As the business world transitions to the digital environment, many companies are seeking ways to expand the use of eSignatures for legal documents, contracts, and other records.
Different countries have provided laws to help with legal enforceability of eSign solutions in the past decade, however, only a couple of years has the electronic signature industry seen a trend towards wider adoption of the esign online electronic signature service solutions. Besides convenience, eSignatures that are correctly executed offer security as well as evidentiary elements that offer more advantages over the wet physical signatures on paper. That being said, organizations that implement eSign solutions encounter risks pertaining to authentication as well as non-repudiation of eSignatures. On top of that, there are also risks of retention of admissible records associated with the electronically executed transactions.
Organizations should be Careful
When assessing the implementation of eSignatures, especially in transactions considered being of high risk, organizations need to be very careful so that they manage the practical aspects and potential legal intricate related to eSignatures by ensuring they carefully assess and have a robust government program.
At the electronic signature technology becomes increasingly popular, business leaders, employees, and customers expect that they would be able to execute signatures on contracts or legal documents with the same convenience and assurance as has been with other IT technologies. Organizations are looking for solutions to allow individuals to sign documents electronically without needing the signatories to be physically present. The e signature service provider offers many benefits when it comes to convenience in addition to security and record-keeping. When assessing whether to implement eSignatures or not and in particular within the higher risks transactions, it is important that the organization look at the complexities inherent in terms of laws and the practicability of the eSignature solutions in those transactions.
The ability to immediately execute a contract or an agreement offer efficiency and convenience for the parties involves. eSignatures complement the present efforts by businesses to integrate and manage contracts in a centralized place, usually digital repositories. Forensic security controls in addition to eSignatures offer a quick and authoritative verification thus reducing the chances of frauds and challenges to authenticity.
Varying Levels of Risks with eSignatures
Different eSign solutions present different levels of risks related to enforceability and demonstration of authenticity. Under the U.S. law, and foreign law, different kinds of eSignatures can be considered enforceable including using eSignature services and typing a person’s name and initial or even an email address as well as a signature line and a scanned manuscript signature. It is important to assess which eSignature type is permitted under what contexts. So an effective eSigning program that looks at practical issues like adoption, authentication, admissibility, and non-repudiation should be implemented.
When looking at authentication, it usually involves validation of the identity of the individual signing a document. Organizations need to have a methodology put in place to help tie an eSign to a particular individual. To authenticate a document, an organization uses these parameters:
- Something you know like a password that is unique to a signatory
- Something you have like a one-time code that is sent by text message or even an email address to the signatory’s device like a mobile phone or computer
- Something you are like a fingerprint scan
In high-risk transactions, incorporating two or more of these factors or parameters are most preferable.
When it comes to adoption, it involves a person’s specific consent that an eSign works as an original signature and it requires the signer or signatory to accept agree to the online signature service and the eSignature used in the record or contract. Organizations can accomplish this by having a click-through agreement. They can also accomplish this by having a provision within the contract.
With non-repudiation, it involves ensuring the signatory anticipated agreeing to the terms of the record or contract when executing eSignatures. Typical non-repudiation protection, for example, requires that the signer or signatory manually applies the signature they adopted signature lines within a contract. This is done by clicking on designated or selected signature fields.
It involves the maintenance of a record or documentation and other electronic evidence pertaining to the authentication, non-repudiation process, and documentation so that it can be presented as evidence in court. Organizations can achieve admissibility of eSignatures by maintaining compliance documents on the immutability and accuracy of its record-keeping system.
Varying Legal Requirements of eSignatures
Depending on the transaction, you may find that the legal requirements for eSigns may vary substantially. Also, the applicable governing law may affect the legal requirements of the eSigns. There is a need to have an effective eSignature program that provides clear guidelines to clarify the effect of the choice of law as well as a choice of jurisdiction provision when governing contracts.
In the U.S., the state and federal law, as well as baseline eSignature laws, tend to be consistent. These laws provide for the entire enforceability of eSignature solutions. The Uniform Commercial Code broadly offers guidelines on the use of eSignatures when it comes to funds transfers, secured transactions, and letters of credit; however, there are additional specific technical control elements required for investment securities.
Other countries also have varying legal requirements for eSignatures and take a different approach whereby some impose additional technical requirements. The European Union General Data Protection Regulation, in particular, has requirements that may apply to eSign transactions within the EU individuals and entities. It requires eSignature solutions to ensure controls like data protection, restrictions on transfers done on cross-borders, and data subject rights.
It is likely for these practical and legal issues to overlap often forcing the need to have a technical discussion with the vendors or developers of eSignature solutions. An organization that implements eSignature solutions needs to take accounts of its business as well as operational needs. An eSignature governance program should be established to provide the scope of activities in which eSignatures could be allowed to be used including business lines, jurisdictions, and types of transactions. The program needs to define the permissible technology or methodology for eSigns in a specific transaction. It is important that the program established controls to manage and operate esign software themselves including procedures, audit protocols, policies, storage, and retention methods.