dedicated dashboard on EDGAR. Applicants would generally 
be required to authorize two account administrators, although 
individuals and single-member companies would only be required to 
authorize one account administrator. If a prospective account 
administrator was not (1) the applicant (in the case of an individual 
applicant) or (2) an employee of the applicant or its affiliate (in the 
case of a company applicant), the applicant would also be required to 
disclose the prospective account administrator's employer and CIK, if 
any, and provide a notarized power of attorney to authorize the 
individual to manage the applicant's EDGAR account as an account 
administrator.
    (2) The applicant's Legal Entity Identifier (``LEI'') number if 
any.
     The LEI is a unique identifier associated with a single 
corporate entity and is intended to provide a uniform international 
standard for identifying counterparties to a transaction.
     Although there are certain modest costs to obtain and 
maintain an LEI, fees

[[Page 65541]]

are not imposed on data users for usage of or access to LEIs, and all 
of the associated reference data needed to understand, process, and 
utilize the LEIs are widely and freely available and not subject to any 
usage restrictions.\96\
---------------------------------------------------------------------------

    \96\ The cost of obtaining and maintaining an LEI is 
approximately $50 to $65 per year. See LEI Price List, LEI Register, 
available at https://www.lei-identifier.com/lei-price-list/
#:~:text=LEI%20application%20and%20registration%20price,%2D%20%24250(
%24%2050%20%2F%20year).
---------------------------------------------------------------------------

     Applicants that have not yet obtained an LEI would not be 
required to obtain one.
     The inclusion of LEI information would facilitate the 
ability of Commission staff to link the identity of the applicant with 
information reported on other filings or sources that are currently or 
will be reported elsewhere, if LEIs become more widely used by 
regulators and the financial industry.
    (3) Providing more specific contact information about the filer, 
and the filer's account administrator(s), authorized individual (the 
individual authorized to submit Form ID on the filer's behalf, as 
defined in the EDGAR Filer Manual), and billing contact (including 
mailing, business, and billing information, as applicable).
     More specific contact information would allow Commission 
staff to reach account administrators, authorized individuals, and 
billing contacts associated with the filer when necessary.
    (4) Specifying whether the applicant, its authorized individual, 
person signing a power of attorney (if applicable), account 
administrator, or billing contact has been criminally convicted as a 
result of a Federal or State securities law violation, or civilly or 
administratively enjoined, barred, suspended, or banned in any 
capacity, as a result of a Federal or State securities law violation.
     Information about whether the applicant or certain 
individuals named on Form ID may be subject to relevant bars and 
prohibitions (including but not limited to officer and director bars, 
prohibitions from associating with brokers, dealers, investment 
advisers, and/or other securities entities, and bars from participation 
in certain industries) would allow Commission staff to determine 
whether such bars or prohibitions are relevant to the application for 
EDGAR access.
     Individuals disclosing the existence of a criminal 
conviction, or civil or administrative injunction, bar, suspension, or 
ban may be contacted by SEC staff to determine the applicant's 
eligibility for EDGAR access.
    (5) Indicating whether the applicant, if a company, is in good 
standing with its state or country of incorporation.
     Good standing generally means a company is legally 
authorized to do business in the relevant state or country and has 
filed all required reports and paid all related fees to the relevant 
jurisdiction.
     Although the lack of good standing would not prevent a 
company from obtaining EDGAR access, this information could be relevant 
in determining whether it may be appropriate for the staff to review 
additional documentation as part of its assessment of the application.
    (6) Requiring submission of a new Form ID if the applicant claims 
to have (i) lost electronic access to its existing CIK account or (ii) 
assumed legal control of a filer listed on an existing CIK account but 
did not receive EDGAR access from that filer.
     Currently, applicants seeking to obtain control of an 
existing EDGAR account are required to submit certain summary 
information but are not required to submit a full application on Form 
ID. To assist Commission staff in determining whether applicants 
seeking to obtain control of existing EDGAR accounts are legitimate, we 
propose to require such applicants to submit a new Form ID. To 
facilitate the application process, certain publicly available 
corporate and contact information (such as the filer's name, ``doing 
business as'' name, foreign name, mailing and business addresses, 
state/country of incorporation, and fiscal year end) would be 
automatically prepopulated from EDGAR so that applicants would not need 
to resubmit that information, although applicants could update that 
information on Form ID as necessary.\97\
---------------------------------------------------------------------------

    \97\ The filer would nevertheless need to submit a COUPDAT to 
update its existing corporate and contact information on EDGAR 
(other than the filer's account administrator information) if the 
Form ID were granted. As they presently do, broker-dealers would 
submit a Form BD amendment to FINRA to update their corporate and 
contact information.
---------------------------------------------------------------------------

    (7) Requiring those seeking access to an existing EDGAR account to 
upload to EDGAR the documents that establish the applicant's authority 
over the company or individual listed in EDGAR on the existing 
account.\98\
---------------------------------------------------------------------------

    \98\ The EDGAR Filer Manual currently provides guidance 
regarding what documents would be sufficient to establish the 
applicant's authority. See EDGAR Filer Manual, Volume I, at Section 
4(b).
---------------------------------------------------------------------------

    In addition, we would make certain conforming, formatting, and 
ancillary changes to modernize Form ID without significantly altering 
current disclosure obligations. For example, a checkbox would be added 
to each address field for identification of non-U.S. locations, which 
would improve data analytics. As another example, company applicants 
would be required to provide their primary website address, if any, to 
provide staff additional contact and other information regarding the 
filer. Further, certain disclosure warnings that are currently listed 
in the EDGAR Filer Manual and the landing page of the EDGAR Filing 
website would be incorporated into Form ID to more clearly provide 
notice of those matters to filers.\99\
---------------------------------------------------------------------------

    \99\ Proposed Form ID would include a section titled ``Important 
information'' that would include the following disclosure warning: 
``Misstatements or omissions of fact in connection with an 
application for EDGAR access and/or in a submission on EDGAR may 
constitute a criminal violation under 18 U.S.C. 1001 and 1030 and/or 
a violation of other criminal and civil laws. If the SEC has reason 
to believe that an application for EDGAR access and/or a submission 
on EDGAR is misleading, manipulative, and/or unauthorized, the SEC 
may prevent acceptance or dissemination of the application/
submission and/or prevent future submissions or otherwise remove a 
filer's access to EDGAR pursuant to Rule 15 of Regulation S-T, 17 
CFR 232.15.''
---------------------------------------------------------------------------

    Collectively, the proposed amendments would enhance the security of 
EDGAR by allowing Commission staff to obtain more information about the 
applicant and its contacts for staff to confirm the identity of the 
applicant and the individuals associated with the applicant, assess 
whether the application is properly authorized, and determine whether 
there are any other issues relevant to the application for EDGAR access 
for staff's consideration.
Requests for Comment
    28. Should any of the proposed amendments to Form ID be revised or 
removed and, if so, why or why not? For example, should any limits or 
qualifiers be placed on the proposed disclosure requirement regarding 
whether the applicant, its authorized individual, person signing a 
power of attorney (if applicable), account administrator, or billing 
contact has been criminally convicted as a result of a Federal or State 
securities law violation, or civilly or administratively enjoined, 
barred, suspended, or banned as a result of a Federal or State 
securities law violation? If so, why? Should this requirement apply to 
each of the applicant, its authorized individual, person signing a 
power of attorney (if applicable), account administrator, and billing 
contact, or only to certain categories of the aforementioned groups? 
Please explain your answer. Likewise, should the proposed requirement 
regarding whether the applicant is in good standing be revised or 
removed and, if

[[Page 65542]]

so, why? For example, if applicable, should we also require an 
explanation of why the applicant is not in good standing? Why or why 
not?
    29. Would the proposed amendments to Form ID appropriately support 
the EDGAR Next changes to filer access and account management? Why or 
why not? Should Form ID require any additional information, or should 
any of the information proposed to be required be revised or deleted? 
Please explain.
    30. Should Form ID be revised to require or allow applicants to 
provide the reason they are applying for access? For example, if 
applicants have an urgent upcoming filing deadline, should applicants 
be required or permitted to provide that information?

F. Transition Process

    We believe that, if the proposed rule and form amendments are 
adopted and the technical changes are implemented, it would be 
efficient for the Commission and for the approximately 220,000 active 
EDGAR filers--those who made a submission on EDGAR in the last two 
years--to accomplish the transition to EDGAR Next over a period of 
several months, as set forth below.\100\ We anticipate that mandatory 
enrollment would begin one month after adoption and remain open for six 
months thereafter (the ``Enrollment Period'').
---------------------------------------------------------------------------

    \100\ Of these 220,000 EDGAR accounts, approximately 149,000 
represent entity filers and approximately 71,000 represent 
individual filers. In total, regardless of account activity, there 
are approximately 1,000,000 filer accounts in EDGAR. We believe that 
the vast majority of the approximately 800,000 EDGAR filer accounts 
for which no filings have been made in the last two years are 
defunct and therefore would not transition to EDGAR Next.
---------------------------------------------------------------------------

    During the Enrollment Period, existing filers would continue to 
file on EDGAR using the EDGAR filing websites, as they presently do, by 
logging on with the relevant CIK and password. The individual account 
credentials would not yet be used, nor would use of the dashboard to 
manage the account be required.
    Applicants that seek EDGAR access subsequent to the compliance date 
would be immediately subject to the EDGAR Next requirements, if 
adopted.
1. Individual Account Credentials
    If the Commission adopts the proposed amendments, individuals could 
seek individual account credentials in the manner to be specified in 
the EDGAR Filer Manual in advance of the required Enrollment Period. As 
a result, when the Enrollment Period begins, filers could immediately 
enroll the individuals with individual account credentials. Further, if 
the Commission adopts the proposed amendments and implements the EDGAR 
Next changes, and requires Login.gov as the individual account 
credential provider, we anticipate that individuals with existing 
Login.gov accounts would be able to use those accounts as their 
individual account credentials for purposes of EDGAR access.
2. Enrollment
    Existing filers would enroll on an enrollment page on the EDGAR 
Filer Management website without submitting a Form ID. We intend to 
provide two options: (a) manual enrollment of single EDGAR accounts on 
an account-by-account basis; and (b) enrollment of multiple accounts 
simultaneously.
a. Manual Enrollment for a Single EDGAR Account
    As a preliminary matter, each existing filer would be required to 
authorize two individuals to manage the filer's EDGAR account as 
account administrators, with the exception of individuals and single-
member companies, which would be required to authorize one account 
administrator. On behalf of each existing filer, one account 
administrator would enter their individual account credentials to log 
in to an enrollment page on EDGAR. The account administrator would 
manually enter the filer's CIK, CCC, and EDGAR passphrase\101\ to 
ensure that a properly authenticated individual is enrolling the filer. 
If EDGAR authenticated that data, the account administrator would enter 
account administrator names, business contact information, and the 
email addresses used to obtain individual account credentials. By 
entering that information, the filer would indicate its authorization 
of the listed individuals as the filer's account administrators, as 
well as the accuracy of the information provided.
---------------------------------------------------------------------------

    \101\ Filers that have forgotten or lost their CCC could change 
or regenerate it using their PMAC or passphrase. Filers that have 
lost or forgotten their passphrase could reset it by sending a 
security token to the email associated with the account. Filers that 
have lost or forgotten their passphrase and that no longer have 
access to the email associated with the account would have to 
reapply for EDGAR access on Form ID.
---------------------------------------------------------------------------

    Each EDGAR account would enroll once. If there was an attempt to 
enroll an EDGAR account that had already been enrolled, the subsequent 
attempted enrollment would be denied. An individual filer who makes 
filings with respect to multiple companies (e.g., the CEO of one 
company who is also on the board of directors of other companies) may 
have more than one filing agent and/or representatives at such 
companies who have access to her CIK, CCC, and EDGAR passphrase. 
Accordingly, it would be advisable for any such filer to designate one 
filing agent or company representative to enroll her EDGAR account and 
to then communicate such enrollment to the other filing agent(s) and/or 
company representatives. Such other filing agent(s) and/or company 
representatives may then be added as an account administrator, user, or 
delegated entity through the dashboard.
    After enrolling the filer, an account administrator could access 
the filer's dashboard. There, the account administrator, on behalf of 
the filer, would be able to add account administrators, users, and 
technical administrators, and delegate authority to file to other 
filers. Any individuals to be authorized on the filer's account would 
be required to possess individual account credentials.
b. Bulk Enrollment of Multiple EDGAR Accounts
    We plan to permit the simultaneous bulk enrollment of multiple 
EDGAR accounts, together with those filers' account administrators. We 
expect that filing agents, as well as individuals and entities that 
control multiple EDGAR accounts, would find this an efficient and time-
saving function.
    An individual authorized to enroll the relevant filer accounts 
would log in to an enrollment page on EDGAR with their individual 
account credentials. There, the individual would complete and upload a 
spreadsheet in a format to be specified that could accommodate multiple 
rows of data. Each row would pertain to a single existing filer. The 
individual would enter data for each filer on each row, including CIK, 
CCC, and EDGAR passphrase to ensure that enrollment is being performed 
by a properly authenticated individual. In addition, the individual 
would enter on each row information regarding the filer's prospective 
account administrators, including names, business contact information, 
and email addresses associated with the individual account credentials 
of the account administrators, to indicate that the filer authorizes 
those account administrators to manage its EDGAR account. Under the 
bulk enrollment method, two account administrators would be required 
for each filer (including individuals and single-member companies), in 
part due to logistical difficulties associated with simultaneously 
validating the minimum number of account administrators for multiple 
filers, and in part because we

[[Page 65543]]

expect that bulk enrollment would be used by larger filers and filers 
using filing agents likely to have at least two account administrators. 
We intend to set a limit of 100 existing filers (100 rows) per bulk 
enrollment.
    As discussed above, enrollment would only occur once per EDGAR 
account. Any additional changes that are needed to be made (e.g., 
adding additional account administrators) would have to be performed by 
the account administrators who had been added during the enrollment 
process. After the filer was enrolled, the account administrators could 
access the dashboard to add additional account administrators, users, 
technical administrators, and delegated entities.
3. Compliance
    We anticipate that the compliance period would start six months 
after the beginning of the Enrollment Period. In response to our 2021 
Request for Comment, commenters requested a transition period ranging 
from 12 months to three years.\102\ We considered those comments, and 
we believe that the transition process we are contemplating should 
provide sufficient opportunity for existing filers to transition to 
EDGAR Next. The transition process would include an initial, separate 
period during which individual account credentials could be 
established, as well as a six-month Enrollment Period during which 
filers would access the dashboard, authorize individuals in relevant 
roles, and make any needed delegations. We further contemplate 
providing a bulk enrollment option to allow enrollment of multiple 
filers simultaneously.
---------------------------------------------------------------------------

    \102\ See, e.g., McGuire Woods Comment Letter (recommending at 
least 12 months for individual filers, on the grounds that filers 
would need that time to create individual account credentials, 
enable multifactor authentication, and designate a filer 
administrator); DFIN Comment Letter (asserting that it could take 
12-18 months for filers to migrate, and recommending a 18-24 month 
transition period with longer lead times for smaller filers); 
Workiva Comment Letter (recommending a transition period of one 
year, and separately citing its own survey results indicating more 
than 66% of respondents indicated a transition period of one to 
three years would be appropriate).
---------------------------------------------------------------------------

    If the rule and form changes are adopted, and the related technical 
changes are to be implemented, we plan to provide an EDGAR Next 
Adopting Beta environment to allow commenters to evaluate and test the 
EDGAR Next changes, to prepare necessary software, and to assist filers 
in preparing for the changes.
    Existing EDGAR filers that fail to enroll by the compliance date 
would lose EDGAR access and would be required to reapply for EDGAR 
access on Form ID.
    If the Commission adopts the proposed rule and form changes, we 
expect that staff would provide additional support for filers 
transitioning to EDGAR Next, such as by posting practical information 
and guidance on the EDGAR--Information for Filers \103\ and EDGAR--How 
Do I \104\ pages on SEC.gov, as well as providing a devoted help desk 
to assist filers.
---------------------------------------------------------------------------

    \103\ See ``EDGAR--Information for Filers'' web page at https://www.sec.gov/edgar/filer-information.
    \104\ See ``EDGAR--How Do I'' FAQs at https://www.sec.gov/edgar/filer-information/how-do-i.
---------------------------------------------------------------------------

Requests for Comment
    31. Does the planned transition process adequately address the 
needs of filers and filing agents with regard to implementation of 
EDGAR Next? If not, what changes should be made to the transition 
process, and why?
    32. How long would it take existing filers to transition to EDGAR 
Next? As planned, the Enrollment Period would begin one month after 
adoption of the proposed rule and form changes. Is this a sufficient 
amount of time for filers to prepare for enrollment and, if not, why? 
Is an Enrollment Period of six months sufficient for filers to enroll 
their EDGAR accounts via manual or bulk enrollment and, if not, why? 
Should existing filers transition their EDGAR accounts on a specific 
schedule during the Enrollment Period (e.g., large filers must 
transition by date X, medium filers by date Y, etc.) or, as 
contemplated, should we allow filers to decide when to transition to 
EDGAR Next so long as they do so prior to the compliance date?
    33. We plan to require CIK, CCC, and EDGAR passphrase in order for 
both individual and bulk enrollments to be accepted by EDGAR. Would 
alternate credentials be more appropriate and, if so, what credentials 
should be used? In particular, are passphrases typically maintained by 
filing agents and, if not, how burdensome would it be for filing agents 
to obtain and maintain their clients' passphrases? In situations where 
filers no longer know their passphrases or those passphrases are no 
longer recognized in EDGAR, how burdensome would it be for filers to 
obtain new passphrases?
    34. Following enrollment, what notification, if any, should be 
provided to the existing EDGAR POC for the filer? Although filers are 
currently required to list a contact address, telephone number, and 
email address as part of their EDGAR contact information, we understand 
that many EDGAR filer accounts that were created before email addresses 
became mandatory never added an email address. Should we require 
acknowledgment or confirmation from the existing EDGAR POC to complete 
enrollment of an EDGAR filer account, or should completion of 
enrollment be delayed until a certain period of time has passed without 
objection from the existing EDGAR POC? If so, what should be the 
waiting period before enrollment could be completed, keeping in mind 
the interest of filers seeking to quickly transition to EDGAR Next?
    35. Should we permit the bulk enrollment of multiple EDGAR 
accounts, as planned? Are there particular steps the Commission should 
take to minimize risks associated with enrollment? For example, should 
the CCCs of enrolled filers be automatically reset as a security 
precaution after enrollment is accepted? If the CCC is automatically 
reset, what notification, if any, should be provided to the existing 
EDGAR contact for the filer?
    36. To what extent would bulk enrollment present logistical or 
other burdens for filers with multiple filing agents or unaffiliated 
third-party account administrators? For example, if the filer's CCC 
were automatically reset after bulk enrollment, to what extent could 
this cause confusion if the filer had multiple filing agents and some 
of them were inadvertently not included as account administrators in 
the bulk enrollment? Instead of the CCC being reset after enrollment, 
should the CCC be reset at the compliance date for each enrolled CIK?
    37. Are there any extenuating circumstances that would justify 
filers being exempted from having to enroll by the compliance date, or 
that would allow non-complying existing filers to maintain their EDGAR 
access following the compliance date? If so, please explain.

G. General Request for Comment and EDGAR Next Proposing Beta

    In conjunction with this proposing release, the Commission will 
make available an EDGAR Next Proposing Beta environment where filers 
may preview and test the planned EDGAR Next changes. The EDGAR Next 
Proposing Beta generally should allow filers to view how the proposed 
changes would be reflected in EDGAR. We currently anticipate that the 
EDGAR Next Proposing Beta will be available on or about September 18, 
2023, and will remain available for at least six months thereafter. Any 
filer may sign up to access the EDGAR Next Beta. The Commission will 
provide more information regarding the EDGAR Next

[[Page 65544]]

Proposing Beta through an information page on SEC.gov.
    We request and encourage any interested person to submit comments 
on any aspect of EDGAR Next, other matters that might have an impact on 
EDGAR Next, and suggestions for additional changes. Comments are of 
particular assistance if accompanied by analysis of the issues 
addressed in those comments and any data that may support the analysis. 
We urge commenters to be as specific as possible.
    In particular, we request comment on the following issues.
    38. Would the proposed rule and form changes facilitate the 
responsible management of EDGAR filer credentials? Are there additional 
changes that would encourage such responsible management? Would the 
changes create any undue burdens for filers? If so, how could the 
proposed rule and form changes be modified to ease such burdens? Are 
there any other concerns that the Commission should be aware of with 
implementation of EDGAR Next? Are there any conforming or parallel 
changes that the Commission should make to effectively implement EDGAR 
Next?
    39. Are there alternatives to the dashboard that we should 
consider? For example, are there alternative methods that would enable 
filers to take the same actions as they would using the dashboard that 
would be easier to implement or more user friendly? If so, what are 
those alternatives? Please be specific.
    40. In connection with the EDGAR Next changes, we intend to provide 
APIs as described above to make EDGAR submissions and to check EDGAR 
submission status and operational status. Are there alternatives that 
would better accomplish the objectives of secure, efficient, and 
automated machine-to-machine communication with EDGAR? If so, please 
describe.
    41. Are there any issues specific to certain types of filers that 
should be considered with regard to the EDGAR Next changes? For 
example, asset-backed securities (``ABS'') issuers, usually the 
depositor in an ABS transaction, often create one or more serial 
companies each year, each of which is a separate legal entity with its 
own CIK, even though each generally has the same contact information as 
the ABS issuer. Should new serial companies have their account 
administrator information automatically copied from the ABS issuer's 
account administrator information, so those account administrators 
could access the dashboards for those serial companies? Likewise, 
should other information be automatically inherited by new serial 
companies from the ABS issuer, such as the ABS issuer's contact 
information, users, and technical administrators (if any)? If so, in 
order to ensure that the ABS issuer has account administrator 
information and other information that could be copied to the new 
serial company, would there be any issues associated with requiring ABS 
issuers to have transitioned to individual account credentials before 
the ABS issuer can create new serial companies? To what extent are 
these concerns already addressed by the delegation function, given that 
delegation would allow filers to delegate the authority to file to 
another EDGAR account?
    42. Separately, should we allow the annual confirmations of 
administrators and users for an ABS issuer to also apply to the serial 
companies associated with that ABS issuer, if the same administrators, 
users, delegations, and corporate and contact information are 
associated with each serial company? Why or why not? If so, should we 
allow this more generally with regards to any situation where the same 
administrators, users, delegations, and corporate and contact 
information are associated with multiple CIKs? If some but not all of 
that information is identical for multiple CIKs (e.g., each CIK has a 
different P.O. box or email address listed for its business address), 
should we allow a single confirmation to apply to each of those CIKs 
and, if so, what validation if any should we apply to ensure that an 
account administrator has properly reviewed the CIK's administrators, 
users, delegations, and corporate and contact information?
    43. While ABS issuers have been able to create new CIKs, non-ABS 
related filers have attempted to use the process to create new CIKs 
without submitting a Form ID. Would ABS issuers be significantly 
impacted if the process were limited only to existing CIKs that have an 
EDGAR filing history that includes ABS-related filings (including but 
not limited to the following submission types and forms--ABS-EE, 10-K, 
ABS-15G, 10-D, SF-1, SF-3 and 424H)?
    44. Recent filing experience has shown that ABS issuers have not 
been using the ability to create new ABS serial companies ``on the 
fly'' when filing a 424H submission.\105\ If, as a result of EDGAR 
Next, the EDGAR system no longer supported creating ABS ``on the fly'' 
via filing either a 424H or 424B submission, would that cause any 
problems for ABS issuers? ABS issuers would continue to be able to 
create new CIKs for serial companies via the ``Request Asset-Backed 
Securities (ABS) Issuing Entities Creation'' option in the EDGAR Filing 
website (known in EDGAR as an ``ABSCOMP'' submission).\106\
---------------------------------------------------------------------------

    \105\ See generally ``EDGAR--How Do I'' FAQs at the section 
titled ``Create and obtain EDGAR access for asset-backed securities 
(ABS) issuing entities,'' available at https://www.sec.gov/page/edgar-how-do-i-create-and-obtain-edgar-access-asset-backed-securities-abs-issuing-entities#section3 (discussing the ``on the 
fly'' process).
    \106\ Id. (discussing the creation of ABS issuing entities).
---------------------------------------------------------------------------

    45. Currently, EDGAR permits certain filings to be submitted on 
behalf of multiple filers, who are treated as co-registrants for 
purposes of the filing. Would filers face difficulties in delegating to 
co-registrants or authorizing individuals to act as users or account 
administrators for both the filer and the co-registrant(s)? To what 
extent, if any, should the EDGAR Next changes provide special 
consideration or treatment for EDGAR submissions by co-registrants? For 
example, should the dashboard allow filers to designate other filers as 
``co-registrants'' similar to how filers would delegate other filers as 
delegated entities, except that filing authority would only exist with 
regards to co-registrant submissions (e.g., the co-registrant could not 
submit a filing solely on behalf of the filer)? If so, to what extent 
should co-registrants be treated differently from delegated entities 
(e.g., with regards to user groups, delegated admins, etc.)? 
Alternately, should a user or account administrator for a filer be able 
to submit a co-registrant filing jointly on behalf of the co-registrant 
by using the co-registrant's CIK and CCC (as is currently the case), 
without being a user or account administrator of the co-registrant? Why 
or why not? Please note that for purposes of EDGAR Next Proposing Beta, 
a filer will be able to submit a co-registrant filing by inputting the 
CCC and CIK of the co-registrant(s), as is currently the case.
    46. Should the Commission consider other changes to EDGAR filer 
access and account management processes in the future? Why? Please be 
specific.

IV. Economic Analysis

    The Commission is sensitive to the economic effects, including the 
costs and benefits, of its rules. The discussion below addresses the 
potential economic effects that may result from the rule and form 
amendments we are proposing in this release, and certain related 
technical changes, including the

[[Page 65545]]

benefits and costs to investors and other market participants as well 
as the broader implications of the EDGAR Next project for efficiency, 
competition, and capital formation.\107\
---------------------------------------------------------------------------

    \107\ Section 2(b) of the Securities Act (15 U.S.C. 77b(b)), 
section 3(f) of the Exchange Act (17 U.S.C. 78c(f)) and section 2(c) 
of the Investment Company Act (15 U.S.C. 80a-2(c)) require the 
Commission, when engaging in rulemaking where it is required to 
consider or determine whether an action is necessary or appropriate 
in (or, with respect to the Investment Company Act, consistent with) 
the public interest, to consider, in addition to the protection of 
investors, whether the action will promote efficiency, competition, 
and capital formation. Further, section 23(a)(2) of the Exchange Act 
(17 U.S.C. 78w(a)(2)) requires the Commission, when making rules 
under the Exchange Act, to consider the impact that the rules will 
have on competition, and prohibits the Commission from adopting any 
rule that would impose a burden on competition not necessary or 
appropriate in furtherance of the purposes of the Exchange Act. The 
technological changes contemplated by EDGAR Next would work together 
with the proposed rule and form amendments to enhance EDGAR access 
requirements. Because it is difficult to isolate the economic 
effects associated with the technological changes from those 
attributable solely to the proposed rule and form amendments, for 
purposes of this economic analysis, we have considered these effects 
collectively.
---------------------------------------------------------------------------

A. Introduction

    Individuals and entities submit filings electronically with the 
Commission through EDGAR in order to comply with various provisions of 
the Federal securities laws. Filings on EDGAR are not currently linked 
to a specific individual authorized by the filer. EDGAR access codes 
represent a complex combination of several codes with differing 
functions.\108\ This access method is not aligned with standard access 
processes and is hard to monitor and manage. The Commission is also 
aware that some filers may have failed to maintain secure access to 
their EDGAR accounts.\109\
---------------------------------------------------------------------------

    \108\ See supra note 26.
    \109\ See supra note 27.
---------------------------------------------------------------------------

    The changes contemplated by EDGAR Next would modernize the 
mechanism by which filers and designated individuals acting on filers' 
behalf obtain access to EDGAR, streamline the management of filers' 
accounts, and offer three optional APIs that would allow filers to 
interface with the EDGAR system. EDGAR Next would benefit both the 
Commission and filers by enabling the Commission to identify specific 
individuals making filings on behalf of filers and by simplifying 
procedures for accessing EDGAR in a way that allows filers to leverage 
the Commission's web function to reduce cost. Enhancing the security of 
EDGAR would better protect against unauthorized access to the EDGAR 
system thereby decreasing the likelihood of unauthorized filings 
impacting the market and potentially imposing economic and reputational 
costs on the public, the filer, and the Commission.
    As discussed in greater detail in Section III above, EDGAR Next 
would:
     Offer a dashboard where filers would manage their EDGAR 
accounts and where individuals that filers authorize could take 
relevant actions for filers' accounts.
     Require each filer to authorize and maintain individuals 
as its account administrators to act on behalf of the filer to manage 
the filer's EDGAR account in accordance with the EDGAR account access 
and account management requirements set forth in this proposal and the 
EDGAR Filer Manual. Only those individuals who obtained individual 
account credentials could be authorized to act on the filer's behalf to 
manage its EDGAR account.
     Require each filer, through its authorized account 
administrators, to confirm annually that all account administrators, 
users, delegated entities, and technical administrators reflected on 
the dashboard for the filer's EDGAR account are authorized by the filer 
and that all information regarding the filer is accurate (generally 
including the filer's corporate and contact information).
     Require each filer, through its authorized account 
administrator(s), to maintain accurate and current information on EDGAR 
concerning the filer's account, and securely maintain information 
relevant to the ability to access the filer's EDGAR account.
     Allow individuals designated as account administrators to 
file on EDGAR on the filer's behalf and authorize other individuals as 
users to file.
     Allow filers to authorize delegated entities to file on 
their behalf. Delegated entities would be subject to the same 
requirements applicable to all filers.
     Offer optional APIs for machine-to-machine submissions and 
retrieval of related filing information. Require filers who opt to use 
the APIs to, through their account administrator(s), authorize at least 
two technical administrators to manage the technical aspects of the 
APIs.
     Amend Rules 10 and 11 under Regulation S-T and Form ID to 
codify the above requirements for filers, to add and define new terms 
as part of this proposal, and to capture additional information during 
the application for EDGAR access, respectively.
    The discussion below addresses the potential economic effects of 
the EDGAR Next changes, including the likely benefits and costs, as 
well as the likely effects on efficiency, competition, and capital 
formation. At the outset, we note that, where possible, we have 
attempted to quantify the benefits, costs, and effects on efficiency, 
competition, and capital formation expected to result from the 
contemplated changes. In many cases, however, the Commission is unable 
to quantify certain economic effects because it lacks the information 
necessary to provide estimates or ranges. In those circumstances in 
which we do not have the requisite data to assess the impact of the 
EDGAR Next changes, we have analyzed their economic impact 
qualitatively.

B. Baseline

    The current set of requirements to obtain access to and file on the 
Commission's EDGAR system, as well as the account management practices 
as they exist today, serve as the baseline from which we analyze the 
economic effects of the EDGAR Next changes. Filers are comprised of any 
individuals and entities that make a submission electronically through 
EDGAR. For example, directors and executives of many public companies 
have reporting obligations under section 16 of the Securities Exchange 
Act of 1934.\110\ Entities consist of public operating companies, 
investment companies, broker-dealers, transfer-agents, and other 
institutions who have filing obligations with the Commission. The 
parties directly affected by EDGAR Next are current and prospective 
filers as well as relevant individuals or entities acting on filers' 
behalf. In 2022, the Commission received approximately 79,457 Form ID 
submissions.\111\ From 2018 to 2022, an average of approximately 62,061 
Form IDs were submitted per year to the Commission.\112\
---------------------------------------------------------------------------

    \110\ See 15 U.S.C. 78p.
    \111\ This number includes 69,651 applications from prospective 
filers without CIKs, 9,390 applications from filers who had lost 
EDGAR access and were seeking to regain access to EDGAR (currently 
submitted as passphrase updates, but under the proposal would be 
submitted on Form ID), and 416 applications from filers with CIKs 
who had not yet filed electronically on EDGAR.
    \112\ Similarly, this number includes applications from 
prospective filers without CIKs, applications from filers who had 
lost EDGAR access and were seeking to regain access to EDGAR 
(currently submitted as passphrase updates, but under the proposal 
would be submitted on Form ID), and applications from filers with 
CIKs who had not yet filed electronically on EDGAR.
---------------------------------------------------------------------------

    Individuals and entities who seek to file on EDGAR apply for access 
in accordance with Rule 10 of Regulation S-T by completing Form ID, the 
uniform application for access codes to file on EDGAR.\113\ Form ID 
currently

[[Page 65546]]

collects the applicant's contact information, along with the 
applicant's EDGAR POC. Upon approval, the filer receives a unique CIK, 
and the EDGAR POC generates access codes (including a password), using 
their CIK and passphrase from the Filer Management website, which 
allows the filer to make submissions on its EDGAR account. EDGAR filers 
are required to renew their EDGAR password annually. Currently, EDGAR 
system access has not incorporated multi-factor authentication to 
validate individuals accessing EDGAR and simplify password retrieval. 
Additionally, the Commission has no systematic way to determine with 
whom the filer has shared EDGAR access codes, or when the filer has 
revoked authorization. Filers are responsible for safeguarding their 
access codes and monitoring the number of individuals authorized to 
receive the codes.\114\ Certain filers and filing agents currently 
devise their own internal systems to track who possesses their EDGAR 
access codes. Because the Commission does not collect the personal 
information of the specific individual who makes the submission, nor 
does the Commission issue identifying credentials to individuals acting 
on behalf of filers when filings are submitted, the Commission is 
currently unable to match filings to specific individuals who made the 
filings. EDGAR receives a large volume of filings, typically more than 
500,000 per calendar year, and has approximately 220,000 active filers, 
of which approximately 149,000 represent entities and approximately 
71,000 represent individuals.\115\
---------------------------------------------------------------------------

    \113\ See supra note 23.
    \114\ See supra note 27.
    \115\ See supra note 100.
---------------------------------------------------------------------------

    The majority of Commission filings are made by filing agents on 
behalf of their client filers.\116\ Certain filing agents and filers 
use proprietary custom software to interface with EDGAR to mimic a 
machine-to-machine submission process and eliminate the need for 
individual human web-based interaction with the EDGAR filing websites. 
To create this custom software, data are extracted from the EDGAR 
filing websites and the custom software is configured to mimic a web-
based interaction. This model of interaction with EDGAR requires 
frequent maintenance, however, since whenever EDGAR filing websites 
change their content or structure, those changes impact the custom 
software. Although Commission staff does not provide technical or other 
support for custom software for interaction with EDGAR, staff seeks to 
minimize filing disruptions and strives to provide notice to filers 
prior to making website changes. As a result, however, technical 
changes (e.g., maintenance, updates, etc.) to be implemented in EDGAR 
may be slowed by the fact that staff has to consider downstream custom 
software configurations.
---------------------------------------------------------------------------

    \116\ See supra note 28.
---------------------------------------------------------------------------

C. Consideration of Benefits and Costs as Well as the Effects on 
Efficiency, Competition, and Capital Formation

1. Benefits
    The EDGAR Next changes seek to enhance the security of EDGAR, 
improve filers' ability to securely manage and maintain access to their 
EDGAR accounts, facilitate the responsible management of filer 
credentials, and simplify procedures for accessing EDGAR. EDGAR Next 
aims to improve access by filers and enhance security by identifying 
individuals who submit filings on EDGAR. Improving access by filers and 
the security of EDGAR may increase the accuracy of submissions to the 
Commission and thereby the quality of the information available on 
EDGAR, thus also improving regulatory oversight. After an initial setup 
burden described below,\117\ these changes could potentially reduce the 
burden for reporting entities because modernizing the EDGAR filing 
regime could improve the accuracy and efficiency of filing preparation. 
Additionally, the improved accuracy and efficiency of the filings 
submitted to the Commission could reduce the costs associated with 
receiving and processing such submissions, in part by reducing the 
time, processing, and search costs, and accordingly aid the 
Commission's examination and oversight functions. An increase in the 
accuracy and quality of submissions would boost the efficiency of the 
Commission's document review, processing, and quality assurance. 
Further, the public would generally benefit from the implied increase 
in informational efficiency resulting from EDGAR Next changes as they 
use EDGAR filings for investment decisions.
---------------------------------------------------------------------------

    \117\ See infra Section IV.C.2.
---------------------------------------------------------------------------

    EDGAR Next would impose new requirements on existing filers, 
relevant individuals acting on their behalf, and applicants for EDGAR 
access. These requirements are designed to enhance the security of 
EDGAR, and prevent the unauthorized access to information and systems 
by: (1) identifying and authenticating individuals accessing EDGAR; (2) 
requiring filers to authorize account administrators to manage their 
accounts; (3) providing an account management dashboard to simplify the 
management of EDGAR accounts and facilitate account administrators in 
their compliance; (4) requiring filers, through their account 
administrators, to annually confirm the individuals with roles on the 
filer's dashboard, and to maintain accurate and current information on 
EDGAR concerning the filer's account while securely maintaining 
information relevant to access the filer's EDGAR account; and (5) 
providing a machine-to-machine solution for filers to interface with 
EDGAR.
a. Individual Account Credentials
    The amendments to Rule 10 would provide that filers may only 
authorize individuals on the dashboard if those individuals have 
obtained individual account credentials in a manner to be specified in 
the EDGAR Filer Manual. The Commission also anticipates requiring 
multi-factor authentication (which we anticipate would be performed 
through Login.gov).\118\ We believe that by imposing the requirement to 
require individual account credentials for the individuals accessing 
the dashboards for all existing and prospective EDGAR filers, EDGAR 
Next would generally improve the security of the EDGAR system in three 
different ways. First, this requirement would eliminate the need for 
filers to share their EDGAR access codes with various individuals 
acting on behalf of the filer, reducing the likelihood of an 
unauthorized individual gaining access to the filer's account. For 
example, a personnel change or management reorganization at the filer 
could create a situation where previously authorized filing agents or 
former employees of the filer lose their privileges, but still possess 
the EDGAR access codes. The risk of unauthorized access is heightened 
when there is no internal method of tracking possession of EDGAR access 
codes. Second, individual account credentials provide a means of 
associating any given filing with the particular individual who 
submitted such filing. The ability to associate the relevant 
individuals to the filings they submitted would benefit the Commission 
and the filer in resolving issues with problematic filings. Third, 
individual account credentials would provide an additional layer of 
validation with the anticipated requirement of multi-factor 
authentication that would

[[Page 65547]]

require users to present a combination of two or more credentials for 
access verification, thereby strengthening identity verification and 
the security of access to EDGAR.\119\
---------------------------------------------------------------------------

    \118\ In connection with the proposed amendments, the Commission 
also proposes to amend Rule 11 under Regulation S-T, ``Definitions 
of terms used in this part,'' to add and define new terms as part of 
this rulemaking, and update the definitions of existing terms as 
needed.
    \119\ See supra text following note 59.
---------------------------------------------------------------------------

b. Account Administrators
    The proposed amendments to Rule 10 also would require filers to 
authorize account administrators to act on the filers' behalf to manage 
their accounts. Currently, anyone who possesses a filer's access codes 
can make a filing on that filer's EDGAR account. If the codes are 
shared or left unprotected by the people who have them, they may be 
obtained by someone who could use them to make an unauthorized filing, 
and neither the filer nor Commission staff would be able to easily 
trace the unauthorized filing through EDGAR to the individual who made 
it. Under EDGAR Next, account administrators would improve the security 
of EDGAR because account administrators would oversee and monitor the 
filer's account. Account administrators would have the ability to 
authorize, remove authority, and track all individuals acting on the 
filer's behalf, thereby reducing the risk of unauthorized access to the 
filer's account. The account administrator's monitoring of the filer's 
account would allow for prevention and timely detection of potential 
harms resulting from unauthorized access. It is difficult to quantify 
the potential benefits to filers of these aspects of the proposed 
changes because they would depend, in part, on the security risks faced 
by filers and the effectiveness of their existing systems to protect 
against unauthorized use of EDGAR access codes.
    Individual filers and filers who are single-member companies would 
be required, under proposed Rule 10(d)(2), to authorize and maintain at 
least one account administrator. The designation of account 
administrators would also help facilitate communication between filers 
and the Commission, thus reducing the risk of possible interruptions in 
filer EDGAR activities. Currently, filers designate a point of contact 
on their Form ID to enable communication with the Commission. 
Correspondence between the Commission and the EDGAR POC regarding the 
filers' account activities may be delayed in the event that the EDGAR 
POC is no longer associated with the filer, because the filer may not 
update their EDGAR POC information with the Commission. All filers who 
are not individuals or single-member companies would be required to 
authorize and maintain at least two account administrators. The minimum 
requirement of two account administrators would lower the likelihood of 
the previously mentioned scenario. In addition, though the current 
EDGAR POC receives the access codes on behalf of the filer, he is not 
necessarily authorized to act on behalf of the filer. Under EDGAR Next, 
the account administrator, on behalf of the filer, would oversee all 
other designated roles and would be responsible for the management of 
the filer's account.
c. Dashboard
    Commission staff is also aware that certain filers and filing 
agents currently have internal systems that track which individuals 
possess their EDGAR access codes. The cost to these filers in 
transitioning to the dashboard would be the same as if they did not 
have an internal system. We can infer that the cost to these filers 
would be less on an ongoing basis if they use the dashboard instead of 
their current system due to the elimination of ongoing maintenance 
costs for their system. Moreover, the dashboard would offer the 
advantage of being a uniform system for all filers that additionally 
allows Commission staff visibility into individuals authorized to act 
for the filer. This additional qualitative benefit is not present for 
current filer internal tracking systems. Furthermore, filers without a 
system for tracking individuals in possession of EDGAR codes currently 
would be afforded a tool to do so through EDGAR, thereby facilitating 
compliance with their existing and proposed obligation to securely 
maintain access to their accounts.
    As proposed, Rule 10(d)(6) essentially codifies the current 
requirement for a filer to securely maintain its EDGAR access codes. 
Under the proposal, filers, through their account administrators, would 
be required to securely maintain information relevant to the ability to 
access their EDGAR accounts. Access to the dashboard would require 
individual account credentials, completion of the anticipated 
requirement of multi-factor authentication steps, and authorization 
from account administrators. Because of these security features, 
individuals in designated roles on the dashboard could safely access 
the CCC code to file on behalf of the filers.\120\ This added security 
feature would eliminate the need to share the CCC codes with various 
individuals thus minimizing the risk of unauthorized access.
---------------------------------------------------------------------------

    \120\ See supra note 26.
---------------------------------------------------------------------------

    Additionally, the dashboard functionality of EDGAR Next would 
provide time and labor efficiencies in managing filers' EDGAR accounts, 
while facilitating compliance with the proposed rule requirements:
    First, the dashboard would have a flexible user interface that 
would provide time and labor efficiencies to account administrators by 
facilitating the management of filers' EDGAR accounts, and compliance 
with the proposed changes. Through the dashboard's interface, an 
account administrator would have access to readily available 
information that would facilitate compliance with proposed Rule 
10(d)(4), assist in tracking those authorized to file on EDGAR, and 
provide an opportunity for account administrators to confirm the 
accuracy of all information contained on the dashboard. Furthermore, 
through the dashboard's interface, account administrators could add an 
individual as a user, account administrator, or technical administrator 
for an EDGAR account on the dashboard. Additionally, using API tokens 
as a method of authentication would eliminate the need for manual 
individual account credential multi-factor authentication. This would 
decrease the time required to submit filings, facilitate the ability to 
pre-schedule and perform bulk filings, and reduce the potential for 
error due to manual processing and the risk of missing deadlines. 
Moreover, through the dashboard's interface, account administrators 
could generate a CCC for newly issued CIKs. The CCC would be securely 
saved in the dashboard visible to all authorized account administrators 
and users. The CCC would remain as the code required for filing in the 
account.
    Second, the dashboard would provide additional time and labor 
efficiencies through the user groups feature. This functionality would 
particularly benefit delegated entities in managing multiple users and 
multiple filers' delegations of authority. EDGAR Next would allow up to 
500 users per filer, and delegated users would be able to make 
submissions on behalf of the delegating filer. Assigning multiple users 
on an individual basis to a given filer would be time consuming and 
labor intensive, which would be detrimental to filers when they may 
need to make time-sensitive filings. The user group feature would 
streamline that process and allow delegated entities to assign multiple 
users to a specific filer at once. The dashboard would harness the 
benefits of technology and modernize the EDGAR access and management 
functions while providing filers the flexibility to adapt to changes 
rapidly, which is significant particularly in scenarios that could 
negatively impact filing times.

[[Page 65548]]

    The institution of the user role would particularly benefit large 
filers or filing agents submitting multiple forms, for multiple 
entities. Allowing up to 500 users per filer would increase the 
likelihood of filling success for large filers and filing agents by 
providing these entities flexibility in assigning multiple users to 
various user-groups. Users would be able to remove themselves as a user 
for a given filer, thereby facilitating the maintenance of updated 
dashboard information that would benefit all affected parties.
d. Proposed Rules 10(d)(4), (d)(5), and (d)(6)
    The proposed Rules 10(d)(4), (d)(5), and (d)(6) would require the 
filer, through its authorized account administrators: to annually 
confirm that all individuals reflected on the dashboard for the filer's 
EDGAR account are authorized by the filer and that all information 
regarding the filer on the dashboard is accurate; to maintain accurate 
and current information about the filer on EDGAR; and to securely 
maintain information relevant to the ability to access the filer's 
EDGAR account. It would assist the filer in tracking and confirming 
those individuals and delegated entities authorized to act on behalf of 
the filer, and to remove those no longer authorized. Confirming the 
accuracy of individuals authorized to act on behalf of filers while 
ensuring the safeguard of account access related information would 
enhance the security of EDGAR by reducing the risk of unauthorized 
access therefore reducing the likelihood of unauthorized filings. The 
Commission preliminarily believes that to the extent that the risk of 
unauthorized access is reduced, taking measures that may prevent 
unauthorized filings is inherently more efficient than remediating the 
consequences of such events after it occurred.
    Additionally, failure to perform the annual confirmation of the 
information on the dashboard would result in the deactivation of the 
filer's access and the removal of individuals from the filer's account 
upon deactivation. Failure to perform annual confirmation could signal 
that the account has been abandoned. Deactivation would further benefit 
filers and all individuals associated with the filer's account by 
protecting their information listed on the dashboard. Proposed Rule 
10(d)(5) is analogous to the current requirements to securely maintain 
EDGAR access and to maintain accurate company information on 
EDGAR.\121\ Ensuring the accuracy of filer's relevant information 
contained in EDGAR would increase the reliability of such available 
information and thus would enhance the Commission's oversight 
capabilities, which benefits both the Commissions and the public. 
Furthermore, accurate and reliable EDGAR information would benefit the 
filer by facilitating a timelier remediation of problematic filings.
---------------------------------------------------------------------------

    \121\ See supra note 88.
---------------------------------------------------------------------------

e. Optional APIs
    In connection with the EDGAR Next changes, the Commission would 
provide optional APIs that would permit filers to interface on a 
machine-to-machine basis with the EDGAR platform. These APIs would 
benefit filers and the Commission by automating filers' connection to 
EDGAR for submission and retrieval of certain filing-related data and 
by reducing network traffic to the Commission. The Commission would 
offer three APIs: a submission API, a submission status API, and an 
operational status API.
    With respect to the process for submissions, the submission API 
would benefit filers by allowing for more secure submissions since 
prior to using the APIs, the filer's technical administrator would be 
required to generate a filer API token to authenticate the filer, and 
the user would be required to generate a user API token to authenticate 
the user. The API tokens would be confidential and generated through 
the dashboard. The above requirements would provide additional 
assurance that the user is indeed authorized to submit the relevant 
filing.
    The APIs would further streamline the submission and retrieval 
process since the use of APIs and user tokens would allow automated 
server-to-server authentication without the need for manual login and 
multi-factor authentication. As mentioned before, many filing agents' 
software use web scraping to retrieve information from EDGAR for filing 
purposes and to make submissions. Though widely used, scraping depends 
on the underlying structure of the external web page being scraped. 
Thus, any minor changes to the underlying structure of the EDGAR 
websites could impact the filers' software. The APIs would provide a 
more reliable way for filers to interact with EDGAR since future 
changes to EDGAR would likely not impact filers' software.
    Further, the submission status API would allow filers to assess 
information regarding submission status via machine-to-machine 
communication. The submission status API would allow filers and filing 
agents to use their filing application to simultaneously check the 
status of multiple EDGAR submissions in a batch process as opposed to 
individually checking the submission status of each submission after 
manually logging into EDGAR. The submission status API would increase 
the likelihood that the Commission receives submissions promptly by 
limiting the risk of a failed submission through early communication 
with the filers or their authorized representatives, benefiting the 
Commission, filers and filing agents. An increase in the certainty and 
timeliness of submission boosts the overall information quality of the 
EDGAR system.
    By opting to use the APIs, filers would further benefit by using 
direct machine-to-machine connections that would be approved and 
maintained by the Commission (as opposed to current third-party custom 
applications). As described in Sections III.D.2 and 3, filers and 
filing agents, as well as those using third-party custom applications 
continuously interact with the EDGAR system inquiring as to the status 
of submissions, or the operating status of EDGAR. Such inquiries into 
EDGAR create significant network traffic. For example, this network 
traffic could be more severe in the case of a large filing agent 
checking the status of multiple submissions. Instead of manually 
logging into EDGAR and individually checking the status of each 
submission, the submission status and operational status APIs would 
benefit the Commission and filers by allowing filers to simultaneously 
check the status of multiple submissions in a batch process as opposed 
to checking the status of each submission individually, thereby 
reducing network traffic created when filers are repeatedly requesting 
the status of their submissions, or the operational status of EDGAR.
    Additionally, a filer who opts to use APIs would be required to 
authorize at least two technical administrators, and would be allowed a 
maximum of ten technical administrators to facilitate communication 
with the Commission on API-related technical issues. This would reduce 
the chance that filers' API access would be interrupted for any 
unforeseen technical issues.
2. Costs
    We believe that the costs associated with EDGAR Next would 
primarily result from compliance costs borne by filers as described in 
the Paperwork Reduction Act (``PRA'') analysis below, associated costs 
to comply with new

[[Page 65549]]

Rule 10 requirements, and the one-time burden for filers to adjust 
their internal filing application software to interface with the 
APIs.\122\ While filers are not currently subject to analogous specific 
requirements regarding access, they are nevertheless subject to the 
same general requirements regarding securely maintaining EDGAR access 
codes and limiting the number of persons who possess the codes.
---------------------------------------------------------------------------

    \122\ See infra Section V.
---------------------------------------------------------------------------

    The proposed additional disclosure requirements for Form ID would 
entail certain incremental compliance costs.\123\ For example, filers 
are already subject to the disclosure requirements of Form ID and under 
EDGAR Next we estimate for purposes of the PRA that Form ID's burden 
hours would increase by 0.3 burden hours.\124\ Collectively, we 
estimate the burden to all filers to comply with the proposed 
amendments to Form ID would be 47,674 hours per year.\125\ Filers would 
also incur labor costs associated with authorizing account 
administrators, along with fees associated with authorized individuals 
granting powers of attorney to designated individuals and delegated 
entities if those individuals being designated as account 
administrators are not employees of the filer. However, such costs 
would be mitigated by the six-month enrollment period of EDGAR Next, 
which would allow existing and prospective filers to enroll their 
account administrators without submitting a Form ID. Other costs that 
could arise from the proposal would stem from a filer's failure to 
perform, through its authorized account administrator, the required 
annual confirmation pursuant to proposed Rule 10(d)(4). Failure to 
perform the annual confirmation of the information on the dashboard 
would result in the deactivation of the filer's access, and the removal 
of individuals associated with the filer's account upon 
deactivation.\126\ Filers would incur an additional burden of 
submitting a new Form ID application to regain access to file on EDGAR, 
and re-issuing invitations to any technical administrators, users, and 
technical administrators associated with their account prior to 
deactivation. However, these costs would potentially be mitigated by 
EDGAR's multiple notices of the impending confirmation deadline to 
account administrators on the dashboard and by email.\127\
---------------------------------------------------------------------------

    \123\ See infra Section V.
    \124\ See infra note 140.
    \125\ See infra note 141141.
    \126\ See supra note 71.
    \127\ See supra note 70.
---------------------------------------------------------------------------

    The Commission would further ease the transition for filers by 
allowing relevant individuals of the filer to submit bulk enrollment of 
up to 100 filers and their account administrators. This would 
particularly benefit large filing agents enrolling multiple accounts by 
saving time and labor costs. The dashboard would require filers to 
incur costs to set up their accounts, as set forth in the PRA, and 
would require some period of time to maintain accurate and current 
information on EDGAR, confirm annually on EDGAR that all users, account 
administrators, technical administrators, and/or delegated entities 
reflected on the dashboard for the filer's EDGAR account are authorized 
by the filer, and that the filer's information on the dashboard is 
accurate, and securely maintain relevant account access information, 
largely depending on the number of users the filer authorizes and the 
amount of turnover of relevant personnel.\128\ We recognize that due to 
these factors, the burden incurred would vary across filers. Filers 
with a large number of users and significant turnover would likely 
spend a greater amount of time managing their dashboard accounts. And 
filers with few users and little turnover would likely have infrequent 
need to manage individuals on the dashboard. Similarly, larger filers 
managing multiple CIKs would spend more time performing their required 
annual confirmation, and thus would incur a higher associated 
compliance cost associated. For purposes of the PRA, we estimate that, 
on average, each filer would incur one burden hour per year managing 
their account in the dashboard.\129\
---------------------------------------------------------------------------

    \128\ See infra Section V.B.
    \129\ See infra text preceding note 142.
---------------------------------------------------------------------------

    Collectively, we estimate the burden to all filers to comply with 
the proposed new dashboard requirements would be 220,000 hours per 
year.\130\ However, such burden would be mitigated by active 
notifications and other efficiencies provided by the dashboard as an 
account management tool.
---------------------------------------------------------------------------

    \130\ See infra note 143143.
---------------------------------------------------------------------------

    Filers or filing agents who choose to use the optional APIs would 
incur a one-time cost to adjust their internal software systems to the 
new EDGAR APIs. Given that the APIs are optional, filers would 
presumably incur this cost to the extent that the benefits of using the 
APIs are expected to exceed the cost of doing so. Further, for filers 
who substitute the optional APIs for custom filing software, the cost 
of adjusting internal software systems to use the new EDGAR APIs would 
be mitigated by the elimination of current ongoing maintenance costs 
associated with adjusting their custom software each time EDGAR 
undergoes changes. The costs of developing software to use the APIs 
would not apply to filers who do not generally utilize custom filing 
software, as these filers could continue using the EDGAR websites to 
submit their filings. We have observed that small filers typically do 
not utilize custom filing software and we expect they will generally 
not incur these costs. Furthermore, the Commission would make available 
an EDGAR Next Beta to facilitate a smooth transition process for all 
affected parties.
    We further estimate the direct costs to filers or filing agents 
associated with the proposed optional API requirements, including time 
and personnel costs to build a filing application integrated with all 
functions to successfully connect to the EDGAR APIs. Depending on their 
existing software, complexity of their application and individual 
business models, among other factors, these expenses are likely to vary 
across filers. Based on Commission experience from developing EDGAR 
Next the total estimated cost per filer for filing applications to 
connect to an EDGAR API by an external programmer analyst would range 
from $31,104 \131\ for filers with a preexisting filing application to 
$38,880 assuming the filers do not have a preexisting filing 
application.\132\ The total estimated burden hours for filers 
developing their application internally

[[Page 65550]]

would range between 96 burden hours \133\ and 120 burden hours.\134\
---------------------------------------------------------------------------

    \131\ An outside Senior Programmer Analyst salary range 
(national averages) is available from www.payscale.com. Using data 
from the 75th percentile, adjusting for a 1,800 hour work year, and 
multiplying by the 5.35 factor which normally is used to include 
benefits but here is used as an approximation to offset the fact 
that New York salaries are typically higher than the rest of the 
country, the result is $324 per hour. The estimate of $31,104 is 
based on the following calculation: $5,184 to simply connect an 
existing filing application to the API (16 hours = 2 days x 8 hours 
per day for a Senior Programmer Analyst at a rate of $324/hour) + 
$25,920 (80 hours = 2 weeks x 5 days per week x 8 hours per day for 
a Senior Programmer Analyst at a rate of $324/hour to configure the 
filing application correctly to be able to use the API).
    \132\ An outside Senior Programmer Analyst salary range 
(national averages) is available from www.payscale.com. Using data 
from the 75th percentile, adjusting for a 1,800 hour work year, and 
multiplying by the 5.35 factor which normally is used to include 
benefits but here is used as an approximation to offset the fact 
that New York salaries are typically higher than the rest of the 
country, the result is $324 per hour. The estimate of $38,880 is 
based on the following calculation: $12,960 to create a new filing 
application and connect it to the API (40 hours = 5 days x 8 hours 
per day for a Senior Programmer Analyst at a rate of $324/hour) + 
$25,920 to configure the filing application correctly to be able to 
use the API (80 hours = 2 weeks x 5 days per week x 8 hours per day 
for a Senior Programmer Analyst at a rate of $324/hour).
    \133\ The estimate is based on the following calculation: 16 
hours to simply connect an existing filing application to the API by 
a Senior Programmer Analyst (16 hours = 2 days x 8 hours per day) + 
80 hours (80 hours = 2 weeks x 5 days per week x 8 hours per day) 
for a Senior Programmer Analyst to configure the filing application 
correctly to be able to use the API.
    \134\ This estimate is based on the following calculation: 40 
hours to create a new filing application and connect it to the API 
(40 hours = 5 days x 8 hours per day) + 80 hours to configure the 
filing application correctly to be able to use the API (80 hours = 2 
weeks x 5 days per week x 8 hours per day).
---------------------------------------------------------------------------

    Filers who choose to use the APIs would also incur the additional 
cost of authorizing two technical administrators to manage the 
technical aspects of the APIs. We do not expect that filers would need 
to hire new employees to fill the technical administrator role since 
the primary responsibilities for the technical administrator are to 
generate the filer API token on an annual basis and securely store it 
within a filer's application. For purposes of the PRA, we estimate that 
filers would incur a burden of one hour per year per CIK with respect 
to the technical administrators' responsibilities, depending on 
security standards imposed by the filer or filing agent.\135\
---------------------------------------------------------------------------

    \135\ See infra note 143 and accompanying text 141.
---------------------------------------------------------------------------

3. Effects on Efficiency, Competition, and Capital Formation
    EDGAR Next would increase the efficiency of filings and filing 
preparation by improving the accuracy of submissions and improving 
regulatory oversight into filings. The Commission preliminarily 
believes that enhancements to EDGAR security from the proposed EDGAR 
Next changes may improve efficiency by minimizing the risk of 
unauthorized access thus reducing the likelihood of unauthorized 
filings. Facilitating access and improving the tracking mechanism of 
who files on EDGAR would increase public confidence in the large amount 
of information submitted through EDGAR. Moreover, an increase in the 
accuracy and timeliness of processing submissions would boost the 
efficiency of the Commission's document review, processing, and quality 
assurance.
    Enhancing the security of EDGAR would better protect against 
unauthorized access to the EDGAR system, thereby reducing the 
possibility of unauthorized filings that could have a distorting impact 
on the market. Strengthening filing security could marginally increase 
investor confidence and promote effective and well-functioning capital 
markets. The public would generally benefit from the implied increase 
in informational efficiency resulting from the improved accuracy and 
timeliness of processing submissions, as they use EDGAR filings for 
investment decisions. Overall, however, we do not expect the EDGAR Next 
changes to have a significant effect on capital formation because the 
contemplated security enhancements would not necessarily change market 
price fundamentals.
    As discussed above, because the EDGAR Next changes would 
potentially increase the compliance requirements for filers, they could 
result in an increased demand for delegated entities to the extent that 
delegated entities find it profitable. This might increase competition 
among delegated entities, resulting in lower fees for filers with 
delegated entities. We cannot assess the relative likelihood of the 
above competitive effects among delegated entities because we are 
unable to estimate how many filers would choose to use delegated 
entities as a result of the proposal.

D. Reasonable Alternatives

1. Require Personally Identifiable Information in Addition to 
Individual Account Credentials
    The proposed amendments would require all filers and relevant 
individuals acting on filers' behalf to obtain their individual account 
credentials prior to being authorized for any EDGAR Next role. 
Alternatively, the Commission could require that U.S.-based individuals 
provide certain personally identifiable information (``PII'') in 
addition to individual account credentials. Compared to the proposed 
amendments, while requiring PII from U.S.-based individuals and 
companies may result in a higher identity assurance level for U.S.-
based persons, it would not achieve the same benefit for foreign 
individuals. Foreign individuals use different forms of PII, including 
different identifying documents, which makes it inherently difficult 
for a single vendor (database) to reliably identify everyone in the 
world. Additionally, the costs to the Commission of acquiring and 
safeguarding PII would exceed the benefits of doing so. Thus, this 
alternative would represent an extra burden to U.S.-based filers and 
individuals acting on their behalf, as well as the Commission.
2. Requirements for Individual and Small Filers
    EDGAR Next would apply to all prospective and existing filers 
regardless of size. As an alternative, the Commission could simplify 
compliance requirements designed to address resource constraints of 
small entities. For example, the Commission could consider exempting 
small filers from proposed Rule 10(d)(4) that would require filers, 
through their authorized account administrators, to confirm annually 
that all account administrators, users, and delegated entities, and 
technical administrators reflected on the dashboard for the filer's 
EDGAR account are authorized by the filer and that all information 
regarding the filer on the dashboard is accurate. Further, the 
Commission could exempt small filers from proposed Rule 10(d)(1), and 
instead allow small filers to independently develop practices and 
recordkeeping to track individuals acting on their behalf and safeguard 
their account access codes. To the extent that simplifying these 
requirements could reduce regulatory burden on small filers, while 
affording small filers greater discretion into how they manage their 
accounts and securely maintain their EDGAR access codes, exempting a 
particular group of users would hinder the Commission's effort of 
establishing uniform requirements for all filers and individuals acting 
on their behalf.
    For instance, because EDGAR Next would eliminate the use of the 
several passcodes and eliminate the present requirement to change the 
EDGAR password annually, exempting small filers from proposed Rule 
10(d)(4) would generally lessen the security of their filing regime. 
Moreover, the Commission believes that any costs savings associated 
with exempting small filers from parts of EDGAR Next would likely be 
minimal. Small filers would still incur a cost of implementing their 
own practices and recordkeeping which might be higher than the cost of 
complying with the EDGAR Next changes and would impose a burden on 
small filers due to their limited resources and less established 
history of implementing such practices and recordkeeping. The EDGAR 
Next changes are designed to enhance the EDGAR filing regime, 
including, among other things, strengthening access to filers' EDGAR 
accounts by establishing a uniform method for authorizing, identifying, 
and tracking all individuals authorized to act on each filer's behalf. 
Additionally, a benefit of EDGAR Next is the elimination of password 
sharing. Exempting small filers from obtaining individual account 
credentials would not achieve that objective and therefore

[[Page 65551]]

would not generally improve the security of EDGAR.
3. Implementing Performance-Based Standards
    The EDGAR Next proposal mandates the performance of certain 
prescribed requirements to enhance the security of EDGAR's filing 
regime. We could consider an alternative with a more performance-based 
approach that would not spell out the precise actions filers need to 
take in order to improve the security of their EDGAR accounts, but 
instead only state that filers should have in place practices and 
recordkeeping that would allow the Commission to more easily identify 
anyone who makes a submission on the filer's behalf, and ensure that 
only individuals authorized by the filer are privy to the filer's 
access codes. For example, filers might opt to authorize only one 
account administrator rather than authorize and maintain two such 
individuals, or filers might determine that they do not need the 
additional security provided by multi-factor authentication for 
designated individuals to be authorized to act on their behalf on the 
dashboard.
    The benefits of such an approach would be that filers would have 
more flexibility in what their practices and recordkeeping cover. Such 
an approach would provide the benefit of reducing the regulatory burden 
for certain filers by permitting them to tailor their EDGAR access 
compliance requirements to fit their own particular circumstances, and 
would provide filers greater discretion into how they manage their 
EDGAR accounts and safeguard their account access codes. To the extent 
that this approach provides more flexibility to certain filers, this 
alternative could also increase compliance cost to the detriment of 
some filers who may incur higher cost to set up practices and 
recordkeeping arrangements to manage their account and safeguard their 
access codes. Furthermore, this approach would diminish the intended 
benefits of the EDGAR Next changes. Filers who bypass the individual 
account credential requirements would make it difficult for the 
Commission to match specific filings to the relevant individual who 
made the submissions, while authorizing only one account administrator 
would probably not reduce the likelihood of managing EDGAR accounts 
without interruptions.
    Overall, a performance-based approach would create inconsistencies 
in improving the overall security of EDGAR, facilitating the 
responsible management of EDGAR filer credentials, and simplifying 
procedures for accessing EDGAR. In addition, any cost savings 
associated with a performance-based approach would likely be minimal 
because filers would still incur the cost of compliance. In sum, this 
alternative would limit the magnitude of the benefits for filers that 
would result from the contemplated EDGAR Next changes.
4. Institute Phased Compliance Dates by Filer Category or Form Type
    The proposed amendments would have a single compliance date. As an 
alternative, we could employ phased compliance dates to either 
accelerate or postpone compliance for particular filers. Phased 
compliance would particularly benefit smaller filers by affording them 
a longer time period to come into compliance with EDGAR Next, while 
further facilitating compliance with other contemporaneous rules with 
similar or earlier compliance deadlines. To the extent that a phased 
compliance would provide filers with more time to comply with EDGAR 
Next changes, compared to the proposed compliance timeline, postponing 
compliance would delay the benefits provided by the proposed changes, 
while accelerating compliance might result in additional transition 
challenges for these filers.

E. Requests for Comment

    55. The Commission requests comment on all aspects of the economic 
effects of the EDGAR Next changes, including any anticipated impacts 
that are not mentioned here. We are particularly interested in 
quantitative estimates of the benefits and costs, in general or for 
particular types of affected parties, including smaller entities. We 
also request comment on reasonable alternatives to the EDGAR Next 
changes and on any effect the changes may have on efficiency, 
competition, and capital formation.
    56. Do you agree with the estimated benefits that EDGAR Next would 
provide to filers? If not, why?
    57. Do you agree with the estimated costs associated with the EDGAR 
Next changes? If not, why? Please provide your views on the burden of 
complying with the EDGAR Next changes relative to our estimates. In 
particular, would filers and filing agents switch to using the optional 
APIs contemplated as part of EDGAR Next? If not, why?
    58. Are there any filers for whom the compliance costs associated 
with EDGAR Next would not be justified by the benefits such that 
exempting those entities would be advisable? If so, which filers should 
the Commission exempt, and why?
    59. Does the contemplated compliance timeline provide filers 
sufficient time to transition to EDGAR Next? If not, what would be the 
additional cost incurred in order to meet the contemplated compliance 
timeline?
    60. Would EDGAR Next require any existing filers with delegated 
authority to file on behalf of a related person or entity to materially 
change the way they operate? If so, in what ways? What would be the 
cost associated with such change? For instance, many companies may file 
on behalf of their section 16 directors and officers, and some 
investment companies may also make filings on behalf of other funds 
within their fund family.
    61. Prospective filers could designate as account administrators 
(i) individuals employed at the filer or an affiliate of the filer (in 
the case of company applicants) or themselves (in the case of 
individual applicants), as well as (ii) any other individual, provided 
the filer submitted a notarized power of attorney authorizing such 
other individual to be its account administrator. Are filers likely to 
designate individuals other than themselves or their employees or 
employees of their affiliates? What would be the costs associated with 
this determination?
    The Commission also requests comment and supporting empirical data 
on the burden and cost estimates for the proposed rule, including the 
costs that filers and potential filers may incur.

V. Paperwork Reduction Act

    Certain provisions of the proposed amendments contain ``collection 
of information'' requirements within the meaning of the Paperwork 
Reduction Act of 1995 (``PRA'').\136\ We are submitting the proposed 
collections of information to the Office of Management and Budget 
(``OMB'') for review in accordance with the PRA.\137\ An agency may not 
conduct or sponsor, and a person is not required to respond to, a 
collection of information unless it displays a currently valid OMB 
control number. Compliance with the information collection is 
mandatory. Responses to the information collection are not kept 
confidential, and there is no mandatory retention period for the 
information disclosed. The title for the existing collection of 
information that we are proposing to amend is ``Form ID--EDGAR 
Password'' (OMB Control No. 3235-0328). Our proposal also includes a 
new collection of information titled ``the dashboard.'' The amendments 
to Form ID and the

[[Page 65552]]

implementation of the dashboard are designed to harness the benefits of 
improved technology and to modernize the EDGAR access and management 
functions. A detailed description of the proposed amendments, including 
the amendments to Form ID and the implementation of the dashboard, 
including the need for the information and its proposed use, as well as 
a description of the likely respondents, can be found in Section III 
above, and a discussion of the expected economic impact of the proposed 
amendments can be found in Section IV above. We discuss below the 
collection of information burdens associated with each initiative.
---------------------------------------------------------------------------

    \136\ 44 U.S.C. 3501 et seq.
    \137\ 44 U.S.C. 3507(d); 5 CFR 1320.11.
---------------------------------------------------------------------------

A. Form ID

    Form ID must be completed online and submitted to the Commission by 
all individuals, companies, and other organizations who seek access to 
file electronically on EDGAR.
    As outlined above, the amendments to Form ID would require an 
applicant for EDGAR access to undertake certain additional disclosure 
obligations, including most significantly: (1) designating on Form ID 
specific individuals the applicant authorizes to act as its account 
administrator(s) to manage its EDGAR account on a dashboard on EDGAR; 
(2) indicating the applicant's LEI, if any; (3) providing more specific 
contact information about the filer, its account administrators, its 
authorized individual (individual authorized to submit Form ID on the 
filer's behalf), and its billing contact (including mailing, business, 
and billing information, as applicable); (4) specifying whether the 
applicant, its authorized individual, person signing a power of 
attorney (if applicable), account administrator, or billing contact has 
been criminally convicted as a result of a Federal or State securities 
law violation, or civilly or administratively enjoined, barred, 
suspended, or banned in any capacity, as a result of a Federal or State 
securities law violation; (5) indicating whether the applicant, if a 
company, is in good standing with its state or country of 
incorporation; (6) requiring submission of a new Form ID if the 
applicant claims to have (i) lost electronic access to its existing CIK 
account or (ii) assumed legal control of a filer listed on an existing 
CIK account but did not receive EDGAR access from that filer; and (7) 
requiring those seeking access to an existing EDGAR account to upload 
to EDGAR the documents that establish the applicant's authority over 
the company or individual listed in EDGAR on the existing account. The 
proposed amendments would also simplify filer account management by 
eliminating the EDGAR password, PMAC, and passphrase.
    For purposes of the Paperwork Reduction Act, the currently approved 
burden includes an estimate of 57,329 Form ID filings annually and 
further estimates approximately 0.30 hours per response to prepare and 
file Form ID, for a total of 17,199 annual burden hours. Those 
estimates include the number of Form ID filings for filers without CIKs 
(48,089 filings), filers with CIKs who are seeking to regain access to 
EDGAR (8,836 filings), and filers with CIKs who have not filed 
electronically on EDGAR (404 filings).\138\ Filers are responsible for 
100% of the total burden hours.
---------------------------------------------------------------------------

    \138\ 48,089 filings for users without CIKs + 8,836 filings for 
filers who are seeking to regain access to EDGAR + 404 filings for 
filers with CIKs who have not yet filed electronically on EDGAR = 
57,329 filings.
---------------------------------------------------------------------------

    There were 79,457 Form ID filings in calendar year 2022. The 
estimate includes the number of filers without CIKs, filers with CIKs 
who have not filed electronically on EDGAR, and filers with CIKs who 
are seeking to regain access EDGAR.\139\ If the proposed access changes 
and proposed Form ID amendments are implemented, for purposes of the 
Paperwork Reduction Act, we estimate that the number of Form ID filings 
would remain the same and that the number of hours to prepare Form ID 
would increase by 0.30 hours.\140\
---------------------------------------------------------------------------

    \139\ 69,651 filings for users without CIKs + 9,390 filings for 
filers who are seeking to regain access to EDGAR + 416 filings for 
filers with CIKs who have not yet filed electronically on EDGAR = 
79,457 filings.
    \140\ The increase in burden would vary by applicant depending 
on whether certain of their responses required additional 
information (e.g., explaining the circumstances surrounding any of 
its operatives who are currently subject to Federal or State 
securities law investigations, proceedings, convictions, 
suspensions, or bars, and for applicants seeking access to an 
existing CIK account, providing the documents that establish the 
applicant's authority over the company or individual currently 
listed in EDGAR as corresponding to the existing CIK account).
---------------------------------------------------------------------------

    Thus, for purposes of the Paperwork Reduction Act, the estimated 
total number of annual Form ID filings would increase from 57,329 
filings to 79,457 filings. The estimate of 0.30 hours per response 
would increase to 0.60 hours per response. The estimated total annual 
burden would increase from 17,199 hours to 47,674 hours.\141\ The 
estimate that the filers are responsible for 100% of the total burden 
hours would stay the same.
---------------------------------------------------------------------------

    \141\ 79,457 filings x 0.60 hours/filing = 47,674 hours.

----------------------------------------------------------------------------------------------------------------
                                            Annual number of filings              Annual time burden (hrs.)
                                     ---------------------------------------------------------------------------
               Form ID                 Previously                            Previously
                                        approved      Requested    Change     approved      Requested    Change
----------------------------------------------------------------------------------------------------------------
Form ID.............................       57,329        79,457    22,128        17,199        47,674    30,475
----------------------------------------------------------------------------------------------------------------

B. The Dashboard

    To file on EDGAR, each filer must also comply with certain account 
access and management requirements by taking actions on the dashboard. 
As outlined above, each filer must authorize individuals to act on its 
behalf on the dashboard, and those individuals must have obtained 
individual account credentials for EDGAR in the manner specified in the 
EDGAR Filer Manual. Moreover, each filer, through their account 
administrators, is required to: (i) authorize and maintain at least two 
individuals as authorized account administrators to act on the filer's 
behalf to manage the filer's EDGAR account, except a filer who is an 
individual or single-member company must authorize and maintain at 
least one individual as an account administrator; (ii) confirm annually 
on EDGAR that all users, account administrators, technical 
administrators, and/or delegated entities reflected on the dashboard 
for the filer's EDGAR account are authorized by the filer, and that the 
filer's information on the dashboard is accurate; (iii) maintain 
accurate and current information on EDGAR concerning the filer's 
account, including but not limited to accurate corporate information 
and contact information (such as mailing and business addresses, email 
addresses, and telephone numbers); (iv) securely maintain information 
relevant to the ability to access the filer's EDGAR account, including 
but not limited to access through any EDGAR API; and (v)

[[Page 65553]]

if the filer chooses to use an EDGAR API, authorize at least two 
technical administrators to act on the filer's behalf to manage 
technical matters related to the filer's use of an API.
    Through the dashboard, account administrators could: (i) add and 
remove users, account administrators, and technical administrators 
(including removing themselves as an account administrator); (ii) 
create and edit groups of users; (iii) delegate filing authority to 
third parties with EDGAR accounts and remove such delegations; and (iv) 
generate a new CCC.
    For purposes of the PRA, we estimate that each filer would spend 
approximately one hour setting up the dashboard, and approximately one 
hour per annum managing the filer's account on the dashboard. This 
burden would vary across filers depending on the size of the filer, the 
number of users, account administrators, technical administrators, and 
delegated entities authorized by the filer, as well as the amount of 
annual staff turnover for those individuals and entities, among other 
factors. For a small number of filers, the annual burden could 
significantly exceed our estimate (e.g., filing agents who may have a 
large number of authorized individuals, as well as multiple accepted 
delegations and user groups for which delegated users would need to be 
maintained). On the other hand, for the vast majority of filers, the 
annual burden would presumably be less than our estimate because we 
expect most filers to have a small number of authorized individuals and 
experience little or no annual turnover with regard to those 
individuals.\142\ Consequently, the anticipated total annual burden 
attributed to the dashboard would be approximately 220,000 burden 
hours.\143\
---------------------------------------------------------------------------

    \142\ A filer survey conducted by a filing agent found that at 
least 64% of respondents planned to have three or fewer account 
administrators, and 96% of respondents planned to have fewer than 20 
users. See Workiva Comment Letter. Moreover, since filers are not 
required to authorize users, technical administrators, or 
delegations, filers who did not choose to authorize such individuals 
or third parties would not have any associated burdens.
    \143\ 149,000 active entity filers on EDGAR x 1 hour = 149,000 
burden hours. 71,000 active individual filers on EDGAR x 1 hour = 
71,000 burden hours. 149,000 burden hours + 71,000 burden hours = 
220,000 total annual burden hours.

----------------------------------------------------------------------------------------------------------------
                                                                                                   Total annual
                  Active filers                                            Burden hours            burden hours
----------------------------------------------------------------------------------------------------------------
Entities........................................         149,000     x                1      =           149,000
Individuals.....................................          71,000     x                1      =            71,000
                                                                                                ----------------
                                                                                                         220,000
----------------------------------------------------------------------------------------------------------------

C. Request for Comment

    We request comment on whether our estimates for burden hours and 
any external costs as described above are reasonable. Pursuant to 44 
U.S.C. 3506(c)(2)(B), the Commission solicits comments in order to: (i) 
evaluate whether the proposed collections of information are necessary 
for the proper performance of the functions of the Commission, 
including whether the information will have practical utility; (ii) 
evaluate the accuracy of the Commission's estimate of the burden of the 
proposed collections of information; (iii) determine whether there are 
ways to enhance the quality, utility, and clarity of the information to 
be collected; (iv) determine whether there are ways to minimize the 
burden of the collections of information on those who are to respond, 
including through the use of automated collection techniques or other 
forms of information technology; and (v) evaluate whether the proposed 
amendments would have any effects on any other collection of 
information not previously identified in this section.
    Any member of the public may direct to us any comments concerning 
the accuracy of these burden estimates and any suggestions for reducing 
these burdens. Persons wishing to submit comments on the collection of 
information requirements of the proposed amendments should direct them 
to the Office of Management and Budget, Attention Desk Officer for the 
Securities and Exchange Commission, Office of Information and 
Regulatory Affairs, Washington, DC 20503, and should send a copy to 
Vanessa Countryman, Secretary, Securities and Exchange Commission, 100 
F Street NE, Washington, DC 20549-1090, with reference to File No. S7-
15-23. OMB is required to make a decision concerning the collections of 
information between 30 and 60 days after publication of this release; 
therefore, a comment to OMB is best assured of having its full effect 
if OMB receives it within 30 days after publication of this release. 
Requests for materials submitted to OMB by the Commission with regard 
to these collections of information should be in writing, refer to File 
No. S7-15-23, and be submitted to the Securities and Exchange 
Commission, Office of FOIA Services, 100 F Street NE, Washington, DC 
20549-2736.

VI. Small Business Regulatory Enforcement Act

    For purposes of the Small Business Regulatory Enforcement Fairness 
Act of 1996 (``SBREFA''),\144\ the Commission must advise OMB whether a 
proposed regulation constitutes a ``major'' rule. Under SBREFA, a rule 
is considered ``major'' where, if adopted, it results in or is likely 
to result in:
---------------------------------------------------------------------------

    \144\ 5 U.S.C. 801 et seq.
---------------------------------------------------------------------------

     An annual effect on the U.S. economy of $100 million or 
more (either in the form of an increase or decrease);
     A major increase in costs or prices for consumers or 
individual industries; or
     Significant adverse effects on competition, investment, or 
innovation.
    We request comment on whether the proposed amendments would be a 
``major rule'' for purposes of SBREFA. We solicit comment and empirical 
data on:
     The potential effect of the proposed amendments on the 
U.S. economy on an annual basis;
     Any potential increase in costs or prices for consumers or 
individual industries; and
     Any potential effect on competition, investment, or 
innovation.
    Commenters are requested to provide empirical data and other 
factual support for their views to the extent possible.

VII. Initial Regulatory Flexibility Analysis

    The Regulatory Flexibility Act (``RFA'') \145\ requires an agency, 
when issuing a rulemaking proposal, to prepare and make available for 
public comment an Initial Regulatory Flexibility Analysis (``IFRA'') 
that describes the impact of the proposed rule on small entities.\146\ 
This IFRA has

[[Page 65554]]

been prepared in accordance with the RFA and relates to the proposed 
amendments to Rules 10 and 11 of Regulation S-T and Form ID described 
in Section III.E above.
---------------------------------------------------------------------------

    \145\ 5 U.S.C. 601 et seq.
    \146\ Id.
---------------------------------------------------------------------------

A. Reasons for, and Objectives of, the Proposed Action

    The purpose of the proposed amendments is to enhance the security 
of EDGAR accounts, improve the ability of filers to securely maintain 
access to their EDGAR accounts, facilitate the responsible management 
of EDGAR filer credentials, and simplify procedures for accessing 
EDGAR. Among other things, the proposed amendments would require each 
filer to:
     Authorize individuals to act on its behalf on the 
dashboard only if those individuals have obtained individual account 
credentials in the manner to be specified in the EDGAR Filer Manual;
     Authorize and maintain individuals as account 
administrators to manage their EDGAR accounts;
     Confirm annually on EDGAR, through their account 
administrators, that all account administrators, users, technical 
administrators and delegated entities reflected on the dashboard for 
the filer's EDGAR account are authorized by the filer to act on its 
behalf, and that all information about the filer on the dashboard is 
accurate;
     Maintain accurate and current information on EDGAR 
concerning the filer's account; and
     Securely maintain information relevant to the ability to 
access the filer's EDGAR account.
    Filers who chose to use the optional EDGAR APIs that the Commission 
would offer for machine-to-machine submissions on EDGAR and to 
facilitate filers' retrieval of related information, would, among other 
things, be required through their account administrators to authorize 
two technical administrators to manage tokens and other technical 
aspects of the EDGAR APIs.

B. Legal Basis

    We are proposing the amendments contained in this release under the 
authority set forth in sections 6, 7, 8, 10, and 19(a) of the 
Securities Act of 1933 (``Securities Act''),\147\ sections 3, 4A, 4B, 
12, 13, 14, 15, 15B, 23, and 35A of the Exchange Act,\148\ section 319 
of the Trust Indenture Act of 1939,\149\ and sections 8, 30, 31, and 38 
of the Investment Company Act of 1940 (``Investment Company 
Act'').\150\
---------------------------------------------------------------------------

    \147\ 15 U.S.C. 77f, 77g, 77h, 77j, and 77s (a).
    \148\ 15 U.S.C. 78c, 78d-1, 78d-2, 78l, 78m, 78n, 78o, 78o-4, 
78w, and 78ll.
    \149\ 15 U.S.C. 77sss.
    \150\ 15 U.S.C. 80a-8, 80a-29, 80a-30, and 80a-37.
---------------------------------------------------------------------------

C. Small Entities Subject to the Proposed Rule and Form Amendments

    The proposed amendments would affect individuals and entities that 
have EDGAR accounts or that seek to open EDGAR accounts. The RFA 
defines ``small entity'' to mean ``small business,'' ``small 
organization,'' or ``small governmental jurisdiction.'' \151\ For 
purposes of the RFA, under our rules, an issuer, other than an 
investment company, is a small entity if it had total assets of $5 
million or less on the last day of its most recent fiscal year.\152\ We 
estimate there are 908 issuers that file with the Commission--other 
than investment companies--that would be considered small entities for 
purposes of this analysis.\153\
---------------------------------------------------------------------------

    \151\ 5 U.S.C. 601(6).
    \152\ See 17 CFR 240.0-10(a)).
    \153\ This estimate is based on staff analysis of issuers 
potentially subject to the final amendments, excluding co-
registrants, with EDGAR filings on Form 10-K, or amendments thereto, 
filed during the calendar year of Jan. 1, 2022 to Dec. 31, 2022. 
This analysis is based on data from XBRL filings, Compustat, Ives 
Group Audit Analytics, and manual review of filings submitted to the 
Commission.
---------------------------------------------------------------------------

    With respect to investment companies and investment advisers, an 
investment company, including a business development company, is 
considered to be a small entity if it, together with other investment 
companies in the same group of related investment companies, has net 
assets of $50 million or less as of the end of its most recent fiscal 
year.\154\ We estimate that there are 82 registered investment 
companies (including business development companies and unit-investment 
trusts) that would be considered small entities.\155\ An investment 
adviser is generally considered a small entity if it: (1) has assets 
under management having a total value of less than $25 million; (2) did 
not have total assets of $5 million or more on the last day of the most 
recent fiscal year; and (3) does not control, is not controlled by, and 
is not under common control with another investment adviser that has 
assets under management of $25 million or more, or any person (other 
than a natural person) that had total assets of $5 million or more on 
the last day of its most recent fiscal year.\156\ We estimate that 
there are 594 investment advisers that would be considered small 
entities.\157\
---------------------------------------------------------------------------

    \154\ See 17 CFR 270.0-10.
    \155\ This estimate is derived from an analysis of data obtained 
from Morningstar Direct as well as data filed with the Commission 
(on Forms N-CSR, NPORT-P, 10-Q, and 10-K) for the last quarter of 
2022.
    \156\ 17 CFR 275.0-7.
    \157\ We based this estimate on registered investment adviser 
responses to Items 5.F. and 12 of Form ADV.
---------------------------------------------------------------------------

    A transfer agent is considered to be a small entity if it: (1) 
received less than 500 items for transfer and less than 500 items for 
processing during the preceding six months (or in the time that it has 
been in business, if shorter); (2) transferred items only of issuers 
that would be deemed ``small businesses'' or ``small organizations'' as 
defined in 17 CFR 240.0-10; (3) maintained master shareholder files 
that in the aggregate contained less than 1,000 shareholder accounts or 
was the named transfer agent for less than 1,000 shareholder accounts 
at all times during the preceding fiscal year (or in the time that it 
has been in business, if shorter); and (4) is not affiliated with any 
person (other than a natural person) that is not a small business or 
small organization under 17 CFR 240.0-10.\158\ We estimate that there 
are 126 transfer agents that would be considered small entities.\159\
---------------------------------------------------------------------------

    \158\ 17 CFR 240.0-10(h).
    \159\ We based this estimate on transfer agent responses to 
questions 4(a) and 5(a) on their latest filing on Form TA-2.
---------------------------------------------------------------------------

    With respect to municipal securities dealers and broker-dealers, a 
municipal securities dealer that is a bank (including any separately 
identifiable department or division of a bank) is a small entity if it: 
(1) had, or is a department of a bank that had, total assets of less 
than $10 million at all times during the preceding fiscal year (or in 
the time that it has been in business, if shorter); (2) had an average 
monthly volume of municipal securities transactions in the preceding 
fiscal year (or in the time it has been registered, if shorter) of less 
than $100,000; and (3) is not affiliated with any person (other than a 
natural person) that is not a small business or small organization as 
defined in 17 CFR 240.0-10.\160\ We estimate there are 171 municipal 
securities dealers that would be considered small entities.\161\ A 
broker-dealer is a small entity if it: (1) had total capital (net worth 
plus subordinated liabilities) of less than $500,000 on the date in the 
prior fiscal year as of which its audited financial statements were 
prepared pursuant to Sec.  240.17a-5(d) or, if not required to file 
such statements, a broker or dealer that had total capital (net worth 
plus subordinated liabilities) of less than $500,000 on the last 
business day of the preceding fiscal year (or in the time that it has 
been in business, if shorter); and (2) is not affiliated with any 
person (other than a natural person) that is not a small business or 
small organization as

[[Page 65555]]

defined in 17 CFR 240.0-10.\162\ We estimate that there are 782 broker-
dealers that would be considered small entities.\163\
---------------------------------------------------------------------------

    \160\ 17 CFR 240.0-10(f).
    \161\ This estimate is based on MSRB data filed during the 
calendar year of Jan. 1, 2022 to Dec. 31, 2022.
    \162\ 17 CFR 240.0-10(c).
    \163\ This estimate is based on FOCUS Report data filed during 
the calendar year of Jan. 1, 2022 to Dec. 31, 2022.
---------------------------------------------------------------------------

    A clearing agency is a small entity if it: (1) compared, cleared 
and settled less than $500 million in securities transactions during 
the preceding fiscal year (or in the time that it has been in business, 
if shorter); (2) had less than $200 million of funds and securities in 
its custody or control at all times during the preceding fiscal year 
(or in the time that it has been in business, if shorter); and (3) is 
not affiliated with any person (other than a natural person) that is 
not a small business or small organization as defined in 17 CFR 240.0-
10.\164\ We estimate there are zero clearing agencies that are small 
entities.
---------------------------------------------------------------------------

    \164\ 17 CFR 240.0-10(d).
---------------------------------------------------------------------------

    An exchange is a small entity if it: (1) has been exempted from the 
reporting requirements of Sec.  242.601 of this chapter; and (2) is not 
affiliated with any person (other than a natural person) that is not a 
small business or small organization as defined in 17 CFR 240.0-
10.\165\ We estimate there are zero exchanges that are small entities. 
A securities information processor is a small entity if it: (1) had 
gross revenues of less than $10 million during the preceding fiscal 
year (or in the time it has been in business, if shorter); (2) provided 
service to fewer than 100 interrogation devices or moving tickers at 
all times during the preceding fiscal year (or in the time that it has 
been in business, if shorter); and (3) is not affiliated with any 
person (other than a natural person) that is not a small business or 
small organization under 17 CFR 240.0-10.\166\ We estimate there are 
zero securities information processors that are small entities.
---------------------------------------------------------------------------

    \165\ 17 CFR 240.0-10(e).
    \166\ 17 CFR 240.0-10(g).
---------------------------------------------------------------------------

    Collectively, we estimate that there are 2,663 small entities that 
would be potentially subject to the proposed amendments, based on our 
review of data reported as of December 31, 2022.

D. Reporting, Recordkeeping, and Other Compliance Requirements

    As noted above, the purpose of the proposed amendments would be to 
update access and provide secure management of individual and entity 
filers' EDGAR accounts. If adopted, the proposed amendments are 
expected to apply to all applicants and current EDGAR accounts and 
would apply to small entities to the same extent as other entities, 
irrespective of size. Therefore, we generally expect the nature of any 
benefits and cost associated with the proposed amendments to be similar 
for large and small entities. We note, and as discussed above,\167\ all 
existing and new EDGAR filers will be subject to certain fixed costs to 
update and maintain an EDGAR account under the proposed amendments, 
which may result in a proportionally larger burden on small filers.
---------------------------------------------------------------------------

    \167\ See Section IV.C.2.
---------------------------------------------------------------------------

    We expect that the proposed amendments to the rules and form to 
update access and management of EDGAR accounts would have a small 
incremental effect on existing reporting, recordkeeping and other 
compliance burdens for all existing and new EDGAR filers, including 
small entities. The proposed amendments would simplify account 
management by providing an interactive dashboard on EDGAR, populated 
with EDGAR account information, as the central platform for account 
administrators and other delegated individuals to manage access to the 
account, update account information and send communications and 
notifications. Some of the proposed amendments, including requirements 
for all filers to confirm the accuracy of their account information, 
including authorizations for all account administrators, users, 
technical administrators, and/or delegated entities, would require the 
use of administrative and technical skills, and increase compliance 
costs for registrants, although we do not expect these additional costs 
would be significant.

E. Duplicative, Overlapping, or Conflicting Federal Rules

    We believe that the proposed amendments would not duplicate, 
overlap, or conflict with other Federal rules.

F. Significant Alternatives

    The RFA directs us to consider alternatives that would accomplish 
our stated objectives, while minimizing any significant adverse impact 
on small entities. In connection with the proposed amendments, we 
considered the following alternatives:
    i. Establishing different compliance requirements for individual 
and entity EDGAR account managers that take into account the resources 
available to small entities;
    ii. Clarifying, consolidating, or simplifying compliance and 
reporting requirements under the rules for small entities;
    iii. Using performance rather than design standards; \168\ and
---------------------------------------------------------------------------

    \168\ See the discussion of performance-based standards in 
Section IV.D.3.
---------------------------------------------------------------------------

    iv. Exempting small entities from all or part of the requirements.
    Regarding the first, third, and fourth alternatives,\169\ we do not 
believe that establishing different compliance requirements, using 
performance rather than design standards, or exempting small entities 
from the requirements would permit us to obtain our desired objectives. 
We are concerned that each of these alternatives would frustrate our 
efforts to enhance the security of EDGAR, improve the ability of filers 
to securely manage and maintain access to their EDGAR accounts, 
facilitate the responsible management of EDGAR filer credentials, and 
simplify procedures for accessing EDGAR. The proposed amendments set 
forth uniform requirements for each filer to formally authorize 
individuals to act on the filer's behalf in EDGAR as account 
administrators, users, and technical administrators, which would allow 
EDGAR to determine whether authorized individuals were accessing and 
taking actions with regards to the filer's EDGAR account. As proposed, 
all individuals accessing EDGAR would be required to sign in with 
individual account credentials and multi-factor authentication, which 
would allow EDGAR to identify the individuals accessing EDGAR. As 
discussed above, we believe that by imposing these requirements on all 
existing and prospective EDGAR filers, the Commission's EDGAR Next 
proposal would generally improve the security of the EDGAR system by 
establishing a uniform method for authorizing, identifying, and 
tracking all individuals authorized to act on each filer's behalf. We 
anticipate that establishing different compliance requirements, using 
performance rather than design standards, or exempting small entities 
would result in a patchwork compliance regime that would frustrate the 
ability of filing agents and other service providers to efficiently 
manage filer credentials and manage and maintain access to filers' 
EDGAR accounts, and would likewise frustrate our efforts to simplify 
procedures for accessing EDGAR.\170\
---------------------------------------------------------------------------

    \169\ See the discussion of compliance requirements in Section 
IV.D.2.
    \170\ See supra notes 28-29 (indicating that 60-90% of EDGAR 
filings may be submitted by filing agents).
---------------------------------------------------------------------------

    As noted above,\171\ the Commission considered using a performance-
based approach rather than the design standards of the anticipated 
EDGAR

[[Page 65556]]

Next changes and the proposed rule. Revising the EDGAR Next changes to 
make them more performance-based would reduce the regulatory burden for 
certain filers by permitting them to tailor their EDGAR access 
compliance requirements to fit their own particular circumstances. For 
example, small filers could determine that they do not need the 
additional security provided by multi-factor authentication for 
designated individuals to be authorized to act on their behalf on the 
dashboard. Furthermore, larger filers might opt to authorize only one 
account administrator rather than authorize and maintain two such 
individuals. However, after consideration, we believe that permitting 
filers to tailor their EDGAR access compliance requirements to fit 
their own particular circumstances would diminish the intended benefits 
of the EDGAR Next changes. As discussed earlier,\172\ bypassing the 
individual account credential requirements would make it difficult for 
the Commission to match specific filings to the relevant individual who 
made the submissions. Likewise, generally allowing filers to have only 
one account administrator would increase the likelihood that Commission 
staff could not reach an account administrator when it had time-
sensitive questions about access to or activity on the account. 
Overall, a performance-based approach would create inconsistencies in 
improving the overall security of EDGAR, facilitating the responsible 
management of EDGAR filer credentials, and simplifying procedures for 
accessing EDGAR. In addition, any cost savings associated with a 
performance-based approach would likely be minimal because filers would 
still incur the cost of compliance. Further, this alternative would 
limit the magnitude of the benefits for filers that would result from 
the contemplated EDGAR Next changes.
---------------------------------------------------------------------------

    \171\ See Section IV.D.3.
    \172\ Id.
---------------------------------------------------------------------------

    In addition, establishing different compliance requirements, using 
performance rather than design standards, or exempting small entities 
could permit individuals to access EDGAR accounts for small filers 
without being authorized on the dashboard, without multi-factor 
authentication, and without their EDGAR permissions being individually 
verified by EDGAR. Furthermore, if these exemptions or alternatives for 
small entities were implemented so that individuals acting on behalf of 
small entities were not required to obtain individual account 
credentials, the Commission would not be able to associate individuals 
with the specific filings they submitted on behalf of small entities. 
Collectively, this would reduce the security of EDGAR accounts for 
small entities, hinder the ability of the Commission and filers to 
prevent and resolve problematic and unauthorized filings, and frustrate 
our efforts to require small entities to responsibly manage EDGAR filer 
credentials.
    Regarding the second alternative, we believe the proposal is clear, 
and that clarifying, consolidating, or simplifying compliance 
requirements for EDGAR filers, including small entities, is not 
necessary. All EDGAR users currently follow the same process and rules 
to access and maintain their EDGAR accounts. The proposed changes to 
EDGAR account management that are intended in many ways to simplify 
procedures for accessing EDGAR purposes of EDGAR account management. 
Among other things, the proposed changes would eliminate the need for 
individuals to track and share EDGAR passwords, PMACs, and passphrase 
codes for each CIK. Instead, each individual would only be responsible 
for tracking a single set of individual account credentials, which we 
contemplate would be issued by Login.gov. Once the individual logged 
into EDGAR by using those credentials, the dashboard would 
automatically authenticate the individual and provide them with the 
appropriate access to each CIK for which they had been authorized to 
take action. The dashboard would also display any relevant individual 
codes or tokens (such as user API tokens or CCCs), instead of requiring 
the individual to personally track or record those codes or tokens. 
This should result in more streamlined, modern access processes that 
would benefit all filers, including individuals and small entities.

G. Request for Comment

    We encourage the submission of comments with respect to any aspect 
of this RFA. In particular, we request comments regarding:
     How the proposed rule and form amendments can achieve 
their objective while lowering the burden on individuals and small 
entities;
     The number of individuals and small entities that may be 
affected by the proposed rule and form amendments;
     The existence or nature of the potential effects of the 
proposed amendments on individuals and small entities discussed in the 
analysis; and
     How to quantify the effects of the proposed amendments; 
and
     Whether there are any Federal rules that duplicate, 
overlap, or conflict with the proposed amendments.
    Commenters are asked to describe the nature of any effect and 
provide empirical data supporting the extent of that effect. Comments 
will be considered in the preparation of the Final Regulatory 
Flexibility Analysis, if the proposed rules are adopted, and will be 
placed in the same public file as comments on the proposed rules 
themselves.

Statutory Authority

    We are proposing to amend Rules 10 and 11 of Regulation S-T and 
Form ID under the authority in sections 6, 7, 8, 10, and 19(a) of the 
Securities Act,\173\ sections 3, 4A, 4B, 12, 13, 14, 15, 15B, 23, and 
35A of the Exchange Act,\174\ section 319 of the Trust Indenture Act of 
1939,\175\ and sections 8, 30, 31, and 38 of the Investment Company 
Act.\176\
---------------------------------------------------------------------------

    \173\ 15 U.S.C. 77f, 77g, 77h, 77j, and 77s (a).
    \174\ 15 U.S.C. 78c, 78l, 78m, 78n, 78o, 78o-4, 78w, and 78ll.
    \175\ 15 U.S.C. 77sss.
    \176\ 15 U.S.C. 80a-8, 80a-29, 80a-30, and 80a-37.
---------------------------------------------------------------------------

List of Subjects

17 CFR Part 232

    Administrative practice and procedure, Confidential business 
information, Electronic filing, Incorporation by reference, Reporting 
and recordkeeping requirements, Securities.

17 CFR Part 239

    Administrative practice and procedure, Confidential business 
information, Incorporation by reference, Reporting and recordkeeping 
requirements, Securities.

17 CFR Part 249

    Administrative practice and procedure, Brokers, Fraud, Reporting 
and recordkeeping requirements, Securities.

17 CFR Part 269

    Reporting and recordkeeping requirements, Securities, Trusts and 
trustees.

17 CFR Part 274

    Administrative practice and procedure, Electronic funds transfers, 
Investment companies, Reporting and recordkeeping requirements, 
Securities.

    For the reasons discussed above, we propose to amend 17 CFR chapter 
II as follows:

[[Page 65557]]

PART 232--REGULATION S-T--GENERAL RULES AND REGULATIONS FOR 
ELECTRONIC FILINGS

0
1. The general authority citation for part 232 continues to read as 
follows:

    Authority:  15 U.S.C. 77c, 77f, 77g, 77h, 77j, 77s(a), 77z-3, 
77sss(a), 78c(b), 78l, 78m, 78n, 78o(d), 78w(a), 78ll, 80a-6(c), 
80a-8, 80a-29, 80a-30, 80a-37, 80b-4, 80b-10, 80b-11, 7201 et seq.; 
and 18 U.S.C. 1350, unless otherwise noted.
* * * * *
0
2. Amend Sec.  232.10 by:
0
a. Revising paragraph (b);
0
b. Adding paragraph (d); and
0
c. Revising Note to Sec.  232.10.
    The revisions and additions read as follows:


Sec.  232.10  Application of part 232.

* * * * *
    (b) Each electronic filer must, before filing on EDGAR:
    (1) File electronically the information required by Form ID 
(Sec. Sec.  239.63, 249.446, 269.7 and 274.402 of this chapter), the 
application for EDGAR access, which must be completed by an individual 
authorized by the electronic filer as its account administrator, 
pursuant to paragraph (d)(2) of this section, and
    (2) File, by uploading as a Portable Document Format (PDF) 
attachment to the Form ID filing, a notarized document, signed by the 
electronic filer or its authorized individual, that includes the 
information required to be included in the Form ID filing and confirms 
the authenticity of the Form ID filing.
* * * * *
    (d) To file on EDGAR, each electronic filer must comply with the 
EDGAR account access and account management requirements set forth in 
this section and in the EDGAR Filer Manual.
    (1) The electronic filer may only authorize individuals to act on 
its behalf on the dashboard if those individuals have obtained 
individual account credentials for EDGAR in the manner specified in the 
EDGAR Filer Manual;
    (2) Each electronic filer must authorize and maintain at least two 
(2) individuals as account administrators to act on the electronic 
filer's behalf to manage its EDGAR account, except an electronic filer 
who is an individual or single-member company must authorize and 
maintain at least one (1) individual as an account administrator to 
manage its EDGAR account;
    (3) If the electronic filer chooses to use an EDGAR Application 
Programming Interface, the electronic filer, through its authorized 
account administrator(s), must authorize at least two technical 
administrators to act on the electronic filer's behalf to manage 
technical matters related to the electronic filer's use of any EDGAR 
Application Programming Interfaces;
    (4) The electronic filer, through its authorized account 
administrator(s), must confirm annually on EDGAR that all account 
administrator(s), users, technical administrators, and/or delegated 
entities reflected on the dashboard for its EDGAR account are 
authorized by the electronic filer to act on its behalf, and that all 
information about the filer on the dashboard is accurate;
    (5) The electronic filer, through its authorized account 
administrator(s), must maintain accurate and current information on 
EDGAR concerning the electronic filer's account, including but not 
limited to accurate corporate information and contact information; and
    (6) The electronic filer, through its authorized account 
administrator(s), must securely maintain information relevant to the 
ability to access the electronic filer's EDGAR account, including but 
not limited to access through any EDGAR Application Programming 
Interfaces.

    Note to Sec.  232.10:  The Commission staff carefully reviews 
each Form ID, and electronic filers should not assume that the 
Commission staff will automatically approve the Form ID upon its 
submission. Therefore, any applicant seeking EDGAR access is 
encouraged to submit the Form ID for review well in advance of the 
first required filing to allow sufficient time for staff to review 
the application.

0
3. Amend Sec.  232.11 by:
0
a. Adding definitions for ``Account administrator'', ``Application 
Programming Interface'', ``Authorized individual'', ``Dashboard'', 
``Delegated entity'' in alphabetical order;
0
b. Revising the definitions for ``Direct transmission'' and ``EDGAR 
Filer Manual''; and
0
c. Adding the definitions for ``Filing agent'', ``Individual account 
credentials'', Single-member company'', ``Technical administrator'', 
and ``User'' in alphabetical order.
    The additions and revisions read as follows:


Sec.  232.11   Definitions of terms used in this part.

* * * * *
    Account administrator. The term account administrator means an 
individual that the electronic filer authorizes to manage its EDGAR 
account and to make filings on EDGAR on the electronic filer's behalf.
* * * * *
    Application Programming Interface. The term Application Programming 
Interface, or API, means a software interface that allows computers or 
applications to communicate with each other.
* * * * *
    Authorized individual. The term authorized individual means an 
individual with the authority to legally bind the entity or individual 
applying for access to EDGAR on Form ID, or an individual with a power 
of attorney from an individual with the authority to legally bind the 
applicant. The power of attorney document must clearly state that the 
individual receiving the power of attorney has general legal authority 
to bind the applicant or specific legal authority to bind the applicant 
for purposes of applying for access to EDGAR on Form ID.
* * * * *
    Dashboard. The term dashboard means an interactive function on 
EDGAR where electronic filers manage their EDGAR accounts and 
individuals that electronic filers authorize may take relevant actions 
for electronic filers' accounts.
    Delegated entity. The term delegated entity means an electronic 
filer that another electronic filer authorizes, on the dashboard, to 
file on EDGAR on its behalf. Delegated entities must themselves be 
electronic filers and must follow all rules applicable to electronic 
filers. Delegated entities are not permitted to further delegate 
authority to file for a delegating electronic filer, nor are they 
permitted to take action on the delegating electronic filer's 
dashboard.
* * * * *
    Direct transmission. The term direct transmission means the 
transmission to EDGAR of one or more electronic submissions.
* * * * *
    EDGAR Filer Manual. The term EDGAR Filer Manual means the manual 
that sets forth the requirements for access to EDGAR and the procedural 
requirements to make electronic submissions on EDGAR. Note: See Rule 
301 of Regulation S-T (Sec.  232.301).
* * * * *
    Filing agent. The term filing agent means any person or entity 
engaged in the business of making submissions on EDGAR on behalf of 
electronic filers. To act as a delegated entity for an electronic 
filer, a filing agent must be an electronic filer with an EDGAR 
account.
* * * * *

[[Page 65558]]

    Individual account credentials. The term individual account 
credentials means credentials issued to individuals for purposes of 
EDGAR access, as specified in the EDGAR Filer Manual, and used by those 
individuals to access EDGAR.
* * * * *
    Single-member company. The term single-member company means a 
company that has a single individual who acts as the sole equity 
holder, director, and officer (or, in the case of an entity without 
directors and officers, holds position(s) performing similar activities 
as a director and officer).
* * * * *
    Technical administrator. The term technical administrator means an 
individual that the electronic filer authorizes on the dashboard to 
manage the technical aspects of the electronic filer's use of EDGAR 
Application Programming Interfaces on the electronic filer's behalf.
* * * * *
    User. The term user means an individual that the electronic filer 
authorizes on the dashboard to make submissions on EDGAR on the 
electronic filer's behalf.

PART 239--FORMS PRESCRIBED UNDER THE SECURITIES ACT OF 1933

0
4. The authority citation for part 239 continues to read, in part, as 
follows:

    Authority:  15 U.S.C. 77c, 77f, 77g, 77h, 77j, 77s, 77z-2, 77z-
3, 77sss, 78c, 78l, 78m, 78n, 78o(d), 78o-7 note, 78u-5, 78w(a), 
78ll, 78mm, 80a-2(a), 80a-3, 80a-8, 80a-9, 80a-10, 80a-13, 80a-24, 
80a-26, 80a-29, 80a-30, 80a-37, and sec. 71003 and sec. 84001, Pub. 
L. 114-94, 129 Stat. 1321, unless otherwise noted.
* * * * *
    Sections 239.63 and 239.64 are also issued under 15 U.S.C. 77f, 
77g, 77h, 77j, 77s(a), 77sss(a), 78c(b), 78l, 78m, 78n, 78o(d), 
78w(a), 80a-8, 80a-24, 80a-29, and 80a-37.

0
5. Revise Sec.  239.63 to read as follows:


Sec.  239.63   Form ID, application for EDGAR access.

    Form ID must be filed by electronic filers, or by their account 
administrators, to request EDGAR access and to authorize account 
administrators to manage the electronic filer's EDGAR account.
0
6. Form ID (referenced in Sec. Sec.  239.63, 249.446, 269.7, and 
274.402) is revised:

    Note:  Form ID is attached as Appendix A at the end of this 
document. Form ID will not appear in the Code of Federal 
Regulations.

PART 249--FORMS, SECURITIES EXCHANGE ACT OF 1934

0
7. The general authority citation for part 249 continues to read as 
follows:

    Authority:  15 U.S.C. 78a et seq. and 7201 et seq.; 12 U.S.C. 
5461 et seq.; 18 U.S.C. 1350; Sec. 953(b) Pub. L. 111-203, 124 Stat. 
1904; Sec. 102(a)(3) Pub. L. 112-106, 126 Stat. 309 (2012), Sec. 107 
Pub. L. 112-106, 126 Stat. 313 (2012), Sec. 72001 Pub. L. 114-94, 
129 Stat. 1312 (2015), and secs. 2 and 3 Pub. L. 116-222, 134 Stat. 
1063 (2020), unless otherwise noted.
* * * * *
0
8. Revise Sec.  249.446 to read as follows:


Sec.  249.446   Form ID, application for EDGAR access.

    Form ID must be filed by electronic filers, or by their account 
administrators, to request EDGAR access and to authorize account 
administrators to manage the electronic filer's EDGAR account.

PART 269--FORMS PRESCRIBED UNDER THE TRUST INDENTURE ACT OF 1939

0
9. The authority citation for part 269 continues to read as follows:

    Authority:  15 U.S.C. 77ddd(c), 77eee, 77ggg, 77hhh, 77iii, 
77jjj, 77sss, and 78ll(d), unless otherwise noted.

0
10. Revise Sec.  269.7 to read as follows:


Sec.  269.7   Form ID, application for EDGAR access.

    Form ID must be filed by electronic filers, or by their account 
administrators, to request EDGAR access and to authorize account 
administrators to manage the electronic filer's EDGAR account.

PART 274--FORMS PRESCRIBED UNDER THE INVESTMENT COMPANY ACT OF 1940

0
11. The authority citation for part 274 continues to read as follows:

    Authority:  15 U.S.C. 77f, 77g, 77h, 77j, 77s, 78c(b), 78l, 78m, 
78n, 78o(d), 80a-8, 80a-24, 80a-26, 80a-29, and 80a-37, unless 
otherwise noted.
* * * * *
0
12. Revise Sec.  274.402 to read as follows:


Sec.  274.402  Form ID, application for EDGAR access.

    Form ID must be filed by electronic filers, or by their account 
administrators, to request EDGAR access and to authorize account 
administrators to manage the electronic filer's EDGAR account.

    By the Commission.

    Dated: September 13, 2023.
J. Matthew DeLesDernier,
Deputy Secretary.

    Note:  Appendix A will not appear in the Code of Federal 
Regulations.

BILLING CODE 8011-01-P

[[Page 65559]]

[GRAPHIC] [TIFF OMITTED] TP22SE23.004


[[Page 65560]]


[GRAPHIC] [TIFF OMITTED] TP22SE23.005


[[Page 65561]]


[GRAPHIC] [TIFF OMITTED] TP22SE23.006


[[Page 65562]]


[GRAPHIC] [TIFF OMITTED] TP22SE23.007


[[Page 65563]]


[GRAPHIC] [TIFF OMITTED] TP22SE23.008


[[Page 65564]]


[GRAPHIC] [TIFF OMITTED] TP22SE23.009


[[Page 65565]]


[GRAPHIC] [TIFF OMITTED] TP22SE23.010


[[Page 65566]]


[GRAPHIC] [TIFF OMITTED] TP22SE23.011


[[Page 65567]]


[GRAPHIC] [TIFF OMITTED] TP22SE23.012


[[Page 65568]]


[GRAPHIC] [TIFF OMITTED] TP22SE23.013


[[Page 65569]]


[GRAPHIC] [TIFF OMITTED] TP22SE23.014


[[Page 65570]]


[GRAPHIC] [TIFF OMITTED] TP22SE23.015


[[Page 65571]]


[GRAPHIC] [TIFF OMITTED] TP22SE23.016


[[Page 65572]]


[GRAPHIC] [TIFF OMITTED] TP22SE23.017


[[Page 65573]]


[GRAPHIC] [TIFF OMITTED] TP22SE23.018


[[Page 65574]]


[GRAPHIC] [TIFF OMITTED] TP22SE23.019


[[Page 65575]]


[GRAPHIC] [TIFF OMITTED] TP22SE23.020

[FR Doc. 2023-20268 Filed 9-21-23; 8:45 am]
BILLING CODE 8011-01-C

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.