2023-09-22 | 2023-20268Added
The Securities and Exchange Commission proposes amendments to Regulation S-T and Form ID to enhance EDGAR security through the EDGAR Next initiative. The rules require filers to designate account administrators who manage user access via a new dashboard and mandate that all individuals obtain unique credentials through Login.gov. Additionally, the proposal introduces optional Application Programming Interfaces for machine-to-machine communication, requiring filers to appoint technical administrators to manage API security tokens.
65524 Federal Register / Vol. 88, No. 183 / Friday, September 22, 2023 / Proposed Rules SECURITIES AND EXCHANGE COMMISSION 17 CFR Parts 232, 239, 249, 269, and 274 [Release Nos. 33–11232; 34–98368; 39– 2551; IC–34996; File No. S7–15–23] RIN 3235–AM58 EDGAR Filer Access and Account Management AGENCY: Securities and Exchange Commission. ACTION: Proposed rule. SUMMARY: The Securities and Exchange Commission (‘‘Commission’’) is proposing rule and form amendments concerning access to and management of accounts on the Commission’s Electronic Data Gathering, Analysis, and Retrieval system (‘‘EDGAR’’) that are related to potential technical changes to EDGAR (collectively referred to as ‘‘EDGAR Next’’). We propose to require that electronic filers (‘‘filers’’) authorize and maintain designated individuals as account administrators and that filers, through their account administrators, take certain actions to manage their accounts on a dashboard on EDGAR. Further, we propose that filers may only authorize individuals as account administrators or in the other roles described herein if those individuals first obtain individual account credentials in the manner to be specified in the EDGAR Filer Manual. As part of the EDGAR Next changes, the Commission would offer filers optional Application Programming Interfaces (‘‘APIs’’) for machine-to-machine communication with EDGAR, including submission of filings and retrieval of related information. If the proposed rule and form amendments are adopted, the Commission would make corresponding changes to the EDGAR Filer Manual and implement the potential technical changes. DATES: Comments should be received on or before November 21, 2023. ADDRESSES: Comments may be submitted by any of the following methods: Electronic Comments • Use the Commission’s internet comment form (https://www.sec.gov/ rules/submitcomments.htm); or • Send an email to rule-comments@ sec.gov. Please include File Number S7– 15–23 on the subject line. Paper Comments • Send paper comments to Secretary, Securities and Exchange Commission, 100 F Street NE, Washington, DC 20549. All submissions should refer to File Number S7–15–23. This file number should be included on the subject line if email is used. To help the Commission process and review your comments more efficiently, please use only one method of submission. The Commission will post all submitted comments on the Commission’s website (https://www.sec.gov/rules/ proposed.shtml). Comments are also available for website viewing and printing in the Commission’s Public Reference Room, 100 F Street NE, Washington, DC 20549, on official business days between the hours of 10 a.m. and 3 p.m. Operating conditions may limit access to the Commission’s Public Reference Room. Do not include personal identifiable information in submissions; you should submit only information that you wish to make available publicly. We may redact in part or withhold entirely from publication submitted material that is obscene or subject to copyright protection. Studies, memoranda, or other substantive items may be added by the Commission or staff to the comment file during this rulemaking. A notification of the inclusion in the comment file of any such materials will be made available on our website. To ensure direct electronic receipt of such notifications, sign up through the ‘‘Stay Connected’’ option at www.sec.gov to receive notifications by email. FOR FURTHER INFORMATION CONTACT: Rosemary Filou, Deputy Director and Chief Counsel; Daniel K. Chang, Senior Special Counsel; E. Laurita Finch, Senior Special Counsel; Jane Patterson, Senior Special Counsel; Margaret Marrero, Senior Counsel; Lidian Pereira, Senior Special Counsel; EDGAR Business Office at 202–551–3900, Securities and Exchange Commission, 100 F Street NE, Washington, DC 20549. SUPPLEMENTARY INFORMATION: The Commission is proposing amendments to 17 CFR 232.10 (‘‘Rule 10’’) and 17 CFR 232.11 (‘‘Rule 11’’) under 17 CFR 232.10 through 232.903 (‘‘Regulation S– T’’); and amendments to Form ID (referenced in 17 CFR 239.63, 17 CFR 249.446, 17 CFR 269.7, and 17 CFR 274.402). Table of Contents I. Introduction II. Background A. Current EDGAR Access and Account Management B. The Commission’s September 2021 Request for Comment III. Discussion A. Individual Account Credentials B. Individual Roles: Account Administrator, User, Technical Administrator
Federal Register / Vol. 88, No. 183 / Friday, September 22, 2023 / Proposed Rules 65525 1For purposes of this release, we use the term ‘‘filer’’ to mean ‘‘electronic filer,’’ as defined in Rule 11 of Regulation S–T: ‘‘A person or an entity that submits filings electronically pursuant to Rules 100 or 101 of Regulation S–T.’’ 2Please refer to proposed Rule 11 of Regulation S–T, set forth in this release, for definitions of the terms used in this release, including ‘‘account administrator,’’ ‘‘dashboard,’’ ‘‘user,’’ ‘‘delegated entity,’’ ‘‘APIs,’’ and ‘‘technical administrator.’’ 3 In the 2021 Request for Comment, we referred to filer administrators. That term has been changed herein to refer to account administrators, which we believe is in keeping with industry nomenclature and is less confusing in context. See Potential Technical Changes to EDGAR Filer Access and Filer Account Management Processes, Release No. 33– 10993 (Sept. 30, 2021) [86 FR 55029 (Oct. 5, 2021)]. 4Comment letters related to the 2021 Request for Comment are available at https://www.sec.gov/ comments/s7-12-21/s71221.htm. 5 In addition to the changes discussed below, Rule 10 would also be amended to implement certain technical and conforming changes. See Section III.E.1. 6We are proposing amendments to Rule 11 under Regulation S–T to define an ‘‘account administrator’’ as an individual authorized by an electronic filer to manage the electronic filer’s EDGAR account on EDGAR, and to make filings on EDGAR on the electronic filer’s behalf. See the discussion of proposed amendments to Rule 11 in Section III.E.2. 7The amendments to Rule 11 would also update or delete outdated terminology and clarify the definition of the EDGAR Filer Manual. 8We are proposing amendments to Rule 11 under Regulation S–T to define ‘‘individual account credentials’’ as credentials issued to individuals for purposes of EDGAR access, as specified in the EDGAR Filer Manual. See the discussion of proposed amendments to Rule 11 in Section III.E.2. We currently anticipate that, if the proposal is adopted, the EDGAR Filer Manual would specify that individual account credentials must be obtained through Login.gov, a sign in service of the United States Government that employs multifactor authentication. 9We are proposing amendments to Rule 11 under Regulation S–T to define the ‘‘dashboard’’ as an interactive function on EDGAR where electronic filers manage their EDGAR accounts and individuals that electronic filers authorize may take relevant actions for electronic filers’ accounts. See the discussion of proposed amendments to Rule 11 in Section III.E.2. 10See EDGAR Filer Management website at https://www.filermanagement.edgarfiling.sec.gov. 11Applicants (individuals and companies) for EDGAR access would designate account administrators on Form ID. See proposed Form ID. 12For example, if a filer wished to authorize an individual employed by its filing agent to act as the filer’s account administrator, the authorized individual for the filer would be required to upload a notarized power of attorney authorizing the individual to be the filer’s account administrator. See proposed Form ID, Part 3. 13We are proposing amendments to Rule 11 under Regulation S–T to define ‘‘authorized individual.’’ See the discussion of proposed amendments to Rule 11 in Section III.E.2. 14Foreign filers who do not have access to a U.S. notary public could use the foreign local equivalent of a notary public (e.g., apostille) or obtain notarization by a remote online notary recognized by the law of any State or territory in the U.S. or the District of Columbia. See EDGAR Filer Manual, Volume I, at Section 3. 15Please see the illustration in diagram 3 in Section III.C. 16We are proposing amendments to Rule 11 under Regulation S–T to define a ‘‘user’’ as an individual that the filer authorizes on the dashboard to make submissions on EDGAR on the filer’s behalf. See the discussion of proposed amendments to Rule 11 in Section III.E.2. 17We are proposing amendments to Rule 11 under Regulation S–T to define a ‘‘delegated entity’’ as an electronic filer that another electronic filer authorizes, on the dashboard, to file on EDGAR on its behalf. See the discussion of proposed amendments to Rule 11 in Section III.E.2. 18We are proposing amendments to Rule 11 under Regulation S–T to define a ‘‘technical administrator’’ as an individual that the filer authorizes on the dashboard to manage the technical aspects of the filer’s use of EDGAR Application Programming Interfaces on its behalf. See the discussion of proposed amendments to Rule 11 in Section III.E.2. management. Separately, we welcome feedback on related EDGAR technical functionality. The Commission is seeking to enhance the security of EDGAR, improve the ability of filers 1 to securely manage and maintain access to their EDGAR accounts, facilitate the responsible management of filer credentials, and simplify procedures for accessing EDGAR.2 In furtherance of these goals, on September 30, 2021, the Commission issued a Request for Comment on Potential Technical Changes to EDGAR Filer Access and Filer Account Management Processes (‘‘2021 Request for Comment’’).3 The Commission received comments from and engaged in a dialogue with interested parties, considered feedback from these parties, and gathered additional information about filers’ interactions with EDGAR.4 The rule and form amendments we are proposing in this release and the related technical changes seek to achieve the Commission’s goals for secure EDGAR access and account management while addressing many of the comments and concerns expressed in response to the 2021 Request for Comment. The obligations for filers contemplated by EDGAR Next would generally be codified in Rule 10 of Regulation S–T.5 Form ID would be amended to implement those changes and require information about, among other things, the filer’s account administrators,6 and to improve the utility of the form for Commission staff. Moreover, Rule 11 of Regulation S–T would be amended to provide clarity regarding certain new terms related to the proposed rule and form amendments.7 Under proposed Rule 10(d)(1), only those individuals who obtained individual account credentials 8 could be authorized to act on the filer’s behalf on a dashboard 9 on the EDGAR Filer Management website.10 Proposed Rule 10(d)(2) would require each filer to authorize and maintain individuals as its account administrators 11 to manage the filer’s EDGAR account on the filer’s behalf, in accord with the EDGAR account access and account management requirements set forth in this proposal and in the EDGAR Filer Manual. The filer could authorize someone who is not an employee of the filer 12 as the filer’s account administrator, if the authorized individual for the filer 13 provided a relevant notarized power of attorney authorizing that individual to be the filer’s account administrator.14 On the dashboard, account administrators would take actions on behalf of the filer to add and remove authorized users, account administrators, and technical administrators; and annually confirm the accuracy of the filer’s information on the dashboard. Additionally, on the dashboard, account administrators could delegate authority to file on behalf of the filer to any other EDGAR account, such as a filing agent, making that account a delegated entity of the filer, and could remove a delegated entity’s authority to file on the filer’s behalf. A delegated entity would have its own EDGAR account and dashboard to manage its account. Because it would itself be a filer, a delegated entity would be subject to the same requirements as other filers. Through its dashboard, a delegated entity could manage the delegated authority it received from filers. If a delegated entity accepted a delegation from a filer, the delegated entity’s account administrators would become delegated administrators with respect to that filer. Each delegated administrator could thereafter manage which of the users of the delegated entity would become delegated users for particular filers. A delegated entity could not further delegate authority to file on behalf of that filer, nor could delegated administrators take action on the filer’s dashboard. Similarly, the filer’s account administrators could not view or take action on the delegated entity’s dashboard.15 As proposed, Rule 10(d)(4) would require each filer, through its authorized account administrators, to confirm annually that all account administrators, users,16 delegated entities,17 and technical administrators 18 reflected on the dashboard for the filer’s EDGAR account are authorized by the filer and that all information regarding the filer on the dashboard is accurate (generally including the filer’s corporate and contact information). Pursuant to proposed Rule 10(d)(5), each filer, through its authorized VerDate Sep<11>2014 18:08 Sep 21, 2023 Jkt 259001 PO 00000 Frm 00003 Fmt 4701 Sfmt 4702 E:\FR\FM\22SEP3.SGM 22SEP3 lotter on DSK11XQN23PROD with PROPOSALS3
65526 Federal Register / Vol. 88, No. 183 / Friday, September 22, 2023 / Proposed Rules 19We are proposing amendments to Rule 11 under Regulation S–T to define an ‘‘Application Programming Interface’’ or ‘‘API’’ as a software interface that allows computers or applications to communicate with each other. See the discussion of proposed amendments to Rule 11 in Section III.E.2. 20See proposed Rule 10(d)(3). 21The Commission staff will make available an EDGAR Next Proposing Beta environment shortly after the issuance of this release, and it will remain open to filers for at least 6 months thereafter. The EDGAR Next Proposing Beta will reflect the proposed rule and form changes as well as the technical changes to EDGAR set forth in this release. The EDGAR Next Proposing Beta environment will therefore contain functionality, including APIs, not included in the 2021 Request for Comment beta environment. If the Commission later adopts the proposed rule and form changes set forth in this release, staff would make available to filers an EDGAR Next Adopting Beta environment that reflects the rule and form changes as adopted and the technical changes to EDGAR to be made in connection with adoption. The EDGAR Next Adopting Beta would allow filers to prepare for the transition to the rule and form changes as adopted and the final version of the technical changes to EDGAR. 22Technical feedback may be submitted to the public comment file. 23See EDGAR Filer Manual, Volume I, at Section 3. The EDGAR Filer Manual specifies the instructions filers must follow when making electronic filings on EDGAR and is incorporated by reference in the Code of Federal Regulations by 17 CFR 232.301 (Rule 301 of Regulation S–T). Rule 10 of Regulation S–T and the EDGAR Filer Manual permit manual, electronic, and remote online notarizations, authorized by the law of any State or territory of the United States or the District of Columbia. See 17 CFR 232.10 and EDGAR Filer Manual, Volume I, at Section 3. An ‘‘authorized individual’’ for purposes of the Form ID notarization process is an individual with the authority to legally bind the applicant, or an individual with a power of attorney from an individual with the authority to legally bind the applicant. See EDGAR Filer Manual, Volume I, at Section 3. 24 17 CFR 239.63, 249.446, 269.7, and 274.402. 25While most applicants that submit Form ID have not previously been assigned a CIK, a small number of other applicants have already been assigned a CIK but have not filed electronically on EDGAR. These applicants continue to use the same CIK when they receive access to EDGAR and are not assigned a new CIK. 26See EDGAR Filer Manual, Volume I, at Section 4. For a discussion of the functions of these access codes, please see the ‘‘Understand and utilize EDGAR CIKs, passphrases, and access codes’’ section of the ‘‘EDGAR—How Do I’’ FAQs, at https://www.sec.gov/edgar/filer-information/howdo-i. 27See EDGAR Filer Manual, Volume I, at 4 (‘‘Filers must securely maintain all EDGAR access codes and limit the number of persons who possess the codes.’’). 28 In calendar year 2021, 63% of all EDGAR submissions were made by filers that identified themselves as ‘‘filing agents.’’ Because filing agents are not required to self-identify in EDGAR as such, however, and instead could simply identity themselves as a ‘‘filer,’’ the actual percentage of account administrators, would further be required to maintain accurate and current information about the filer on EDGAR, and, pursuant to proposed Rule 10(d)(6), to securely maintain information relevant to the ability to access the filer’s EDGAR account. As part of EDGAR Next, the Commission would offer filers optional APIs 19 to facilitate machine-to-machine communication with EDGAR, including submission of filings and retrieval of related information. Pursuant to proposed Rule 10(d)(3), if the filer decided to use an optional API, the filer would be required to authorize two individuals to be technical administrators to manage the API.20 In addition, the filer would present security tokens to EDGAR, which would be reissued annually, and which the technical administrators would manage on the filer’s dashboard. Individuals using the APIs would be required to sign in with their individual account credentials and complete multi-factor authentication on a monthly basis. The Commission intends to make available to filers an EDGAR Next Proposing Beta environment 21 that reflects the proposed rule and form amendments and related technical changes. In addition to public comment on the proposed rule and form amendments, the Commission welcomes feedback from filers about the technical aspects of EDGAR Next.22 II. Background A. Current EDGAR Access and Account Management Presently, those seeking to file on EDGAR apply for access pursuant to Rule 10 of Regulation S–T by completing the Form ID application for access on the EDGAR Filer Management website and submitting a notarized copy of that application signed by an authorized individual of the filer.23 Form ID is an online fillable form that requires the applicant to provide the applicant’s name and contact information, the applicant’s point of contact for EDGAR information, inquiries, and access codes (‘‘EDGAR POC’’), and its contact for SEC account information and billing invoices (‘‘billing contact’’).24 Further, when the applicant entity or individual submits the Form ID, the applicant must create and retain a passphrase to be used to create access codes if the application is granted. If Commission staff approves the Form ID application, an account in the filer’s name is opened on EDGAR, denoted by a central index key number (‘‘CIK’’) unique to that filer, if needed.25 The EDGAR POC may then generate access codes to allow the filer to make submissions on its EDGAR account. To do so, the EDGAR POC uses the CIK provided in an email from EDGAR and the passphrase the filer created on EDGAR when the filer submitted the Form ID to generate a password, central index key confirmation code (‘‘CCC’’), and password modification authorization code (‘‘PMAC’’).26 Together with the CIK, the filer’s password, passphrase, CCC, and PMAC constitute the EDGAR access codes. Filers make submissions on EDGAR using their CIK, password, and CCC. Filings on EDGAR are therefore traceable to the filer’s CIK. EDGAR does not presently issue identifying credentials to individuals making filings on EDGAR; an individual’s authority to file on EDGAR is predicated on possession of the password and CCC. Thus, filings are not easily traceable to individuals, and the Commission currently does not provide a technical solution through which filers may manage individuals who make submissions on filers’ behalf. As a result, Commission staff and affected filers often encounter delays in addressing potentially problematic filings. Because filers are required to securely maintain their EDGAR access codes,27 Commission staff understands that many filers have devised their own internal methods of tracking the individuals who possess the password and CCC. Other filers, however, may not have closely tracked the individuals who possess the password and CCC and/or otherwise maintained secure access to filers’ EDGAR accounts. For example, Commission staff understands that some filers have shared EDGAR access codes with co-registrants, filing agents, and various employees through non-secure means and without tracking or recording the names and identities of the recipients. EDGAR does not currently employ multi-factor authentication. As noted, if an individual has the password and CCC, then no other authentication is required to access EDGAR. Multi-factor authentication would increase the level of assurance that an individual is indeed the person authorized to access an account by requiring provision of an additional data point to gain access. Filers routinely hire filing agents, which include law firms and third-party software providers, to assist with filing on EDGAR. Indeed, EDGAR data reveals that, at a minimum, more than 60% of filings on EDGAR are made by a filing agent on the filer’s behalf,28 and VerDate Sep<11>2014 18:08 Sep 21, 2023 Jkt 259001 PO 00000 Frm 00004 Fmt 4701 Sfmt 4702 E:\FR\FM\22SEP3.SGM 22SEP3 lotter on DSK11XQN23PROD with PROPOSALS3
Federal Register / Vol. 88, No. 183 / Friday, September 22, 2023 / Proposed Rules 65527 EDGAR submissions made by filing agents may be significantly higher. 29See Workiva Comment Letter (Nov. 30, 2021) (‘‘Workiva Comment Letter’’); XBRL US Comment Letter (Dec. 1, 2021) (‘‘XBRL Comment Letter’’). 30 15 U.S.C. 78p. 31See Orrick, Herrington & Sutcliffe LLP Comment Letter (Feb. 23, 2022) (‘‘Orrick Comment Letter’’); McGuireWoods, LLP and Brownstein Hyatt Farber Schreck, LLP (Dec. 1, 2021) (‘‘McGuireWoods Comment Letter’’); Brandon Norman Egren, Associate General Counsel & Assistant Secretary, Verizon (Dec. 1, 2021) (‘‘Verizon Comment Letter’’); Toppan Merrill (Nov. 22, 2021) (‘‘Toppan Comment Letter’’). 32See Donnelly Financial Solutions Comment Letter (Dec. 1, 2021) (‘‘DFIN Comment Letter’’); XBRL Comment Letter. 33See EDGAR Filer Management website at https://www.filermanagement.edgarfiling.sec.gov; EDGAR Filing website at https://www.edgarfiling. sec.gov/Welcome/EDGARLogin.htm; and EDGAR Online Forms website at https://www.edgarfiling. sec.gov/Welcome/EDGAROnlineFormsLogin.htm. 34See CompSci Comment Letter (Nov. 19, 2021); Workiva Comment Letter (Nov. 30, 2021); CompSci Resources LLC Comment Letter (Nov. 19, 2021). 35Twenty of these letters were form letters that requested an extension of the deadline to provide comments, as opposed to providing substantive comments. 36See, e.g., Verizon Comment Letter (Dec. 1, 2021); XBRL US Comment Letter; Workiva Comment Letter; Davis Polk Comment Letter (Dec. 1, 2021). 37See Workiva Comment Letter; XBRL US Comment Letter. 38See, e.g., Workiva Comment Letter; XBRL US Comment Letter. 39See Workiva Comment Letter (the filer survey included 660 responses from Nov. 15–27, 2021). 40See, e.g., Workiva Comment Letter; XBRL US Comment Letter. 41See McGuire Woods, LLP and Brownstein Hyatt Farber Schreck, LLP Comment Letter (Dec. 1, 2021) (‘‘McGuire/Brownstein Comment Letter’’); Orrick, Herrington & Sutcliffe LLP Comment Letter (Feb. 23, 2022) (‘‘Orrick Commenter Letter’’) (reiterating the concern that the new filer administrator position would create an administrative burden on section 16 filers and endorsing instead the company-specific account approach outlined in the McGuire/Brownstein Comment Letter). 42These commenters also recommended ‘‘grandfathering’’ issuers with existing powers of attorney for section 16 officers and directors. Alternatively, they recommended a ‘‘negative consent’’ construct, according to which a company would be deemed to have authority to create a new company-specific account unless an officer or director expressly objected during a set period of time. See McGuire/Brownstein Comment Letter; Orrick Comment Letter. 43See, e.g., McGuire/Brownstein Comment Letter; XBRL US Comment Letter. A few commenters also requested enhancement of the beta environment to reflect ‘‘a complete testing environment’’ or the ‘‘full life cycle of an SEC EDGAR filing which would enable full and appropriate analysis.’’ See, e.g., Toppan Comment Letter (Nov. 30, 2021); Donnelley Financial Solutions Comment Letter (Nov. 18, 2021). commenters have indicated that 81– 90% of EDGAR filings are not manually submitted to EDGAR.29 While EDGAR does not require the use of filing agents, a filer may decide to hire a filing agent to assist with EDGAR filing. Further, as noted in comments submitted in response to the 2021 Request for Comment, individual filers who are officers and/or directors with obligations to file on EDGAR pursuant to section 16 of the Securities Exchange Act of 1934 (‘‘Exchange Act’’) 30 routinely rely upon the companies for which they serve as officers and/or directors to make filings on their behalf on EDGAR.31 Likewise, other filers may make filings on behalf of affiliated or related entities, such as asset-backed securities issuers on behalf of their serial companies.32 Filers make submissions on EDGAR through one of three web-based user interfaces, depending on the type of submission made.33 Commission staff is aware that filers and filing agents have for years sought to automate submissions on EDGAR so as not to rely upon web-based interfaces, and many filers and filing agents have engineered their own automated processes to make submissions and otherwise interact with EDGAR. These filers and filing agents extract data and content from, or ‘‘scrape,’’ the EDGAR filing websites and use that data to create custom software that allows them to interact with the websites in a machine-tomachine fashion to accomplish tasks such as scheduling filings and making a large volume of submissions on numerous different CIK accounts.34 Filers and filing agents must modify their custom software periodically to accord with underlying changes to EDGAR code. Similarly, when Commission staff makes EDGAR software changes, staff has coordinated with filers and filing agents using custom software to prevent filing disruptions. As a result, efficient implementation of certain technical changes in EDGAR may be delayed while such coordination and software adjustments take place. B. The Commission’s September 2021 Request for Comment The 2021 Request for Comment sought feedback from filers about potential technical changes to EDGAR access and account management, including the addition of individual account credentials with multi-factor authentication, a dashboard on EDGAR where a filer would manage its EDGAR account, administrators to manage the filer’s account and annually confirm the filer’s information, and the time period required to implement the potential technical changes. To assist filers in assessing the potential technical changes, the Commission provided filers access to a beta environment that reflected the majority of the potential technical changes. The Commission received over forty comment letters in response to the 2021 Request for Comment.35 Commenters were generally supportive of the Commission’s objectives,36 but were concerned about certain aspects of the potential technical changes. With respect to requiring individual account credentials, many commenters expressed the view that the potential technical changes would prevent filers and filing agents from continuing to use their custom third-party software to make machine-to-machine submissions on EDGAR. Several commenters estimated that currently 81–90% of EDGAR filings are submitted to EDGAR directly through third-party filing systems rather than manually uploaded on an individual basis via EDGAR filing websites.37 Commenters stated that the Login.gov multi-factor authentication process does not support automated machine-to-machine authentication and requested that the Commission consider machine-to-machine authentication to facilitate the ability to pre-schedule and perform bulk filings, reduce the potential for error due to manual processing, reduce the risk of missing deadlines, and decrease the cost of compliance.38 One commenter conducted a survey of filers wherein 70% of respondents believed that the increased time required to submit filings due to the loss of direct submission capability from third-party filing systems would be ‘‘very impactful’’ or ‘‘extremely impactful’’ to their filing success.39 The Commission also requested comment on whether filers should authorize administrators to manage filers’ EDGAR accounts. Certain commenters expressed concerns about the impact that the institution of administrators would have on individual officer and director filers pursuant to section 16 of the Exchange Act.40 Commenters recommended that the Commission allow a company to create and manage a company-specific account for an individual non-employee director or section 16 officer.41 These commenters further suggested that each company be required to obtain a notarized power of attorney from the individual so that the company could create and maintain the companyspecific account on behalf of the individual.42 With respect to the Commission’s request for comment on a requirement to annually confirm users and administrators, commenters generally did not support the requirement,43 VerDate Sep<11>2014 18:08 Sep 21, 2023 Jkt 259001 PO 00000 Frm 00005 Fmt 4701 Sfmt 4702 E:\FR\FM\22SEP3.SGM 22SEP3 lotter on DSK11XQN23PROD with PROPOSALS3
65528 Federal Register / Vol. 88, No. 183 / Friday, September 22, 2023 / Proposed Rules 44See XBRL US Comment Letter; Workiva Comment Letter; DFIN Comment Letter. 45See XBRL US Comment Letter; Workiva Comment Letter; DFIN Comment Letter. 46See DFIN Comment Letter; Workiva Comment Letter. 47See DFIN Comment Letter; Workiva Comment Letter; XBRL US Comment Letter. 48See Workiva Comment Letter; XBRL US Comment Letter. 49Workiva Comment Letter (referencing the same filer survey discussed above). 50See XBRL US Comment Letter; McGuire/ Brownstein Comment Letter. 51Staff invited interested parties to participate in the dialogue through the Commission’s EDGAR Next web page. 52We are proposing amendments to Rule 11 under Regulation S–T to define ‘‘individual account credentials’’ as credentials issued to individuals for purposes of EDGAR access. See the discussion of proposed amendments to Rule 11 in Section III.E.2. 53The information corresponds to information that filers presently amend through a ‘‘Company Update’’ or ‘‘COUPDAT’’ submission. Filers would continue to be able to edit their company information through COUPDATs under the EDGAR Next changes. 54Regulation S–T provides that filings ‘‘may be submitted to the Commission each day, except Saturdays, Sundays, and Federal holidays, from 6 a.m. to 10 p.m., Eastern Standard Time or Eastern Daylight Saving Time, whichever is currently in effect.’’ 17 CFR 232.12(c). The dashboard would be available from 6.a.m.–10 p.m. as described above, so that filers could manage their accounts during the period when EDGAR filings could be submitted. 55https://www.login.gov/. 56See Login.gov, ‘‘About us,’’ at https:// www.login.gov/about-us/. 57As of the date of this proposal, Login.gov multifactor authentication options include: (1) a security noting that it would increase the number of required confirmations, would be duplicative, and would necessitate additional management effort for filers, thus increasing the administrative burden.44 Certain commenters recommended limiting confirmation to administrators.45 Others suggested that the Commission implement an active notification process to inform filers of impending expiration 46 and recommended a grace period after failure to make a confirmation.47 Several commenters recommended that denying EDGAR access until the administrator has reconfirmed would be less burdensome than deactivating accounts.48 With respect to the time period required to effectuate the potential technical changes to EDGAR access and account management, one commenter indicated that 66% of its surveyed respondents expressed the view that an appropriate transition period would be 1–3 years,49 one commenter suggested a transition period of 18–24 months, and another commenter recommended a transition period of at least one year.50 The staff engaged in additional dialogue with commenters and other interested parties regarding the 2021 Request for Comment and further approaches to EDGAR access improvements.51 Among the topics discussed were APIs for submission and for checking accession numbers (numbers filers receive from EDGAR indicating receipt of a filing), filing status, and other information; annual confirmation of individuals authorized to make submissions on a filer’s behalf; whether accession numbers should be traceable to the individuals making submissions or instead to the CIK numbers associated with the submissions; bulk submissions and user group functionality; delegation of authority to file; a potential transition process to implement the changes contemplated by the 2021 Request for Comment; and other technical topics. Having considered the significant additional information provided by commenters in response to the 2021 Request for Comment and the subsequent dialogue with interested parties, we are contemplating a number of changes in connection with the EDGAR Next project, including proposed amendments to Rules 10 and 11 under Regulation S–T and to Form ID; changes to enhance dashboard functionality; and the addition of optional APIs to allow machine-tomachine submissions on EDGAR as an alternative to submission through the EDGAR filing websites. III. Discussion We are proposing amendments to Rule 10 under Regulation S–T concerning EDGAR filer access and account management and related matters; Form ID, the application for EDGAR access; and Rule 11 under Regulation S–T, containing the definitions of terms in Regulation S–T. Proposed amendments to Rule 10 and Form ID would set forth requirements for each EDGAR filer to authorize and maintain individual account administrators to manage the filer’s EDGAR account on a dashboard on EDGAR, and to authorize account administrators, users, and technical administrators only if those individuals obtained individual account credentials.52 Each filer, through its account administrators, would be required to confirm annually that all account administrators, users, technical administrators, and delegated entities reflected on the filer’s dashboard are authorized by the filer to act on its behalf, and that all information about the filer on the dashboard is accurate; maintain accurate and current information on EDGAR concerning the filer’s account; and securely maintain information relevant to the ability to access the filer’s EDGAR account. On the dashboard, account administrators could add and remove authorized users, account administrators, and technical administrators; delegate and remove delegated authority to file to other EDGAR accounts; and annually confirm the accuracy of all information on the dashboard. The dashboard would contain the filer’s corporate and contact information, generally corresponding to the company information currently maintained on EDGAR.53 The dashboard would be available during EDGAR operating hours,54 such that filers could manage their EDGAR accounts during the same time period that they would file on EDGAR. The Commission would provide optional APIs for machine-to-machine communication with EDGAR, including to submit filings and to facilitate filers’ retrieval of information regarding their submissions. To use APIs, filers would be required to authorize two technical administrators and present certain tokens to EDGAR that we plan to specify in the EDGAR Filer Manual. Filers who did not wish to use the APIs would not need to do so and therefore would not need to comply with the API-related requirements. Those filers could continue to make submissions through the web-based EDGAR filing websites. A. Individual Account Credentials Under proposed Rule 10(d)(1), a filer could only authorize an individual to perform functions on the dashboard on the filer’s behalf if the individual possessed individual account credentials, obtained in the manner specified in the EDGAR Filer Manual. This requirement would pertain to all existing filers and all individuals acting on behalf of those filers, as well as all applicants for access to EDGAR. We anticipate requiring, through the EDGAR Filer Manual, that individual account credentials be obtained through Login.gov, a secure sign in service of the U.S. General Services Administration.55 Login.gov is used by participating Federal agencies, as well as State, local, and territorial governments to provide a secure login process and to allow members of the public to use a single account that is protected by encryption, multi-factor authentication, and additional safeguards.56 On the Login.gov website, the individual would respond to prompts to provide an email address and select a multi-factor authentication option.57 VerDate Sep<11>2014 18:08 Sep 21, 2023 Jkt 259001 PO 00000 Frm 00006 Fmt 4701 Sfmt 4702 E:\FR\FM\22SEP3.SGM 22SEP3 lotter on DSK11XQN23PROD with PROPOSALS3
Federal Register / Vol. 88, No. 183 / Friday, September 22, 2023 / Proposed Rules 65529 key; (2) Government employee or military PIV or CAC cards; (3) authentication application; (4) text message/SMS or telephone call; and (5) backup codes, with (1), (2), and (3) being the most secure methods, and (5) being the least secure authentication option according to Login.gov. See generally Login.gov, Authentication Options at https://www.login.gov/help/get-started/ authentication-options/. See also generally Login.gov, ‘‘Privacy and security: Our security practices,’’ at https://login.gov/policy/our-securitypractices/ for information on Login.gov’s security practices. 58While Login.gov permits multiple email addresses to be associated with a single Login.gov account, EDGAR would require a single email address related to the need to access EDGAR be associated with the individual account credentials. To change an email address (for example, because of a change of domain name), the individual would change the email in the dashboard and then change it on Login.gov to maintain access to EDGAR. 59 If the individual lost or forgot her Login.gov password, the individual would reset the password through Login.gov, simplifying and automating the process of password retrieval. 60Consistent with current practice, an individual logged into EDGAR would be automatically logged out if the individual were idle for more than 60 minutes, as well as at the end of EDGAR’s hours of operation (10:00 p.m. ET on business days). In each of those cases, the individual would need to complete multi-factor authentication in order to log back into EDGAR unless the individual had successfully signed into EDGAR and checked the ‘‘remember this browser’’ box within the last 30 days. 61See EDGAR Filer Manual, Volume I, at Section 4. 62As defined in proposed Rule 11 and proposed Form ID, a ‘‘single-member company’’ would be a company that has a single individual who acts as the sole equity holder, director, and officer (or, in the case of an entity without directors and officers, holds position(s) performing similar activities as a director and officer). The email address provided to Login.gov would be required to match the email address the filer provides to EDGAR, for example, on Form ID.58 After the individual confirmed her email address and completed multi-factor authentication, Login.gov would issue individual account credentials to the individual to sign in to EDGAR. In accord with proposed Rule 10(d), all account administrators, users, and technical administrators would be required to use their individual account credentials, and multi-factor authentication, to sign into all EDGAR filing websites. After entering the Login.gov username and password, each individual would be prompted to enter a one-time passcode received through the multi-factor authentication option the individual selected when obtaining individual account credentials at Login.gov.59 Individual account credentials would enhance EDGAR security and improve the ability of filers to securely maintain access to their EDGAR accounts. As noted, filers currently share access codes among multiple individuals, making it difficult to track with whom the codes are shared or to trace a filing to a specific individual. The use of individual account credentials would enable Commission staff and filers to easily determine the individuals making specific filings on EDGAR. Linking individuals to the filings they make would be particularly useful for filers and Commission staff when problematic filings are made on EDGAR and would enhance the security and integrity of the system. The use of individual account credentials would provide additional assurance that only individuals who have been properly authorized by the filer or the filer’s account administrator could take actions on the filer’s behalf on EDGAR. Currently, the process of filing on EDGAR requires the filer to use certain EDGAR access codes. EDGAR Next would enhance security by requiring an individual seeking to make a filing on EDGAR to sign in with individual account credentials, complete multi-factor authentication, be authorized by the filer or the filer’s account administrator, and enter the filer’s CIK and CCC. Multi-factor authentication for individual accounts would be required to access EDGAR. Multi-factor authentication is a widely accepted security tool that would improve the security of access to EDGAR by adding a layer of validation each time an individual signed into EDGAR. Consistent with general industry practice, and standard Login.gov processes, individuals could check a box labeled ‘‘remember this browser’’ during the Login.gov sign-in process to preserve their multi-factor authentication for 30 days if they used the same web browser for login.60 Under EDGAR Next, the EDGAR password, PMAC, and passphrase would no longer be used. The historic use of several codes with differing functions is not in accord with standard access processes. The use of individual account credentials aligns more closely with streamlined, modern access processes, including individual login using multi-factor authentication. The CCC would persist as the code required for filing, but, as noted, individuals seeking to file would also need to sign in with individual account credentials, complete multi-factor authentication, and be authorized by the filer or an account administrator for the filer. Because of these additional safeguards, the filer’s CCC would be displayed on the dashboard for account administrators and users. Requests for Comment
65530 Federal Register / Vol. 88, No. 183 / Friday, September 22, 2023 / Proposed Rules 63Technical administrators would serve as the Commission staff’s points of contact regarding the filer’s use of the APIs. See infra Section III.B.3.a. Individuals in each role would perform different functions for the filer, and an individual’s dashboard would display functionality that corresponded to the respective individual’s role, as explained more fully below. An individual could be authorized to perform more than one role for a filer. For example, one individual could be both an account administrator and a technical administrator, or one individual could be both a technical administrator and a user. An account administrator could not be a user, however, given that account administrators are able to perform all the functions of a user, including the ability to file on EDGAR, themselves. Analogous additional roles would exist at delegated entities—filers, including filing agents, to which another filer delegates authority to file on its behalf. Specifically, the delegated entity’s account administrators would become delegated administrators for the filer, and delegated administrators would have the ability to authorize one or more of the delegated entity’s users as delegated users who could make submissions on behalf of that filer. The key functions that could be performed by each role are illustrated in diagram 2 below. DIAGRAM 2—KEY FUNCTIONS FOR EACH ROLE Role Submit filings, view CCC Generate/ change CCC Manage account administrators, users, technical administrators, and delegated entities Delegate to/accept delegated entity status from another filer Manage delegated users Manage filer API token Manage user API token Account Administrator ............................ X .................. .................. X User ........................................................ X .................. ............................ ........................ .................. .................. X Technical Administrator ......................... .................. .................. ............................ ........................ .................. X .................. Delegated Administrator ........................ X .................. ............................ ........................ X .................. X Delegated User ...................................... X .................. ............................ ........................ .................. .................. X
Federal Register / Vol. 88, No. 183 / Friday, September 22, 2023 / Proposed Rules 65531 64A unique process would be employed to transition existing filers, as discussed in the transition section below (see Section III.F). 65Currently, a person with a power of attorney from an individual filer may sign the Form ID application for the individual filer; in that case, the power of attorney document must accompany the notarized Form ID application. See EDGAR Filer Manual, Volume I, at Section 3. Existing Commission practice also permits the Form ID to be signed by an individual with a power of attorney from a filing entity, such as a corporation. 66 If the deadline fell upon a day when the dashboard was not available (e.g., a holiday or weekend), the deadline would be deferred until the following business day. performed by account administrators could be performed by any of them individually and would not require joint action by the filer’s account administrators. a. Filer Authorization of Account Administrators Under the proposal, prospective EDGAR filers would designate on Form ID the individuals that the filer authorized as account administrators.64 As noted above, pursuant to proposed Rule 10(d)(1), the filer could only authorize individuals as account administrators if those individuals had obtained individual account credentials in the manner specified in the EDGAR Filer Manual. Prospective company filers could authorize as account administrators either (i) individuals employed at the filer or an affiliate of the filer or (ii) any other individual, provided the filer submitted a notarized power of attorney authorizing such other individual to be its account administrator. Prospective individual filers could authorize as account administrators either (i) themselves or (ii) any other individual, provided the filer submitted a notarized power of attorney authorizing such other individual to be the individual filer’s account administrator. A prospective account administrator would complete the prospective filer’s Form ID and electronically submit it, and also upload a notarized copy of the prospective filer’s Form ID signed by an authorized individual of the prospective filer, as currently required. The signature of the authorized individual would constitute the filer’s authorization of the account administrators listed on Form ID. If the prospective filer sought to authorize another individual as an account administrator, the prospective filer would additionally be required to provide Commission staff with a notarized power of attorney executed by an authorized individual of the prospective filer granting authority to that individual to be an account administrator. The power of attorney would be uploaded with the prospective filer’s completed, notarized Form ID.65 If, after reviewing the Form ID application, Commission staff granted access to EDGAR to the filer, EDGAR would email the account administrators listed on Form ID the filer’s CIK number and a link to the relevant EDGAR website, similar to the current process. The account administrators could then access the filer’s dashboard by logging into EDGAR with their individual account credentials and completing multi-factor authentication. On the dashboard, account administrators could generate a CCC for the newly issued CIK. The CCC would be securely saved in the dashboard and would be visible to all account administrators and users, delegated administrators, and delegated users for that CIK to facilitate their ability to make submissions on behalf of the filer. Account administrators could authorize additional account administrators via the dashboard. Thus, if the initial account administrators are determined to be properly authorized to act for the filer on EDGAR, those initial account administrators would be authorized to add account administrators. b. Number of Account Administrators As proposed in Rule 10(d)(2), filers who are individuals or single-member companies would be required to authorize and maintain at least one account administrator; all other filers would be required to authorize and maintain at least two account administrators. On the dashboard, any account administrator could add account administrators to the filer’s EDGAR account; the maximum number of account administrators would be twenty. After an account administrator invited the individual on the dashboard, EDGAR would send an email invitation to the individual at the email address used to create individual account credentials. Requiring most filers to authorize at least two account administrators would increase the ability of filers to manage their EDGAR accounts without interruption. Thus, if an account administrator unexpectedly resigned or otherwise ceased to be available to manage the filer’s account, the remaining account administrators would continue to manage the filer’s account and could authorize additional account administrators. If the account administrator who sought to resign was one of the required two account administrators for an entity filer, then that account administrator could not be removed from the filer’s EDGAR account unless the filer first added another account administrator through the dashboard to meet the required minimum of two account administrators. For individual filers and single-member companies, at least one account administrator would always be required because those filers typically consist of only one individual. A limit of twenty account administrators would likely be sufficient to allow for management of large accounts, while avoiding the confusion that a larger number of account administrators might cause. If all the account administrators for a filer ceased to be available to manage the filer’s account, the filer would be required to submit a new Form ID to authorize new account administrators. c. Account Administrator Authorization and Removal of Users, Technical Administrators, and Other Account Administrators An account administrator could add an individual as a user, account administrator, or technical administrator for an EDGAR account through the dashboard. The account administrator would enter on the dashboard the prospective individual’s first and last name and email address, and EDGAR would send an email invitation to that address. The email address would be required to match the email address provided by the individual when they obtained individual account credentials. In addition, EDGAR would send a notification to the individual through the dashboard if the individual to be added had existing access to the dashboard for another role or filer. The individual’s designation as user, account administrator, or technical administrator would be effective when the individual accepted the invitation. Individuals would have fourteen days within which to accept the invitation.66 If the individual did not accept within that time period, the individual would not be added, and the invitation would become void. The account administrator could re-initiate the invitation thereafter, however, to afford the individual another opportunity to accept. Account administrators could change roles of individuals who had already been authorized to act on behalf of the filer, by adding or removing roles as account administrator, user, and/or technical administrator. The relevant individuals would not be required to accept additional invitations or deVerDate Sep<11>2014 18:08 Sep 21, 2023 Jkt 259001 PO 00000 Frm 00009 Fmt 4701 Sfmt 4702 E:\FR\FM\22SEP3.SGM 22SEP3 lotter on DSK11XQN23PROD with PROPOSALS3
65532 Federal Register / Vol. 88, No. 183 / Friday, September 22, 2023 / Proposed Rules 67As discussed above, the dashboard would contain the filer’s corporate and contact information. See supra text accompanying note 53. If the filer’s information contained in the dashboard was not correct, that information could be updated via a COUPDAT submitted by the filer’s account administrator or user. Proposed paragraph (d)(4) is analogous to the requirements currently set forth in the EDGAR Filer Manual, Volume I, to securely maintain EDGAR access and to maintain accurate company information on EDGAR. See EDGAR Filer Manual, Volume I, at Sections 4 and 5. 68As discussed above, in the 2021 Request for Comment, the Commission sought comment on requiring confirmations to be made by both account administrators and users. Several commenters objected to this requirement on the grounds that it would be duplicative and unduly burdensome for account administrators to confirm all users authorized to act on behalf of the filer, and for those users to separately have to confirm their own authorizations. See supra note 45. Other commenters recommended limiting confirmation to administrators. See supra note 45. To address these commenters’ concerns, our proposal includes the latter group of commenters’ recommendation, requiring only account administrators to confirm users, account administrators, technical administrators, delegations, and other information on the filer’s dashboard. We believe that limiting the confirmation to account administrators should address the concerns from these commenters. 69As discussed above, in response to the 2021 Request for Comment, some commenters suggested that the Commission implement an active notification process to inform filers of impending expiration, and the proposed process would follow that approach. See supra note 46. 70These notices would be provided in the dashboard and also be sent via email to all account administrators’ email addresses (e.g., the confirmation deadline notices would be periodically provided in both email and via the dashboard multiple times leading up to the deadline to ensure that the account administrators were fully aware of the pending deadlines). See infra Section III.B.1.f (discussing notifications to account administrators). 71As discussed above, in response to the 2021 Request for Comment, several commenters urged the Commission to provide a grace period to filers that failed to perform annual confirmation timely (as opposed to immediately removing access) and separately requested that the Commission deny EDGAR access until the administrator performed annual confirmation (as opposed to inactivating the EDGAR account). See supra notes 47–48. As discussed below, as part of the EDGAR Next changes, we would provide multiple notices of the impending confirmation deadline to account administrators on the dashboard and by email and also provide a two-week grace period that would include a series of reminder notices. Collectively, we believe this would ensure that the filer’s account administrators would receive adequate notice and opportunity to timely perform confirmation. Deactivating the account due to failure to provide confirmation therefore would immediately protect the filer because failure to perform the required confirmation could be a sign that the account may no longer be managed or controlled by the filer. authorizations for their role to be changed. An account administrator could perform all the functions of a user, therefore, an account administrator could not also be a user since it would be redundant for an individual to hold both roles for the same filer. An individual could, however, be both an account administrator and a technical administrator for the same filer, or a user and a technical administrator for the same filer. d. Account Administrator Performance of Annual Confirmation As proposed under Rule 10(d)(4), each filer would be required to perform an annual confirmation on EDGAR of all of the filer’s users, account administrators, technical administrators, and delegated entities, as well as any other information related to the filer appearing on the dashboard.67 Account administrators would act for the filer to carry out this function.68 Annual confirmation would assist the filer in tracking those authorized to file on EDGAR and would provide an opportunity for account administrators to confirm the accuracy of those individuals and delegated entities associated with the filer and to remove those no longer authorized. To provide flexibility to filers, EDGAR would allow account administrators to select one of four quarterly dates as the filer’s ongoing confirmation deadline: March 31, June 30, September 30, and December 31 (or the next business day, if the date fell upon a weekend or holiday when EDGAR was not operating). An account administrator need not wait until the deadline to confirm and could confirm at any earlier date. An account administrator could further change the quarter when confirmation was due by confirming the account at a date in a quarter earlier than the currently selected deadline quarter. Confirmation in an earlier quarter would result in a confirmation deadline one year after the end of the quarter in which the early confirmation occurred. For example, if a December 31 confirmation deadline was selected by the account administrator for the initial annual confirmation, but the account administrator submitted the confirmation for the following year in August, the filer’s annual confirmation deadline for the next year would be September 30 (or the next business day, if the date fell upon a weekend or holiday when EDGAR was not operating). EDGAR would provide several periodic notices to account administrators of the upcoming confirmation deadline, as well as notice of completion of confirmation or failure to timely confirm.69 There would also be a two-week grace period following the confirmation deadline, during which account administrators would receive a final series of notices reminding them to complete annual confirmation.70 If no account administrator performed the annual confirmation by the end of the grace period, EDGAR would deactivate the filer’s access and the filer would be required to submit a new Form ID application to request access to file on EDGAR.71 If Commission staff approved the Form ID application, the filer would continue to have the same CIK previously assigned and its filing history would be maintained. The filer’s account administrators listed on Form ID would be required, however, to invite through the dashboard, as if to a new account, any additional account administrators, technical administrators, and users. Although the need to reapply for access and, in particular, the need to invite account administrators, users, and technical administrators anew, would impose an additional burden on filers, failure to perform annual confirmation could signal that the filer was no longer managing or controlling the account. Removing individuals from the filer’s account upon deactivation would safeguard information regarding individuals whose information was listed on the filer’s dashboard. For example, if someone other than the original filer’s account administrators submitted a Form ID application for access to the account, and the original account administrators did not respond to Commission staff’s inquiries regarding the new Form ID, the process outlined above would prevent the new account holder from accessing the names, addresses, and contact information of the individuals formerly associated with the account. e. User Groups The dashboard would allow an account administrator to group subsets of the filer’s users into user groups. User groups would: • Be created by an account administrator; • Consist only of users, not account administrators or technical administrators; • Contain only users for the same EDGAR account; • Contain up to 500 users (corresponding to the maximum number of users per filer that would be allowed); and • Not be subject to any numerical limit (i.e., there could be an unlimited number of user groups). The user group function would primarily assist delegated entities to authorize certain delegated users to file on EDGAR for specific filers, as explained in the Delegated Entities section below. By employing user groups, the delegated administrator could add or remove the ability to file VerDate Sep<11>2014 18:08 Sep 21, 2023 Jkt 259001 PO 00000 Frm 00010 Fmt 4701 Sfmt 4702 E:\FR\FM\22SEP3.SGM 22SEP3 lotter on DSK11XQN23PROD with PROPOSALS3
Federal Register / Vol. 88, No. 183 / Friday, September 22, 2023 / Proposed Rules 65533 72An accession number is a unique identifier assigned automatically to EDGAR submissions for tracking and reference purposes. The first 10 digits comprise the CIK of the entity making the submission, which may be an entity with reporting obligations or a third party (such as a filing agent. The next two digits represent the year. The last series of digits comprise a sequential count of submitted filings from that CIK. The count is usually, but not always, reset to zero at the start of each calendar year. for a certain filer to all users in the group at once, leading to efficiencies of time in managing users. If an account administrator added an individual to a user group, the individual would receive an invitation to join the user group. If the individual accepted, the individual would become a member of the user group. 2. Users Under EDGAR Next, account administrators could authorize individuals with individual account credentials as users able to make submissions on EDGAR on behalf of the filer. a. Authority of Users Users would be able to make submissions on EDGAR on the filer’s behalf. On the dashboard, account administrators and Commission staff could determine which users made which submissions; however, this information would not be made public on EDGAR. In addition, on the dashboard, users could: • Remove themselves as a user for a filer; • If using APIs, generate, view, and copy their user API tokens (as discussed further in Section III.D below); and • View basic information about the filer’s account, including the filer’s name, CIK, CCC, and corporate information and contact information, as well as the contact information for the account administrators. Users could not, however, add or remove individuals from the dashboard other than themselves. Further, users could not generate a new CCC. Separately, users could submit COUPDATs to update filer information such as name, address, and state of incorporation, as filers currently do. As part of the login and authentication process for the EDGAR filing websites, a user would be able to select the CIK of the filer for which submissions were being made, and that CIK would be reflected in the accession number 72 for each of the user’s submissions (‘‘login CIK’’). Users could change their login CIK at any time to any other CIK for which they were authorized. b. Becoming Authorized as a User Through the dashboard, an account administrator would invite an individual to be a user for the filer’s account, and the prospective user would receive an email invitation from EDGAR at the email address associated with the prospective user’s individual account credentials. In addition, if the prospective user had a role for any EDGAR account, the notification would also appear on the prospective user’s dashboard. The individual would be required to accept the invitation to become a user. The individual could then sign in as a user to the filer’s EDGAR account by entering her individual account credentials and completing multi-factor authentication. c. Number of Users There would be no minimum number of users because account administrators could make submissions on behalf of the filer. There would be a maximum of 500 users. We anticipate that 500 users would be sufficient to accommodate sophisticated filers making a large number of varied filings. 3. Technical Administrators In connection with the EDGAR Next changes, filers would have an option to use a submission API and related informational APIs, and filers who opted to use the APIs would be required, through their account administrators, to authorize at least two technical administrators to manage API tokens and related technology. Technical administrators could: • Issue and deactivate filer API tokens on the dashboard; • Remove themselves as technical administrators for filers; • View and correct their own profile information; and • View basic information about each filer for which they are designated as a technical administrator, including the filer’s corporate information and contact information. a. Authority of Technical Administrators A technical administrator would issue and deactivate filer API tokens required to use the APIs, as set forth more fully in the API discussion in Section III.D. Technical administrators would also serve as points of contact for questions from Commission staff regarding the filer’s use of the APIs. A technical administrator could not add or remove individuals on the dashboard, except to remove themselves as technical administrator. Nor could a technical administrator make submissions on EDGAR on the filer’s behalf. Additionally, a technical administrator could not generate CCCs and could not change company information. A technical administrator could, however, view relevant filer information on the dashboard. An account administrator could authorize technical administrators to be account administrators or users as well as technical administrators. To the extent that individuals designated as technical administrators also had the role of account administrator or user, they would additionally be able to perform the functions associated with that role. b. Becoming a Technical Administrator Identical to the process for users, an account administrator would invite the prospective technical administrator on the dashboard, and EDGAR would send the invitation to the email address associated with the prospective technical administrator’s individual account credentials. In addition, if the prospective technical administrator already had a role for any EDGAR account, a notification of the invitation would appear on her dashboard. The prospective technical administrator would be required to accept the invitation to become a technical administrator. c. Number of Technical Administrators As proposed, if the filer chose to use an API, the filer, acting through its account administrator, would be required to designate at least two technical administrators. This minimum would parallel the minimum number of individuals required to be account administrators (in the case of filers other than individuals and single-member companies) and would reduce the chance that the filer’s access to the APIs would be interrupted. There would be no exception to the two technicaladministrator minimum for individuals and single-member companies, however, because we anticipate that filers that make a large volume of submissions—typically large filers and filers who use filing agents—would use the APIs, and those filers would have sufficient staff to designate two technical administrators. Because a filer would be required to have at least two technical administrators to use the APIs, the dashboard would not allow a technical administrator to be removed from a filer’s account when only two technical administrators were authorized on the account. An account administrator would be required to first add another technical administrator. VerDate Sep<11>2014 18:08 Sep 21, 2023 Jkt 259001 PO 00000 Frm 00011 Fmt 4701 Sfmt 4702 E:\FR\FM\22SEP3.SGM 22SEP3 lotter on DSK11XQN23PROD with PROPOSALS3
65534 Federal Register / Vol. 88, No. 183 / Friday, September 22, 2023 / Proposed Rules There would be a maximum of ten technical administrators per filer. This limit would streamline points of contact with the filer and avoid confusion at the filer regarding API tokens. For example, having more than ten possible technical administrators could heighten opportunities for miscommunication between Commission staff and the filer if issues arose regarding the use of APIs. Moreover, based on our understanding of filers’ current practice, we do not anticipate that a filer would require more than ten technical administrators to carry out the functions of managing technical aspects of the APIs. Requests for Comment 4. Should we add a required account administrator role to EDGAR, as set forth in proposed Rule 10(d)? If not, why not? 5. As stated in proposed Rule 10(d), at least two account administrators would be required for filing entities (other than single-member companies) and one account administrator for individual filers and single-member companies. Are these minimum numbers of account administrators appropriate? If not, what minimum numbers of account administrators would be appropriate? Should individual filers and single-member companies be required to have more than one account administrator? If so, why? 6. Should account administrators be permitted to add and/or remove other account administrators without the filer’s consent? If so, why? If the filer’s consent is not required, should the filer be notified when a new account administrator is added or removed? 7. Should a prospective filer’s Form ID be required to be completed and submitted by an account administrator, as set forth in proposed Rule 10(b)? If not, what would be the advantages and disadvantages of allowing an individual who was not an account administrator to complete and submit a Form ID on behalf of an applicant? Please be specific. 8. In proposed Rule 10(d), each filer, through its account administrators, would be required to confirm annually the accuracy of the filer’s information on the dashboard; maintain accurate and current information on EDGAR concerning the filer’s account; and securely maintain information relevant to the ability to access the filer’s EDGAR account, including but not limited to access through any EDGAR APIs. Should any changes or clarifications be made to the proposed responsibilities of filers to be carried out by account administrators in proposed Rule 10(d)? If so, how and why should such changes or clarifications be made? Should any guidance be provided with regards to any of these responsibilities and, if so, how and why? 9. Should any changes be made to the authorization process for account administrators? For example, in the case of company filers, should employees of the filer’s affiliate be required to be authenticated via a notarized power of attorney? If so, why? 10. Should any changes be made to the scope of the proposed annual confirmation requirement set forth in proposed Rule 10(d)? Why? Should the confirmation be performed annually, more frequently, or less frequently? Why? As currently contemplated as part of EDGAR Next, in the case of a failure to satisfy the proposed annual confirmation requirement, should there be a grace period for the account administrators to satisfy the confirmation requirements before the account is deactivated? How long should this grace period be, if adopted? Regardless of whether a grace period is provided, should failure to satisfy the proposed annual confirmation requirement result in deactivation of the account with removal of the individuals authorized on the dashboard for the filer, as discussed above, or alternatively, would a temporary suspension of EDGAR access without removal of any of the individuals authorized on the dashboard for the filer be more appropriate, until any of the listed account administrators satisfied the confirmation requirement? Why? How long should the described temporary suspension be, if adopted? Separately, if failure to satisfy the proposed annual confirmation requirements should result in deactivation of the account with removal of the individuals authorized on the dashboard of the filer, as discussed above, should delegated entities and delegating filers also be removed from the dashboard? Why or why not? 11. Would the annual confirmation requirement create any additional burden for filers compared to the current annual EDGAR password update requirement? If so, are there any improvements to the proposed annual confirmation requirement that would reduce the burden for filers? Separately, are there any particular concerns for filers who may only engage in occasional filings, such as filers pursuant to section 16 of the Securities Exchange Act of 1934 who may make sporadic submissions of Forms 3, 4, and 5 less than once per year? If so, to what extent would those concerns be newly implicated by the proposal, given that currently filers must change their password annually or their access to EDGAR is deactivated? 12. Are there any considerations regarding the annual confirmation requirement that are specific to individual or entity filers that make filings with respect to more than one subject company (e.g., an individual filer who is a board member for more than one company)? Should the confirmation requirement differ for such filers? If so, why? 13. Should we add a user role to EDGAR? If not, how would we address our policy concerns regarding the identification and authorization of individuals who make submissions on the filer’s behalf? Is a limit of 500 authorized users per filer appropriate, or should that number be increased or decreased? Should account administrators be able to add users only for a specific filing or for a specific period of time, after which the user’s authorization automatically expires? Should any changes or clarifications be made to the scope of authority of users as part of EDGAR Next? If so, how and why should the scope of authority of users be different, or how could the tasks within the scope of authority for users be clarified? 14. Should we add a technical administrator role to EDGAR, as set forth in proposed Rule 10(d)? If not, how would we address our policy concerns regarding the identification and authorization of the individuals who would manage the filer’s APIs? 15. Would the requirement of at least two technical administrators to manage the filer’s APIs, as set forth in proposed Rule 10(d), create an undue burden for filers? Should this requirement be revised to more fully parallel the limit for account administrators by requiring only one technical administrator for filers who are individuals and singlemember companies? Why or why not? Is a maximum number of ten technical administrators appropriate? Why or why not? Should any changes or clarifications be made to the scope of authority for technical administrators as part of the EDGAR Next changes? 16. For what purposes, if any, would filers need to access the dashboard when EDGAR filing functionality was not available? If the dashboard were made available to filers for a period of time outside of EDGAR operating hours, in addition to during EDGAR operating hours, would filers be impacted by the unavailability of filer telephone and email support and EDGAR submission capabilities during that time period? VerDate Sep<11>2014 18:08 Sep 21, 2023 Jkt 259001 PO 00000 Frm 00012 Fmt 4701 Sfmt 4702 E:\FR\FM\22SEP3.SGM 22SEP3 lotter on DSK11XQN23PROD with PROPOSALS3
Federal Register / Vol. 88, No. 183 / Friday, September 22, 2023 / Proposed Rules 65535 73 If the deadline fell upon a day when the dashboard was not available (e.g., a holiday or weekend), the deadline would be deferred until the following business day. 74As discussed further below in Section III.C, the dashboard would generally be used to manage a filer’s EDGAR account, including management of individuals authorized to act as account administrators, users, and technical administrators; management of entities authorized to act as delegated entities; and management of filer and user API tokens. Delegated entities would not need to access the filer’s dashboard in order to make filings on the filer’s behalf, since filings would be made directly on the EDGAR filing websites, as opposed to through the filer’s dashboard. 75As currently planned, delegated administrators and delegated users would not be able to make COUPDAT submissions for the filer. Delegated administrators and delegated users could, however, continue to submit series and company update submissions, or SCUPDATs, for registered investment company clients according to the present process. 76See Section III.B.1.b. and III.B.2.c (discussing limits of account administrators and users per filer). 77We are proposing amendments to Rule 11 under Regulation S–T to define a ‘‘filing agent’’ as any person or entity engaged in the business of making submissions on EDGAR on behalf of filers. This would include law firms, financial services companies, and other entities engaged in the business of submitting EDGAR filings on behalf of their clients. See the discussion of proposed amendments to Rule 11 in Section III.E.2. 78See supra notes 41–42. 79See supra notes 41–42. How would they be impacted? Please be specific. C. Delegated Entities Under EDGAR Next, a filer could delegate authority to file on its behalf to any other EDGAR filer, such as a filing agent, which would become a delegated entity for the filer.
65536 Federal Register / Vol. 88, No. 183 / Friday, September 22, 2023 / Proposed Rules 80See supra Section III.B.2.c. 81For this reason, delegated administrators could not be designated as delegated users with regards to the delegating filer, because doing so would be redundant. 4. Delegated Users If a delegated entity accepted a delegation from a filer, the delegated administrators could authorize specific users at the delegated entity to become delegated users with respect to that filer. Delegated users would not count as part of the 500-user limit for the filer.80 Alternately, if delegated administrators wanted all of their users to become delegated users with respect to a filer, the delegated administrators could check a box to automatically designate all of the users at the delegated entity as delegated users for the filer. Thus, delegated administrators would have the following options: • Authorize a subset of the delegated entity’s users as delegated users, through the user group function, as discussed above and further explained below; • Authorize all of the delegated entity’s users as delegated users for the filer; or • Not authorize any delegated users (because the delegated administrators could file on behalf of the filer 81). Users at the delegated entity would receive notifications if a delegated administrator added or removed them as a delegated user for a particular filer, however, users would not need to accept the notification or take any further action to become a delegated user for a filer. Delegated users could submit filings on behalf of the filer on the EDGAR filing websites or through the submission API (which would also require the user to generate and submit a user API token, as discussed further below). 5. User Groups at Delegated Entities We believe that the user group function would provide an efficient method for delegated administrators to manage delegated users. Delegated entities, through their delegated administrators, could employ user groups to assign certain users to different filers for whom they possessed delegated authority to file. An example is provided in diagram 4 below. VerDate Sep<11>2014 18:08 Sep 21, 2023 Jkt 259001 PO 00000 Frm 00014 Fmt 4701 Sfmt 4702 E:\FR\FM\22SEP3.SGM 22SEP3 lotter on DSK11XQN23PROD with PROPOSALS3 EP22SE23.002</GPH>
Federal Register / Vol. 88, No. 183 / Friday, September 22, 2023 / Proposed Rules 65537 • In diagram 4, the account administrators for Filer A and Filer B delegated to Filer C. As a result, Filer C’s account administrators became delegated administrators for Filers A and B. In this example, Filer C might be a filing agent to which Filer A or Filer B gave authority to make filings on its behalf, and Filer A and Filer B might be public companies or investment companies. • A delegated administrator at Filer C created User Group 1 containing Filer C’s Users 1, 2, and 3. The delegated administrator assigned authority to file for Filer A to User Group 1. Users 1, 2, and 3 are thus delegated users for Filer A because they are members of User Group 1. If additional users from Filer C were added to User Group 1, those additional users would also become delegated users for Filer A. • The delegated administrator at Filer C also created User Group 2 containing Filer C’s User 3. The delegated administrator assigned authority to file for Filer B to User Group 2. User 3 is a delegated user for Filer B. • By employing the user group function, the delegated administrator at Filer C restricted delegated filing permissions for Filer A to Filer C Users 1, 2, and 3 only (via User Group 1) and delegated filing permissions for Filer B to Filer C User 3 only (via User Group 2). Filer C User 4 has not been authorized as a delegated user for any filers. • In diagram 4, each user group has only been assigned authority to file for a single filer, but user groups could be assigned authority to file for multiple filers. Delegated administrators could also designate a default user group of individuals who would be automatically assigned as delegated users for all future delegations. The ability to have a default user group would be an efficient way for delegated administrators to authorize groups of their users as delegated users for any delegating filer. Users would receive notifications when added to or removed from a user group, and when the user group to which they belonged became authorized to make submissions for a filer, or when that authorization was removed. Users would not need to accept or otherwise take any action on these notifications. 6. Technical Administrators at Delegated Entities If the delegated entity chose to use APIs, the delegated entity would be required to designate its own technical administrators. The delegated entity’s technical administrators would be responsible for maintaining the API capabilities for filings by the delegated entity. They would manage the delegated entity’s own filer API tokens, as discussed further in Section III.D.1, and the delegated entity would use the delegated entity’s filer API tokens to make filings for any filers that delegated authority to it. Technical administrators at the delegated entity would not manage any APIs in use by the filer itself. Nor would the technical administrator need different tokens for different filers that delegated to the delegated entity. Requests for Comment 17. Should we add individual roles to EDGAR for delegated administrators and delegated users? If not, how should we address our policy concerns regarding the identification and authorization of the delegated individuals who would submit filings on the filer’s behalf? 18. Should account administrators be able to delegate filing authority to any EDGAR filer (and remove such delegation)? Do commenters have any concerns with the delegation function or any suggested modifications? For example, should delegation be limited to EDGAR filers that selected ‘‘filing agent’’ as the account type on Form ID when opening the account? Or should delegation be permitted to any EDGAR account, as proposed? Why? 19. Would the EDGAR Next delegation framework address concerns raised by commenters about the impact that the contemplated EDGAR Next changes would have on individual officer and director filers pursuant to section 16 of the Exchange Act, in light of the fact that individual officer and director filers could delegate authority to file on their behalf to any related companies, law firms, or filing agents? Why or why not? 20. Should any changes be made to the authority of delegated administrators and delegated users under EDGAR Next? 21. Are there any situations where the EDGAR Next delegation framework could be streamlined? 22. Would user group functionality facilitate the ability of account administrators and delegated VerDate Sep<11>2014 18:08 Sep 21, 2023 Jkt 259001 PO 00000 Frm 00015 Fmt 4701 Sfmt 4702 E:\FR\FM\22SEP3.SGM 22SEP3 lotter on DSK11XQN23PROD with PROPOSALS3 EP22SE23.003</GPH>
65538 Federal Register / Vol. 88, No. 183 / Friday, September 22, 2023 / Proposed Rules 82As a security measure, we contemplate that the user API token would be deactivated if the user had not successfully logged into the EDGAR Filer Management dashboard or one of the EDGAR filing websites (EDGAR Filing or EDGAR Online Forms) within the last 30 days. 83See supra notes 38–39. 84Currently, EDGAR accepts approximately 525 submission types, of which approximately 500 (95%) permit filer construction. 85Whether submissions were made through the API or the EDGAR filing websites, filers would specify the CIK for which they would be making submissions. That CIK number would be reflected in the accession number associated with those submissions. Filers could change the login CIK reflected in the accession number at any time to any other CIK for which the filer was authorized to file on EDGAR. For example, a filing agent could choose to submit filings for a client filer using its own login CIK, or by using its client filer’s login CIK. 86 Generally, filings are first accepted and then subsequently disseminated. However, certain filings remain nonpublic and are never disseminated, so those filings will never progress from accepted to disseminated status. administrators to efficiently add and remove users and delegated users? Why or why not? Should any changes to user group functionality be made? D. Application Programming Interfaces As part of the EDGAR Next changes, the Commission would offer APIs to filers to allow machine-to-machine communication with EDGAR. The Commission plans initially to provide three APIs to allow filers to: • Make both live and test submissions on EDGAR (‘‘submission API’’); • Check the status of an EDGAR submission (‘‘submission status API’’); and • Check EDGAR operational status (‘‘EDGAR operational status API’’). Pursuant to proposed Rule 10(d)(3), to use the APIs, filers would be required to authorize at least two technical administrators. Additionally, we plan to specify in the EDGAR Filer Manual that, to use the APIs, filers would be required to present filer API tokens and user API tokens to EDGAR that would be generated on the dashboard. The filer’s technical administrators would be required to generate a filer API token to authenticate the filer. Further, the individual user or account administrator who submits the filing would be required to generate a user API token to authenticate herself as an authorized user or account administrator for the filer. We plan that filer and user API tokens would be confidential alphanumeric strings of text separately generated in the dashboard by a technical administrator and a user, respectively, and each would be valid for one year.82 Employing these tokens would allow automated server-to-server authentication without the need for manual individual account credential multi-factor authentication, thus addressing a significant concern raised by commenters in the 2021 Request for Comment.83 In addition, as they would with other similar APIs, filers would need to create, license, or otherwise obtain software (a ‘‘filing application’’) to interface with the APIs. Additional information regarding the APIs is available in the Overview of EDGAR Application Programming Interfaces (‘‘Overview of EDGAR APIs’’) located on the EDGAR Next page on SEC.gov. The use of APIs would be optional. Filers that seek to file on EDGAR, check the status of a submission, or check EDGAR operational status would continue to be able to do so without using an API, as they currently do.
Federal Register / Vol. 88, No. 183 / Friday, September 22, 2023 / Proposed Rules 65539 87See supra Section I, III.A, III.B, III.C, and III.D. 88EDGAR Filer Manual, Volume I, at Section 4. 89EDGAR Filer Manual, Volume I, at Section 5. 90Compare Rule 10(b) of Regulation S–T (‘‘Each registrant, third party filer, or filing agent must, before filing on EDGAR . . .’’ with proposed Rule 10(b) of Regulation S–T (‘‘Each electronic filer must, before filing on EDGAR . . .’’). 91Compare Rule 10(b)(2) of Regulation S–T (‘‘File . . . a notarized document, signed by the applicant . . .’’ with proposed Rule 10(b)(2) of Regulation S– T (‘‘File . . . a notarized document, signed by the electronic filer or its authorized individual . . .’’). 92See EDGAR Filer Manual, Volume I, at Section 3(a). 93As proposed, the note states: ‘‘The Commission staff carefully reviews each Form ID application, and electronic filers should not assume that the Commission staff will automatically approve the Form ID upon its submission. Therefore, any applicant seeking EDGAR access is encouraged to submit the Form ID for review well in advance of the first required filing to allow sufficient time for staff to review the application.’’ filers. Providing an EDGAR operational status API would allow filers to use their filing application to check the operational status of EDGAR at any given time. The Overview of EDGAR APIs lists certain technical standards for the EDGAR operational status API, as well as the expected inputs and outputs. Among other things, the EDGAR operational status API would require a valid filer API token to be submitted by the filing application; it would not require a user API token. The EDGAR operational status API would indicate to the filing application whether EDGAR was fully operational, unavailable (after business hours), or not fully operational in whatever regard at that point in time (for example, if EDGAR is not disseminating to SEC.gov). In turn, the filing application would display this information to the filer. Requests for Comment 23. Should we add other EDGAR information that could be accessed through APIs, and, if so, why? Please rank in terms of priority any additional information that you would like to see added, and also estimate how much usage you believe that information API would receive (for example, in potential hits per day). 24. The Overview of EDGAR APIs lists certain technical standards for the planned APIs. Are there any considerations we should take into account when determining what technical standards should be used for the planned APIs? E. Proposed Amendments to Rules and Forms
65540 Federal Register / Vol. 88, No. 183 / Friday, September 22, 2023 / Proposed Rules 94Compare the definition of ‘‘direct transmission’’ in Rule 11 of Regulation S–T (‘‘the transmission of one or more electronic submissions via a telephonic communication session’’) with the definition of ‘‘direct transmission’’ in proposed Rule 11 of Regulation S–T (‘‘the transmission of one or more electronic submissions’’). 95Compare Rule 10(b) (providing that each registrant, third party filer, or agent seeking EDGAR access must submit Form ID) with proposed Rule 10(b) (providing that each electronic filer seeking EDGAR access must submit Form ID). ‘‘Account administrator’’ would mean the individual that the filer authorizes to manage its EDGAR account and to make filings on EDGAR on the filer’s behalf. The designation of an account administrator would help ensure that only authorized persons are able to file and take other actions on behalf of the filer. ‘‘Authorized individual’’ would mean an individual with the authority to legally bind the entity or individual applying for access to EDGAR on Form ID, or an individual with a power of attorney from an individual with the authority to legally bind the applicant. The power of attorney document must clearly state that the individual receiving the power of attorney has general legal authority to bind the applicant or specific legal authority to bind the applicant for purposes of applying for access to EDGAR on Form ID. ‘‘Delegated entity’’ would mean a filer that another filer authorizes on the dashboard to file on its behalf. As itself a filer, a delegated entity would be subject to all applicable rules for filing on EDGAR. Delegated entities would not be permitted to further delegate authority to file for the delegating filer, nor would they be permitted to take action on the delegating filer’s dashboard. ‘‘Filing agent’’ would mean any person or entity engaged in the business of making submissions on EDGAR on behalf of filers. As discussed above in Section III.C., to act as a delegated entity for a filer, a filing agent would be a filer with an EDGAR account. ‘‘Single-member company’’ would describe a company that only has a single individual who acts as the sole equity holder, director, and officer (or, in the case of an entity without directors and officers, holds position(s) performing similar activities as a director and officer). ‘‘Technical administrator’’ would mean an individual that the filer authorizes on the dashboard to manage the technical aspects of the filer’s use of EDGAR APIs on the filer’s behalf. ‘‘User’’ would mean an individual that the filer authorizes on the dashboard to make submissions on EDGAR on the filer’s behalf. Other terms would identify new applications and upgrades to access and maintain filers’ accounts on EDGAR, including: ‘‘Application Programming Interface’’ (API) would be defined as a software interface that allows computers or applications to communicate with each other. As discussed in Section III. D., the relevant APIs would include those that give filers the option to automate submissions on EDGAR and to retrieve certain submission-related information. ‘‘Dashboard’’ would mean an interactive function on EDGAR where filers manage their EDGAR accounts and where individuals that filers authorize may take relevant actions for filers’ accounts. ‘‘Individual account credentials’’ would mean credentials issued to individuals for purposes of EDGAR access, as specified in the EDGAR Filer Manual, and used by those individuals to access EDGAR. (As previously mentioned, we currently anticipate that the EDGAR Filer Manual would specify that individual account credentials must be obtained through Login.gov, a sign-in service of the United States Government that employs multi-factor authentication.) Collectively, these terms would assist in implementing the proposed rule and form amendments by clarifying how the proposed requirements would apply. The amendments would also update or delete outdated terminology from certain definitions in Rule 11, such as references to ‘‘telephone sessions’’ in the definition of ‘‘direct transmission.’’ 94 Although some filers may still use dial-up internet to access EDGAR, we expect that nearly all filers currently rely on broadband, cable, or other internet technologies. Finally, we propose updating the definition of ‘‘EDGAR Filer Manual’’ to more clearly describe its contents. Rule 11 currently defines ‘‘EDGAR Filer Manual’’ as ‘‘. . . setting out the technical format requirements for an electronic submission.’’ The EDGAR Filer Manual has been updated over time, however, to include additional requirements for filers, including those pertaining to seeking EDGAR access, maintaining EDGAR company information, and submitting online filings. We therefore propose to update the EDGAR Filer Manual definition accordingly to indicate the inclusion of these procedural requirements. We believe that the amended definition, if adopted, would better inform filers of the scope of the EDGAR Filer Manual requirements. Requests for Comment 26. Do the proposed amendments to Rule 11 appropriately define the necessary terms in EDGAR Next? If not, please explain. Are there any additional terms that should be defined and, if so, why? 27. As proposed, should we amend certain terms to update terminology or more clearly define existing definitions? Are there any proposed terms that are inconsistent with existing definitions or concepts or that otherwise should not be defined? Should any additional terms be revised to update outdated terminology or to clarify existing definitions? Please be specific. 3. Form ID Form ID is an online fillable form that must be completed and submitted to the Commission by all individuals, companies, and other organizations who seek access to file electronically on EDGAR.95 Among other things, Form ID seeks information about the identity and contact information of the applicant. The proposed amendments to Form ID include proposed changes to information required to be reported on the form as well as technical changes. As outlined above, the proposed amendments to Form ID would require an applicant for EDGAR access to undertake certain additional disclosure obligations, including most significantly: (1) Designating on Form ID specific individuals the applicant authorizes to act as its account administrators to manage its EDGAR account on a dedicated dashboard on EDGAR. Applicants would generally be required to authorize two account administrators, although individuals and single-member companies would only be required to authorize one account administrator. If a prospective account administrator was not (1) the applicant (in the case of an individual applicant) or (2) an employee of the applicant or its affiliate (in the case of a company applicant), the applicant would also be required to disclose the prospective account administrator’s employer and CIK, if any, and provide a notarized power of attorney to authorize the individual to manage the applicant’s EDGAR account as an account administrator. (2) The applicant’s Legal Entity Identifier (‘‘LEI’’) number if any. • The LEI is a unique identifier associated with a single corporate entity and is intended to provide a uniform international standard for identifying counterparties to a transaction. • Although there are certain modest costs to obtain and maintain an LEI, fees VerDate Sep<11>2014 18:08 Sep 21, 2023 Jkt 259001 PO 00000 Frm 00018 Fmt 4701 Sfmt 4702 E:\FR\FM\22SEP3.SGM 22SEP3 lotter on DSK11XQN23PROD with PROPOSALS3
Federal Register / Vol. 88, No. 183 / Friday, September 22, 2023 / Proposed Rules 65541 96The cost of obtaining and maintaining an LEI is approximately $50 to $65 per year. See LEI Price List, LEI Register, available at https://www.leiidentifier.com/lei-price-list/#:∼:text= LEI%20application%20and%20registration%20 price,%2D%20%24250 (%24%2050%20%2F%20year). 97The filer would nevertheless need to submit a COUPDAT to update its existing corporate and contact information on EDGAR (other than the filer’s account administrator information) if the Form ID were granted. As they presently do, brokerdealers would submit a Form BD amendment to FINRA to update their corporate and contact information. 98The EDGAR Filer Manual currently provides guidance regarding what documents would be sufficient to establish the applicant’s authority. See EDGAR Filer Manual, Volume I, at Section 4(b). 99Proposed Form ID would include a section titled ‘‘Important information’’ that would include the following disclosure warning: ‘‘Misstatements or omissions of fact in connection with an application for EDGAR access and/or in a submission on EDGAR may constitute a criminal violation under 18 U.S.C. 1001 and 1030 and/or a violation of other criminal and civil laws. If the SEC has reason to believe that an application for EDGAR access and/or a submission on EDGAR is misleading, manipulative, and/or unauthorized, the SEC may prevent acceptance or dissemination of the application/submission and/or prevent future submissions or otherwise remove a filer’s access to EDGAR pursuant to Rule 15 of Regulation S–T, 17 CFR 232.15.’’ are not imposed on data users for usage of or access to LEIs, and all of the associated reference data needed to understand, process, and utilize the LEIs are widely and freely available and not subject to any usage restrictions.96 • Applicants that have not yet obtained an LEI would not be required to obtain one. • The inclusion of LEI information would facilitate the ability of Commission staff to link the identity of the applicant with information reported on other filings or sources that are currently or will be reported elsewhere, if LEIs become more widely used by regulators and the financial industry. (3) Providing more specific contact information about the filer, and the filer’s account administrator(s), authorized individual (the individual authorized to submit Form ID on the filer’s behalf, as defined in the EDGAR Filer Manual), and billing contact (including mailing, business, and billing information, as applicable). • More specific contact information would allow Commission staff to reach account administrators, authorized individuals, and billing contacts associated with the filer when necessary. (4) Specifying whether the applicant, its authorized individual, person signing a power of attorney (if applicable), account administrator, or billing contact has been criminally convicted as a result of a Federal or State securities law violation, or civilly or administratively enjoined, barred, suspended, or banned in any capacity, as a result of a Federal or State securities law violation. • Information about whether the applicant or certain individuals named on Form ID may be subject to relevant bars and prohibitions (including but not limited to officer and director bars, prohibitions from associating with brokers, dealers, investment advisers, and/or other securities entities, and bars from participation in certain industries) would allow Commission staff to determine whether such bars or prohibitions are relevant to the application for EDGAR access. • Individuals disclosing the existence of a criminal conviction, or civil or administrative injunction, bar, suspension, or ban may be contacted by SEC staff to determine the applicant’s eligibility for EDGAR access. (5) Indicating whether the applicant, if a company, is in good standing with its state or country of incorporation. • Good standing generally means a company is legally authorized to do business in the relevant state or country and has filed all required reports and paid all related fees to the relevant jurisdiction. • Although the lack of good standing would not prevent a company from obtaining EDGAR access, this information could be relevant in determining whether it may be appropriate for the staff to review additional documentation as part of its assessment of the application. (6) Requiring submission of a new Form ID if the applicant claims to have (i) lost electronic access to its existing CIK account or (ii) assumed legal control of a filer listed on an existing CIK account but did not receive EDGAR access from that filer. • Currently, applicants seeking to obtain control of an existing EDGAR account are required to submit certain summary information but are not required to submit a full application on Form ID. To assist Commission staff in determining whether applicants seeking to obtain control of existing EDGAR accounts are legitimate, we propose to require such applicants to submit a new Form ID. To facilitate the application process, certain publicly available corporate and contact information (such as the filer’s name, ‘‘doing business as’’ name, foreign name, mailing and business addresses, state/country of incorporation, and fiscal year end) would be automatically prepopulated from EDGAR so that applicants would not need to resubmit that information, although applicants could update that information on Form ID as necessary.97 (7) Requiring those seeking access to an existing EDGAR account to upload to EDGAR the documents that establish the applicant’s authority over the company or individual listed in EDGAR on the existing account.98 In addition, we would make certain conforming, formatting, and ancillary changes to modernize Form ID without significantly altering current disclosure obligations. For example, a checkbox would be added to each address field for identification of non-U.S. locations, which would improve data analytics. As another example, company applicants would be required to provide their primary website address, if any, to provide staff additional contact and other information regarding the filer. Further, certain disclosure warnings that are currently listed in the EDGAR Filer Manual and the landing page of the EDGAR Filing website would be incorporated into Form ID to more clearly provide notice of those matters to filers.99 Collectively, the proposed amendments would enhance the security of EDGAR by allowing Commission staff to obtain more information about the applicant and its contacts for staff to confirm the identity of the applicant and the individuals associated with the applicant, assess whether the application is properly authorized, and determine whether there are any other issues relevant to the application for EDGAR access for staff’s consideration. Requests for Comment 28. Should any of the proposed amendments to Form ID be revised or removed and, if so, why or why not? For example, should any limits or qualifiers be placed on the proposed disclosure requirement regarding whether the applicant, its authorized individual, person signing a power of attorney (if applicable), account administrator, or billing contact has been criminally convicted as a result of a Federal or State securities law violation, or civilly or administratively enjoined, barred, suspended, or banned as a result of a Federal or State securities law violation? If so, why? Should this requirement apply to each of the applicant, its authorized individual, person signing a power of attorney (if applicable), account administrator, and billing contact, or only to certain categories of the aforementioned groups? Please explain your answer. Likewise, should the proposed requirement regarding whether the applicant is in good standing be revised or removed and, if VerDate Sep<11>2014 18:08 Sep 21, 2023 Jkt 259001 PO 00000 Frm 00019 Fmt 4701 Sfmt 4702 E:\FR\FM\22SEP3.SGM 22SEP3 lotter on DSK11XQN23PROD with PROPOSALS3
65542 Federal Register / Vol. 88, No. 183 / Friday, September 22, 2023 / Proposed Rules 100Of these 220,000 EDGAR accounts, approximately 149,000 represent entity filers and approximately 71,000 represent individual filers. In total, regardless of account activity, there are approximately 1,000,000 filer accounts in EDGAR. We believe that the vast majority of the approximately 800,000 EDGAR filer accounts for which no filings have been made in the last two years are defunct and therefore would not transition to EDGAR Next. 101Filers that have forgotten or lost their CCC could change or regenerate it using their PMAC or passphrase. Filers that have lost or forgotten their passphrase could reset it by sending a security token to the email associated with the account. Filers that have lost or forgotten their passphrase and that no longer have access to the email associated with the account would have to reapply for EDGAR access on Form ID. so, why? For example, if applicable, should we also require an explanation of why the applicant is not in good standing? Why or why not? 29. Would the proposed amendments to Form ID appropriately support the EDGAR Next changes to filer access and account management? Why or why not? Should Form ID require any additional information, or should any of the information proposed to be required be revised or deleted? Please explain. 30. Should Form ID be revised to require or allow applicants to provide the reason they are applying for access? For example, if applicants have an urgent upcoming filing deadline, should applicants be required or permitted to provide that information? F. Transition Process We believe that, if the proposed rule and form amendments are adopted and the technical changes are implemented, it would be efficient for the Commission and for the approximately 220,000 active EDGAR filers—those who made a submission on EDGAR in the last two years—to accomplish the transition to EDGAR Next over a period of several months, as set forth below.100 We anticipate that mandatory enrollment would begin one month after adoption and remain open for six months thereafter (the ‘‘Enrollment Period’’). During the Enrollment Period, existing filers would continue to file on EDGAR using the EDGAR filing websites, as they presently do, by logging on with the relevant CIK and password. The individual account credentials would not yet be used, nor would use of the dashboard to manage the account be required. Applicants that seek EDGAR access subsequent to the compliance date would be immediately subject to the EDGAR Next requirements, if adopted.
Federal Register / Vol. 88, No. 183 / Friday, September 22, 2023 / Proposed Rules 65543 102See, e.g., McGuire Woods Comment Letter (recommending at least 12 months for individual filers, on the grounds that filers would need that time to create individual account credentials, enable multifactor authentication, and designate a filer administrator); DFIN Comment Letter (asserting that it could take 12–18 months for filers to migrate, and recommending a 18–24 month transition period with longer lead times for smaller filers); Workiva Comment Letter (recommending a transition period of one year, and separately citing its own survey results indicating more than 66% of respondents indicated a transition period of one to three years would be appropriate). 103See ‘‘EDGAR—Information for Filers’’ web page at https://www.sec.gov/edgar/filer-information. 104See ‘‘EDGAR—How Do I’’ FAQs at https:// www.sec.gov/edgar/filer-information/how-do-i. expect that bulk enrollment would be used by larger filers and filers using filing agents likely to have at least two account administrators. We intend to set a limit of 100 existing filers (100 rows) per bulk enrollment. As discussed above, enrollment would only occur once per EDGAR account. Any additional changes that are needed to be made (e.g., adding additional account administrators) would have to be performed by the account administrators who had been added during the enrollment process. After the filer was enrolled, the account administrators could access the dashboard to add additional account administrators, users, technical administrators, and delegated entities. 3. Compliance We anticipate that the compliance period would start six months after the beginning of the Enrollment Period. In response to our 2021 Request for Comment, commenters requested a transition period ranging from 12 months to three years.102 We considered those comments, and we believe that the transition process we are contemplating should provide sufficient opportunity for existing filers to transition to EDGAR Next. The transition process would include an initial, separate period during which individual account credentials could be established, as well as a six-month Enrollment Period during which filers would access the dashboard, authorize individuals in relevant roles, and make any needed delegations. We further contemplate providing a bulk enrollment option to allow enrollment of multiple filers simultaneously. If the rule and form changes are adopted, and the related technical changes are to be implemented, we plan to provide an EDGAR Next Adopting Beta environment to allow commenters to evaluate and test the EDGAR Next changes, to prepare necessary software, and to assist filers in preparing for the changes. Existing EDGAR filers that fail to enroll by the compliance date would lose EDGAR access and would be required to reapply for EDGAR access on Form ID. If the Commission adopts the proposed rule and form changes, we expect that staff would provide additional support for filers transitioning to EDGAR Next, such as by posting practical information and guidance on the EDGAR—Information for Filers 103 and EDGAR—How Do I 104 pages on SEC.gov, as well as providing a devoted help desk to assist filers. Requests for Comment 31. Does the planned transition process adequately address the needs of filers and filing agents with regard to implementation of EDGAR Next? If not, what changes should be made to the transition process, and why? 32. How long would it take existing filers to transition to EDGAR Next? As planned, the Enrollment Period would begin one month after adoption of the proposed rule and form changes. Is this a sufficient amount of time for filers to prepare for enrollment and, if not, why? Is an Enrollment Period of six months sufficient for filers to enroll their EDGAR accounts via manual or bulk enrollment and, if not, why? Should existing filers transition their EDGAR accounts on a specific schedule during the Enrollment Period (e.g., large filers must transition by date X, medium filers by date Y, etc.) or, as contemplated, should we allow filers to decide when to transition to EDGAR Next so long as they do so prior to the compliance date? 33. We plan to require CIK, CCC, and EDGAR passphrase in order for both individual and bulk enrollments to be accepted by EDGAR. Would alternate credentials be more appropriate and, if so, what credentials should be used? In particular, are passphrases typically maintained by filing agents and, if not, how burdensome would it be for filing agents to obtain and maintain their clients’ passphrases? In situations where filers no longer know their passphrases or those passphrases are no longer recognized in EDGAR, how burdensome would it be for filers to obtain new passphrases? 34. Following enrollment, what notification, if any, should be provided to the existing EDGAR POC for the filer? Although filers are currently required to list a contact address, telephone number, and email address as part of their EDGAR contact information, we understand that many EDGAR filer accounts that were created before email addresses became mandatory never added an email address. Should we require acknowledgment or confirmation from the existing EDGAR POC to complete enrollment of an EDGAR filer account, or should completion of enrollment be delayed until a certain period of time has passed without objection from the existing EDGAR POC? If so, what should be the waiting period before enrollment could be completed, keeping in mind the interest of filers seeking to quickly transition to EDGAR Next? 35. Should we permit the bulk enrollment of multiple EDGAR accounts, as planned? Are there particular steps the Commission should take to minimize risks associated with enrollment? For example, should the CCCs of enrolled filers be automatically reset as a security precaution after enrollment is accepted? If the CCC is automatically reset, what notification, if any, should be provided to the existing EDGAR contact for the filer? 36. To what extent would bulk enrollment present logistical or other burdens for filers with multiple filing agents or unaffiliated third-party account administrators? For example, if the filer’s CCC were automatically reset after bulk enrollment, to what extent could this cause confusion if the filer had multiple filing agents and some of them were inadvertently not included as account administrators in the bulk enrollment? Instead of the CCC being reset after enrollment, should the CCC be reset at the compliance date for each enrolled CIK? 37. Are there any extenuating circumstances that would justify filers being exempted from having to enroll by the compliance date, or that would allow non-complying existing filers to maintain their EDGAR access following the compliance date? If so, please explain. G. General Request for Comment and EDGAR Next Proposing Beta In conjunction with this proposing release, the Commission will make available an EDGAR Next Proposing Beta environment where filers may preview and test the planned EDGAR Next changes. The EDGAR Next Proposing Beta generally should allow filers to view how the proposed changes would be reflected in EDGAR. We currently anticipate that the EDGAR Next Proposing Beta will be available on or about September 18, 2023, and will remain available for at least six months thereafter. Any filer may sign up to access the EDGAR Next Beta. The Commission will provide more information regarding the EDGAR Next VerDate Sep<11>2014 18:08 Sep 21, 2023 Jkt 259001 PO 00000 Frm 00021 Fmt 4701 Sfmt 4702 E:\FR\FM\22SEP3.SGM 22SEP3 lotter on DSK11XQN23PROD with PROPOSALS3
65544 Federal Register / Vol. 88, No. 183 / Friday, September 22, 2023 / Proposed Rules 105See generally ‘‘EDGAR—How Do I’’ FAQs at the section titled ‘‘Create and obtain EDGAR access for asset-backed securities (ABS) issuing entities,’’ available at https://www.sec.gov/page/edgar-howdo-i-create-and-obtain-edgar-access-asset-backedsecurities-abs-issuing-entities#section3 (discussing the ‘‘on the fly’’ process). 106 Id. (discussing the creation of ABS issuing entities). Proposing Beta through an information page on SEC.gov. We request and encourage any interested person to submit comments on any aspect of EDGAR Next, other matters that might have an impact on EDGAR Next, and suggestions for additional changes. Comments are of particular assistance if accompanied by analysis of the issues addressed in those comments and any data that may support the analysis. We urge commenters to be as specific as possible. In particular, we request comment on the following issues. 38. Would the proposed rule and form changes facilitate the responsible management of EDGAR filer credentials? Are there additional changes that would encourage such responsible management? Would the changes create any undue burdens for filers? If so, how could the proposed rule and form changes be modified to ease such burdens? Are there any other concerns that the Commission should be aware of with implementation of EDGAR Next? Are there any conforming or parallel changes that the Commission should make to effectively implement EDGAR Next? 39. Are there alternatives to the dashboard that we should consider? For example, are there alternative methods that would enable filers to take the same actions as they would using the dashboard that would be easier to implement or more user friendly? If so, what are those alternatives? Please be specific. 40. In connection with the EDGAR Next changes, we intend to provide APIs as described above to make EDGAR submissions and to check EDGAR submission status and operational status. Are there alternatives that would better accomplish the objectives of secure, efficient, and automated machine-to-machine communication with EDGAR? If so, please describe. 41. Are there any issues specific to certain types of filers that should be considered with regard to the EDGAR Next changes? For example, assetbacked securities (‘‘ABS’’) issuers, usually the depositor in an ABS transaction, often create one or more serial companies each year, each of which is a separate legal entity with its own CIK, even though each generally has the same contact information as the ABS issuer. Should new serial companies have their account administrator information automatically copied from the ABS issuer’s account administrator information, so those account administrators could access the dashboards for those serial companies? Likewise, should other information be automatically inherited by new serial companies from the ABS issuer, such as the ABS issuer’s contact information, users, and technical administrators (if any)? If so, in order to ensure that the ABS issuer has account administrator information and other information that could be copied to the new serial company, would there be any issues associated with requiring ABS issuers to have transitioned to individual account credentials before the ABS issuer can create new serial companies? To what extent are these concerns already addressed by the delegation function, given that delegation would allow filers to delegate the authority to file to another EDGAR account? 42. Separately, should we allow the annual confirmations of administrators and users for an ABS issuer to also apply to the serial companies associated with that ABS issuer, if the same administrators, users, delegations, and corporate and contact information are associated with each serial company? Why or why not? If so, should we allow this more generally with regards to any situation where the same administrators, users, delegations, and corporate and contact information are associated with multiple CIKs? If some but not all of that information is identical for multiple CIKs (e.g., each CIK has a different P.O. box or email address listed for its business address), should we allow a single confirmation to apply to each of those CIKs and, if so, what validation if any should we apply to ensure that an account administrator has properly reviewed the CIK’s administrators, users, delegations, and corporate and contact information? 43. While ABS issuers have been able to create new CIKs, non-ABS related filers have attempted to use the process to create new CIKs without submitting a Form ID. Would ABS issuers be significantly impacted if the process were limited only to existing CIKs that have an EDGAR filing history that includes ABS-related filings (including but not limited to the following submission types and forms—ABS–EE, 10–K, ABS–15G, 10–D, SF–1, SF–3 and 424H)? 44. Recent filing experience has shown that ABS issuers have not been using the ability to create new ABS serial companies ‘‘on the fly’’ when filing a 424H submission.105 If, as a result of EDGAR Next, the EDGAR system no longer supported creating ABS ‘‘on the fly’’ via filing either a 424H or 424B submission, would that cause any problems for ABS issuers? ABS issuers would continue to be able to create new CIKs for serial companies via the ‘‘Request Asset-Backed Securities (ABS) Issuing Entities Creation’’ option in the EDGAR Filing website (known in EDGAR as an ‘‘ABSCOMP’’ submission).106 45. Currently, EDGAR permits certain filings to be submitted on behalf of multiple filers, who are treated as coregistrants for purposes of the filing. Would filers face difficulties in delegating to co-registrants or authorizing individuals to act as users or account administrators for both the filer and the co-registrant(s)? To what extent, if any, should the EDGAR Next changes provide special consideration or treatment for EDGAR submissions by co-registrants? For example, should the dashboard allow filers to designate other filers as ‘‘co-registrants’’ similar to how filers would delegate other filers as delegated entities, except that filing authority would only exist with regards to co-registrant submissions (e.g., the coregistrant could not submit a filing solely on behalf of the filer)? If so, to what extent should co-registrants be treated differently from delegated entities (e.g., with regards to user groups, delegated admins, etc.)? Alternately, should a user or account administrator for a filer be able to submit a co-registrant filing jointly on behalf of the co-registrant by using the co-registrant’s CIK and CCC (as is currently the case), without being a user or account administrator of the coregistrant? Why or why not? Please note that for purposes of EDGAR Next Proposing Beta, a filer will be able to submit a co-registrant filing by inputting the CCC and CIK of the co-registrant(s), as is currently the case. 46. Should the Commission consider other changes to EDGAR filer access and account management processes in the future? Why? Please be specific. IV. Economic Analysis The Commission is sensitive to the economic effects, including the costs and benefits, of its rules. The discussion below addresses the potential economic effects that may result from the rule and form amendments we are proposing in this release, and certain related technical changes, including the VerDate Sep<11>2014 18:08 Sep 21, 2023 Jkt 259001 PO 00000 Frm 00022 Fmt 4701 Sfmt 4702 E:\FR\FM\22SEP3.SGM 22SEP3 lotter on DSK11XQN23PROD with PROPOSALS3
Federal Register / Vol. 88, No. 183 / Friday, September 22, 2023 / Proposed Rules 65545 107Section 2(b) of the Securities Act (15 U.S.C. 77b(b)), section 3(f) of the Exchange Act (17 U.S.C. 78c(f)) and section 2(c) of the Investment Company Act (15 U.S.C. 80a–2(c)) require the Commission, when engaging in rulemaking where it is required to consider or determine whether an action is necessary or appropriate in (or, with respect to the Investment Company Act, consistent with) the public interest, to consider, in addition to the protection of investors, whether the action will promote efficiency, competition, and capital formation. Further, section 23(a)(2) of the Exchange Act (17 U.S.C. 78w(a)(2)) requires the Commission, when making rules under the Exchange Act, to consider the impact that the rules will have on competition, and prohibits the Commission from adopting any rule that would impose a burden on competition not necessary or appropriate in furtherance of the purposes of the Exchange Act. The technological changes contemplated by EDGAR Next would work together with the proposed rule and form amendments to enhance EDGAR access requirements. Because it is difficult to isolate the economic effects associated with the technological changes from those attributable solely to the proposed rule and form amendments, for purposes of this economic analysis, we have considered these effects collectively. 108See supra note 26. 109See supra note 27. 110See 15 U.S.C. 78p. 111This number includes 69,651 applications from prospective filers without CIKs, 9,390 applications from filers who had lost EDGAR access and were seeking to regain access to EDGAR (currently submitted as passphrase updates, but under the proposal would be submitted on Form ID), and 416 applications from filers with CIKs who had not yet filed electronically on EDGAR. 112Similarly, this number includes applications from prospective filers without CIKs, applications from filers who had lost EDGAR access and were seeking to regain access to EDGAR (currently submitted as passphrase updates, but under the proposal would be submitted on Form ID), and applications from filers with CIKs who had not yet filed electronically on EDGAR. 113See supra note 23. benefits and costs to investors and other market participants as well as the broader implications of the EDGAR Next project for efficiency, competition, and capital formation.107 A. Introduction Individuals and entities submit filings electronically with the Commission through EDGAR in order to comply with various provisions of the Federal securities laws. Filings on EDGAR are not currently linked to a specific individual authorized by the filer. EDGAR access codes represent a complex combination of several codes with differing functions.108 This access method is not aligned with standard access processes and is hard to monitor and manage. The Commission is also aware that some filers may have failed to maintain secure access to their EDGAR accounts.109 The changes contemplated by EDGAR Next would modernize the mechanism by which filers and designated individuals acting on filers’ behalf obtain access to EDGAR, streamline the management of filers’ accounts, and offer three optional APIs that would allow filers to interface with the EDGAR system. EDGAR Next would benefit both the Commission and filers by enabling the Commission to identify specific individuals making filings on behalf of filers and by simplifying procedures for accessing EDGAR in a way that allows filers to leverage the Commission’s web function to reduce cost. Enhancing the security of EDGAR would better protect against unauthorized access to the EDGAR system thereby decreasing the likelihood of unauthorized filings impacting the market and potentially imposing economic and reputational costs on the public, the filer, and the Commission. As discussed in greater detail in Section III above, EDGAR Next would: • Offer a dashboard where filers would manage their EDGAR accounts and where individuals that filers authorize could take relevant actions for filers’ accounts. • Require each filer to authorize and maintain individuals as its account administrators to act on behalf of the filer to manage the filer’s EDGAR account in accordance with the EDGAR account access and account management requirements set forth in this proposal and the EDGAR Filer Manual. Only those individuals who obtained individual account credentials could be authorized to act on the filer’s behalf to manage its EDGAR account. • Require each filer, through its authorized account administrators, to confirm annually that all account administrators, users, delegated entities, and technical administrators reflected on the dashboard for the filer’s EDGAR account are authorized by the filer and that all information regarding the filer is accurate (generally including the filer’s corporate and contact information). • Require each filer, through its authorized account administrator(s), to maintain accurate and current information on EDGAR concerning the filer’s account, and securely maintain information relevant to the ability to access the filer’s EDGAR account. • Allow individuals designated as account administrators to file on EDGAR on the filer’s behalf and authorize other individuals as users to file. • Allow filers to authorize delegated entities to file on their behalf. Delegated entities would be subject to the same requirements applicable to all filers. • Offer optional APIs for machine-tomachine submissions and retrieval of related filing information. Require filers who opt to use the APIs to, through their account administrator(s), authorize at least two technical administrators to manage the technical aspects of the APIs. • Amend Rules 10 and 11 under Regulation S–T and Form ID to codify the above requirements for filers, to add and define new terms as part of this proposal, and to capture additional information during the application for EDGAR access, respectively. The discussion below addresses the potential economic effects of the EDGAR Next changes, including the likely benefits and costs, as well as the likely effects on efficiency, competition, and capital formation. At the outset, we note that, where possible, we have attempted to quantify the benefits, costs, and effects on efficiency, competition, and capital formation expected to result from the contemplated changes. In many cases, however, the Commission is unable to quantify certain economic effects because it lacks the information necessary to provide estimates or ranges. In those circumstances in which we do not have the requisite data to assess the impact of the EDGAR Next changes, we have analyzed their economic impact qualitatively. B. Baseline The current set of requirements to obtain access to and file on the Commission’s EDGAR system, as well as the account management practices as they exist today, serve as the baseline from which we analyze the economic effects of the EDGAR Next changes. Filers are comprised of any individuals and entities that make a submission electronically through EDGAR. For example, directors and executives of many public companies have reporting obligations under section 16 of the Securities Exchange Act of 1934.110 Entities consist of public operating companies, investment companies, broker-dealers, transfer-agents, and other institutions who have filing obligations with the Commission. The parties directly affected by EDGAR Next are current and prospective filers as well as relevant individuals or entities acting on filers’ behalf. In 2022, the Commission received approximately 79,457 Form ID submissions.111 From 2018 to 2022, an average of approximately 62,061 Form IDs were submitted per year to the Commission.112 Individuals and entities who seek to file on EDGAR apply for access in accordance with Rule 10 of Regulation S–T by completing Form ID, the uniform application for access codes to file on EDGAR.113 Form ID currently VerDate Sep<11>2014 18:08 Sep 21, 2023 Jkt 259001 PO 00000 Frm 00023 Fmt 4701 Sfmt 4702 E:\FR\FM\22SEP3.SGM 22SEP3 lotter on DSK11XQN23PROD with PROPOSALS3
65546 Federal Register / Vol. 88, No. 183 / Friday, September 22, 2023 / Proposed Rules 114See supra note 27. 115See supra note 100. 116See supra note 28. 117See infra Section IV.C.2. 118 In connection with the proposed amendments, the Commission also proposes to amend Rule 11 under Regulation S–T, ‘‘Definitions of terms used in this part,’’ to add and define new terms as part of this rulemaking, and update the definitions of existing terms as needed. collects the applicant’s contact information, along with the applicant’s EDGAR POC. Upon approval, the filer receives a unique CIK, and the EDGAR POC generates access codes (including a password), using their CIK and passphrase from the Filer Management website, which allows the filer to make submissions on its EDGAR account. EDGAR filers are required to renew their EDGAR password annually. Currently, EDGAR system access has not incorporated multi-factor authentication to validate individuals accessing EDGAR and simplify password retrieval. Additionally, the Commission has no systematic way to determine with whom the filer has shared EDGAR access codes, or when the filer has revoked authorization. Filers are responsible for safeguarding their access codes and monitoring the number of individuals authorized to receive the codes.114 Certain filers and filing agents currently devise their own internal systems to track who possesses their EDGAR access codes. Because the Commission does not collect the personal information of the specific individual who makes the submission, nor does the Commission issue identifying credentials to individuals acting on behalf of filers when filings are submitted, the Commission is currently unable to match filings to specific individuals who made the filings. EDGAR receives a large volume of filings, typically more than 500,000 per calendar year, and has approximately 220,000 active filers, of which approximately 149,000 represent entities and approximately 71,000 represent individuals.115 The majority of Commission filings are made by filing agents on behalf of their client filers.116 Certain filing agents and filers use proprietary custom software to interface with EDGAR to mimic a machine-to-machine submission process and eliminate the need for individual human web-based interaction with the EDGAR filing websites. To create this custom software, data are extracted from the EDGAR filing websites and the custom software is configured to mimic a webbased interaction. This model of interaction with EDGAR requires frequent maintenance, however, since whenever EDGAR filing websites change their content or structure, those changes impact the custom software. Although Commission staff does not provide technical or other support for custom software for interaction with EDGAR, staff seeks to minimize filing disruptions and strives to provide notice to filers prior to making website changes. As a result, however, technical changes (e.g., maintenance, updates, etc.) to be implemented in EDGAR may be slowed by the fact that staff has to consider downstream custom software configurations. C. Consideration of Benefits and Costs as Well as the Effects on Efficiency, Competition, and Capital Formation
Federal Register / Vol. 88, No. 183 / Friday, September 22, 2023 / Proposed Rules 65547 119See supra text following note 59. 120See supra note 26. require users to present a combination of two or more credentials for access verification, thereby strengthening identity verification and the security of access to EDGAR.119 b. Account Administrators The proposed amendments to Rule 10 also would require filers to authorize account administrators to act on the filers’ behalf to manage their accounts. Currently, anyone who possesses a filer’s access codes can make a filing on that filer’s EDGAR account. If the codes are shared or left unprotected by the people who have them, they may be obtained by someone who could use them to make an unauthorized filing, and neither the filer nor Commission staff would be able to easily trace the unauthorized filing through EDGAR to the individual who made it. Under EDGAR Next, account administrators would improve the security of EDGAR because account administrators would oversee and monitor the filer’s account. Account administrators would have the ability to authorize, remove authority, and track all individuals acting on the filer’s behalf, thereby reducing the risk of unauthorized access to the filer’s account. The account administrator’s monitoring of the filer’s account would allow for prevention and timely detection of potential harms resulting from unauthorized access. It is difficult to quantify the potential benefits to filers of these aspects of the proposed changes because they would depend, in part, on the security risks faced by filers and the effectiveness of their existing systems to protect against unauthorized use of EDGAR access codes. Individual filers and filers who are single-member companies would be required, under proposed Rule 10(d)(2), to authorize and maintain at least one account administrator. The designation of account administrators would also help facilitate communication between filers and the Commission, thus reducing the risk of possible interruptions in filer EDGAR activities. Currently, filers designate a point of contact on their Form ID to enable communication with the Commission. Correspondence between the Commission and the EDGAR POC regarding the filers’ account activities may be delayed in the event that the EDGAR POC is no longer associated with the filer, because the filer may not update their EDGAR POC information with the Commission. All filers who are not individuals or single-member companies would be required to authorize and maintain at least two account administrators. The minimum requirement of two account administrators would lower the likelihood of the previously mentioned scenario. In addition, though the current EDGAR POC receives the access codes on behalf of the filer, he is not necessarily authorized to act on behalf of the filer. Under EDGAR Next, the account administrator, on behalf of the filer, would oversee all other designated roles and would be responsible for the management of the filer’s account. c. Dashboard Commission staff is also aware that certain filers and filing agents currently have internal systems that track which individuals possess their EDGAR access codes. The cost to these filers in transitioning to the dashboard would be the same as if they did not have an internal system. We can infer that the cost to these filers would be less on an ongoing basis if they use the dashboard instead of their current system due to the elimination of ongoing maintenance costs for their system. Moreover, the dashboard would offer the advantage of being a uniform system for all filers that additionally allows Commission staff visibility into individuals authorized to act for the filer. This additional qualitative benefit is not present for current filer internal tracking systems. Furthermore, filers without a system for tracking individuals in possession of EDGAR codes currently would be afforded a tool to do so through EDGAR, thereby facilitating compliance with their existing and proposed obligation to securely maintain access to their accounts. As proposed, Rule 10(d)(6) essentially codifies the current requirement for a filer to securely maintain its EDGAR access codes. Under the proposal, filers, through their account administrators, would be required to securely maintain information relevant to the ability to access their EDGAR accounts. Access to the dashboard would require individual account credentials, completion of the anticipated requirement of multi-factor authentication steps, and authorization from account administrators. Because of these security features, individuals in designated roles on the dashboard could safely access the CCC code to file on behalf of the filers.120 This added security feature would eliminate the need to share the CCC codes with various individuals thus minimizing the risk of unauthorized access. Additionally, the dashboard functionality of EDGAR Next would provide time and labor efficiencies in managing filers’ EDGAR accounts, while facilitating compliance with the proposed rule requirements: First, the dashboard would have a flexible user interface that would provide time and labor efficiencies to account administrators by facilitating the management of filers’ EDGAR accounts, and compliance with the proposed changes. Through the dashboard’s interface, an account administrator would have access to readily available information that would facilitate compliance with proposed Rule 10(d)(4), assist in tracking those authorized to file on EDGAR, and provide an opportunity for account administrators to confirm the accuracy of all information contained on the dashboard. Furthermore, through the dashboard’s interface, account administrators could add an individual as a user, account administrator, or technical administrator for an EDGAR account on the dashboard. Additionally, using API tokens as a method of authentication would eliminate the need for manual individual account credential multi-factor authentication. This would decrease the time required to submit filings, facilitate the ability to pre-schedule and perform bulk filings, and reduce the potential for error due to manual processing and the risk of missing deadlines. Moreover, through the dashboard’s interface, account administrators could generate a CCC for newly issued CIKs. The CCC would be securely saved in the dashboard visible to all authorized account administrators and users. The CCC would remain as the code required for filing in the account. Second, the dashboard would provide additional time and labor efficiencies through the user groups feature. This functionality would particularly benefit delegated entities in managing multiple users and multiple filers’ delegations of authority. EDGAR Next would allow up to 500 users per filer, and delegated users would be able to make submissions on behalf of the delegating filer. Assigning multiple users on an individual basis to a given filer would be time consuming and labor intensive, which would be detrimental to filers when they may need to make timesensitive filings. The user group feature would streamline that process and allow delegated entities to assign multiple users to a specific filer at once. The dashboard would harness the benefits of technology and modernize the EDGAR access and management functions while providing filers the flexibility to adapt to changes rapidly, which is significant particularly in scenarios that could negatively impact filing times. VerDate Sep<11>2014 18:08 Sep 21, 2023 Jkt 259001 PO 00000 Frm 00025 Fmt 4701 Sfmt 4702 E:\FR\FM\22SEP3.SGM 22SEP3 lotter on DSK11XQN23PROD with PROPOSALS3
65548 Federal Register / Vol. 88, No. 183 / Friday, September 22, 2023 / Proposed Rules 121See supra note 88. The institution of the user role would particularly benefit large filers or filing agents submitting multiple forms, for multiple entities. Allowing up to 500 users per filer would increase the likelihood of filling success for large filers and filing agents by providing these entities flexibility in assigning multiple users to various user-groups. Users would be able to remove themselves as a user for a given filer, thereby facilitating the maintenance of updated dashboard information that would benefit all affected parties. d. Proposed Rules 10(d)(4), (d)(5), and (d)(6) The proposed Rules 10(d)(4), (d)(5), and (d)(6) would require the filer, through its authorized account administrators: to annually confirm that all individuals reflected on the dashboard for the filer’s EDGAR account are authorized by the filer and that all information regarding the filer on the dashboard is accurate; to maintain accurate and current information about the filer on EDGAR; and to securely maintain information relevant to the ability to access the filer’s EDGAR account. It would assist the filer in tracking and confirming those individuals and delegated entities authorized to act on behalf of the filer, and to remove those no longer authorized. Confirming the accuracy of individuals authorized to act on behalf of filers while ensuring the safeguard of account access related information would enhance the security of EDGAR by reducing the risk of unauthorized access therefore reducing the likelihood of unauthorized filings. The Commission preliminarily believes that to the extent that the risk of unauthorized access is reduced, taking measures that may prevent unauthorized filings is inherently more efficient than remediating the consequences of such events after it occurred. Additionally, failure to perform the annual confirmation of the information on the dashboard would result in the deactivation of the filer’s access and the removal of individuals from the filer’s account upon deactivation. Failure to perform annual confirmation could signal that the account has been abandoned. Deactivation would further benefit filers and all individuals associated with the filer’s account by protecting their information listed on the dashboard. Proposed Rule 10(d)(5) is analogous to the current requirements to securely maintain EDGAR access and to maintain accurate company information on EDGAR.121 Ensuring the accuracy of filer’s relevant information contained in EDGAR would increase the reliability of such available information and thus would enhance the Commission’s oversight capabilities, which benefits both the Commissions and the public. Furthermore, accurate and reliable EDGAR information would benefit the filer by facilitating a timelier remediation of problematic filings. e. Optional APIs In connection with the EDGAR Next changes, the Commission would provide optional APIs that would permit filers to interface on a machineto-machine basis with the EDGAR platform. These APIs would benefit filers and the Commission by automating filers’ connection to EDGAR for submission and retrieval of certain filing-related data and by reducing network traffic to the Commission. The Commission would offer three APIs: a submission API, a submission status API, and an operational status API. With respect to the process for submissions, the submission API would benefit filers by allowing for more secure submissions since prior to using the APIs, the filer’s technical administrator would be required to generate a filer API token to authenticate the filer, and the user would be required to generate a user API token to authenticate the user. The API tokens would be confidential and generated through the dashboard. The above requirements would provide additional assurance that the user is indeed authorized to submit the relevant filing. The APIs would further streamline the submission and retrieval process since the use of APIs and user tokens would allow automated server-to-server authentication without the need for manual login and multi-factor authentication. As mentioned before, many filing agents’ software use web scraping to retrieve information from EDGAR for filing purposes and to make submissions. Though widely used, scraping depends on the underlying structure of the external web page being scraped. Thus, any minor changes to the underlying structure of the EDGAR websites could impact the filers’ software. The APIs would provide a more reliable way for filers to interact with EDGAR since future changes to EDGAR would likely not impact filers’ software. Further, the submission status API would allow filers to assess information regarding submission status via machine-to-machine communication. The submission status API would allow filers and filing agents to use their filing application to simultaneously check the status of multiple EDGAR submissions in a batch process as opposed to individually checking the submission status of each submission after manually logging into EDGAR. The submission status API would increase the likelihood that the Commission receives submissions promptly by limiting the risk of a failed submission through early communication with the filers or their authorized representatives, benefiting the Commission, filers and filing agents. An increase in the certainty and timeliness of submission boosts the overall information quality of the EDGAR system. By opting to use the APIs, filers would further benefit by using direct machine-to-machine connections that would be approved and maintained by the Commission (as opposed to current third-party custom applications). As described in Sections III.D.2 and 3, filers and filing agents, as well as those using third-party custom applications continuously interact with the EDGAR system inquiring as to the status of submissions, or the operating status of EDGAR. Such inquiries into EDGAR create significant network traffic. For example, this network traffic could be more severe in the case of a large filing agent checking the status of multiple submissions. Instead of manually logging into EDGAR and individually checking the status of each submission, the submission status and operational status APIs would benefit the Commission and filers by allowing filers to simultaneously check the status of multiple submissions in a batch process as opposed to checking the status of each submission individually, thereby reducing network traffic created when filers are repeatedly requesting the status of their submissions, or the operational status of EDGAR. Additionally, a filer who opts to use APIs would be required to authorize at least two technical administrators, and would be allowed a maximum of ten technical administrators to facilitate communication with the Commission on API-related technical issues. This would reduce the chance that filers’ API access would be interrupted for any unforeseen technical issues. 2. Costs We believe that the costs associated with EDGAR Next would primarily result from compliance costs borne by filers as described in the Paperwork Reduction Act (‘‘PRA’’) analysis below, associated costs to comply with new VerDate Sep<11>2014 18:08 Sep 21, 2023 Jkt 259001 PO 00000 Frm 00026 Fmt 4701 Sfmt 4702 E:\FR\FM\22SEP3.SGM 22SEP3 lotter on DSK11XQN23PROD with PROPOSALS3
Federal Register / Vol. 88, No. 183 / Friday, September 22, 2023 / Proposed Rules 65549 122See infra Section V. 123See infra Section V. 124See infra note 140. 125See infra note 141141. 126See supra note 71. 127See supra note 70. 128See infra Section V.B. 129See infra text preceding note 142. 130See infra note 143143. 131An outside Senior Programmer Analyst salary range (national averages) is available from www.payscale.com. Using data from the 75th percentile, adjusting for a 1,800 hour work year, and multiplying by the 5.35 factor which normally is used to include benefits but here is used as an approximation to offset the fact that New York salaries are typically higher than the rest of the country, the result is $324 per hour. The estimate of $31,104 is based on the following calculation: $5,184 to simply connect an existing filing application to the API (16 hours = 2 days × 8 hours per day for a Senior Programmer Analyst at a rate of $324/hour) + $25,920 (80 hours = 2 weeks × 5 days per week × 8 hours per day for a Senior Programmer Analyst at a rate of $324/hour to configure the filing application correctly to be able to use the API). 132An outside Senior Programmer Analyst salary range (national averages) is available from www.payscale.com. Using data from the 75th percentile, adjusting for a 1,800 hour work year, and multiplying by the 5.35 factor which normally is used to include benefits but here is used as an approximation to offset the fact that New York salaries are typically higher than the rest of the country, the result is $324 per hour. The estimate of $38,880 is based on the following calculation: $12,960 to create a new filing application and connect it to the API (40 hours = 5 days × 8 hours per day for a Senior Programmer Analyst at a rate of $324/hour) + $25,920 to configure the filing application correctly to be able to use the API (80 hours = 2 weeks × 5 days per week × 8 hours per day for a Senior Programmer Analyst at a rate of $324/hour). Rule 10 requirements, and the one-time burden for filers to adjust their internal filing application software to interface with the APIs.122 While filers are not currently subject to analogous specific requirements regarding access, they are nevertheless subject to the same general requirements regarding securely maintaining EDGAR access codes and limiting the number of persons who possess the codes. The proposed additional disclosure requirements for Form ID would entail certain incremental compliance costs.123 For example, filers are already subject to the disclosure requirements of Form ID and under EDGAR Next we estimate for purposes of the PRA that Form ID’s burden hours would increase by 0.3 burden hours.124 Collectively, we estimate the burden to all filers to comply with the proposed amendments to Form ID would be 47,674 hours per year.125 Filers would also incur labor costs associated with authorizing account administrators, along with fees associated with authorized individuals granting powers of attorney to designated individuals and delegated entities if those individuals being designated as account administrators are not employees of the filer. However, such costs would be mitigated by the six-month enrollment period of EDGAR Next, which would allow existing and prospective filers to enroll their account administrators without submitting a Form ID. Other costs that could arise from the proposal would stem from a filer’s failure to perform, through its authorized account administrator, the required annual confirmation pursuant to proposed Rule 10(d)(4). Failure to perform the annual confirmation of the information on the dashboard would result in the deactivation of the filer’s access, and the removal of individuals associated with the filer’s account upon deactivation.126 Filers would incur an additional burden of submitting a new Form ID application to regain access to file on EDGAR, and re-issuing invitations to any technical administrators, users, and technical administrators associated with their account prior to deactivation. However, these costs would potentially be mitigated by EDGAR’s multiple notices of the impending confirmation deadline to account administrators on the dashboard and by email.127 The Commission would further ease the transition for filers by allowing relevant individuals of the filer to submit bulk enrollment of up to 100 filers and their account administrators. This would particularly benefit large filing agents enrolling multiple accounts by saving time and labor costs. The dashboard would require filers to incur costs to set up their accounts, as set forth in the PRA, and would require some period of time to maintain accurate and current information on EDGAR, confirm annually on EDGAR that all users, account administrators, technical administrators, and/or delegated entities reflected on the dashboard for the filer’s EDGAR account are authorized by the filer, and that the filer’s information on the dashboard is accurate, and securely maintain relevant account access information, largely depending on the number of users the filer authorizes and the amount of turnover of relevant personnel.128 We recognize that due to these factors, the burden incurred would vary across filers. Filers with a large number of users and significant turnover would likely spend a greater amount of time managing their dashboard accounts. And filers with few users and little turnover would likely have infrequent need to manage individuals on the dashboard. Similarly, larger filers managing multiple CIKs would spend more time performing their required annual confirmation, and thus would incur a higher associated compliance cost associated. For purposes of the PRA, we estimate that, on average, each filer would incur one burden hour per year managing their account in the dashboard.129 Collectively, we estimate the burden to all filers to comply with the proposed new dashboard requirements would be 220,000 hours per year.130 However, such burden would be mitigated by active notifications and other efficiencies provided by the dashboard as an account management tool. Filers or filing agents who choose to use the optional APIs would incur a one-time cost to adjust their internal software systems to the new EDGAR APIs. Given that the APIs are optional, filers would presumably incur this cost to the extent that the benefits of using the APIs are expected to exceed the cost of doing so. Further, for filers who substitute the optional APIs for custom filing software, the cost of adjusting internal software systems to use the new EDGAR APIs would be mitigated by the elimination of current ongoing maintenance costs associated with adjusting their custom software each time EDGAR undergoes changes. The costs of developing software to use the APIs would not apply to filers who do not generally utilize custom filing software, as these filers could continue using the EDGAR websites to submit their filings. We have observed that small filers typically do not utilize custom filing software and we expect they will generally not incur these costs. Furthermore, the Commission would make available an EDGAR Next Beta to facilitate a smooth transition process for all affected parties. We further estimate the direct costs to filers or filing agents associated with the proposed optional API requirements, including time and personnel costs to build a filing application integrated with all functions to successfully connect to the EDGAR APIs. Depending on their existing software, complexity of their application and individual business models, among other factors, these expenses are likely to vary across filers. Based on Commission experience from developing EDGAR Next the total estimated cost per filer for filing applications to connect to an EDGAR API by an external programmer analyst would range from $31,104 131 for filers with a preexisting filing application to $38,880 assuming the filers do not have a preexisting filing application.132 The total estimated burden hours for filers developing their application internally VerDate Sep<11>2014 18:08 Sep 21, 2023 Jkt 259001 PO 00000 Frm 00027 Fmt 4701 Sfmt 4702 E:\FR\FM\22SEP3.SGM 22SEP3 lotter on DSK11XQN23PROD with PROPOSALS3
65550 Federal Register / Vol. 88, No. 183 / Friday, September 22, 2023 / Proposed Rules 133The estimate is based on the following calculation: 16 hours to simply connect an existing filing application to the API by a Senior Programmer Analyst (16 hours = 2 days × 8 hours per day) + 80 hours (80 hours = 2 weeks × 5 days per week × 8 hours per day) for a Senior Programmer Analyst to configure the filing application correctly to be able to use the API. 134This estimate is based on the following calculation: 40 hours to create a new filing application and connect it to the API (40 hours = 5 days × 8 hours per day) + 80 hours to configure the filing application correctly to be able to use the API (80 hours = 2 weeks × 5 days per week × 8 hours per day). 135See infra note 143 and accompanying text 141. would range between 96 burden hours 133 and 120 burden hours.134 Filers who choose to use the APIs would also incur the additional cost of authorizing two technical administrators to manage the technical aspects of the APIs. We do not expect that filers would need to hire new employees to fill the technical administrator role since the primary responsibilities for the technical administrator are to generate the filer API token on an annual basis and securely store it within a filer’s application. For purposes of the PRA, we estimate that filers would incur a burden of one hour per year per CIK with respect to the technical administrators’ responsibilities, depending on security standards imposed by the filer or filing agent.135 3. Effects on Efficiency, Competition, and Capital Formation EDGAR Next would increase the efficiency of filings and filing preparation by improving the accuracy of submissions and improving regulatory oversight into filings. The Commission preliminarily believes that enhancements to EDGAR security from the proposed EDGAR Next changes may improve efficiency by minimizing the risk of unauthorized access thus reducing the likelihood of unauthorized filings. Facilitating access and improving the tracking mechanism of who files on EDGAR would increase public confidence in the large amount of information submitted through EDGAR. Moreover, an increase in the accuracy and timeliness of processing submissions would boost the efficiency of the Commission’s document review, processing, and quality assurance. Enhancing the security of EDGAR would better protect against unauthorized access to the EDGAR system, thereby reducing the possibility of unauthorized filings that could have a distorting impact on the market. Strengthening filing security could marginally increase investor confidence and promote effective and wellfunctioning capital markets. The public would generally benefit from the implied increase in informational efficiency resulting from the improved accuracy and timeliness of processing submissions, as they use EDGAR filings for investment decisions. Overall, however, we do not expect the EDGAR Next changes to have a significant effect on capital formation because the contemplated security enhancements would not necessarily change market price fundamentals. As discussed above, because the EDGAR Next changes would potentially increase the compliance requirements for filers, they could result in an increased demand for delegated entities to the extent that delegated entities find it profitable. This might increase competition among delegated entities, resulting in lower fees for filers with delegated entities. We cannot assess the relative likelihood of the above competitive effects among delegated entities because we are unable to estimate how many filers would choose to use delegated entities as a result of the proposal. D. Reasonable Alternatives
Federal Register / Vol. 88, No. 183 / Friday, September 22, 2023 / Proposed Rules 65551 136 44 U.S.C. 3501 et seq. 137 44 U.S.C. 3507(d); 5 CFR 1320.11. would not generally improve the security of EDGAR. 3. Implementing Performance-Based Standards The EDGAR Next proposal mandates the performance of certain prescribed requirements to enhance the security of EDGAR’s filing regime. We could consider an alternative with a more performance-based approach that would not spell out the precise actions filers need to take in order to improve the security of their EDGAR accounts, but instead only state that filers should have in place practices and recordkeeping that would allow the Commission to more easily identify anyone who makes a submission on the filer’s behalf, and ensure that only individuals authorized by the filer are privy to the filer’s access codes. For example, filers might opt to authorize only one account administrator rather than authorize and maintain two such individuals, or filers might determine that they do not need the additional security provided by multi-factor authentication for designated individuals to be authorized to act on their behalf on the dashboard. The benefits of such an approach would be that filers would have more flexibility in what their practices and recordkeeping cover. Such an approach would provide the benefit of reducing the regulatory burden for certain filers by permitting them to tailor their EDGAR access compliance requirements to fit their own particular circumstances, and would provide filers greater discretion into how they manage their EDGAR accounts and safeguard their account access codes. To the extent that this approach provides more flexibility to certain filers, this alternative could also increase compliance cost to the detriment of some filers who may incur higher cost to set up practices and recordkeeping arrangements to manage their account and safeguard their access codes. Furthermore, this approach would diminish the intended benefits of the EDGAR Next changes. Filers who bypass the individual account credential requirements would make it difficult for the Commission to match specific filings to the relevant individual who made the submissions, while authorizing only one account administrator would probably not reduce the likelihood of managing EDGAR accounts without interruptions. Overall, a performance-based approach would create inconsistencies in improving the overall security of EDGAR, facilitating the responsible management of EDGAR filer credentials, and simplifying procedures for accessing EDGAR. In addition, any cost savings associated with a performancebased approach would likely be minimal because filers would still incur the cost of compliance. In sum, this alternative would limit the magnitude of the benefits for filers that would result from the contemplated EDGAR Next changes. 4. Institute Phased Compliance Dates by Filer Category or Form Type The proposed amendments would have a single compliance date. As an alternative, we could employ phased compliance dates to either accelerate or postpone compliance for particular filers. Phased compliance would particularly benefit smaller filers by affording them a longer time period to come into compliance with EDGAR Next, while further facilitating compliance with other contemporaneous rules with similar or earlier compliance deadlines. To the extent that a phased compliance would provide filers with more time to comply with EDGAR Next changes, compared to the proposed compliance timeline, postponing compliance would delay the benefits provided by the proposed changes, while accelerating compliance might result in additional transition challenges for these filers. E. Requests for Comment 55. The Commission requests comment on all aspects of the economic effects of the EDGAR Next changes, including any anticipated impacts that are not mentioned here. We are particularly interested in quantitative estimates of the benefits and costs, in general or for particular types of affected parties, including smaller entities. We also request comment on reasonable alternatives to the EDGAR Next changes and on any effect the changes may have on efficiency, competition, and capital formation. 56. Do you agree with the estimated benefits that EDGAR Next would provide to filers? If not, why? 57. Do you agree with the estimated costs associated with the EDGAR Next changes? If not, why? Please provide your views on the burden of complying with the EDGAR Next changes relative to our estimates. In particular, would filers and filing agents switch to using the optional APIs contemplated as part of EDGAR Next? If not, why? 58. Are there any filers for whom the compliance costs associated with EDGAR Next would not be justified by the benefits such that exempting those entities would be advisable? If so, which filers should the Commission exempt, and why? 59. Does the contemplated compliance timeline provide filers sufficient time to transition to EDGAR Next? If not, what would be the additional cost incurred in order to meet the contemplated compliance timeline? 60. Would EDGAR Next require any existing filers with delegated authority to file on behalf of a related person or entity to materially change the way they operate? If so, in what ways? What would be the cost associated with such change? For instance, many companies may file on behalf of their section 16 directors and officers, and some investment companies may also make filings on behalf of other funds within their fund family. 61. Prospective filers could designate as account administrators (i) individuals employed at the filer or an affiliate of the filer (in the case of company applicants) or themselves (in the case of individual applicants), as well as (ii) any other individual, provided the filer submitted a notarized power of attorney authorizing such other individual to be its account administrator. Are filers likely to designate individuals other than themselves or their employees or employees of their affiliates? What would be the costs associated with this determination? The Commission also requests comment and supporting empirical data on the burden and cost estimates for the proposed rule, including the costs that filers and potential filers may incur. V. Paperwork Reduction Act Certain provisions of the proposed amendments contain ‘‘collection of information’’ requirements within the meaning of the Paperwork Reduction Act of 1995 (‘‘PRA’’).136 We are submitting the proposed collections of information to the Office of Management and Budget (‘‘OMB’’) for review in accordance with the PRA.137 An agency may not conduct or sponsor, and a person is not required to respond to, a collection of information unless it displays a currently valid OMB control number. Compliance with the information collection is mandatory. Responses to the information collection are not kept confidential, and there is no mandatory retention period for the information disclosed. The title for the existing collection of information that we are proposing to amend is ‘‘Form ID—EDGAR Password’’ (OMB Control No. 3235–0328). Our proposal also includes a new collection of information titled ‘‘the dashboard.’’ The amendments to Form ID and the VerDate Sep<11>2014 18:08 Sep 21, 2023 Jkt 259001 PO 00000 Frm 00029 Fmt 4701 Sfmt 4702 E:\FR\FM\22SEP3.SGM 22SEP3 lotter on DSK11XQN23PROD with PROPOSALS3
65552 Federal Register / Vol. 88, No. 183 / Friday, September 22, 2023 / Proposed Rules 138 48,089 filings for users without CIKs + 8,836 filings for filers who are seeking to regain access to EDGAR + 404 filings for filers with CIKs who have not yet filed electronically on EDGAR = 57,329 filings. 139 69,651 filings for users without CIKs + 9,390 filings for filers who are seeking to regain access to EDGAR + 416 filings for filers with CIKs who have not yet filed electronically on EDGAR = 79,457 filings. 140The increase in burden would vary by applicant depending on whether certain of their responses required additional information (e.g., explaining the circumstances surrounding any of its operatives who are currently subject to Federal or State securities law investigations, proceedings, convictions, suspensions, or bars, and for applicants seeking access to an existing CIK account, providing the documents that establish the applicant’s authority over the company or individual currently listed in EDGAR as corresponding to the existing CIK account). 141 79,457 filings × 0.60 hours/filing = 47,674 hours. implementation of the dashboard are designed to harness the benefits of improved technology and to modernize the EDGAR access and management functions. A detailed description of the proposed amendments, including the amendments to Form ID and the implementation of the dashboard, including the need for the information and its proposed use, as well as a description of the likely respondents, can be found in Section III above, and a discussion of the expected economic impact of the proposed amendments can be found in Section IV above. We discuss below the collection of information burdens associated with each initiative. A. Form ID Form ID must be completed online and submitted to the Commission by all individuals, companies, and other organizations who seek access to file electronically on EDGAR. As outlined above, the amendments to Form ID would require an applicant for EDGAR access to undertake certain additional disclosure obligations, including most significantly: (1) designating on Form ID specific individuals the applicant authorizes to act as its account administrator(s) to manage its EDGAR account on a dashboard on EDGAR; (2) indicating the applicant’s LEI, if any; (3) providing more specific contact information about the filer, its account administrators, its authorized individual (individual authorized to submit Form ID on the filer’s behalf), and its billing contact (including mailing, business, and billing information, as applicable); (4) specifying whether the applicant, its authorized individual, person signing a power of attorney (if applicable), account administrator, or billing contact has been criminally convicted as a result of a Federal or State securities law violation, or civilly or administratively enjoined, barred, suspended, or banned in any capacity, as a result of a Federal or State securities law violation; (5) indicating whether the applicant, if a company, is in good standing with its state or country of incorporation; (6) requiring submission of a new Form ID if the applicant claims to have (i) lost electronic access to its existing CIK account or (ii) assumed legal control of a filer listed on an existing CIK account but did not receive EDGAR access from that filer; and (7) requiring those seeking access to an existing EDGAR account to upload to EDGAR the documents that establish the applicant’s authority over the company or individual listed in EDGAR on the existing account. The proposed amendments would also simplify filer account management by eliminating the EDGAR password, PMAC, and passphrase. For purposes of the Paperwork Reduction Act, the currently approved burden includes an estimate of 57,329 Form ID filings annually and further estimates approximately 0.30 hours per response to prepare and file Form ID, for a total of 17,199 annual burden hours. Those estimates include the number of Form ID filings for filers without CIKs (48,089 filings), filers with CIKs who are seeking to regain access to EDGAR (8,836 filings), and filers with CIKs who have not filed electronically on EDGAR (404 filings).138 Filers are responsible for 100% of the total burden hours. There were 79,457 Form ID filings in calendar year 2022. The estimate includes the number of filers without CIKs, filers with CIKs who have not filed electronically on EDGAR, and filers with CIKs who are seeking to regain access EDGAR.139 If the proposed access changes and proposed Form ID amendments are implemented, for purposes of the Paperwork Reduction Act, we estimate that the number of Form ID filings would remain the same and that the number of hours to prepare Form ID would increase by 0.30 hours.140 Thus, for purposes of the Paperwork Reduction Act, the estimated total number of annual Form ID filings would increase from 57,329 filings to 79,457 filings. The estimate of 0.30 hours per response would increase to 0.60 hours per response. The estimated total annual burden would increase from 17,199 hours to 47,674 hours.141 The estimate that the filers are responsible for 100% of the total burden hours would stay the same. Form ID Annual number of filings Annual time burden (hrs.) Previously approved Requested Change Previously approved Requested Change Form ID ........................................................................................... 57,329 79,457 22,128 17,199 47,674 30,475 B. The Dashboard To file on EDGAR, each filer must also comply with certain account access and management requirements by taking actions on the dashboard. As outlined above, each filer must authorize individuals to act on its behalf on the dashboard, and those individuals must have obtained individual account credentials for EDGAR in the manner specified in the EDGAR Filer Manual. Moreover, each filer, through their account administrators, is required to: (i) authorize and maintain at least two individuals as authorized account administrators to act on the filer’s behalf to manage the filer’s EDGAR account, except a filer who is an individual or single-member company must authorize and maintain at least one individual as an account administrator; (ii) confirm annually on EDGAR that all users, account administrators, technical administrators, and/or delegated entities reflected on the dashboard for the filer’s EDGAR account are authorized by the filer, and that the filer’s information on the dashboard is accurate; (iii) maintain accurate and current information on EDGAR concerning the filer’s account, including but not limited to accurate corporate information and contact information (such as mailing and business addresses, email addresses, and telephone numbers); (iv) securely maintain information relevant to the ability to access the filer’s EDGAR account, including but not limited to access through any EDGAR API; and (v) VerDate Sep<11>2014 18:08 Sep 21, 2023 Jkt 259001 PO 00000 Frm 00030 Fmt 4701 Sfmt 4702 E:\FR\FM\22SEP3.SGM 22SEP3 lotter on DSK11XQN23PROD with PROPOSALS3
Federal Register / Vol. 88, No. 183 / Friday, September 22, 2023 / Proposed Rules 65553 142A filer survey conducted by a filing agent found that at least 64% of respondents planned to have three or fewer account administrators, and 96% of respondents planned to have fewer than 20 users. See Workiva Comment Letter. Moreover, since filers are not required to authorize users, technical administrators, or delegations, filers who did not choose to authorize such individuals or third parties would not have any associated burdens. 143 149,000 active entity filers on EDGAR × 1 hour = 149,000 burden hours. 71,000 active individual filers on EDGAR × 1 hour = 71,000 burden hours. 149,000 burden hours + 71,000 burden hours = 220,000 total annual burden hours. 144 5 U.S.C. 801 et seq. 145 5 U.S.C. 601 et seq. 146 Id. if the filer chooses to use an EDGAR API, authorize at least two technical administrators to act on the filer’s behalf to manage technical matters related to the filer’s use of an API. Through the dashboard, account administrators could: (i) add and remove users, account administrators, and technical administrators (including removing themselves as an account administrator); (ii) create and edit groups of users; (iii) delegate filing authority to third parties with EDGAR accounts and remove such delegations; and (iv) generate a new CCC. For purposes of the PRA, we estimate that each filer would spend approximately one hour setting up the dashboard, and approximately one hour per annum managing the filer’s account on the dashboard. This burden would vary across filers depending on the size of the filer, the number of users, account administrators, technical administrators, and delegated entities authorized by the filer, as well as the amount of annual staff turnover for those individuals and entities, among other factors. For a small number of filers, the annual burden could significantly exceed our estimate (e.g., filing agents who may have a large number of authorized individuals, as well as multiple accepted delegations and user groups for which delegated users would need to be maintained). On the other hand, for the vast majority of filers, the annual burden would presumably be less than our estimate because we expect most filers to have a small number of authorized individuals and experience little or no annual turnover with regard to those individuals.142 Consequently, the anticipated total annual burden attributed to the dashboard would be approximately 220,000 burden hours.143 Active filers Burden hours Total annual burden hours Entities ................................................................................................................... 149,000 × 1 = 149,000 Individuals .............................................................................................................. 71,000 × 1 = 71,000 220,000 C. Request for Comment We request comment on whether our estimates for burden hours and any external costs as described above are reasonable. Pursuant to 44 U.S.C. 3506(c)(2)(B), the Commission solicits comments in order to: (i) evaluate whether the proposed collections of information are necessary for the proper performance of the functions of the Commission, including whether the information will have practical utility; (ii) evaluate the accuracy of the Commission’s estimate of the burden of the proposed collections of information; (iii) determine whether there are ways to enhance the quality, utility, and clarity of the information to be collected; (iv) determine whether there are ways to minimize the burden of the collections of information on those who are to respond, including through the use of automated collection techniques or other forms of information technology; and (v) evaluate whether the proposed amendments would have any effects on any other collection of information not previously identified in this section. Any member of the public may direct to us any comments concerning the accuracy of these burden estimates and any suggestions for reducing these burdens. Persons wishing to submit comments on the collection of information requirements of the proposed amendments should direct them to the Office of Management and Budget, Attention Desk Officer for the Securities and Exchange Commission, Office of Information and Regulatory Affairs, Washington, DC 20503, and should send a copy to Vanessa Countryman, Secretary, Securities and Exchange Commission, 100 F Street NE, Washington, DC 20549–1090, with reference to File No. S7–15–23. OMB is required to make a decision concerning the collections of information between 30 and 60 days after publication of this release; therefore, a comment to OMB is best assured of having its full effect if OMB receives it within 30 days after publication of this release. Requests for materials submitted to OMB by the Commission with regard to these collections of information should be in writing, refer to File No. S7–15–23, and be submitted to the Securities and Exchange Commission, Office of FOIA Services, 100 F Street NE, Washington, DC 20549–2736. VI. Small Business Regulatory Enforcement Act For purposes of the Small Business Regulatory Enforcement Fairness Act of 1996 (‘‘SBREFA’’),144 the Commission must advise OMB whether a proposed regulation constitutes a ‘‘major’’ rule. Under SBREFA, a rule is considered ‘‘major’’ where, if adopted, it results in or is likely to result in: • An annual effect on the U.S. economy of $100 million or more (either in the form of an increase or decrease); • A major increase in costs or prices for consumers or individual industries; or • Significant adverse effects on competition, investment, or innovation. We request comment on whether the proposed amendments would be a ‘‘major rule’’ for purposes of SBREFA. We solicit comment and empirical data on: • The potential effect of the proposed amendments on the U.S. economy on an annual basis; • Any potential increase in costs or prices for consumers or individual industries; and • Any potential effect on competition, investment, or innovation. Commenters are requested to provide empirical data and other factual support for their views to the extent possible. VII. Initial Regulatory Flexibility Analysis The Regulatory Flexibility Act (‘‘RFA’’) 145 requires an agency, when issuing a rulemaking proposal, to prepare and make available for public comment an Initial Regulatory Flexibility Analysis (‘‘IFRA’’) that describes the impact of the proposed rule on small entities.146 This IFRA has VerDate Sep<11>2014 18:08 Sep 21, 2023 Jkt 259001 PO 00000 Frm 00031 Fmt 4701 Sfmt 4702 E:\FR\FM\22SEP3.SGM 22SEP3 lotter on DSK11XQN23PROD with PROPOSALS3
65554 Federal Register / Vol. 88, No. 183 / Friday, September 22, 2023 / Proposed Rules 147 15 U.S.C. 77f, 77g, 77h, 77j, and 77s (a). 148 15 U.S.C. 78c, 78d–1, 78d–2, 78l, 78m, 78n, 78o, 78o–4, 78w, and 78ll. 149 15 U.S.C. 77sss. 150 15 U.S.C. 80a–8, 80a–29, 80a–30, and 80a–37. 151 5 U.S.C. 601(6). 152See 17 CFR 240.0–10(a)). 153This estimate is based on staff analysis of issuers potentially subject to the final amendments, excluding co-registrants, with EDGAR filings on Form 10–K, or amendments thereto, filed during the calendar year of Jan. 1, 2022 to Dec. 31, 2022. This analysis is based on data from XBRL filings, Compustat, Ives Group Audit Analytics, and manual review of filings submitted to the Commission. 154See 17 CFR 270.0–10. 155This estimate is derived from an analysis of data obtained from Morningstar Direct as well as data filed with the Commission (on Forms N–CSR, NPORT–P, 10–Q, and 10–K) for the last quarter of 2022. 156 17 CFR 275.0–7. 157We based this estimate on registered investment adviser responses to Items 5.F. and 12 of Form ADV. 158 17 CFR 240.0–10(h). 159We based this estimate on transfer agent responses to questions 4(a) and 5(a) on their latest filing on Form TA–2. 160 17 CFR 240.0–10(f). 161This estimate is based on MSRB data filed during the calendar year of Jan. 1, 2022 to Dec. 31, 2022. been prepared in accordance with the RFA and relates to the proposed amendments to Rules 10 and 11 of Regulation S–T and Form ID described in Section III.E above. A. Reasons for, and Objectives of, the Proposed Action The purpose of the proposed amendments is to enhance the security of EDGAR accounts, improve the ability of filers to securely maintain access to their EDGAR accounts, facilitate the responsible management of EDGAR filer credentials, and simplify procedures for accessing EDGAR. Among other things, the proposed amendments would require each filer to: • Authorize individuals to act on its behalf on the dashboard only if those individuals have obtained individual account credentials in the manner to be specified in the EDGAR Filer Manual; • Authorize and maintain individuals as account administrators to manage their EDGAR accounts; • Confirm annually on EDGAR, through their account administrators, that all account administrators, users, technical administrators and delegated entities reflected on the dashboard for the filer’s EDGAR account are authorized by the filer to act on its behalf, and that all information about the filer on the dashboard is accurate; • Maintain accurate and current information on EDGAR concerning the filer’s account; and • Securely maintain information relevant to the ability to access the filer’s EDGAR account. Filers who chose to use the optional EDGAR APIs that the Commission would offer for machine-to-machine submissions on EDGAR and to facilitate filers’ retrieval of related information, would, among other things, be required through their account administrators to authorize two technical administrators to manage tokens and other technical aspects of the EDGAR APIs. B. Legal Basis We are proposing the amendments contained in this release under the authority set forth in sections 6, 7, 8, 10, and 19(a) of the Securities Act of 1933 (‘‘Securities Act’’),147 sections 3, 4A, 4B, 12, 13, 14, 15, 15B, 23, and 35A of the Exchange Act,148 section 319 of the Trust Indenture Act of 1939,149 and sections 8, 30, 31, and 38 of the Investment Company Act of 1940 (‘‘Investment Company Act’’).150 C. Small Entities Subject to the Proposed Rule and Form Amendments The proposed amendments would affect individuals and entities that have EDGAR accounts or that seek to open EDGAR accounts. The RFA defines ‘‘small entity’’ to mean ‘‘small business,’’ ‘‘small organization,’’ or ‘‘small governmental jurisdiction.’’ 151 For purposes of the RFA, under our rules, an issuer, other than an investment company, is a small entity if it had total assets of $5 million or less on the last day of its most recent fiscal year.152 We estimate there are 908 issuers that file with the Commission— other than investment companies—that would be considered small entities for purposes of this analysis.153 With respect to investment companies and investment advisers, an investment company, including a business development company, is considered to be a small entity if it, together with other investment companies in the same group of related investment companies, has net assets of $50 million or less as of the end of its most recent fiscal year.154 We estimate that there are 82 registered investment companies (including business development companies and unit-investment trusts) that would be considered small entities.155 An investment adviser is generally considered a small entity if it: (1) has assets under management having a total value of less than $25 million; (2) did not have total assets of $5 million or more on the last day of the most recent fiscal year; and (3) does not control, is not controlled by, and is not under common control with another investment adviser that has assets under management of $25 million or more, or any person (other than a natural person) that had total assets of $5 million or more on the last day of its most recent fiscal year.156 We estimate that there are 594 investment advisers that would be considered small entities.157 A transfer agent is considered to be a small entity if it: (1) received less than 500 items for transfer and less than 500 items for processing during the preceding six months (or in the time that it has been in business, if shorter); (2) transferred items only of issuers that would be deemed ‘‘small businesses’’ or ‘‘small organizations’’ as defined in 17 CFR 240.0–10; (3) maintained master shareholder files that in the aggregate contained less than 1,000 shareholder accounts or was the named transfer agent for less than 1,000 shareholder accounts at all times during the preceding fiscal year (or in the time that it has been in business, if shorter); and (4) is not affiliated with any person (other than a natural person) that is not a small business or small organization under 17 CFR 240.0–10.158 We estimate that there are 126 transfer agents that would be considered small entities.159 With respect to municipal securities dealers and broker-dealers, a municipal securities dealer that is a bank (including any separately identifiable department or division of a bank) is a small entity if it: (1) had, or is a department of a bank that had, total assets of less than $10 million at all times during the preceding fiscal year (or in the time that it has been in business, if shorter); (2) had an average monthly volume of municipal securities transactions in the preceding fiscal year (or in the time it has been registered, if shorter) of less than $100,000; and (3) is not affiliated with any person (other than a natural person) that is not a small business or small organization as defined in 17 CFR 240.0–10.160 We estimate there are 171 municipal securities dealers that would be considered small entities.161 A brokerdealer is a small entity if it: (1) had total capital (net worth plus subordinated liabilities) of less than $500,000 on the date in the prior fiscal year as of which its audited financial statements were prepared pursuant to § 240.17a–5(d) or, if not required to file such statements, a broker or dealer that had total capital (net worth plus subordinated liabilities) of less than $500,000 on the last business day of the preceding fiscal year (or in the time that it has been in business, if shorter); and (2) is not affiliated with any person (other than a natural person) that is not a small business or small organization as VerDate Sep<11>2014 18:08 Sep 21, 2023 Jkt 259001 PO 00000 Frm 00032 Fmt 4701 Sfmt 4702 E:\FR\FM\22SEP3.SGM 22SEP3 lotter on DSK11XQN23PROD with PROPOSALS3
Federal Register / Vol. 88, No. 183 / Friday, September 22, 2023 / Proposed Rules 65555 162 17 CFR 240.0–10(c). 163This estimate is based on FOCUS Report data filed during the calendar year of Jan. 1, 2022 to Dec. 31, 2022. 164 17 CFR 240.0–10(d). 165 17 CFR 240.0–10(e). 166 17 CFR 240.0–10(g). 167See Section IV.C.2. 168See the discussion of performance-based standards in Section IV.D.3. 169See the discussion of compliance requirements in Section IV.D.2. 170See supra notes 28–29 (indicating that 60– 90% of EDGAR filings may be submitted by filing agents). 171See Section IV.D.3. defined in 17 CFR 240.0–10.162 We estimate that there are 782 brokerdealers that would be considered small entities.163 A clearing agency is a small entity if it: (1) compared, cleared and settled less than $500 million in securities transactions during the preceding fiscal year (or in the time that it has been in business, if shorter); (2) had less than $200 million of funds and securities in its custody or control at all times during the preceding fiscal year (or in the time that it has been in business, if shorter); and (3) is not affiliated with any person (other than a natural person) that is not a small business or small organization as defined in 17 CFR 240.0–10.164 We estimate there are zero clearing agencies that are small entities. An exchange is a small entity if it: (1) has been exempted from the reporting requirements of § 242.601 of this chapter; and (2) is not affiliated with any person (other than a natural person) that is not a small business or small organization as defined in 17 CFR 240.0–10.165 We estimate there are zero exchanges that are small entities. A securities information processor is a small entity if it: (1) had gross revenues of less than $10 million during the preceding fiscal year (or in the time it has been in business, if shorter); (2) provided service to fewer than 100 interrogation devices or moving tickers at all times during the preceding fiscal year (or in the time that it has been in business, if shorter); and (3) is not affiliated with any person (other than a natural person) that is not a small business or small organization under 17 CFR 240.0–10.166 We estimate there are zero securities information processors that are small entities. Collectively, we estimate that there are 2,663 small entities that would be potentially subject to the proposed amendments, based on our review of data reported as of December 31, 2022. D. Reporting, Recordkeeping, and Other Compliance Requirements As noted above, the purpose of the proposed amendments would be to update access and provide secure management of individual and entity filers’ EDGAR accounts. If adopted, the proposed amendments are expected to apply to all applicants and current EDGAR accounts and would apply to small entities to the same extent as other entities, irrespective of size. Therefore, we generally expect the nature of any benefits and cost associated with the proposed amendments to be similar for large and small entities. We note, and as discussed above,167 all existing and new EDGAR filers will be subject to certain fixed costs to update and maintain an EDGAR account under the proposed amendments, which may result in a proportionally larger burden on small filers. We expect that the proposed amendments to the rules and form to update access and management of EDGAR accounts would have a small incremental effect on existing reporting, recordkeeping and other compliance burdens for all existing and new EDGAR filers, including small entities. The proposed amendments would simplify account management by providing an interactive dashboard on EDGAR, populated with EDGAR account information, as the central platform for account administrators and other delegated individuals to manage access to the account, update account information and send communications and notifications. Some of the proposed amendments, including requirements for all filers to confirm the accuracy of their account information, including authorizations for all account administrators, users, technical administrators, and/or delegated entities, would require the use of administrative and technical skills, and increase compliance costs for registrants, although we do not expect these additional costs would be significant. E. Duplicative, Overlapping, or Conflicting Federal Rules We believe that the proposed amendments would not duplicate, overlap, or conflict with other Federal rules. F. Significant Alternatives The RFA directs us to consider alternatives that would accomplish our stated objectives, while minimizing any significant adverse impact on small entities. In connection with the proposed amendments, we considered the following alternatives: i. Establishing different compliance requirements for individual and entity EDGAR account managers that take into account the resources available to small entities; ii. Clarifying, consolidating, or simplifying compliance and reporting requirements under the rules for small entities; iii. Using performance rather than design standards; 168 and iv. Exempting small entities from all or part of the requirements. Regarding the first, third, and fourth alternatives,169 we do not believe that establishing different compliance requirements, using performance rather than design standards, or exempting small entities from the requirements would permit us to obtain our desired objectives. We are concerned that each of these alternatives would frustrate our efforts to enhance the security of EDGAR, improve the ability of filers to securely manage and maintain access to their EDGAR accounts, facilitate the responsible management of EDGAR filer credentials, and simplify procedures for accessing EDGAR. The proposed amendments set forth uniform requirements for each filer to formally authorize individuals to act on the filer’s behalf in EDGAR as account administrators, users, and technical administrators, which would allow EDGAR to determine whether authorized individuals were accessing and taking actions with regards to the filer’s EDGAR account. As proposed, all individuals accessing EDGAR would be required to sign in with individual account credentials and multi-factor authentication, which would allow EDGAR to identify the individuals accessing EDGAR. As discussed above, we believe that by imposing these requirements on all existing and prospective EDGAR filers, the Commission’s EDGAR Next proposal would generally improve the security of the EDGAR system by establishing a uniform method for authorizing, identifying, and tracking all individuals authorized to act on each filer’s behalf. We anticipate that establishing different compliance requirements, using performance rather than design standards, or exempting small entities would result in a patchwork compliance regime that would frustrate the ability of filing agents and other service providers to efficiently manage filer credentials and manage and maintain access to filers’ EDGAR accounts, and would likewise frustrate our efforts to simplify procedures for accessing EDGAR.170 As noted above,171 the Commission considered using a performance-based approach rather than the design standards of the anticipated EDGAR VerDate Sep<11>2014 18:08 Sep 21, 2023 Jkt 259001 PO 00000 Frm 00033 Fmt 4701 Sfmt 4702 E:\FR\FM\22SEP3.SGM 22SEP3 lotter on DSK11XQN23PROD with PROPOSALS3
65556 Federal Register / Vol. 88, No. 183 / Friday, September 22, 2023 / Proposed Rules 172 Id. 173 15 U.S.C. 77f, 77g, 77h, 77j, and 77s (a). 174 15 U.S.C. 78c, 78l, 78m, 78n, 78o, 78o–4, 78w, and 78ll. 175 15 U.S.C. 77sss. 176 15 U.S.C. 80a–8, 80a–29, 80a–30, and 80a–37. Next changes and the proposed rule. Revising the EDGAR Next changes to make them more performance-based would reduce the regulatory burden for certain filers by permitting them to tailor their EDGAR access compliance requirements to fit their own particular circumstances. For example, small filers could determine that they do not need the additional security provided by multi-factor authentication for designated individuals to be authorized to act on their behalf on the dashboard. Furthermore, larger filers might opt to authorize only one account administrator rather than authorize and maintain two such individuals. However, after consideration, we believe that permitting filers to tailor their EDGAR access compliance requirements to fit their own particular circumstances would diminish the intended benefits of the EDGAR Next changes. As discussed earlier,172 bypassing the individual account credential requirements would make it difficult for the Commission to match specific filings to the relevant individual who made the submissions. Likewise, generally allowing filers to have only one account administrator would increase the likelihood that Commission staff could not reach an account administrator when it had timesensitive questions about access to or activity on the account. Overall, a performance-based approach would create inconsistencies in improving the overall security of EDGAR, facilitating the responsible management of EDGAR filer credentials, and simplifying procedures for accessing EDGAR. In addition, any cost savings associated with a performance-based approach would likely be minimal because filers would still incur the cost of compliance. Further, this alternative would limit the magnitude of the benefits for filers that would result from the contemplated EDGAR Next changes. In addition, establishing different compliance requirements, using performance rather than design standards, or exempting small entities could permit individuals to access EDGAR accounts for small filers without being authorized on the dashboard, without multi-factor authentication, and without their EDGAR permissions being individually verified by EDGAR. Furthermore, if these exemptions or alternatives for small entities were implemented so that individuals acting on behalf of small entities were not required to obtain individual account credentials, the Commission would not be able to associate individuals with the specific filings they submitted on behalf of small entities. Collectively, this would reduce the security of EDGAR accounts for small entities, hinder the ability of the Commission and filers to prevent and resolve problematic and unauthorized filings, and frustrate our efforts to require small entities to responsibly manage EDGAR filer credentials. Regarding the second alternative, we believe the proposal is clear, and that clarifying, consolidating, or simplifying compliance requirements for EDGAR filers, including small entities, is not necessary. All EDGAR users currently follow the same process and rules to access and maintain their EDGAR accounts. The proposed changes to EDGAR account management that are intended in many ways to simplify procedures for accessing EDGAR purposes of EDGAR account management. Among other things, the proposed changes would eliminate the need for individuals to track and share EDGAR passwords, PMACs, and passphrase codes for each CIK. Instead, each individual would only be responsible for tracking a single set of individual account credentials, which we contemplate would be issued by Login.gov. Once the individual logged into EDGAR by using those credentials, the dashboard would automatically authenticate the individual and provide them with the appropriate access to each CIK for which they had been authorized to take action. The dashboard would also display any relevant individual codes or tokens (such as user API tokens or CCCs), instead of requiring the individual to personally track or record those codes or tokens. This should result in more streamlined, modern access processes that would benefit all filers, including individuals and small entities. G. Request for Comment We encourage the submission of comments with respect to any aspect of this RFA. In particular, we request comments regarding: • How the proposed rule and form amendments can achieve their objective while lowering the burden on individuals and small entities; • The number of individuals and small entities that may be affected by the proposed rule and form amendments; • The existence or nature of the potential effects of the proposed amendments on individuals and small entities discussed in the analysis; and • How to quantify the effects of the proposed amendments; and • Whether there are any Federal rules that duplicate, overlap, or conflict with the proposed amendments. Commenters are asked to describe the nature of any effect and provide empirical data supporting the extent of that effect. Comments will be considered in the preparation of the Final Regulatory Flexibility Analysis, if the proposed rules are adopted, and will be placed in the same public file as comments on the proposed rules themselves. Statutory Authority We are proposing to amend Rules 10 and 11 of Regulation S–T and Form ID under the authority in sections 6, 7, 8, 10, and 19(a) of the Securities Act,173 sections 3, 4A, 4B, 12, 13, 14, 15, 15B, 23, and 35A of the Exchange Act,174 section 319 of the Trust Indenture Act of 1939,175 and sections 8, 30, 31, and 38 of the Investment Company Act.176 List of Subjects 17 CFR Part 232 Administrative practice and procedure, Confidential business information, Electronic filing, Incorporation by reference, Reporting and recordkeeping requirements, Securities. 17 CFR Part 239 Administrative practice and procedure, Confidential business information, Incorporation by reference, Reporting and recordkeeping requirements, Securities. 17 CFR Part 249 Administrative practice and procedure, Brokers, Fraud, Reporting and recordkeeping requirements, Securities. 17 CFR Part 269 Reporting and recordkeeping requirements, Securities, Trusts and trustees. 17 CFR Part 274 Administrative practice and procedure, Electronic funds transfers, Investment companies, Reporting and recordkeeping requirements, Securities. For the reasons discussed above, we propose to amend 17 CFR chapter II as follows: VerDate Sep<11>2014 18:08 Sep 21, 2023 Jkt 259001 PO 00000 Frm 00034 Fmt 4701 Sfmt 4702 E:\FR\FM\22SEP3.SGM 22SEP3 lotter on DSK11XQN23PROD with PROPOSALS3
Federal Register / Vol. 88, No. 183 / Friday, September 22, 2023 / Proposed Rules 65557 PART 232—REGULATION S–T— GENERAL RULES AND REGULATIONS FOR ELECTRONIC FILINGS ■ 1. The general authority citation for part 232 continues to read as follows: Authority: 15 U.S.C. 77c, 77f, 77g, 77h, 77j, 77s(a), 77z–3, 77sss(a), 78c(b), 78l, 78m, 78n, 78o(d), 78w(a), 78ll, 80a–6(c), 80a–8, 80a–29, 80a–30, 80a–37, 80b–4, 80b–10, 80b– 11, 7201 et seq.; and 18 U.S.C. 1350, unless otherwise noted.
■ 2. Amend § 232.10 by: ■ a. Revising paragraph (b); ■ b. Adding paragraph (d); and ■ c. Revising Note to § 232.10. The revisions and additions read as follows: § 232.10 Application of part 232.
(b) Each electronic filer must, before filing on EDGAR: (1) File electronically the information required by Form ID (§§ 239.63, 249.446, 269.7 and 274.402 of this chapter), the application for EDGAR access, which must be completed by an individual authorized by the electronic filer as its account administrator, pursuant to paragraph (d)(2) of this section, and (2) File, by uploading as a Portable Document Format (PDF) attachment to the Form ID filing, a notarized document, signed by the electronic filer or its authorized individual, that includes the information required to be included in the Form ID filing and confirms the authenticity of the Form ID filing.
(d) To file on EDGAR, each electronic filer must comply with the EDGAR account access and account management requirements set forth in this section and in the EDGAR Filer Manual. (1) The electronic filer may only authorize individuals to act on its behalf on the dashboard if those individuals have obtained individual account credentials for EDGAR in the manner specified in the EDGAR Filer Manual; (2) Each electronic filer must authorize and maintain at least two (2) individuals as account administrators to act on the electronic filer’s behalf to manage its EDGAR account, except an electronic filer who is an individual or single-member company must authorize and maintain at least one (1) individual as an account administrator to manage its EDGAR account; (3) If the electronic filer chooses to use an EDGAR Application Programming Interface, the electronic filer, through its authorized account administrator(s), must authorize at least two technical administrators to act on the electronic filer’s behalf to manage technical matters related to the electronic filer’s use of any EDGAR Application Programming Interfaces; (4) The electronic filer, through its authorized account administrator(s), must confirm annually on EDGAR that all account administrator(s), users, technical administrators, and/or delegated entities reflected on the dashboard for its EDGAR account are authorized by the electronic filer to act on its behalf, and that all information about the filer on the dashboard is accurate; (5) The electronic filer, through its authorized account administrator(s), must maintain accurate and current information on EDGAR concerning the electronic filer’s account, including but not limited to accurate corporate information and contact information; and (6) The electronic filer, through its authorized account administrator(s), must securely maintain information relevant to the ability to access the electronic filer’s EDGAR account, including but not limited to access through any EDGAR Application Programming Interfaces. Note to § 232.10: The Commission staff carefully reviews each Form ID, and electronic filers should not assume that the Commission staff will automatically approve the Form ID upon its submission. Therefore, any applicant seeking EDGAR access is encouraged to submit the Form ID for review well in advance of the first required filing to allow sufficient time for staff to review the application. ■ 3. Amend § 232.11 by: ■ a. Adding definitions for ‘‘Account administrator’’, ‘‘Application Programming Interface’’, ‘‘Authorized individual’’, ‘‘Dashboard’’, ‘‘Delegated entity’’ in alphabetical order; ■ b. Revising the definitions for ‘‘Direct transmission’’ and ‘‘EDGAR Filer Manual’’; and ■ c. Adding the definitions for ‘‘Filing agent’’, ‘‘Individual account credentials’’, Single-member company’’, ‘‘Technical administrator’’, and ‘‘User’’ in alphabetical order. The additions and revisions read as follows: § 232.11 Definitions of terms used in this part.
Account administrator. The term account administrator means an individual that the electronic filer authorizes to manage its EDGAR account and to make filings on EDGAR on the electronic filer’s behalf.
Application Programming Interface. The term Application Programming Interface, or API, means a software interface that allows computers or applications to communicate with each other.
Authorized individual. The term authorized individual means an individual with the authority to legally bind the entity or individual applying for access to EDGAR on Form ID, or an individual with a power of attorney from an individual with the authority to legally bind the applicant. The power of attorney document must clearly state that the individual receiving the power of attorney has general legal authority to bind the applicant or specific legal authority to bind the applicant for purposes of applying for access to EDGAR on Form ID.
Dashboard. The term dashboard means an interactive function on EDGAR where electronic filers manage their EDGAR accounts and individuals that electronic filers authorize may take relevant actions for electronic filers’ accounts. Delegated entity. The term delegated entity means an electronic filer that another electronic filer authorizes, on the dashboard, to file on EDGAR on its behalf. Delegated entities must themselves be electronic filers and must follow all rules applicable to electronic filers. Delegated entities are not permitted to further delegate authority to file for a delegating electronic filer, nor are they permitted to take action on the delegating electronic filer’s dashboard.
Direct transmission. The term direct transmission means the transmission to EDGAR of one or more electronic submissions.
EDGAR Filer Manual. The term EDGAR Filer Manual means the manual that sets forth the requirements for access to EDGAR and the procedural requirements to make electronic submissions on EDGAR. Note: See Rule 301 of Regulation S–T (§ 232.301).
Filing agent. The term filing agent means any person or entity engaged in the business of making submissions on EDGAR on behalf of electronic filers. To act as a delegated entity for an electronic filer, a filing agent must be an electronic filer with an EDGAR account.
VerDate Sep<11>2014 18:08 Sep 21, 2023 Jkt 259001 PO 00000 Frm 00035 Fmt 4701 Sfmt 4702 E:\FR\FM\22SEP3.SGM 22SEP3 lotter on DSK11XQN23PROD with PROPOSALS3
65558 Federal Register / Vol. 88, No. 183 / Friday, September 22, 2023 / Proposed Rules Individual account credentials. The term individual account credentials means credentials issued to individuals for purposes of EDGAR access, as specified in the EDGAR Filer Manual, and used by those individuals to access EDGAR.
Single-member company. The term single-member company means a company that has a single individual who acts as the sole equity holder, director, and officer (or, in the case of an entity without directors and officers, holds position(s) performing similar activities as a director and officer).
Technical administrator. The term technical administrator means an individual that the electronic filer authorizes on the dashboard to manage the technical aspects of the electronic filer’s use of EDGAR Application Programming Interfaces on the electronic filer’s behalf.
User. The term user means an individual that the electronic filer authorizes on the dashboard to make submissions on EDGAR on the electronic filer’s behalf. PART 239—FORMS PRESCRIBED UNDER THE SECURITIES ACT OF 1933 ■ 4. The authority citation for part 239 continues to read, in part, as follows: Authority: 15 U.S.C. 77c, 77f, 77g, 77h, 77j, 77s, 77z–2, 77z–3, 77sss, 78c, 78l, 78m, 78n, 78o(d), 78o–7 note, 78u–5, 78w(a), 78ll, 78mm, 80a–2(a), 80a–3, 80a–8, 80a–9, 80a– 10, 80a–13, 80a–24, 80a–26, 80a–29, 80a–30, 80a–37, and sec. 71003 and sec. 84001, Pub. L. 114–94, 129 Stat. 1321, unless otherwise noted.
Sections 239.63 and 239.64 are also issued under 15 U.S.C. 77f, 77g, 77h, 77j, 77s(a), 77sss(a), 78c(b), 78l, 78m, 78n, 78o(d), 78w(a), 80a–8, 80a–24, 80a–29, and 80a–37. ■ 5. Revise § 239.63 to read as follows: § 239.63 Form ID, application for EDGAR access. Form ID must be filed by electronic filers, or by their account administrators, to request EDGAR access and to authorize account administrators to manage the electronic filer’s EDGAR account. ■ 6. Form ID (referenced in §§ 239.63, 249.446, 269.7, and 274.402) is revised: Note: Form ID is attached as Appendix A at the end of this document. Form ID will not appear in the Code of Federal Regulations. PART 249—FORMS, SECURITIES EXCHANGE ACT OF 1934 ■ 7. The general authority citation for part 249 continues to read as follows: Authority: 15 U.S.C. 78a et seq. and 7201 et seq.; 12 U.S.C. 5461 et seq.; 18 U.S.C. 1350; Sec. 953(b) Pub. L. 111–203, 124 Stat. 1904; Sec. 102(a)(3) Pub. L. 112–106, 126 Stat. 309 (2012), Sec. 107 Pub. L. 112–106, 126 Stat. 313 (2012), Sec. 72001 Pub. L. 114–94, 129 Stat. 1312 (2015), and secs. 2 and 3 Pub. L. 116–222, 134 Stat. 1063 (2020), unless otherwise noted.
■ 8. Revise § 249.446 to read as follows: § 249.446 Form ID, application for EDGAR access. Form ID must be filed by electronic filers, or by their account administrators, to request EDGAR access and to authorize account administrators to manage the electronic filer’s EDGAR account. PART 269—FORMS PRESCRIBED UNDER THE TRUST INDENTURE ACT OF 1939 ■ 9. The authority citation for part 269 continues to read as follows: Authority: 15 U.S.C. 77ddd(c), 77eee, 77ggg, 77hhh, 77iii, 77jjj, 77sss, and 78ll(d), unless otherwise noted. ■ 10. Revise § 269.7 to read as follows: § 269.7 Form ID, application for EDGAR access. Form ID must be filed by electronic filers, or by their account administrators, to request EDGAR access and to authorize account administrators to manage the electronic filer’s EDGAR account. PART 274—FORMS PRESCRIBED UNDER THE INVESTMENT COMPANY ACT OF 1940 ■ 11. The authority citation for part 274 continues to read as follows: Authority: 15 U.S.C. 77f, 77g, 77h, 77j, 77s, 78c(b), 78l, 78m, 78n, 78o(d), 80a–8, 80a–24, 80a–26, 80a–29, and 80a–37, unless otherwise noted.
■ 12. Revise § 274.402 to read as follows: § 274.402 Form ID, application for EDGAR access. Form ID must be filed by electronic filers, or by their account administrators, to request EDGAR access and to authorize account administrators to manage the electronic filer’s EDGAR account. By the Commission. Dated: September 13, 2023. J. Matthew DeLesDernier, Deputy Secretary. Note: Appendix A will not appear in the Code of Federal Regulations. BILLING CODE 8011–01–P VerDate Sep<11>2014 18:08 Sep 21, 2023 Jkt 259001 PO 00000 Frm 00036 Fmt 4701 Sfmt 4702 E:\FR\FM\22SEP3.SGM 22SEP3 lotter on DSK11XQN23PROD with PROPOSALS3
Federal Register / Vol. 88, No. 183 / Friday, September 22, 2023 / Proposed Rules 65559 VerDate Sep<11>2014 18:08 Sep 21, 2023 Jkt 259001 PO 00000 Frm 00037 Fmt 4701 Sfmt 4725 E:\FR\FM\22SEP3.SGM 22SEP3 lotter on DSK11XQN23PROD with PROPOSALS3 EP22SE23.004</GPH>
65560 Federal Register / Vol. 88, No. 183 / Friday, September 22, 2023 / Proposed Rules VerDate Sep<11>2014 18:08 Sep 21, 2023 Jkt 259001 PO 00000 Frm 00038 Fmt 4701 Sfmt 4725 E:\FR\FM\22SEP3.SGM 22SEP3 lotter on DSK11XQN23PROD with PROPOSALS3 EP22SE23.005</GPH>
Federal Register / Vol. 88, No. 183 / Friday, September 22, 2023 / Proposed Rules 65561 VerDate Sep<11>2014 18:08 Sep 21, 2023 Jkt 259001 PO 00000 Frm 00039 Fmt 4701 Sfmt 4725 E:\FR\FM\22SEP3.SGM 22SEP3 lotter on DSK11XQN23PROD with PROPOSALS3 EP22SE23.006</GPH>
65562 Federal Register / Vol. 88, No. 183 / Friday, September 22, 2023 / Proposed Rules VerDate Sep<11>2014 18:08 Sep 21, 2023 Jkt 259001 PO 00000 Frm 00040 Fmt 4701 Sfmt 4725 E:\FR\FM\22SEP3.SGM 22SEP3 lotter on DSK11XQN23PROD with PROPOSALS3 EP22SE23.007</GPH>
Federal Register / Vol. 88, No. 183 / Friday, September 22, 2023 / Proposed Rules 65563 VerDate Sep<11>2014 18:08 Sep 21, 2023 Jkt 259001 PO 00000 Frm 00041 Fmt 4701 Sfmt 4725 E:\FR\FM\22SEP3.SGM 22SEP3 lotter on DSK11XQN23PROD with PROPOSALS3 EP22SE23.008</GPH>
65564 Federal Register / Vol. 88, No. 183 / Friday, September 22, 2023 / Proposed Rules VerDate Sep<11>2014 18:08 Sep 21, 2023 Jkt 259001 PO 00000 Frm 00042 Fmt 4701 Sfmt 4725 E:\FR\FM\22SEP3.SGM 22SEP3 lotter on DSK11XQN23PROD with PROPOSALS3 EP22SE23.009</GPH>
Federal Register / Vol. 88, No. 183 / Friday, September 22, 2023 / Proposed Rules 65565 VerDate Sep<11>2014 18:08 Sep 21, 2023 Jkt 259001 PO 00000 Frm 00043 Fmt 4701 Sfmt 4725 E:\FR\FM\22SEP3.SGM 22SEP3 lotter on DSK11XQN23PROD with PROPOSALS3 EP22SE23.010</GPH>
65566 Federal Register / Vol. 88, No. 183 / Friday, September 22, 2023 / Proposed Rules VerDate Sep<11>2014 18:08 Sep 21, 2023 Jkt 259001 PO 00000 Frm 00044 Fmt 4701 Sfmt 4725 E:\FR\FM\22SEP3.SGM 22SEP3 lotter on DSK11XQN23PROD with PROPOSALS3 EP22SE23.011</GPH>
Federal Register / Vol. 88, No. 183 / Friday, September 22, 2023 / Proposed Rules 65567 VerDate Sep<11>2014 18:08 Sep 21, 2023 Jkt 259001 PO 00000 Frm 00045 Fmt 4701 Sfmt 4725 E:\FR\FM\22SEP3.SGM 22SEP3 lotter on DSK11XQN23PROD with PROPOSALS3 EP22SE23.012</GPH>
65568 Federal Register / Vol. 88, No. 183 / Friday, September 22, 2023 / Proposed Rules VerDate Sep<11>2014 18:08 Sep 21, 2023 Jkt 259001 PO 00000 Frm 00046 Fmt 4701 Sfmt 4725 E:\FR\FM\22SEP3.SGM 22SEP3 lotter on DSK11XQN23PROD with PROPOSALS3 EP22SE23.013</GPH>
Federal Register / Vol. 88, No. 183 / Friday, September 22, 2023 / Proposed Rules 65569 VerDate Sep<11>2014 18:08 Sep 21, 2023 Jkt 259001 PO 00000 Frm 00047 Fmt 4701 Sfmt 4725 E:\FR\FM\22SEP3.SGM 22SEP3 lotter on DSK11XQN23PROD with PROPOSALS3 EP22SE23.014</GPH>
65570 Federal Register / Vol. 88, No. 183 / Friday, September 22, 2023 / Proposed Rules VerDate Sep<11>2014 18:08 Sep 21, 2023 Jkt 259001 PO 00000 Frm 00048 Fmt 4701 Sfmt 4725 E:\FR\FM\22SEP3.SGM 22SEP3 lotter on DSK11XQN23PROD with PROPOSALS3 EP22SE23.015</GPH>
Federal Register / Vol. 88, No. 183 / Friday, September 22, 2023 / Proposed Rules 65571 VerDate Sep<11>2014 18:08 Sep 21, 2023 Jkt 259001 PO 00000 Frm 00049 Fmt 4701 Sfmt 4725 E:\FR\FM\22SEP3.SGM 22SEP3 lotter on DSK11XQN23PROD with PROPOSALS3 EP22SE23.016</GPH>
65572 Federal Register / Vol. 88, No. 183 / Friday, September 22, 2023 / Proposed Rules VerDate Sep<11>2014 18:08 Sep 21, 2023 Jkt 259001 PO 00000 Frm 00050 Fmt 4701 Sfmt 4725 E:\FR\FM\22SEP3.SGM 22SEP3 lotter on DSK11XQN23PROD with PROPOSALS3 EP22SE23.017</GPH>
Federal Register / Vol. 88, No. 183 / Friday, September 22, 2023 / Proposed Rules 65573 VerDate Sep<11>2014 18:08 Sep 21, 2023 Jkt 259001 PO 00000 Frm 00051 Fmt 4701 Sfmt 4725 E:\FR\FM\22SEP3.SGM 22SEP3 lotter on DSK11XQN23PROD with PROPOSALS3 EP22SE23.018</GPH>
65574 Federal Register / Vol. 88, No. 183 / Friday, September 22, 2023 / Proposed Rules VerDate Sep<11>2014 18:08 Sep 21, 2023 Jkt 259001 PO 00000 Frm 00052 Fmt 4701 Sfmt 4725 E:\FR\FM\22SEP3.SGM 22SEP3 lotter on DSK11XQN23PROD with PROPOSALS3 EP22SE23.019</GPH>
Federal Register / Vol. 88, No. 183 / Friday, September 22, 2023 / Proposed Rules 65575 [FR Doc. 2023–20268 Filed 9–21–23; 8:45 am] BILLING CODE 8011–01–C VerDate Sep<11>2014 18:08 Sep 21, 2023 Jkt 259001 PO 00000 Frm 00053 Fmt 4701 Sfmt 9990 E:\FR\FM\22SEP3.SGM 22SEP3 lotter on DSK11XQN23PROD with PROPOSALS3 EP22SE23.020</GPH>