While the new rules will be effective once published in the Federal Register, the staff provided guidance on November 20, 2020, that it would not recommend enforcement action if a company complies with the new rules in advance of the effective date. Accordingly, a company may begin using electronic signatures in compliance with the new rules as soon as it collects the required attestation from the relevant signatory (which we discuss in more detail below).

Companies can utilize electronic signatures for:

• Registration statements under the Securities Act of 1933, as amended (e.g., Forms S-1, S-3, S-4, S-8, F-1, F-3, and F-4).
• Reports and other documents filed pursuant to the Securities Exchange Act of 1934, as amended, for example:
  • Forms 8-A, 8-K, 10, 10-K, and 10-Q, as well as Section 302 and Section 906 certifications,
  • Beneficial ownership reports filed pursuant to Section 16 and Sections 13(d) and 13(g) and Schedule TO, and
  • Foreign private issuer filings such as Form 20-F and Form 6-K.
• Certain filings under the Investment Company Act of 1940.
• Applying for EDGAR access codes on Form ID (but note any state-specific notary requirements will still apply).
• Notice of an exempt offering of securities on Form D.

The company needs to collect a manually signed attestation from each signatory, acknowledging that their use of an electronic signature in any authentication document constitutes the legal equivalent of their manual signature. This attestation must be retained by the company for as long as the signatory may use an electronic signature to sign authentication documents, and at least seven years after the date of the most recent electronically signed authentication document. The new rules allow the company the flexibility to retain and store this manually signed attestation in electronic format (i.e., the signatory must sign the attestation in “wet ink”, but the company need only retain and store a scan of the attestation for the required time period).

We have provided a suggested form for the attestation.

Electronic signatures are not required, so companies can still rely on the existing procedure of having the signatory manually execute the signature page and retaining such page for a period of five years. However, the new rules also permit more flexibility here in allowing companies to retain and store such manually signed signature page via electronic means (i.e., the signatory must sign the signature page in wet ink, but the company need only retain a scan of the signature page for the required time period).

An electronic signing process must meet four requirements outlined in the updated EDGAR Filer Manual. Companies should review these requirements with regards to any proposed electronic signature process method or service provider, but we do expect that companies will be able to use commercially available e-signature platforms.

The chart below walks through the four signature process requirements and some practical considerations.

As further clarification, the SEC defined “electronic signature” as “an electronic sound, symbol, or process, attached to or logically associated with a record and executed or adopted by a person with the intent to sign the record.” While this is substantially similar to the definition in the E-SIGN Act, the SEC specifically noted that the E-SIGN Act does not apply to its requirements related to authentication documents.

Companies should confer with their information technology (IT) department, but an email response alone may not meet these four e-signature process requirements and if it does not, could not be used as an electronic signature. Note that the SEC’s requirements are designed to ensure verification and security, including through authentication and nonrepudiation. A simple email response without added security measures may not satisfy the authentication requirement and may be subject to later repudiation by the officer.

However, an email that is signed with a digital certificate may meet the SEC’s four e-signature process requirements. Companies that opt to use electronic signature process other than a commercially available e-signature platform should work with their IT department to understand whether they have a tool for secure electronic certifications that complies with the new rule. There may also be limitations to such tools, such as requiring an officer or director to use a single device for all emails that contain digital certificates.

There is no hard and fast rule here, but generally companies have taken the approach that signatures to filings can be collected in advance and will be dated as of the filing date. The company’s procedures should make it clear that a signatory’s responsibilities to approve the finalized filing do not end when they have authenticated their signature, and that the signature of the filing will be dated as of the filing date.

Companies can take several steps to ensure that signatories are clear on this practice and understand the scope of their responsibilities, including:

• Remind signatories with each signature request—for example, include in the e-signature platform message field.
• Insert “[Date of Filing]” over the date field when requesting electronic signatures, or simply leave the date field blank. If the date field option within the e-signature platform is utilized (which would result in the program automatically filling in the date field with the date the electronic signature request is fulfilled), it may imply that the signature only speaks of such date. As discussed above, companies should ensure that the auto-generated report provided by the e-signature program otherwise includes a date/time stamp of the signature for purposes of the company’s records.

Of course, signatories should be kept updated as to the status of the document being filed and any changes. If there are any material changes to the filing, companies may want to re-collect signatures to ensure their records reflect that the signatories signed off on the later document.

With the new rules, companies will likely want to revisit their rules and procedures around electronic signatures and signature process. In revisiting these policies, consider:

• Working with the company’s IT department early to understand the company’s e-signature options and to develop and/or implement e-signature processes that meet the SEC’s requirements.
• Requiring that electronic signatures and the auto-generated report are pulled out of the e-signature platform and saved with the company files. Companies will want to avoid having to reopen e-signature platform accounts of departed employees to retrieve electronic signature packets and the signature reports.
• Confirming that all employees who are sending signatures are aware of any new policies, especially those implemented in light of the SEC rules discussed above (e.g., attaching the document being signed to the signature request and reminding signatories that the date of their signature will be the filing date).
• Whether or to what extent the company wants to adopt a policy of sending signature requests separately, rather than “tagging” each signatory to sign one document. If all signatories are tagged in one document request, the program reports the document signature process completed only when all those signatures are completed. This approach might pose logistical issues if a director delivers their signature through another method, or where the company can’t connect with certain signatories to collect their signature but can file the document without such signatory (e.g., if filing the Form 10-K and a majority of directors have otherwise signed).
• Including the attestation form in any onboarding documents signed by new officers and directors (or in any similar process for officers who are promoted internally), so that the company has the manually signed attestation before such officer or director’s signature is needed for a filing. Those who have power of attorney for executing Section 16 filings for officers and directors should also sign an attestation form.
• Developing a process for tracking which individuals have delivered an attestation and can sign documents electronically, including noting when the retention requirement expires (e.g., for a departed director, identify the date that is seven years from the date of the last filing signed by such departed director).
• Briefing the company’s directors and officers on the SEC’s new rules, the company’s available e-signature options, and any limitations or requirements to ensure a smooth process in adopting electronic signatures for SEC filings.