Skip to content
BOL Conferences
Page 2 of 3 1 2 3
Thread Options
#13912 - 03/29/02 09:48 PM Re: ESIGN or UETA?
Rubaiyat Offline
Diamond Poster
Joined: Jun 2001
Posts: 1,373
Lido Deck
I hadn't responded to this thread because this is just too close to home for me at the moment. We have had internet banking and bill pay services for some time but have required the customer come into the bank to set them up. However, we are almost ready to roll out e-statements with online registration and here is the issue. I approached this completely from the e-sign perspective and prepared all disclosures that way. The problem came in the requirement that the customer acknowledge that they can receive the e-information in the form in which it is available. I believe this requirement was written with the concept of using email as the delivery method. You send a test email of some kind, the customer responds and you are in business. Since the e-statement is being offered through the internet (using an ID and password) the dilemma was how we could document that the customer was able to receive the information using this method. We consulted with our regulator, the OCC, and the question finally ended up with their legal counsel in D.C. They finally decided that if the process required them to change their password the first time they entered the product, this would be our documentation that this piece of e-sign had been covered.

I figure (hope!) that if we conform to esign now, we'll be ahead of the game once all the dust settles. But, I've been wrong before!
_________________________
--A bad day at sea is better than a good day at work.

Return to Top
eBanking / Technology
#13913 - 03/29/02 10:06 PM Re: ESIGN or UETA?
Andy_Z Offline
10K Club
Andy_Z
Joined: Oct 2000
Posts: 27,748
On the Net
So your delivery method will be to leave it on a server that the customer accesses with a user name and ID.

I'm not sure I'd make them change their password, but that is a good practice periodically. If they will download a file containing the statement, you could add a test message in there. The customer responds to a URL or e-mail address with the contents of the downloaded file and that would produce demonstrable consent.

If they see the sample message online, they could do the same. I think this would work.

In any case it sounds like you are over a hurdle. Save the messages the OCC sent you. If you are very cautious, you could also verify their opinion with counsel specializing in this. That would provide regulatory and litigation assurances.

I believe e-statements is a fairly low-risk e-venture. And with postage going up the returns will be seen quickly.

Good luck.
_________________________
AndyZ CRCM
My opinions are not necessarily my employers.
R+R-R=R+R
Rules and Regs minus Relationships equals Resentment and Rebellion. John Maxwell

Return to Top
#13914 - 03/29/02 11:43 PM Re: ESIGN or UETA?
Richard Insley Offline
10K Club
Richard Insley
Joined: Oct 2000
Posts: 10,179
Toano, VA
cwilliams- The obligation to use ordinary e-mail comes from the Fed's "e-Regs" (the March/April 2001 amendments to Regs B, E, M, Z, and DD). ESIGN doesn't care how you and the customer agree to handle the e-delivery, but the Fed does! If you're e-delivering disclosures under any of these regs, you get to choose between:
1) on or attached to an ordinary e-mail message, or
2) at a WWW address that is communicated to the e-delivery customer by ordinary e-mail message.

You got an uninspired answer from OCC. There are much easier ways to get the customer to demonstrate success with the e-delivery medium. My favorite is the PIN system--during the consent ritual, consumer is sent a test message of the type that you'll use for the real disclosures. Inside is a code of some kind and a link to the final consent page. When the customer clicks into the final consent page and enters the PIN on a form, your server adds that customer to the e-delivery list.
_________________________
...gone fishing.

Return to Top
#13915 - 04/04/02 07:21 PM Re: ESIGN or UETA?
Tina A Sweet Offline
Diamond Poster
Tina A Sweet
Joined: Aug 2001
Posts: 1,033
Marysville, Ca.
I agree with those who have posted and do not feel they have enough knowledge on this subject. We do not do on line disclosures and I do not have enough experience in this matter to contribute. I have, however, learned a great deal from all of you and look forward to absorbing more knowledge in this area.

_________________________
Tina A Sweet-Williams
AVP Special Assets
mailto:tsweet@goldcountrynb.com

Return to Top
#13916 - 04/04/02 08:40 PM Re: ESIGN or UETA?
Richard Insley Offline
10K Club
Richard Insley
Joined: Oct 2000
Posts: 10,179
Toano, VA
Tina- Is your bank planning to begin e-delivery? Do you rely on vendors for the needed processing support? Have those vendors announced what solutions are now or will be available to support e-delivery?
_________________________
...gone fishing.

Return to Top
#13917 - 04/08/02 05:47 PM Re: ESIGN or UETA?
Anonymous
Unregistered

This has been an excellent discussion. We are just breaths away from e-statements and still haven't won the battle of e-sign. We have a Nationwide credit card operation so we will be much safer with e-sign than UETA. Like the earlier posts our struggles are with the customer's demonstration. Our customer's must signup online (after entering their user id and password). This is step 1 of making sure that the customer demonstates their ability to get their statement. If they can sign up, in essence they can get their statement. Step 2: Our e-statement will be provided by a third-party vendor. The vendor reportedly will track the e-mail sent to the customer. The vendor states that they will be able to tell us that the e-mail has actually been read. When read by the customer, a flag is tripped on the vendor's system indicating that the customer is good to go for e-sign. The e-mail provides the customer with a url to come back to our site and view their statement. At which time they will enter their ID and password. Just like the process they went through when they signed up for e-statements. I'm anxious to see if the OCC will buy off on this process. Disclosures are following very close behind e-statements.

Return to Top
#13918 - 04/08/02 09:11 PM Re: ESIGN or UETA?
Terry Offline
Gold Star
Terry
Joined: Sep 2001
Posts: 314
Midwest
Hi everyone. I have been out all last week. I haven't heard back from the Fed yet, but I'll let you know when I do.

In the meantime, regarding cwilliams' statements - Richard pointed out that eventhough you are providing monthly statements on your website rather than by e-mail, you'll still need to send your consumers an e-mail each month letting them know that their new statement is available. So, under ESIGN it seems to me that you will need two different versions of consent from each consumer. As you mentioned, you'll need consent in a form that demonstrates the consumer's ability to access the statement at the website, plus you'll also need a second consent in a form that demonstrates that the consumer can receive the monthly e-mail messages too.
_________________________
All statements are my own and not necessarily those of my employer.

Return to Top
#13919 - 04/08/02 09:58 PM Re: ESIGN or UETA?
Rubaiyat Offline
Diamond Poster
Joined: Jun 2001
Posts: 1,373
Lido Deck
I believe Terry is right. This is the easier part for us though, because we will be sending information and instructions with the first email, which the customer needs in order to get to the server location. We are not allowing "instant" access to the e-statement system. We are allowing the customer to sign-up online, but we are performing our authentication, at least for now, manually. After the authentication has been completed, we send the email with further instructions. Yes, it is cumbersome for now. But our vendor doesn't provide the level of authentication we felt was necessary in order to feel comfortable with complete online sign-up.
_________________________
--A bad day at sea is better than a good day at work.

Return to Top
#13920 - 04/09/02 12:30 PM Re: ESIGN or UETA?
Richard Insley Offline
10K Club
Richard Insley
Joined: Oct 2000
Posts: 10,179
Toano, VA
The methods you are describing sound promising. Do they accomplish the consent handshake before the date the first statement is to be rendered? It would seem to be a problem if the customer's demonstration took the form of receiving the first live statement. Those who can't complete the handshake for some reason will never get the first statement, or it will be late if you have to revert to paper.
_________________________
...gone fishing.

Return to Top
#13921 - 04/09/02 03:03 PM Re: ESIGN or UETA?
Terry Offline
Gold Star
Terry
Joined: Sep 2001
Posts: 314
Midwest
I think that as long as you require them to change the password (or some similar demonstration of consent) in a manner that they cannot bypass before you let them access their statement you should be okay with that version of consent. My concern would be whether you could obtain consent for e-mail notices in the same e-mail message that provides additional information as cwilliams mentioned. In doing it that way aren't you providing information before obtaining consent to do so? Maybe consent is not needed for that type of "welcome package" information as long as it is not "consumer disclosure" information required by a regulation.
_________________________
All statements are my own and not necessarily those of my employer.

Return to Top
#13922 - 04/09/02 03:44 PM Re: ESIGN or UETA?
Andy_Z Offline
10K Club
Andy_Z
Joined: Oct 2000
Posts: 27,748
On the Net
Demonstrable consents could be "chained" together much as the transactions will occur. I see no reason that would invalidate this. But I think it is important to note that this is a test and is not the actual delivery, or at least not the only means of delivery, for that periodic statement.
_________________________
AndyZ CRCM
My opinions are not necessarily my employers.
R+R-R=R+R
Rules and Regs minus Relationships equals Resentment and Rebellion. John Maxwell

Return to Top
#13923 - 04/09/02 04:05 PM Re: ESIGN or UETA?
Rubaiyat Offline
Diamond Poster
Joined: Jun 2001
Posts: 1,373
Lido Deck
In our case, all consumer disclosures and consent, including e-sign, are received at the time of online sign-up through the "I Agree" button before they ever have access to their statement. The subsequent e-mail we send is just a confirmation "Welcome" type of correspondence with information regarding how to get to the site and the fact that a password change will be required when they get there. So, the consent has been given before the customer has any access to the e-statement. I feel like we have covered all the bases to the point of being cumbersome, but better safe than sorry!
_________________________
--A bad day at sea is better than a good day at work.

Return to Top
#13924 - 04/09/02 04:21 PM Re: ESIGN or UETA?
Harvey Offline
100 Club
Harvey
Joined: Feb 2001
Posts: 146
Would someone direct me to reading on this topic so I can begin to educate myself? I need to start with E-SIGN/UETA 101.

Return to Top
#13925 - 04/09/02 05:41 PM Re: ESIGN or UETA?
Rubaiyat Offline
Diamond Poster
Joined: Jun 2001
Posts: 1,373
Lido Deck
Here is a link to the e-sign law as well as a couple of articles. There is lots of information out there. I also looked at some large bank websites just to get a feel for how they look in "real life". Don't presume these are right, just use them to give you a guide on what to research. Also, Richard may not want to toot his own horn, but he does a very nice seminar called "Wired For Compliance" which I found very informative and helpful.

http://frwebgate.access.gpo.gov/cgi-bin/getdoc.cgi?dbname=106_cong_public_laws&docid=f:publ229.106.pdf
http://www.bankerssystems.com/compliance/article13.html
http://www.complianceheadquarters.com/Deposit/deposit_elec/deposit_elec.html


_________________________
--A bad day at sea is better than a good day at work.

Return to Top
#13926 - 04/09/02 06:25 PM Re: ESIGN or UETA?
Andy_Z Offline
10K Club
Andy_Z
Joined: Oct 2000
Posts: 27,748
On the Net
Don't confuse "consent" as in "I Will" with "demonstrable consent" which is "proof that I can".

They have to agree and they have to prove they can do it, under E-Sign.
_________________________
AndyZ CRCM
My opinions are not necessarily my employers.
R+R-R=R+R
Rules and Regs minus Relationships equals Resentment and Rebellion. John Maxwell

Return to Top
#13927 - 04/09/02 06:53 PM Re: ESIGN or UETA?
Richard Insley Offline
10K Club
Richard Insley
Joined: Oct 2000
Posts: 10,179
Toano, VA
Yes, Andy, I share your concern with any system that doesn't complete the ESIGN handshake BEFORE sending the first live e-delivery. As Terry observes, you must put the customer through an exercise that tests both the e-mail "alert message" delivery capability and also the WWW statement presentation. Unless both are working, live disclosures will not reach the customer.
_________________________
...gone fishing.

Return to Top
#13928 - 12/10/02 01:10 PM Re: ESIGN or UETA?
Richard Insley Offline
10K Club
Richard Insley
Joined: Oct 2000
Posts: 10,179
Toano, VA
Now that we're seeing the first examples of banks violating both ESIGN and UETA, I'd like to reactivate this thread for further discussion of this still-murky topic.

We've had references to these laws in a number of other threads, but little if any new information. What have you seen in print about ESIGN and UETA since March?

Reviewing the old discussions, I think Terry hit the central issue we need to resolve--can any state law (UETA, in this case) dictate how federal disclosures must be given? Although UETA may govern the contracts and signatures (always controlled by state law) necessary to open an account, I have a hard time ignoring a federal law (ESIGN) that outlines specific steps that must be taken to obtain consumer consent for electronic delivery of federal disclosures--especially when Regs. B, E, M, Z, and DD reference ESIGN exclusively.

A few more open-ended questions:
1. What further communications have the regulators issued during the year?
2. Have regulators addressed the difference between authority to contract electronically vs. authority to disclose electronically?
3. Has anyone taken a hit during an exam dealing with e-delivery & how did you and the regulator agree that your practices should be revised?
4. Has anyone heard of that all-important first test case involving ESIGN?
5. Have any of the State Bankers Associations issued briefs or guidance on this matter?
6. What are you hearing from the vendor community?
_________________________
...gone fishing.

Return to Top
#13929 - 02/28/03 05:19 PM Re: ESIGN or UETA?
RebekahL CRCM Offline
Platinum Poster
RebekahL CRCM
Joined: Feb 2003
Posts: 874
Big Sky Country
BUMP! (Ouch, I think I just stubbed my toe trying to get this behemoth thread kicked back up to the top of the pile!)

I have been reading this thread with a growing level of anxiety. My bank is wanting to roll out e-statements, and after reading the different threads about it, I can safely say that I've had the bejeebers scared out of me.

Nonetheless, marketing and IT want to proceed with great gusto. I'd like to petition some of the previous posters from this thread to report in with some status updates from the front line. How has your e-statement delivery project come along? Do you have any pearls of wisdom to pass along?

My bank is looking at delivering statements (for free) via e-mail in a "push" fashion (with encryption). The customer would open the statement up with Adobe Acrobat, and the “back page” stuff - error resolution and billing rights summary, would be included. They would not receive a paper statement once they are successfully receiving e-statements.

I know that the customer has to agree to receive the statements this way, but would the second issue -demonstrable consent- be achieved by them next responding to a test e-mail? Or do we need to show that they not only get mail, but they ALSO are able to open the statement in Adobe? If so, how in the world could we do that? Also, say they request an additional e-mailed statement to an accountant. Would demonstrable consent from the accountant be required too??

Those are my main issues, but I have some more questions I’d love some advice on...

- We currently allow the customer to see previous statements through internet banking (which is only accessed through a login ID and password.) However, there are not any disclosures included, just the statement activity. Should we be doing this? The customer still receives paper statements (with disclosures), and the online statement viewing is for convenience only.

- We are also considering implementing CD Rom delivery of statements for our large corporate customers (McDonalds, for example) for a fee. This would replace their thick paper statements, with the benefit of providing extended details about the account (like the checks making up a deposit), and offer some convenience for them when tax time rolls around. Do any of you know about compliance issues for this? Would the same ESIGN rules apply? How could demonstrable consent be achieved here?

Whew! Thanks so much, folks. Any feedback you could provide would be greatly appreciated!!
_________________________
Me, Type A? Maybe - I'm not done analyzing it yet.

Return to Top
#13930 - 02/28/03 06:10 PM Re: ESIGN or UETA?
Andy_Z Offline
10K Club
Andy_Z
Joined: Oct 2000
Posts: 27,748
On the Net
Quote:

I know that the customer has to agree to receive the statements this way, but would the second issue -demonstrable consent- be achieved by them next responding to a test e-mail? Or do we need to show that they not only get mail, but they ALSO are able to open the statement in Adobe? If so, how in the world could we do that? Also, say they request an additional e-mailed statement to an accountant. Would demonstrable consent from the accountant be required too??

Those are my main issues, but I have some more questions I’d love some advice on...

- We currently allow the customer to see previous statements through internet banking (which is only accessed through a login ID and password.) However, there are not any disclosures included, just the statement activity. Should we be doing this? The customer still receives paper statements (with disclosures), and the online statement viewing is for convenience only.

- We are also considering implementing CD Rom delivery of statements for our large corporate customers (McDonalds, for example) for a fee. This would replace their thick paper statements, with the benefit of providing extended details about the account (like the checks making up a deposit), and offer some convenience for them when tax time rolls around. Do any of you know about compliance issues for this? Would the same ESIGN rules apply? How could demonstrable consent be achieved here?




Demonstrable consent would include opening and reading the attachment. Otherwise, you only confirmed a working address that can receive an attachment.

The test record could include a number to call, an address to respond to and for example, a code word if you wanted. Any or all of these would demonstrate that they received, opened and read the message.

I do not believe you have an obligation of demonstrable consent with the accountant receiving a courtesy copy. They are not your customer/consumer. But doing so will ensure they too can read it. Why wouldn't you want this?

Online statements are fine. You are offering that as historical information, not statement delivery, change notices or to comply with "DD" or "E".

As to the CD ROM version of the statement, E-Sign is a consumer regulation. You'd be looking at commercial aspects which are more broad and less stringent. If you did this with consumers, I believe at first blush E-Sign would apply.
_________________________
AndyZ CRCM
My opinions are not necessarily my employers.
R+R-R=R+R
Rules and Regs minus Relationships equals Resentment and Rebellion. John Maxwell

Return to Top
#13931 - 02/28/03 11:03 PM Re: ESIGN or UETA?
RebekahL CRCM Offline
Platinum Poster
RebekahL CRCM
Joined: Feb 2003
Posts: 874
Big Sky Country
Many thanks, Andy - your info was just what I needed!
_________________________
Me, Type A? Maybe - I'm not done analyzing it yet.

Return to Top
#13932 - 02/28/03 11:07 PM Re: ESIGN or UETA?
Richard Insley Offline
10K Club
Richard Insley
Joined: Oct 2000
Posts: 10,179
Toano, VA
I agree with Andy. You have to test the whole delivery system to be sure the customer has what it takes to receive, open and read a sample of the disclosures you want to send electronically.
_________________________
...gone fishing.

Return to Top
#13933 - 03/03/03 06:38 PM Re: ESIGN or UETA?
RebekahL CRCM Offline
Platinum Poster
RebekahL CRCM
Joined: Feb 2003
Posts: 874
Big Sky Country
OK, here I go again, thinking too much (or too little??)...

Since E-SIGN is a consumer regulation, would e-statements going only to commercial customers need to jump through all the same hoops (specifically demonstrable consent) as consumer customers?

I personally think that it is a good practice to keep the same protocol for ALL customers, consumer and commercial, but I can already hear my IT department wanting to exclude businesses, to make their duties less cumbersome.
_________________________
Me, Type A? Maybe - I'm not done analyzing it yet.

Return to Top
#13934 - 03/03/03 06:46 PM Re: ESIGN or UETA?
Richard Insley Offline
10K Club
Richard Insley
Joined: Oct 2000
Posts: 10,179
Toano, VA
You do not have to go through the ESIGN disclosure & opt-in drill for commercial customers.
_________________________
...gone fishing.

Return to Top
#13935 - 05/14/03 02:29 PM Re: ESIGN or UETA?
Angel Eyes Offline
Power Poster
Angel Eyes
Joined: May 2001
Posts: 4,599
Hello! The boss wants e-stmts out and he wants them out yesterday of course! My problem has been with the E-sign requirements that the customer demonstrate that they can use the system. Earlier in this thread CWilliams stated that the OCC stated that requiring the customer to change their password the first time demonstrated the ability to access the system.

We already have internet banking out there, which requires our customers to change their password the first time and our customers have to have internet banking to get e-statements. Here is the question we have been debating...does the fact that the customer changed their password six months ago before signing up for e-statements demonstrate their ability to access the system for E-sign?

Thanks for the input!

Return to Top
#13936 - 05/14/03 02:37 PM Re: ESIGN or UETA?
Andy_Z Offline
10K Club
Andy_Z
Joined: Oct 2000
Posts: 27,748
On the Net
If the e-statements are delivered through your Internet banking system, possibly yes. How do they download the statement, is there any encryption, is it in PDF and have they been exposed to PDFs in the past? Ask these type questions as you talk about demonstrable consent.

If the statement is just on the system and there is nothing unique to them separate from the banking side which has already been tested and accepted, you should be OK.

Sending (pushing) encrypted statements would be a separate matter. That is what we do and it is separately distinct from the banking side.
_________________________
AndyZ CRCM
My opinions are not necessarily my employers.
R+R-R=R+R
Rules and Regs minus Relationships equals Resentment and Rebellion. John Maxwell

Return to Top
Page 2 of 3 1 2 3

Moderator:  Andy_Z