8/3/2019 E-Signature Webcast for Financial Services Legal Counsel
1/59
E-Signatures for FinancialServices
Silanis Technology Inc., 2011 All Rights Reserved
Legal & Regulatory Update
Thursday, October 20, 2011
8/3/2019 E-Signature Webcast for Financial Services Legal Counsel
2/59
Welcome
Toll Free 888-600-4866
Toll: 913-312-9303
939743LIVE MEETING TECHNICAL SUPPORT
- - -
Margo Tank
Partner
Michael Laurie
Vice President Strategic Development
R David Whitaker
Sr. Company Counsel
Silanis Technology Inc., 2011 All Rights Reserved
uc ey an er Silanis Technologye s argo
8/3/2019 E-Signature Webcast for Financial Services Legal Counsel
3/59
Key Drivers for E-Signatures within Banks
CUSTOMER
EXPERIENCE
REDUCING
OPERATIONAL
COST
AND
TRANSFORMATION
The big banks investments in2Q10 in online banking ideally
RISK EFFICIENCY
Banks interest in adopting
Robo-signing could ultimatelyinvalidate tens of thousands of
offer their customers morepersonalization capabilities.
Gartner, October
e-s gna ures as s yroc e ein the past 12 to 24 monthsthinner profit margins, and the
need to cut costs internally,has sparked the financial
,say legal experts. Analysts sayit could top $20 billion
September, Huffington Post
services industry to adoptan electronic strategy thatembraces efficient, straightthrough processing.Banks IT spending research
High street banks were underintense pressure to give uptheir fight against paying outclaims for mis-selling payment
Forrester, Januaryn ca es an emp as s onretail customer-orientedinvestments.
Gartner, October
protection insurance, afterLloyds Banking Groupssurprise 3.2bn provision tocover claims by millions of
Silanis Technology Inc., 2011 All Rights Reserved
. May, The Guardian
8/3/2019 E-Signature Webcast for Financial Services Legal Counsel
4/59
E-Signature Benefits Risk Reduction
Key CFPB regulations to define terms such as excessive and abusive are
forthcoming. However, it is important to recognize right away that violations of
these provisions will be costly, and risk mitigation activities should commence
August 2010, PWC, A Closer Look Dodd-Frank
New consumer credit rules require lenders to make sure borrowers understand
the details of a loan and carry out thorough checks on any borrowers, so you can
be confident that what you receive is suitable for your circumstances.
February 2011, The Guardian
Judges have ruled that foreclosing based on flawed or missing evidence
violates longstanding laws meant to protect all Americans' property rights.
Silanis Technology Inc., 2011 All Rights Reserved
- July 2011, Reuters
8/3/2019 E-Signature Webcast for Financial Services Legal Counsel
5/59
Online Business Transactions - Challenges
Products, Channels
us nessClients, Agents
eop e
Laws & Regulations
ComplianceDocuments, Disclosures, etc.
Documents
RulesSystems
Silanis Technology Inc., 2011 All Rights Reserved
Process, Parameters-commerce, ar y
8/3/2019 E-Signature Webcast for Financial Services Legal Counsel
6/59
The E-Signature Advantage
More control
Enforce re uired com liance rocesses and rules
More visibility
Monitor transactions and receive notifications in real-time
More evidence
How transaction documents were viewed and signed
More flexibility
Automate efficiency for branch, online, mobile and partners
Less Risk
Reduce compliance and legal risk with better processes
Silanis Technology Inc., 2011 All Rights Reserved
8/3/2019 E-Signature Webcast for Financial Services Legal Counsel
7/59
Overview
e era an a e aw a a e se o ec ron c gna ures
Federal E-SIGN Act since 2000 UETA Adopted in 49 jurisdictions
,fundamental premise: electronic records and signatures cannot be deniedsolely because of their electronic form
Overarching focus in 2011 is moving from understanding legal framework tomp emen a on
Questions Become: How reliable are electronic signatures and records? How do authenticate individuals?
How can I minimize transaction and compliance risk? Are contested electronic records and signatures admissible and enforceable? Will subsequent transaction parties or the government accept electronic signatures and
records?
1
8/3/2019 E-Signature Webcast for Financial Services Legal Counsel
8/59
Legal Framework
ESIGN and UETA: Enable the Presentation of Information (e.g., Disclosures) and Electronically
Signed Agreements Where Ink and Paper Would Have Been Required
Requires Firm Grasp Of:
Interaction Between the Electronic Processes Used to Sign and StoreElectronic Records
- equ remen s Underlying Substantive Law (e.g., TILA, GLBA, State Disclosure & Record
Retention Laws) Regulator Acceptance
2
8/3/2019 E-Signature Webcast for Financial Services Legal Counsel
9/59
ESIGN and UETA Basics
Basic Rules:
A record or signature may not be denied legal effect or enforceability because it is inelectronic form. A contract may not be denied legal effect or enforceability solely because an electronic
record was used in its formation. ny aw t at requ res a wr t ng w e sat s e y an e ectron c recor . Any signature requirement in the law will be met if there is an electronic signature.
Electronic Record: A record, created, generated, sent, communicated, received or.
record includes a transferable record.
Electronic Signature:
Any sound, symbol or process; Attached to or logically associated with an electronic record; and Executed or adopted with the intent to sign the electronic record. May be accomplished through technology, through processes and procedures, or through a
combination of both.
3
8/3/2019 E-Signature Webcast for Financial Services Legal Counsel
10/59
ESIGN and UETA:
Both laws act as overlay statutes;
Both laws will likely apply to the transaction;
Both laws recognize electronic signatures any kind;
Both laws recognize electronic records disclosuresand agreements;
4
8/3/2019 E-Signature Webcast for Financial Services Legal Counsel
11/59
ESIGN and UETA Basics
Both laws re uire transaction art consent
Both laws accept electronic records forretention/admission process. The record holder mustbe prepared to demonstrate that the electronic record:
was signed or delivered;
Is accessible to anyone entitled to access the record holders copy ofthe Record under an applicable rule of law or agreement;
an e accura e y repro uce or a er re erence; an Is capable of being retained (in some cases at the time the record is
provided) by transaction participants to whom it has been madeavailable for review or signature.
5
8/3/2019 E-Signature Webcast for Financial Services Legal Counsel
12/59
ESIGN and UETA Basics
Both laws exclude:
Wills, codicils and testamentary trusts;
Letters of Credit (covered by revised UCC Article 5);
Securities (covered by UCC Revised Article 8);
Securit interests in oods and intan ibles covered b UCC Revised Article9);
Software licensing laws (if State has adopted UCITA);
Most laws concerning checks.
6
8/3/2019 E-Signature Webcast for Financial Services Legal Counsel
13/59
ESIGN and UETA Basics
Both a l to:
Consumer protection laws;
Laws governing real estate transactions (subject to special rules concerningdocuments to be filed of record);
Laws of agency;
Laws covering powers of attorney;
Laws requiring notarization of documents;
Laws governing trusts (except testamentary trusts);
aws concern ng e su m ss on o ocumen s o, or ssuance o ocumen sby, government authorities (subject to special rules ).
7
8/3/2019 E-Signature Webcast for Financial Services Legal Counsel
14/59
Creating a Reliable Electronic Record
Creatin reliable electronic si natures and records are
critical for a number of reasons:
Comply with state or federal writing, signing and original requirements
Meet state or federal record retention requirements
Obtain admission of electronic records into evidence in the event of a disputethe mere fact that information has been created and stored within a com utersystem does not make that information reliable or authentic).
8
8/3/2019 E-Signature Webcast for Financial Services Legal Counsel
15/59
Identifying Risks
Authentication Risk: The risk is that the signer says that is not my signature;
Is the signer:
who they say they are
o ey ave e au or y o n Company relying on the signature has to bear the burden of proof.
The risk is that the rules and regulations that govern the transaction are not
met.
time in the transaction (possible statutory penalties).
For example: ESIGN & UETA requirements are not met (consequence mayinclude statutory penalties based on conclusion that required disclosure was
9
.
8/3/2019 E-Signature Webcast for Financial Services Legal Counsel
16/59
Identifying Risks
Re udiation Risk:
The risk is that the signer says that is not the record that I signed or thedisclosure that I received.
Admissibility Risk: The risk is that the electronic record is not admissible into evidence or for
regulatory purposes.
Introduction into evidence will require proof of integrity:
Identification to original transaction
Freedom from alteration
10
8/3/2019 E-Signature Webcast for Financial Services Legal Counsel
17/59
Regulatory Activity
FRB - Electronic Communication Rules for Consumer protectionstatutes (e.g., Reg Z, Reg D, Reg E)
OCC Bulletins on Consumer Consent and Record Retention
HUD/FHA Mortgagee Letter on Purchase and Sale Contracts
FFIEC Authentication in an Online Banking Environment
2011 Supplement: periodic risk assessment, minimum controls, layered
secur y
States Disclosures, Record Retention, Mail Requirements
11
8/3/2019 E-Signature Webcast for Financial Services Legal Counsel
18/59
Emerging Principles/Significant Cases InvolvingElectronic Records
Authentication and Authority The Prudential Ins. Co. of America v. Dukoff, No. 07-1080, 674 F.Supp. 2d 401
(E.D.N.Y. Dec. 18, 2009) (materially false statements made by reasonablyauthenticated insurance applicants may be used to challenge the validity of theapplication); National Auto Lenders, Inc. v. SysLOCATE, Inc., No. 09-21765, 686
. . . . . . ,unenforceable where website operator knew the persons accepting theagreement lacked actual or apparent authority).
ec ron c gna ures mee a u e oFrauds Writing Requirements Shattuck v. Klotzbach, 14 Mass. L. Rptr. 360 (Super. Ct., Mass., December 11,
2001); (Signed emails could be used to prove the existence of a real estate sale
contract); but see Rosenfeld v. Zerneck, 4 Misc. 3d 193, 776 N.Y.S.2d 458 (Sup.Ct., Kings Co. 2004); Vista Developers Corp. v. VFP Realty LLC, 17 Misc. 3d914, 847 N.Y.S.2d 416 (Sup. Ct., Queens Co. 2007)(no agreement reached onessential terms of transaction).
12
8/3/2019 E-Signature Webcast for Financial Services Legal Counsel
19/59
Emerging Principles/Significant Cases InvolvingElectronic Records
Clearly Presented Agreements and Disclosures willbe Enforced Unless Unconscionable, No Opportunity to View
Terms, or for Reasons other than being Solely in Electronic Form Evans v. Linden Research, 763 F. Supp. 2d 735 (E.D. Pa. 2011) (mandatory forum selection
-California law where users had to check box to agree to terms each time there was achange); Berry v. Webloyalty.com, 2011 U.S. Dist. Lexis 39581 (S.D. Cal. April 11, 2011)(disclosures made on online club enrollment page sufficient to place reasonable consumerson notice and sufficiently clear and readily understandable to satisfy the Federal ReserveBoards standard for electronic signatures); Fusha v. Delta Airlines, Inc., 2011 U.S. Dist.Lexis 97295 (D. Md. Aug. 30, 2011) (customer bound by forum selection clause contained interms of use, even where she did not remember reading the terms); but see Koch Industriesv. John Does, 2011 U.S. Dist. Lexis 49529 (May 9, 2011) (terms of use unenforceable where
bound by them); Schnabel v. Trilegiant Corp., 2011 U.S. Dist. LEXIS 18132 (D. Conn.Feb. 24,. 2011) (court refused to enforce arbitration clause in website agreement whereplaintiffs were not presented with chance to view terms before acceptance)
13
8/3/2019 E-Signature Webcast for Financial Services Legal Counsel
20/59
Emerging Principles/Significant Cases InvolvingElectronic Records
Preserving evidence of data integrity, screen shots and process flows isessential
Lorraine v. Markel American Ins. Co., 241 F.R.D. 534, 538 (D.Md. 2007). Judge Grimm in Lorraine v. MarkelAmerican Ins. Co., 241 F.R.D. 534, 538 (D.Md. 2007): [C]onsidering the significant costs associated withdiscovery of ESI, it makes little sense to go to all the bother and expense to get electronic information only tohave it excluded from evidence or rejected from consideration during summary judgment because theproponent cannot lay a sufficient foundation to get it admitted.
In Re Vee Vinhnee, 336 B.R. 437 (9th Cir. BAP (Cal.) 2005) Court refused to admit electronic credit cardtransaction records due to inadequate authentication.
11-Factor Foundation For Electronic Records:
The business uses a computer. . The business has developed a procedure for inserting data into the computer. The procedure has built-in safeguards to ensure accuracy and identify errors. The business keeps the computer in a good state of repair. The witness had the computer readout certain data. The witness used the ro er rocedures to obtain the readout.
The computer was in working order at the time the witness obtained the readout. The witness recognizes the exhibit as the readout. The witness explains how he or she recognizes the readout. If the readout contains strange symbols or terms, the witness explains the meaning of the
symbols or terms for the trier of fact. Id. at 14 (citing Edward J. Imwinkelried, Evidentiary
14
. . .
8/3/2019 E-Signature Webcast for Financial Services Legal Counsel
21/59
Emerging Principles/Significant Cases InvolvingElectronic Records
The primary authenticity issue as identified by the court in In Re Vee, . . . . ,
. . . what has, or may have, happened to the record in the interval between when it wasplaced in the files and the time of trial. In other words, the record being proffered must beshown to continue to be an accurate representation of the records that originally was created. . . . Hence, the focus is not on the circumstances of the creation of the record, but rather on
assure that the document being proffered is the same as the document that was originallycreated.
The court focused on the 4th factor and noted that for electronicallystored information:
[t]he logical questions extend beyond the identification of the particular computer equipmentand programs used. The entitys policies and procedures for the use of the equipment,database, and programs are important. How access to the pertinent database is controlledand, separately, how access to the specific program is controlled are important questions.
ow c anges n t e ata ase are ogge or recor e , as we as t e structure animplementation of backup systems and audit procedures for assuring the continuing integrityof the database, are pertinent to the question of whether the records have been changedsince their creation.
15
8/3/2019 E-Signature Webcast for Financial Services Legal Counsel
22/59
Emerging Principles/Significant Cases InvolvingElectronic Records
American with Disabilities Act and the Internet Earll v. eBay, Inc., No. 5:11-cv-00262-JF (N.D. Cal. Sept. 7, 2011)(Class Action
Alleges eBay's Identity Verification Policy Violates the ADA); National Federationof Blind v. Target Corp., 582 F.Supp.2d 1185, N.D.Cal., 2007.
16
8/3/2019 E-Signature Webcast for Financial Services Legal Counsel
23/59
ESIGN and UETA An Analytical Model
Look to UETA Official Comments and Con ressional
Record at time of ESIGN adoption in House and Senate,for interpretive rules
en n erpre ng am guous prov s ons, as :interpretation serves purpose of statute and meets
common sense test What would I do with a paper document?
17
8/3/2019 E-Signature Webcast for Financial Services Legal Counsel
24/59
Analyzing Systems for Creating, Storing and RetrievingBinding Agreements A Provisional Checklist
A reement to Electronic Transaction Identify parties who must agree
Direct participants
Vendors and service providers
Indirect stakeholders
Establish manner of agreement
B2B onsumer spec a ru es or consen
Agreement to system rules
18
8/3/2019 E-Signature Webcast for Financial Services Legal Counsel
25/59
Analyzing Systems for Creating, Storing and RetrievingBinding Agreements A Provisional Checklist
Execution Signature
Authority to sign
Evidence of intent
Intent to sign
Purpose of signature
Per document basis og ca y assoc a e w recor
Process
Attribution
19
8/3/2019 E-Signature Webcast for Financial Services Legal Counsel
26/59
Analyzing Systems for Creating, Storing and RetrievingBinding Agreements A Provisional Checklist
Document Format and Deliver Compliance with existing formatting rules
Standards for document formats
Non-proprietary
Self-contained
Delivery methods
Mailing or hand delivery currently required a ng or an e very no curren y requ re
20
8/3/2019 E-Signature Webcast for Financial Services Legal Counsel
27/59
Analyzing Systems for Creating, Storing and RetrievingBinding Agreements A Provisional Checklist
Record Inte rit : Tracking alterations or versions
Preventing alteration of executed documents
Associating records
Replacing records
Identifying authoritative copies
Encryption of executed documents to prevent undetected alteration se o as a gor ms an a e an me s amp ec no ogy
Record Management Controls: Control of access to databases
Recording and logging of changes Backup practices
Audit procedures
21
8/3/2019 E-Signature Webcast for Financial Services Legal Counsel
28/59
Analyzing Systems for Creating, Storing and RetrievingBinding Agreements A Provisional Checklist
Document Access Access based on role in transaction
Access levels
Methods of access
Person responsible for providing and maintaining access
Principal
Custodian u con rac ors
Timeframe for access
Data Survivability/Migration
22
8/3/2019 E-Signature Webcast for Financial Services Legal Counsel
29/59
Controlling Risks with SPeRS (Standards and
Procedure for Electronic Records and Si natures
- of the road available to all parties seeking to take advantage of thepowers conferred by ESIGN and UETA;
Helps create the implementation guidance not present in ESIGN and
Initially published 2003; update coming in November 2011; Founded on the proposition that much of the time and effort being
invested b com anies re-inventin the wheel could be avoided ifcross-industry standards for these elements of electronictransactions could be established;
Focused on the behavioral and legal aspects of the interaction, .
intended to be technology neutral; Standards are not necessarily legal minimums, but implementing the
standards should enhance reliability and sufficiency.
23
8/3/2019 E-Signature Webcast for Financial Services Legal Counsel
30/59
The SPeRS Structure
SPeRS is divided into five sections: Authentication
Consent Agreements, notices and disclosures Record retention
Each section provides 5 to 10 high-level standards to guide systemsdesi ners in develo in rocesses that will meet the new le alrequirements.
Each Standard is supported by: Plain-English discussions of the underlying issues,
ec sts out n ng spec c strateg es an opt ons orimplementing the standards, Examples and illustrations, and
-
24
.
8/3/2019 E-Signature Webcast for Financial Services Legal Counsel
31/59
Industry Adoption
Mortgage(http://www.mersinc.org/MersProducts/index.aspx?mpid=19)
https://www.efanniemae.com/sf/guides/ssg/relatedsellinginfo/emtg/pdf/emtgguide.pdfhttp://www.freddiemac.com/singlefamily/elm/pdf/eMortgage_Guide.pdf
Student Lending(http://ifap.ed.gov/dpcletters/attachments/gen0106Arevised.pdf)
Variable Annuities (http://www.irionline.org/standards)
Electronic Chattel Pa er
(http://www.standardandpoors.com/prot/ratings/articles/en/us/?assetID=1245199808682)
Online Bankin
25
(http://www.ffiec.gov/pdf/authentication_guidance.pdf)
SPeRS (http://www.spers.org/spers/index.htm)
8/3/2019 E-Signature Webcast for Financial Services Legal Counsel
32/59
Questions?
. .
Buckley Kolar LLP1250 24th Street, NW
u eWashington, DC 20037
D: 202.349.8050: m an uc e o ar.com
F: 202.349.8080www.buckleykolar.com
26
8/3/2019 E-Signature Webcast for Financial Services Legal Counsel
33/59
Agenda
Delivering Disclosures, Agreements and Notices
E ectronic Signatures Attri ution, Aut ority an
Intent
n ro uc ng ec ron c ecor s n o v ence
2011 R. David Whitaker. All rights reserved. No copyright claimed on images licensed from others. No
part of this document may be reproduced or transmitted in any form, by any means (electronic,
00
, .
presentation is for purposes of education and discussion. It is intended to be informational only and does not
constitute legal advice regarding any specific situation, product or service.
D li i Di l A t d N ti
8/3/2019 E-Signature Webcast for Financial Services Legal Counsel
34/59
Delivering Disclosures, Agreements and Notices
The Record Management Cycle
Generate Deliver Store Manage Destroy
Record
Life
Cycle
PropagateData
Track
RecordVersions
Extract &Index Data
Create
Audit Trails& Reports
Active
Data
Processes
Boilerplate Docs
Transaction-specific
Docs
Audit Trails
for Enrollment,
Screen Shots
& Process Flows
Primary
Record
Secure and Consistent Record Management
AccessQuality & Record Business
Key
a egor es
Search and
Secure Communication
Record Management Responsibi lity
on ro sControls
ys ems
Issues
Capabilities
1
Company Policies and Guidelines
Record Management Audit Trails & Reports
8/3/2019 E-Signature Webcast for Financial Services Legal Counsel
35/59
Delivering Disclosures, Agreements and Notices
GLBA Information Security Guidelines
FFIEC Authentication Guidance
Identity Theft Red Flags Regulation and
Guidelines
FFIEC Information Security Booklet FFIEC E-Banking Booklet
FFIEC Supervision of TSPs Booklet
FFIEC Outsourcing Technology Services Booklet
FFIEC Development & Acquisition Booklet
2
FIL-44-2008, Managing Third Party Risk
8/3/2019 E-Signature Webcast for Financial Services Legal Counsel
36/59
Delivering Disclosures, Agreements and Notices
Key Requirements
onsen s requ re aw o erw se requ res n o e vere
in writing ESIGN Consumer Consent Process
B-to-B Consent
UETA delivery provisions not preempted by ESIGN
Need Agreement (express or implied) on Delivery Method
Need to deal w ith bouncebacks in many cases
Popular Delivery Options
Dis la as art of an interactive session
Delivery in the body of an email or as an email attachment, or
Delivery of an email or other electronic notice that has a URL
embedded in it that the consumer ma activate to review the
3
information.
8/3/2019 E-Signature Webcast for Financial Services Legal Counsel
37/59
Delivering Disclosures, Agreements and Notices
More Key Requirements
ec ron c recor s are no en orcea e aga ns a rec p en
the sender inhibits the recipients ability to print or retain acopy
Customer must be able to retain a copy for later reference
Electronic Records retained by sender must be accurate,
remain accessible for later reference
All formatting, timing and display requirements must be
observed. Timing includes:
Pro er se uence within transaction
Any time frames or deadlines for delivery
Length of time the information/ document remains accessible
4
8/3/2019 E-Signature Webcast for Financial Services Legal Counsel
38/59
Delivering Disclosures, Agreements and Notices
ClearCall
to Action
Prompt for Retention/
Presented in Scroll Box, PDF or Behind
Offer Retention-Friendly Version
-
5
Get Consent Draw Attention Present Documenta n
Signature
8/3/2019 E-Signature Webcast for Financial Services Legal Counsel
39/59
Delivering Disclosures, Agreements and Notices
DesignDelivery Design Choices Execution
Secure or Unsecure?
Push out in email/SMS, or send
ready notice and pull behind
Enrollment / consent process
Audit trails and reporting Transmittal message contents
Authentication rocess for access
Establish agreement on delivery
When deemed deliveredDelivery address
Obli ation to u date addressrewa
Embedded hyperlinks in ready
notice email?
Permit target to set delivery
to secure data (if applicable)
Record generation and posting to
delivery system
Message or notice
Obtain ESIGN Consent
Generate records
Send notice or attachments
Provide opportunity to retain
Permit target to designate multiple
recipients?
Forced review or bypassable?
Record retention/destruction process
Record generation/posting
Handle bouncebacks
Handle withdrawal of consent
Key Considerations- Will the records contain sensitive information?- Will the records contain required disclosures or notices?- Are multiple delivery methods possible/desirable?
Key Considerations
2 Factor Authentication required?
How will cross-system compatibility/communication
issues be addressed?
How much of design will be automated or manual?
Is system intended for use with targets without prior
Key Considerations Addressing electronic delivery channels
Agreement on what constitutes sending and
receipt (Note some state UETAs limit variation
by agreement)
6
- re ere p s ng or p arm ng ssues o a ress- Need to maintain control over display and audit trails?- Need to obtain ESIGN Consumer Consent?
e ec ron c re a ons p w sen er
Regulatory requirements for timing , delivery,
proximity, conspicuousness, forced review?
Agreement on obligation to update electronic
addresses
Managing bouncebacks and withdrawal of
consent
Electronic Signatures
8/3/2019 E-Signature Webcast for Financial Services Legal Counsel
40/59
Electronic Signatures
Key Elements
Electronic Signature
Definition of signature -- Electronic
Key Elements
Signature means an electronic identifying
sound, symbol, or process a t tached to or
log ica l ly connectedwith an electronicrecord and execu ted or adop ted by a
person with p re sen t i n t e n t i o n to
The signature be a t t r i b u t a b l e to
the signer and associated w iththe records
au en ca e a recor .
This definition includes (for example):
Typed names,
A click-through on a software
programs dialog box combined w ith
to sign
The signing party must have the
i n t en t to affix a signature to the
recordsome other identification procedure,
Personal identification numbers,
Biometric measurements,
A digitized picture of a handwritten
signature,
ESIGN and UETA do n ot require
that:
The signature process itself
provide proof of identity
Use of SecureID or Defender
number generato rs, and
A complex, encrypted authentication
system.
Note that a click-through probably does
The signature process itself
protect the record from
alteration without detection
7
not satisfy the requirements for an
electronic signature under Article 9 of the
UCC.
l i i
8/3/2019 E-Signature Webcast for Financial Services Legal Counsel
41/59
Electronic Signatures
Attribution basics
Legal sufficiency vs. attribution -
Attribution in the electronic world
In an electronic environment,
- UETA and ESIGNs signature
rules:
Answer the question is it a
signature?
attribution is often proven by
associating the signature with use
of a credential. A credential is a
method for establishing the
Do NOT answer the question
is it y o u r signature?
Attribution must be proven:
identity of the signer, and may
involve use of a password,
employment of a token (such as a
random number generator), Attribution may be proven by
any means, including
surrounding circumstances or
efficacy of agreed-upon
biometrics, or demonstration of
knowledge of a shared secret, or
some combination of the above (or
similar devices a roaches . Usesecurity procedure
The burden of proof is usually
on the person seeking to
of the credential gives the personreceiving the signed record a
reasonable basis to believe that the
8
intended signer.
Electronic Signatures
8/3/2019 E-Signature Webcast for Financial Services Legal Counsel
42/59
Electronic Signatures
AttributionCreating a Credential
A credential may be:
Assigned to the signer directly by
Notes on credentials
Note that the effectiveness of the credential for
attribution depends on the integrity and
reliabilit of the rocess for first creatin and
record, either in advance or at the
time of signing. Assigned to the signer indirectly,
through a hierarchical model, where
assigning the credential to the individual.
So, if it is easy to get a credential under falsepretenses, then the value of the credential for
attribution is diluted.
the intended recipient gave a root
or master credential to a person
who is then authorized to provide
derivative credentials to others
But, if the process for first issuing the
credential to the correct person is
demonstrably reliable, then the later use of
the credential will usually constitute stronge.g. ec p en g ves a mas er ser
ID and password for its Treasury
Services website to an executive at
Company X and the executive then
establishes passwords for other
ev ence o a r u on.
In more sophisticated applications the customer
may be given multiple credentials to permit two
or three-factor authentication, depending on the
risk level of the s ecific re uested transaction.
Company X employees).
Created spontaneously (often
through the use of biometrics or a
shared secret) at the time it is
So, for example, a banking customer may be ableto access general online banking services using
a User ID and Password, but then be required to
also provide a one-time password or PIN from a
9
needed for the signing. random-number generator before completing a
funds transfer during the online session.
El t i Si t
8/3/2019 E-Signature Webcast for Financial Services Legal Counsel
43/59
Electronic Signatures
Common Strategies for Credential Creation/Distribution
Customer-initiated online/mobile
Validated used existing shared information, or
Self-asserted (usually just for initial contact/applications) Delivered
ay e pers s en or one- me , ran om num er genera or
Sent to known address (email or postal) or phone number (sms orvoice)
Ma be further validated on first use or each use Use of dedicated hyperlink contained in message to access platform
Confirmation using shared information
Self-assigned
esponse o nv a on
Use of dedicated hyperlink contained in message to access platform
Created on platform
Sometimes -- Confirmation using shared information
10
Assigned via heirarchical model (more later)
El t i Si t
8/3/2019 E-Signature Webcast for Financial Services Legal Counsel
44/59
Electronic Signatures
ESIGN and UETA incorporate the existing commonlaw rule re uirin that the si nin art have theauthority to sign.
Individuals identity, age, capacity capacity isusuall taken for ranted with an erson over theage of 18, unless there are indications to thecontrary
Representatives identity, age, capacity, andaut orization to ta e t e contemp ate action onbehalf of the represented party. The authority toact is not automatic just because a person is an
. .employee). Authority must be either expressly orimplicitly conferred by the represented person.
11
Electronic Signatures
8/3/2019 E-Signature Webcast for Financial Services Legal Counsel
45/59
Electronic Signatures
Authorit for Re resentatives
Hail Mary
Very often used with small companies. It presumes that in a small company anyone taking action
w ith respect to bank services must have authority to do so because unauthorized activity is so
difficult to conceal. This involves a cost/ benefit risk analysis, since historically small business
employees have proven quite adept at using bank accounts and banking relationships to commit
fraud under the noses of their co-employees and owners.
In the most formal of situations, a certificate is required from the companys owners or controlling
body (Board of Directors, General Partners, Members, etc.) confirming the authori ty of a particular
Situational
Authority
. ,
incorporated into an opinion letter from outside counsel, creating a potential claim against outside
counsel in case of a later dispute.
Where authority is not formally established, it may alternatively be established by circumstance.
actual orapparent
authority
Job titles and/ or known supervision and review of the proposed agreement by senior management
may establish either actual or apparent authority to act.
In this model, the potential recipient of the signed records (e.g. the bank) assigns a master
TheHierarchical
Model
, ,
(e.g. the Senior Vice President for Treasury Management Services) whose authority to establish
the initial relationship is beyond question (either because of certification or situational
verification) . In turn, the recipients system of record permits the trusted company representative
to create lower-level credentials for other company employees. These credentials come wi th
assigned rights, wh ich may include the right to enter into additional agreements with the recipient.
12
,
recipients right to rely on the hierarchical model to establish the authority of the lower-level
employees to sign.
Electronic Signatures
8/3/2019 E-Signature Webcast for Financial Services Legal Counsel
46/59
g
Intent to Sign
Elements of Intent
The signers intent is composed of two
Samples of Notices to Establish Intent
" "elements:
The intent to sign
The purpose of the signature The intent to sign may be established by the
surrounding circumstances. In an electronic
of this Agreement, you agree that
you have read and understand thisAgreement and that you w ill be
bound by and comply with all of its,
intent to sign is to advise the signer that the
action he or she is about to take (click through,
entrance of PIN, typing of name, etc.) w ill
constitute a signature.
Purpose of signature
terms
by typing your name in the
signature box on the account
signup page, you are signing and There are four basic purposes a signature
may serve with respect to a record:
1. I agree to it
2. It came from me
3. Ive seen it
agreeing to t e terms an
conditions of this Agreement
BY CLICKING ON THE SIGN NOW
BUTTON BELOW, YOU ARE SIGNING
.
Which of these purposes is applicable to aparticular signature may be established by
surrounding circumstances or may be
specifically stated as part of the signature
process. In many cases the signature
.
THE SIGN NOW BUTTON WI LLRESULT IN AN ENFORCEABLE
LEGAL CONTRACT, JUST AS IF Y OU
HAD SIGNED YOUR NAME TO AN
13
serves more than one of these purposes.
The signers intent must be established
separately in some manner for each signature
that is applied to the record.
AGREEMENT ON PAPER.
Electronic Signatures
8/3/2019 E-Signature Webcast for Financial Services Legal Counsel
47/59
Electronic Signatures
Three primary criteria
Boilerplate Document vs. Transaction-
Specific Document
Size of transaction or liability exposure
Extent to which transaction self-validates Physical presence at signing
Services are personal to signer (e.g. medical, legal)
Physical product being shipped
Product or service is customized to individual
14
Electronic Signatures
8/3/2019 E-Signature Webcast for Financial Services Legal Counsel
48/59
g
Selecting a Process
Capture
Boilerplate
Click-ThroughPer Transaction
u ra
Preserve Process Flows
Preserve Template Document
15
Establish Identity Present Record Prompt Retentiona n
Click-through
Electronic Signatures
8/3/2019 E-Signature Webcast for Financial Services Legal Counsel
49/59
Selecting a Process
Capture
Transaction-
Specific Signaturesu ra
AnticipateObsolescence
Generally, Retain A Copy of the
Dynamic Signed Record, Not
Document, Once Signed, Should Be Protected
Just a Flat File
ga ns n e ec e era on
16
Establish Identity Present Record Obtain Signature Prompt Retention
I t d i El t i R d i t E id
8/3/2019 E-Signature Webcast for Financial Services Legal Counsel
50/59
Introducing Electronic Records into Evidence --
The Federal Rules of Evidence and the Uniform Rules of
,
together, address the admissibility of electronic businessrecords:
The Business Record Rule, and
The Best Evidence Rule.
17
Introducing Electronic Records into Evidence
8/3/2019 E-Signature Webcast for Financial Services Legal Counsel
51/59
Introducing Electronic Records into Evidence --
The Business Record rule permits the introduction into evidence of
business records of regularly conducted business activity. A businessrecord w ill be admissible:
I f it is a record, in any form, of acts, events, conditions, opin ions, ordiagnoses, made at or near the time by, or from informationtransmitted by, a person w ith know ledge, and if: T e recor is ept in t e course o a regu ar y con ucte
business activity, and I t was a regular practice of that business activity to make the
memorandum, report, record or data compilation, all as show nb the testimon of the custodian or other ualif ied w itness orby certification that complies w ith the Rules of Evidence,
Unless the source of information or the method or circumstances ofpreparation indicate the record is not trustworthy.
eop e v . u e n , . o o. pp.
18
Introducing Electronic Records into Evidence
8/3/2019 E-Signature Webcast for Financial Services Legal Counsel
52/59
Introducing Electronic Records into Evidence --
Even though a record is admissible under the business records
exception to the hearsay rule, it must also satisfy the Best EvidenceRule.
The Best Evidence Rule, sometimes called the Original WritingRule, provides that in order to prove the content of a writing,recording, or photograph, the original w riting, recording, or
,or by Act of Congress.
An original is defined as: [T]he writing or recording itself or anycounterpart intended to have the same effect by a person executing
or issuing it. If data are stored in a computer or similar device,any pr n ou or o er ou pu rea a e y s g , s own o re ec edata accurately, is an original.
Peopl e v . McFar l an, 744 N.Y.S.2d 287, (N.Y. Sup. 2002)
19
Introducing Electronic Records into Evidence
8/3/2019 E-Signature Webcast for Financial Services Legal Counsel
53/59
Introducing Electronic Records into Evidence --
The UETA and ESIGN extend the existing principles of the Best
Evidence rule, providing:
ny requ remen o preserve or pro uce an or g na recor ssatisfied by an electronic record of the information in the record to
be produced, so long as the electronic record: Accurately reflects the information in the record to be produced
,
Remains accessible for later reference.
Evidence of a record may not be excluded solely because it is inelectronic form.
20
Introducing Electronic Records into Evidence --
8/3/2019 E-Signature Webcast for Financial Services Legal Counsel
54/59
Introducing Electronic Records into Evidence --
Introduction into evidence w ill require proof of integrity
en ca on o or g na ransac on
Freedom from alteration
21
Introducing Electronic Records into Evidence --
8/3/2019 E-Signature Webcast for Financial Services Legal Counsel
55/59
Introducing Electronic Records into Evidence
Courts evaluating the integrity of an electronic record
may be expected to focus on systemic protections --
division of labor
complexity of systems Encr tion of executed documents to revent
undetected alteration
activity logs
security of copies stored offsite to verify content
22
Some Additional Resources
8/3/2019 E-Signature Webcast for Financial Services Legal Counsel
56/59
Some Additional Resources
Standards and Procedures for electronic Records andSi natures available for urchase at www.s ers.or
FFIEC Information Technology Examination Handbook available at
http://ithandbook.ffiec.gov/ FFIEC Guidance On Electronic Financial Services And Consumer
Compliance available at www.ffiec.gov/PDF/EFS.pdf
FTC Guidance on Dot Com Disclosures available athttp://business.ftc.gov/documents/bus41-dot-com-disclosures-
information-about-online-advertisin FTC Staff Report on Improving Consumer Mortgage Disclosures
available at www.ftc.gov/opa/2007/06/mortgage.shtm
AIIM Recommended Practice Report on Electronic DocumentManagement Systems AIIM ARP1-2006 avai a e at
www.aiim.org/documents/standards/arp1-2006.pdf Lorraine v. Markel American Insurance Co., 241 F.R.D. 534 (D. Md.
Ma 4 2007 available at
23
http://www.mdd.uscourts.gov/Opinions/Opinions/Lorraine%20v.%20Markel%20-%20ESIADMISSIBILITY%20OPINION.pdf
UPCOMING CONFERENCE
8/3/2019 E-Signature Webcast for Financial Services Legal Counsel
57/59
Electronic Signature & RecordsAssociation Annual ConferenceNovember 9 & 10, 2011
Washington, DC
http://esignrecords.org/events/
Silanis Technology Inc., 2011 All Rights Reserved
QUESTIONS?
8/3/2019 E-Signature Webcast for Financial Services Legal Counsel
58/59
Silanis Technology Inc., 2011 All Rights Reserved
8/3/2019 E-Signature Webcast for Financial Services Legal Counsel
59/59
Silanis Technology Inc., 2011 All Rights Reserved