More and more companies are looking for ways to design an effective e-process to meet the risks and challenges encountered when using e-signatures, providing e-disclosures and completing the transactions through e-delivery. Locke Lord's "6-Point e-Process Risk Analysis Framework" helps companies identify and mitigate the risks associated with the e-business process.
- AUTHENTICATION RISK. This is the risk that the electronic signature obtained is from a forger, not from the actual person whose name is associated with the electronic signature. One commonly used method is to use a "shared secret" based on information the company already has about the signer. Using biometrics, such as fingerprint, voiceprint or retinal scan, is another method to ensure the proper authentication of a signer.
- REPUDIATION RISK. This is the risk that a document bearing a person's signature is altered after the document is signed electronically and the signer repudiates the contents of the document bearing his or her signature. The simplest way to mitigate repudiation risk is to have each document electronically or digitally sealed immediately after it is electronically signed to prevent any alteration to the document without such change being detectible.
- COMPLIANCE RISK. This is the risk that the rules and regulations governing such a transaction, such as regulation requiring certain consumer disclosures to be provided by a certain stage in the transaction, are not satisfied. There are ways to mitigate this risk as well. For example, an e-process that requires all the disclosures to be provided and acknowledged by a consumer such that the consumer cannot complete the process without all required disclosures being acknowledged, initialed or signed ensures nothing is missed.
- ADMISSIBILITY RISK. This is the risk that an e-contract is not admissible into evidence when the company seeks to enforce it. There are various ways to improve the likelihood of the admissibility of documents signed, disclosed or delivered through an e-process: identifying the evidence custodian for the e-process; preparing in advance an affidavit setting forth all of the information the evidence custodian would need to affirm so that the electronic evidence created by the e-process is admissible; and designing and tweaking the e-process to ensure it meets the requirements for electronic evidence set forth in the 2007 Lorraine v. Markel decision and the applicable rules of evidence.
- ADOPTION RISK. This is the risk that the e-process takes longer than the traditional process or is not as convenient as the traditional process, and consequently, users fail to adopt the process or do so in insufficient numbers. The best way to mitigate this risk is to beta test a proposed e-process before launching it. Teams should also design their e-process system so that it can track where users opt out so system problems causing adoption issues are identified and corrected.
- RELATIVE RISK. Just as there are authentication, repudiation, compliance and admissibility risks with an e-process, those risks also exist in traditional processes using wet ink and hard copy paper. For most e-processes, the team should set as its goal making the e-process, at a minimum, result in transactions that are no riskier than the current processes.
GREGORY T. CASAMENTO [firstname.lastname@example.org] is a partner in the New York office of Locke Lord Bissell & Liddell LLP. As a member of Locke Lord's Technology Transactions group, Mr. Casamento regularly assists clients in review of e-process systems.
PATRICK J. HATFIELD [email@example.com] is a partner in the corporate department of the Atlanta office of Locke Lord Bissell & Liddell LLP and serves as co-chair of the firm's Technology Transactions group. Mr. Hatfield has assisted numerous clients in designing and implementing electronic signature processes.