Having them mark a box online and click "yes, this is true . . .." serves the same purpose.
That is E-Sign. E-Sign doesn't have to be some big 128 bit encrypted signature.
As to having a non-banker develop your online pages, break out a compliance checklist, look for GMI as required, and really, really look at the security of your data. Next you have to look at your infrastructure and how you'll handle the apps that come in. If any of these trigger early disclosures remember that you didn't receive the app when you opened it, you received it when you received it.
You might find my upcoming e-Compliance webinar of interest.
http://calendar.bollearningconnect.com/main.php?view=event&eventid=1170342757393