E-disclosure: a short guide to going paperless in consumer financial services
| Description: |
E-disclosure in a short guide.
|
|
The Electronic Signature in Global and National Commerce Act (E-SIGN) (1) has been in effect for four years, (2) yet there is still remarkably little authoritative interpretation of this law as applied to consumer financial services Financial institutions face many questions as they move services online and, as a result, make use of electronic records to meet consumer protection requirements for written disclosures, such as those under the Truth in Lending Act (TILA) (3) and Regulation Z. (4) The bare language of E-SIGN is the only authority on many important issues. The Federal Reserve Board has issued interim rules but these are not comprehensive, and the Board has not made them mandatory, due to controversy about what guidance it should give. (5) As a Federal Reserve Board staff member recently put it, “[w]e remain in limbo, and I’d be shocked if that changed any time soon.” (6)
|
|
Furthermore, there is as yet no reported case law interpreting E-SIGN in the context of electronic compliance with the disclosure requirements of the law of consumer financial services. (7) This may in part reflect slow movement into fully online banking and lending, resulting in a lag in litigation that produces reported decisions. It also may be a result of the widespread use of arbitration clauses by financial institutions. A cost of using private dispute resolution is a lack of court interpretations available to the legal community and the public. (8)
|
|
Although some financial institutions, particularly large ones, have made the investments in legal planning and technical infrastructure, others have hesitated to take the plunge into the world of paperless (or nearly so) consumer financial services during this period of uncertainty This Article addresses the difficult issues in e-disclosure, providing a short guide to counsel for financial institutions. Counsel should be involved from the very beginning of planning the process of moving consumer financial services online. It is much easier and cheaper to build in legal compliance during web design than to go back later and try to add it.
|
|
II. GETTING YOUR CLIENT’S ATTENTION: E-SIGN’s CONSUMER CONSENT RULES AND THE RISKS OF NOT COMPLYING WITH THEM
|
|
A. ACCEPTING THAT COMPLIANCE Is NECESSARY
|
|
E-SIGN’s consumer consent provisions (9) have probably been the biggest reason for hesitation about providing completely paperless consumer financial services. David Whitaker, one of the top national experts on the law of electronic commerce, has written that anyone who is required to make written disclosures and who plans to deliver them electronically “should plan on taking the consumer through the E[-]SIGN consumer consent process.” (10) That it seems necessary to comment that compliance with the law is a good idea is noteworthy. Whitaker’s statement reflects the reality that there is a great deal of resistance to compliance with this particular aspect of the law. In short, lawyers for financial institutions need to be prepared to explain that there are real risks from non-compliance with E-SIGN’s consumer consent provisions.
|
|
B. AFFIRMATIVE CONSENT REQUIRED FOR USE OF ELECTRONIC RECORDS TO MEET WRITING REQUIREMENTS
|
|
E-SIGN requires that before electronic records can be used to meet any writing requirement “relating to a transaction,” including written disclosure requirements, a consumer must have “affirmatively consented” to the use of electronic records. (11) Note that if a given disclosure does not have to be in writing pursuant to underlying law, it is not subject to E-SIGN’s consumer consent rules. The consumer must consent to the use of electronic records to fulfill writing requirements after having been informed which “identified categories of records” may be sent electronically and the hardware and software requirements for accessing and retaining the electronic disclosures. (12)
|
|
C. THE REQUIREMENT OF A TEST OF ABILITY TO ACCESS INFORMATION
|
|
In addition, the consumer must consent electronically or confirm consent electronically to the use of electronic records “in a manner that reasonably demonstrates that the consumer can access information in the electronic form that will be used to provide the information that is the subject of the consent….” (13) This amounts to requiring a test demonstrating the consumer’s ability to access the information. If, for example, disclosures will be provided in the body of an e-mail, the financial institution should send a test e-mail and ask in the text for a reply
|
|
D. RETAINABILITY OF ELECTRONIC RECORDS
|
|
Another important provision states that the legal effect of an electronic record used to meet a writing requirement “may be denied if such electronic record is not in a form that is capable of being retained and accurately reproduced for later reference by all parties or persons who are entitled to retain the contract or other record.” (14) Thus, even though a record is otherwise made available in compliance with E-SIGN, if the record is not retainable, it may be denied legal effect, so that providing a non-retainable record can be treated as equivalent to not making a required written disclosure at all.
|
|
E. NON-COMPLIANCE WITH CONSUMER CONSENT RULES AS NON-COMPLIANCE WITH THE UNDERLYING CONSUMER PROTECTION REGULATION
|
|
A key provision of E-SIGN notes that “[t]he legal effectiveness, validity, or enforceability of any contract executed by a consumer shall not be denied solely because of the failure to obtain electronic consent” in accordance with the testing provision. (15) It is notable that this saving provision applies only to effectiveness of a contract, not effectiveness of a consumer protection disclosure. Many other provisions of E-SIGN refer to the “contract, or other record,” (16) whereas this saving provision only refers to the “contract.” (17) The strong implication is that electronic records sent without a test demonstrating the consumer’s ability to access the information are not effective to meet written disclosure requirements under consumer protection statutes.
|
|
F. REASONS FOR THIS DIFFERENCE BETWEEN CONTRACTS AND CONSUMER PROTECTION DISCLOSURES
|
|
There are good policy reasons for this E-SIGN distinction between writing requirements for contracts (statutes of frauds) and writing requirements for consumer protection disclosures, implicitly making the latter legally ineffective in the absence of compliance with the consumer consent rules, including the test of access to electronic disclosures. A statute of frauds requirement of a written contract has an evidentiary rather than a consumer protection purpose. (18) If the making in fact of a contract can be proved with electronic records, there is no strong policy reason to require that the consumer consented to the making of the contract by electronic means. The consent to making the contract with electronic records is likely implied by the use of electronic records in the formation of the contract. Furthermore, there are many exceptions to the statute of frauds, where other proof, such as part performance or reliance, is a valid substitute for a writing. (19) With requirements for written consumer protection disclosures and notices, however, there is no equivalent set of exceptions to the requirement of a writing. Also, the purpose of E-SIGN’s consumer consent rules is to assure that electronic communications do not undermine the purposes of written disclosure and notice requirements. These consumer protection purposes include facilitating shopping over material terms, providing information about remedies after a dispute arises, warning of substandard terms, and giving notice of later risks. (20) Unless a consumer can access consumer protection disclosures and notices, their purposes would not be met, which is why E-SIGN requires a demonstration of access.
|
|
G. TILA AS AN EXAMPLE OF THE RISKS OF NON-COMPLIANCE WITH E-SIGN
|
|
Probably the best way to convince clients that they have to comply with the consumer consent rules of E-SIGN is to discuss the possible consequences of failing to do so. TILA provides a good set of examples to use. (21)
|
|
H. PRECONSUMMATION DISCLOSURES
|
|
Suppose that a financial institution invites consumers to apply for credit card accounts online and tells each consumer that the cost of credit disclosures will be sent electronically by e-mail. TILA and Regulation Z require that certain cost of credit information, such as conditions under which a finance charge will be imposed and the method of determining its amount, be provided in writing prior to consummation of an open-end credit transaction. (22) Suppose further that the financial institution does not send each consumer a test e-mail to demonstrate that the consumer is able to receive and open e-mails from the financial institution (keep in mind that spam filters might keep notices from reaching some consumers). If accounts are opened online without a test, but with the initial disclosures given by e-mail, and consumers then run up balances on them, the financial institution would be potentially liable for TILA remedies. As noted above, (23) there is a strong argument that non-compliance with E-SIGN, based upon not testing the ability to receive required written disclosures, is, in effect, non-compliance with the underlying statute and regulations.
|
|
In an individual consumer case, a financial institution risks liability for twice the amount of the finance charge together with a reasonable attorney’s fee. (24) In a class action, the court has discretion as to the amount of the award, up to the lesser of $500,000 or one percent of the net worth of the creditor, together with a reasonable attorney’s fee. (25) A financial institution that adopts a general procedure for making TILA disclosures that does not comply with E-SIGN risks this class action liability
|
|
If instead of a standard credit card account, the type of transaction in question involves a security interest in the debtor’s home, other remedies could potentially come into play. A notice of right of rescission of the security interest in the home must be given before consummation of a transaction that is not for acquisition or initial construction of the home, and if not given, the period for exercising the right of rescission is extended from three days to three years. (26) Thus, not testing the ability to receive the notice of right of rescission risks extending the rescission right for three years. Also, an individual in such a transaction may recover statutory damages of $200 to $2000, and class action remedies could be invoked by a class of affected consumers. (27)
|
|
K. CERTAIN TILA DEFENSES INAPPLICABLE
|
|
Errors of legal judgment do not qualify for the TILA bona fide error defense. (28) Non-compliance with the E-SIGN consumer consent provisions would be an error in legal judgment. Also, because the Federal Reserve Board’s interim rules on E-SIGN do not address how to implement consumer consent procedures, they do provide a basis for a defense of good faith conformity with Federal Reserve Board rules. (29)
|
|
L. FRB UNDERSCORED NEED TO COMPLY WITH E-SIGN CONSUMER CONSENT RULES
|
|
Not only has the Federal Reserve Board refrained from providing guidance on consumer consent compliance, but when the agency withdrew the mandatory effective date for its interim rules on electronic communications, it specifically noted the necessity of compliance with E-SIGN’s consumer consent rules: “[f]inancial institutions and others covered by the Board’s consumer disclosure rules are currently permitted to provide electronic disclosures if they obtain consumers’ consent consistent with the requirements of the federal [E-SIGN Act].” (30)
|
|
Some have argued that a state’s enactment of the uniform version of the Uniform Electronic Transactions Act (UETA) supercedes E-SIGN’s consumer consent rules as applied to state law writing requirements, (31) a position that is debatable. E-SIGN provides an “exemption to preemption,” (32) not a right of state opt-out. Thus, another interpretation is that state law writing requirements are governed by UETA, when not amended to provide inconsistent restrictions on use of electronic communications, and also by E-SIGN, to the extent that it provides more consumer protection, as with the consumer consent rules. (33)
|
|
N. UETA INAPPLICABLE TO FEDERAL DISCLOSURE REQUIREMENTS
|
|
In the context of federal regulation of consumer financial services, no one has argued that state law can eliminate the consumer consent requirements of E-SIGN as applied to federal statutes and agency regulations. Furthermore, many states have either not enacted the uniform text of UETA or have explicitly incorporated the consumer consent procedures of E-SIGN into their versions of UETA. (34) Thus, because of the argument that even the uniform version of UETA does not displace federal consumer protections in E-SIGN and also because of enactment of non uniform versions of UETA, or even explicit incorporation of E-SIGN consumer protections into some state’s versions of UETA, it is advisable to comply with E-SIGN’s consumer consent requirements even for state law requirements of written consumer protection disclosures. (35)
|
|
O. WRITING REQUIREMENTS FOR WHICH ELECTRONIC RECORDS MAY NOT SUBSTITUTE
|
|
E-SIGN does not authorize use of electronic records for some writing requirements, such as those having to do with wills and certain estate matters, family law matters, and those under the Uniform Commercial Code, other than Articles 2, 2A, and certain Article 1 provisions. (36) E-SIGN states a number of other exceptions, but the only one likely to have routine importance in the world of consumer financial services is for “any notice of … default, acceleration, repossession, foreclosure, or eviction, or the right to cure, under a credit agreement secured by, or a rental agreement for, a primary residence of an individual.” (37) State law could authorize electronic records for such writing requirements. (38)
|
|
III. IF WE HAVE TO COMPLY WITH E-SIGN’s CONSUMER CONSENT RULES, HOW CAN WE DO SO WITH A MINIMUM OF FUSS?
|
|
Having convinced a financial institution client that compliance with E-SIGN’s consumer consent provisions is necessary, the next challenge for counsel may be to keep the client’s decision-makers from giving up on fully online electronic accounts, perhaps setting up the accounts offline. Counsel need to be prepared with simple guidance on online compliance as well as reminders about the cost savings from electronic communications and the marketing necessity of engaging in this kind of service to attract many Internet-oriented customers.
|
|
B. KEY FEATURES OF CONSUMER CONSENT COMPLIANCE
|
|
As noted in sections II(B)-(D) above, the key features of compliance are to: (i) provide required E-SIGN consumer consent disclosures prior to obtaining consumer consent to use electronic disclosures
|
|
When it comes to consumer consent disclosures, there are three sets of them. First, there are four consumer consent disclosures that have to be given under section 7001(c)(1)(B) in a “clear and conspicuous statement,” (43) which must:
|
|
1. Inform the consumer of “any right or option” to have the record provided or made available on paper and of “the right” of the consumer to withdraw the consent to electronic records, and of any consequences (which may include termination of the parties’ relationship) or fees for withdrawal of consent. (44) The difference between the language “any right or option” concerning receiving disclosures on paper and “the right” concerning withdrawal of consent to electronic records suggests that there need not be an initial right to get a record on paper, while there must be a right to withdraw consent to use of electronic records in the future (but with advance disclosure, the consequences of withdrawing consent could be either fees or termination of the relationship). As noted below in the discussion concerning the fourth clear and conspicuous disclosure requirement, there must also be a right to get a paper copy of a record. This means that although there is no requirement for an initial option of paper, there must be a right to a paper copy later (for a fee) and also a right to withdraw consent to electronic records in the future, which can be grounds for fees or termination of the relationship if these consequences are disclosed at the outset. In short, financial institutions can limit use of paper but still have to be able to supply paper copies for the consumer later, although a fee may be charged for this service. (45)
|
|
2. Inform the consumer of the scope of the consent
|
|
3. Describe the procedures for withdrawing the consent to electronic records and to update the consumer’s electronic contact information. (47) Withdrawing consent can result in termination of the relationship or fees, if these consequences have been disclosed in advance, before obtaining consent to electronic records. (48)
|
|
4. Inform the consumer of how, after consent to electronic records, “the consumer may, upon request, obtain a paper copy of an electronic record,” and disclosure of whether any fee will be charged for it. (49) Notwithstanding the language discussed above concerning “any right” to get the record in non-electronic form at the outset, (50) this other language concerning disclosure of how to get a paper copy after the consent, suggests that there must be a right to a paper copy later, albeit with a fee if disclosed before getting consumer consent to electronic records. Any fee for a paper copy presumably must be reasonable to avoid challenges based on, for example, unconscionability. (50) Financial institutions should be prepared to show the costs of having the capacity to print paper copies for consumers, in order to justify fees for copies.
|
|
There are two other sets of required disclosures that must be given before consumer consent to electronic records can occur, but these do not have be given in a “clear and conspicuous statement.” (52) The financial institution must disclose software and hardware requirements for access to, and retention of, electronic records. (53) Also, because software and hardware requirements are likely to change eventually, if the financial institution wants to be able to impose consequences for withdrawal of consent to electronic records when those changes occur, it must disclose the consequences for withdrawal of consent, such as termination of the relationship or fees, at the outset. (54)
|
|
After providing all of these disclosures, the financial institution should ask for the consumer’s affirmative reply, consenting to receive identified categories of records electronically. For example, if e-mail messages will be used, it is advisable to require a click to agree to a statement that, “I assent to use of e-marl messages, sent to the e-mail address I have supplied, for [list categories of records that will be sent electronically].”
|
|
C. THE TEST OF ACCESS AT ITS SIMPLEST
|
|
A key requirement is that the financial institution using electronic records as a means to meet writing requirements must conduct an electronic test of the consumer’s ability to access a disclosure in the electronic format that will be used. (55) In any transaction where electronic records will be sent later, there will need to be a test. For example, if an application is to be submitted to set up an account, with pre-consummation disclosures to be supplied later, a test will be necessary before sending the pre-consummation disclosures. If e-mail messages or attachments will be used, tests of the consumer’s access, such as those described above, (56) must be used.
|
|
Under the Federal Reserve Board’s E-SIGN interim rules, certain preliminary disclosures–such as those required in credit card advertising or applications–do not require the E-SIGN consumer consent disclosures. (57) Before a final application is submitted, however, and thus before sending pre-consummation disclosures for electronic financial services, (58) it will be necessary to: (i) make the full array of consumer consent disclosures
|
|
If hardware and software requirements for access to electronic records change in a way that creates a “material risk” (59) that consumers will not be able to access or retain a subsequent electronic record, it is necessary to go through a new round of disclosures for the software and hardware requirements and a new test of access. (60) Unless consequences for withdrawing consent upon such a change were disclosed in advance, the consumer has the right to withdraw consent to electronic records without any consequences, such as fees or termination of the relationship, and must get a disclosure of this right to withdraw consent without consequences. (61)
|
|
D. PERMISSIBLE METHODS OF ELECTRONIC COMMUNICATION TO MEET WRITING REQUIREMENTS
|
|
An additional question is what electronic formats and electronic methods of delivery will be sufficient to meet a writing requirement. E-SIGN states one clear prohibition on the type of electronic record that can satisfy a requirement of a writing. (62) Visual text is required, not just an audio recording, and the Federal Reserve Board’s interim rule restates this point. (63) The judgment was that visual text was needed to meet conspicuousness requirements for certain disclosures. (64)
|
|
Although E-SIGN enables use of electronic records to meet writing requirements, a gray area is what form of sending or other communication is necessary in order to provide or make available a record as a substitute for a paper writing. The interim rules approve of two methods of sending electronic disclosures: (i) sending them to the consumer’s electronic address
|
|
The commentary accompanying the interim rules specifies that a consumer’s electronic address used for electronic disclosures is one that is not limited to receiving communications transmitted solely by the financial institution. (67) The purpose appears to be to have a real, active e-mail address of the consumer, not an address set up by the creditor solely for its disclosures, making it unlikely the consumer would access it regularly.
|
|
F. INTERNET POSTING AND THE PROBLEM OF POSTAL AND OTHER “COLD” ALERTS
|
|
An unfortunate aspect of the interim rules is that they seem to provide for disclosures to be made by Interact posting and an “alert” to the consumer by methods that would likely not prompt the consumer to visit the Web site. The interim rules state that the alert can be sent to the consumer’s electronic address or to a postal address, at the creditor’s option, and that the notice should identify the account involved and the address of the Internet site or other location where the disclosure is available. (68) A postal mailing would be unlikely to trigger a visit to an Internet address given in that mailing. An alert by e-mail that lacks a hot link to the Internet site would also fall short on this score because it would require a consumer to paste an Internet address into a browser to access the information. If a financial institution is sending a postal mailing, it is a good idea to simply include the disclosure, rather than give an alert to check an Internet address. Similarly, if an institution is sending an e-mail concerning information available on an Internet site, giving a hot link seems to be the best practice.
|
|
G. NON–BYPASSABLE DISCLOSURE
|
|
The suggestion of the interim rules is that the accompanying comments on use of Internet posting plus alerts do not apply to certain disclosures. The comments indicate that disclosures must meet clear and conspicuousness requirements and timing and effective delivery requirements of, for example, TILA and Regulation Z, so that not merely hot links, but disclosures that cannot be bypassed, may be necessary to meet requirements that a disclosure be given before the consumer becomes obligated. (69) The analysis accompanying the proposed Regulation Z rule states, “TILA and Regulation Z require that creditors provide or send disclosures to consumers. It is not sufficient for creditors to provide a bypassable navigational tool that merely gives consumers the option of receiving the disclosures.” (70) A comment to the rule states that non-bypassable disclosures meet the requirements for pre-consummation disclosures in closed and open-end transactions. (71) This is a safe harbor and thus the best practice to ensure compliance with the underlying statute and regulation. When lifting mandatory compliance with the interim rules, the Federal Reserve Board suggested that it meant for Internet posting to be permissible for account statements and notices of changes in account terms. (72) Nowhere does it mention the use of Internet posting, even with an e-mail alert, as satisfying pre-consummation disclosure requirements. (73)
|
|
H. LIFTING OF MANDATORY COMPLIANCE AND EFFECT ON REQUIREMENT OF ALERTS
|
|
The Federal Reserve Board’s last word on electronic disclosure was to lift compliance with its interim rules. (74) It noted that it was responding to an industry concern that “there are operational issues raised by the interim rules’ requirement that institutions alert consumers by e-mail when electronic disclosures are made available at another location, such as a web site.” (75) It noted that some institutions had been offering electronic disclosures for several years and that “[m]any of these institutions have not used e-mail to alert consumers to disclosures posted at their web sites.” (76) In addition, the Board made the vague and sweeping statement that “[i]nstitutions may continue to provide electronic disclosures under their existing policies and practices, or may follow the interim rules, until the Board issues permanent rules.” (77) In context, the statement should probably be read as applying to only a limited range of policies and practices. The lifting of the requirement of alerts does not seem to mean that Internet posting can be used to satisfy pre-consummation disclosure requirements, as discussed above, as opposed to sending account statements and changes in account terms that do not run afoul of contract law or unfair and deceptive practices statutes. (78) For pre-consummation disclosures, non-bypassable disclosures ensure that timing requirements are met, as the Federal Reserve Board noted in its interim rules analysis. Internet posting would not necessarily meet timing and effective delivery requirements for such disclosures.
|
|
I. THE DISTINCTION BETWEEN CONSUMER CONSENT AND PERMISSIBLE FORMS OF ELECTRONIC DISCLOSURE
|
|
Special issues are raised by use of computer equipment and software supplied by the financial institution, another creditor, or an intermediary to set up an electronic account. If e-mails will be used for later disclosures, the consumer cannot demonstrate the ability to receive them if the consumer opens the account on the creditor’s equipment. Yet a comment in the Regulation Z interim rules suggests that sending an e-mail would be a permissible form of disclosure in this context (79) Financial institutions rely on this comment at their peril, however, as applied to consumer consent, because the comment seems to refer to permissible forms of electronic disclosure and not to the independent consumer consent rules for agreeing to this form of disclosure, in a manner that demonstrates access. (80) Although good faith compliance with Federal Reserve Board interpretations is a defense to TILA liability, a creditor that misreads an interpretation is not entitled to the defense, (81) and the question whether a creditor reasonably construed an agency interpretation is subject to case-by-case analysis. (82) The Federal Reserve Board has emphasized the need to comply with the consumer consent rules of E-SIGN. (83)
|
|
Similarly, even to the extent that Internet posting without alerts is permissible for certain written communications, such as account statements, there is an independent requirement of compliance with consumer consent requirements for use of that form of electronic communication in the future. To consent to Internet posting, the consumer must be told that Internet access will be necessary to obtain later disclosures and must demonstrate the ability to access the information on the Internet site. If the consumer enters into a transaction from home on an Internet site, after being given necessary consumer consent disclosures and notice that records such as account statements that will be posted on the site, those facts alone may be enough to demonstrate access (assuming that the consumer is walked through any security process to get access to, for example, the consumer’s account statements). On the other hand, if the consumer enters into the transaction on an Internet site using equipment supplied by the financial institution or an intermediary, and on that equipment consents to the use of electronic records in the future, the consumer does not demonstrate the ability to access those records in the future. The safest course is to provide paper copies if the consumer is present at the place of business when entering into a transaction, and to conduct a test of access once the consumer gets home, before sending documents electronically that are required to be in writing.
|
|
J. MAKING CONSUMER CONSENT A MARKETING PLUS
|
|
The consumer consent rules need not be viewed as a burden with no benefit. A financial institution can use the compliance process to reassure consumers that effective communication is a shared goal. (84) For example, the consumer consent process can be introduced with statements such as these:
|
|
For use of e-mail: We want to be sure you will be able to access important information we may send you later by e-mail. Please let us know that you could open this e-mail by sending a reply to this message.
|
|
For use of Internet sites: We want to be sure you will be able to access important information we may post for you later on our Internet site. Please click on the link in this message to access that site and find a three-letter code in red. Go to the site and read the code, then return to this message and send us an e-mail reply with that three-letter code and nothing else in the body of the e-mail. Now click here to go to the site: [LINK].
|
|
IV. MEETING OTHER REQUIREMENTS OF E-SIGN
|
|
A. RETAINABILITY OF ELECTRONIC RECORDS
|
|
The interim rules provide minimal additional gloss on the retainability requirements of E-SIGN. A comment indicates that the format must be one that allows printing or electronic storing. (85) Given the strong language of E-SIGN stating that electronic records may be denied effectiveness if not retainable in a way that can be accurately reproduced, (86) financial institutions should be sure that electronic disclosures can be downloaded or printed (allowing both seems reasonable) or that they remain accessible on an Intemet site, which is probably more expensive and thus less desirable to financial institutions. To meet the accurate reproduction requirement, financial institutions may want to use PDF files, but that also will require disclosing the software requirements for doing so as part of the consumer consent process. In general, hardware and software requirements for downloading or printing, used as methods of retention, must be disclosed as part of the consumer consent process, (87) a point the Federal Reserve Board also repeated in its interim rules. (88)
|
|
The interim rules require redelivery of an electronic communication that is returned as undelivered, requiring the sender to take “reasonable steps to attempt redelivery using information in its files.” (89) Commentary indicates that sending the disclosure to a different e-mail address or postal address that the sender has on file for the consumer satisfies the redelivery requirement, but resending to the same electronic address is insufficient if the sender has a different address on file. (90) Some have argued that this analysis treats e-mail differently from postal mail and thus is suspect under E-SIGN. (91) The Federal Reserve Board commentary, however, justifies the redelivery requirement by noting that there is “no commonly accepted mechanism for reporting a change in electronic address or for forwarding e-mail” (92) and, that “e-mail systems are not yet sufficiently reliable, and that safeguards are necessary to ensure that consumers actually receive disclosures.” (93) The Federal Reserve Board made no mention of the redelivery requirement when lifting mandatory compliance with its interim rules on electronic communications. Thus, the redelivery requirement was not disapproved and serves as a safe harbor for E-SIGN compliance. As a matter of maintaining customer relations, reasonable attempts to find customers who have continuing accounts is a good practice, and this may be reason enough to adopt a practice of redelivery. (94)
|
|
C. CONSPICUOUSNESS IN ELECTRONIC DISCLOSURE UNDER E-SIGN AND OTHER LAWS
|
|
As part of the consumer consent process, E-SIGN requires “a clear and conspicuous statement” of certain disclosures. (95) Regulation Z also uses the same “clear and conspicuous” standard for some disclosures, (96) as do various other Federal Reserve Board regulations. (97) Conspicuousness is a requirement elsewhere in state and federal law. Although a full treatment of what conspicuousness requires is beyond the scope of the overview provided by this Article, the two main issues are what conspicuousness means in general and what it means specifically in the context of electronic records, particularly those with a consumer protection purpose.
|
|
In general, the consumer protection concept of “clear and conspicuous” includes two ideas: (i) that a disclosure be noticeable
|
|
The Federal Reserve Board recently attempted to clarify, among other things, what “clear and conspicuous” means in general, by elaborating on how to achieve this standard. (101) After strenuous objections from the consumer financial services industry, the parts of these proposed rules dealing with the clear and conspicuous standard were not adopted. (102) The Federal Reserve Board’s proposed rules would have added a definition stating that, “‘clear and conspicuous’ … mean[s] that a disclosure is ‘reasonably understandable and designed to call attention to the nature and significance of the information’ in the disclosure.” (103)
|
|
The proposed Official Staff Interpretation would have added this gloss:
|
|
1. Reasonably understandable. Examples of disclosures that are reasonably understandable include disclosures that:
|
|
i. Present the information in the disclosure in clear, concise sentences, paragraphs, and sections
|
|
ii. Use short explanatory sentences or bullet lists whenever possible
|
|
iii. Use definite, concrete, everyday words and active voice whenever possible
|
|
iv. Avoid multiple negatives
|
|
v. Avoid legal and highly technical business terminology whenever possible
|
|
vi. Avoid explanations that are imprecise and readily subject to different interpretations.
|
|
2. Designed to call attention. Examples of disclosures that are designed to call attention to the nature and significance of the information include disclosures that:
|
|
i. Use a plain-language heading to call attention to the disclosure
|
|
ii. Use a typeface and type size that are easy to read. Disclosures in 12-point type generally meet this standard. Disclosures printed in less than 12-point type do not automatically violate the standard
|
|
iii. Provide wide margins and ample line spacing
|
|
iv. Use boldface or italics for key words
|
|
v. In a document that combines disclosures with other information, use distinctive type size, style, and graphic devices, such as shading or sidebars, to call attention to the disclosures.
|
|
3. Other information. Except as otherwise provided, the “clear and conspicuous” standard does not prohibit adding to the required disclosures such items as contractual provisions, explanations of contract terms, state disclosures, and translations
|
|
4. Use of codes or symbols. The “clear and conspicuous” standard does not prohibit using codes or symbols such as APR (for annual percentage rate), PC (for finance charge), or Cr (for credit balance), so long as a legend or description of the code or symbol is provided on the disclosure statement. (104)
|
|
This interpretation, although not implemented, can be consulted as a useful checklist of good practices. It does not, however, deal specifically with electronic disclosures, although the guidance also works in the electronic context. There are, however, additional issues concerning linking and scrolling. Probably the most controversial issue is whether a link to disclosures is sufficient
|
|
This Article attempts to present in as simple a way as possible most of the controversial issues that have arisen concerning compliance with E-SIGN in the context of consumer financial services. The aim is to aid counsel called upon to advise financial institutions as they move consumer financial services on line. Many of the same issues arise in other forms of electronic commerce, but because the law of consumer financial services involves so much required written disclosure, with significant consumer remedies for non-compliance, the issues loom particularly large in this sector. Electronic consumer protection compliance presents significant challenges, but it also can reassure consumers about their ability to access and retain information concerning electronic financial services.
|
|
(1.) Electronic Signatures in Global and National Commerce Act, 15 U.S.C. [subsection] 7001-7031 (2000) [hereinafter E-SIGN].
|
|
(3.) Truth in Lending Act, 15 U.S.C. [subsection] 1601-1693r (2000) [hereinafter TILA].
|
|
(4.) Regulation Z, 12 C.F.R. [section] 226 (2004).
|
|
(5.) See Equal Credit Opportunity (Regulation B), 12 C.F.R. [section] 202 (2004)
|
|
(6.) Telephone interview with David Stein, Staff Member, Federal Reserve Board (Oct. 25, 2004).
|
|
(7.) The few reported cases under E-SIGN deal with the simple non-issue that electronic records can be effective as writings. See In re Cafeteria Operators, L.P., 299 B.R. 411, 418 (Bankr. N.D. Tex. 2003) (holding that e-mail correspondence satisfies requirement of writing under federal agricultural statute)
|
|
(8.) See Jean R. Sternlight, Rethinking the Constitutionality of the Supreme Court’s Preference for Binding Arbitration: A Fresh Assessment of Jury Trial, Separation of Powers, and Due Process Concerns, 72 TUL. L. REV. 1, 6 (1997) (noting private nature of arbitration, including lack of published opinions).
|
|
(9.) See E-SIGN, 15 U.S.C. [section] 7001(c) (2001).
|
|
(10.) R. David Whitaker, An Overview of Some Rules and Principles for Delivering Consumer Disclosures Electronically, 7 N.C. BANKING INST. 11, 26 (2003).
|
|
(11.) See E-SIGN, 15 U.S.C. [section] 7001(c)(1)(A). The Regulation Z Interim Rule states that certain shopping disclosures, such as those required in advertising and with applications, are “deemed not to be related to a transaction” for E-SIGN consumer consent purposes and thus those disclosure requirements do not require consumer consent for the use of electronic records to meet them. Regulation Z Interim Rule, 66 Fed. Reg. at 17, 339 (interim rule proposed March 30, 2001). This interpretation has been criticized as contrary to the language, intent and policy of E-SIGN. See Margot Saunders, A Case Study of the Challenge of Designing Effective Electronic Consumer Credit Disclosures: The Interim Rule for the Truth In Lending Act, 7 N.C. BANKING INST. 39, 63-64 (2003).
|
|
(12.) E-SIGN, [section] 7001(c)(1)(B)(ii), (C)(i))
|
|
(13.) Id. [section] 7001(c)(1)(C)(ii)
|
|
(14.) Id. [section] 7001(e). In general, evidentiary issues concerning electronic records are beyond the scope of this Article. See Mark D. Robins, Evidence at the Electronic Frontier: Introducing E-Mail at Trial in Commercial Litigation, 29 RUTGERS COMPUTER & TECH. L. J. 219 (2003) (noting paucity of case law on evidentiary issues involving e-mail and discussing the many issues)
|
|
(15.) E-SIGN, 15 U.S.C. [section] 7001(c)(3).
|
|
(16.) Id. [section] 7001(a)(1), (d)(1), (e).
|
|
(17.) See id. [section] 7001(c)(3).
|
|
(18.) See E. ALLAN FARNSWORTH, CONTRACTS 356 (Aspen Publishers 4th ed. 2004) (noting that the original view of the statute of frauds is that it serves an evidentiary purpose). Although the primary function of a statute of frauds is evidentiary, there is a secondary, cautionary function, which is that executing a writing reminds the parties that they are going beyond negotiations to an enforceable deal. This is somewhat like the warning function of consumer protection disclosures, but exceptions to the statute of frauds, such as for part performance or reliance, often involve relaxing the cautionary function of a writing if substitute evidence of the making of a contract is available.
|
|
(19.) Id. at 394-98, 405-10.
|
|
(20.) See Jean Braucher, Replacing Paper Writings with Electronic Records in Consumer Transactions: Purposes, Pitfalls and Principles, 7 N.C. BANKING INST. 29, 30-32 (2003) (discussing purposes of writing requirements in the law of contracts and the law of consumer protection). 21. See TILA, 15 U.S.C. [section] 1637 (2000).
|
|
(23.) See supra notes 18-20 and accompanying text.
|
|
(24.) TILA, 15 U.S.C. [section] 1640(a)(2)(A)(i), (a)(3).
|
|
(25.) Id. [section] 1640(a)(2)(B), (a)(3).
|
|
(26.) See id. [section] 1635
|
|
(27.) TILA, 15 U.S.C. [section] 1640(a)(2).
|
|
(28.) Id. [section] 1640(c).
|
|
(29.) Id. [section] 1640(f).
|
|
(30.) Lifting of Mandatory Compliance, 66 Fed. Reg. 41,439, 41,440 (Aug. 8, 2001).
|
|
(31.) See Robert A. Wittie & Jane K. Winn, Electronic Records and Signatures Under the Federal E-SIGN Legislation and the UETA, 56 BUS. LAW. 293, 328 (2000)
|
|
(32.) E-SIGN, 15 U.S.C. [section] 7002 (2000).
|
|
(33.) Jean Braucher, Rent-Seeking and Risk-Fixing in the New 5tatutou Law of Electronic Commerce: Difficulties in Moving Consumer Protection Online, 2001 WIS. L. REV. 527, 557-62 (discussing the argument that UETA and E-SIGN both govern state writing requirements, based on E-SIGN’s statutory language, caption, and structure, supported by policy arguments).
|
|
(34.) UETA, [section] 3(b)(4) (creating a placeholder for states to make exceptions). See, e.g., CONN. GEN. STAT. ANN. [section] 1-268(c)(1) (West Supp. 2004) (providing explicitly that version of UETA enacted in Connecticut does not supersede the E-SIGN consumer consent provisions)
|
|
(35.) See Whitaker, supra note 10, at 26 (noting adoption of E-SIGN consumer consent rules as part of UETA in a number of states).
|
|
(36.) E-SIGN, 15 U.S.C. [section] 7003(a).
|
|
(37.) Id. [section] 7003(b)(2)(B).
|
|
(38.) But see UETA, [section] 3(b)(4), 7A pt. 1 U.L.A. 211, 235 (creating a placeholder for states to make exceptions): UETA [section] 8(b)(2), 7A pt. 1 U.L.A. 211, 255 (preserving non-electronic delivery methods). Some states have picked up the exceptions of [section] 7003(b) into their version of UETA. Section 8(b)(2) of UETA concerning non-electronic delivery requirements under state law is limited by E-SIGN, 15 U.S.C. [section] 7002(c), preventing circumvention of E-SIGN by imposition of state non-electronic delivery requirements. This E-SIGN section does not apply to state law” non-electronic delivery requirements (e.g., certified mail requirements) that pre-date E-SIGN, because a state cannot have been acting to circumvent a non-existent federal law, and also does not seem to apply to new selective, as opposed to wholesale, non-electronic delivery requirements in state law, because circumvention of E-SIGN is not the purpose of selective use of such requirements. See Braucher, supra note 33, at 555.
|
|
(39.) Section 7001(c)(1) of E-SIGN sets the following very detailed disclosure and consent requirements for consumer consent to use of electronic records:
|
|
Notwithstanding subsection (a) of this section if a statute, regulation, or other rule of law requires that information relating to a transaction or transactions in or affecting interstate or foreign commerce be provided or made available to a consumer in writing, the use of an electronic record to provide or make available (whichever is required) such information satisfies the requirement that such information be in writing if–
|
|
(A) the consumer has affirmatively consented to such use and has not withdrawn such consent
|
|
(B) the consumer, prior to consenting, is provided with a clear and conspicuous statement–
|
|
(i) informing the consumer of (1) any right or option of the consumer to have the record provided or made available on paper or in nonelectronic form, and (II) the right of the consumer to withdraw the consent to have the record provided or made available in an electronic form and of any conditions, consequences (which may include termination of the parties’ relationship), or fees in the event of such withdrawal
|
|
(ii) informing the consumer of whether the consent applies (I) only to the particular transaction which gave rise to the obligation to provide the record, or (II) to identified categories of records that may be provided or made available during the course of the parties’ relationship
|
|
(iii) describing the procedures the consumer must use to withdraw” consent as provided in clause (i) and to update information needed to contact the consumer electronically
|
|
(i) prior to consenting, is provided with a statement of the hardware and software requirements for access to and retention of the electronic records
|
|
(ii) consents electronically, or confirms his or her consent electronically, in a manner that reasonably demonstrates that the consumer can access information in the electronic form that will be used to provide the information that is the subject of the consent
|
|
(i) provides the consumer with a statement of (I) the revised hardware and software requirements for access to and retention of the electronic records, and (II) the right to withdraw consent without the imposition of any fees for such withdrawal and without the imposition of any condition or consequence that was not disclosed under subparagraph
|
|
(ii) again complies with subparagraph (C).
|
|
E-SIGN, 15 U.S.C. [section] 7001(c)(1).
|
|
(40.) Id. [section] 7001(c)(1)(a).
|
|
(41.) Id. [section] 7001(c)(1)(C)(ii).
|
|
(42.) Id. [section] 700l(d), (e) (stating that the disclosure may be denied legal effect if not capable of being retained and accurately reproduced by all parties).
|
|
(43.) Id. [section] 7001(c)(1)(B)
|
|
(44.) Id. [section] 7001(c)(1)(B)(i). See supra note 39 for text of this subsection.
|
|
(45.) Id. [section] 7001(c)(1)(B)(iv)
|
|
(46.) E-SIGN, 15 U.S.C. [section] 7001(c)(1)(B)(ii).
|
|
(47.) Id. [section] 7001(c)(1)(B)(iii).
|
|
(49.) Id. [section] 7001(c)(1)(B)(iv).
|
|
(50.) Id. [section] 7001(c)(1)(B)(i)
|
|
(51.) See, e.g., Perdue v. Crocker Nat’l Bank, 702 P.2d 503, 511-12 (Cal. 1985), appeal dismissed, 475 U.S. 1001 (1986) (applying unconscionability analysis to bank fees)
|
|
(52.) Compare E-SIGN, 15 U.S.C. [section] 7001(c)(1)(C) and (D) (stating no requirement that the disclosures mentioned be clear and conspicuous), with E-SIGN, 15 U.S.C. [section] 7001(c)(1)(B) (requiring a clear and conspicuous statement concerning four listed types of disclosures).
|
|
(53.) Id. [section] 7001(c)(1)(C).
|
|
(54.) Id. [section] 7001(c)(1)(D).
|
|
(55.) Id. [section] 7001(c)(1)(C)(ii).
|
|
(56.) See supra text following note 13. See also infra section III(J).
|
|
(58.) See, e.g., TILA, 15 U.S.C. [section] 1637 (2000)
|
|
(59.) E-SIGN, 15 U.S.C. [section] 7001(c)(1)(D).
|
|
(60.) Id. [section] 7001(c)(1)(C), (c)(1)(D).
|
|
(61.) Id. [section] 7001(c)(1)(D)(1)(II).
|
|
(62.) Id. [section] 7001(c)(6).
|
|
(63.) Regulation Z Interim Rule, 66 Fed. Reg. 17,329, 17,334 (Mar. 30, 2001) (noting in section-by-section analysis of 12 C.F.R. [section] 226.36(a) definition of “electronic communication” that “Section 226.36(a) limits the term to a message transmitted electronically that can be displayed on equipment as visual text
|
|
(69.) Id. at 17,334 (concerning disclosures required by 12 C.F.R. [subsection] 226.18,226.6).
|
|
(72.) See Lifting of Mandatory Compliance, 66 Fed. Reg. 41,439 (Aug. 8, 2001). If a change in account terms involved a material term, such as an interest rate increase, compliance with TILA and Regulation Z would not necessarily mean compliance with contract law if a promise of a permanent rate is found to be part of the contract. See generally Grasso v. First USA Bank, 713 A.2d 304 (Del. Super. Ct. 1998) (involving change of interest rate clause in contract as crucial part of bank’s contract theory). An attempt to announce a change of terms that is higher than what the cardholder agreement allows is a TILA violation that gives rise to civil liability. DeMando v. Morris, 206 F.3d 1300, 1301-02 (9th Cir. 2000). There is also the possibility of a state unfair and deceptive practices statutory claim for delayed or ineffective disclosure of materials terms
|
|
(73.) See generally Lifting of Mandatory Compliance, 66 Fed. Reg. 41,439 (Aug. 8, 2001).
|
|
(79.) See Regulation Z Interim Rule, 66 Fed. Reg. at 17,335.
|
|
(80.) See Saunders, supra note 11, at 59 (noting the disconnection between the interim rule comment and E-SIGN’s requirement that a demonstration of access be part of the consumer consent process).
|
|
(81.) See Valencia v. Anderson Bros. Ford, 617 F.2d 1278 (7th Cir. 1980), rev’d on other grounds, 452 U.S. 205 (1981).
|
|
(82.) See Brown v. Coleman Invs., 993 F. Supp. 416, 421-25, 431-32 (M.D. La. 1998) (holding that reliance on commentary found to be ambiguous gave rise to good faith conformity defense).
|
|
(83.) See supra notes 29-30 and accompanying text.
|
|
(84.) See Robert A. Cook & Nicole F. Munro, Giving Consumer Disclosures On-Line: Is ESIGN the Path to the Paperless Loan?, 57 BUS. LAW. 1187, 1191 (2002) (noting E-SIGN consent requirements may reassure consumers about the legitimacy, of an online merchant).
|
|
(85.) See Regulation Z Interim Rule, 66 Fed. Reg. 17,329, 17,335 (Mar. 30, 2001).
|
|
(86.) See supra note 14 and accompanying text.
|
|
(87.) E-SIGN, 15 U.S.C. [section] 7001(c)(1)(C) (2000) (stating that hardware and software requirements both for access to and retention of electronic records must be part of the consent process).
|
|
(88.) Regulation Z Interim Rule, 66 Fed. Reg. at 17,335.
|
|
(89.) Regulation Z, 12 C.F.R. [section] 226.36(e) (2004).
|
|
(90.) Regulation Z Interim Rule, 66 Fed. Reg. at 17,336.
|
|
(91.) E-SIGN, 15 U.S.C. [section] 7004(b)(2)(B) (limiting regulatory agency authority by prohibiting regulations that “add to” the requirements of section 7001))
|
|
(92.) See, e.g., Regulation Z Interim Rule, 66 Fed. Reg. at 17,336 (section-by-section analysis of 12 C.ER. [section] 226.36(e)).
|
|
(94.) For accounts with positive balances, escheat laws will dictate efforts to find customers.
|
|
(95.) E-SIGN, 15 U.S.C. [section] 7001(c)(1)(B)
|
|
(96.) Regulation Z, 12 C.F.R. [subsection] 226.5(a)(1), 226.17(a)(1), 226.31(b) (setting requirements that certain disclosures be clear and conspicuous).
|
|
(97.) See Truth in Lending, 68 Fed. Reg. 68,793, 68,793-94 (proposed Dec. 10, 2003) (to be codified at 12 C.F.R. [section] 226) (noting that Regulations B, M, P, Z, and DD use a “clear and conspicuous” standard and Regulation E uses “clear and readily understandable” standard).
|
|
(98.) Commercial law, as opposed to consumer protection law, sometimes sets a lower standard, merely of noticeabiLity. See U.C.C. [section] 1-201(10) (2002).
|
|
(100.) Federal Trade Commission, Facts for Businesses: Dot Com Disclosures [hereinafter Dot Com Disclosures], available at http://www.ftc.gov/bcp/conline/pubs/buspubs/dotcom/index.html (last visited Oct. 5, 2004).
|
|
(101.) Truth in Lending, 68 Fed. Reg. 68,793-94, 68,797 (proposed Dec. 10, 2003) (to be codified at 12 C.F.R. [section] 226) (concerning proposed rules to set “clear and conspicuous” disclosure standards for Regulations B, E, M, Z, and DD).
|
|
(102.) Truth in Lending, 69 Fed. Reg. 16,769, 16,770 (proposed Mar. 31, 2004) (to be codified at 12 C.F.R. [section] 226)).
|
|
(103.) Truth in Lending, 68 Fed. Reg. at 68,794 (to be codified at 12 C.F.R. [section] 226.2(a)(27)).
|
|
(104.) See, e.g., id. at 68,797-98 (proposed rule concerning “clear and conspicuous” disclosure standards for Regulation Z). This language is similar to that already implemented for Regulation P. See 12 C.F.R. [section] 216.3 (2004) (concerning joint final rule on financial privacy regulation under the Graham-Leach-Bliley Act, Pub. L. 106-102, 113 Stat. 1338 (1999) (codified at 15 U.S.C. [subsection] 6801-6809, 6821-6827)).
|
|
(105.) For a good source concerning making disclosures electronically, see Dot Corn Disclosures, supra note 100.
|
|
Jean Braucher is Roger Henderson Professor of Law at the University of Arizona James E. Rogers College of Law. She served from 1998-2004 as co-chair of the Working Group on Consumer Protection of the ABA Section of Business Law Committee on Cyberspace Law. The author would like to thank Mark Budnitz, the other working group co-chair, for comments on an earlier draft of this Article.
|
|
