May 9 by Sally Hereford
At Apttus’ annual user conference, and the Quote-to-Cash event of the year, Accelerate, we were fortunate enough to host a variety of phenomenal speakers as part of our Legal Luminaries track, including Sophia Valentim, Associate General Counsel at Barracuda Networks. Sophia joined us at Accelerate to discuss how her organization successfully utilizes e-signature functionality to easily conduct domestic and international business.
In this segment, Sophia provided a deep dive analysis of her experience using e-signature at Barracuda Networks, including an overview of the components that define an e-signature, international requirements for use of e-signature, and best practices for using an e-signature system to ensure buy-in from both internal and external users.
What is E-Signature
An electronic signature is “an electronic sound, symbol, or process attached to, or associated with a contract or other record and adopted by a person with the intent to sign a record” (Source: U.S. Electronic Signatures in Global and National Commerce Act).
There are four basic components that define an electronic signature:
- A method of signing
- Data authentication
- User authentication
- Capture of intent
It is also important to note that an e-signature is different from a digital signature. A digital signature is an electronic signature that uses encryption technology to embed a fingerprint into the document to uniquely link the document to the signer. This technology provides a highly detailed audit trail, and makes the agreement essentially tamper-proof. Digital signatures are issued by independent certificate authorities and are typically used in the United States only for highly-classified documents that are, for example, associated with the government. Digital signatures are, however, more likely to be accepted internationally as binding legal documents than electronic signatures.
Types of electronic signature
There are three distinct types of electronic signature: basic, advanced and certificate. They are broken up based on the level of requirement for each type. Basic e-signature is the most lax in terms of requirements, and certificate is the most stringent. Advanced and certificate e-signatures are most likely to be accepted internationally.
- Signature must be applied in a way that demonstrates intent of the signer.
- Signature must be applied by the person associated with the signature.
- Some rules require affirmative rather than implied consent.
- Signature must be associated to the document or data the signer intended to sign.
- Signature must be uniquely linked to the signer
- Signature must identify the signer
- Signature must be under the sole control of the signer
- Must be able to detect changes to the document or data after the application of the e-signature
- Advanced electronic signature based on personal digital certificate
- Must be issued to the individual in a form that they can control
International requirements for E-Signature
In order to maintain compliance when using e-signature, it is important to understand how and when electronic signature is accepted internationally. The chart below shows the large variation in requirements for e-signature that exists across the globe.
The chart below shows that there are also a large set of restrictions in various countries around what types of agreements can and cannot be signed electronically. Anything that is known to be subject to fraud will typically still require a formal signature.
In addition to the requirements and specific restrictions for using e-signature internationally, almost every country has at least one major law on electronic signatures. When using electronic signature, it is critical to understand what the law is in the country where you are doing business. These laws are also subject to rapid change; for instance, EMEA is under a current directive that will be replaced on June 1, 2016. There has been no indication as to whether they will implement more stringent requirements, or as to what substance changes will be included in their new laws on e-signature.
Recommended best practices
In order to avoid having agreements called into question by customers or partners, it is important to understand and follow these recommended best practices to ensure compliance and consent when conducting business with electronic signature.
Consent: ensure that you have explicit consent from the signer to do business electronically. Sophia recommends putting that into the terms of the agreement to avoid any future confusion.
Opt out: always provide the signer with the option to opt out should they not want to conduct business using electronic signature. This is important because some specific industries, like banking for instance, are averse to using e-signature for reasons around risk and compliance management, so in order to increase the ease of business, you must enable them to opt out.
Retention: all e-signature documents, including metadata, must be retained in accordance with document retention policy.
Audit trail: it is recommended that you ensure that a copy of the audit trail is always attached to the final agreement to avoid any confusion or misinterpretation down the line.