As mentioned in our last blog post about E-SIGN, AffirmX has received numerous questions about the E-SIGN Act over the past few months. In this post, we turn our attention to similar recurring questions centered around one somewhat simple phrase in the regulation: “reasonably demonstrate.”
In context, the regulation states that the institution should obtain consumer consent “in a manner that reasonably demonstrates that the consumer can access information in the electronic form that will be used to provide the information that is the subject of the consent.” The point of that statement was to ensure that novice computer users were able to access their disclosures and electronic documents. This is a legitimate concern, because spam filters, pop-up blockers or changes in browser configurations could prevent electronic records from being received or opened.
Here are some common questions we’re hearing about demonstrative consent:
- When statements and disclosures are provided via a PDF, what method do you recommend to “reasonably demonstrate” access, and what evidence should we retain to prove it? Our core processor’s system does not include any kind of method to force the user to “reasonably demonstrate” access, so it appears not all institutions are doing this.
- Can you provide some examples of what actions would be considered acceptable to meet the requirement to “reasonably demonstrate” consumers can access information in electronic form?
- We have been cited twice by examiners who say that it is not satisfactory just for the consumer to acknowledge electronically that they have the appropriate software to read the e-statement, but that they must also demonstrate this ability. However, our core system provider does not have a “bounce back” system to identify that the consumer has demonstrated the ability to read the e-statement. What should we do?
- What if a consumer “demonstrates consent” initially, but when the disclosures are emailed later, they are returned as undeliverable?
As you can see by these real questions, there is a great deal of frustration about the demonstrative consent provision of E-SIGN. Unfortunately, the regulation is rather vague about the nature and timing of the “demonstrate” requirement. As the OCC indicated in Advisory Letter AL 2004-11, “the E-SIGN act is not clear on precisely when the ‘reasonable demonstration’ must occur in time relative to the consumer’s expression of consent.” You know what this means: when there is an absence of guidance on an issue, then the interpretation of “reasonable demonstration” can vary from regulator to regulator.
Demonstrative consent means that the consumer has shown the ability to receive and read the documents in the format that your institution plans to use. There are many ways to accomplish this depending on the format, but the consumer should always provide your institution with some evidence of access.
For example, you can do a “test drive” to verify the consumer’s ability. To do so, you would need to create a “test” disclosure/document and require the consumer to pick up and return a PIN or code to you. That will confirm that the consumer can in fact navigate your system and has the capacity to retrieve and respond to electronic records and disclosures. So, if you want to send e-statements in a PDF file, you will have the consumer open a test PDF and return some PIN or code to you. Many e-statement systems are set up in this fashion. If you plan to send an appraisal via e-mail with a link to an HTML web page, you can send sample e-mail with a link to click on to confirm access. This sort of test process will eliminate any doubt about whether a consumer can access electronic information. Many institutions retain both the copy of the consent as well as the email string verifying consent/ability.
On to the question of “What if emails start coming back as undeliverable after access was demonstrated?” Under the law, the bank or credit union is not responsible to monitor whether the customer has opened his email or visited document sites set up for disclosures. But, if you know that emails are coming back undeliverable, your institution does have a good faith responsibility to investigate. You may wish to consider the E-SIGN consent to have been withdrawn if the customer is unresponsive and you know that important federal disclosures or electronic records are not being received.
As you can see, for a two-word phrase, the requirement to “reasonably demonstrate” sure generates a lot of questions. However, it makes sense when you think of E-SIGN’s increasing importance in this technological era.
For more information on E-SIGN and how AffirmX can assist you with E-SIGN compliance as part of its package of compliance services, please contact firstname.lastname@example.org.