E-Statements: Comply With E-Sign

Failure to comply significantly increases a CU’s loss exposure under Reg E.

August 11, 2011

To reduce mailing costs, many credit unions are encouraging members to sign-up for electronic statements.

Credit unions typically use a vendor to provide e-statements, so be sure the enrollment process your vendor offers complies with consent provisions in the Electronic Signatures in Global and National Commerce Act (E-Sign).

Failure to comply with E-Sign provisions for enrolling members for e-statements significantly increases the risk of financial loss to credit unions.

Credit unions wishing to send e-statements to members must, prior to obtaining members’ consent, deliver a clear and conspicuous statement informing them of:

  • The option to have the records provided in paper format;
  • The right to withdraw consent and any conditions or consequences of such withdrawal;
  • Whether the consent applies only to a single transaction or the entire relationship with the credit union;
  • Procedures members must follow to withdraw consent;
  • Procedures members must follow to update their contact information;
  • After consent, how members can obtain a paper copy of the statement and the fee involved; and
  • Hardware and software requirements for access to and retention of the e-statements.

After receiving this disclosure statement, members must give their approval electronically in a manner that “reasonably demonstrates” they can access the e-statement in the electronic format to be used.

To determine if members can access e-statements, credit unions should adopt a “test drive” process that incorporates either a “pull” or “push” system.

In a “pull system” test drive, members are sent an e-mail with a link or the URL address to access a sample e-statement. Members must access the e-statement as instructed, open the document, and retrieve a pre-determined personal identification number (PIN) or code.

The member then returns to the e-statement sign-up page, enters the PIN or code in a form, and submits the form.

In a “push system” test drive, members are sent an e-mail containing a sample e-statement as an attachment or html text. The credit union includes a PIN or code in the e-statement, which members must open to retrieve the PIN or code.

Members are instructed to communicate the PIN or code by going to the e-statement sign-up page to enter the PIN or code in a form, which is submitted to the credit union.

Some vendors may be under the impression that providing a link to download Adobe Reader during the enrollment process satisfies the requirement for members to “reasonably demonstrate” they can access the e-statement. This does not satisfy the consent provisions because members aren’t required to demonstrate they can access e-statements in Adobe PDF format.

Failure to comply with E-Sign’s consent provisions significantly increases a credit union’s loss exposure under Federal Reserve Regulation E and the statement review provisions under UCC 4-406, Customer’s Duty to Discover and Report Unauthorized Signature or Alteration.

If members only receive e-statements and their consent wasn’t properly obtained, the Reg E error resolution period (60 days) and the timeframe provided in the member account agreement for reporting unauthorized checks and alterations could extend until a paper statement containing the error is provided.

KEN OTSUKA is senior analyst, risk management with CUNA Mutual Group, Madison, Wis.