E-Sign: Is Your Institution’s Process Compliant and Secure?
Declining are the days of loan documents being held up as they wait for a signatory to fax, mail or travel to an institution to pen a few signatures and sets of initials. A growing number of banking and financial service companies are digitizing the lending process by offering a solution to the cumbersome signing process – e-signatures. Electronic signatures were granted legal equivalence to traditional pen-to-paper signatures in 2000 when Congress enacted the Electronic Signatures in Global and National Commerce Act (E-Sign Act) to facilitate and encourage electronic commerce. Today, there are numerous vendors of e-signature software who host a document and distribute it to parties expected to sign.
Why Are Lenders Switching to E-Sign?
The steep growth rate of e-signature use is likely attributed to its convenience – parties can sign documents anytime, anywhere, and any issues with the document can be amended with a few clicks, rather than having to re-print and start over. In addition, lenders save money when they minimize the paper trail; the costs of paper, printing and mailing are eliminated, and a quicker, more automated process gives institutions the time and capacity to take on more loans.
Compliance Rules for E-Signatures
Currently, lenders can utilize e-signature technology for documents like loan applications, disclosure packets, letters of explanation and conditional approvals. However, for these documents to be considered valid, the e-signature process must meet compliance standards set forth in the E-Sign Act. 1. Intent to sign. Like traditional signatures, e-signatures are only valid if all parties intend to sign. 2. Consent to do business electronically. All parties must agree for the document to be signed in this manner. The E-Sign Act dictates that, before acquiring consent from a client, an institution must:
- Inform the client they have a right to paper copies of the document.
- Identify whether the consent applies only to a transaction or to ongoing transactions.
- Inform the client they have the right to withdraw from consent, of the consequences of withdrawing consent, and of any fees imposed in case of withdrawal.
- Provide the procedures for withdrawing consent and updating contact information.
- Obtain client consent electronically in a manner that reasonably demonstrates the client’s ability to access information electronically.
3. Association of signature with the record. The system used to capture the transaction must keep an associated record that reflects the process by which the signature was created or by creating a graphic or textual statement to be added to the signed record. 4. Record retention. Electronic signature records must be capable of retaining and accurately reproducing for reference by all parties permitted to retain the document. Keep in mind that, as with paper versions of these documents, there is a delivery timing requirement. Closing disclosures must be sent out at least 72 hours before the signing of a loan application to meet compliancy standards.
Choose a Trustworthy Vendor
With strict compliance regulations and an increase in cybersecurity attacks, it’s important to choose an e-sign vendor you can trust. Do your homework. Make sure your institution chooses a well-known vendor with the proper compliance and security protocols in place. This can help mitigate many of the risks involved in taking your institution’s signing process over the web. Since it’s ultimately your financial institution’s responsibility to keep all the documents and data safeguarded, its important that you understand the vendor’s data security and privacy procedures. Going the e-sign route can exposure your institution to more cybersecurity risks if not properly handled – from unnoticed contract changes, to fraudulent signatures and stolen information. Consider vendors that have reputable industry certifications, such as ISO 27001. It’s also a good practice to ask for their SOC report. This can give you a good inside look at the controls helping to protect your institution and its stakeholders. Make sure the vendor you choose has the right technology and procedures in place to streamline the process, while keeping you in compliance. Look for those with systems in place to alert team members when documents move through the process, verify identities before allowing signatures, keep documents secure and meet regulatory compliance requirements related to E-Sign Act, among other lending regulations. It’s also important to have a vendor that will communication hardware or software requirements, as they change, needed to access or retain electronic records. If your institution wants to explore the e-sign process or test its current compliance, contact one of Doeren Mayhew’s compliance specialists.