I. INTRODUCTION
Although some verbal or implied contracts may be enforced, much of contract law requires a “writing” in order to establish a legally binding contract between two or more parties. As business transactions are conducted by electronic means, questions arise regarding the application of existing substantive laws to electronic transactions. In response to these questions, both state and federal legislation has been enacted that is designed to support and validate transactions conducted by electronic means, without disrupting existing substantive laws.
In 1999, the Nebraska Legislature adopted LB 929, which, in part, contains the provisions of the Uniform Electronic Transactions Act (UETA), effective July 13, 2000. The U.S. Congress enacted S. 761, the Electronic Signatures in Global and National Commerce Act (E-SIGN). Most provisions of federal law of interest to the banking industry took effect on October 1, 2000.
This article reviews the major provisions of UETA and E-SIGN, including the interplay and contrasts between the state and federal provisions of law.
II. UNIFORM ELECTRONIC TRANSACTIONS ACT (UETA)
UETA authorizes the use of electronic records and electronic signatures in any transaction, except those subject to the Uniform Commercial Code (UCC) or to laws governing the creation and execution of wills, codicils or testamentary trusts. UETA does not apply to all writings and signatures, but only to electronic records and signatures relating to “transactions” (defined in the Act as limited to business, commercial and governmental affairs). UETA provides a solid legal framework to allow for the continued development of innovative technology to facilitate electronic transactions.
A. Definitions
UETA has definitions necessary to understand its scope and application, including:
1. Agreement
The bargain of the parties in fact, as found in their language or inferred from other circumstances and from rules, regulations and procedures given the effect of agreements under laws otherwise applicable to a particular transaction.
2. Automated Transaction
A transaction conducted or performed, in whole or in part, by electronic means or electronic records, in which the acts or records of one or both parties are not reviewed by an individual in the ordinary course in forming a contract, performing under an existing contract or fulfilling an obligation required by the transaction.
3. Computer Program
A set of statements or instructions to be used directly or indirectly in an information processing system in order to bring about a certain result.
4. Contract
The total legal obligation resulting from the parties’ agreement as affected by the act and other applicable law.
5. Electronic
Relating to technology having electrical, digital, magnetic, wireless, optical, electromagnetic or similar capabilities.
6. Electronic Agent
A computer program or an electronic or other automated means used independently to initiate an action or respond to electronic records or performances in whole or in part, without review or action by an individual.
7. Electronic Record
A record created, generated, sent, communicated, received or stored by electronic means.
8. Electronic Signature
An electronic sound, symbol or process attached to or logically associated with a record and executed or adopted by a person with the intent to sign the record.
9. Information
Data, text, images, sounds, codes, computer programs, software, databases or the like.
10. Information Processing System
An electronic system for creating, generating, sending, receiving, storing, displaying or processing information.
11. Record
Information that is inscribed on a tangible medium or that is stored in an electronic or other medium and is retrievable in perceivable form.
12. Security Procedure
A procedure employed for the purpose of verifying that an electronic signature, record or performance is that of a specific person or for detecting changes or errors in the information in an electronic record. The term includes a procedure that requires the use of algorithms or other codes, identifying words or numbers, encryption or callback or other acknowledgment procedures.
13. Transaction
An action or set of actions occurring between two or more persons relating to the conduct of business, commercial or governmental affairs.
UETA addresses procedural issues only and defers to substantive law in establishing the legal effectiveness of any electronic signature or record. UETA does not require anyone to transact business electronically, but does provide that some form of acquiescence or intent on the part of a person to conduct transactions electronically is necessary before the Act can be invoked. Accordingly, § 5 only applies between parties that have agreed to conduct transactions electronically. The existence of an “agreement” is to be determined from the context and surrounding circumstances of the transaction, including the conduct of the parties. Section 5 also provides that a party who has agreed to conduct a transaction electronically has the right to refuse to conduct other transactions electronically, a right that cannot be waived by agreement.
B. Attribution of Signatures
Unless otherwise agreed, § 9 provides that an electronic record or electronic signature is “attributable” to a person if it is “an act of that person.” The act of a person may be shown in any manner, including a showing of the efficacy of any security procedure applied to determine the person to whom the electronic record or electronic signature was attributable. The effect of an electronic record or electronic signature attributed to a person is determined from the context and surrounding circumstances at the time of its creation, execution, or adoption, including the parties’ agreement, if any, and otherwise as provided by law.
C. Notarization
Section 11 provides that if a law requires a signature or record to be notarized, acknowledged, verified, or made under oath, the requirement may be satisfied if the electronic signature of the person authorized to perform these acts, together with all other information required to be included by other applicable law, is attached to or logically associated with the signature or record. While a person “executing” an electronic signature would still have to appear before a notary and acknowledge their signature, in the case of a notarized instrument, these provisions effectively permit the notary to also sign the instrument electronically.
D. Records Retention
If a law requires that a record be retained, the requirement is satisfied by retaining an electronic record of the information in the record that: (1) accurately reflects the information set forth in the record after it was first generated in its final form as an electronic record or otherwise; and (2) remains accessible for later reference.
Section 12 allows parties to convert paper records to electronic records for retention purposes and provides, in particular, that the requirements of a check retention law are satisfied if the information on the front and back of the check is retained in electronic form – a provision of significant benefit to financial institutions. Any party converting paper records to electronic form must be able to prove, in the event of a dispute, that the information on the record was accurately transferred. The party must be able to retrieve and read the information on the record for as long as it is required to retain the record.
E. Changes or Errors
Section 10 provides rules for situations involving a change or error in an electronic record that occurs in a transmission between parties to a transaction. These rules are:
1. When the parties have agreed to use a security procedure to detect changes or errors and one party has conformed to the procedure but the other party has not, if the non-conforming party would have detected the change or error had he or she also conformed to the security procedure, the conforming party may avoid the effect of the changed or erroneous electronic record; and
2. In an automated transaction involving an individual and an electronic agent of another person, the individual can avoid the effect of an error or change in a transaction with the electronic agent if each of the following conditions is met:
a. The electronic agent did not provide an opportunity for the prevention or correction of the error;
b. At the time the individual learns of the error, he or she promptly notifies the electronic agent of the error and indicates that he or she did not intend to be bound by the electronic record containing the error; and
c. The individual takes reasonable steps, including steps that conform to the other person’s reasonable instructions, to return to the other person or, if instructed, to destroy any consideration received, if any, as a result of the error.
F. Disclosures
UETA also addresses situations in which the disclosure of information is required. Many laws require certain information or disclosures to be provided by one party to the other “in writing” at, or prior to, the time that the parties engage in a transaction. The information or disclosures may be required by law to be communicated using a particular method, such as delivery by the United States mail.
Section 8 permits such information or disclosures to be provided electronically if: (a) it is provided in a transaction in which the parties have agreed to conduct by electronic means; and (b) the person receiving the information or disclosures is capable of retaining the information contained therein. In addition, as long as the recipient receives the disclosure in the manner intended by law, it will not be deemed to be ineffective simply because it is not provided on paper. E.g., if a disclosure is required to be sent by United States mail and must contain specific language or particular print type, the applicable laws may be satisfied by sending the disclosures on a disk which contains the required information in a manner which satisfies the requirements relating to print type.
G. Transferable Record
UETA recognizes that certain benefits, such as cost and space savings, may accrue if promissory notes and documents of title can be created, stored and transferred electronically. Section 16 permits such activities, provided that appropriate security measures are in place. A “transferable record” under § 16 must contain all of the elements of a promissory note under UCC Article 3 UCC or a document of title under UCC Article 7. It must also include an express agreement by the issuer of the promissory note or document of title that it is to be a “transferable record.”
The person “controlling” the transferable record is to be treated as a “holder in due course”, a holder to whom the transferable record has been negotiated or a purchaser of the transferable record, as the case may be. “Control” is deemed to exist if a system employed for evidencing the transfer of interests in the transferable record reliably establishes a person as the one to whom the transferable record was issued or transferred. UETA provides a “safe-harbor” in determining “control” as it relates to a “transferable record,” by providing that: (1) only one authoritative copy of the transferable record may exist and that copy must be unique and identifiable; (2) the authoritative copy must identify the person asserting control as the person to whom the transferable record was issued or must indicate that a transfer has occurred and name the most recent transferee; (3) the authoritative copy must be communicated to and maintained by the person asserting control or his or her designated custodian; (4) copies of the authoritative copy can only be made with the consent of the person asserting control and must be readily identifiable as such; and (5) revisions of the authoritative copy which add or change an identified assignee may only be made with the consent of the person asserting control and must be readily identifiable as authorized or unauthorized.
Any person against whom enforcement of a “transferable record” is sought may request reasonable proof of control. Such proof may include access to the authoritative copy of the transferable record and related business records sufficient to review the terms of the transferable record to establish the identity of the person having control of the transferable record.
H. Sending and Receiving Electronic Records
Section 15 provides the baseline rules for when an electronic record is sent or received, when the parties to the transaction have not otherwise agreed on what constitutes the sending and receipt of electronic records. Section 15 provides that an electronic record is deemed to be sent when it: (1) is addressed properly or otherwise directed properly to an information processing system that the recipient has designated or uses for the purpose of receiving electronic records or information of the type sent and from which the recipient is able to retrieve the electronic record; (2) is in a form capable of being processed by that system; and (3) enters an information processing system outside the control of the sender or of a person that sent the electronic record on behalf of the sender or enters a region of the information processing system designated or used by the recipient which is under the control of the recipient.
An electronic record is deemed to be received when: (1) it enters an information processing system that the recipient has designated or uses for the purpose of receiving electronic records or information of the type sent and from which the recipient is able to retrieve the electronic record; and (2) is in a form capable of being processed by that system.
III. FEDERAL “ELECTRONIC SIGNATURE IN GLOBAL AND NATIONAL COMMERCE ACT” (E-SIGN)
E-SIGN represents legislation aimed at allowing consumers and businesses to conduct transactions electronically with greater confidence. It provides a uniform national standard for validating many electronic signatures, records and contracts. E-SIGN will generally make the electronic version of such items as enforceable as the manually-signed or paper-based ones.
A. Electronic Signatures – General Rule of Validity
E-SIGN does not require the use of digital signatures but addresses the validity of electronic signatures. Furthermore, E-SIGN does not require the use of “digital signatures” but does define and use the term electronicsignature (“an electronic sound, symbol, or process”). Generally, a signature, contract or other records (relating to a transaction in or affecting interstate or foreign commerce) may not be denied legal effect, validity or enforceability solely because it is in electronic form. A second general provision is that a contract relating to such a transaction may not be denied legal effect, validity or enforceability solely because an e-signature or e-record was used in its formation. These provisions serve to place electronic and physical signatures on the same legal footing for purposes of contract law.
B. Preservation of Rights and Obligations
E-SIGN does not affect any requirement imposed by a statute, regulation or rule of law relating to the rights and obligations of persons thereunder other than a requirement that contracts or records be written, signed or in non-electronic form. No party is required to agree to use or accept e-records or e-signatures, except for a governmental agency with respect to a record associated with transactions other than a contract to which it is a party.
C. Consumer Disclosures
E-SIGN facilitates the process of giving electronic disclosures if the consumer has been given a specific statement of rights, information, procedures and requirements and consents to receive electronic disclosures. If information is required to be provided to or made available to a consumer in writing, the use of an e-record to provide or make available (whichever is required) such information satisfies the writing requirement if: (a) the consumer has affirmatively consented to such use and has not withdrawn such consent; (b) the consumer (prior to consenting) is provided with a clear and conspicuous statement of specified rights, information, procedures and requirements, including: (i) any right to withdraw consent and receive paper or other non-electronic disclosures; (ii) any consequences that would arise as a result of such a withdrawal, such as “termination of the parties’ relationship” or additional fees; (iii) the scope of the consent; (iv) the procedures to withdraw consent and to update contact information; and (v) how to obtain paper copies of the disclosures and any fees for such requests (to avoid litigation, E-SIGN provides that a consumer contract may not be denied legal validity or enforceability solely as a result of a failure to obtain the electronic consent or confirmation of such consent from the consumer); (c) the consumer consents electronically, or confirms his or her consent electronically, in a manner that reasonably demonstrates that the consumer can access information in the electronic form that will be used to provide the information that is the subject of the consent; and (d) after the consumer’s consent, if a change in hardware or software requirements creates a material risk that the consumer will not be able to access or retain a subsequent e-record, the provider of the e-record: (i) provides the consumer with a statement of the revised hardware and software requirements and specified other rights; and (ii) complies once again with requirements relating to consent.
1. OCC Advisory Letter regarding Electronic Consumer Disclosure
On October 1, 2004, the Office of Comptroller of the Currency (OCC) issued an Advisory Letter (AL-2004-11) regarding “Electronic Consumer Disclosures and Notices.” Since many national banks have replaced paper-based consumer notices or disclosures with electronic disclosures, the OCC warns that the failure to provide such electronic disclosures in a proper manner can expose the bank to significant compliance, transaction and reputation risk and the advisory is meant to emphasize issues to be considered by national banks providing electronic consumer disclosures. Although the E-SIGN Act” allows disclosures to be made or delivered electronically, notwithstanding any other law that might require a written disclosure, the consumer must consent to such disclosures in accordance with the requirements of the act however, these consumer consent requirements apply only if a “statute, regulation, or other rule . . . requires that information relating to a transaction . . . be provided or made available to a consumer in writing.”
2. Federal Reserve Board Interim Rules
The Federal Reserve Board (FRB) published interim rules in 2001 regarding electronic disclosures for the purpose of complying with specific federal consumer protection regulations (See, Uniform Standards for the Electronic Delivery of Disclosures” regarding Regulations M (Consumer Leasing), Z (Truth in Lending), B (Equal Credit Opportunity), E (Electronic Fund Transfers) and DD (Truth in Savings)). The rules required banks that electronically deliver disclosures required by these regulations and “related to a transaction” must obtain a consumer’s affirmative consent in compliance with the E-SIGN Act. The rules established uniform standards for the electronic delivery of disclosures required by these consumer protection regulations, including guidance on the timing and delivery of electronic disclosures.
The FRB also required that disclosures provided by e-mail be sent to an electronic address designated by the consumer and that institution make a good-faith attempt to redeliver electronic disclosures that are returned undelivered. When disclosures are made by posting on an internet website, they must be accompanied by a notice to consumers alerting them to the availability of the disclosures and remain available for at least 90 days to allow consumers adequate time to access and retain information. Finally, the FRB required electronic disclosures to be made in a manner that will assure compliance with the timing requirements provided by the individual regulations, also noting that the E-SIGN Act does not change the timing or content of disclosures, including any requirement that the disclosures be clear, conspicuous and readily understandable.
Later in 2001, the FRB state that it would not mandate compliance with the delivery requirements of the interim rules because it was considering adjustments to the rules to provide additional flexibility, but did indicate that institutions could continue to provide electronic disclosures as long as the procedures comply with the E-SIGN Act. Until the FRB promulgates final rules, the OCC’s AL-2004-11 position is that national banks may provide electronic disclosures under federal consumer protection rules using either their own policies and practices or the FRB’s interim rules, so long as the disclosures are made in compliance with the E-SIGN Act.
3. Electronic Disclosures by National Banks
Before a national bank makes consumer disclosures available by electronic means, OCC AL-2004-11 advises that the bank must determine whether the E-SIGN Act’s consumer consent provisions apply to such disclosures. The consent provisions are only applicable when a law, rule or regulation requires that disclosures be provided “in writing”. If a federal disclosure law allows an option for disclosures to be made either “in writing” or in electronic form, the E-SIGN Act consent provisions are not applicable. Some laws or regulations may contain implied writing requirements or may require a particular mode of delivery for a notice or disclosure (e.g., “by mail” or “by newspaper publication”), thus making uncertain the legal status of these “mode of delivery” requirements under the E-SIGN Act. Until this uncertainty is clarified, the OCC warns that banks may want to continue to use the specified non-electronic modes of delivery to be certain that they are in compliance with such requirements. Also, clarification is necessary to determine which federally mandated disclosures do not relate to a transaction (and therefore, are not covered by the E-SIGN consent laws), even though a written disclosure is required (e.g., the FRB’s interim rules indicated that certain application, solicitation and advertising disclosures may not be subject to consent requirements because they may not “relate to a transaction”).
To obtain effective consumer consent to electronic disclosures under the E-SIGN Act, OCC AL-2004-11 alerts national banks to the following issues:
Even when a bank gives electronic disclosures determined not to be subject to the consumer consent provisions under the E-SIGN Act (where terms or phrases in laws or regulations are format-neutral and do not expressly or implicitly require a “writing,” e.g., “provide notice” or “make available”), the bank may opt to provide such a consumer with an effective prior notice that the bank will be electronically delivering important notices, statements or disclosures to them and will inform the consumer about the technology needed to receive and retain such disclosures. Disclosures of any special bank fees or charges imposed if a consumer requests a paper copy of an electronic document and whether (and how)a consumer can withdraw consent to electronic disclosures and, if so, what consequences follow, should also be made.
4. General Electronic Disclosures Issues
OCC AL-2004-11 encourages national banks to consider the following issues when designing and implementing electronic consumer disclosures, regardless of whether the E-SIGN Act applies:
In addition, national banks should be sure that electronic disclosures comply with timing, format, content and recordkeeping requirements of applicable regulations.
A bank’s technology that provides consumer electronic disclosures should:Reliably deliver consumer disclosures;
For example, a bank that wants to provide disclosures via e-mail should consider the insecure nature of most e-mail and whether such method would comply with the bank’s duty to maintain the security of sensitive customer information (See, Interagency Guidelines Establishing Information Security Standards, 12 C.F.R. 30, Appendix B). Since many consumers are now using software that filters incoming e-mail (e.g., spam filters), the bank should take into account how such software could affect a consumer’s ability to reliably receive e-mail disclosures.
Another example would be the bank’s desire to use “pop-up” mobile code technology (a “pop-up” is a screen generated by mobile code, e.g. Java or Active X, when the customer clicks on a particular hyperlink and mobile code is used to send small programs to the user’s browser) to deliver notices and disclosures. Use of this technology could create problems in that many consumers use a browser configuration or install software that may block disclosures delivered through mobile codes. Such “pop-up” disclosure delivery may also be difficult for consumers to retain.
Finally, OCC AL-2004-11 suggests that customers should be informed of potential “phishing” attacks and other related on-line fraud activities in an effort to assist customers from being victims of illegal activities, including educational material to assist in identifying potential risks associated with identity theft or descriptions of frequently used fraudulent schemes (See, OCC Bulletin 2004-42 regarding the FFIEC Customer Brochure: Protecting Customers' Personal Financial Information).
5. Conclusion
Although OCC Advisory Letter (AL-2004-11) regarding “Electronic Consumer Disclosures and Notices” is only addressed to national banks, all financial institutions should find the advice, recommendations and warnings contained therein, to be useful when considering whether and how to provide electronic consumer disclosures to customers.
D. Record Retention
If a contract or other record is required to be retained, the requirement is met by retaining an e-record of the information that: (a) accurately reflects the information contained in the contract or record; and (b) remains accessible to all persons who are entitled to access. Check retention statutory requirements are satisfied by e-retention, if the e-record of the check includes all of the information on the front and back of the check.
E. Accuracy and Ability to Retain Contracts and Other Records
E-SIGN does not protect records or transactions if the e-record is not in a form capable of being readily accessed and accurately reproduced for reference by all persons who are entitled to retain the e-contract or e-record.
F. Specific Exclusions
E-SIGN does not apply to contracts or other records to the extent they are governed by: (a) the UCC, other than §§ 1-107 (waivers after breach) and 1-206 (statute of frauds) and Articles 2 and 2a (sales and leases); (b) a statute, regulation or other rule of law governing the creation or execution of wills, codicils or testamentary trusts; or (c) a state statute, regulation or other rule of law governing adoption, divorce or other matters of family law. In addition, E-SIGN does not apply to (a) court orders or notices or official court documents required to be executed in connection with “proceedings”; (b) any notice of: (i) the cancellation or termination of utility services; (ii) default, acceleration, repossession, foreclosure, eviction or the right to cure, under a credit agreement secured by, or a rental agreement for, a primary residence of an individual; (iii) the cancellation or termination of health insurance or benefits or life insurance benefits (excluding annuities); (iv) recall of the product or material failure of the product, that risks endangering health or safety; or (v) any document required to accompany any transportation or handling of hazardous materials, pesticides or other toxic or dangerous materials.
G. Transferable Records
E-SIGN facilitates electronic transferable records. While the provisions of E-SIGN regarding transferable records are very similar to those of UETA, the definition of transferable record under E-SIGN is different. Under E-SIGN, a transferable record is an e-record that would be a UCC Article 3 Promissory Note if in writing, an e-record that the issuer agrees is a transferable record and an e-record that relates to a loan secured by real property. Unlike UETA, the E-SIGN definition does not include a UCC Article 7 “document of title.” E-SIGN provides that a transferable record may be e-signed and includes rules for determining who has control of a transferable record and the rights of the parties to transferable records.
H. Notarization and Acknowledgement
If a signature or record is required to be notarized, acknowledged, verified or made under oath, the requirement is satisfied if the e-signature of the person authorized to perform those acts, together with all other information required to be included by other applicable law, is attached to or logically associated with the signature or record.
I. Preemption Exemptions
States are significantly restricted in their ability to modify or supersede E-SIGN’s basic provisions by state law. States that adopt UETA are not preempted by E-SIGN, provided that non-uniform provisions are consistent with E-SIGN. States may also adopt alternative laws that are consistent with E-SIGN and that do not violate certain technology provisions of E-SIGN. States may not avoid E-SIGN by imposing non-electronic delivery method requirements.
J. Effective Dates
Most provisions of E-SIGN that are of direct interest to the banking industry took effect on October 1, 2000. Provisions for electronic record retention (when Federal or State law or regulation imposes the retention requirement) take effect on March 1, 2001. E-SIGN does not apply to loans that are guaranteed or insured by the U.S. government until July 1, 2001. Consumer disclosure provisions of E-SIGN do not apply to federal student loans until the earlier of July 1, 2001 or the publication by the Secretary of Education of revised promissory notes.