One of the highlights of the American Association of ManagingGeneral Agents' University Weekend, held last August in Scottsdale,Ariz., was a mock trial and panel discussion addressing the use andenforceability of electronic signatures. Many conferenceparticipants rose early Sunday morning to attend the livelypresentation, entitled “Electronic Signatures–Are They LegallyBinding?” Brian T. Casey and Patrick J. Hatfield, partners from thecorporate insurance practice roup at the Atlanta office of law firmLord, Bissell & Brook LLP, gave an overview of electronicsignatures and the federal Electronic Signature in Global andNational Commerce Act (ESIGN), then served, respectively, asmoderator and panelist during an industry roundtable discussion.Rounding out the panel were Tom Gonser, one of the founders ofDocuSign, an electronic-signature service; Christopher W. Heidrick,CPCU, CFP, CLU, ChFC, former senior vice president and nationalproduct manager for Marsh's Consumer and Small Commercial Practice,current vice president, personal lines marketing for Fireman's FundInsurance Co. and speaker on the topics of multichannel andInternet distribution; Scott Anderson, CPCU, CIC, CIW, executivevice president of Concorde General Agency Inc.; and Hon. Michael A.Yarnell, a recently retired judge and member of the AmericanArbitration Association commercial and construction panels.

Following is an edited transcript of the panel discussion:

Brian Casey: Increasingly, the Internet isbeing used for business communications and transactions, includinginsurance sales and services. Insurance companies, agents andconsumers now have the option of conducting transactionselectronically rather than face-to-face. Yet some people mayquestion the validity and legal viability of electronic signatures,especially in online financial transactions. They may wonder ifsuch transactions are safe and if electronically signed contractsare legally binding. Our goal today is to address the issues wethink are most likely to be encountered when dealing with anelectronically signed document.

Christopher Heidrick: In 2005, more than 60million Americans filed their federal personal income tax returnselectronically. Last year, in Pennsylvania, more than 40% oftaxpayers filed their state income tax returns electronically.About 30% of American households and 30% of small businesses dosome form of banking and bill-paying online. Many people shop, buyairline tickets and engage in other online transactions thatrequire some form of a signature, so such consumers are alreadyusing e-signature technology, and so far the process has routinelybeen smooth and seamless.

Consumers' greatest concern about e-signatures is the risk ofidentity theft. Many people believe that if they provide personalfinancial data online while engaging in a business transaction,they essentially offer up that information to whomever might belurking in cyberspace. But, according to a recent study conductedby Javelin Strategy & Research, such fear is largely unfounded.Of all the reported cases of identity theft, the study said, only12% resulted from Internet transactions or other means involvingcomputer technology. The vast majority of thefts were perpetratedby using such low-tech methods as stealing checks from victims'mailboxes or selling account numbers gleaned from credit cardsreceipts.

Casey: What assumptions might prevent theinsurance industry from embracing e-signature technology, and howaccurate are those assumptions?

Patrick Hatfield: Let's look at some commonmyths regarding e-signatures, compare them with related facts, andsee how they hold up.

Myth: The risk of using electronic signatures is toohigh. Documents signed electronically will be difficult toenforce.

Reality: With appropriate workflow, the risksassociated with electronic signatures are the same as, or lowerthan, those associated with traditional paper-and-inkprocesses.

Myth: The law is not clear on how to prove anelectronic contract.

Reality: For more than 10 years, courts have receivedand accepted computer records as evidence that processes werefollowed.

Myth: It's unclear whether state statues or federallaws govern the use of electronic signatures for businesstransactions.

Reality: The federal ESIGN act and the regulationsadopted by individual states are so similar that any differencesare not significant for basic insurance processes.

In 2000, Congress enacted ESIGN to facilitate the use ofelectronic records and signatures in interstate and foreigncommerce by ensuring the validity and legal effectiveness ofcontracts entered into electronically. E-signature, e-disclosureand e-delivery can be legally effective if they comply with ESIGNlaws and if evidence (such as an audit trail) shows that the personagainst whom enforcement is sought followed all the propersteps.

More than 40 states also have adopted legislation based on theUniform Electronic Transaction Act (UETA), a model act adopted bythe National Conference of Commissioners on Uniform State Laws toprovide a legal framework for electronic transactions. UETA giveselectronic signatures and records the same validity andenforceability as manual signatures and paper-based transactions.Such laws do not give electronic signatures greater status thantraditional pen-and-ink signatures; they simply state thatelectronic signatures satisfy “in writing” requirements and willnot be denied enforceability just because they're in electronicform.

Casey: What constitutes a “signature”?

Hatfield: An e-signature is defined as“electronic sounds, symbols or processes attached to or logicallyassociated with a contract or record and executed or adopted withintent to sign the record.” Clicking on a box next to the words “Iagree,” or saying “I agree,” fulfills the requirement. (Also, atangible document can be signed electronically.)

Casey: For the insurance industry, what are theimplications of using e-signatures?

Hatfield: In all lines of business, in everystate, electronic signatures can be legally binding. The biggestrisks are authentication and, most important, repudiation; butthere are ways to reduce these risks so they're actually lower thanthose of traditional signatures. The ESIGN process is not perfect,but it is no less enforceable than the traditional face-to-face,paper-and-ink signature process.

Federal electronic signature laws apply to all states, eventhose that have adopted their own related laws. By law, certaindisclosures must be given “in writing,” like the uninsured motoristwaiver or election form disclosure. Such disclosures can bedelivered through electronic means, however, if the consumerconsents to receive them that way. If an agent or insurer alsoprovides the insured with a hard copy, the requirements are notdifficult to meet.

Casey: The electronic signature laws make anytransmission “a writing,” even if it doesn't have to be signed. Forexample, if you deliver your own Gramm-Leach Bliley privacynotices, they have to be in writing. But since they don't have tobe signed, and most companies simply drop them in the mail anddon't get any kind of acknowledgement that customers have receivedthem, you can deliver the notices electronically and still complywith the legal requirement they that be conveyed “in writing.”

Heidrick: Some of the rewards of electronicsignatures, like speed and convenience, are obvious. A reduction inbusiness costs, though, might take longer to realize.Banking-industry studies show that, for an average bank, a typicaltransaction costs about $1.07 to execute through a teller. Thatsame transaction, conducted over the phone, costs about 54 cents,or 50% less. If the transaction is done via an ATM, the cost againdrops by 50% to an average of 27 cents. If it's conducted over theInternet, the transaction costs about 1 cent. The same efficienciesand opportunities for savings await the insurance industry when itmore fully adopts electronic processes. For instance, if a producersends a document by overnight delivery to a customer for his or hersignature, and the customer returns it using the same method, thecost typically is about $12 each way. To obtain the same signatureusing an electronic delivery system costs about one quarter asmuch.

Tom Gonser: The DocuSign system is a Webservice that's priced per page, usually between 10 cents and 50cents, depending on volume. If you're familiar with eFax, it'ssimilar to that, and includes a number of security elements.

Heidrick: From a quality assurance perspective,there's much to be gained as well. Imagine that 100% of theapplications you receive are filled out completely with validanswers and contain no stray marks that can be misinterpreted. Whensomeone asks you to produce a document, you can always find it andnever have to worry that it might be misplaced. Your workflow wouldbe easier and more efficient, and would provide you with a betterdefense in the event of a lawsuit regarding a claim.

I began my career in claims, and I can't tell you how manypersonal-lines agents E&O claims I paid because an agentcouldn't produce the signed application in question or there was astray mark on the form. We also often paid claims that didn't fallunder E&O because we didn't have the physical evidence weneeded to defend ourselves. Properly applied, electronic processescan eliminate a lot of those types of errors. Also, in the event ofan E&O claim, ESIGN includes specific language that prevents anagent from being held liable if he or she has simply followed theinsurance company's established electronic-signature process.

Another reward for carriers is significantly increasedcompliance. When market-conduct examiners ask to see all of yourUM/UIM required disclosures, waivers and other forms, you cansimply print out the electronic documents you have on file. Therisk of fraud is mitigated, and if it does occur, you can easilyidentify it and prosecute the perpetrator.

Casey: Does an electronic delivery system userhave to install some type of software, or is the service entirelyInternet-based?

Gonser: Ours is a print driver, but most of theactual transaction takes place in a Web session.

Casey: Tom, walk us through the onlineinsurance application process.

Gonser: Typically, an applicant goes to thecarrier's Web site, finds the words “apply online,” clicks on thelink and is taken to a page containing an application forinsurance. (We'll assume the visitor is not a current customer andtherefore does not enter an existing policy number.) As the insuredprovides his name, address and other requested information, theinsurer's system records the date and time the user entered thesystem, assigns him a unique number, and stores information abouthis use of the system in an electronic file or folder createdespecially for him. To verify the user's identity, a third-partyvendor with which the insurer contracts can provide a random seriesof questions, the answers to which the vendor has collected andmaintains on file, such as “What was the amount of your lastmortgage payment?” If the applicant answers correctly, the systemwill prompt him to agree to receive any required disclosureselectronically and confirm that he agrees to conduct business withthe carrier electronically. The applicant then proceeds to the nextcouple of screens to complete a state-approved application based onthe ZIP code he entered earlier. Once he has answered allapplication questions, he is asked to review the completedapplication and, if all the information is correct, to submit itfor approval by clicking on the “Submit” button.

Next, internal edits ensure that all application questions havebeen completed and are accurate, and the answers are valid. Forinstance, if the app asks for a date, then a date must be enteredin the proper field. Once these edits are passed, the applicationis sent to the carrier's system and an e-mail message is sent tothe applicant, informing him that the application is ready for hiselectronic signature. Once he signs and his identity is verified,the application is sealed, along with all related data, and storedin the carrier's secured database.

Meanwhile, the system has recorded the time and date theapplicant opened the application, all the answers he provided, whenthey were entered, how long he stayed in the system, and when theapplication was submitted for his signature. The applicant's folderis then electronically sealed so that any subsequent access to thefile will be detected. It is stored on a particular database withinthe company, to which access is limited. Only two or three peoplemight have the passwords and clearance necessary to access therecords, and if someone does access and alter them, that action isautomatically added to the file record, creating an “audit trail”that resides in a separate file from the application and itscontents. In other words, the document cannot be altered withoutdetection.

DocuSign employs the same computer technology that banks andgovernment agencies have used for years; it ensures that a documentcannot be altered after being sealed within a carrier's system.Electronic keys–one to scramble the document and the other tounscramble it–work together, so the right key is required to unlockthe document. The more digits in the keys, the harder it is tomatch them. When a document is entered into an electronic signaturesystem, a complicated mathematical computation breaks it down intoa jumble of numbers which, when added together, make up a singlelarge number called a “hash.” It's like a unique fingerprint ofthat document. If a document's hash value or its original data arechanged in the slightest way, the hash will not add up and thedocument can't be de-scrambled. We store the fingerprint in aseparate, secure location, and when the system retrieves thatdocument for someone to review, we first check the fingerprint tomake sure it still matches, so we know the document we'reretrieving is the original. Thus, the document can be viewed, butnever modified, because the system checks the fingerprint each timeit is opened to be sure the hash values still add up.

Casey: What about transaction data?

Gonser: Transaction data allows us to trackwhen the file containing an application and related documents areopened, when they're signed, and when the file is closed again. Ifthe underlying content had ever been altered, the transaction datawould show that the fingerprint didn't match, and it would issue analert stating as much. Transaction data is securely stored in aseparate location.

Casey: Could someone–say, an insurance companyemployee–go into the company's system and make changes to anapplication submitted online or to a policy issued online?

Gonser: That would be next to impossible. TheNational Institute of Standards & Technology has estimated thatit would take some very powerful computers–and approximately 149trillion years–to break the type of security key used to secure theelectronic documents we're discussing. And even if someone managedto do so, the audit system would detect the intrusion.

Casey: What if an insured denies having signedand submitted a particular application or other document? Let'ssuppose an insured named William Smith, who works for Arizona CableCo., submits an online application for auto insurance and choosesnot to purchase UM/UIM coverage. A few months later, an unlicensedand uninsured driver causes an accident in which Mr. Smith isinjured and his vehicle is totaled. Mr. Smith cannot obtainreimbursement for his property loss or medical expenses from theuninsured driver, so he files a claim with his own carrier. Thecarrier denies the claim, citing Mr. Smith's signed waiver ofUM/UIM coverage. Mr. Smith insists that he did select the coverage,that the application and waiver on file with the carrier areinaccurate, and that a different William Smith must have submittedthem. How might the carrier respond?

Gonser: The insurer can establish that WilliamSmith, the insured in question, logged onto its Web site andsubmitted the auto insurance application–along with a signed UM/UIMwaiver–from the Internet provider (IP) address that corresponds tohis home router. The carrier also can establish that the person whosigned the document electronically used the e-mail addresswilliam.smith@ArizonaCable. com and that William Smith, the insuredin question, is the only person with access to thatpassword-protected account. An audit trail can show that, incompleting the application, Mr. Smith correctly answered severalquestions about his background and personal history (such as theamount of his most recent mortgage payment) designed to verify hisidentity through an authentication service.

Hatfield: With a sound process in place, backedup by technology and credible witnesses, a carrier has a betterdefense than it would have if it relied solely on paperdocuments.

Michael Yarnell: In a case like the oneoutlined, if you can present the technology in an understandablefashion, and if it is, in fact, maintained in a good businessprocess with credible people, I think it greatly strengthens thecompany's credibility. On the other hand, if the technologyinvolved is explained in a confusing, highly technical way that thejury can't grasp, the company's defense will seem evasive andexcuse-laden, and it will be more difficult to swallow. The jury orthe presiding judge won't be able to understand or identify withthe carrier's position.

Heidrick: It's important to follow a defined,repetitive, understandable business process so customers know whatthey're agreeing to and are inclined to abide by the agreement.When a disagreement does develop, a court might have to sort it outand render a decision based on the evidence presented and thesoundness of the business process involved. When establishing ane-commerce process, think about likely disputes and ensure that itcomplies not only with the law, but also with common sense. Will ajury believe that your business's system is too reliable to havemade an error?

In one of my past roles at a call center for a brokerrepresenting several insurers, we frequently bound coverage on thephone. We used digital voice recording to verify applicants'identities but also tried to obtain wet signatures where we feltthey were needed. The latter part of the process was quiteexpensive and time-consuming. Of course, we could bind a policy oneday and the customer could experience a loss the next, so weroutinely faced E&O exposures. Such exposures can be greatlyreduced by the use of electronic signatures, which take onlyminutes, or even seconds, to obtain.

Insurance is an intangible product or service that's alsodata-centric, and the distribution system has been inefficient.Sooner or later, this industry will go paperless. In the meantime,we need to reduce the perceived risk level of electronic processesso regulators, company executives, producers and customers becomecomfortable conducting business in this self-service kind ofway.

Hatfield: The issue really is more aboutworkflow and process than it is about technology. If you have aprocess that prevents errors and omissions, and it's supported byeffective technology, then having those measures in place is moreimportant than whether the process is manual or automated. When youthink about an e-signature process, think about the process firstand technology second, but realize that technology can make it allhappen and make it very secure.Since the use of electronicsignatures benefits both producers and carriers, producers shouldencourage companies to adopt this process and, whenever possible,choose to do business with those who offer it.