Managing the Critical Risks of Using E-Signature for Remote Use Cases

Rahim Kaba,

A new Gartner report explains that the rapid growth of remote digital business transactions during the pandemic indicates an urgent need for e-signature. This is not a surprise, and e-signature technology often serves dozens of use cases in a single organization under normal conditions. In the COVID-19 era, the need for secure, reliable electronic signatures to enable remote use cases quickly became essential and processes relying on handwritten signatures and hard copy signed records are falling short. If your business is looking to leverage e-signatures for remote use cases, Gartner recommends evaluating the business, legal, compliance, and security risks before you select and implement an electronic signature solution. 

Remote E-Signature Use Cases  

Around the world, people now rely more than ever on remote interactions due to physical distancing protocols. While organizations have digitized some of their core business processes, many are not yet fully automated. This means there is often a break in the digital process, and agreements and other transactions may not flow straight through. 

The good news is that e-signatures have become an unsung technology to keep critical business and government services running during the pandemic. For example: 

  • Emergency business lending: E-Signature is helping commercial banks and lenders make emergency loans available to small businesses by facilitating the e-signing of loan applications. The technology is integrated into lending portals and enables banks to authenticate business customers and capture legally binding electronic signatures at a time when in-person visits to the bank are not feasible.  
  • Emergency government services: Federal, state, provincial, and local governments are using e-signature to issue permits and execute agreements to deliver critical government services to agencies, businesses, and citizens.  
  • Remote account opening: New customer acquisition remains a priority for retail banks and insurers. With in-person verification and signatures not feasible, FIs are integrating e-signature and digital identity verification technologies into their core systems to enable a straight through digital process. 
  • Healthcare: Hospitals, clinics, and other healthcare providers are automating paper-intensive patient-intake processes. The use of electronic signature software enables patients to e-sign intake forms and consent documents remotely and in advance of their visit to provide a faster and contactless intake process. 
  • Hiring and onboarding: With work-from-home (WFH) policies in place at many organizations, hiring and onboarding new employees often needs to take place remotely. E-Signature helps to automate the hiring and onboarding of new employees – signature processes that traditionally occurred in-person and involved paper and “wet” signatures. 
  • Remote sales: The use of electronic signature software enables remote selling, so businesses can continue to run at a distance. NDAs and sales contracts can now be completed digitally – from anywhere and on any device. What’s more, e-signature integrations with Salesforce empower sales teams to automate contracting workflows directly from their CRM. 

OneSpan Sign - Compliant and secure electronic signature

Benefit from the world’s most rigorous cloud security standards

Learn More

Critical E-Signature Risks Explained 

E-Signature technology is known for its ease of use and implementation. Businesses and government organizations see an immediate ROI because of the net-positive impact on the customer experience. However, Gartner explains that it is important that business stakeholders look beyond front office customer experience requirements and engage with cross-functional teams (e.g., legal, IT, security, and risk) to establish risk-based policies for remote use cases before selecting an e-signature partner.

Here are 3 areas your organization should consider before implementing a solution:  

  1. Enterprise-wide requirements 

    As the e-signature market continues to mature and as businesses move beyond their initial set of use cases, organizations need to prepare for an e-signature enterprise strategy to support the inevitable business requests and avoid overlapping, inconsistent, and redundant solutions. This means that organizations need to understand use cases and requirements from all corners of the business and be in a position to evaluate the vendor’s ability to meet those requirements through implementation methods.  

    Over years of enterprise-wide deployments, we have learned there are many ways to achieve enterprise digitization with e-signatures. OneSpan has developed a Center of Excellence for delivering integrated applications with central governance. We help our customers understand how to build once and scale across all business lines and departments. Our methodology and best practices are built on more enterprise deployments and shared services implementations than any other provider in the market.   
  2. Legal & compliance requirements  

    Solution selection should rest on the vendor’s ability to address requirements such as support for multiple signature methods, verifying the identity of unknown individuals, authenticating customers with established identities, detailed audit trails, and compliance with applicable e-signature regulations around the world. The EU’s eIDAS regulation provides one of the more comprehensive e-signature frameworks in the world to ensure a high degree of identity assurance during the e-signing process. Choosing the right e-signature partner can take care of most of the compliance burden and reduce legal risks.  

    The OneSpan Sign e-signature platform is designed to meet these requirements, making it easy for organizations to capture legally binding signatures that are valid in countries with enacted e-signature laws. We also help our customers meet their Know Your Customer (KYC) compliance needs with digital identity verification and authentication capabilities that establish trust with each individual for remote, faceless transactions. 

    In U.S. federal law, electronic signatures are regulated by the Electronic Signatures in Global and National Commerce Act (ESIGN Act) and the Uniform Electronic Transactions Act.
  3. Cybersecurity requirements 

    Security measures are often an afterthought in e-signature evaluation and selection. With consumers increasingly engaging in higher risk transactions in remote channels, organizations need to ensure their technology solutions have the adequate levels of underlying security and assurance about each signer’s identity for each signed document.  

    Our solution is trusted by some of the world’s most security-conscious organizations and designed according to security best practices. We comply with a variety of regulatory, industry, and IT standards for security and data protection, including SOC 2 Type 2, ISO 27001, GDPR, FedRAMP, and HIPAA. What’s more, OneSpan goes beyond electronic signatures and enables businesses to establish trust in people’s identities, the devices they use, and the transactions they carry out - to help protect the digital customer experience. 

E-Signature Due Diligence Checklist 

The requirements mentioned above are driven by region-specific laws and industry regulations tied to privacy, data residency, and the legality of different types of e-signatures. Make sure you do your due diligence and fully understand the IT, legal, compliance, and security implications before selecting your next e-signature partner. Here’s a handy checklist of things to look for during the evaluation process: 

  • Does the e-signature vendor have experience with enterprise-wide and shared service deployments? 
  • Does the solution address requirements for multiple geographies, use cases, and channels? 
  • Does the solution support remote identity proofing, authenticating, and verifying the authority of the signer of an electronic document?  
  • Is the solution managed according to cloud security and data protection best practices?  
  • Does the solution offer multiple data centers and deployment types to help businesses meet data residency and privacy requirements, and restrict where data can be stored and processed? 
  • Does the solution leverage digital signature technology?

Balancing Risk and Demand with Electronic Signatures 

The demand for signature in electronic form continues to intensify as businesses increasingly engage with employees, partners, and customers remotely during the pandemic. Avoiding dependence on wet signatures reduces the necessity for businesses and individuals to meet in person and reduces the administrative burden during this challenging time. Many of our customers have told us that the use of e-signatures have given them the ability to keep doing business and generating revenue during lockdown periods.  

The bottom line is that e-signature solutions are not without risk and an individual risk assessment for your business is valuable. Businesses need to gain buy-in from multiple stakeholders before selecting and implementing a solution. Time-to-market pressures are real but without doing proper due diligence, the organization faces risks and costs in the long-term. Customer experience will continue to be the main business driver for e-signature but as businesses increasingly transact remotely, they will need to protect the digital customer experience at all costs – without diminishing the experience and ultimately, adoption.   

Rahim Kaba is a passionate and results-driven digital technology leader who has played a key role in advancing digitization initiatives at organizations around the world.