Resources

WOLF & CO Insights E-Sign Compliance: Challenges & Considerations

E-Sign Compliance: Challenges & Considerations



Written by: Jordan Lehtonen, CRCM

COVID-19 presented many unforeseen challenges for financial institutions and significantly altered the banking ecosystem to promote safer, virtual operations. Institutions demonstrated resiliency to the lack of in-person interactions by expanding the use of electronic communication with their clients.

While financial institutions had to quickly adjust their processes during the pandemic, regulatory agencies maintained their compliance expectations during examinations. Navigating the rules behind the Electronic Signatures in Global and National Commerce Act (E-Sign Act) can be difficult, but there are specific ways institutions can ensure the implementation of a compliant E-Sign program.

E-Sign Authorization

First, consider the protection that E-Sign provides the consenting consumer. Did the consumer consent to receiving the document electronically? When the consumer is agreeing to electronic disclosures, E-Sign § (c)(1)(B)(ii) requires that a clear statement be provided informing the consumer what they’re consenting to receive electronically prior to approval.

Institutions must ensure the consumer is provided and accepts E-Sign disclosure before receiving the disclosure electronically. In other words, the E-Sign consent must be separate from the actual document that the institution wishes to provide electronically. Also, prior to distributing the actual E-Sign document, the institution must receive the consumer’s attestation confirming that they have the hardware and software capabilities to receive and view the test document electronically.

Under E-Sign § 101(c)(1)(C)(ii), an institution must reasonably demonstrate that the consumer can access information in the electronic format subject to the consent. Institutions must ensure the format of the E-Sign disclosure is consistent with the format of their electronic disclosures. For example, an institution might allow deposit accounts to be opened online. If the E-Sign disclosure is provided in a PDF format to the consumer, then the deposit account Truth in Savings Act Disclosures must also be provided in PDF format.

Additional E-Sign Act Consent Requirements

A common E-Sign Act inquiry is whether an institution must obtain E-Sign consent for each different document that’s sent electronically. For instance, an individual requests a new time account. During the new account opening process, the consumer consented to the electronic Truth in Savings Act Disclosures. Your institution wants to send the consumer certificate of deposit maturity notices electronically. Is E-Sign consent required again for the individual?

If the original E-Sign disclosure was specific to only the new online deposit account opening disclosures, then the answer would be yes. However, if the original E-Sign disclosure includes broad language that incorporates subsequent notifications (such as the certificate of deposit maturity notice), then the answer would most likely be no.

You must also consider how to demonstrate the ability to view the electronic document. If the original E-Sign authorization document was provided in PDF format and the certificate of deposit maturity notice will be provided in PDF format, then your institution wouldn’t be required to obtain E-Sign consent again. If the original E-Sign disclosure was provided in PDF format and the certificate of deposit maturity notice will be provided in HTML format, then the E-Sign consent process would need to be performed again regardless of whether the original consent notice authorized subsequent disclosures.

Amendments to Come

There are discussions within the United States Senate concerning revisions to the E-Sign Act. The proposed amendment, the E-Sign Modernization Act, will potentially shift the requirement surrounding the reasonable demonstration of the ability to access the electronic information. Although these E-Sign compliance tips can allow your institution to create a sturdy compliance management system, institutions should remain vigilant of revised legislation in order to review processes and controls within the affected areas and ensure ongoing adherence.