Overview
The Electronic Signatures in Global and National Commerce Act, 15 U.S.C. § 7001, et seq., (E-Sign Act), signed into law June 30, 2000, provides a general rule of validity for electronic records and signatures for transactions in or affecting interstate or foreign commerce. The E-Sign Act allows the use of electronic records to satisfy any statute, regulation, or rule of law requiring that such information be provided in writing, if the consumer has affirmatively consented to such use and has not withdrawn such consent.
On November 9, 2007, the Federal Reserve Board (FRB) adopted Final Rules establishing uniform standards on the timing and delivery of electronic disclosures, as well as certain exceptions to the consumer consent requirement for providing certain types of disclosures in electronic form, for five consumer protection regulations:
- Regulation B, implementing the Equal Credit Opportunity Act;
- Regulation E, implementing the Electronic Fund Transfer Act;
- Regulation M, implementing the Consumer Leasing Act;
- Regulation Z, implementing the Truth in Lending Act; and
- NCUA 707, implementing the Truth in Savings Act for credit union members.
Rulemaking authority for these laws was transferred from the FRB to the Consumer Financial Protection Bureau (CFPB), effective July 21, 2011. CFPB issued new and revised consumer financial protection regulations, some of which provide rules and exceptions relating to applicability of the E-Sign Act and disclosures required to be given under the respective regulations.
The full text of the E-Sign Act can be found here.
Associated Risks
Compliance Risk can occur when the credit union fails to implement the necessary controls to comply with the E-Sign Act.
Reputation Risk can occur when the credit union incurs damaging publicity as a result of failure to comply with the E-Sign Act.
Examination Objectives
- Determine whether the credit union complies with the E-Sign Act when accepting electronic signatures and using electronic disclosures.
- Initiate effective corrective action when violations of law are identified or when policies or internal controls are deficient.
Examination Procedures
- Determine if and to what extent the credit union delivers consumer notices or disclosures in electronic format. Are the disclosures required by statute, regulation, or other rule of law to be in writing?
- Determine if the credit union has established procedures to ensure compliance with the provisions of this Act.
- Determine whether the electronic consumer notice or disclosure is subject to alternative notice or consent requirements under certain CFPB regulations, e.g. disclosures required by 12 CFR §§ 60, 1026.40, and 1026.16, which may be provided to the consumer in electronic form without regard to the consumer consent or other provisions of the E-Sign Act in the circumstances set forth in those sections. If so, determine whether the credit union complied with the specific regulatory requirements.
- Determine that the consumer, prior to consenting, is provided with a clear and conspicuous statement informing the consumer of any right or option to have the record provided or made available on paper or in non-electronic form, and the right to withdraw the consent, including any conditions, consequences, or fees in the event of such withdrawal. Verify that the statement contains the following:
- Informs the consumer whether the consent applies only to the particular transaction that triggered the disclosure or to identified categories of records that may be provided during the course of the parties’ relationship;
- Describes the procedures the consumer must use to withdraw consent and to update information needed to contact the consumer electronically; and
- Informs the consumer how the consumer may nonetheless request a paper copy of a record and whether any fee will be charged for that copy.
- Determine that the consumer, prior to consenting, is provided with a statement of the hardware and software requirements for access to and retention of electronic records.
- Determine that the consumer provides affirmative consent electronically, or confirms his or her consent electronically, in a manner that reasonably demonstrates the consumer can access information in the electronic form that will be used to provide the information that is the subject of the consent.
Note: Oral communications shall not qualify as an electronic record.
- If a change in the hardware or software requirements needed to access or retain electronic records creates a material risk that the consumer will not be able to access or retain subsequent electronic records subject to the consent, verify that the credit union provides the consumer with the following:
- Statement of the revised hardware and software requirements for access to and retention of electronic records;
- The right to withdraw consent without the imposition of any condition, consequence, or fee for such withdrawal; and
- A new notice and obtains a new affirmative consumer consent as previously outlined.
- Determine that the credit union maintains a single “authoritative” copy of any transferable record relating to a loan secured by real property. Such record must be “unique,” “identifiable,” and “unalterable.”
- Determine that the credit union maintains electronic records accurately reflecting the information contained in applicable contracts, notices, or disclosures and that they remain accessible to all persons who are legally entitled to access for the period required by law in a form that is capable of being accurately reproduced for later reference.
ELECTRONIC SIGNATURES IN GLOBAL AND NATIONAL COMMERCE ACT
(E-SIGN ACT)
CHECKLIST
General Coverage
Item | Description | YES | NO | N/A |
---|---|---|---|---|
1 | Does the credit union deliver consumer notices or disclosures in electronic format? | |||
2 | Are the disclosures required by statute, regulation, or other rule of law to be in writing? | |||
2(a) | If so, has the credit union established procedures to ensure compliance with the E-Sign Act? |
|
Notice of Right to Receive Paper Record, Withdraw Consent, Consequences
Item | Description | YES | NO | N/A |
---|---|---|---|---|
3 | Prior to giving his/her consent, is the consumer given a clear and conspicuous statement (notice) of his/her right or option to have the record in paper form? | |||
4 | Does the notice give the consumer the right to withdraw the consent and include any conditions, consequences, or fees? | |||
5 | Does the notice inform the consumer whether the consent applies only to the particular transaction that triggered the disclosure or to identified categories of records that may be provided during the course of the parties’ relationship? |
|
||
6 | Does the notice describe the procedures the consumer must use to withdraw consent and to update information needed to contact the consumer electronically? | |||
7 | Does the notice inform the consumer how the consumer may nonetheless request a paper copy of a record and whether any fee will be charged for that copy? |
Alternative Requirements Under Certain CFPB Regulations
Item | Description | YES | NO | N/A |
---|---|---|---|---|
8 | Is the electronic consumer notice or disclosure subject to alternative notice or consent requirements under certain CFPB regulations, e.g. disclosures required by § 1026.60, § 1026.40, and § 1026.16, which may be provided to the consumer in electronic form without regard to the consumer consent or other provisions of the E-Sign Act in the circumstances set forth in those sections? | |||
8(a) | If so, has the credit union complied with the specific regulatory requirements? |
Notice Regarding Hardware and Software Requirements and Consumer Access to Electronic Information
Item | Description | YES | NO | N/A |
---|---|---|---|---|
9 | Prior to giving his/her affirmative consent, is the consumer provided with a statement of the hardware and software requirements for access to and retention of electronic records? | |||
10 | Did the consumer provide his/her affirmative consent electronically, or confirm his/her consent electronically, in a manner that reasonably demonstrates the consumer can access information in the electronic form that was used to provide the information? |
Change in Hardware or Software Requirements
Item | Description | YES | NO | N/A |
---|---|---|---|---|
11 | If the credit union made a change in the hardware or software requirements needed to access or retain electronic records and that change created a material risk that the consumer would not be able to access or retain subsequent electronic records subject to the consent, did the credit union provide the consumer with the following notice? | N/A | N/A | N/A |
11(a) | statement of the revised hardware and software requirements for access to and retention of electronic records; | |||
11(b) | statement of the right to withdraw consent without the imposition of any condition, consequence, or fee for such withdrawal | |||
11(b)(i) | If so, did the credit union provide a new notice of rights to the consumer? | |||
11(b)(ii) | Did the consumer affirmatively consent to the new notice? |
Record Keeping
Item | Description | YES | NO | N/A |
---|---|---|---|---|
12 | Does the credit union maintain a single “authoritative” copy of any transferable record relating to a loan secured by real property, and is the copy “unique,” “identifiable,” and “unalterable?” | |||
13 | Does the credit union maintain electronic records accurately reflecting the information contained in applicable contracts, notices, or disclosures? |
|
||
14 | Do the credit union’s electronic records remain accessible to all persons who are legally entitled to access for the period required by law in a form that is capable of being accurately reproduced for later reference? |