Page 1 of 2 1 2
Thread Options
#356821 - 05/06/05 08:34 PM E-Statements, E-SIGN, and demonstable consent
Anonymous
Unregistered

We have introduced a new internet banking add on that allows our customers to opt-in, online, to receipt of an electronic statement. This is via the "pull" method (they will receive an e-mail notifying them that their statement is available).

In order to opt-in, the customer must access our website, click to indicate that they want to opt-in, access the page with our e-sign disclosures, and click "accept". Obviously, to do all this, they have to be able to read output in html format. The statement is in this same format.

Is this demonstrable consent?

Return to Top
eBanking / Technology
#356822 - 05/06/05 11:31 PM Re: E-Statements, E-SIGN, and demonstable consent
Andy_Z Offline
10K Club
Andy_Z
Joined: Oct 2000
Posts: 27,110
On the Net
If it is a matter of "if they can do this, they can see the statement", then I'd agree it is demonstrable consent. They got the message, read it, followed it to the site and saw the contents just as they would had it been their statement.
_________________________
AndyZ CRCM
My opinions are not necessarily my employers.
R+R-R=R+R
Rules and Regs minus Relationships equals Resentment and Rebellion. John Maxwell

Return to Top
#356823 - 05/07/05 02:38 AM Re: E-Statements, E-SIGN, and demonstable consent
Richard Insley Online
Power Poster
Richard Insley
Joined: Oct 2000
Posts: 9,810
Toano, VA
Sounds like you're almost there. How do you test the "alert message?"
_________________________
...gone fishing.

Return to Top
#356824 - 05/08/05 01:46 AM Re: E-Statements, E-SIGN, and demonstable consent
Anonymous
Unregistered

Related subject, if you are actually turning the paper off, (it depends on your compliance group) but I think you also need to make sure that if the e-mail bounces back to you, you have a means of identifying it and turning the paper back on to send to your customers.

Return to Top
#356825 - 05/09/05 02:05 PM Re: E-Statements, E-SIGN, and demonstable consent
Anonymous
Unregistered

Quote:

Sounds like you're almost there. How do you test the "alert message?"



Quote:

Related subject, if you are actually turning the paper off, (it depends on your compliance group) but I think you also need to make sure that if the e-mail bounces back to you, you have a means of identifying it and turning the paper back on to send to your customers.




Original poster here. Richard, when you refer to testing the "alert message," are you talking about the same thing the 2nd anon is referring to?

We will receive notifications of rejected e-mails and I believe the plan is to contact the customer by phone, and if we are unable to resolve it then we will be going back to paper statements.

Return to Top
#356826 - 05/09/05 02:06 PM Re: E-Statements, E-SIGN, and demonstable consent
Anonymous
Unregistered

BTW, thanks Andy, Richard, anon.

Return to Top
#356827 - 05/09/05 07:11 PM Re: E-Statements, E-SIGN, and demonstable consent
Richard Insley Online
Power Poster
Richard Insley
Joined: Oct 2000
Posts: 9,810
Toano, VA
Quote:

Richard, when you refer to testing the "alert message," are you talking about the same thing the 2nd anon is referring to?



No. In your set up steps I don't see a test to be sure the customer has given you a working EMA and that the customer can navigate to the e-disclosure upon receipt of the email message.
_________________________
...gone fishing.

Return to Top
#356828 - 05/09/05 07:52 PM Re: E-Statements, E-SIGN, and demonstable consent
Anonymous
Unregistered

Quote:

In your set up steps I don't see a test to be sure the customer has given you a working EMA and that the customer can navigate to the e-disclosure upon receipt of the email message.




Ok, well that is kind of the crux of my question. My understanding is that E-SIGN requires some form of demonstrable consent (consent handshake, whatever), that shows the customer is able to receive the disclosures in whatever particular format we provide them.

Ours will be provided in HTML. To sign up for our statement, the customer has to have internet access, a browser, and be able to reach our website. Those are the same requirements to be able to receive their statements in this format.

Does sign up, therefore, equal demonstrable consent?

Return to Top
#356829 - 05/09/05 08:40 PM Re: E-Statements, E-SIGN, and demonstable consent
Richard Insley Online
Power Poster
Richard Insley
Joined: Oct 2000
Posts: 9,810
Toano, VA
Ordinary email "alert messages" are a necessary component of any e-delivery system that complies with Sec. 230.10(d) of Reg. DD and the similar provision in Reg. E. If you have to do it to comply with Regs DD and E, then ESIGN requires you to test it during the test drive.
_________________________
...gone fishing.

Return to Top
#356830 - 05/09/05 08:57 PM Re: E-Statements, E-SIGN, and demonstable consent
Anonymous
Unregistered

Ok. If a test e-mail is sent, is there a requirement that it be responded to? Or is the fact that it isn't rejected sufficient?

This is so much fun.

Return to Top
#356831 - 05/10/05 11:39 AM Re: E-Statements, E-SIGN, and demonstable consent
Richard Insley Online
Power Poster
Richard Insley
Joined: Oct 2000
Posts: 9,810
Toano, VA
Now you're back to ESIGN, which says that your e-delivery: "...satisfies the requirement that such information be in writing if the consumer consents electronically, or confirms his or her consent electronically, in a manner that reasonably demonstrates that the consumer can access information in the electronic form that will be used to provide the information that is the subject of the consent."

To me, a "demonstration" of successful access includes every step the consumer will be required to take in order to receive live statements when the time comes. How will the consumer know that a statement has been rendered unless your alert message reaches him/her?

There are no ESIGN regulations, no agency was appointed to interpret ESIGN, and the courts have not yet interpreted ESIGN through rulings. This is a classic Dirty Harry situation. What is an adequate "demonstration?" If you guess wrong, all of your ensuing periodic disclosures will be void, Reg E liability will never end, and you may face an ugly and expensive enforcement action by your regulator.

"...you've got to ask yourself a question: Do I feel lucky? Well, do ya, punk?"
Harry Callahan
_________________________
...gone fishing.

Return to Top
#356832 - 05/11/05 12:00 AM Re: E-Statements, E-SIGN, and demonstable consent
Andy_Z Offline
10K Club
Andy_Z
Joined: Oct 2000
Posts: 27,110
On the Net
I agree with Richard. While you are most of the way there, the customer must have a way to know a "pull" statement is available. 205.17(c)(2)(i) describes sending an email or postal notification. The latter sort of defeats the purpose here and is moreso the backup.
_________________________
AndyZ CRCM
My opinions are not necessarily my employers.
R+R-R=R+R
Rules and Regs minus Relationships equals Resentment and Rebellion. John Maxwell

Return to Top
#356833 - 05/11/05 10:12 PM Re: E-Statements, E-SIGN, and demonstable consent
Anonymous
Unregistered

guys are we missing the point here? the customer does not receive his statement via email? do any banks send the customer a letter in the mail to tell them that they've sent the monthly statement via US postal service.

The reg E site mentioned by Andy is still just an interim rule and its not even mandatory. If a customer is accustomed to receiving their statement around the 20th, they don't need email access to login and review their statements.

Return to Top
#356834 - 05/11/05 10:27 PM Re: E-Statements, E-SIGN, and demonstable consent
Anonymous
Unregistered

how does a customer know a statement has been rendered when its sent by US mail?

Return to Top
#356835 - 05/11/05 11:32 PM Re: E-Statements, E-SIGN, and demonstable consent
Andy_Z Offline
10K Club
Andy_Z
Joined: Oct 2000
Posts: 27,110
On the Net
Sending the customer an email to pull them in for statements is a good rule. Yes, it is interim final rule and not mandatory. It is also the best guidance we have. If you don't do that, you have increased your risks. I don't believe the average customer knows the date of their statement. This is new technology and there are extra steps to go through. It does have faults. The chance that a consumers email box is full and email is returned is MUCH greater than the USPO returning the statement because his home mailbox was stuffed.
_________________________
AndyZ CRCM
My opinions are not necessarily my employers.
R+R-R=R+R
Rules and Regs minus Relationships equals Resentment and Rebellion. John Maxwell

Return to Top
#356836 - 05/12/05 03:17 AM Re: E-Statements, E-SIGN, and demonstable consent
Richard Insley Online
Power Poster
Richard Insley
Joined: Oct 2000
Posts: 9,810
Toano, VA
The e-Regs are a safe harbor. If you comply with them you will not be liable for delivery violations of Regs E and DD. If you attempt a do-it-yourself approach, you're taking an unnecessary risk. If the Fed finally makes the e-Regs permanent (as it promised in 2001), you will be forced to conform to the current rule.
_________________________
...gone fishing.

Return to Top
#356837 - 05/12/05 03:35 AM Re: E-Statements, E-SIGN, and demonstable consent
Kathleen O. Blanchard Offline

10K Club
Kathleen O. Blanchard
Joined: Dec 2000
Posts: 21,277
Everyone I receive an e-statement or e-bill from sends me an email that it is ready.
_________________________
Kathleen O. Blanchard, CRCM "Kaybee"
HMDA/CRA Training/Consulting/Mapping
The HMDA Academy
www.kaybeescomplianceinsights.com

Return to Top
#356838 - 05/12/05 06:41 AM Re: E-Statements, E-SIGN, and demonstable consent
Anonymous
Unregistered

I think most people would agree that an email alert notice is appropriate in some form or fashion (I would actually prefer notice through a closed system, but that's another topic!)

Just a few other issues to consider:


Here's what E-Sign actually says regarding consent.

(C) the consumer -* * *(ii) consents electronically, or confirms his or her consent electronically, in a manner that reasonably demonstrates that the consumer can access information in the electronic form that will be used to provide the information that is the subject of the consent.

What's considered "reasonable" is still subject to interpretation. Based upon plain reading of the law, I think the important issues for demonstrable access are electronic consent and the format of the information subject to the consent (in this case the periodic statements.)

If the statement was actually delivered as an email attachment in PDF format, then I would agree with Andy, Richard that the user would definitely need to demonstrate the ability to access PDF documents through email. (My ISP blocks virtually all attachments, including PDFs)

If the user disputed receipt of an electronic statement and alert notice, and if the bank can prove the customer has actually logged in and viewed the statement page, wouldn't that be more relevant than proving receipt of alert notice?

Does your system provide a confirmation email notice after receipt of an enrollment form?

If yes, and if that confirmation email notice bounced, that would be a clue not to turn off the paper statements until a valid email address is confirmed.

If no, then could the bank establish internal procedures to send out email notices to confirm: the email address, receipt of the e-statement enrollment and request that the user respond affirmatively by email before turning off paper statements?

One other issue to consider - state UETA laws.. in some states, the consumer protection measures are not as onerous as the E-Sign Act.

just additional thoughts

Return to Top
#356839 - 05/12/05 10:48 AM Re: E-Statements, E-SIGN, and demonstable consent
Richard Insley Online
Power Poster
Richard Insley
Joined: Oct 2000
Posts: 9,810
Toano, VA
Quote:

What's considered "reasonable" is still subject to interpretation.



Agreed--and that's what makes this a risk management issue rather than a cut-and-dried compliance check list. No one has the legal authority to interpret ESIGN except the federal courts. Based solely on the merits of a particular case, a federal judge is free to declare what is reasonable and what is not.

Quote:

Based upon plain reading of the law, I think the important issues for demonstrable access are electronic consent and the format of the information subject to the consent (in this case the periodic statements.)



Your plain reading ignores the central issue - what does an adequate demonstration include?

Quote:

If the user disputed receipt of an electronic statement and alert notice, and if the bank can prove the customer has actually logged in and viewed the statement page, wouldn't that be more relevant than proving receipt of alert notice?



You are not required to prove receipt of e-deliveries or alert messages, only the test message. From that point on, ESIGN "blesses" all e-deliveries by the tested & proven system.

Quote:

Does your system provide a confirmation email notice after receipt of an enrollment form?

If yes, and if that confirmation email notice bounced, that would be a clue not to turn off the paper statements until a valid email address is confirmed.

If no, then could the bank establish internal procedures to send out email notices to confirm: the email address, receipt of the e-statement enrollment and request that the user respond affirmatively by email before turning off paper statements?



Your customer must demonstrate (electronically) receipt of the test message in an affirmative manner. If I understand the preceeding comment, you would consider the message delivered unless you get a bounce-back. That would be a bad assumption because POP servers are not always programmed to bounce back undeliverable messages. If you send a message and the server vaporizes it because the address does not exist, you will never know that the message was not delivered.

Quote:

One other issue to consider - state UETA laws.. in some states, the consumer protection measures are not as onerous as the E-Sign Act.



UETAs have no effect on delivery of federal disclosures. They are state laws. Both Regs E and DD make exclusive reference to ESIGN as the first step in using electronic communication, and Fed staffers have (verbally) confirmed that ESIGN is your exclusive choice when dealing with e-delivery of TIS & Reg. E disclosures (periodic statements.)
_________________________
...gone fishing.

Return to Top
#356840 - 05/12/05 08:48 PM Re: E-Statements, E-SIGN, and demonstable consent
Anonymous
Unregistered

In response to your comments regarding UETAs - I have no argument regarding its effect on the "delivery" of federal disclosures. Its the "demonstrable consent issue" that differs in UETA. If the state has adopted a uniform version of UETA, then it may not be pre-empted.

In response to your comment, "
Your plain reading ignores the central issue - what does an adequate demonstration include?" I believe you're taking a very narrow position. Many will agree with you and some won't. Again its up for the courts to decide.

Again focus on the actual wording in the statue:

*(ii) consents electronically, or confirms his or her consent electronically, in a manner that reasonably demonstrates that the consumer can access information in the electronic form that will be used to provide the information that is the subject of the consent.

As mentioned above couldn't a bank establish their own internal procedures sending out email notices to confirm: the customer's email address, receipt of the e-statement enrollment and request that the user respond affirmatively by email before turning off paper statements?

Doesn't this address this issue?

Has anyone seen a company or bank that tests only the email alert notice? Examples would be most helpful.

If I'm not mistaken the courts look at industry standards when trying to evaluate reasonableness.

I haven't done the legislative homework to review comments from legislators when drafting this provision, but I think that would also be relevant.

It would be most interesting to hear what an attorney or examiner thinks on this issue as that will probably guide most risk management practices.

Return to Top
#356841 - 05/12/05 10:14 PM Re: E-Statements, E-SIGN, and demonstable consent
Richard Insley Online
Power Poster
Richard Insley
Joined: Oct 2000
Posts: 9,810
Toano, VA
Quote:

If the state has adopted a uniform version of UETA, then it may not be pre-empted.



Section 102 of ESIGN permits UETAs to modify, limit, or supersede ESIGN's consent provisions with respect to State law, only. This variance applies only if your state's UETA meets several standards. If it does not meet these standards then it is preempted by ESIGN.

Quote:

I believe you're taking a very narrow position. Many will agree with you and some won't. Again its up for the courts to decide.



I am taking a safe position. Why would you want to ignore a safe harbor (the e-Regs' delivery system) and take the risk that every e-statement you have ever sent could be ruled NOT to be a valid for Reg E and Reg DD purposes? You would open your bank to substantial retroactive penalties and cost.

Quote:

As mentioned above couldn't a bank establish their own internal procedures sending out email notices to confirm: the customer's email address, receipt of the e-statement enrollment and request that the user respond affirmatively by email before turning off paper statements?

Doesn't this address this issue?



ESIGN does not specify each step you must take or that you must take them in a particular sequence. If you have confirmed separately that your messages are reaching the email address, and that the consumer knows where the e-statements will be located, how to download them, and how to open, print or save the content, then you have probably touched all the bases.

Quote:

Has anyone seen a company or bank that tests only the email alert notice?



This would never be sufficient without also testing the customer's ability to obtain, open, and use a test document.

Quote:

If I'm not mistaken the courts look at industry standards when trying to evaluate reasonableness.



Yes, that's right, provided the standards are consistent with the requirements of the law.

Quote:

I haven't done the legislative homework to review comments from legislators when drafting this provision, but I think that would also be relevant.



The legislative history includes strong objections from consumer advocates to UETA-like opt-in systems that may impose e-delivery on unsophisticated consumers. These groups lobbied for confirmation of receipt of each e-document before it would be recognized as a legal alternative to paper. Businesses objected strenuously, indicating that such a burden would make the service impractical. The compromise was the informed consent system found in Section 101(c)(1)(C)(ii) of ESIGN--one successful test drive of the system before the e-documents would be treated as legal.
_________________________
...gone fishing.

Return to Top
#356842 - 05/19/05 06:52 PM Re: E-Statements, E-SIGN, and demonstable consent
Anonymous
Unregistered

I am taking a safe position. Why would you want to ignore a safe harbor (the e-Regs' delivery system) and take the risk that every e-statement you have ever sent could be ruled NOT to be a valid for Reg E and Reg DD purposes? You would open your bank to substantial retroactive penalties and cost.

******************************************
Sorry, but I think the issue in debate is demonstrable consent and neither Reg E or DD cover this issue. In the situation described by the anonymous user..they are sending the email.so they are not ignoring what you perceive as a safe-harbor. E-Sign and UETA would cover this issue at debate. Take note of this provision in the E-Sign Act; if it also applies to statements, then it seems logical that the statements themselves would not be invalidated simiply because a bank failed to test an alert email notice that statement was available.

Just my thoughts..I think we'll just have to agree to disagree on this. Personally I think its best to seek an attorney's opinion on these types of issues.

"

(3) EFFECT OF FAILURE TO OBTAIN ELECTRONIC CONSENT
OR CONFIRMATION OF CONSENT.The legal effectiveness,
validity, or enforceability of any contract executed by a consumer shall not be denied solely because of the failure toobtain electronic consent or confirmation of consent by that consumer in accordance with paragraph (1)(C)(ii)."

Return to Top
#356843 - 05/20/05 03:08 AM Re: E-Statements, E-SIGN, and demonstable consent
Richard Insley Online
Power Poster
Richard Insley
Joined: Oct 2000
Posts: 9,810
Toano, VA
I give up. Since virtually everyone posting to this thread is anonymous, I have no idea how many different sets of facts and positions are being debated.
_________________________
...gone fishing.

Return to Top
#356844 - 05/20/05 06:00 AM Re: E-Statements, E-SIGN, and demonstable consent
Andy_Z Offline
10K Club
Andy_Z
Joined: Oct 2000
Posts: 27,110
On the Net
The reason many were skeptical of UETA was because the siding salesman could take his laptop into granny's home and have her agree to e-documents and then leave with his laptop. That same premise holds here. They may have accessed your web site and viewed the test statement. But the bank hasn't tested any notices to the consumer. Not doing so would be dangerous in my mind. Yes, most who access the web have email. But I'd want to go through the demonstrable consent hoops. If we agree to disagree, so be it.
_________________________
AndyZ CRCM
My opinions are not necessarily my employers.
R+R-R=R+R
Rules and Regs minus Relationships equals Resentment and Rebellion. John Maxwell

Return to Top
#356845 - 01/17/06 04:13 PM Re: E-Statements, E-SIGN, and demonstable consent
ecompliance Offline
New Poster
Joined: Jan 2006
Posts: 2
Hi, everyone..interesting thread. There must be many companies that are not complying with Richard's interpretation. From personal experience, I've found that many of the larger cc companies (e.g. american express) do NOT test drive the email alert system as part of the consent process, nor do they test the ability to access PDF documents.

Return to Top
#356846 - 03/01/06 06:56 PM Re: E-Statements, E-SIGN, and demonstable consent
mrbsaaml Offline
New Poster
Joined: Mar 2006
Posts: 1
My company requires customers, when activating their account via IVR or on our website, to agree to electronic (website/email)delivery of statements and disclosures and confirm that they have the means to access this information. We believe we are ok as far as those who access the website; and while we have records of the acknowledgements received via ivr, they haven't actually "demonstrated" the ability to access our website. Note: all customers receive a hard copy of our t&cs when they submit their account application. Thoughts

Return to Top
Page 1 of 2 1 2

Moderated by:  Andy_Z