White Paper. The E-Sign Act. Use and enforceability of identifiers, passwords and personal identification numbers as signatures



Similar documents
Issues to Address: The Privacy Concerns of Individuals

Published on e-li ( July 03, 2016 Electronic Signatures and Transactions. Dear Reader:

Moving Towards an Electronic Real Estate Transaction

whitepaper THE ESIGN ACT Harnessing New Hiring Efficiencies with Electronic Signatures

Recordable Recording Laws and Regulations in Michigan

5 FAM 140 ACCEPTABILITY AND USE OF ELECTRONIC SIGNATURES

State of Arkansas Policy Statement on the Use of Electronic Signatures by State Agencies June 2008

Independent Insurance Agents & Brokers of Louisiana 9818 Bluebonnet Boulevard Baton Rouge, Louisiana

ELECTRONIC SIGNATURE REQUIREMENTS FOR LENDERS

POLICY ISSUES IN E-COMMERCE APPLICATIONS: ELECTRONIC RECORD AND SIGNATURE COMPLIANCE. 15 USC 7001 et. seq. (E-SIGN) and

ELECTRONIC SIGNATURES IN GLOBAL AND NATIONAL COMMERCE ACT

The Electronic Signature Act and Insurance

ELECTRONIC SIGNATURES IN GLOBAL AND NATIONAL COMMERCE ACT

ELECTRONIC RECORD AND SIGNATURE COMPLIANCE. NASD Rules 3010(d) and 3110(c)(1)(C) SEC Rule 17a-4 15 USC 7001 et. seq. (E-SIGN)

WACHA Going Paperless

SIGNATURES ON THE WEBÕS DOTTED LINE: ELECTRONIC SIGNATURES ON CREDIT APPLICATIONS AND GUARANTEES SOON VALID IN ALL STATES.

National Information Management Conference and Exposition Thursday, April 23, 2009

Electronic Signature: Increasing the Speed and Efficiency of Commercial Transactions

One Hundred Sixth Congress of the United States of America

USE OF DIGITAL SIGNATURES IN COMMUNICATIONS WITH PUBLIC ENTITIES IN CALIFORNIA

Electronic Signature of Retirement Plan Documents

THE STATE BAR OF CALIFORNIA BUSINESS LAW NEWS BUSINESS LAW SECTION AN OVERVIEW WITH ATTENTION TO CURRENT ISSUES

Minnesota State Colleges and Universities System Guideline Chapter 5 Administration

Department of Veterans Affairs VA DIRECTIVE 6510 VA IDENTITY AND ACCESS MANAGEMENT

Digital Signatures The Law and Best Practices for Compliance. January 2014

E-SIGNATURES FY Movement Mortgage, LLC s e-signature Policy & Procedures Manual. This policy was last revised December 4, 2014.

NC General Statutes - Chapter 66 Article 40 1

A 6-POINT FRAMEWORK BUSINESS TECHNOLOGY GROUP

Title. This chapter may be cited as the "Uniform Electronic Transactions Act." TOC

How To Choose An Electronic Signature

HOUSE OF REPRESENTATIVES FINAL BILL ANALYSIS SUMMARY ANALYSIS

ELECTRONIC SIGNATURES AND ELECTRONICALLY SIGNED RECORDS

Minnesota State Colleges and Universities System Procedures Chapter 5 Administration Procedures associated with Board Policy 5.22

WEB ACH Primer. Receiver The person (for WEB transactions this must be a human being) who owns the bank account being debited.

U.S. DEPARTMENT OF EDUCATION

CHAPTER 6. UNIFORM ELECTRONIC TRANSACTIONS ACT

ELECTRONIC SIGNATURES IN GLOBAL AND NATIONAL COMMERCE ACT, 15 U.S.C

CHAPTER 116. C.12A:12-1 Short title. 1. This act shall be known and may be cited as the "Uniform Electronic Transactions Act."

HIPAA: In Plain English

CITY OF PALO ALTO OFFICE OF THE CITY ATTORNEY

HOUSE OF REPRESENTATIVES STAFF ANALYSIS SUMMARY ANALYSIS

REGULATORY ALERT NATIONAL CREDIT UNION ADMINISTRATION 1775 DUKE STREET, ALEXANDRIA, VA 22314

A unique biometrics based identifier, such as a fingerprint, voice print, or a retinal scan; or

The Intermediate Unit And Electronic Signatures

LEGAL UPDATE October 14, 2008 Ashley Strauss-Martin, RANM Legal Hotline and Forms Attorney

Technical Safeguards is the third area of safeguard defined by the HIPAA Security Rule. The technical safeguards are intended to create policies and

RETAIN FOR YOUR RECORDS

erecording Best Practices for Recorders

OLEY VALLEY SCHOOL DISTRICT

Best Practices Electronic Signature Requirements January 20, 2014

Digital Signature Policy Guidelines. Version 1.1. March Contains corrected links to documents

Emdeon Claims Provider Information Form *This form is to ensure accuracy in updating the appropriate account

The Virginia Electronic Notarization Assurance Standard

PENNSYLVANIA STATUTES TITLE 73. TRADE AND COMMERCE CHAPTER 41. REGULATORY ELECTRONIC TRANSACTIONS CHAPTER 1. PRELIMINARY PROVISIONS

Electronic and Digital Signatures

How To Use An Electronic Record In The United States

Use of Check Images By Customers of Financial Institutions. Version Dated: July 14, 2006

APPENDIX W - REGULATIONS - IDENTITY THEFT CHAPTER 45F. IDENTITY THEFT

[Brought into force by appointed day notice on 16 th June 2003.]

Effective Electronic Delivery and Execution of Documents Required under the Health Insurance Portability and Accountability Act of 1996 ("HIPAA")

ROLLSTONE BANK & TRUST BUSINESS ONLINE BANKING AGREEMENT

1 L.R.O Electronic Transactions CAP. 308B ELECTRONIC TRANSACTIONS

Question Presented. Staff Recommendation

Chaptert 30 Electronic Signatures

New York State Electronic Signatures and Records Act

Mobile Banking Services Addendum To the Agreement and Disclosure for 24/7 Online Banking A Service of Pendleton Community Bank, Franklin, WV

itrust Medical Records System: Requirements for Technical Safeguards

MIDDLESEX SAVINGS BANK ONLINE BANKING AGREEMENT

STATE OF NEW JERSEY. SENATE, No th LEGISLATURE. Sponsored by: Senator JEFF VAN DREW District 1 (Cape May, Atlantic and Cumberland)

Background Check Service

3. "Consumer reporting agency" has the meaning ascribed to it in 15 U.S.C. Sec. 1681a(f).

Law of the Republic of Azerbaijan on Electronic Signature and Electronic Document

ARE ONLINE BUSINESS TRANSACTIONS EXECUTED BY ELECTRONIC SIGNATURES LEGALLY BINDING?

Electronic Signature Article

Business Merchant Capture Agreement. A. General Terms and Conditions

The Legal Requirements for CREATING SECURE AND ENFORCEABLE ELECTRONIC TRANSACTIONS

COMPUTER SOFTWARE AS A SERVICE LICENSE AGREEMENT

XCEL ENERGY S ebill AND ebill PAYMENT TERMS OF USE

How To Get A Court Order To Stop A Registered Investment Adviser From Misbehaving

PLEASE CAREFULLY REVIEW THESE TERMS AND CONDITIONS BEFORE PROCEEDING:

Authentication of Documents/Use of Professional Stamps

Fair Credit Reporting Act Compliance Guide

California Uniform Electronic Transactions Act (UETA)

CONGRESSIONAL FEDERAL CREDIT UNION ELECTRONIC CORRESPONDENCE DISCLOSURE & AGREEMENT

Federal Trade Commission Privacy Impact Assessment

PLEASE READ. The official text of New Jersey Statutes can be found through the home page of the New Jersey Legislature

Rackspace Archiving Compliance Overview

City of Minneapolis Policy for Enterprise Information Management

FINAL May Guideline on Security Systems for Safeguarding Customer Information

Electronic Commerce 1 LAWS OF MALAYSIA. Act 658

CRS Report for Congress Received through the CRS Web

2. "Consumer" means an individual. (same as 15 U.S.C. 1681a(c))

Hot Topic # 1: What Background Checks Should You Conduct?

OCC ADVISORY LETTER AL Electronic Consumer Disclosures and Notices

ELECTRONIC DELIVERY OF BANK STATEMENTS/NOTICES CONSENT AND AGREEMENT

DEA's New Proposed Regulations For E-Prescribing

University of Nebraska - Lincoln Identity Theft Prevention Program

Mobile Deposit Policy

Qualified Electronic Signatures Act (SFS 2000:832)

Transcription:

White Paper The E-Sign Act Use and enforceability of identifiers, passwords and personal identification numbers as signatures

1 Table of Contents Introduction 2 The Audit Confirmation Process 2 The Confirm Service 2 The E-Sign Act 4 Relevant E-Sign Act Provisions 6 Endnotes 6

2 Introduction The following white paper discusses the legality and enforceability of the Confirm service ( Confirm ) of Capital Confirmation Inc. in connection with obtaining third-party confirmations from financial institutions as part of audits or similar transactions. The Audit Confirmation Process As part of a typical audit, the auditors routinely require confirmation from financial institutions as to the account balances or amount of indebtedness of the audit client. In the past, this process has been paper-based. That is, the auditor will send a letter to the financial institution. The financial institution will gather the information, prepare the confirmation, and deliver the confirmation to the auditor. This process is both time consuming and expensive for the client, the auditor and the financial institution. The paper-based process also exposes the auditor and the financial institution to substantial unwanted fraud liability. An overwhelming majority of auditors surveyed by Capital Confirmation receive the financial institution s address and contact information from the client or client documents such as a statement provided by the client. Auditors are thus exposed to fraud when given incorrect contact information either intentionally or unintentionally. The definition of third-party confirmations requires financial institutions to return confirmation requests to an address that is specifically not the client s address. Financial institutions are at risk when client information is received by an unauthorized party either intentionally or unintentionally. This occurs when an unauthorized party mails a fraudulent request to the financial institution using a false client signature as the client s signature. Because significant opportunities for fraud exist with paper-based confirmations, inherent in the paper process is a level of risk and related liability. That liability is significantly increased without a thorough and complete third-party authentication process of all contact information, mailing addresses and signatures. Capital Confirmation has developed certain software and systems that allow for the electronic audit confirmations using a secure third-party authentication process. Capital Confirmation enters into agreements with the financial institution, businesses and accounting firms to allow access to the confirmation system developed. The system depends upon the use of unique identifiers, passwords and identification numbers to permit access to and use of the system. The Confirm Service The patent-pending Confirm service provided by Capital Confirmation is a secure third-party authentication platform of information transfer between the third-party confirmer and the auditor. Confirm allows an accountant, or auditor, to request confirmations related to a particular client and permits a financial institution, as third-party confirmer, to respond to such requests. The process is principally electronic and ultimately requires authentication of each of (i) the accounting firm, (ii) the accountant/auditor and (iii) the client who is the subject of the

3 audit. The process also requires two signatures : an electronic authorization (in the form of the AUD number process and user agreement acceptance) and a physical authorization (typically in the form of an audit firm engagement letter with the audit client). The authentications and signatures are important in establishing authorization and maintaining the security of the information transfer. The following is a description of some of the features of the Confirm system that are designed to ensure authentication, authorization and secure transfer of information. Capital Confirmation has established a thorough, multi-step authentication process to authenticate each accounting firm, accountant/auditor and audit client involved in the Confirm process. 1 A validated and authenticated audit client user will receive directly from the Confirm system an AUD number through the validated email process. The AUD number is a randomly generated PIN. The AUD number generation process can only be initiated by the authenticated accountant through the use of a login to the Confirm service using their unique ID and password. If a client user s email becomes invalid, the AUD will not reach such client and the Confirm confirmation service would be halted. The Confirm system is designed such that the audit firm cannot initiate a confirmation request through the Confirm system without the AUD number. The audit firm can only obtain the AUD number from the audit client thus ensuring the audit client s authorization to request confirmation. The electronic authorization is such AUD number. The use of the AUD number by the authenticated audit client creates the authorization for the authenticated audit client s financial institution to release information regarding the audit client to the specified authenticated accountant/auditor via the Confirm service. In addition, the audit firm and audit client each agrees and acknowledges that among other matters, that they each have authorization to request the confirmation information. In addition to the electronic authorization, the highlights of which are discussed above, there is a physical authorization to the Confirm process. An authenticated accountant/auditor user s authenticated accounting firm must receive proper written authorization from an authenticated client user in order to use the Confirm service. This authorization is usually in the form of an engagement letter between the audit firm and the audit client. The written authorization is to be kept on file by the authenticated accounting firm for at least five years. The Confirm process ultimately provides a means by which only a licensed accounting firm s accountant/auditor user can set up a client and only an authorized representative of the financial institution s client can authorize an audit confirmation, creating a traceable path of accountability governed by applicable laws and regulations. Critical to the process is the authentication of the financial institution. 2 Capital Confirmation sets up secure links between the accountant/auditor and a validated financial institution, assuring that when a confirmation request is sent, it goes directly to the financial institution without interference. Further, because the process is fully automated, the requested information is transmitted to the auditor/accountant in a secure fashion. The use of encryption and digital signatures allows the auditor/accountant to have an extremely high degree of confidence in the integrity and authenticity of the confirmation information. Indeed, the

4 confidence level is much higher than is present in the paper-based confirmation process because there are far fewer opportunities for errors or corruption of the process. The E-Sign Act: The Use of Identifiers, Passwords and Personal Identification Numbers as Signatures Capital Confirmation contracts indicate that the participants in the system will rely upon the unique identifiers used by other participants. That is, when a party enters the system using the unique identifiers, other participants are entitled to rely on the fact that the identifiers are tied to the specific participant. Actions taken by persons using the unique identifiers are presumed to be actions of the person associated with those identifiers. In essence, a message sent with those identifiers is deemed to be signed by such person, and will be enforceable against such person to the same extent as if the message were contained in a paper document bearing a physical signature. As a general matter, the parties to commercial arrangements such as created by Capital Confirmation are permitted to establish the framework for communications, the methods by which those communications may be transmitted, the manner in which those communications will be treated, and the legal effect of such communications. The parties may agree that messages or communications using the unique identifiers assigned to a party will be deemed to be communications of such party. The ability to so contract has been strengthened by the Electronic Signatures in Global and National Commerce Act, signed by President Clinton in 2000 (15, U.S.C. 7001 et. Seq.). In that Act, commonly known as the E-Sign Act, Congress has specifically provided as follows: Notwithstanding any statute, regulation, or other rule of law (other than this subchapter and subchapter II of this chapter), with respect to any transaction in or affecting interstate or foreign commerce (1) signature, contract, or other record relating to such transaction may not be denied legal effect, validity, or enforceability solely because it is in electronic form; and (2) a contract relating to such transaction may not be denied legal effect, validity, or enforceability solely because an electronic a signature or electronic record was used in its formation. 15 U.S.C. 7001(a). While the E-Sign Act contains numerous provisions relating to transactions involving consumers, those limitations generally do not limit the ability or enforceability of signatures or records in electronic form among commercial entities. The E-Sign Act allows states to enact statutes governing the use of electronic records and signatures, and many have done so. Several have adopted the Uniform Electronic Transaction Act ( UETA ), promulgated by the National Conference of Commissioners on Uniform State Laws. However, the adoption of state laws, whether they be versions of UETA or stand-alone statutes, cannot limit the basic thrust of the general provision of E-Sign giving effect to electronic signatures and records.

5 Important in this context is the definition of a signature. In general, a signature is a symbol adopted by a party to authenticate a writing. See Section 1-201(39) of the Uniform Commercial Code. E-Sign and UETA follow this approach. In general, a signature is an electronic sound, symbol, or process, attached to or logically associated with a contract or other record and executed or adopted by a person with the intent to sign the record. 15 U.S.C. 7006(5). Examples of signatures could include such things as digital signatures, mouse clicks on an I accept button, biometric identifiers associated with a message, or PINs and passwords. Also important is the concept of record retention. E-Sign generally requires that records be retained and be capable of reproduction. 15 U.S.C. 7001(d)(2). Capital Confirmation contracts include such specific provisions governing the use of identifiers, as well as the security and encryption procedures to be utilized, and the legal effect of the transmission of messages and requests containing the identifiers. A court of law should therefore give effect to the contractual provisions stated and agreed to in such contracts. It is noted that both E-Sign and UETA require that the parties consent to the use of electronic signatures and records, and that one party cannot unilaterally require another to do so. Accordingly, the need for specificity in the contract is of paramount importance, and is incorporated in the Capital Confirmation contracts to satisfy this requirement. For convenience, Attachment One is a copy of the relevant provisions of the E-Sign Act. For more information about secure electronic confirmations, contact us at: 1-888-716-3577 or visit. Capital Confirmation, Inc. 214 Centerview Drive, Suite 265 Brentwood, TN 37027 Phone: 888-716-3577

6 Attachment One: Relevant E-Sign Act Provisions 15 USC Sec. 7001. General rule of validity (a) In general Notwithstanding any statute, regulation, or other rule of law (other than this subchapter and subchapter II of this chapter), with respect to any transaction in or affecting interstate or foreign commerce - 1) a signature, contract, or other record relating to such transaction may not be denied legal effect, validity, or enforceability solely because it is in electronic form; and 2) a contract relating to such transaction may not be denied legal effect, validity, or enforceability solely because an electronic signature or electronic record was used in its formation. 15 USC Sec. 7006. Definitions (5) Electronic signature The term ''electronic signature'' means an electronic sound, symbol, or process, attached to or logically associated with a contract or other record and executed or adopted by a person with the intent to sign the record. Endnotes 1 Authentication by Capital Confirmation includes such steps as independent third-party validations, periodic reviews, identity certifications and valid email verifications. This memorandum does not delve into the specifics of the authentication process, which is quite extensive and involved. Where an accounting firm, auditor/accountant or client cannot be verified and authenticated, such party will not and cannot be involved in the Confirm process. 2 Authentication by Capital Confirmation includes such steps as physical validation, independent third-party validations, periodic reviews and identity certifications. This memorandum does not delve into the specifics of the authentication process, which is quite extensive and involved. Where a financial institution cannot be verified and authenticated, such party will not and cannot be involved in the Confirm process.

2024 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information