Page 1 of 2 1 2
Thread Options
#1498821 - 01/21/11 09:01 PM E-mailing Equals ESIGN
Comply101 Offline
100 Club
Joined: Aug 2005
Posts: 223
I was recently told that emails are not covered by ESIGN and that all we need to be able to send disclosures via email is a short authorization form from the customer.

I read section 101(c)(1) to say that ESIGN applies to all "electronic records" and 106(4) defines "electronic record" as, "a contract or other record created, generated, sent, communicated, received, or stored by electronic means".

I interpret this to include PDF documents communicated via email. Am I missing some exception that would exclude email communications?

Return to Top
eBanking / Technology
#1498844 - 01/21/11 09:25 PM Re: E-mailing Equals ESIGN [Re: Comply101]
rlcarey Online
10K Club
rlcarey
Joined: Jul 2001
Posts: 74,440
Galveston, TX
If you are required by law to deliver written disclosures and all you do is e-mail them to the customer - they were never delivered. They have to go through the E-sign process. I am also assuming that all these documents are encrypted....
_________________________
The opinions expressed here should not be construed to be those of my employer: PPDocs.com

Return to Top
#1498845 - 01/21/11 09:26 PM Re: E-mailing Equals ESIGN [Re: rlcarey]
Comply101 Offline
100 Club
Joined: Aug 2005
Posts: 223
They are password protected...is that sufficient?

Return to Top
#1498865 - 01/21/11 09:52 PM Re: E-mailing Equals ESIGN [Re: Comply101]
Richard Insley Offline
Power Poster
Richard Insley
Joined: Oct 2000
Posts: 9,810
Toano, VA
Originally Posted By: Comply101
I was recently told that emails are not covered by ESIGN and that all we need to be able to send disclosures via email is a short authorization form from the customer.

That sounds like a sales pitch from a vendor who doesn't even understand ESIGN.
_________________________
...gone fishing.

Return to Top
#1498912 - 01/21/11 10:57 PM Re: E-mailing Equals ESIGN [Re: Richard Insley]
Comply101 Offline
100 Club
Joined: Aug 2005
Posts: 223
I'm assuming I could find my answer to the encryption issue in GLBA, correct?

Return to Top
#1498968 - 01/24/11 02:42 AM Re: E-mailing Equals ESIGN [Re: Comply101]
John Burnett Offline
10K Club
John Burnett
Joined: Oct 2000
Posts: 38,722
Cape Cod
Encryption is not a panacea that satisfies E-SIGN. Go back and read what Randy Carey wrote. If the communication in question is something you are required to provide in written form, that means ink on paper, not bits and bytes in an email. The E-SIGN Act provides a method to give an electronic communication the same legal status that its written counterpart has. So that a Notice of Right to Rescind, for example, delivered electronically, can take the place of a written Notice of Right to Rescind. Section 101(c) of the E-SIGN act has a number of things that must be done for there to be a valid acceptance of electronic documents in lieu of written ones, if the customer is a consumer.
_________________________
John S. Burnett
BankersOnline.com
Fighting for Compliance since 1976
Bankers' Threads User #8

Return to Top
#1500060 - 01/25/11 08:34 PM Re: E-mailing Equals ESIGN [Re: John Burnett]
Comply101 Offline
100 Club
Joined: Aug 2005
Posts: 223
Thank you John. I understand these are two separate issues. Just curious about the encryption issue. I looked up the definition of encryption and it sounds as though it means much more that just password protecting. I always get so confused by what covers security issues such as these but I am assuming it would be GLBA.

I am now fully aware of the implications of emailing disclosures that are required to be "in writing". My next logical question is how in the world do you "fix it" when they've been emailed all along? I assume the bank's only hope is that they've followed the email up with delivering actual paper disclosures.

P.S. Thanks for the new word (panacea). I like it a lot!

Return to Top
#1500080 - 01/25/11 08:52 PM Re: E-mailing Equals ESIGN [Re: Comply101]
rlcarey Online
10K Club
rlcarey
Joined: Jul 2001
Posts: 74,440
Galveston, TX
Many banks have e-mail systems that automatically routes any e-mail with an attachment through an encrypted e-mail system or blocks the transmission of the e-mail so that sensitive data can never leave the bank in an unencrypted form.
_________________________
The opinions expressed here should not be construed to be those of my employer: PPDocs.com

Return to Top
#1500200 - 01/25/11 11:48 PM Re: E-mailing Equals ESIGN [Re: rlcarey]
Richard Insley Offline
Power Poster
Richard Insley
Joined: Oct 2000
Posts: 9,810
Toano, VA
Originally Posted By: Comply101
how in the world do you "fix it" when they've been emailed all along?

1. If you're sure that there was never a qualifying ESIGN opt-in, switch on the delivery-medium: paper "flag" for statements and other "written" documents as fast as possible.

2. Don't stop the emails immediately, but hurry to get a demonstrable consent mechanism in place ASAP. You'll need that for future sign-ups and for "fix-it" customers who drag their feet responding to a streamlined opt-in request.

3. Develop a streamlined opt-in process for the "fix-it" customers. Very likely most will agree to continue e-delivery, but you need to legitimize the arrangement & get it under the ESIGN seal of approval. A streamlined opt-in could be a special "change in terms" type of email. This email would include the necessary "how e-delivery works" disclosures (listed in Section 101(c)(1) of ESIGN) and would state that you will not be able to continue providing "written" material unless the customer consents. Since the consent must demonstrate successful use of the e-delivery technology you are using, I guess you'll need to require consenting customers to "sign up" by replying to a special email address. (Use a "mailto:" link in the streamlined opt-in email so the messages end up in the right place.) As the replies come in, you can clear the "paper" flag for each consenting customer. Save the incoming email messages as a permanent bank record. They contain the customer-by-customer evidence that you have complied with ESIGN's demonstrable consent requirement.

4. Remedial action for unqualified past email deliveries will not be simple or cheap. Neither ESIGN nor the applicable consumer protection regs (Reg. E, for example) contain a "cure" procedure by which you can protect yourself from civil liability. If consumer deposit account statements are involved, you must also consider the risk of delayed claims of unauthorized EFTs. Section 205.6(b)(3) normally limits your exposure with the following language: "A consumer must report an unauthorized electronic fund transfer that appears on a periodic statement within 60 days of the financial institution's transmittal of the statement to avoid liability for subsequent transfers." Since you have not transmitted a statement that meets Reg. E's "in writing" requirement, the 60 count-downs have not begun for any of the improperly transmitted statements.
_________________________
...gone fishing.

Return to Top
#1500397 - 01/26/11 03:52 PM Re: E-mailing Equals ESIGN [Re: Richard Insley]
Comply101 Offline
100 Club
Joined: Aug 2005
Posts: 223
There is an ESIGN compliant deposit account delivery mechanism although I question the demonstrable consent piece. (There is a link to a sample document with an "I accept" button on the same screen as the consent agreement) - Is this acceptable? In testing, I determined that the sample document isn't working so I know that would be a problem and I have no idea how to determine who has had that difficulty and who hasn't. this is handled through the core processor ao I'm hopeful that a call to them might help.

On the loan disclosures that have been emailed not following ESIGN, I guess the bank will be cited for violations for all of the consumer protection regs that require disclosures be given in writing within certain time frames, right? Do compliance examiners get heavily involved in this?

Return to Top
#1500738 - 01/26/11 08:14 PM Re: E-mailing Equals ESIGN [Re: Comply101]
BrendaC Offline
Power Poster
BrendaC
Joined: Sep 2001
Posts: 6,029
Sweet Home AL
Have you been providing these email disclosures to commercial or consumer clients - or both?
_________________________
Life without Jesus is like an unsharpened pencil - it has no point.

Return to Top
#1500804 - 01/26/11 09:04 PM Re: E-mailing Equals ESIGN [Re: Comply101]
Richard Insley Offline
Power Poster
Richard Insley
Joined: Oct 2000
Posts: 9,810
Toano, VA
Originally Posted By: Comply101
There is an ESIGN compliant deposit account delivery mechanism although I question the demonstrable consent piece.

This sounds like a self-contradiction. If you didn't get proper consent, then none of your e-delivered consumer disclosure documents count as being "in writing."

Originally Posted By: Comply101
There is a link to a sample document with an "I accept" button on the same screen as the consent agreement - Is this acceptable? In testing, I determined that the sample document isn't working....

You've answered your own question. If customers can't open the test document, then the necessary demonstration has failed. Even if the test document opens without a hitch, you are providing a path around the test.

Originally Posted By: Comply101
I have no idea how to determine who has had that difficulty and who hasn't.

It doesn't matter. Since the customer is not forced to open the test document, there's no possibility that you have met ESIGN's consent requirement.

Originally Posted By: Comply101
this is handled through the core processor ao I'm hopeful that a call to them might help.

Good luck.

Originally Posted By: Comply101
On the loan disclosures that have been emailed not following ESIGN, I guess the bank will be cited for violations for all of the consumer protection regs that require disclosures be given in writing within certain time frames, right? Do compliance examiners get heavily involved in this?

We've heard varying reports over the years. It's possible that their exam scope may exclude e-delivery. If your current method's been in place for a few years, they've probably come and gone without detecting the problem--but that won't hold any water if it comes up in the future.
_________________________
...gone fishing.

Return to Top
#1501444 - 01/27/11 09:13 PM Re: E-mailing Equals ESIGN [Re: Richard Insley]
Comply101 Offline
100 Club
Joined: Aug 2005
Posts: 223
Are there any good written resources or guidance from the regulators on what they want to see? Or is still awaiting testing in the courts to determine best practices?

What if email is sent, then there is a tracking system that notifies when it is delivered and when it is viewed? Would that constitute demonstrable consent?

Return to Top
#1501568 - 01/27/11 10:56 PM Re: E-mailing Equals ESIGN [Re: Comply101]
Richard Insley Offline
Power Poster
Richard Insley
Joined: Oct 2000
Posts: 9,810
Toano, VA
Originally Posted By: Comply101
Are there any good written resources or guidance from the regulators on what they want to see? Or is still awaiting testing in the courts to determine best practices?

Maybe someone who's dealt with the regulators recently will chime in & share some details. Andy used to monitor litigation on ESIGN & may be able to point to cases of interest to bankers.

Originally Posted By: Comply101
What if email is sent, then there is a tracking system that notifies when it is delivered and when it is viewed? Would that constitute demonstrable consent?

No. Consent must be affirmative. Passive feedback from system to system doesn't provide evidence that the customer is able to read the content of a test document or consents to e-delivery.
_________________________
...gone fishing.

Return to Top
#1501582 - 01/27/11 11:27 PM Re: E-mailing Equals ESIGN [Re: Richard Insley]
Andy_Z Offline
10K Club
Andy_Z
Joined: Oct 2000
Posts: 27,110
On the Net
I haven't found any cases on this to date. And since it is a law, sans a reg to implement it, there isn't a lot of guidance.

One thing I thought of on the original post was that you might have meant advertising under CAN SPAM. The use of a closed system, like most banks internet banking systems, would get around those rules. That obviously is not wnat you meant.

I think you need to get your hands around this ASAP. Get good E-SIGN agreements and ensure you have mitigated your risks with e-statements and EFT claims and the like. Richard outlined some basic steps.

I'd also be interested in how you got to where you are? Who approved hat is being done now?
_________________________
AndyZ CRCM
My opinions are not necessarily my employers.
R+R-R=R+R
Rules and Regs minus Relationships equals Resentment and Rebellion. John Maxwell

Return to Top
#1501750 - 01/28/11 03:02 PM Re: E-mailing Equals ESIGN [Re: Andy_Z]
Comply101 Offline
100 Club
Joined: Aug 2005
Posts: 223
The system that I am most concerned about is the one utilized for the delivery of loan disclosures. The bank utilizes a system developed by the attorney that prepares the loan documents. There are delivery options for E-Disclosures, email, and regular mail. From what I understand, the bank assumed that since there was an option for E-Disclosures, the email option must not be covered under ESIGN because I keep hereing the argument of, "we did not sign up for E-Disclosures because we do not have policies and procedures to comply with ESIGN". Somehow, the conclusion was drawn that as long as they didn't use that method, they were not subject to ESIGN. The bank did come up with an authorization form that is signed by the borrower but it does not have any of the information of the consent agreement outlined in ESIGN and there is no demonstrable consent piece. I was told that federal regulators looked at the procedure last year and didn't have a problem with it but I everything I read in ESIGN points to email as "electronic communication" that would be subject to the ESIGN requirements. I just thought I might be missing something since the regulators didn't find anything wrong with it.

Return to Top
#1501764 - 01/28/11 03:13 PM Re: E-mailing Equals ESIGN [Re: Comply101]
rlcarey Online
10K Club
rlcarey
Joined: Jul 2001
Posts: 74,440
Galveston, TX
"I just thought I might be missing something since the regulators didn't find anything wrong with it."

Two important words whenever this happens and those are "this time".
_________________________
The opinions expressed here should not be construed to be those of my employer: PPDocs.com

Return to Top
#1501779 - 01/28/11 03:27 PM Re: E-mailing Equals ESIGN [Re: rlcarey]
Comply101 Offline
100 Club
Joined: Aug 2005
Posts: 223
My thoughts exactly. Thank you to everyone for all your help this week.

I've been working on this for several days hoping I could find something in the procedure that would make it compliant, but I don't. The quickest solution I see is to discontinue the process until a viable solution can be worked out. My biggest fear right now is reaction by regulators. I wish I knew the proper fix for those disclosures that were not disclosed in accordance with ESIGN. That's the only piece of the puzzle left to find. The only thing I know to do is just be honest and show that it was identified and steps were taken to correct it going forward.

thoughts?

Return to Top
#1501860 - 01/28/11 04:38 PM Re: E-mailing Equals ESIGN [Re: Comply101]
Richard Insley Offline
Power Poster
Richard Insley
Joined: Oct 2000
Posts: 9,810
Toano, VA
A couple of additional thoughts about loan disclosures:
1. Only worry about disclosures for consumer credit transactions.
2. Only worry about disclosures that must be "written", "in writing", "in a form the consumer may keep", etc. (Example: Section 226.17(a)(1) of Regulation Z.)
3. If any of these loans have been sold, review agreements with investors. Investor buy-back requirements could kill you if you've sold a significant number of loans.
4. Determine the statute of limitations and record retention period for each type of "written" disclosure that has been delivered improperly. Most sources of civil liability have time limitations.
5. As you decide the course(s) of remedial action, keep good notes--your regulator will very likely want to review each step you take.
_________________________
...gone fishing.

Return to Top
#1731232 - 08/15/12 05:41 PM Re: E-mailing Equals ESIGN [Re: Comply101]
Norman Paperman Offline
Diamond Poster
Norman Paperman
Joined: Aug 2012
Posts: 1,610
48.934476, -114.343735
Comply101,

I am in in this exact scenario. My LO's are arguing that they are not subject to E-SIGN because they are e-mailing loan disclosures and then obtaining a wet (ink) signature. We satisfy demonstrable consent by receiving the signed disclosure back but are missing all of the upfront requirements (opt-in/hardware-software notice/record retention,etc).

What was the outcome on your scenario? Did you end up using any vendors to demonstrate demonstrable consent?
_________________________
Maybe you just wanna fly the plane yourself. Well good luck pressing take off, then auto pilot, then land.


CRCM

Return to Top
#1731386 - 08/15/12 07:42 PM Re: E-mailing Equals ESIGN [Re: Comply101]
Richard Insley Offline
Power Poster
Richard Insley
Joined: Oct 2000
Posts: 9,810
Toano, VA
Originally Posted By: Garret01
We satisfy demonstrable consent by receiving the signed disclosure back
That doesn't do it for me. ESIGN says "the consumer...consents electronically...in a manner that reasonably demonstrates...." What's electronic about a signed piece of paper?
_________________________
...gone fishing.

Return to Top
#1731447 - 08/15/12 08:41 PM Re: E-mailing Equals ESIGN [Re: Richard Insley]
Norman Paperman Offline
Diamond Poster
Norman Paperman
Joined: Aug 2012
Posts: 1,610
48.934476, -114.343735
I guess I was going with the argument that our customer was able to demonstrate an ability to receive and review the document since it ended up in my hands with a wet signature. Opening an e-mail and printing an attachment doesn't equal "demonstrable consent"? My battle here is whether these can be e-mailed without having a prior opt-in...
_________________________
Maybe you just wanna fly the plane yourself. Well good luck pressing take off, then auto pilot, then land.


CRCM

Return to Top
#1731482 - 08/15/12 11:19 PM Re: E-mailing Equals ESIGN [Re: Comply101]
Richard Insley Offline
Power Poster
Richard Insley
Joined: Oct 2000
Posts: 9,810
Toano, VA
Here's my analysis of this hybrid method:
1. Receiving an email message is an electronic event.
2. Opening an email message is an electronic event.
3. Printing an email attachment is probably an electronic event.
4. Signing a piece of paper is not an electronic event.
5. Delivering a piece of paper is not an electronic event.

Until you reach step 5, you have not obtained the customer's consent, and since the "I consent" language is in the document, the bank has delivered an e-document before obtaining consent. That's putting the horse before the cart and timing becomes a problem. If written disclosures (TIL, RESPA, etc.) must be delivered within a certain number of days and you can't claim you have consent until the customer walks in with the wet-signed document, you've missed the delivery deadline for target documents.

In short, no, you can't email documents prior to consent and expect a judge or regulator to agree that this method satisfies ESIGN. Without an ESIGN "seal of approval", you can't argue that your tree-free documents are "in writing." If they don't count as being "in writing", you have not satisfied the delivery requirements for the disclosures contained in the document(s) and you may face civil liability under TIL, RESPA, etc.

Unfortunately, ESIGN has no regulations and no federal agency has the authority to issue official interpretations. The only way we can know its meaning with certainty is to wait until cases reach the courts. The decisions handed down by federal judges will resolve what is and is not ESIGN-compliant.
_________________________
...gone fishing.

Return to Top
#1731593 - 08/16/12 01:55 PM Re: E-mailing Equals ESIGN [Re: Comply101]
Norman Paperman Offline
Diamond Poster
Norman Paperman
Joined: Aug 2012
Posts: 1,610
48.934476, -114.343735
Richard. Thank you for your commentary. This thread will go a long way toward hammering my point home with our lenders. End game is that we have now found a vendor that will do this for us. We just need to complete our analysis and bid process.

Thanks again!
_________________________
Maybe you just wanna fly the plane yourself. Well good luck pressing take off, then auto pilot, then land.


CRCM

Return to Top
#1740066 - 09/12/12 01:49 PM Re: E-mailing Equals ESIGN [Re: Norman Paperman]
Love Cruising Offline
100 Club
Joined: Mar 2009
Posts: 248
What if you send GFE by email and also place a copy in the mail?

Return to Top
Page 1 of 2 1 2

Moderated by:  Andy_Z