The Financial Sector Conduct Authority (FSCA) has raised concerns about the potential risks of financial services providers using clients’ electronic signatures for financial transactions when the client is not present.
On 5 July 2021, the FSCA issued a communication on pre-populated documents and the use of electronic signatures by financial services providers (FSPs). This update summarizes the communication succinctly.
An electronic signature is defined in the Electronic Communications and Transaction Act No 25 of 2002 (ECT Act) as "data attached to, incorporated in, or logically associated with other data and which is intended by the user to serve as a signature".
It is important for FSPs using electronic signatures when rendering financial services or concluding financial transactions with their clients to consider the circumstances. The electronic signatures could be used: (i) by the client, without the intervention of an intermediary and/or FSP; or (ii) by the FSP, using the client’s electronic signature to sign pre-populated documents on the client’s behalf. The two scenarios are set out in turn below.
The first scenario, where the client is the originator of the signature and uses the electronic signature to sign documents, is not problematic from the FSCA's perspective. However, the FSP is required to take reasonable steps to ensure that the electronic signature is reliable and appropriate, for example using service providers that offer electronic signing solutions that can authenticate the identity of the signatory (such as DocuSign ®).
The second scenario, where the FSP uses an electronic signature on behalf of a client to conclude a financial transaction and/or agreement in terms of which financial services are rendered to the client, is problematic from the FSCA's perspective. This second scenario implies that the FSP uses a scanned image of the client's handwritten signature to sign documentation on behalf of the client.
This scenario potentially presents problems because:
- the client's electronic signature is probably used by the FSP when the client is not present;
- at the time that the document is signed, the client is not in a position to confirm that the documents contain complete and accurate information; and
- there is no evidence that the client has confirmed that it understands the contents of the document prior to the FSP and/or intermediary signing on behalf of the client.
The second scenario also exposes clients to the risk of fraud, unauthorised use of client signatures and conclusion of unauthorised financial transactions.
When considering the use of electronic signatures regulated under the ECT Act, provisions related to the rendering of financial services by FSPs apply, namely: (i) section 7(2) of the General Code of Conduct for Authorised Financial Services Providers and Representatives published in terms of section 15 of the Financial Advisory Services and Intermediary Services Act, 37 of 2002 (FAIS) and (ii) Rule 9 of the Policyholder Protection Rules, promulgated under both the Long-term Insurance Act No.52 of 1998 and Short-term Insurance Act No.53 of 1998 (the PPRs).
These provide, among other things, that no-one should request or allow a client to sign a blank or partially-completed document when rendering financial services. The intention of the legislator of these provisions is to ensure that clients are made aware of the terms and conditions contained in transaction documents and understand their contents before they sign any document provided by an FSP and/or intermediary.
The practice of FSPs using electronic signatures to sign documents on behalf of clients exposes clients to risks and fails to promote the purpose of the financial services legislation set out above.
The FSCA’s communication is not intended to address the definition, legality or permissibility of electronic signatures. It relates to the practices of FSPs using electronic signatures on behalf of clients which can expose financial customers to risks and unintended consequences.
In summary, the FSCA recommends that clients sign documents themselves, and FSPs must refrain from using clients' electronic signatures to sign documents on their behalf, even if clients have consented to it.