Audit of the Secretary of the Commonwealth of Massachusetts Overview of Audited Entity

The Secretary of the Commonwealth of Massachusetts (SOC) operates under the authority of Chapter 9 of the Massachusetts General Laws and various statutes related to corporations, securities, and elections. SOC is the principal public information office for state government and is organized into the following 16 major divisions: Executive Office, Address Confidentiality Program, Administration, Massachusetts Archives, Citizen Information Service, Commonwealth Museum, Corporations Division, Elections Division, Massachusetts Historical Commission, Lobbyist Division, Public Records Division, Registries of Deeds, Securities Division, State Records Center, State House Tours and Government Education Division, and State Publications and Regulations Division. Each division, accompanied by descriptions, is listed in the Appendix.

SOC has multiple office locations, which include One Ashburton Place in Boston, the Commonwealth Museum and State Archives building in Boston, the Southeast District Office in Fall River, and the Western Office in Springfield.

As of December 31, 2021, SOC had 572 full-time employees, of which 44 were in the Corporations Division. The Corporations Division comprises 10 departments, led by a director. The fiscal years 2020 and 2021 General Appropriations Act appropriated $48,259,494 and $54,234,127 for SOC, respectively, of which $352,868 each year was allocated for the Corporations Division to implement a corporate dissolution program.⁴

The Corporations Division is the repository for certain records for an estimated 217,000 active corporations, 165,000 active limited liability companies, and an additional 20,000 entities that are registered to conduct business or organized in Massachusetts. The Corporations Division also manages the records of limited partnerships and business trusts. Filings made with the Corporations Division by these entities include service marks⁵ and trademarks.

In 2001, the Corporations Division implemented the business and Uniform Commercial Code electronic filing and imaging system. The system consists of three components: (1) the SOC Staging⁶ database; (2) the EDSStaging⁷ database, for SOC Corporations Division staff members only; and (3) the Corpprod⁸ database, which is accessible to the public. The Corpprod database gives the public a mechanism to use nearly all Corporations Division services, which include many of the filings made with the Corporations Division.

Sections 1.25 and 16.22 of Chapter 156D of the General Laws identify SOC’s duties related to the general filing requirements for all domestic profit and foreign corporations permitted to conduct business in Massachusetts. The four filing methods for Articles of Organization and annual reports are in-person, mail, fax, and online. There are two phases to the Articles of Organization approval process: an initial review by a document examiner and a final review and approval by a staff attorney or compliance manager.

When filings are submitted through the mail or in person, they are first separated based on the type of entity, such as a domestic profit or foreign corporation. A document examiner then reviews each filing to ensure that it contains all the statutory requirements. If the filing does not have all the statutory requirements, it is rejected and returned to the filer. If all the statutory requirements are included, the payment, which is based on the type of corporation, is processed at the cashier window. A document examiner reviews the check or money order to verify payment. Once the filer makes the payment, the document examiner endorses the administrative page,⁹ attaches the appropriate coversheet, and forwards the filing to a staff attorney or compliance manager for final review and approval. If the filing is approved by a staff attorney or compliance manager, they endorse the administrative page. A data entry clerk scans a copy of the filing into the SOC Staging database, and the filing is made immediately available to the public through the Corpprod database.

Articles of Organization submitted online or through fax are automatically scanned into the SOC Staging database. The Quality Control Unit reviews faxed filings to ensure that they are legible, then a document examiner reviews each filing (both faxed and online) to ensure that it contains all the statutory requirements. If a filing does not have all the statutory requirements, it is sent to the rejected queue and the filer is notified.

Once a filing is approved, a document examiner endorses the administrative page and sends the filing to a staff attorney or compliance manager for a final review to ensure that all requirements are met, including whether the filer made the payment. If a faxed filing is approved by a staff attorney or compliance manager, it is then forwarded to the data entry queue through the EDSStaging database. A data entry clerk enters the filing into the Corpprod database, and the filing is made immediately available to the public.

All Articles of Organization must be signed by an incorporator, which connects the corporation to the individual who intends to create a business in the Commonwealth. The Articles of Organization are public information, and the incorporator is required to verify that all information outlined in the document is accurate.

According to the Section 113.57 of Title 950 of the Code of Massachusetts Regulations,

[All corporations] authorized to transact business in the Commonwealth shall file an annual report with the [Corporations Division] within 2½ months after the close of the corporation’s fiscal year end. . . .The annual report shall set forth:

(a)  the name of the corporation;

(b)  the state or country under whose law it is incorporated;

(c)  the street address of the corporation’s registered office in the commonwealth;

(d)  the name of the registered agent at that office;

(e)  the street address of the corporation’s principal office;

(f)   the names and business addresses of its board of directors and its president, treasurer and secretary, and if different, its chief executive officer and chief financial officer;

(g)  a brief description of the nature of its business;

(h)  the total number of authorized shares, itemized by class and series, if any, within each class;

(i)   the total number of issued and outstanding shares, itemized by class and series, if any, within each class;

(j)   the stock of the corporation is publicly traded; and

(k)  fiscal year end.

A document examiner reviews annual reports submitted by mail or in person to ensure that each report contains all the statutory requirements. If the report does not have all the statutory requirements, it is rejected and returned to the filer. If all the statutory requirements are included, payment—which is based on the type of organization—is processed at the cashier window. A document examiner reviews the check or money order to verify the payment. Once the payment is finalized, the data entry clerk scans the report into the SOC Staging database, and it is immediately made available to the public through the Corpprod database.

Annual reports that are submitted online or through fax are automatically scanned into the SOC Staging database. Any annual report filed online with no changes from the prior year is automatically approved by the Corpprod database. The Quality Control Unit reviews faxed reports to ensure that they are legible, then a document examiner reviews each faxed report, or online report with changes, to ensure that it contains all the statutory requirements. If the report does not have all the statutory requirements, it is sent to the rejected queue and the filer is notified. Once it is approved, a faxed report is forwarded to the data entry queue through the EDSStaging database. A data entry clerk enters the filing into the Corpprod database, and the filing is made immediately available to the public.

On September 30, 2020, the Office of the Comptroller of the Commonwealth provided guidance in response to the 2019 coronavirus (COVID-19) pandemic for state agencies. The guidelines help state agencies experiencing significant changes to their business processes to identify their goals, objectives, and risks associated with COVID-19. Objectives can include telework; return-to-office plans; a risk assessment of the impact of COVID-19 on state agency operations; changes to the business process; safety protocols for staff members and visitors; and tracking of COVID-19–related awards and expenditures, which are tracked separately from other federal, state, and local expenditures. The guidance also states that Commonwealth agencies experiencing a significant impact should draft separate COVID-19 Pandemic Response Plan Appendixes to their internal control plans.

The Coronavirus Aid, Relief, and Economic Security (CARES) Act was signed into law on March 27, 2020. According to the United States Department of the Treasury’s website, the CARES Act “provided fast and direct economic assistance for American workers, families, small businesses, and industries.” SOC received $8,325,918 in Election Security Grants, which provided CARES Act funds to help states prevent, prepare for, and respond to COVID-19 during the 2020 election cycle. SOC distributed the funds to municipalities to cover the costs of expanded voting by mail, the costs of personal protective equipment and social distancing measures for in-person voting, and the costs of communications about changes in the voting process for both the state primary and general elections.

The Executive Office of Technology Services and Security (EOTSS) has established policies and procedures that apply to all Commonwealth agencies using EOTSS-managed information technology infrastructure, such as email, websites, etc. EOTSS’s Information Security Risk Management Standard IS.010 requires that all Commonwealth personnel are trained annually for cybersecurity awareness. According to Section 6.2 of EOTSS’s Information Security Risk Management Standard IS.010, “The objective of the Commonwealth information security training is to educate users on their responsibility to help protect the confidentiality, availability and integrity of the Commonwealth’s information assets.”