E-Sign Act Refresher

It was nice getting to meet some of our Regulatory Compliance School and Recertification Track attendees in person last week! During school, I presented on the Electronic Signatures in Global and National Commerce Act (E-Sign Act), so I thought it’d be fitting to write a refresher blog on the topic.  

First, unlike some other Acts that we’re used to working with in compliance, the E-Sign Act does not have an implementing regulation. For example, the Truth in Lending Act is implemented by Regulation Z. However, the E-Sign Act lacks such an implementing regulation, so we must look to the plain language of the Act itself, as well as any guidance that may exist, such as within different regulations.  

Often, credit unions will need to follow E-Sign Act requirements in order to provide electronic disclosures; however, that is not always the case. For example, section 707.3(a) of the Truth in Savings regulation notes that “[c]redit unions may provide the disclosures required by this part to a member or potential member in electronic form, subject to compliance with the consent and other applicable provisions of the Electronic Signatures in Global and National Commerce Act (E-Sign Act), 15 U.S.C. 7001, et seq.” However, “[c]redit unions may provide the disclosures required by §§ 707.4(a)(2) and 707.8 to a member or potential member in electronic form without regard to the consent or other provisions of the E-Sign Act in the circumstances set forth in those sections.”

Similarly, section 1002.4(d)(2) of Regulation B notes that “[t]he disclosures required by this part that are required to be given in writing may be provided to the applicant in electronic form, subject to compliance with the consumer consent and other applicable provisions of the Electronic Signatures in Global and National Commerce Act (E-Sign Act) (15 U.S.C. 7001 et seq.). Where the disclosures under §§ 1002.5(b)(1), 1002.5(b)(2), 1002.5(d)(1), 1002.5(d)(2), 1002.13, and 1002.14(a)(2) accompany an application accessed by the applicant in electronic form, these disclosures may be provided to the applicant in electronic form on or with the application form, without regard to the consumer consent or other provisions of the E-Sign Act.”

So, it’s important to look within other regulations to see if the E-Sign Act is addressed and whether certain disclosures can be sent electronically. If so, do the requirements of the E-Sign Act need to be met? 

Specifically, the E-Sign Act’s consent requirements only apply to records that must be in writing (i.e., required to be sent by “a statute, regulation, or other rule of law”). That means for documents and disclosures that are not required by federal law, such as a Welcome Letter (with no required disclosures included), E-Sign Act compliance is not required.  

Per the E-Sign Act, credit unions will need to get a member’s affirmative consent before providing the required disclosures in electronic form. It requires an “opt-in” system rather than an “opt-out” system. As such, credit unions are not able to automatically place every member on electronic disclosures and then process opt-outs for those members who wish to receive paper disclosures.  While credit unions cannot require members to opt-in to receive electronic disclosures, they can offer incentives, such as bonuses, waived fees, higher yields or lower rates, to encourage members to opt-in. 

So, what information do you have to provide to members before obtaining their consent? Credit unions must do the following in a “clear and conspicuous statement”: 

•    inform the member of their right to receive a paper copy; 
•    let them know how they can obtain a paper copy and whether any fee will be charged for such copy; 
•    advise the member they have the right to withdraw their consent (as well as any consequences or fees for doing so); 
•    advise the member how they can withdraw their consent; 
•    let the member know how they can update their electronic contact information (such as an email address); 
•    inform the member of the scope of the consent, which can be broad or narrow.  The E-Sign Act specifically requires “informing the consumer of whether the consent applies (I) only to the particular transaction which gave rise to the obligation to provide the record, or (II) to identified categories of records that may be provided or made available during the course of the parties’ relationship”; and 
•    advise the member as to the required hardware and software that is needed in order to access and retain the electronic records. 

Once the above information has been provided, credit unions then need to have the member consent electronically or confirm their consent electronically. This step is important because the member’s consent or confirmation has to be done in “a manner that reasonably demonstrates” that they can access the electronic record(s). This means that signing a paper at the credit union branch won’t cut it. The member has to electronically consent using their own equipment (for example, they can’t electronically consent using a credit union staff member’s computer). How your credit union goes about obtaining electronic consent will be a business decision for the credit union. For example, some credit unions may use “sample statements” where members need to open and retrieve a code or dollar amount to enter before completing E-Sign consent. Credit unions may want to develop and implement a process to capture consent (i.e., maintain records of consent) for examination, audit or other regulatory compliance purposes.  

Please note, if the credit union’s hardware or software requirements change, and the change creates a material risk the member may not be able to access and retain the electronic disclosures moving forward, the credit union will again have to (i) advise the member of their right to withdraw consent (“without the imposition of any fees for such withdrawal and without the imposition of any condition or consequence that was not disclosed [previously]”); (ii) advise them of the revised hardware and software requirements; and (iii) then obtain their electronic consent once again.  As to whether a certain change creates such a “material risk”, will be a business decision for the credit union to make.   

Lastly, to further dig into E-Sign requirements, the NCUA has a resource regarding E-Sign consent which may be helpful: Electronic Signatures in Global and National Commerce Act (E-Sign Act) | NCUA 
 

Tags
Operations
Federal Regulatory Compliance Counsel
America's Credit Unions