Data processing systems are at the heart of most eSignature and ePayment products and services. Today, these systems are used to perform many key functions for businesses – frequently on an automated basis with little human oversight or intervention. These functions include (i) presenting electronic records; (ii) capturing and preserving records, electronic signatures and information; (iii) processing information and reporting outcomes for decision-making; and (iv) managing communications with clients.
The tasks performed by these systems play a particularly vital role in many transactions – and their proper, reliable functioning is essential to both regulatory compliance and transaction enforceability. This creates a potential hazard for the business if the system produces processing errors because it is improperly or inaccurately programmed, or because of inaccurate or incomplete data entry, which are not readily detected.
A business relying on a system with a programming or processing error may, over time, accumulate and act upon a significant number of erroneous transactions or process decisions, while believing all the while that the transactions and decisions are valid. This can lead to a variety of liability exposures, ranging from conversion of property to negligence to breach of contract to regulatory non-compliance. Data and records from unreliable systems may be inadmissible in evidence. In consumer retail transactions, there is also the risk of a claim based on unfair or deceptive acts and practices (UDAAP).
In a nutshell, a UDAAP claim may exist if the system's flaw or error (1) causes (or is likely to cause) an unavoidable, substantial injury to a consumer; (2) materially misleads (or is likely to mislead) a consumer; or (3) materially interferes with a consumer's ability to understand a product or service, or takes advantage of a consumer's inability to understand the risks or protect his or her interests in selecting a product or service.
For these reasons, protecting the integrity of all key systems through regular evaluation and testing is important to every business that relies on system outputs to process transactions or to make, or help make, transaction decisions. System outputs should be regularly examined for accuracy, and system updates and changes should be carefully evaluated for impacts on existing processes.
For more information on system development and assessment, check out these resources:
- Standards and Procedures for Electronic Records and Signatures (SPeRS)
- The FFIEC IT Examination Handbook Infobase
- The Law of Electronic Signatures (Thomson Reuters 2019 Edition)
The content of this article is intended to provide a general guide to the subject matter. Specialist advice should be sought about your specific circumstances.