Thread Options
#2230592 - 02/07/20 11:21 PM ESign Disclosure Delivery
Brooke H Offline
Junior Member
Joined: Mar 2015
Posts: 41
Our bank is looking at using a program to deliver required disclosures and I have concerns about how their process is being done. There is a link for the ESign consent on the webpage and next to it a box that you must check to move on. My concern is that you can check the box saying "I have reviewed and agree" to the terms of the ESIGN Consent without having ever clicked on the link for the ESign Consent. This does not appear to be compliant. Am I looking at this wrong?

Return to Top
eBanking / Technology
#2230597 - 02/08/20 01:16 AM Re: ESign Disclosure Delivery [Re: Brooke H]
Richard Insley Offline
Power Poster
Richard Insley
Joined: Oct 2000
Posts: 9,729
Toano, VA
What items does "required disclosures" include?
How will these disclosures be delivered (push/pull, file formats, etc.)?
_________________________
...gone fishing.

Return to Top
#2230653 - 02/10/20 06:44 PM Re: ESign Disclosure Delivery [Re: Brooke H]
Brooke H Offline
Junior Member
Joined: Mar 2015
Posts: 41
This is in relation to opening a deposit account and would be all the required disclosures for that. These disclosures are delivered in pdf form by logging into a website after receiving an email. The ESign consent is also in pdf form so if they view that then they would be able to view the disclosures that will be delivered. That is the concern I have. If they don't view that then how do we show that they have the ability to view the future disclosures that will be sent to them and them "checking a box" that they have viewed it doesn't seem like enough to me.

Return to Top
#2230671 - 02/10/20 08:31 PM Re: ESign Disclosure Delivery [Re: Brooke H]
Richard Insley Offline
Power Poster
Richard Insley
Joined: Oct 2000
Posts: 9,729
Toano, VA
You're exactly right. Your problem begins and ends with Reg. E and any other deposit reg that requires delivery of required disclosures "in writing." For e-delivery of documents containing disclosures that must be "in writing", you have to walk each customer through ESIGN's "informed demonstrable consent" process.

The deficiency you've identified boils down to someone reading the word "demonstrate" and understanding it to mean "declare." What you describe is a simple declaration that can be made (by checking a box) with no evidence that the user has gained the necessary understanding of your e-delivery system. Lacking that evidence, you cannot prove that your Reg E (and other "written") disclosures were delivered "in writing"...none of them...a portfolio-wide systemic violation.

ESIGN grants you a type of license--very much like your driver's license. Checking a box on your account opening form is comparable to telling DMV that you know how to operate your car and refuse to take the behind-the-wheel part of the license exam. Your site designer needs to add a "test drive" that is non-bypassable and will stand up in court when the customer claims "I never got that disclosure because it was not "in writing."
_________________________
...gone fishing.

Return to Top
#2230675 - 02/10/20 09:41 PM Re: ESign Disclosure Delivery [Re: Brooke H]
Brooke H Offline
Junior Member
Joined: Mar 2015
Posts: 41
That is exactly what I thought. What is crazy to me is this is a solution that is being offered by our core. Our core is fairly widely used, so how this has not been figured out as an issue yet I don't understand. I came across this while vetting the system before use and it is obviously not compliant.

Return to Top
#2230696 - 02/11/20 04:15 PM Re: ESign Disclosure Delivery [Re: Brooke H]
Richard Insley Offline
Power Poster
Richard Insley
Joined: Oct 2000
Posts: 9,729
Toano, VA
Originally Posted by Brooke H
how this has not been figured out as an issue yet I don't understand.
Unless something's changed (a lot) regulators are partly to blame. With rare exception, from day #1 they saw no reason to examine and criticize these deficient ESIGN opt-in mechanisms. If they discovered a bank that didn't give Reg. E disclosures at all, they would have gone apoplectic...but the electronic equivalent didn't cause them to blink. Banks and vendors take their cues from the regulators, and there are always bigger fish waiting to be fried. Post implementation, the industry attitude about a legal/regulatory issue is "if it ain't broke, don't fix it."
_________________________
...gone fishing.

Return to Top
#2230699 - 02/11/20 04:31 PM Re: ESign Disclosure Delivery [Re: Brooke H]
Adam Witmer Offline
Diamond Poster
Joined: Sep 2010
Posts: 2,256
Great points Richard. Personally, I don't see this much different than UDAP once being considered a low-risk rule by the Federal Reserve to UDAAP becoming a major issue after the abusive standard of Dodd-Frank gave new life to the examiners' bar of expectations. In other words, I see this as a problem just waiting its turn to become the next hot topic.
_________________________
Adam Witmer, CRCM

All statements are my opinion, not those of my employer, and should not be taken as legal advice.
www.compliancecohort.com

Return to Top
#2230731 - 02/11/20 07:05 PM Re: ESign Disclosure Delivery [Re: Brooke H]
Richard Insley Offline
Power Poster
Richard Insley
Joined: Oct 2000
Posts: 9,729
Toano, VA
This year is the 20th anniversary of the enactment of ESIGN and bankers/vendors are still making the same mistakes. They skim through ESIGN's pre-consent disclosures, read "declare" in place of "demonstrate", and then create a typical customer service agreement. Since ESIGN has no penalties...done! They totally miss the connection between ESIGN and the laws/regs that actually have teeth...especially when violations are systemic.

Any time I saw a systemic legal/regulatory issue with the potential to inflict unacceptable consequences, that issue went on my very-short list. SOP for this list was "don't do the crime if you can't do the time." Everything else moved to second place when there was something on the very-short list.

This happened in the mid-70s when the regulators adopted TIL enforcement policies that would result in unlimited retroactive reimbursement for TIL violations that were routinely handled as technicalities by field examiners. Unlimited exposure gets my attention every time.

It happened again in the late '80s (early '90s?) when the regulators notified banks that they were stepping up their CRA supervisory efforts. I was designated as the bank's CRA officer. The regulator's letter went on to say that the agency expected to find banks carrying out their reinvestment responsibilities in a manner comparable to a major product or business initiative. I managed regulations, not product lines, so I handed the letter to my boss (senior corporate counsel) and asked her to read it. When she was done, she scheduled a meeting with the bank president. We explained why we viewed this simple letter as a seismic shift in the regulatory landscape, and asked him to read it. The next morning he called us back to his office, relieved me as CRA officer, and assumed the title himself! We stopped treating Reg BB as a regulation and began managing it like the potential growth-killer it had become.

In the mid-'90s, we relearned the lesson that "not criticized" isn't the same thing as "compliant." Reg. Z had been around for 20+ years and we thought we knew what was and wasn't a Finance Charge. Then, an erroneously disclosed $22 FedX delivery fee imposed on Martha Rodash threatened to collapse the entire U.S. mortgage lending industry...requiring an act of Congress to avert disaster. The regulators missed that one, too.
_________________________
...gone fishing.

Return to Top
#2230774 - 02/12/20 01:25 AM Re: ESign Disclosure Delivery [Re: Brooke H]
Brooke H Offline
Junior Member
Joined: Mar 2015
Posts: 41
Unfortunately when I, as the Compliance Manager, bring up an issue that our core does not see as a problem, like ESign Consent, sometimes it's difficult to get the right people to agree that I may be right and the vendor may be wrong.

Return to Top
#2230782 - 02/12/20 01:11 PM Re: ESign Disclosure Delivery [Re: Brooke H]
Adam Witmer Offline
Diamond Poster
Joined: Sep 2010
Posts: 2,256
That is a tough position to be in Brooke, and I've been in those shoes. There have been enough CMPs and violations (including UDAAP) caused by vendors over the last decade or so that banks should absolutely be questioning practices by vendors and not blindly following suit. In fact, the CFPB's most recent exam procedures for a compliance management system (CMS), includes an entire module (3) dedicated to "third party oversight."

In my opinion, third party oversight, while already a hot topic, is still evolving and banks that aren't proactive in this area are just gambling with violations. The last thing you want to have happen is to have an examiner come in and say: "Oh, since you use so-and-so (vendor), I can tell you right now that we will be writing you up for this ____."
_________________________
Adam Witmer, CRCM

All statements are my opinion, not those of my employer, and should not be taken as legal advice.
www.compliancecohort.com

Return to Top
#2230799 - 02/12/20 03:38 PM Re: ESign Disclosure Delivery [Re: Brooke H]
Richard Insley Offline
Power Poster
Richard Insley
Joined: Oct 2000
Posts: 9,729
Toano, VA
Originally Posted by Brooke H
it's difficult to get the right people to agree that I may be right
This is the perfect time to review your job description, business plan, and objectives--the corporate statements that define your position. If any of these declarations of purpose and plan, ANY of them, say it is your job to get the bank into compliance with applicable laws/regs and keep it there, then you need to make some changes. Unless you can issue and rewrite operating procedures, hire and fire the officers and staff of affected business units, and command the units' budget, there's no way you can control outcomes. The best you can do is play the role of Jiminy Cricket. Document the advice and assistance you provide to those who actually DO have the authority to hire, fire, and spend. Whenever possible, focus that advice on risk and cost...sure, the law is the law, but some issues (this one, for example) come in grey and require decisions.
_________________________
...gone fishing.

Return to Top

Moderated by:  Andy_Z