Six things financial institutions should know about eSignatures
1. Make sure you have digital documents
If you are new to electronic signatures, it is important to lay the groundwork first by ensuring that the financial institution is able to support digital documents.
Instituting digital documents is a comprehensive process, requiring consideration of many factors, such as how documents will be stored, the security protocols that will protect them, where disaster recovery systems will be held, and how digital documents will be managed internally.
Meeting these needs can require technology upgrades, and in some cases, the hiring of new talent to manage associated systems and processes. According to the FDIC, electronic documents could have an active life of thirty years or more, as well as an additional 3- to 5-year retention life. Since some financial institutions never destroy old loan documents, digital storage needs could be extensive.
2. eSignature regulation can differ by state
During the COVID-19 crisis, electronic signatures gained traction as a quick and legal way to obtain document signatures without in-person contact. As we move beyond the pandemic, the online transactions that drive the need for e-signatures are likely to retain their consumer appeal.
The Uniform Electronic Transactions Act (UETA) and the Electronic Signatures in Global and National Commerce Act (ESIGN) make electronic signatures and records enforceable by granting them the same validity as manually signed, paper-based transactions.
When preparing to use electronic signatures, banks and credit unions will need to adhere to the appropriate regulations for the state in which they are conducting business. UETA has been adopted by forty-seven states, and in most cases, supersedes the federal ESIGN act. Three states, Illinois, New York, and Washington have not adopted UETA and are therefore subject to individual state mandates as well as the overarching ESIGN regulations.
3. Digital documents are subject to some federal banking regulations
Electronic signatures have become common in multiple industries, used for everything from signing a DoorDash receipt to scrawling your electronic autograph on a tablet when renting a car. For certain, all electronic signatures that meet the proper regulations are considered valid, but financial institutions are governed by more extensive oversight than other types of businesses. Many of these regulations will have an impact on the use of electronic signatures within the community bank or credit union, depending on the product or line of business.
“One thing to keep in mind is that financial institutions are highly regulated and there are many federal disclosures that apply to taking deposits, making loans and other consumer-related activities,” said Melinda Williams, Principal Compliance Counsel, Finastra. “And those disclosures are subject to much stricter regulation than those imposed under UETA.”
As federal documents, these types of disclosures fall under the consumer consent requirements of the federal ESIGN Act, federal regulations that must be satisfied before disclosures may be provided electronically. Banks and credit unions need to be aware of the additional governing requirements to ensure compliance with all applicable laws and regulations.
4. Know how to manage your risk
For financial institutions, something as simple as an electronic signature could put the organization at risk if not handled properly. For example, many banks sell or collateralize loans. What if a loan that was signed electronically in Virginia under UETA now passes to an organization in Illinois where the same regulations are not in force?
E-signatures, like anything, are not a hundred percent risk free. Financial institutions will need to review processes from both an upstream and downstream perspective, taking into account what the organization wants to achieve and in what lines of business they want to achieve it. They will then need to weigh the potential outcomes against the organization’s risk appetite.
It may be that the bank or credit union is willing to accept the risk of e-signatures on loan documents, for example, because the financial institution holds the notes. In other lines of business, the bank or credit union could easily decide to maintain the physical signature process. They may also opt for a hybrid model where electronic signatures are used in situations of minimal risk and physical signings come into effect where the risk is deemed too burdensome.
5. Decide how to handle customer authentication
In order to accept electronic signatures, financial institutions need to verify the identity of the customer signing documents. This is usually accomplished through a party known as a Certificate Authority or CA. The CA independently verifies a customer’s identity before a signature is accepted and then generates a digital certificate as validation.
Community banks and credit unions can become a CA, but the process is usually cost prohibitive for financial institutions operating at this scale, so third-party solutions are optimal. However, the FDIC warned, in a bulletin to Chief Executive Officers of All FDIC Insured Banks, that financial institutions engaging with “certificate authority (CA) start-up organizations may find themselves using digital signatures that are unverifiable or information systems that have no technical support.”
Financial institutions are encouraged to vet vendors thoroughly and seek those that have extensive backgrounds in financial services.
6. Watch for upcoming legislation
The good news on the e-signature front is that upcoming legislation could simplify and streamline the world of e-signing in the near future. In July of 2020, U.S. Senators John Thune (R-S.D.), Jerry Moran (R-Kan.), and Todd Young (R-Ind.), members of the Senate Committee on Commerce, Science, and Transportation, which has jurisdiction over technology and consumer protection, introduced the E-SIGN Modernization Act. While details are still scant, the legislation proposes to update ESIGN to reflect advancements made in technology since the passage of the act 20 years ago.
Currently, E-SIGN requires consumers to reasonably demonstrate that they can access documents electronically before they can receive documents for electronic signing. The new legislation would repeal this requirement. If approved, consumers will need only to sign disclosures, and all subsequent documents can be passed through the same channels.