Changes in Hardware
Under E-SIGN, you must notify consumers if you have major
hardware or software changes that could affect how they receive required disclosures and notices electronically. If there
are major changes, you have to provide the consumer with a
notice, including:
■ ■ ■ The revised hardware and software requirements for access to
and retention of the electronic records; and
■ ■ ■ The consumer’s right to withdraw consent without the imposition of any fees for such withdrawal and without the imposition
of any condition or consequence that was not disclosed on the
prior E-SIGN statement (meaning—you must have retained
each version of that statement to check back to…and for your
examiners to review…)
After receiving the above notice, the consumer must again “
affirmatively consent” and you must “reasonably demonstrate” that each
can access the information with the new requirements BEFORE
you can proceed with sending any new notices or disclosures.
Developments and
Major Relevant Common Law
Case Law (“Common Law”)
While the case law around E-SIGN, and related state laws relate
mostly to the validity of an agreement or contract and not “compli-
ance” per se, it is still useful to know some significant cases which
apply as they do affect your institution’s ability to enforce a contract,
either with a customer, or with an employee. Also, some cases
speak to different methods of delivering content, which can help
you analyze how a court or regulator would view your process.
Agreements Properly Executed and Confirmed via
Audit Trail:
Controls plus evidence of workflow and an audit trail can prove
attribution and intent; they can win or lose a case.
In IO Moonwalkers, Inc. v. Banc of America, 814 S.E. 2d 583
(2018), the courts found that a merchant credit card service
customer had accepted their services agreement, executed via
an electronic signature, even where the customer had a sworn
affidavit that stated they had never reviewed or signed the agreements. Here, there was a work flow and audit trail that could
not be tampered with after the fact, which showed the specific
dates and times that someone with access to the customer’s designated email had accessed, reviewed, and signed the merchant
services agreement. This is important as it shows some kind of
identity authentication occurred. The court granted summary
judgment finding no reason to review the actual identity of the
signer (person who accessed the email). The workflow plus audit
trail was sufficient.
In an unpublished Alliant Credit Union v. Abrego, No. 76669-4-1
(Wash. Ct. App. Dec. 31, 2018)(unpublished) out of the Washington Court of Appeals, the defendant alleged forgery on an auto
loan agreement. Again, the workflow and audit trail created by
the e-signature system was dispositive in proving the defendant
properly signed the agreement and was therefore liable for the debt.
