Under Article Three, Subsection 3.12.4, Form of Written Statement of Unauthorized Debit of the ACH Rules, it is required that Written Statements of Unauthorized Debits (WSUDs) are to be signed or similarly authenticated by the Receiver. RDFIs are responsible for ensuring that WSUDs are obtained and retained in compliance with the ACH Rules. We know 'signed' means pen-to-paper, but what exactly does 'similarly authenticated' mean?
The Electronic Signatures in Global and National Commerce Act (the E-Sign Act) establishes electronic signatures as legally equivalent to their paper counterparts, provided they meet the requirements of the E-Sign Act. To be valid under the E-Sign Act, an electronic signature must be "similarly authenticated," meaning the method used to verify the signer must prove their identity and intent to sign, ensuring it holds the same reliability as a traditional pen-and-paper signature. The method used to obtain an electronic signature must, therefore, be able to verify both (1) the identity of the signer and (2) the signer's acknowledgment to be bound by the terms of the WSUD.
There are many ways an RDFI might get an electronic signature:
- Software: One of the most common methods for capturing and retaining an electronic signature is to utilize a software provider such as DocuSign, Adobe, etc.
- Online Banking: Online banking may also be used, as it requires users to authenticate themselves through multifactor authentication. Thus, RDFIs may obtain electronic signature by allowing account holders to log into their online banking to complete WSUDs.
- Verbal WSUD: An RDFI may also consider obtaining a WSUD orally by authenticating the account holder over the phone. However, careful measures should be taken when choosing this option. When accepting WSUDs verbally, it's important for RDFIs to understand that a phone call alone cannot qualify as an electronic signature under the E-Sign Act. While a phone call can be part of the authentication process, it cannot serve as the electronic signature itself. The RDFI should also consider recording the telephone calls and ensuring it has the authority to do so.
It is crucial for RDFIs to develop clear and comprehensive written procedures that detail the steps taken when obtaining WSUDs verbally. These procedures should cover all aspects of the process, from the initial phone call to the retention and provision of audio recordings.
Subsection 3.12.4 specifies the required information that must be included on a WSUD, including a statement from the Receiver asserting that the details of the WSUD are true and correct and that the Receiver is an authorized signer on the account. A script of questions to ask account holders should be developed to ensure financial institution staff collect fully completed WSUDs that meet the requirements of Subsection 3.12.4. Staff should also document the employee who authenticated the account holder and the method used, such as codes, PINS or verification of personally identifiable information on the WSUD.
RDFIs must retain audio recordings of these phone calls alongside the WSUDs for a minimum of one year from the Settlement Dates of the Extended Return Entries relating to each WSUD in order to meet the requirements of both the E-Sign Act and Article Three, Subsection 3.12.5, Retention of Written Statement of Unauthorized Debit. When responding to ODFI requests for copies of WSUDs obtained verbally, RDFIs must be able to provide these audio recordings to satisfy Article Three, Subsection 3.12.6, Copy of Written Statement of Unauthorized Debit.
Establishing clear, written procedures for collecting WSUDs over the phone is necessary to ensure that the process is consistent, thorough and in compliance with the requirements of Article Three, Subsection 3.12, Written Statement of Unauthorized Debit.
There are additional requirements of the E-Sign Act that must also be considered as part of the overall process for accepting electronic signatures. These requirements include:
- Capturing the signer’s consent to do business electronically,
- offering an opt-out clause and
- providing a copy of the fully executed document.
To ensure all of the requirements of the ACH Rules and the E-Sign Act are met, RDFIs should review their processes with legal counsel.
|
