On November 17, 2020, the U.S. Securities and Exchange Commission (the “SEC”) adopted amendments to Rule 302(b) of Regulation S-T that permits individuals to sign the signature page or other document (“Authentication Document”) with an electronic signature. The amendment allows flexibility in complying with the Authentication Document requirements by providing individuals the option of signing manually or electronically.
If an Advisor chooses to implement a process for electronic signatures, the Advisor must first require individuals to manually sign a document attesting that they agree that the use of their electronic signature in any Authentication Document constitutes the legal equivalence of their manual signature for the purpose of authenticating the signature on any document. The manually signed document must be retained for seven years after the date of the most recent electronically signed Authentication Document. Advisors must also comply with the following:
- Require the signatory to present a physical, logical, or digital credential that authenticates the signatory’s individual identity. Rule 302(b) does not provide substantive guidance regarding this requirement. However, advisors can achieve authentication through a “credential” (e.g, government ID, signature provided through an email, or ID verification).
- Reasonably provide for non-repudiation of the signature. Non-repudiation allows the signatory to prove their identity. Typically, this is done with a digital signature that may use, for example, encryption codes or IP addresses owned only by those who have permission.
- Provide that the electronic signature be attached, affixed, or otherwise logically associated with the signature page or document being signed.
- Include a timestamp to record the date and time of the electronic signature. Most signature tools automatically provide this information once the document has been signed.
Additionally, the Adviser will need to retain the Authentication Document for five years and be able to provide the SEC with a copy of the Authentication Document upon request.
Finally, Advisors must update their procedures to document their process for complying with Rule 302(b), which may include, but is not limited to the following:
- Implementation of supervisory reviews and testing to ensure compliance with the above requirements.
- Maintaining a record of all documents the Advisor allows to be executed by clients through electronic signature.
- Maintaining a record of documents the Advisor allows to be delivered electronically, specifically those documents included in establishing and maintaining client relationships.
- Maintaining a record of all client documents electronically signed and for each document signed, document:
- Document Control Number or Unique Identifier;
- Client Name(s);
- Account Number(s);
- Document Type or Name (i.e., account agreement, fund transfer request, etc.)
- Authentication information for all parties that signed or created the document. Such information should include the client’s email address, username, or other means to authenticate the client’s identity;
- IP Addresses used by all parties that signed or created the document;
- Dates and times of all signatures on the document; and
- Date and time that the document was created.
Most Advisors already allow their clients to provide electronic signatures and have implemented tools such as DocuSign, Acrobat Sign, HelloSign, or DocHub. In the United States, electronic signatures related to a transaction are legally recognized under the Electronic Signatures in Global and National Commerce Act or “ESIGN” and the Uniform Electronic Transactions Act or “UETA.”
If your Firm is using DocuSign or one of the other alternatives, make sure the Firm also complies with the requirements discussed above, including updating its policies and procedures. Using DocuSign alone is not enough to pass SEC scrutiny of the Firm’s use of electronic signatures.