Application of ESign Act to Electronic Transactions with Customers
To the Chief Executive Officers of all Bank Holding Companies and the Chief Executive and Compliance Officers of all State Member Banks in the Second Federal Reserve District:
In June 2000, Congress passed the Electronic Signatures in Global and National Commerce Act (ESign Act). The ESign Act establishes the legal validity and enforceability of electronic signatures, contracts, and other records (including disclosures) in interstate and foreign commerce transactions. The Act became effective October 1, 2000. Some of the key provisions of section 101(c) of the ESign Act may affect the design of your current system, or your plans to introduce a system, through which to conduct electronic transactions with consumers.
The ESign Act does not mandate that institutions or consumers use or accept electronic records or signatures. It does, however, permit institutions to satisfy any requirement of federal law that information be provided to a consumer in writing by providing the information electronically after obtaining the consumer's affirmative consent. Before consent can be given, consumers must be provided with information regarding:
- any right of the consumer to receive a disclosure in paper form;
- the right of the consumer to withdraw consent to have records provided electronically and the consequences of doing so. The institution must describe the procedures for withdrawing consent and for updating information needed to contact the consumer electronically;
- how the consumer may obtain a paper copy upon request;
- the scope of the consumer's consent (for example, whether it applies only to a particular transaction, or to categories of records that may be provided during the course of the parties' relationship); and
- the hardware and software requirements for access to and retention of the electronic information.
The consumer must consent electronically or affirm consent in a manner that "reasonably demonstrates that the consumer can access information in the electronic form that will be used to provide the information that is the subject of the consent." If an institution implements changes to hardware or software requirements that may prevent the consumer from obtaining access to or retaining electronic information, the consumer must be notified of the new requirements and allowed to withdraw consent without charge.
The ESign Act grandfathers existing agreements between a consumer and an institution to deliver information electronically. On or after October 1, however, institutions have been required to comply with the ESign Act when entering into new agreements with consumers for delivery of information electronically. The Board's interim rules under Regulations DD and E do not apply to agreements between a consumer and institution regarding electronic delivery of information on or after October 1, 2000.
To ensure compliance with the consent provisions of the ESign Act regarding the providing of records electronically on or after October 1, institutions should update any existing products or systems that include the delivery of information electronically. For example, if your bank currently allows consumers to agree to electronic delivery of information (such as periodic statements for a checking account), the account agreement should be reviewed and changed to incorporate the consent notice and to obtain appropriate electronic consent from consumers on new accounts. Beginning October 1, any conversion for an existing customer from paper to electronic statements, or any agreement with a new customer to supply electronic statements, must comply with the new requirements. If a customer has, before October 1, agreed to receive electronic statements in compliance with the interim rules under Regulations DD and E, your bank may continue to send electronic statements to that customer.
The ESign Act contains additional provisions regarding the retention of contracts and records, specific exceptions, definitions, and transferable records. We would encourage you and your management team to review the products your institution delivers through electronic means and the systems that support them, to ensure compliance with the ESign Act.