The NASPP Blog

This week marked the annual changing of my EDGAR password. I rarely use EDGAR these days, so I have an appointment in my Outlook calendar to remind me to do this every year.  Even though, in the event that my password expired, I could easily generate a new password using the EDGAR Filer Management website and my EDGAR passphrase, I prefer to be proactive about these things.  Since the topic of EDGAR access codes is fresh in my mind, I thought it might be helpful to review the various codes for our blog readers. 

EDGAR Access Codes Demystified
Access to the EDGAR system requires five codes (the SEC takes security seriously–that’s more codes than my online bank and credit card accounts require):

• Central Index Key (CIK): Anyone using EDGAR and any entity for which filings are submitted is assigned a CIK and keeps that same CIK for his/her/its entire existence.  The CIK identifies filers and users in the system. Even if an insider moves to a new company or is a insider in multiple companies simultaneously, he/she only has one CIK.  This allows investors to query all of an insider’s filings using one search, even if the insider has changed companies or changed names (e.g., in the case of marriage). CIKs are public–you can find out any company’s or insider’s CIK just by querying EDGAR.   
• CIK Confirmation Code (CCC):  The CCC is similar to a password and is used to validate EDGAR filings.  CCCs should be known only to the insider and those making filings on his/her behalf.  CCCs don’t expire and generally don’t change, even when an insider moves from one company to another, but you can and should change a CCC if you think it has been compromised (see my Sept 15, 2009 blog entry “Fraudulent Section 16 Filings“). 
• Password:  The EDGAR password is necessary only to log onto the EDGAR website. It isn’t included in the EDGAR filing and it isn’t necessary for an insider’s password to be current for you to submit filings on his/her behalf.  EDGAR passwords have to be changed every 12 months or they expire (but, see my March 10, 2009 blog entry, “EDGAR Passwords: One Less Thing To Do,” about how you can avoid updating all your insiders’ password if you have your own EDGAR login). 
• Password Maintenance Authorization Code (PMAC): This code must be entered to change an EDGAR password.
• Passphrase: This code is used to generate new EDGAR codes (except for the CIK). When a CIK is first assigned, the passphrase is used to generate the rest of the required EDGAR codes. On an ongoing basis, the passphrase can be used to generate new codes when necessary. For example, if I had forgotten to renew my password before it expired, I could use my passphrase to generate a new password (along with the other EDGAR access codes).  Passphrases do not need to be updated, but if it necessary to generate a new one (e.g., if you’ve forgotten it or if it has been compromised), you can do so via the EDGAR Filer Management website.

Less Than Two Weeks Left Until the NASPP Conference
Catch up with all the latest Section 16 and Rule 144 developments at the 18th Annual NASPP Conference. The Conference is less than two weeks away and the Conference hotel has already sold out–register today to make sure you can attend.

NASPP “To Do” List
We have so much going on here at the NASPP that it can be hard to keep track of it all, so I keep an ongoing “to do” list for you here in my blog. 

• Register for the 18th Annual NASPP Conference before it’s too late! 
• Complete the Compliance-O-Meter quiz on ESPP Design.
• Take the “Question of the Week” challenge.
• Renew your NASPP membership for 2010 (if you aren’t an NASPP member, join today).
• Don’t miss your local NASPP chapter meetings in KS/MO, Michigan, and Sacramento.

– Barbara