Voltaire’s mantra (or Spiderman’s, if you prefer)—“With great power comes great responsibility”—could be the overriding theme of the financial industry’s new digital age.
In order to maintain its powerful position in society, the financial industry must meet its responsibility to operate more efficiently. That means streamlined onboarding, documents being in good order and straight-through processing, all of which are thwarted by the industry’s notoriously paper-intensive workflows. Digital processes authorized with e-signatures can solve this problem, and the benefits extend beyond faster processing and higher accuracy to include substantial cost savings in paper, shipping and storage.
Because the financial services industry also has the responsibility to protect clients’ personal data (and to protect company liability under the Gramm–Leach–Bliley Act), advisors and firms must navigate the e-signature landscape carefully to assure that the solution chosen is secure and valid today and far into the future.
Here are four key questions to ask potential vendors to assure that you choose an e-signature partner that meets this criterion.
1. “Where will data and documents live?”
Many people don’t realize that all e-signatures aren’t the same. For example, “dependent” e-signatures maintain the evidence supporting an e-signature’s validity on a vendor’s server, accessed via a link in the signed document. This means evidence must remain on that vendor’s server indefinitely and can only be accessed with an Internet connection. You may be able to download a document, but the evidence behind the signature will always be linked to your vendor. “Independent” e-signatures permanently embed the evidence of an e-signature’s validity directly into the signed document. This means that your documents and supporting e-signature evidence don’t have to stay on a vendor’s server, and evidence of a signature’s validity can be accessed offline.
Convenience aside, in an environment where hackers always pose a threat – something that is not likely to change in the future – eliminating a potential access point to data, documents and evidence is critical to mitigating risk.
2. “How are signers’ identities verified?”
Identity authentication is imperative to electronic signature verification, as it assures that the person intended to receive and sign a document is, in fact, the person who does receive and sign it.
Discuss authentication methods that your transactions need. Should your documents include account numbers, personal data or other closely held information, using the highest means of authentication available may be important. This includes knowledge-based authentication (KBA), which requires signers to answer a series of multiple-choice questions based on information pulled from public databases that wouldn’t easily be known or gathered by others, such as asking you to choose your past addresses or pet vaccination records from a list that includes both true and false answers.
Multi-factor authentication takes identity vetting a step further by taking signers through at least two levels of authentication processes, such as KBA followed by a passcode sent via SMS to a signer’s cellphone.
3. “What is your strategy for long-term integrity?”
Whether onboarding a client or closing financial transactions, it’s likely you’ll need the appropriate documents to remain valid and unaltered for longer than the foreseeable future, so probe e-signature vendors for proof of their product’s long-term integrity.
Tamper-evident technology alerts users of document changes after each and every signature. It’s important that this safeguard be in place the moment the document is first signed and that the document not reside anywhere without tamper-evident protection activated.
Audit trails that track every step in the signing process and timestamp everything from the reading of the document to each identity authentication and the signing process will also help secure the long-term validity of your e-signed documents and provide legally defensible evidence, should you need it.
4. “What are your standards for collecting and maintaining e-signatures and evidence?”
There are some widely adopted e-signature technology requirements mandated by the Electronic Signatures in Global and National Commerce Act and the Uniform Electronic Transactions Act. However, these regulations are broad and don’t provide a detailed legal framework for essential digital security items, like encryption, tamper-evidence (as explained above) and high-level authentication or secure document storage.
Question vendors on their adherence to published industry standards, such as those outlined by FINRA and the SEC, as well as international standards for digital technology and digital documents, such as those from the International Standards Organization (ISO) and NIST, that often require a higher mandate for items like digital identity issuance and signature usage. Since these standards exist in the public domain, they will always be discoverable and legally defensible.
Right or wrong, we’ve trusted wet ink and paper for signatures for thousands of years, and therefore most people are not used to questioning how documents are signed.
This mindset has to change. Ask questions. Make sure your e-signature vendor gives you control and ownership of your signature, in which the evidence behind the signature is complete and transparent, and that the integrity of your documents will be unquestioned for the long term.