The E-SIGN Act, or Electronic Signatures in Global and National Commerce Act, establishes that electronic signatures, contracts and records are valid or enforceable if they meet certain criteria. The act is applying to an increasing number of Ninth District banks as they expand the product lines and services they offer electronically. As a result, examiners continue to identify violations involving electronic delivery of disclosures during consumer compliance examinations. We also receive questions from banks regarding compliance with the E-SIGN Act provisions. In this update, we summarize key aspects of compliance with the E-SIGN Act with the goal of assisting banks in their efforts to comply with the act.
When must a bank follow the consent requirements of the E-SIGN Act?
Banks’ reliance on the electronic version of a disclosure related to a loan, deposit account or banking service triggers the requirements of the E-SIGN Act. Put simply, banks must ensure that they meet requirements of the E-SIGN Act as they eliminate paper disclosures.
What does the E-SIGN Act require?
The E-SIGN Act does not alter or limit any existing disclosure requirements or require any person to agree to use or accept electronic records or signatures. Consumers must consent to receiving disclosures electronically. The bank must do the following for customers prior to obtaining their consent:
- Indicate whether customers have a right or option to receive information on paper.
- Identify whether the consent relates to a particular transaction (e.g., account opening discolures) or to ongoing disclosures over the course of the relationship (e.g., monthly statements and change-in-terms notices).
- Explain that the consumer has the right to withdraw consent and provide the procedures to withdraw consent as well as the consequences of withdrawing consent, such as fees, termination of the relationship, loss of preferred pricing or having to switch account types.
- Describe the procedures for updating the consumer’s contact information.
- Outline the hardware and software requirements for accessing and retaining records.
- Explain how to obtain paper disclosures after consent has been given and describe any associated fees.
Consumers must also consent electronically, or electronically confirm consent, in a manner that reasonably demonstrates their ability to receive or access the information electronically. Having consumers retrieve a code contained within in a document sent to them is one way to demonstrate accessing of information.
What are the risks of the delivering information or disclosures electronically?
A disclosure delivered in an electronic format will not meet the requirement to provide disclosures in writing under a given regulation (e.g., Regulation Z or DD) unless it meets E-SIGN requirements specifically provided by the relevant regulation.
What are examples of best practices to comply with the E-SIGN Act?
E-SIGN violations most frequently result from changes to banks’ electronic products, services and delivery. How can banks avoid such errors?
- Involve compliance personnel when relying on electronic delivery of products and services.
- Establish a regular audit or review that independently identifies bank products and services (e.g., deposit accounts), activities and information consumers can access electronically.
- Focus on how changes in vendors or other third parties affect E-SIGN compliance. Vendors often assist banks in complying with the act.
What are some resources regarding the E-SIGN Act?
- Consumer Affairs Electronic Banking Examination Checklist
CA 03-10 includes a Consumer Affairs Electronic Banking Examination Checklist. The checklist is an optional tool to use in reviewing the websites and other electronic delivery channels of state member banks. Module IV of the checklist contains the requirements of the E-SIGN Act.