WARNING: Your Firm's E-Signature Vendor Could be a Liability

Posted by Emily Maxie

Financial advisors across the country are adopting e-signature technology to save time, reduce risk and enhance client relationships. But not all e-signature vendors are created equal. If you aren’t careful which vendor you choose, you could be putting your firm and your clients at risk. We’ve assembled a variety of tips and suggestions to make sure you pick an e-signature vendor that will be an asset… instead of a liability.

Tip #1 – Signed Documents Should be Protected Against Tampering

e signature vendor risk

In the paper world, we’re used to being able to ‘see’ changes made to wet ink signed documents, and adjust our expectations accordingly. However, we’ve spent decades now working with electronic documents that can be easily changed with a variety of software applications without any noticeable difference in the document.

This is one reason why it’s so critical that you choose a vendor that protects the document when it is electronically signed. After all, anyone with a PDF editor can change the terms of a document if they wanted to. You need to be sure that if someone tampers with one of your documents, you can provide evidence the tampering took place.

That’s why some e-signature vendors offer a feature called “tamper evidence.” With tamper evidence, you simply open the document in any free PDF reader to find out if it has been altered. If there’s been any changes, even as small as a space or change in capitalization, the signed, tamper-evident PDF reader will show you an alert letting you know when the tampering happened and what was changed.

Now many vendors say it’s enough to secure the document at the end of the signing process, to show that the document hasn’t been altered after it was signed. But this may open your firm to additional risk. Let’s say you have an account opening form or other critical agreement that has more than one signer and requires each signer to fill in different fields, both investor-side and broker-side. If the tamper-evident seal is only applied after all the signatures have been placed on the document, what will you do if a client comes back later claiming that he entered a value that was different than the one on the finished document? If you don’t have the evidence and protection embedded in the document to prove what the document looked like throughout the signing process, you put your documents, and your firm, at risk. 

Ask potential vendors whether they add a tamper-evident seal to the document with each signature and initial applied to the document, not just at the end of the signing process. By applying multiple seals, the document provides substantially improved evidence regarding the content of the document throughout the transaction. 

Tip #2: Know the Dangers of Vendor Lock-In

You probably know from personal experience how tough it can be to change from one service provider to another. Think about the last time you changed your Internet service or gym membership. It was probably a pain, and there’s a reason. Most vendors don’t want you to have a seamless transition from their product to a competitor’s.

Vendor lock-in happens in the e-signature industry just like it happens with other service providers. Some e-signature vendors intentionally make it difficult to transition off their platforms. And the stakes are even higher if the vendor has access to your clients’ data.

When your firm starts looking to adopt e-signature technology, it’s easy to overlook the problem of vendor lock-in. After all, you may be looking at a cloud-based provider because these services can make your firm more efficient, reduce costs and improve your customer experience.

e signature vendor

But once it’s time to renew your contract, the vendor in question might have raised their prices or changed their policies. If that happens, you need to make sure you can make a change without affecting your documents or your client relationships.

“It’s not just privacy and security. It’s also — if I change my mind or it doesn’t work out, how do I move on?” said Robert Jenkins, CTO of Cloud Sigma, in a recent GigaOM article.

Having your business’s mission-critical systems and data at the mercy of a third party vendor doesn't make sense, especially in this type of scenario.

“When you put a lot of your resources, a lot of your data in the cloud… you want to know that you can move all that away to another cloud provider, or even bring that back on premises, if that’s the exit strategy,” says Thomas Erl, CEO of Arcitura Education Inc. in a recent Forbes article.

Be sure that your e-signature vendor can not only provide an easy way to move documents and evidence (for example, audit trails) out of their service if needed, but that those documents and the signatures on them can still be verified without relying on that vendor. In the paper world, you don’t have to worry if signatures signed with a Sharpie are invalid if Sharpie goes out of business. It’s not that easy in the world of electronic signatures.

Tip #3: Beware of Proprietary eSignature Technology

Because of the technology behind electronic signatures, you can get substantially more evidence to back up your signed documents. However, many e-signature companies use proprietary technology to create these electronic signatures, meaning that businesses may be locked into using their products. It might be possible to transfer documents to a different system, but can you be sure that the signatures will still be valid, or that your firm will still have access to the evidence collected by the vendor during the signing process?

“Cloud providers benefit from keeping things proprietary as long as possible, because it locks consumers into their environment,” Erl says.

Of course, most technology companies and services develop or utilize some aspect of proprietary technology—they need to differentiate in some way. However, it’s critical that the esignature service you choose doesn’t extend that vendor-specific technology to your firm’s signed documents. If it does, you risk the possibility of that aspect coming back to bite you in the long term, potentially years after you may have ended a relationship with a vendor.

Investment documents need to be viable for the lifetime of your relationship with a client, and you need to be sure that those e-signatures can be proven in court even if you don’t have a relationship with that vendor anymore. You also need to be sure those documents are valid even if the vendor goes out of business.  

Tip #4: Look for Industry Standards

One way to protect your firm is to make sure you use services that generate documents and electronic signatures based on open, published standards. These common, established standards can give you the assurance that the technology you’re using is compatible with other vendors’ offerings, your documents will be verifiable in the long term, and most importantly, these standards ensure that a third-party expert can interpret the data you get back from the vendor. 

“Standards give you the confidence that whatever happens in the future, the data you’ve created isn’t lost,” says John Harris, director of product management at cloud-based digital signature company SIGNiX. “Working with standards reduces your risk.”

Signatures built upon standards such as ISO 32000-1 (PDF), RSA, and SHA will ensure that your signed documents will remain relevant many years into the future, whether or not your vendor, or your relationship with that vendor, exists.

Making the Right Choice

It’s critical that you take control of the decision-making process and pick an e-signature vendor that places a priority on not only making your firm more efficient, but also reduces your risks when choosing electronic signatures over wet ink, and offers you the flexibility to change vendors without compromising your signed documents, the foundation of your client relationships.

Here are a few steps you can take as an organization to determine the right fit for your firm.

      • Read the fine print of the vendor’s policies. If you’re unsure of anything in the policies, ask your IT department or your legal team to take a look.
      • Ask the vendor if they create tamper-evident documents, and even better, if they tamper seal the document with each additional signature or initial added to the document to maximize the level of evidence produced.
      • Get a copy of documents signed by various vendors and have them explain to your risk and compliance teams how the signatures will withstand the test of time (and vendor disruption).
      • Ask the vendor directly how they would facilitate moving your clients’ data and documents out of their cloud storage repository.
      • Ask if they can digitally shred your customers’ data from their servers. If so, make sure their systems comply with digital shredding standards set by NIST or the U.S. Department of Defense.
      • Look for signatures based on the standards such as ISO 32000-1, RSA, SHA and related, established standards. This gives you the assurance that your documents will still be valid decades into the future.

If you follow this advice to pick an e-signature vendor, you’ll make your firm more efficient, engage happier customers and save your firm a world of trouble by eliminating downstream risk. 

Download our eBook "5 Reasons Financial Advisors Love Digital Signatures"

Get a Digital Signature Quote Now

GET A QUOTE

Posts by Topic

see all

Subscribe for updates