Companies are scrambling to complete transactions with customers and suppliers faster and cheaper, and in the current COVID-19 environment, now at a safe distance. E-contracting and e-signatures have been in the marketplace for over 20 years, but organizations which have not adopted the framework may be taking a closer look at e-processes in light of the crisis. Below is a primer to understanding and managing the risks associated with an e-process, along with some practical pointers on using e-signatures/e-contracting.
Authentication Risk
This is the risk that the electronic signature obtained is from a forger, not from the actual person whose name is associated with the electronic signature. The risk is that a company relying on an applicant’s electronic signature to be that of a given person seeks to enforce the document bearing the person’s signature and the person claims, “That is not my signature!”
There are ways to authenticate the identity of a person. A popular and simple method is to use a “shared secret,” such as combination of questions that nobody other than the real person would know: social security number, mother’s maiden name, date of birth, employee number, etc. There are firms that can authenticate a person on a real time basis as well, using the shared secret approach.
Repudiation Risk
This is the risk that a document bearing a person’s signature is altered after the document is signed electronically and the person repudiates the contents of the document bearing his or her signature. The risk is that a company relying on an applicant’s electronic signature seeks to enforce the terms of the signed document bearing the applicant’s signature and the applicant claims, “Yes, that is my signature, but the terms and conditions of what I signed are different than that document!”
There are ways to mitigate the repudiation risk considerably; in fact, the repudiation risk can be reduced below the repudiation risk associated with traditional methods. The simplest way to mitigate repudiation risk is to have each document “electronically sealed” immediately after it is signed to prevent any alteration to the document without such change being visible. Storing the documents in secure environments also mitigates the repudiation risk.
Compliance Risk
This is the risk that the rules and regulations governing such a transaction, such as regulation requiring certain consumer disclosures to be provided by a certain stage in the transaction, are not satisfied. The risk is that the company is sanctioned by regulatory authorities or the other party to the transaction avoids its obligations.
There are ways to mitigate this risk as well. Again, as with the repudiation risk, with a little bit of logic embedded in an e-process, compliance can actually be better than in the traditional process. For example, an e-process with logic that requires all the disclosures to be provided and acknowledged by a consumer can prevent completion of the process without all required disclosures being provided to the applicant.
Admissibility Risk
This is the risk that an e-contract is not admissible into evidence when the company seeks to enforce it. In a 2007 landmark case in the U.S. District Court of the District of Maryland, Lorraine v. Markel, the Court’s decision put both litigators and litigants on notice that simply offering electronic evidence, without laying the proper foundation, can deem such evidence inadmissible, and thus an e-contracting business process unenforceable.
There are various ways to improve the likelihood of the admissibility of e-contracts, for example, by using an exemplar business process to designing customized systems for the creation, storage and production of electronic information.
Adoption Risk
This is the risk that the e-process takes longer than the traditional process or is not as convenient as the traditional process and consequently, adoption of the process is slow. The risk is that a company invests considerable resources to design an e-process only to find that there is little use of the e-process.
The best way to mitigate this risk is to field test a proposed e-process.
Relative Risk
There are authentication risks, repudiation risks and compliance risks with the traditional process of using wet ink and hard copy paper to complete transactions. Many companies have not examined such risks until they begin developing an e-process. For most electronic signature and e-delivery processes, the goal will be to have the transaction, on the whole, be no riskier than the current processes.
Sign up for our newsletter and get the latest to your inbox.