Would anyone here insights on areas of focus for an E-Sign Compliance Review or a E-Sign Compliance Review program?

Thanks!

I review the overall process. I take all channels that deliver account disclosures (online account opening, electronic statement requests, internet banking disclosures, etc) and review each process and how the ESIGN disclosure is received. For example, estatements are delivered in PDF format so I review the ESIGN disclosure to make sure it comes in PDF and review the content, etc. Internet Banking disclosures are HTML so I review to make sure disclosures are appropriate, etc. Review the overall process to make sure you get the demonstrable consent required.

Thank you for your insights and feedback. It is very appreciated!

ESIGN is unlike any other law or regulation governing banks. It only does two things: legalize electronic signatures and list the steps by which electronic documents can become the legal equivalent of paper documents.

ESIGN's e-signature authorization is automatic. Nobody has to do anything to obtain it, so there's nothing to audit. That doesn't mean e-signatures are risk-free or that there's no need for audit, however. ESIGN does not define what is or is not an e-signature and provides no basis for defending the bank's interests in the event a customer repudiates his/her electronic signatures. That leaves substantial operational and technological risks which could lead to sizeable losses. Those losses would not include ESIGN penalties because it has none.

There are several types of risk associated with document delivery, but ESIGN only touches one of them--delivery medium. Like e-signatures, ESIGN declares that e-documents can be the legal equivalent of paper. When consumers will be the recipients of e-documents, ESIGN requires the "informed demonstrable consent" handshake. If it meets ESIGN's standards, one "handshake" causes the ensuing e-documents to be "written." Proving that a particular document or series of documents is "written" is necessary to prove that you are in compliance with an assortment of federal laws and regulations, including Regs B, E, Z, and DD.

Compliance with ESIGN, therefore, is only relevant in the context of one or more other federal laws or regulations. So, in most cases, it makes more sense to focus your audits of e-documents on the law/reg that requires the documents, not ESIGN. Also worth noting: all of the "teeth" are in the consumer protection laws/regs, not ESIGN.

Think of this like your driver's license. The law does not require you to have a driver's license. It DOES require you to maintain one IF you want to use the highway. A police officer would cite you for "driving without a license", not "failure to obtain a license." ESIGN works the same way--you're cited for violations of Regs. E and DD if you substitute electrons for paper deposit account statements without getting the consumer's consent in the ESIGN-prescribed manner.

Thank you for the information.