%20formatted-1.png?width=2528&height=739&name=SIGNiX%20Logo%20Main%20(white)%20formatted-1.png)
In the digital age, regulatory compliance stands as a cornerstone for ensuring the legal validity and security of electronic signatures (e-signatures). As Chief Technology Officer (CTO) of SIGNiX, John Harris sheds light on the intricacies of regulatory compliance within the realm of e-signatures. Regulatory adherence is not only about aligning with industry standards but also about safeguarding sensitive data and upholding the integrity of electronic documents. Through our dialogue with Harris, we delve into the pivotal role of compliance in various sectors, illuminating the significance of technologies like SIGNiX in meeting the diverse and stringent regulatory demands.
Can you define what regulatory compliance means for e-signatures and also why it's critical for ensuring their legal validity and security in certain industries?
John Harris -
“Regulatory compliance in general, of course, is making sure that your organization is matching up to the laws and regulations that affect your industry, location, region, and country. Compliance plays a critical role because so many of the requirements are around documents, records, intent to agree, and retaining evidence.
That's where e-signatures often come into contact with regulations, not just because they're themselves often the subject of regulation but also because the documents that they're interacting with are also subject to them.”
Different industries have unique regulatory requirements for e-signatures, such as HIPAA for healthcare. How does the SIGNiX technology cater to these varying industry-specific compliance needs?
John Harris -
”The core SIGNiX platform complies with these things, but it comes from the secure foundation on which the Company and the technology was built. The Company was built on the concept of simplifying the very complicated aspects and techniques of public key infrastructure (PKI).
At the time when the Company was founded, PKI technology, which was created in the late 90s, was very complicated and required extensive hardware and software, as well as knowledge by the end users in order to get any benefit out of it.
The Company's technology was built so that all of those benefits could be imparted to anybody who relied on the documents, but the end users didn't have to know anything about that technology to benefit. By basing our technology on standards and starting from an aspect of security, integrity, and non-repudiation via embedded legal evidence, we were already ahead of the game when it comes to regulatory compliance..
The way you sign is very unique, and there are many controls that go into that process. For example, we weren’t initially 21 CFR Part 11 compliant for life sciences, but it was very easy for us to build out the extra things to make us compliant. It’s about coming from that secure foundation that gives us more confidence and gives clients more confidence knowing that ours is the right platform.”
Recently we've seen HHS make proposals for requiring digital signatures over e-signatures due to critical goals only met with true digital signatures. How long do you predict it’ll take for other industries to follow suit?
John Harris -
“It's a very interesting development because many of the early federal and state laws around online signatures promoted technology neutrality.
In the late 90s, that was the thing to do. It was only later that the authors wanted to go to a technology-agnostic place.
The federal ESIGN Act and the UETA state laws were technology agnostic and covered electronic signatures in general. It’s generally considered to be a good thing to be agnostic because it doesn't stifle technology creation. Somebody might come out with some new signature technology, and you don't want to have to be so specific that it’s not allowed.
With HHS and other folks coming out with more specific regulatory suggestions or requirements, I think these are reactions to the fact that neutral laws might be too broad. The industry hasn't shown that there are enough controls in the basic e-signature process for some applications.
I would tend to think that there is this perceived gap between the simple e-signatures and the ability to sign important or valuable documents.
Does that mean it’ll be the way things will go in the future? Hard to say. It certainly is a good vote in our favor in terms of the way we have decided to go about doing digital signatures.”
Given the critical relationship between e-signature compliance and data privacy regulations, how does SIGNiX ensure the protection of personal and sensitive data through its digital signature solutions?
John Harris -
“Privacy is a collaboration. It's everyone's job to make sure that people aren't sharing passwords, and that they’re following all the appropriate security best practices, such as keeping things encrypted. We're very conscious of privacy because many different documents come our way, and we're not privy to the contents of those documents.
Our job here is to present documents and sign them, given the instructions from our senders. We treat every document with the same level of security and provide customers with a way they can delete the document from our servers shortly after they're done. They can also have us store them, and we'll store them in a secure and private fashion.”
We've really been focusing on fraud threats recently. The fraudulent activities, including e-signature fraud, pose significant threats, obviously, to firms and their clients. How does SIGNiX’s technology mitigate such risks, especially in light of recent fines posed on broker-dealers for e-signature fraud?
John Harris -
“It's always been something that we've tried to protect against. It goes back to that secure foundation. It's about making sure from the get-go that we are recording every event that takes place in the signature process so that it will be available for scrutiny later.
The only problem with having that much evidence is that you've got to then sift through it and try to find the needles in the haystack. Which is why we’ve come out with Compliance Lock™. What we're trying to do is essentially provide some magnets to capture some of those needles.
For example, the same email or IP address may be used by two different signers in a transaction. Using Compliance Lock, the client can look for that as a red flag. Compliance Lock notifies the client about this red flag which may or may not be a fraud problem. We identify a wide variety of fraud flags to present to the client for investigation in an organized fashion.
There will definitely be other industries interested in solving this issue. You don’t want financial advisors, loan officers, or sales managers signing on behalf of their clients. We had one client come to us and say, “We've seen this advisor do this, and we're concerned that all the advisors are doing it”.
Say another e-signature vendor wanted to create a service similar to Compliance Lock. Would this not be nearly as robust as what we're able to provide because of the limitations in what data they're tracking?
John Harris -
“It would definitely be harder based on the evidence that seems to be present in their audit trails and certificates of completion. E-signature vendors provide some of the same data, but not all of it.”
With the increasing adoption of RON, how does SIGNiX ensure its RON solutions meet the complex legal and regulatory requirements?
John Harris -
“We've spent a lot of time reviewing the various laws and changes as they occur. We ensure that our product keeps pace with those changes. We were there at the creation of RON in 2012. In 2019, there were really just a few states with RON laws and then, of course, COVID just exploded the need for the technology. Now 45 states have some version of RON laws.”
As the digital landscape continues to evolve, the importance of regulatory compliance in e-signatures remains paramount. Through the insights shared by John Harris, it becomes evident that ensuring compliance goes beyond mere adherence to regulations; it's about fostering trust, security, and integrity in electronic transactions. SIGNiX's technology, rooted in a foundation of security and innovation, stands as a testament to the commitment to meet and exceed industry-specific compliance needs. With the advent of technologies like Compliance Lock™, SIGNiX remains at the forefront, navigating the complex legal and regulatory landscape to provide a seamless, secure, and compliant digital signature solution for the modern era.
