On November 17, 2020, the Securities and Exchange Commission (SEC) voted to allow e-signatures, subject to certain prerequisites, on documents filed with the SEC via the Electronic Data Gathering, Analysis, and Retrieval (EDGAR) system. (EDGAR serves as the primary system of submissions by entities and others who are required by law to file forms with the SEC). The amendments were made to Rule 302 of Regulation S-T as a series of initiatives designed to streamline and fortify the SEC’s operations. The amendments will become effective 30 days after publication of the adopting release in the Federal Register. However, compliance will not be required until April 12, 2021, and there will be an initial 90-day phase-in period following the compliance date.

Currently, typed signatures are included in electronic filings made on EDGAR. Nothing about that process will change. The SEC intends for the process to be technologically neutral and providers of digital signature services will likely meet these requirements.

Alston & Bird outline the previous and amended signature requirements under Rule 302(b) along with the six preparation steps for the use of the e-signature. However, here is a brief summary:

  • Authentication documents can still be signed manually
  • The new rules spell out exactly how to authenticate an electronic signature
  • There are several steps issuers can take to prepare for e-signatures

Previous Signature Requirements Under Rule 302(b) 

  • Each signatory to an electronic filing was required to manually sign a signature page or other document (authentication document) before or at the time of filing to authenticate, acknowledge, or adopt the signature on the electronic filing.
  • The filer was required to retain authentication documents for five years and furnish a copy of the “wet” signature to the SEC upon request.

Amended Signature Requirements Under Rule 302(b) 

  • Under the amended rules, when an authentication document is signed with an electronic signature, the signing process must, at a minimum:
  • Require the signatory to present a physical, logical, or digital credential that authenticates the signatory’s individual identity;
  • Reasonably provide for non-repudiation of the signature;
  • Provide that the signature be attached, affixed, or otherwise logically associated with the signature page or document being signed; and
  • Include a timestamp to record the date and time of the signature.
  • Retain the authentication document for five years and furnish a copy to the SEC upon request.
  • The initial electronic signature authentication document and electronically signed attestation documents may be electronically stored.
See also  An RIA Guide to Deciphering Managed IT, Cybersecurity Operations, and Cyber Governance

The SEC has also created new Rule 302(b)(2) and Rule 302(b)(3) to include new requirements related to electronic signatures. Before using electronic signatures, signatories must:

  •  Manually sign a document attesting that the use of an electronic signature in future authentication documents is the same legal equivalent of the signatory’s manual signature (initial electronic signature authentication document) before initially using electronic signatures (Rule 302(b)(2)).
  • Retain such document for at least seven years after the most recent electronically signed authentication document (Rule 302(b)(2)).
  • Submit the initial manually signed electronic signature authentication document to the SEC or its staff upon request (Rule 302(b)(3)).

Agio shares information meant to not only make you aware of key changes in prominent cybersecurity and privacy standards, laws and frameworks, but helps to provide context and clarity to these rapidly changing and emerging topics.