E-Statements: Comply With E-Sign
Failure to comply significantly increases a CU’s loss exposure under Reg E.
To reduce mailing costs, many credit unions are encouraging members to sign-up for electronic statements.
Credit unions typically use a vendor to provide e-statements, so be sure the enrollment process your vendor offers complies with consent provisions in the Electronic Signatures in Global and National Commerce Act (E-Sign).
Failure to comply with E-Sign provisions for enrolling members for e-statements significantly increases the risk of financial loss to credit unions.
Credit unions wishing to send e-statements to members must, prior to obtaining members’ consent, deliver a clear and conspicuous statement informing them of:
- The option to have the records provided in paper format;
- The right to withdraw consent and any conditions or consequences of such withdrawal;
- Whether the consent applies only to a single transaction or the entire relationship with the credit union;
- Procedures members must follow to withdraw consent;
- Procedures members must follow to update their contact information;
- After consent, how members can obtain a paper copy of the statement and the fee involved; and
- Hardware and software requirements for access to and retention of the e-statements.
After receiving this disclosure statement, members must give their approval electronically in a manner that “reasonably demonstrates” they can access the e-statement in the electronic format to be used.
To determine if members can access e-statements, credit unions should adopt a “test drive” process that incorporates either a “pull” or “push” system.
In a “pull system” test drive, members are sent an e-mail with a link or the URL address to access a sample e-statement. Members must access the e-statement as instructed, open the document, and retrieve a pre-determined personal identification number (PIN) or code.
The member then returns to the e-statement sign-up page, enters the PIN or code in a form, and submits the form.
In a “push system” test drive, members are sent an e-mail containing a sample e-statement as an attachment or html text. The credit union includes a PIN or code in the e-statement, which members must open to retrieve the PIN or code.
Members are instructed to communicate the PIN or code by going to the e-statement sign-up page to enter the PIN or code in a form, which is submitted to the credit union.
Some vendors may be under the impression that providing a link to download Adobe Reader during the enrollment process satisfies the requirement for members to “reasonably demonstrate” they can access the e-statement. This does not satisfy the consent provisions because members aren’t required to demonstrate they can access e-statements in Adobe PDF format.
Failure to comply with E-Sign’s consent provisions significantly increases a credit union’s loss exposure under Federal Reserve Regulation E and the statement review provisions under UCC 4-406, Customer’s Duty to Discover and Report Unauthorized Signature or Alteration.
If members only receive e-statements and their consent wasn’t properly obtained, the Reg E error resolution period (60 days) and the timeframe provided in the member account agreement for reporting unauthorized checks and alterations could extend until a paper statement containing the error is provided.