Doing Business Electronically — a Review & Update for Credit Unions

Editor’s Note: The following is a contributed piece from the legal experts at credit union law firm, Farleigh Wada Witt.

COVID-19 accelerated a trend that was already underway: doing business electronically. With branch closures and restrictions, and member reluctance to come to the credit union to do business even when it is possible to do so, credit unions are looking for ways to permit members to do business at a distance. In the heavily regulated world of financial services, this raises some special challenges and risks for credit unions to manage.

When conducting business electronically, a credit union must consider the following:

  • Creating and retaining evidence of an enforceable contract or transaction;
  • Satisfying applicable disclosure requirements;
  • Validating (and maintaining proof of) the identity of the person with whom the credit union is dealing; and
  • Addressing any practical hurdles.

The federal ESIGN Act and similar state laws (specifically the Uniform Electronic Transactions Act, “UETA,” adopted years ago in Idaho and Oregon, and last year in Washington) provide for the validity and enforceability of contracts or transactions entered into electronically. The Uniform Commercial Code, which governs most consumer and commercial secured lending transactions other than mortgage loans, also recognizes the validity and enforceability of transactions entered into electronically. More recently, Idaho, Oregon, and Washington have all adopted some form of the Revised Uniform Law on Notarial Acts that authorizes remote notarizations in electronic form.

These laws do not provide blanket validity to contracts and transactions entered into electronically. Rather, they provide that transactions and contracts cannot be deemed invalid merely because they are entered into or authenticated in electronic form. Electronic contracts and transactions are still subject to all other legal requirements – i.e., both parties must agree on the terms, and the party seeking to enforce a contract must be able to demonstrate that the other party agreed to the terms of the contract.

Creation and Retention of Enforceable Contract

There are various ways to create and retain an enforceable contract. The selection of method depends on factors such as:

  • Whether the same terms apply to everyone (i.e., online banking agreement) or different specific terms apply to each transaction (i.e. car loans);
  • The degree of risk of false or mistaken identity (or inability to prove identity) of a party; and
  • Requirements of other parties affecting the transaction (i.e. state title certificate requirements, mortgage investor requirements, etc.).

In some settings, where there are uniform terms and little need or risk to confirm identity on a case-by-case basis, clicking a button to consent to a specific agreement can be adequate to establish a contract. (This approach, commonly referred to as “click-wrap” agreements, is often used by online merchants who receive payment up front and have no need to verify identity of purchasers.)

In other settings, a more elaborate approach (such as Docusign) is needed in order to retain evidence that a particular person agreed to transaction-specific terms at a specific time.

Whatever system a credit union employs for a particular type of transaction or service, the credit union must retain some evidence of the specific terms agreed to, and how and when the member agreed to those terms. For example, if the credit union uses online consent to the membership and account agreement, the credit union must maintain an archive of the versions of the agreements that it has used, and the specific dates when one version replaced another. Thus, if there is ever a dispute or question as to the specific agreement that a member consented to, the credit union can produce the specific form of agreement that the member would have seen when they clicked “I agree.” (The credit union should also be able to demonstrate that its consent process required the member to actually view the agreement.)

Docusign and similar products have elaborate retention and tamper-prevention mechanisms to be able to tie specific parties to the specific transaction terms they agreed to if it becomes necessary to enforce those terms.

Disclosure Requirements

Most of the key federal consumer protection regulations (i.e. CFPB Regulations E, P, and Z, FRB Regulation CC, and the NCUA Truth in Savings regulation) include a requirement to provide disclosures in writing in a form that the consumer can keep. ESIGN provided a way to satisfy this requirement using electronic disclosures. In contrast to its approach as to enforceable contracts, ESIGN created very specific requirements for delivering consumer disclosures in electronic form. Specifically, ESIGN requires:

  • Consumer notice: a notice to the consumer detailing the scope of documents covered by the consumer’s consent to electronic disclosures, the consumer’s right to withdraw consent for electronic disclosures (including procedures to withdraw consent and any consequences of withdrawing consent), the availability of paper disclosures as an option, and hardware and software requirements for the consumer to receive disclosures electronically.
  • Affirmative consent: The consumer must affirmatively agree or consent to electronic disclosures; consent cannot be an “opt-out” process.
  • Demonstration of ability to receive electronic disclosures: The consumer must give their consent or confirm their consent in a way that demonstrates they have the ability to receive disclosures electronically in the form provided by the credit union. In other words, if the credit union provides disclosures in pdf format, the member consent process must include some way of verifying that the member can access the disclosures in pdf format.
Proof of Identity

The credit union has little need to retain identity verification when a member agrees to “click wrap” terms of use for the credit union’s mobile deposit service. The same terms apply to everyone, and the click wrap process requires everyone to agree to those terms before accessing the service. On the other hand, the credit union has a strong need to verify identity and retain proof of identity before funding a mortgage loan. Risk identity verification for conducting online banking transactions falls somewhere between those two extremes.

Credit unions generally rely on user credentials (i.e. username and password) as a means of validating identity for online banking transactions. For other types of transactions, the credit union may use other types of validation. For example, the credit union may require a scan of valid government ID before accepting electronically signed indirect loan documents. Or the credit union may rely on other verification processes established as part of an online signature service. These are determinations based on risk assessment, operational capabilities, member needs, and other circumstances.

Other Practical Considerations

Finally, the credit union’s procedures and policies must take into account other factors that may affect how it conducts particular transactions electronically or whether it even can. For example, if a particular mortgage investor will not purchase loans originated electronically, it doesn’t matter that state and federal law would permit the credit union to do so. Similarly, if documents (such as trust deeds) need to be recorded in state or county records, the credit union must assure that its process for creating and executing those documents satisfies state recording requirements and any applicable county requirements.

For example, real estate documents must be notarized in order to be recorded. A notary public must be specifically authorized to do electronic notarizations in order to notarize documents that are electronically signed from a location other than where the notary is. Remote notarization requires the notary to use a commercial remote notarization system approved by the state. In addition, the credit union must assure that the title company providing title insurance will approve the transaction.

Credit unions in Idaho, Oregon, and Washington can successfully conduct most types of transactions online, subject to the considerations discussed above. However, there are some exceptions, such as:

  • Transactions involving vehicle titles. Vehicle titling involves a mix of state and federal issues (the federal odometer disclosure requirements), and antiquated state processing systems. Although a credit union’s loan documents may be signed electronically, title application and transfer documents will likely require wet signatures on paper for the foreseeable near future.
  • Signatures on checks or other negotiable instruments.
  • Transactions involving government applications, permits, or approvals. In many cases, transactions requiring some form of government permit or approval are subject to any standards set by the relevant government body, which may include requirements for wet signatures on paper applications or other documents.
  • An electronically created power of attorney may be technically valid, but the credit union will likely have difficulty determining that it was validly signed unless it was notarized appropriately (either in person or by an authorized remote notary).

 Have a question about this story? Please contact the legal experts at Farleigh Wada Witt.

Posted in Article Post.