We have requested a sample e-signature policy or procedures from members of the IBA’s Compliance Division Advisory Committee. We have not yet heard back from any committee members but will let you know as soon as we do.
One committee member advised against adopting an e-signature policy — unless an examiner has asked your institution to adopt such a policy — reasoning that neither the federal E-SIGN Act nor the recently-enacted Illinois Uniform Electronic Transactions Act require banks to adopt an e-signature policy. Since policies can take up significant resources to draft, adopt, and update as appropriate, it may not be worth the effort to adopt an e-signature policy (again, outside of an examiner’s request).
Of course, it may be helpful to adopt and use a checklist or procedures when obtaining a consumer’s consent to receipt of electronic disclosures under the federal E-SIGN Act, as outlined in the E-SIGN Act provision copied below.
For resources related to our guidance, please see:
- Electronic Signatures in Global and National Commerce Act (E-SIGN Act), 15 USC 7001(c) (“(1) Consent to electronic records. Notwithstanding subsection (a), if a statute, regulation, or other rule of law requires that information relating to a transaction or transactions in or affecting interstate or foreign commerce be provided or made available to a consumer in writing, the use of an electronic record to provide or make available (whichever is required) such information satisfies the requirement that such information be in writing if—
(A) the consumer has affirmatively consented to such use and has not withdrawn such consent;
(B) the consumer, prior to consenting, is provided with a clear and conspicuous statement—
- (i) informing the consumer of
- (I) any right or option of the consumer to have the record provided or made available on paper or in nonelectronic form, and
- (II) the right of the consumer to withdraw the consent to have the record provided or made available in an electronic form and of any conditions, consequences (which may include termination of the parties’ relationship), or fees in the event of such withdrawal;
- (ii) informing the consumer of whether the consent applies
- (I) only to the particular transaction which gave rise to the obligation to provide the record, or
- (II) to identified categories of records that may be provided or made available during the course of the parties’ relationship;
- (iii) describing the procedures the consumer must use to withdraw consent as provided in clause (i) and to update information needed to contact the consumer electronically; and
- (iv) informing the consumer
- (I) how, after the consent, the consumer may, upon request, obtain a paper copy of an electronic record, and
- (II) whether any fee will be charged for such copy;
(C) the consumer—
- (i) prior to consenting, is provided with a statement of the hardware and software requirements for access to and retention of the electronic records; and
- (ii) consents electronically, or confirms his or her consent electronically, in a manner that reasonably demonstrates that the consumer can access information in the electronic form that will be used to provide the information that is the subject of the consent; and
(D) after the consent of a consumer in accordance with subparagraph (A), if a change in the hardware or software requirements needed to access or retain electronic records creates a material risk that the consumer will not be able to access or retain a subsequent electronic record that was the subject of the consent, the person providing the electronic record—
- (i) provides the consumer with a statement of (I) the revised hardware and software requirements for access to and retention of the electronic records, and (II) the right to withdraw consent without the imposition of any fees for such withdrawal and without the imposition of any condition or consequence that was not disclosed under subparagraph (B)(i); and
- (ii) again complies with subparagraph (C).”)