Following up on my long-running series of e-signature blogs, for some reason, this topic always fascinates me: “How do companies – in practice – retain all those signatures for SEC filings? For CEO/CFO certifications and any sub-certifications that back those up?”
In other words, how many binders are sitting behind the corporate secretary’s desk? (More than you might think.)
Are they locked in a safe? (Not likely.)
What happens if the corporate secretary moves on and leaves the company? (The good old-fashioned loss of institutional memory.)
When it comes to developing controls for electronic signatures under the SEC’s rules that got revised a few years back, many found the actual rollout to be much more challenging than they first anticipated. That’s partly because of the need to explain internally some of the nuances in the wording of the SEC’s standards, but mostly because of the need to coordinate between IT security, IT services, HR, external reporting, the Controller, the auditor, etc.
It can be a bear. You need at least one flowchart.
As for the SEC’s archival requirements, here’s the lay of the land:
2. Attestation – retain for as long as the insider uses an e-signature, and then 7 years after its last used
3. CEO/CFO certifications – retain for 5 years (no requirement to retain sub-certifications, but you obviously would want to retain those for at least as long as you’re holding onto the CEO/CFO certifications)
What should your archival practices consist of for electronic signatures? Most companies already have these types of databases in use since contract management is a key part of any organization. Electronic signatures have been widely used for many years outside of our small little SEC world.
Most have welcomed the SEC’s administrative relief and create an electronic archival process for the e-signatures, perhaps converting them into PDFs and routinely backing up the signature database. It should make life much easier for those tasked with archiving signatures.