Page 1 of 2 1 2
Thread Options
#1424106 - 08/04/10 04:14 PM E-Sign Compliance
mzachau, CRCM Offline
Gold Star
mzachau, CRCM
Joined: Oct 2006
Posts: 470
San Francisco
I know there are a lot of threads out here covering E-Sign, but I wanted to bounce something off of other compliance professionals.

We are in the development stage for offering online deposit account opening. We are posting the electronic consent agreement in PDF format. Our e-statements are also PDF formatted and are housed on our server (pull system). By the consumer providing a "yes I Agree" to the terms and read the agreement, do we still have to obtain proof the consumer can or has opened the agreement?

I have reviewed other Banking sites and noticed that all i have had to do for e-statement authorization is check a box or click "i agree" without opening the agreement

Return to Top
eBanking / Technology
#1424697 - 08/05/10 03:54 PM Re: E-Sign Compliance [Re: mzachau, CRCM]
Richard Insley Online
Power Poster
Richard Insley
Joined: Oct 2000
Posts: 9,810
Toano, VA
Let's step through this so you can identify and explain the risks--most of which arise from uncertainty. Your business managers already understand the rewards of swapping electrons for trees and postage.

1. The use of electronic documents is optional.
2. Most of the regulations that govern day-to-day banking operations (Regs E, DD, and CC for example) require disclosures, and in most cases these disclosures must be "written", "in writing", "in a form the consumer may keep", or otherwise capable of retention for the consumer's later reference.
3. If you fail to provide these "written" disclosures in proper form, you may be exposed to civil liability--it's just like you didn't give the disclosures at all! In cases like Reg. E's periodic disclosures, systemic violations would quickly multiply into a staggering aggregate civil liability.
4. Paper documents always satisfy "in writing" requirements.
5. Electronic documents can satisfy "in writing" requirements--but only if you follow ESIGN's opt-in procedures.
6. ESIGN has no implementing regulations. That means you must read, interpret, and implement the law without guidance from your regulator. It's a performance without a net. The only "guidance" will come from the rulings of federal courts if/when litigation involves ESIGN compliance. I don't remember hearing about anything important, but Andy and John are experts in this area & they may be aware of something that alters or interprets the language of the ESIGN statute.
7. In order to obtain the "ESIGN seal of approval", you must get the customer's consent by following the steps spelled out in Section 101(c)(1). Let's study them (I removed certain details in order to provide clarity.)

Section 101(c) CONSUMER DISCLOSURES.—
(1) CONSENT TO ELECTRONIC RECORDS.—...if a statute, regulation, or other rule of law requires that information relating to a transaction or transactions in or affecting interstate or foreign commerce be provided or made available to a consumer in writing [Regs. B, E, M, Z, and DD, for example], the use of an electronic record to provide or make available (whichever is required) such information satisfies the requirement that such information be in writing if—
...
(A) the consumer has affirmatively consented to such
use
...and;
(B) the consumer, prior to consenting, is provided with [how-e-delivery-works disclosures]...and;
(C) the consumer—...
(ii) consents electronically, or confirms his or her consent electronically, in a manner that reasonably demonstrates that the consumer can access information in the electronic form that will be used to provide the information that is the subject of the consent
;


Affirmative consent (green) is pretty straightforward. A simple "I do" covers it.

"How e-delivery works" disclosures (blue) must cover all the points in paragraph B (not shown, but basic stuff). Note that these are not boilerplate disclosures. They must explain the system you will actually use to accomplish e-deliveries.

The rub always comes in Section 101(c)(1)(C)(ii) (red). What does the term "demonstrates" mean? If Congress considered it sufficient to provide a "click here to consent" button, the word "declares" would have sufficed. To me (an possibly a federal judge), a "demonstration" is a test drive with a pass/fail score at the end. In order to pass, customers must be able to prove that they have the hardware, software, and savvy to navigate to, open, and read a test e-document. Think of this process like a credit application. Applicants must submit evidence that they are creditworthy before credit can be approved.

Are all those other banks wrong if they simply provide a "click here to consent" button? I don't consider a button to be a demonstration & would vote "no", but the only vote that matters is a judge's ruling. Potential class action Reg. E liability would land you in a position somewhat like that of Dirty Harry's collar:
I know what you're thinking — "Did he fire six shots or only five?" Well, to tell you the truth, in all this excitement, I've kinda lost track myself. But being as this is a .44 Magnum, the most powerful handgun in the world and would blow your head clean off, you've got to ask yourself one question: "Do I feel lucky?" Well, do ya, punk?
_________________________
...gone fishing.

Return to Top
#1424745 - 08/05/10 05:07 PM Re: E-Sign Compliance [Re: Richard Insley]
mzachau, CRCM Offline
Gold Star
mzachau, CRCM
Joined: Oct 2006
Posts: 470
San Francisco
Thank you for the information Richard. We have been offering electronic statements for a couple years and our current process is to have the consumer open a sample PDF document which contains a specific "code". Before E-Statements may be accessed or "consented" to, the consumer must provide us with the specific code to "demonstrate" they can access and view the statements.

We are getting resistance by project management and upper management as we develop online deposit account opening because they have not had to perform these steps where they hold bank accounts and have electronic statements and are questioning why we require this step? I understand the legal ramifications if we don't comply with the demonstrable consent requirements, especially dealing with regulation Z rescission timelines and regulation E dispute timelines, both being extended if we do not follow the rule appropriately.

Again, thank you for your insight into this question.

Return to Top
#1424860 - 08/05/10 06:43 PM Re: E-Sign Compliance [Re: mzachau, CRCM]
Richard Insley Online
Power Poster
Richard Insley
Joined: Oct 2000
Posts: 9,810
Toano, VA
It sounds like you have an excellent grasp of the situation and are doing your best to minimize risk.

Maybe you could improve the way you explain the test drive to your customers and get a bit more customer relations benefit out of it? After all, it's in the customers' benefit to confirm that they can handle e-documents.

Those who remember the ancient banking history of ATM introduction will recall slow adoption rates until CSRs recognized the need to walk outside with certain customers and give one-on-one lessons in using the machines. Once these hesitant customers could see that it would work for them, they became happy ATM users.
_________________________
...gone fishing.

Return to Top
#1425068 - 08/05/10 10:12 PM Re: E-Sign Compliance [Re: Richard Insley]
Andy_Z Offline
10K Club
Andy_Z
Joined: Oct 2000
Posts: 27,110
On the Net
Demonstrable consent is a huge step. And you would be surprised at the number of people who give you a bad email address. That is one reason this is necessary. Second, fraud prevention.

Can you say how you'll CIP these new online accounts?
_________________________
AndyZ CRCM
My opinions are not necessarily my employers.
R+R-R=R+R
Rules and Regs minus Relationships equals Resentment and Rebellion. John Maxwell

Return to Top
#1425587 - 08/06/10 07:56 PM Re: E-Sign Compliance [Re: Andy_Z]
mzachau, CRCM Offline
Gold Star
mzachau, CRCM
Joined: Oct 2006
Posts: 470
San Francisco
Online account opening customers will be required to provide personal information (name, SSN, address, occupation, phone number, DL#, etc) as they complete the application process. We then use third party software which performs and ID verification and authentication process that utilizes numerous government records to validate information being provided. The ID Authentication process requires the consumer to answer questions about themselves, for example: you have a mortgage loan through such and such Bank. If information provided does not match exactly to what has been reviewed the application is flagged and our internal staff are required to follow-up prior to opening the account. We usually only see discrepancies surrounding address information because information is not updated to frequently.

Return to Top
#1425593 - 08/06/10 08:00 PM Re: E-Sign Compliance [Re: mzachau, CRCM]
mzachau, CRCM Offline
Gold Star
mzachau, CRCM
Joined: Oct 2006
Posts: 470
San Francisco
The purpose of providing online account opening services for us is to expand our footprint and grow our customer base, specifically the electronic age customer. They don't want to enter a bank, they want to sit at home and open accounts electronically and quickly. I agree with you Richard, it is always important to inform customers that practices are put in place to protect them and their investments.

For me, it is difficult to defend our current E-Sign Act practices when other institutions are not going the extra step to demonstrate consent, at least on the face we don't see them doing it and I always stress that we do not know what type of programming they may have on the back end to show demonstrable consent.

Thank you both for the discussion. Any additional guidance would be greatly appreciated

Return to Top
#1425765 - 08/07/10 02:09 PM Re: E-Sign Compliance [Re: mzachau, CRCM]
Richard Insley Online
Power Poster
Richard Insley
Joined: Oct 2000
Posts: 9,810
Toano, VA
Originally Posted By: mzachau
it is difficult to defend our current E-Sign Act practices when other institutions are not going the extra step to demonstrate consent....

Your practices are based on a clear understanding of the law and a healthy fear of the consequences of non-compliance. Whether they're smart enough to realize it or not, your competitors are cutting corners and are flirting with disaster. Imagine what would happen if a federal judge determined that your ESIGN opt-in procedure was inadequate. That would mean that NONE of your e-documents EVER satisfied the delivery requirements of Reg. E. Instantly, the error resolution window would reopen for every e-statement you have sent. Also, you would face class action penalty exposure for "failure to provide required disclosures"--it can't get much worse than that. While these horrors are not likely to occur, you must decide whether you could stand the consequences. This problem is like Section 8--probability of detection and penalty is very low, but consequences are unacceptably high.
_________________________
...gone fishing.

Return to Top
#1426803 - 08/10/10 06:48 PM Re: E-Sign Compliance [Re: Richard Insley]
mzachau, CRCM Offline
Gold Star
mzachau, CRCM
Joined: Oct 2006
Posts: 470
San Francisco
Again, thank you Richard!!

Return to Top
#1494903 - 01/13/11 07:55 PM Re: E-Sign Compliance [Re: mzachau, CRCM]
Derwood Offline
100 Club
Joined: Nov 2009
Posts: 179
We are getting ready to offer e-statements in the same manner as mzachau described above. The customer must log into online banking and then open a pdf document. We will be sending the customer a notification via email that their current statement is available, but the email is in no way necessary in order for the customer to view the statement. In order to enroll the consumer must log into online banking, agree to the terms and conditions by checking an accept box, and provide a confirmation code they will obtain by opening a pdf located on the terms and conditions page. I believe this satisfies the "demonstrable consent" requirement, but at no point is there any verification of the email provided that the notification email will go to. Does anyone see this as an issue? The following verbiage is contained in the agreement - You understand that if you do not receive an email notification, it does not release you from the responsibility to review your electronic statement promptly and notify the bank of any errors within 30 days of the statement date.

Given the customer can access their available statements at anytime once they have logged into online banking irregardless of their receipt of the notification leads me to believe this is a non-issue, but I would feel better hearing what some others think.
_________________________
"The mountains are calling and I must go." - John Muir

Return to Top
#1495048 - 01/13/11 09:43 PM Re: E-Sign Compliance [Re: Derwood]
John Burnett Offline
10K Club
John Burnett
Joined: Oct 2000
Posts: 38,722
Cape Cod
I think you are OK. There is no requirement that you notify the customer of the availability of his statement. Be careful, however, because you may find that tying things up with an email address may pay dividends later, if you want the demonstrable consent to include things like change in terms notices, annual or periodic error resolution notices, any new notices that you might be required to provide, etc.
_________________________
John S. Burnett
BankersOnline.com
Fighting for Compliance since 1976
Bankers' Threads User #8

Return to Top
#1495861 - 01/14/11 08:35 PM Re: E-Sign Compliance [Re: Derwood]
Ronnoc Offline
New Poster
Joined: Nov 2005
Posts: 20
Does all this apply to tax documents, such as 1099s, or is that a separate matter or regulation? If it is, what would that be?

Return to Top
#1495908 - 01/14/11 09:04 PM Re: E-Sign Compliance [Re: Ronnoc]
Richard Insley Online
Power Poster
Richard Insley
Joined: Oct 2000
Posts: 9,810
Toano, VA
There are a few exclusions from ESIGN, but the only ones that come to mind are eviction and foreclosure notices. Maybe someone else has looked at this lately(?)

Unless a type of communication is excluded, the ESIGN "seal of approval" allows you and consumers to communicate anything you agree "in writing" with electrons.
Last edited by Richard Insley; 01/14/11 09:05 PM.
_________________________
...gone fishing.

Return to Top
#1495911 - 01/14/11 09:09 PM Re: E-Sign Compliance [Re: Richard Insley]
John Burnett Offline
10K Club
John Burnett
Joined: Oct 2000
Posts: 38,722
Cape Cod
Anyone who has a savings account with ING Direct will be pulling down an e-version of a 1099-INT during the next couple of months.
_________________________
John S. Burnett
BankersOnline.com
Fighting for Compliance since 1976
Bankers' Threads User #8

Return to Top
#1495950 - 01/14/11 09:50 PM Re: E-Sign Compliance [Re: John Burnett]
A_G Offline
10K Club
Joined: Jul 2004
Posts: 18,956
I got an e-version of my 1098-E (student loan interest statement) this year.
_________________________
With the lights out, it's less dangerous.

Return to Top
#1495968 - 01/14/11 10:01 PM Re: E-Sign Compliance [Re: A_G]
rlcarey Offline
10K Club
rlcarey
Joined: Jul 2001
Posts: 74,442
Galveston, TX
See: http://www.irs.gov/pub/irs-pdf/i1099gi.pdf

Page 10: Electronic recipient statements.
_________________________
The opinions expressed here should not be construed to be those of my employer: PPDocs.com

Return to Top
#1578058 - 07/14/11 05:00 PM Re: E-Sign Compliance [Re: rlcarey]
morirse de risa Offline
100 Club
Joined: Feb 2009
Posts: 238
Midwest
We are in the process of updating our e-sign process to ensure compliance. We will be emailing a test document that includes a PIN/code. The customer will then need to email this code to us.

We are wondering if we need to retain this email or can we log info from this email into a spreadsheet and retain the info that way? We are concerned with the burden of retaining tons of emails.

I understand we need to retain evidence of compliance with ESIGN and want to make sure we do it right. Suggestions?

Return to Top
#1578434 - 07/15/11 10:25 AM Re: E-Sign Compliance [Re: morirse de risa]
Richard Insley Online
Power Poster
Richard Insley
Joined: Oct 2000
Posts: 9,810
Toano, VA
If you're pushing e-statements (or other documents), then the email/test doc/PIN/reply process sounds good. ESIGN is silent about evidence of compliance, but if consent is challenged I'd sure want a copy of the customer's reply message or at least the header from the message.

If your e-delivery system is anything other than email-push, then this reconfirmation should match the method you're actually using.

Expect low response rates. There's so much bogus stuff floating around out there that your customers may trash any message they did not expect. In order to improve the likelihood of a response, I'd place a notice in a normal e-statement or two before sending out the new test message. Also, you might place an info page somewhere in your home banking system.
_________________________
...gone fishing.

Return to Top
#1595047 - 08/23/11 01:20 PM Re: E-Sign Compliance [Re: Richard Insley]
Libby P. Offline
Platinum Poster
Joined: Sep 2007
Posts: 563
Mississippi, USA
Richard, we are going to offer eStatements but not account opening online. Is there anything we need to do as far as Reg E is concerned if we gave the customer our written on paper disclosure at account opening?

Also, on some thread that I have read in the last couple of days there was a discussion about adding information to the TISA stating that we offer eStatements. Is that necessary? If so, why?
_________________________
Lela Purvis, CRCM/CCBCO/CBAP


Return to Top
#1595581 - 08/24/11 02:15 AM Re: E-Sign Compliance [Re: Libby P.]
Richard Insley Online
Power Poster
Richard Insley
Joined: Oct 2000
Posts: 9,810
Toano, VA
Originally Posted By: ilovebulldogs!
Richard, we are going to offer eStatements but not account opening online. Is there anything we need to do as far as Reg E is concerned if we gave the customer our written on paper disclosure at account opening?

You're free to use paper to deliver the account opening disclosures, but in order to switch to e-delivery of the periodic disclosures, you must obtain each customer's consent. Consent will not be valid unless you follow the entire ESIGN process.
_________________________
...gone fishing.

Return to Top
#1596753 - 08/25/11 08:40 PM Re: E-Sign Compliance [Re: Richard Insley]
ahkcompliance Offline
Diamond Poster
Joined: Sep 2008
Posts: 2,466
Midwest
I think the demostrable consent is the hardest to obtain. Before my time here at my current bank, their process for estatement enrollment was having the customer sign a piece of paper detailing the termsn & conditions. When I took my position, I quickly changed this. We now have all customer enroll through online banking. They must open a pdf document which is the terms and conditions and the after they open, click the box agreeing to receive statements online. The box does not appear until they actually open the pdf.

Return to Top
#1596783 - 08/25/11 09:07 PM Re: E-Sign Compliance [Re: ahkcompliance]
KTW327 Offline
100 Club
KTW327
Joined: Mar 2011
Posts: 183
In the trees
Can the initial e-sign acknowledgement for account opening apply to the statements as well, or should that be a separate disclosure?

Return to Top
#1596797 - 08/25/11 09:24 PM Re: E-Sign Compliance [Re: KTW327]
ahkcompliance Offline
Diamond Poster
Joined: Sep 2008
Posts: 2,466
Midwest
I think in the agreement you need to specify what kind of notices, statements will be inlcuded. We do not deliver account opening disclosure electronically but in our notice we state, you agree to receive all perodic statements, notices, privacy notices, etc electronically.

I think if you obtained consent at account opening, you need to specify what will be sent electronically.

Return to Top
#1599350 - 09/01/11 07:38 PM Re: E-Sign Compliance [Re: KTW327]
Andy_Z Offline
10K Club
Andy_Z
Joined: Oct 2000
Posts: 27,110
On the Net
Originally Posted By: KTW327
Can the initial e-sign acknowledgement for account opening apply to the statements as well, or should that be a separate disclosure?


Disclosures at opening are fine, fees, alternatives, cancellation, etc. That isn't demonstrable consent, but you do have to make the disclosures anyway. There is no requirement that they be separate, that is your choice.
_________________________
AndyZ CRCM
My opinions are not necessarily my employers.
R+R-R=R+R
Rules and Regs minus Relationships equals Resentment and Rebellion. John Maxwell

Return to Top
#1626840 - 11/09/11 10:37 PM Re: E-Sign Compliance [Re: Andy_Z]
mmumm Offline
100 Club
Joined: Jul 2008
Posts: 163
Santa Cruz, California
We have received questions from lending staff in regards to providing loan applications via email, and also receiving completed applications back from the customer via email.

Also, we've received questions from operations staff regarding signing up a customer for e-statements at the same time as when they come in and open a new account at the desk with the new accounts person. Currently the customer has to enroll for online banking, and then enroll for e-statements through OLB.

In the loan app case, as far as receiving completed apps back via email, what are the requirements on us having a "wet signature" on file, versus if we were to print out the app attached in an email?

In the e-statement case, don't they need to demonstrate that they can receive the e-statement, which is something they do when they enroll via OLB. If we sign them up at new account opening (by checking a box for e-statements in our system), that doesnt appear to satisfy the requirement that the customer can actually receive and view the e-statement...?

Return to Top
Page 1 of 2 1 2

Moderated by:  Andy_Z