E-Signature Webcast for Financial Services Legal Counsel

8/3/2019 E-Signature Webcast for Financial Services Legal Counsel

1/59

E-Signatures for FinancialServices

Silanis Technology Inc., 2011 All Rights Reserved

Legal & Regulatory Update

Thursday, October 20, 2011


2/59

Welcome

Toll Free 888-600-4866

Toll: 913-312-9303

939743LIVE MEETING TECHNICAL SUPPORT

- - -

Margo Tank

Partner

Michael Laurie

Vice President Strategic Development

R David Whitaker

Sr. Company Counsel


uc ey an er Silanis Technologye s argo


3/59

Key Drivers for E-Signatures within Banks

CUSTOMER

EXPERIENCE

REDUCING

OPERATIONAL

COST

AND

TRANSFORMATION

The big banks investments in2Q10 in online banking ideally

RISK EFFICIENCY

Banks interest in adopting

Robo-signing could ultimatelyinvalidate tens of thousands of

offer their customers morepersonalization capabilities.

Gartner, October

e-s gna ures as s yroc e ein the past 12 to 24 monthsthinner profit margins, and the

need to cut costs internally,has sparked the financial

,say legal experts. Analysts sayit could top $20 billion

September, Huffington Post

services industry to adoptan electronic strategy thatembraces efficient, straightthrough processing.Banks IT spending research

High street banks were underintense pressure to give uptheir fight against paying outclaims for mis-selling payment

Forrester, Januaryn ca es an emp as s onretail customer-orientedinvestments.

Gartner, October

protection insurance, afterLloyds Banking Groupssurprise 3.2bn provision tocover claims by millions of


. May, The Guardian


4/59

E-Signature Benefits Risk Reduction

Key CFPB regulations to define terms such as excessive and abusive are

forthcoming. However, it is important to recognize right away that violations of

these provisions will be costly, and risk mitigation activities should commence

August 2010, PWC, A Closer Look Dodd-Frank

New consumer credit rules require lenders to make sure borrowers understand

the details of a loan and carry out thorough checks on any borrowers, so you can

be confident that what you receive is suitable for your circumstances.

February 2011, The Guardian

Judges have ruled that foreclosing based on flawed or missing evidence

violates longstanding laws meant to protect all Americans' property rights.


- July 2011, Reuters


5/59

Online Business Transactions - Challenges

Products, Channels

us nessClients, Agents

eop e

Laws & Regulations

ComplianceDocuments, Disclosures, etc.

Documents

RulesSystems


Process, Parameters-commerce, ar y


6/59

The E-Signature Advantage

More control

Enforce re uired com liance rocesses and rules

More visibility

Monitor transactions and receive notifications in real-time

More evidence

How transaction documents were viewed and signed

More flexibility

Automate efficiency for branch, online, mobile and partners

Less Risk

Reduce compliance and legal risk with better processes



7/59

Overview

e era an a e aw a a e se o ec ron c gna ures

Federal E-SIGN Act since 2000 UETA Adopted in 49 jurisdictions

,fundamental premise: electronic records and signatures cannot be deniedsolely because of their electronic form

Overarching focus in 2011 is moving from understanding legal framework tomp emen a on

Questions Become: How reliable are electronic signatures and records? How do authenticate individuals?

How can I minimize transaction and compliance risk? Are contested electronic records and signatures admissible and enforceable? Will subsequent transaction parties or the government accept electronic signatures and

records?

1


8/59

Legal Framework

ESIGN and UETA: Enable the Presentation of Information (e.g., Disclosures) and Electronically

Signed Agreements Where Ink and Paper Would Have Been Required

Requires Firm Grasp Of:

Interaction Between the Electronic Processes Used to Sign and StoreElectronic Records

- equ remen s Underlying Substantive Law (e.g., TILA, GLBA, State Disclosure & Record

Retention Laws) Regulator Acceptance

2


9/59

ESIGN and UETA Basics

Basic Rules:

A record or signature may not be denied legal effect or enforceability because it is inelectronic form. A contract may not be denied legal effect or enforceability solely because an electronic

record was used in its formation. ny aw t at requ res a wr t ng w e sat s e y an e ectron c recor . Any signature requirement in the law will be met if there is an electronic signature.

Electronic Record: A record, created, generated, sent, communicated, received or.

record includes a transferable record.

Electronic Signature:

Any sound, symbol or process; Attached to or logically associated with an electronic record; and Executed or adopted with the intent to sign the electronic record. May be accomplished through technology, through processes and procedures, or through a

combination of both.

3


10/59

ESIGN and UETA:

Both laws act as overlay statutes;

Both laws will likely apply to the transaction;

Both laws recognize electronic signatures any kind;

Both laws recognize electronic records disclosuresand agreements;

4


11/59


Both laws re uire transaction art consent

Both laws accept electronic records forretention/admission process. The record holder mustbe prepared to demonstrate that the electronic record:

was signed or delivered;

Is accessible to anyone entitled to access the record holders copy ofthe Record under an applicable rule of law or agreement;

an e accura e y repro uce or a er re erence; an Is capable of being retained (in some cases at the time the record is

provided) by transaction participants to whom it has been madeavailable for review or signature.

5


12/59


Both laws exclude:

Wills, codicils and testamentary trusts;

Letters of Credit (covered by revised UCC Article 5);

Securities (covered by UCC Revised Article 8);

Securit interests in oods and intan ibles covered b UCC Revised Article9);

Software licensing laws (if State has adopted UCITA);

Most laws concerning checks.

6


13/59


Both a l to:

Consumer protection laws;

Laws governing real estate transactions (subject to special rules concerningdocuments to be filed of record);

Laws of agency;

Laws covering powers of attorney;

Laws requiring notarization of documents;

Laws governing trusts (except testamentary trusts);

aws concern ng e su m ss on o ocumen s o, or ssuance o ocumen sby, government authorities (subject to special rules ).

7


14/59

Creating a Reliable Electronic Record

Creatin reliable electronic si natures and records are

critical for a number of reasons:

Comply with state or federal writing, signing and original requirements

Meet state or federal record retention requirements

Obtain admission of electronic records into evidence in the event of a disputethe mere fact that information has been created and stored within a com utersystem does not make that information reliable or authentic).

8


15/59

Identifying Risks

Authentication Risk: The risk is that the signer says that is not my signature;

Is the signer:

who they say they are

o ey ave e au or y o n Company relying on the signature has to bear the burden of proof.

The risk is that the rules and regulations that govern the transaction are not

met.

time in the transaction (possible statutory penalties).

For example: ESIGN & UETA requirements are not met (consequence mayinclude statutory penalties based on conclusion that required disclosure was

9

.


16/59

Identifying Risks

Re udiation Risk:

The risk is that the signer says that is not the record that I signed or thedisclosure that I received.

Admissibility Risk: The risk is that the electronic record is not admissible into evidence or for

regulatory purposes.

Introduction into evidence will require proof of integrity:

Identification to original transaction

Freedom from alteration

10


17/59

Regulatory Activity

FRB - Electronic Communication Rules for Consumer protectionstatutes (e.g., Reg Z, Reg D, Reg E)

OCC Bulletins on Consumer Consent and Record Retention

HUD/FHA Mortgagee Letter on Purchase and Sale Contracts

FFIEC Authentication in an Online Banking Environment

2011 Supplement: periodic risk assessment, minimum controls, layered

secur y

States Disclosures, Record Retention, Mail Requirements

11


18/59

Emerging Principles/Significant Cases InvolvingElectronic Records

Authentication and Authority The Prudential Ins. Co. of America v. Dukoff, No. 07-1080, 674 F.Supp. 2d 401

(E.D.N.Y. Dec. 18, 2009) (materially false statements made by reasonablyauthenticated insurance applicants may be used to challenge the validity of theapplication); National Auto Lenders, Inc. v. SysLOCATE, Inc., No. 09-21765, 686

. . . . . . ,unenforceable where website operator knew the persons accepting theagreement lacked actual or apparent authority).

ec ron c gna ures mee a u e oFrauds Writing Requirements Shattuck v. Klotzbach, 14 Mass. L. Rptr. 360 (Super. Ct., Mass., December 11,

2001); (Signed emails could be used to prove the existence of a real estate sale

contract); but see Rosenfeld v. Zerneck, 4 Misc. 3d 193, 776 N.Y.S.2d 458 (Sup.Ct., Kings Co. 2004); Vista Developers Corp. v. VFP Realty LLC, 17 Misc. 3d914, 847 N.Y.S.2d 416 (Sup. Ct., Queens Co. 2007)(no agreement reached onessential terms of transaction).

12


19/59


Clearly Presented Agreements and Disclosures willbe Enforced Unless Unconscionable, No Opportunity to View

Terms, or for Reasons other than being Solely in Electronic Form Evans v. Linden Research, 763 F. Supp. 2d 735 (E.D. Pa. 2011) (mandatory forum selection

-California law where users had to check box to agree to terms each time there was achange); Berry v. Webloyalty.com, 2011 U.S. Dist. Lexis 39581 (S.D. Cal. April 11, 2011)(disclosures made on online club enrollment page sufficient to place reasonable consumerson notice and sufficiently clear and readily understandable to satisfy the Federal ReserveBoards standard for electronic signatures); Fusha v. Delta Airlines, Inc., 2011 U.S. Dist.Lexis 97295 (D. Md. Aug. 30, 2011) (customer bound by forum selection clause contained interms of use, even where she did not remember reading the terms); but see Koch Industriesv. John Does, 2011 U.S. Dist. Lexis 49529 (May 9, 2011) (terms of use unenforceable where

bound by them); Schnabel v. Trilegiant Corp., 2011 U.S. Dist. LEXIS 18132 (D. Conn.Feb. 24,. 2011) (court refused to enforce arbitration clause in website agreement whereplaintiffs were not presented with chance to view terms before acceptance)

13


20/59


Preserving evidence of data integrity, screen shots and process flows isessential

Lorraine v. Markel American Ins. Co., 241 F.R.D. 534, 538 (D.Md. 2007). Judge Grimm in Lorraine v. MarkelAmerican Ins. Co., 241 F.R.D. 534, 538 (D.Md. 2007): [C]onsidering the significant costs associated withdiscovery of ESI, it makes little sense to go to all the bother and expense to get electronic information only tohave it excluded from evidence or rejected from consideration during summary judgment because theproponent cannot lay a sufficient foundation to get it admitted.

In Re Vee Vinhnee, 336 B.R. 437 (9th Cir. BAP (Cal.) 2005) Court refused to admit electronic credit cardtransaction records due to inadequate authentication.

11-Factor Foundation For Electronic Records:

The business uses a computer. . The business has developed a procedure for inserting data into the computer. The procedure has built-in safeguards to ensure accuracy and identify errors. The business keeps the computer in a good state of repair. The witness had the computer readout certain data. The witness used the ro er rocedures to obtain the readout.

The computer was in working order at the time the witness obtained the readout. The witness recognizes the exhibit as the readout. The witness explains how he or she recognizes the readout. If the readout contains strange symbols or terms, the witness explains the meaning of the

symbols or terms for the trier of fact. Id. at 14 (citing Edward J. Imwinkelried, Evidentiary

14

. . .


21/59


The primary authenticity issue as identified by the court in In Re Vee, . . . . ,

. . . what has, or may have, happened to the record in the interval between when it wasplaced in the files and the time of trial. In other words, the record being proffered must beshown to continue to be an accurate representation of the records that originally was created. . . . Hence, the focus is not on the circumstances of the creation of the record, but rather on

assure that the document being proffered is the same as the document that was originallycreated.

The court focused on the 4th factor and noted that for electronicallystored information:

[t]he logical questions extend beyond the identification of the particular computer equipmentand programs used. The entitys policies and procedures for the use of the equipment,database, and programs are important. How access to the pertinent database is controlledand, separately, how access to the specific program is controlled are important questions.

ow c anges n t e ata ase are ogge or recor e , as we as t e structure animplementation of backup systems and audit procedures for assuring the continuing integrityof the database, are pertinent to the question of whether the records have been changedsince their creation.

15


22/59


American with Disabilities Act and the Internet Earll v. eBay, Inc., No. 5:11-cv-00262-JF (N.D. Cal. Sept. 7, 2011)(Class Action

Alleges eBay's Identity Verification Policy Violates the ADA); National Federationof Blind v. Target Corp., 582 F.Supp.2d 1185, N.D.Cal., 2007.

16


23/59

ESIGN and UETA An Analytical Model

Look to UETA Official Comments and Con ressional

Record at time of ESIGN adoption in House and Senate,for interpretive rules

en n erpre ng am guous prov s ons, as :interpretation serves purpose of statute and meets

common sense test What would I do with a paper document?

17


24/59

Analyzing Systems for Creating, Storing and RetrievingBinding Agreements A Provisional Checklist

A reement to Electronic Transaction Identify parties who must agree

Direct participants

Vendors and service providers

Indirect stakeholders

Establish manner of agreement

B2B onsumer spec a ru es or consen

Agreement to system rules

18


25/59


Execution Signature

Authority to sign

Evidence of intent

Intent to sign

Purpose of signature

Per document basis og ca y assoc a e w recor

Process

Attribution

19


26/59


Document Format and Deliver Compliance with existing formatting rules

Standards for document formats

Non-proprietary

Self-contained

Delivery methods

Mailing or hand delivery currently required a ng or an e very no curren y requ re

20


27/59


Record Inte rit : Tracking alterations or versions

Preventing alteration of executed documents

Associating records

Replacing records

Identifying authoritative copies

Encryption of executed documents to prevent undetected alteration se o as a gor ms an a e an me s amp ec no ogy

Record Management Controls: Control of access to databases

Recording and logging of changes Backup practices

Audit procedures

21


28/59


Document Access Access based on role in transaction

Access levels

Methods of access

Person responsible for providing and maintaining access

Principal

Custodian u con rac ors

Timeframe for access

Data Survivability/Migration

22


29/59

Controlling Risks with SPeRS (Standards and

Procedure for Electronic Records and Si natures

- of the road available to all parties seeking to take advantage of thepowers conferred by ESIGN and UETA;

Helps create the implementation guidance not present in ESIGN and

Initially published 2003; update coming in November 2011; Founded on the proposition that much of the time and effort being

invested b com anies re-inventin the wheel could be avoided ifcross-industry standards for these elements of electronictransactions could be established;

Focused on the behavioral and legal aspects of the interaction, .

intended to be technology neutral; Standards are not necessarily legal minimums, but implementing the

standards should enhance reliability and sufficiency.

23


30/59

The SPeRS Structure

SPeRS is divided into five sections: Authentication

Consent Agreements, notices and disclosures Record retention

Each section provides 5 to 10 high-level standards to guide systemsdesi ners in develo in rocesses that will meet the new le alrequirements.

Each Standard is supported by: Plain-English discussions of the underlying issues,

ec sts out n ng spec c strateg es an opt ons orimplementing the standards, Examples and illustrations, and

-

24

.


31/59

Industry Adoption

Mortgage(http://www.mersinc.org/MersProducts/index.aspx?mpid=19)

https://www.efanniemae.com/sf/guides/ssg/relatedsellinginfo/emtg/pdf/emtgguide.pdfhttp://www.freddiemac.com/singlefamily/elm/pdf/eMortgage_Guide.pdf

Student Lending(http://ifap.ed.gov/dpcletters/attachments/gen0106Arevised.pdf)

Variable Annuities (http://www.irionline.org/standards)

Electronic Chattel Pa er

(http://www.standardandpoors.com/prot/ratings/articles/en/us/?assetID=1245199808682)

Online Bankin

25

(http://www.ffiec.gov/pdf/authentication_guidance.pdf)

SPeRS (http://www.spers.org/spers/index.htm)


32/59

Questions?

. .

Buckley Kolar LLP1250 24th Street, NW

u eWashington, DC 20037

D: 202.349.8050: m an uc e o ar.com

F: 202.349.8080www.buckleykolar.com

26


33/59

Agenda

Delivering Disclosures, Agreements and Notices

E ectronic Signatures Attri ution, Aut ority an

Intent

n ro uc ng ec ron c ecor s n o v ence

2011 R. David Whitaker. All rights reserved. No copyright claimed on images licensed from others. No

part of this document may be reproduced or transmitted in any form, by any means (electronic,

00

, .

presentation is for purposes of education and discussion. It is intended to be informational only and does not

constitute legal advice regarding any specific situation, product or service.

D li i Di l A t d N ti


34/59


The Record Management Cycle

Generate Deliver Store Manage Destroy

Record

Life

Cycle

PropagateData

Track

RecordVersions

Extract &Index Data

Create

Audit Trails& Reports

Active

Data

Processes

Boilerplate Docs

Transaction-specific

Docs

Audit Trails

for Enrollment,

Screen Shots

& Process Flows

Primary

Record

Secure and Consistent Record Management

AccessQuality & Record Business

Key

a egor es

Search and

Secure Communication

Record Management Responsibi lity

on ro sControls

ys ems

Issues

Capabilities

1

Company Policies and Guidelines

Record Management Audit Trails & Reports


35/59


GLBA Information Security Guidelines

FFIEC Authentication Guidance

Identity Theft Red Flags Regulation and

Guidelines

FFIEC Information Security Booklet FFIEC E-Banking Booklet

FFIEC Supervision of TSPs Booklet

FFIEC Outsourcing Technology Services Booklet

FFIEC Development & Acquisition Booklet

2

FIL-44-2008, Managing Third Party Risk


36/59


Key Requirements

onsen s requ re aw o erw se requ res n o e vere

in writing ESIGN Consumer Consent Process

B-to-B Consent

UETA delivery provisions not preempted by ESIGN

Need Agreement (express or implied) on Delivery Method

Need to deal w ith bouncebacks in many cases

Popular Delivery Options

Dis la as art of an interactive session

Delivery in the body of an email or as an email attachment, or

Delivery of an email or other electronic notice that has a URL

embedded in it that the consumer ma activate to review the

3

information.


37/59


More Key Requirements

ec ron c recor s are no en orcea e aga ns a rec p en

the sender inhibits the recipients ability to print or retain acopy

Customer must be able to retain a copy for later reference

Electronic Records retained by sender must be accurate,

remain accessible for later reference

All formatting, timing and display requirements must be

observed. Timing includes:

Pro er se uence within transaction

Any time frames or deadlines for delivery

Length of time the information/ document remains accessible

4


38/59


ClearCall

to Action

Prompt for Retention/

Presented in Scroll Box, PDF or Behind

Offer Retention-Friendly Version

-

5

Get Consent Draw Attention Present Documenta n

Signature


39/59


DesignDelivery Design Choices Execution

Secure or Unsecure?

Push out in email/SMS, or send

ready notice and pull behind

Enrollment / consent process

Audit trails and reporting Transmittal message contents

Authentication rocess for access

Establish agreement on delivery

When deemed deliveredDelivery address

Obli ation to u date addressrewa

Embedded hyperlinks in ready

notice email?

Permit target to set delivery

to secure data (if applicable)

Record generation and posting to

delivery system

Message or notice

Obtain ESIGN Consent

Generate records

Send notice or attachments

Provide opportunity to retain

Permit target to designate multiple

recipients?

Forced review or bypassable?

Record retention/destruction process

Record generation/posting

Handle bouncebacks

Handle withdrawal of consent

Key Considerations- Will the records contain sensitive information?- Will the records contain required disclosures or notices?- Are multiple delivery methods possible/desirable?

Key Considerations

2 Factor Authentication required?

How will cross-system compatibility/communication

issues be addressed?

How much of design will be automated or manual?

Is system intended for use with targets without prior

Key Considerations Addressing electronic delivery channels

Agreement on what constitutes sending and

receipt (Note some state UETAs limit variation

by agreement)

6

- re ere p s ng or p arm ng ssues o a ress- Need to maintain control over display and audit trails?- Need to obtain ESIGN Consumer Consent?

e ec ron c re a ons p w sen er

Regulatory requirements for timing , delivery,

proximity, conspicuousness, forced review?

Agreement on obligation to update electronic

addresses

Managing bouncebacks and withdrawal of

consent

Electronic Signatures


40/59


Key Elements

Electronic Signature

Definition of signature -- Electronic

Key Elements

Signature means an electronic identifying

sound, symbol, or process a t tached to or

log ica l ly connectedwith an electronicrecord and execu ted or adop ted by a

person with p re sen t i n t e n t i o n to

The signature be a t t r i b u t a b l e to

the signer and associated w iththe records

au en ca e a recor .

This definition includes (for example):

Typed names,

A click-through on a software

programs dialog box combined w ith

to sign

The signing party must have the

i n t en t to affix a signature to the

recordsome other identification procedure,

Personal identification numbers,

Biometric measurements,

A digitized picture of a handwritten

signature,

ESIGN and UETA do n ot require

that:

The signature process itself

provide proof of identity

Use of SecureID or Defender

number generato rs, and

A complex, encrypted authentication

system.

Note that a click-through probably does

The signature process itself

protect the record from

alteration without detection

7

not satisfy the requirements for an

electronic signature under Article 9 of the

UCC.

l i i


41/59


Attribution basics

Legal sufficiency vs. attribution -

Attribution in the electronic world

In an electronic environment,

- UETA and ESIGNs signature

rules:

Answer the question is it a

signature?

attribution is often proven by

associating the signature with use

of a credential. A credential is a

method for establishing the

Do NOT answer the question

is it y o u r signature?

Attribution must be proven:

identity of the signer, and may

involve use of a password,

employment of a token (such as a

random number generator), Attribution may be proven by

any means, including

surrounding circumstances or

efficacy of agreed-upon

biometrics, or demonstration of

knowledge of a shared secret, or

some combination of the above (or

similar devices a roaches . Usesecurity procedure

The burden of proof is usually

on the person seeking to

of the credential gives the personreceiving the signed record a

reasonable basis to believe that the

8

intended signer.



42/59


AttributionCreating a Credential

A credential may be:

Assigned to the signer directly by

Notes on credentials

Note that the effectiveness of the credential for

attribution depends on the integrity and

reliabilit of the rocess for first creatin and

record, either in advance or at the

time of signing. Assigned to the signer indirectly,

through a hierarchical model, where

assigning the credential to the individual.

So, if it is easy to get a credential under falsepretenses, then the value of the credential for

attribution is diluted.

the intended recipient gave a root

or master credential to a person

who is then authorized to provide

derivative credentials to others

But, if the process for first issuing the

credential to the correct person is

demonstrably reliable, then the later use of

the credential will usually constitute stronge.g. ec p en g ves a mas er ser

ID and password for its Treasury

Services website to an executive at

Company X and the executive then

establishes passwords for other

ev ence o a r u on.

In more sophisticated applications the customer

may be given multiple credentials to permit two

or three-factor authentication, depending on the

risk level of the s ecific re uested transaction.

Company X employees).

Created spontaneously (often

through the use of biometrics or a

shared secret) at the time it is

So, for example, a banking customer may be ableto access general online banking services using

a User ID and Password, but then be required to

also provide a one-time password or PIN from a

9

needed for the signing. random-number generator before completing a

funds transfer during the online session.

El t i Si t


43/59


Common Strategies for Credential Creation/Distribution

Customer-initiated online/mobile

Validated used existing shared information, or

Self-asserted (usually just for initial contact/applications) Delivered

ay e pers s en or one- me , ran om num er genera or

Sent to known address (email or postal) or phone number (sms orvoice)

Ma be further validated on first use or each use Use of dedicated hyperlink contained in message to access platform

Confirmation using shared information

Self-assigned

esponse o nv a on

Use of dedicated hyperlink contained in message to access platform

Created on platform

Sometimes -- Confirmation using shared information

10

Assigned via heirarchical model (more later)

El t i Si t


44/59


ESIGN and UETA incorporate the existing commonlaw rule re uirin that the si nin art have theauthority to sign.

Individuals identity, age, capacity capacity isusuall taken for ranted with an erson over theage of 18, unless there are indications to thecontrary

Representatives identity, age, capacity, andaut orization to ta e t e contemp ate action onbehalf of the represented party. The authority toact is not automatic just because a person is an

. .employee). Authority must be either expressly orimplicitly conferred by the represented person.

11



45/59


Authorit for Re resentatives

Hail Mary

Very often used with small companies. It presumes that in a small company anyone taking action

w ith respect to bank services must have authority to do so because unauthorized activity is so

difficult to conceal. This involves a cost/ benefit risk analysis, since historically small business

employees have proven quite adept at using bank accounts and banking relationships to commit

fraud under the noses of their co-employees and owners.

In the most formal of situations, a certificate is required from the companys owners or controlling

body (Board of Directors, General Partners, Members, etc.) confirming the authori ty of a particular

Situational

Authority

. ,

incorporated into an opinion letter from outside counsel, creating a potential claim against outside

counsel in case of a later dispute.

Where authority is not formally established, it may alternatively be established by circumstance.

actual orapparent

authority

Job titles and/ or known supervision and review of the proposed agreement by senior management

may establish either actual or apparent authority to act.

In this model, the potential recipient of the signed records (e.g. the bank) assigns a master

TheHierarchical

Model

, ,

(e.g. the Senior Vice President for Treasury Management Services) whose authority to establish

the initial relationship is beyond question (either because of certification or situational

verification) . In turn, the recipients system of record permits the trusted company representative

to create lower-level credentials for other company employees. These credentials come wi th

assigned rights, wh ich may include the right to enter into additional agreements with the recipient.

12

,

recipients right to rely on the hierarchical model to establish the authority of the lower-level

employees to sign.



46/59

g

Intent to Sign

Elements of Intent

The signers intent is composed of two

Samples of Notices to Establish Intent

" "elements:

The intent to sign

The purpose of the signature The intent to sign may be established by the

surrounding circumstances. In an electronic

of this Agreement, you agree that

you have read and understand thisAgreement and that you w ill be

bound by and comply with all of its,

intent to sign is to advise the signer that the

action he or she is about to take (click through,

entrance of PIN, typing of name, etc.) w ill

constitute a signature.

Purpose of signature

terms

by typing your name in the

signature box on the account

signup page, you are signing and There are four basic purposes a signature

may serve with respect to a record:

1. I agree to it

2. It came from me

3. Ive seen it

agreeing to t e terms an

conditions of this Agreement

BY CLICKING ON THE SIGN NOW

BUTTON BELOW, YOU ARE SIGNING

.

Which of these purposes is applicable to aparticular signature may be established by

surrounding circumstances or may be

specifically stated as part of the signature

process. In many cases the signature

.

THE SIGN NOW BUTTON WI LLRESULT IN AN ENFORCEABLE

LEGAL CONTRACT, JUST AS IF Y OU

HAD SIGNED YOUR NAME TO AN

13

serves more than one of these purposes.

The signers intent must be established

separately in some manner for each signature

that is applied to the record.

AGREEMENT ON PAPER.



47/59


Three primary criteria

Boilerplate Document vs. Transaction-

Specific Document

Size of transaction or liability exposure

Extent to which transaction self-validates Physical presence at signing

Services are personal to signer (e.g. medical, legal)

Physical product being shipped

Product or service is customized to individual

14



48/59

g

Selecting a Process

Capture

Boilerplate

Click-ThroughPer Transaction

u ra

Preserve Process Flows

Preserve Template Document

15

Establish Identity Present Record Prompt Retentiona n

Click-through



49/59

Selecting a Process

Capture

Transaction-

Specific Signaturesu ra

AnticipateObsolescence

Generally, Retain A Copy of the

Dynamic Signed Record, Not

Document, Once Signed, Should Be Protected

Just a Flat File

ga ns n e ec e era on

16

Establish Identity Present Record Obtain Signature Prompt Retention

I t d i El t i R d i t E id


50/59

Introducing Electronic Records into Evidence --

The Federal Rules of Evidence and the Uniform Rules of

,

together, address the admissibility of electronic businessrecords:

The Business Record Rule, and

The Best Evidence Rule.

17

Introducing Electronic Records into Evidence


51/59


The Business Record rule permits the introduction into evidence of

business records of regularly conducted business activity. A businessrecord w ill be admissible:

I f it is a record, in any form, of acts, events, conditions, opin ions, ordiagnoses, made at or near the time by, or from informationtransmitted by, a person w ith know ledge, and if: T e recor is ept in t e course o a regu ar y con ucte

business activity, and I t was a regular practice of that business activity to make the

memorandum, report, record or data compilation, all as show nb the testimon of the custodian or other ualif ied w itness orby certification that complies w ith the Rules of Evidence,

Unless the source of information or the method or circumstances ofpreparation indicate the record is not trustworthy.

eop e v . u e n , . o o. pp.

18



52/59


Even though a record is admissible under the business records

exception to the hearsay rule, it must also satisfy the Best EvidenceRule.

The Best Evidence Rule, sometimes called the Original WritingRule, provides that in order to prove the content of a writing,recording, or photograph, the original w riting, recording, or

,or by Act of Congress.

An original is defined as: [T]he writing or recording itself or anycounterpart intended to have the same effect by a person executing

or issuing it. If data are stored in a computer or similar device,any pr n ou or o er ou pu rea a e y s g , s own o re ec edata accurately, is an original.

Peopl e v . McFar l an, 744 N.Y.S.2d 287, (N.Y. Sup. 2002)

19



53/59


The UETA and ESIGN extend the existing principles of the Best

Evidence rule, providing:

ny requ remen o preserve or pro uce an or g na recor ssatisfied by an electronic record of the information in the record to

be produced, so long as the electronic record: Accurately reflects the information in the record to be produced

,

Remains accessible for later reference.

Evidence of a record may not be excluded solely because it is inelectronic form.

20



54/59


Introduction into evidence w ill require proof of integrity

en ca on o or g na ransac on

Freedom from alteration

21



55/59


Courts evaluating the integrity of an electronic record

may be expected to focus on systemic protections --

division of labor

complexity of systems Encr tion of executed documents to revent

undetected alteration

activity logs

security of copies stored offsite to verify content

22

Some Additional Resources


56/59

Some Additional Resources

Standards and Procedures for electronic Records andSi natures available for urchase at www.s ers.or

FFIEC Information Technology Examination Handbook available at

http://ithandbook.ffiec.gov/ FFIEC Guidance On Electronic Financial Services And Consumer

Compliance available at www.ffiec.gov/PDF/EFS.pdf

FTC Guidance on Dot Com Disclosures available athttp://business.ftc.gov/documents/bus41-dot-com-disclosures-

information-about-online-advertisin FTC Staff Report on Improving Consumer Mortgage Disclosures

available at www.ftc.gov/opa/2007/06/mortgage.shtm

AIIM Recommended Practice Report on Electronic DocumentManagement Systems AIIM ARP1-2006 avai a e at

www.aiim.org/documents/standards/arp1-2006.pdf Lorraine v. Markel American Insurance Co., 241 F.R.D. 534 (D. Md.

Ma 4 2007 available at

23

http://www.mdd.uscourts.gov/Opinions/Opinions/Lorraine%20v.%20Markel%20-%20ESIADMISSIBILITY%20OPINION.pdf

UPCOMING CONFERENCE


57/59

Electronic Signature & RecordsAssociation Annual ConferenceNovember 9 & 10, 2011

Washington, DC

http://esignrecords.org/events/


QUESTIONS?


58/59



59/59
