Cyberspace Committee Forum 2:30 p.m., April 1, 2004 ABA Section on Business Law Spring Meeting in Seattle E-Disclosure: Going Paperless in the World of Consumer Financial Services Committee Forum Chair and Moderator: Prof. Juliet M. Moringiello Widener University School of Law Harrisburg, PA Co-Chair, Subcommittee on Electronic Commerce, Cyberspace Law Committee Panel: Brian Witt Farleigh, Wada & Witt, P.C. Portland, OR Roberta Griffin Torian Senior Counsel PNC Bank, N.A. Philadelphia, PA Prof. Jean Braucher Roger Henderson Professor of Law University of Arizona, James E. Rogers College of Law Tucson, AZ Chair, Working Group on Consumer Protection, Cyberspace Law Committee Program description: Online consumer financial services offer convenience to customers and cost-savings to banks and credit unions. But legal uncertainty and complexity have caused many financial institutions, particularly smaller ones, to hesitate to take the plunge into the paperless world. This program will identify the issues and provide a simple how-to demonstration to prepare you to take clients through this transition with confidence. Program materials: Brian Witt, The Delivery of Online Consumer Financial Services under E-SIGN Jean Braucher, E-Disclosure in Consumer Financial Services: Dealing With the Difficult Issues

E-Disclosure in Consumer Financial Services: Dealing With the Difficult Issues By Jean Braucher Roger Henderson Professor of Law University of Arizona, James E. Rogers College of Law Braucher@law.arizona.edu E-SIGN1 has been in effect for three and a half years, yet there is still remarkably little authoritative interpretation of this law as applied to consumer financial services. Financial institutions face many questions as they put services on line and, as a result, make use of electronic records to meet consumer protection requirements for written disclosures, such as those under the Truth In Lending Act and Regulation Z.2 On many important issues, the bare language of E-SIGN is the only authority. The Federal Reserve Board has issued minimal interim rules but has not made them mandatory, due to controversy about what guidance it should give.3 As a Federal Reserve Board staff member recently put it, “We remain in limbo, and I’d be shocked if that changed any time soon.”4 Furthermore, there is as yet no reported case law concerning compliance with E-SIGN in the context of making electronically the written disclosures required by the law of consumer financial services.5 This may in part reflect slow movement into fully online banking and lending and a resulting lag in litigation that produces reported decisions, and it may also be a result of widespread use of arbitration clauses by financial institutions.

1 Electronic Signatures in Global and National Commerce Act, Pub.L. No. 106-229, 114 Stat. 464 (2000) (codified at 15 U.S.C. §§ 7001 et. seq.) (effective Oct. 1, 2000). 2 15 U.S.C.A. § 1601 et seq.; 12 C.F.R. pt. 226. 3 Equal Credit Opportunity (Regulation B), 66 Fed. Reg. at 17,779, 17,780 (interim rule proposed April 4, 2001) (to be codified at 12 C.F.R. pt. 202); Electronic Fund Transfers (Regulation E), 66 Fed. Reg. at 17,786,17,788 (interim rule proposed April 4, 2001) (to be codified at 12 C.F.R. pt. 205); Consumer Leasing (Regulation M), 66 Fed. Reg. at 17,322, 17323 (interim rule proposed March 30, 2001) (to be codified at 12 C.F.R. pt. 213; Truth in Lending (Regulation Z), 66 Fed. Reg. at 17,329, 17,330 (interim rule proposed March 30, 2001) (to be codified at 12 C.F.R. pt. 226); Truth in Savings (Regulation DD), 66 Fed. Reg. at 17,795, 17,796 (interim rule proposed April 4, 2001) (to be codified at 12 C.F.R. pt. 230). The interim rules’ mandatory compliance date, scheduled for Oct. 1, 2001, was lifted in August of that year. 66 Fed. Reg. 41,439 (Aug. 8, 2001)[hereinafter, Lifting of Mandatory Compliance]. 4 Telephone interview, February 17, 2004. 5 The few reported cases under E-SIGN deal with the simple non-issue that electronic records are effective as writings. See In re Cafeteria Operators, L.P., 299 B.R. 411 (Bankr. Ct. N.D. Tex. 2003) (e-mail correspondence satisfied requirement of writing under federal agricultural statute); Specht v. Netscape Communications Corp., 306 F. 3d 17, 27 & n. 11 (noting that parties do not dispute that terms on a Web site in a downloadable electronic form are written provisions).

1

A cost of use of private dispute resolution is the lack of a flow of court interpretations, available to the legal community and the public.6 While some financial institutions, particularly large ones, have made the investments in legal planning and technical infrastructure, others have hesitated to the take the plunge into the world of paperless consumer financial services during this period of uncertainty. For counsel of institutions considering expanding their online presence, this outline will address the difficult issues in e-disclosure. Getting Your Client’s Attention: E-SIGN’s Consumer Consent Rules and the Risks of Not Complying With Them. Accepting that Compliance is Necessary. E-SIGN’s consumer consent provisions have probably been the biggest reason for hesitation about providing fully online consumer financial services. David Whitaker, one of the top national experts on the law of electronic commerce, has written that anyone who is required to make written disclosures and who plans to deliver them electronically “should plan on taking the consumer through the E-SIGN consumer consent process.”7 It is noteworthy that is it is necessary to comment that compliance with the law is a good idea. Whitaker’s statement reflects the reality that there is a great deal of resistance to compliance with this particular aspect of law. In short, lawyers for financial institutions need to be prepared to explain that there are real risks from non-compliance with E-SIGN’s consumer consent provisions. Summary of What Steps Are Required. The details of the consumer consent requirements are covered in Brian Witt’s materials. In summary, E-SIGN requires that before electronic records can be used to meet any writing requirement, including written disclosure requirements, a consumer must have “affirmatively consented” to the use of electronic records.8 Note that if a given disclosure does not have to be in writing under the underlying law, it is not subject to E-SIGN’s consumer consent rules. The consent to use of electronic records for writing requirements must be given after disclosure of what types of communications may be sent electronically and of hardware and software requirements for accessing and retaining electronic disclosures.9 The Requirement of a Test of Ability to Access Information. In addition, the consumer must consent electronically or confirm consent electronically “in a manner that reasonably demonstrates that the consumer can access information in the electronic form that will be used to provide the information that is the subject of the consent….”10 This amounts to a requirement of a test demonstrating the consumer’s ability to access the

6 See Jean R. Sternlight, Rethinking the Constitutionality of the Supreme Court’s Preference for Binding Arbitration: A Fresh Assessment of Jury Trial, Separation of Powers, and Due Process Concerns, 72 Tul. L. Rev. 1, 6 (1997) (noting private nature of arbitration, including lack of published opinions). 7 R. David Whitaker, An Overview of some Rules and Principles for Delivering Consumer Disclsoures Electronically, 7 N. C. Banking Institute 11, 26 (2003). 8 E-SIGN § 7001(c)(1)(A). 9 Id. at § 7001(c)(1)(B)(ii) and (C)(i) 10 Id. at § 7001(c)(1)(C)(ii).

2

information. If, for example, disclosures will be provided in the body of an e-mail, the financial institution should send a test e-mail and ask in the text for a reply; receipt of a reply (even an automatic reply on opening of the e-mail) would demonstrate access, including ability to open e-mails. Similarly, if disclosures will be provided in an e-mail attachment, the test should involve a reply that communicates information retrieved from the attachment (such as a code), in order to demonstrate access to information in attachments of the sort to be used. Retainability of Electronic Records. Another important provision states that the legal effect of an electronic record used to meet a writing requirement “may be denied if such electronic record is not in a form that is capable of being retained and accurately reproduced for later reference by all parties or persons who are entitled to retain the contract or other record.”11 Thus, even though a record is otherwise made available in compliance with E-SIGN, if the record is not retainable, it may be denied legal effect, so that providing a nonretainable record can be treated as equivalent to not making a required written disclosure at all. Noncompliance with Consumer Consent Rules as Noncompliance with the Underlying Consumer Protection Regulation. A key provision of E-SIGN notes that the legal effectiveness, validity, or enforceability “of any contract executed by a consumer shall not be denied solely because of the failure to obtain consent” in accordance with the testing provision.12 It is notable that this saving provision applies only to effectiveness of a contract, not effectiveness of a consumer protection disclosure. Many other provisions of E-SIGN refer to “the contract, or other record,”13 whereas this saving provision only refers to the contract. The strong implication is that electronic records sent without a test demonstrating the consumer’s ability to access the information are not effective to meet written disclosure requirements under consumer protection statutes. Reasons for this Difference between Contracts and Consumer Protection Disclosures. There are good policy reasons for this E-SIGN distinction between writing requirements for contracts and for consumer protection disclosures, implicitly making the latter legally ineffective in the absence of compliance with the consumer consent rules, including the test of access. A statute of frauds requirement of a written contract has an evidentiary rather than a consumer protection purpose.14 If the making in fact of a contract can be proved with electronic records, there is no strong policy reason to require that the consumer consented to the making of the contract by electronic means. The consent to electronic records is highly likely to be robustly implied in the use of them to make the

11 Id. at § 7001(e). 12 Id. at § 7001(c)(3). 13 Id. at § 7001(a)(1), (d)(1), (e). 14 E. Allan Farnsworth, CONTRACTS 394 (2d. Ed. 1990) (the original and most durable view of the statute of frauds is that it serves an evidentiary purpose). Although the primary function of a statute of frauds is evidentiary, there is a secondary cautionary function, which is that executing a writing reminds the parties that they are going beyond negotiations to an enforceable deal. This is somewhat like the warning function of consumer protection disclosures, but exceptions to the statute of frauds, such as for part performance or reliance, often involve relaxing the cautionary function of a writing if substitute evidence of the making of a contract is available.

3

contract. Furthermore, there are many exceptions to the statute of frauds, where other proof, such as part performance or reliance, substitutes for a writing.15 With requirements for written consumer protection disclosures and notices, however, there is no equivalent set of exceptions to the requirement of a writing. Also, the purpose of E-SIGN’s consumer consent rules is to assure that electronic communications do not undermine the purposes of written disclosure and notice requirements. These consumer protection purposes include facilitating shopping over material terms, providing information about remedies after a dispute arises, warning of substandard terms, and giving notice of later risks.16 Unless a consumer can access consumer protection disclosures and notices, their purposes would not be met, which is why E-SIGN requires a demonstration of access. Truth in Lending as a Example of the Risks of Noncompliance with E-SIGN. Probably the best way to convince clients that they have to comply with the consumer consent rules of E-SIGN is to discuss the possible consequences of failing to do so. The Truth In Lending Act provides good examples to use.17 Initial Disclosures. Suppose that a financial institution invites consumers to apply for credit card accounts online and tells each consumer that cost of credit disclosures will be sent electronically by e-mail. TILA and Regulation Z require that certain cost of credit information, such as conditions under which a finance charge will be imposed and the method of determining its amount, be provided in writing prior to consummation of an open-end credit transaction.18 Suppose further that the financial institution does not send each consumer a test e-mail to demonstrate that the consumer is able to receive it and open it. If accounts are opened online without a test but with the initial disclosures given by e-mail and consumers then run up balances on them, the financial institution would be potentially liable for TILA remedies. As noted above, there is a strong argument that the effect of noncompliance with E-SIGN, by not testing the ability to receive required written disclosures, is noncompliance with the underlying statute and regulations. TILA Remedies. In an individual consumer case, a financial institution risks liability for twice the amount of the finance charge together with a reasonable attorney’s fee.19 In a class action, the court has discretion as to the amount of the award, up to the lesser of $500,000 or 1 per cent of the net worth of the creditor, together with a reasonable attorney’s fee.20 A financial institution that adopts a general procedure that does not comply with E-SIGN risks this class action liability. Rescission. If instead of a standard credit card account, the type of transaction in question involves a security interest in the debtor’s home, yet other remedies could come into play. A notice of right of rescission of the security interest in the home must be 15 Id. at 440-444, 453-460. 16 See Jean Braucher, Replacing Paper Writings with Electronic Records in Consumer Transactions: Purposes, Pitfalls and Principles, 7 N.C. Banking Institute 29, 30-32 (2003) (discussing purposes of writing requirements in the law of contracts and the law of consumer protection). 17 15 U.S.C.A. § 1601 et seq. 18 15 U.S.C.A. § 1637, 12 C.F.R. § 226.6 19 15 U.S.C. § 1640(a)(2)(A)(i) and (3) 20 Id. at § 1640(a)(2)(B) and (3).

4

given before consummation of the transaction, and if not given, the period for exercise of the right of rescission is extended from three days to three years.21 Thus, not testing the ability to receive the notice of right of rescission risks extending the rescission right for three years. Also, an individual in such a transaction may recover statutory damages of $200 to $2000, and class action remedies could be invoked by a class of affected consumers.22 Certain TILA Defenses Inapplicable. It should be noted that errors of legal judgment do not qualify for the TILA bona fide error defense.23 Noncompliance with the E-SIGN consumer consent provisions would be an error in legal judgment. Also, because the Federal Reserve’s interim rules do not address how to implement consumer consent procedures, they do provide a basis for a defense of good faith conformity with Federal Reserve Board rules.24 FRB Underscored Need to Comply with E-SIGN Consumer Consent Rules. Not only has the Federal Reserve Board refrained from providing guidance on consumer consent compliance, but when the agency withdrew the mandatory effective date for its interim rules on electronic communications, it specifically noted the necessity of compliance with E-SIGN’s consumer consent rules: “Financial institutions and others covered by the Board’s consumer disclosure rules are currently permitted to provide electronic disclosures if they obtain consumers’ consent consistent with the requirements of the federal [E-SIGN Act].”25 E-SIGN and UETA. Some have argued that a state’s enactment of the uniform version of the Uniform Electronic Transactions Act supercedes E-SIGN’s consumer consent rules as applied to state law writing requirements,26 a position that is debatable. E-SIGN provides an “exemption to pre-emption,”27 not a right of state opt-out. Thus, another interpretation is that state law writing requirements are governed by UETA, when not amended to provide inconsistent restrictions on use of electronic communications, and also by E-SIGN to the extent that it provides more consumer protection, as with the consumer consent rules.28

21 15 U.S.C. § 1635; 12 C.F.R. § 226.23. Under Regulation Z, each customer must be given two copies of the right of rescission, so that four copies must be given to a couple. Id. at §§ 226.226.15, 226.23(b)(1). See e.g. Stone v. Mehlberg, 728 F. Supp. 1341, 1353 (W.D. Mich. 1989). This requirement of two copies for each customer raises a question about what that means in an electronic context. The answer of the Regulation Z interim rule is that only one copy must be provided in the case of electronic communications. Regulation Z Interim Rule, supra note 2, at §226.15(b), 226.23(b)(1). This makes sense in that the customer can store the communication in two places or print it twice, if desired.

22 15 U.S.C. § 1640(a)(2). 23 Id. at § 1640(c) 24 Id. at § 1640(f). 25 Lifting of Mandatory Compliance, supra note 3. 26 See Robert A. Wittie and Jane K. Winn, Electronic Records and Signatures under the Federal E-SIGN Legislation and the UETA, 56 Bus. Lawyer 293, 328 (2000). 27 15 U.S.C. § 7002. 28 See Jean Braucher, Rent-Seeking and Risk-Fixing in the New Statutory Law of Electronic Commerce: Difficulties in Moving Consumer Protection Online, 2001 Wis. L. Rev. 527, 557-562 (making argument

5

UETA Inapplicable to Federal Disclosure Requirements; E-SIGN Applicable to State Disclosure Requirements. In the context of federal regulation of consumer financial services, no one has argued that state law can eliminate the consumer consent requirements of E-SIGN as applied to federal statutes and agency regulations. Furthermore, many states have either not enacted the uniform text of UETA or have explicitly incorporated the consumer consent procedures of E-SIGN into their versions of UETA. Thus, because of the argument that even the uniform version of UETA does not displace federal consumer protections in E-SIGN and also because of enactment of nonuniform versions of UETA or even explicit incorporation of E-SIGN consumer protections into some state’s versions of UETA, it is advisable to comply with E-SIGN’s consumer consent requirements even for state law requirements of written consumer protection disclosures.29 If We Have to Comply with E-SIGN’s Consumer Consent Rules, How Can We Do So with a Minimum of Fuss? Don’t Give Up. Having convinced a financial institution client that compliance with E-SIGN’s consumer consent provisions is necessary, the next challenge for counsel may be to keep the client’s decisionmakers from giving up on fully online electronic accounts, perhaps setting up the accounts off line. Counsel need to be prepared with simple guidance on online compliance as well reminders about the cost savings from electronic communications and the marketing necessity of engaging in this kind of service to attract many Internet-oriented customers. Key Features of Compliance. The key features of simple compliance are to (1) provide required E-SIGN consumer consent disclosures prior to obtaining consumer consent, (2) get affirmative assent to use of electronic disclosures, (3) then conduct an electronic test of access to those disclosures in the form that will be used, and (4) make sure that the electronic disclosures can be retained and accurately reproduced by all parties. So, after listing all the information required to be provided before obtaining consumer consent to use of electronic disclosures under E-SIGN, the financial institution should ask for the consumer’s affirmative reply, consenting to receive specified disclosures electronically. For example, it is advisable to require a click to agree to a statement that, “I assent to use of e-mail messages, sent to the e-mail address I have supplied, for all purposes listed above.”) It is important to list all possible disclosures, required by federal or state law to be in writing, that could be sent later electronically, so that all possible writing requirements will be within the scope of the consumer’s consent to electronic receipt. The Test of Access at its Simplest. Next, the financial institution should conduct an electronic test of the consumer’s ability to receive a disclosure in the electronic format that will be used. Where disclosures are conspicuously available online before the

that UETA and E-SIGN both govern state writing requirements, based on E-SIGN’s statutory language, caption, and structure and also on policy arguments). 29 See Whitaker, supra note 7, at 26 (noting adoption of E-SIGN consumer consent rules as part of UETA in a number of states).

6

consumer enters into the transaction online, the consumer will demonstrate access simply by entering into the transaction. This may work for application disclosures, but it will not work in any transaction that involves an application before pre-consummation disclosures are made by e-mail or Web posting, as is typical in online credit card accounts and electronic banking generally. If e-mail messages or attachments will be used, tests such as those described above should be required.30 Before Setting Up Test of Access, Financial Institution Must Decide on Method of Electronic Communication That Will Be Used in the Future. The interim rules specify two forms of electronic communication that meet writing requirements, and in each case, visual text must be used, not an audio recording.31 The judgment was that visual text was needed to meet conspicuousness requirements for certain disclosures.32 The two methods of sending electronic disclosures that are blessed in the interim rules are: sending to the consumer’s electronic address, or, making the disclosure available at another location such as an Internet web site, and alerting the consumer of the disclosure’s availability and making the disclosure available for at least 90 days from the later of the time the disclosure becomes available or the date of the notice alerting the consumer of the disclosure.33 The reason for the 90-day availability provision was to provide consumers time to access and retain a disclosure when for some reasons, such as computer malfunctions, travel, or illness, an individual could not access the information on a Web site immediately.34 Real E-Mail address. The commentary accompanying the interim rules specifies that a consumer’s electronic address used for electronic disclosures is one that is not limited to receiving communications transmitted solely by the financial institution.35 The purpose appears to be to have a real e-mail address of the consumer, not an address set up by the creditor solely for its disclosures, making it unlikely the consumer would access it regularly. Web Posting and the Problem of Postal and Other “Cold” Alerts. An unfortunate aspect of the interim rules is that they seem to provide for disclosures to be made by Web posting and an “alert” to the consumer by methods that would likely not prompt the consumer to visit the Web site. The rules state that the alert can be to the consumer’s electronic address or to a postal address, at the creditor’s option, and that the notice should identify the account involved and the address of the Internet site or other location where the disclosure is available.36 A postal mailing would be unlikely to trigger a visit

30 See supra text at pp. 2-3. 31 See Regulation Z interim rule, supra note 3 (in section-by-section analysis of 12 C.F.R. § 226.36(a) definition of “electronic communication,” stating: “Section 226.36(a) limits the term to a message transmitted electronically that can be displayed on equipment as visual test; an example is a message displayed on a personal computer monitor screen. Thus, audio—and voice—response telephone systems are not included.”) This exclusion of oral communications follows E-SIGN. 15 U.S.C.A. § 7001(c)(6). 32 See Regulation Z interim rule, supra note 3, in section-by-section analysis of 12 C.F.R. § 226.36(a). 33 Id. at § 226.36(d). 34 Id., in section-by-section analysis of § 226.36(d)(2)(ii). 35 See e.g., Comment 36(d)(1), Regulation Z interim rule, supra note 3. 36 See Regulation Z interim rule, supra note 3, in section-bysection analysis of § 226.36(d)(2)(ii).

7

to the Web site. An alert by e-mail, but lacking a hot link to the Web site, would also fall short on this score, since it would require a consumer to paste a Web address into a browser to access the information. These are two forms of cold communication that should hardly be considered alerts at all. If a financial institution is sending a postal mailing, perhaps it should have to include the disclosure that is the subject of the alert. Similarly, if an institution is sending an e-mail, making the link to Web information hot is not much of a burden. Non-Bypassable Disclosure. The suggestion of the interim rules is that its comments on use of Web posting plus alerts do not apply to certain disclosures. The comments accompanying the interim rules indicate that disclosures must meet clear and conspicuousness requirements and timing and effective delivery requirements of, for example, TILA and Regulation Z, so that not merely hot links, but disclosures that cannot be bypassed may be required to meet requirements that a disclosure be given before the consumer becomes obligated.37 The analysis accompanying the proposed Regulation Z rule states, “TILA and Regulation Z require that creditors provide or send disclosures to consumers. It is not sufficient for creditors to provide a bypassable navigational tool that merely gives consumers the option of receiving the disclosures.”38 A comment states that non-bypassable disclosures meet the requirements for pre-consummation disclosures in closed and open-end transactions.39 This is a safe harbor and thus the best practice to assure compliance with the underlying statute and regulation. When lifting mandatory compliance with the interim rules, the Federal Reserve Board suggested that it meant for Web posting to be permissible for account statements and notices of changes in account terms.40 It nowhere mentions use of Web posting, even with an e-mail alert, as satisfying pre-consummation disclosure requirements. Lifting of Mandatory Compliance and Effect on Requirement of Alerts. The Federal Reserve Board’s last word on electronic disclosure was to lift compliance with its interim rules.41 It noted that it was responding to an industry concern that “there are operational issues raised by the interim rules’ requirement that institutions alert consumers by e-mail when electronic disclosures are made available at another location such as a web site.” It noted that some institutions had been offering electronic disclosures for several years and that, “Many of these institutions have not used e-mail to alert consumers to disclosures posted at their web sites.” Thus, the agency responded not to possible concerns about ineffective alerts, but to the requirement of alerts at all. The board in addition made this

37 Comment 36(b)3.i. and ii. (concerning disclosures requires by 12 C.F.R. § 226.18 and § 226.6). 38 See Regulation Z interim rule, supra note 3, in section-by-section analysis of 12 C.F.R. § 226.36(b). 39 Comment 36(b)3.i. and ii. 40 See Lifting of Mandatory Compliance, supra note 3. If a change in account terms involved a material term, such as an interest rate increase, compliance with TILA and Regulation Z would not necessarily mean compliance with contract law if a promise of a permanent rate is found to be part of the contract. See Grasso v. First USA Bank, 713 A. 2d 304 (Del. Super. 1998)(involving change of interest rate clause in contract as crucial part of bank’s contract theory). An attempt to announce a change of terms that is higher than what the cardholder agreement allows is a TIL violation that gives rise to civil liability. DeMando v. Morris, 206 Fed. 3d 1300 (9th Cir. 2000). There is also the possibility of a state unfair and deceptive practices statutory claim for delayed or ineffective disclosure of materials terms. 41 See Lifting of Mandatory Compliance, supra note 3.

8

vague and sweeping statement, “institutions may continue to provide electronic disclosures under their existing policies and practices, or may follow the interim rules, until the Board issues permanent rules.” In context, the statement should probably be read as applying only to a limited range of policies and practices. The lifting of the requirement of alerts does not seem to mean that Web posting can be used for pre-consummation disclosures requirements, as discussed above, as opposed to for sending account statements and changes in account terms that do not run afoul of contract law or unfair and deceptive practices statutes.42 For pre-consummation disclosures, nonbypassable disclosures assure that timing requirements are met, as the Federal Reserve noted in its interim rules analysis. Web posting would not necessarily meet timing and effective delivery requirements for such disclosures. The Distinction Between Consumer Consent and Permissible Forms of Electronic Disclosure; The Case of Use of the Creditor’s Equipment. Special issues are raised by use of computer equipment and software supplied by the financial institution, other creditor or an intermediary to set up an electronic account. If e-mails will be used for later disclosures, the consumer cannot demonstrate the ability to receive them if the consumer opens the account on the creditor’s equipment. Yet a comment in the Regulation Z interim rules suggests that sending an e-mail would be a permissible form of disclosure in this context.43 Financial institutions rely on this comment at their peril, however, as applied to consumer consent, because the comment seems to refer to permissible forms of electronic disclosure and not to the independent consumer consent rules for agreeing to this form of disclosure, in a manner that demonstrates access.44 Although good faith compliance with Federal Reserve Board interpretations is a defense to TILA liability, a creditor that misreads a provision is not entitled to the defense,45 and it is a case-by-case question whether a creditor reasonably construed an agency interpretation.46 The Federal Reserve Board elsewhere has emphasized the need to comply with the consumer consent rules of E-SIGN.47 Similarly, even to the extent that Web posting without alerts is permissible for certain written communications, such as account statements, there is an independent requirement of compliance with consumer consent requirements for use of that form of electronic communication in the future. To consent to Web posting, the consumer must be told that Internet access will be necessary to obtain later disclosures and must demonstrate ability to access the information on the Web site. If the consumer enters into a transaction from home on a Web site and the disclosures will be posted on that Web site, those facts in and

42 See supra note 40. 43 See comment 36(b)(6) to Regulation Z interim rules, supra note 3. 44 See Margot Saunders, A Case Study of the Challenge of Designing Effective Electronic Consumer Credit Disclosures: The Interim Rule for the Truth In Lending Act, 7 N.C. Banking Institute 39, 59 (noting the disconnection between the interim rule comment and E-SIGN’s requirement that a demonstration of access be part of the consumer consent process). 45 Valencia v. Anderson Bros. Ford, 617 F. 2d 1278 (7th Cir. 1980) (rev’d on other grounds, 452 U.S. 205 (1981)). 46 Brown v. Coleman Investments, 993 F. Supp. 416 (M.D. La. 1998) (reliance on commentary found to be ambiguous gave rise to good faith conformity defense). 47 See supra note 25 and accompanying text.

9

of themselves may be enough to demonstrate access (assuming that the consumer is walked through any security process to get access to, for example, the consumer’s account statements). On the other hand, if the transaction is entered into with the consumer using equipment supplied by the financial institution or an intermediary to consent to electronic records in the future, there is an issue about whether ability to access the Web site in the future has been demonstrated. Making Consumer Consent A Marketing Plus. The consumer consent rules need not be viewed as a burden with no benefit. A financial institution can use the compliance process to reassure consumers that effective communication is a shared goal.48 The consumer consent process can be introduced with statements like these: For e-mail disclosures: We want to be sure you will be able access important information we may send you later by e-mail. Please let us know that you could open this e-mail by sending a reply to this message. For Web disclosures: We want to be sure you will be able to access important information we may post for you later on our Web site. Please click on the link in this message to access that Web site. On the site, you will find a three-letter code in red. Please e-mail us a reply to this message with that three-letter code. Meeting Other Requirements of E-SIGN Retainability of Electronic Records. The interim rules provide minimal additional gloss on the retainability requirements of E-SIGN. A comment indicates that the format must be one that allows printing or storing electronically.49 Given the strong language of E-SIGN that electronic records may be denied effectiveness if not retainable in a way that can be accurately reproduced,50 financial institutions should be sure that electronic disclosures can be downloaded or printed (allowing both seems reasonable) or that they remain accessible on a Web site, which is probably more expensive and thus less desirable to financial institutions. To meet the accurate reproduction requirement, financial institutions may want to use pdf files, but that also will require disclosing the software requirements for doing so as part of the consumer consent process. In general, hardware and software requirements for downloading or printing, if methods of retention, must be disclosed as part of the consumer consent process,51 a point that the Federal Reserve Board also repeated.52 Redelivery. The interim rules require redelivery of an electronic communication that is returned as undelivered, requiring the sender to take “reasonable steps to attempt 48 See Robert A. Cook and Nicole F. Munro, Giving Consumer Disclosures On-Line: Is ESIGN the Path to the Paperless Loan? 57 Business Lawyer 1187, 1191 (2002) (noting E-SIGN consent requirements may reassure consumers about the legitimacy of an on-line merchant). 49 Comment 36(b)5, Regulation Z interim rule, supra note 3. 50 See supra note 11 and accompanying text. 51 15 U.S.C.A. § 7001(c)(1)(C) (stating that hardware and software requirements both for access to and retention of electronic records must be part of the consent process). 52 Comment 36(b)5., Regulation Z interim rule, supra note 3.

10

11

redelivery using information in its files.”53 Commentary indicates that sending the disclosure to a different e-mail address or postal address that the creditor has on file for the consumer satisfies the redelivery requirement, but sending to the same electronic address is not sufficient if the sender has a different address on file.54 Some have argued that this rule treats e-mail differently from postal mail and thus is suspect under E-SIGN.55 The Federal Reserve Board analysis, however, justified the redelivery requirement by noting that E-SIGN requires communication of changes in methods of providing electronic communications and that there is no commonly-accepted mechanism for reporting a change in electronic address or for forwarding e-mail and that e-mail systems are not yet sufficiently reliable, so that safeguards are necessary to ensure that consumers actually receive disclosures.56 The Federal Reserve Board made no mention of the redelivery requirement when lifting mandatory compliance with its interim rules on electronic communications. Thus, the redelivery requirement seems not to have disapproved and serves as a safe harbor for E-SIGN compliance. As a matter of maintaining customer relations, reasonable attempts to find customers who have continuing accounts is a good practice, and this may be reason enough to adopt a practice of redelivery. Conclusion This outline attempts to present in as simple a way as possible most of the controversial issues that have arisen concerning compliance with E-SIGN in the context of consumer financial services. The aim is to aid counsel who are called upon to advise financial institutions as they move consumer financial services entirely on line. Many of the same issues arise in other forms of electronic commerce, but because the law of consumer financial services involves so much required written disclosure, with significant consumer remedies for noncompliance, the issues loom particularly large in this sector.

53 See e.g., 12 C.F.R. . § 226.36(e). 54 See e.g. Comment 36(e) to Regulation Z interim rule, supra note 3. 55 See 15 U.S.C.A. § 7004(a)(2)(B)(limiting regulatory agency authority by prohibiting regulations that “add to” the requirements of § 7001). See also James A. Huizinga et al, Electronic Disclosures Under the Fderal Reserve Board’s Consumer Protection Regulations, 57 Bus. Lawyer 1197, 1204-1205 (generally criticizing the redelivery requirement). 56 See e.g. section-by-section analysis of Regulation Z interim rule section 226.36(e), supra note 3.