We are in the process of offering e-statements to all our customers with online banking.

The vendor has offered us a product where there will be a link within our online banking statement area that the customer can click on to sign up for e-statements.

The link is an html document....within the document is a link to a pdf document with instructions for the customer to click on it and if unsuccessful at opening they are given a link to the adobe website to download the necessary software AT THEIR OWN RISK. Within this document they are stating that have successfully opened a pdf document before clicking the agree button to receive only electronic copies of statements.

Is this REASONABLE demonstrable consent....I have read several posts about needing actual proof....but I would like to know if any others do something similar to this and if it has passed with examiners.

Thanks for any input...

No, I wouldn't call it a demonstration. It's a declaration with no supporting evidence of success. There are many ways to turn this into a meaningful demonstration. For example, you could change the signup page to 2 or 3 linked pages.

Page 1 would be all of the preconsent disclosures and a "continue" button which takes you to page 2.

Page 2 would begin with an explanation and instructions for the "test drive", including:
1. a button to open the test pdf document (a mockup of your deposit statement would appear in a new window),
2. instruction to retrieve a piece of information from the test document ("ending balance" would be nice) and then close the test document,
3. instruction to enter the retrieved information into the single field on this page and then click the "I consent" button ("agree" does not track ESIGN's requirements.)

When the customer clicks the "I consent" button, your server would validate the data submitted. If the data is bad, the server would demand a valid response before completing the opt-in. It might also provide a "help" phone number and anything else necessary to accomplish the opt-in. If correct data was submitted, the server would set this customer's ESIGN flag (only for the account just processed) and capture IP, timestamp, test value the customer entered, and anything else you would like to have in hand if the opt-in is later challenged in court or by an examiner.

I have seen systems where the system could tell if a customer was able to open the link and click to proceed. If they could not open it successfully, it stopped right there and they could not go forward because it had to open and be accepted. Can't open, can't accept, can't move forward. The accept button is inside the document that must open. The disclosures to be delivered are in this same electronic format that can be printed, saved, etc but is not a pdf. The customer cannot even move on to read the disclosures if they cannot open the first document and accept it.

If they successfully open the PDF and within the PDF is an actionable "I agree" button that they must click, the only way they can agree is by successfully opening the PDF document. I would say that is demonstrable consent. Just a different, more automated flavor of the process Richard Insley mentioned.

Who is the provider? I'd be interested in seeing that method... it saves the user error of having to copy/paste some random information into their browser.

This system is definitely head & shoulders above many methods I've heard about. The customer couldn't argue that s/he was unable to access and open the test document. One small risk is that the customer claims s/he could open the document, but not read the content. A button would be clickable even if the customer could only see chicken tracks. It would seem that there could be no believable argument that the test failed if the customer had to read and then enter text or numbers into a form field before clicking the button. That couldn't happen by accident.

Thank you so much to all of you for your input. You have given me plenty of support to suggest rethinking using this method offered by the vendor.

Thanks again!!