With the Federal Reserve still pumping money into capital markets to the tune of $80 billion a month, the traditional summer slowdown period may never materialize for financial reporting workers in need of a breather prior to Form 10-Q filing deadlines in August.
The continued upward trend markets are projecting is good news for companies that outsource the processing of their compliance documents as well as those who do their own reporting under their own roofs via self-provisioning software.
One thing that is still being debated tooth and nail, however, is the benefit or disadvantage of both self-filer and outsourced approaches to Securities and Exchange Commission (SEC) filings when it comes to security concerns.
Depending on which company representatives you speak with, you will get varying answers as to which approach is best: should you make the move to doing your own filings inhouse or continue to pay companies to process your EDGAR and XBRL for you?
It really boils down to what companies are comfortable with doing as there are security pitfalls to be found in either approach.
Some public companies have not made the move to the self-filer platform due to security concerns with the Cloud. For better or worse, the Cloud is not retreating as a way of doing business; to the contrary, it will continue to grow over time. This makes sense as to one degree or another we have been migrating to entrusting the Cloud with our personal data for many years. Similarly, our businesses will continue to automate their accounting functions which will invariably look at streamlining things like SEC filings.
What about online breaches or downtime?
With redundancy systems in effect and investments in security and IT infrastructure, the breaches and downtime that were once common are not found as frequently today. But, it is unlikely the technology will ever be 100% secure as hackers will be hackers. So, no matter what you may be told by a company wanting to assist you with doing your own compliance filings yourself with self-provisioning software, there is always the outside chance a security concern can bite you when you least expect it to.
I prefer someone else do my work
So, you are not ready to make the move to doing your own filings just yet. You prefer the relative safety of partnering with a company to do your filings for you the traditional way. While this is typically a more expensive approach, you will not have the security concerns that doing business in the Cloud poses. Or will you just have different (but no less in potential impact) security concerns?
Surveys done by traditional financial reporting providers reflect clients not caring where their work is processed or their documents worked on; they only care whether or not their documents are being processed quickly and with no errors. This may be an accurate survey finding. However, companies allowing providers to do their filings for them should be aware of other potential security concerns.
The overwhelming majority of work processed by companies who perform financial reporting services for publicly-owned companies is done by workers overseas. This kind of offshoring presents different security challenges that companies should be aware of.
While assurances of all kinds may be given that sensitive documents are handled with the utmost confidentiality and privacy, when your documents are being processed in another corner of the world where the very security of the facility the employees work in cannot be guaranteed, you should at least be aware of the potential for some kind of physical breach, especially in countries where laws governing the handling of such documents are not always clear. Another concern is the high rate of employee turnover in these countries whose workers routinely seek better opportunities elsewhere; you give up a portion of your document process control when you entrust its security to third parties.
It is not yet feasible or realistic for all public companies to do their own filings. The choice of companies to perform SEC filings themselves or not comes down to several considerations they must undertake. The security concerns of doing business in either the Cloud or overseas, however, are pretty much a wash at this point—mistakes can always happen on both platforms but safeguards are in place to minimize the damage.