eSignature and ePayment News and Trends - March/April 2024
Today’s ever-shifting business environment means that consumers, businesses, employers, and employees all expect to transact digitally. To remain efficient and competitive, companies must digitally transform their businesses. Successful transformation and maintenance require careful planning and up-to-date knowledge to ensure smooth integration with existing business technology, positive customer experience, and ongoing regulatory compliance.
This newsletter includes legal insights and brief summaries of recently enacted federal and state laws, federal and state regulatory activities, fresh judicial precedent, and other important news to keep you up to date in the ever-evolving electronic environment.
INSIGHTS
Booming biometrics: Emerging trends
By Margo H.K. Tank, R. David Whitaker, Liz Caires, and Emily Honsa Hicks
While biometric technology becomes increasingly important in the evolving world of electronic authentication and fraud prevention, litigation under existing biometric privacy laws is becoming increasingly prevalent. States that already have such laws include Illinois, New York, Texas, and Washington; and even several cities (such as New York City and Portland, Oregon) have biometric privacy laws. These jurisdictions may soon be joined by Arizona, Connecticut, Hawaii, Kentucky, Maine, Maryland, Massachusetts, Minnesota, Missouri, Montana, Nevada, New Jersey, Pennsylvania, and Tennessee; all of which have pending biometric privacy legislation. Federal legislation has also been introduced in the space.
Illinois BIPA still a hotbed of actions
It is no surprise that Illinois, which became the first state to enact such a law in 2008, has quickly developed case law in this area, due in large part to the private right of action and broad scope of the Illinois Biometric Information Privacy Act (BIPA). BIPA has been fertile ground for consumer lawsuits which have predominantly taken the form of class actions in which plaintiffs accuse defendants of illicitly collecting biometric data.
Typical allegations within these actions include:
- not informing affected individuals about the collection or storage of their biometric information,
- not disclosing the retention period or the purposes of such collection
- failing to obtain written consent and
- not maintaining a public written policy detailing the retention schedule and the procedures for the eventual destruction of biometric data.
At issue: what is “biometric information”?
BIPA has defined “biometric information” to include “a retina or iris scan, fingerprint, voiceprint, or scan of hand or face geometry” but courts are awash with actions that require them to determine whether the particular information gathered falls within the statute.
Courts are thus required to wrestle with whether something can be used to identify someone – for example, a “voiceprint” versus a “voice recording,” or facial geometry information versus a simple photograph. At least six BIPA cases have been decided in 2024 surrounding fingerprints and one involving voiceprints, and at least six more have centered on facial geometry.
Lawsuit trends
A significant trend in BIPA litigation is the number of lawsuits filed by employees against their employers. These lawsuits generally assert that employers unlawfully gathered employees’ biometric data, such as fingerprints, often for purposes such as tracking work hours and without observing the necessary BIPA stipulations.
Another large segment of BIPA-related actions surrounds the unauthorized collection, usage, or sharing of individuals' facial geometry or biometric information. Prominent targets of such actions include smartphone applications, photo storage services, and various technological products that scan users' faces, either for direct or indirect profit or to enhance facial recognition capabilities.
Legislative response
In response to the flood of litigation, Illinois legislators have introduced a number of potential amendments to BIPA that largely focus on excluding the collection of biometric information for certain purposes, such as complying with other Illinois employment laws or distinguishing and excluding information that is converted to a mathematical representation. Proposed amendments would eliminate statutory damages, reduce the statute of limitations, and exclude private entities with employees covered by collective bargaining agreements that establish different policies related to biometric information.
Risk mitigation
BIPA violations have been reported in contexts as diverse as remote proctoring services, customer and user identity verification, and voluntary provision of biometric data to third-party facial recognition databases. While companies may seek claims coverage for BIPA violations from their insurers, insurance providers frequently dispute such claims.
Legal interpretations of BIPA have been heavily shaped by court decisions that have treated BIPA violations as significant violations of an individual’s right to privacy of their own biometric data, rather than as technicalities. Courts have held that breach of the BIPA itself constitutes a harm sufficient to claim damages and that failure to satisfy BIPA's notice and consent requirements result in actual, tangible injuries, granting plaintiffs the standing to sue. (See our previous Insight on BIPA litigation.)
It is therefore imperative for any entity that may collect and/or store (either directly or indirectly) biometric data to thoroughly assess the collection, use, and storage of such data through the lens of applicable laws and regulations.
Learn more about this rapidly shifting legal landscape by contacting any of the authors.
FAA updates guidance on electronic flight bags, pointing toward the digital, paper-free cockpit
By Margo H.K. Tank, R. David Whitaker, Liz Caires, and Emily Honsa Hicks
The Federal Aviation Administration (FAA) has issued updated guidance for aircraft owners, operators, and pilots on the use of electronic flight bags (EFBs) with the release of Advisory Circular (AC) 91-78A.
This update, which is permissive and not a mandatory regulation, clarifies that EFBs may be used in lieu of almost all paper reference materials for pilots, resolving long-standing uncertainties since their introduction over a decade ago. The use of EFBs has become a standard practice for pilots. While the AC does not require the use of EFBs, it underscores the importance of proficiency in operating EFBs to ensure the benefits of digital documentation may be fully realized and align with FAA regulations.
The AC discusses the benefits of using EFBs and the criteria for using them in lieu of paper reference material, as well as considerations for the use of specific EFBs, including portable and installed EFBs. It also confirms that EFBs can be used to store essential flight operation information such as pilot operating handbooks, minimum equipment lists, weight and balance calculations, aeronautical charts, and terminal procedures in all phases of flight instead of paper as long as the information it provides:
- does not replace equipment mandated by Part 91
- offers a functional equivalent to paper material,
- remains current and accurate and
- does not cause interference with flight operations.
The FAA further recommends that operators assess the human-machine interface and aspects governing crew resource management, provide training on the use of EFBs, and follow security procedures. This paves the way for pilots and aircraft owners to transition to cockpits that are fully digital, easily updated, and clutter-free.
REGULATORY DEVELOPMENTS
FEDERAL
USPTO
USPTO expands use of electronic signatures. In a final rulemaking effective March 22, the USPTO updated the signature rule to allow broader use of electronic signatures by way of third-party document-signing software and to more closely align signature requirements for patent cases with trademark cases. The rule establishes signature requirements common to both patent and trademark matters.
STATE
Electronic signatures
Virginia expands use of electronic signatures and records –
- In connection with health benefit plans. On March 28, Virginia enacted HB595, which allows a health benefit plan sponsor to agree on behalf of a participant to conduct business by electronic means; provided that the sponsor has confirmed that the participant routinely uses electronic communications during the normal course of employment and the sponsor has provided an opt-out notice, among other conditions.
- In connection with court filings. On March 8, Virginia adopted HB171, which provides that any pleading, motion, and other paper filed with the court which must be signed by an attorney may be signed using an electronic signature or a digital image of a signature. The new law clarifies that an electronic signature or a digital image of a signature shall satisfy the requirement in current law that every pleading, motion, or other paper of a party be signed by at least one attorney of record.
Washington expands use of electronic signatures and records. Washington enacted SB5786 on March 4. The new law revises the state Business Corporation Act to allow the use of electronic signatures and records for, and the use of electronic means of delivery of, corporate documents.
Money transmission
More states adopt features of the Model Money Transmission Modernization Act. Iowa, South Dakota, and Wisconsin join the states that have enacted the Model Money Transmission Modernization Act, in whole or in part. For more information on state adoptions of the Model Act, see our October 2023 and February 2024 issues.
- Iowa. Iowa previously adopted most of the Model Act in 2023. On April 10, 2024, Governor Kim Reynolds signed into law, effectively immediately, House File 2262, an Act relating to money transmission services, providing penalties, an effective date, and retroactive applicability provisions. The new provisions also provide an exemption from licensing for agents of a payor that provide payroll processing services, provided all of the following apply:
- There is a written agreement between the payor and the agent that directs the agent to provide payroll processing services on the payor’s behalf
- The payor holds the agent out to employees and other payees as providing payroll processing services on the payor’s behalf
- The payor’s obligation to a payee, including an employee or any other party entitled to receive funds via the payroll processing services provided by the agent, shall not be extinguished if the agent fails to remit the funds to the payee.
- South Dakota. On March 14, 2024, South Dakota Governor Kristi Noem signed into law Senate Bill 58, which amended and repealed many parts of the state’s money transmission law that was enacted in 2023 to bring the law more closely aligned with the Model Act. Among other new provisions, the law defines “money” to mean a “medium of exchange that is authorized or adopted by the United States or a foreign government” but it exempts “any central bank digital currency.” It also creates a new provision requiring licensees transmitting virtual currencies to “hold like-kind virtual currencies of the same volume as that held by the licensee but that is obligated to consumers, in lieu of the permissible investments otherwise required.” Of additional significance, the new law recognizes an exemption from licensing for “agents of a payee,” provided that: (i) a written agreement between exists between the payee and the agent directing the agent to collect and process payments from payors on the payee’s behalf; (ii) the payee holds the agent out to the public as accepting payments for goods or services on the payee’s behalf; and (iii) payments for the goods and services is treated as received by the payee upon receipt by the agent so that the payor’s obligation is extinguished and there is no risk of loss to the payor if the agent fails to remit the funds to the payee.
- Wisconsin. On April 4, 2024, Wisconsin Governor Tony Evers signed Senate Bill 668, the Money Transmission Modernization Act, into law. Chapter 217 of what is now referred to as 2023 Wisconsin Act 267 repeals previous provisions replaces them with provisions governing the licensing regulation of money transmitters, in line with the Model Act. The law incorporates common exceptions, including exceptions for federally insured financial institutions, government agencies, registered securities broker-dealers, agents of a payee that collect and process payments on behalf of the payee if certain conditions are satisfied, electronic funds transfers of governmental benefits by government contractors, employees and authorized delegates of licensed money transmitters if certain conditions are satisfied, and any other person exempted by the Wisconsin Department of Financial Institutions, as long as the exempt person does not engage in money transmission outside the scope of the exemption.
Digital assets and virtual currency
Wyoming passes Stable Token Act amendments. On March 18, Wyoming Governor Mark Reynolds signed into law Senate Bill 52 which amends the Wyoming Stable Token Act. The Wyoming Stable Token Act is part of the state’s effort to create a legal and business environment tailored to blockchain businesses and digital assets. The act allows Wyoming to issue the United States’ first government-issued stablecoin, which will be fully backed by US dollar reserves. The amendments permit the state to invest its US dollar reserves in cash and government securities, authorize issuance of multiple types of stable tokens, and authorize the state’s stable token commission to contract with financial institutions.
California DFPI posts comments on Digital Financial Assets Law. In our prior issue, we reported that the California Department of Financial Protection and Innovation (DFPI) was seeking comments on a proposed rule implementing the state Digital Financial Assets Law (DFAL). Comments have been submitted to the DFPI and are available for view. For more information on the DFAL, see our October 2023 issue of Blockchain and Digital Assets News and Trends.
California DFAL in effect for virtual currency kiosks. In February, the California DFPI issued a reminder to digital financial asset kiosk operators that the DFAL became effective January 1, and the DFPI requires kiosk operators to submit a list of kiosks no later than March 15. The DFAL also requires kiosk operators to submit updates to the DFPI within 30 days of any changes to that listing, in addition to other obligations for kiosk operators.
California cracks down on bitcoin ATM operators. March 15 marked the deadline for operators of crypto kiosks to report a list of their kiosk locations to the California Department of Financial Protection and Innovation (DFPI). Crypto kiosks allow users to buy and sell cryptocurrencies – often without providing personal identification. The reporting requirements are part of the state’s Digital Financial Assets Law, which became effective January 1, 2024. Kiosk operators are also required to submit updates to the DFPI any time they move or change kiosks.
UCC Article 12
DC adopts Article 12. On March 1, Washington, DC Mayor Muriel Bowser signed B25-0005 adopting UCC article 12 in the District, allowing for the creation of controllable electronic records. The bill is currently pending Congressional review and is expected to become law on May 14.
Iowa adopts Article 12. On April 10, Iowa enacted SF2389, which modifies the state Uniform Commercial Code to adopts new UCC Article 12 on controllable electronic records and classify digital assets as personal property. The new law goes into effect July 1.
South Dakota adopts Article 12. On February 27, South Dakota enacted HB1163, which enacts the 2022 Amendments to the UCC in modified form. Governor Noem vetoed a similar bill last year (see our prior alert). While the new law includes Article 12 on controllable electronic records, it adds a definition for “central Bank digital currency” (CBDC) and modifies the definition of “money” to expressly exclude CBDC. The new law includes a provision allowing for the transition of transactions conducted on or after July 1, 2024.
Remote online notarization
South Dakoka enacts RON. On March 25, South Dakota enacted Senate Bill 211 which adopts remote online notarization (RON) in the state. When SB211 becomes effective on July 1, 2024, South Dakota will enable RON in addition to remote ink notarization (RIN) which requires the notary to sign in ink “the original tangible document” executed by the principal during a video conferencing session with the notary. South Dakota becomes the 46th state to adopt RON, which has also been adopted in the District of Columbia. To date, only the states of Alabama, Connecticut, Georgia, and South Carolina do not permit RON.
Wisconsin modifies RON to permit eClosing POAs. On March 21, Wisconsin enacted SB626 which modifies the existing Wisconsin RON notarial laws to permit a notary commissioned by the state to perform RON with respect to a limited power of attorney for a real estate transaction a notarial act for remote execution of wills and other estate planning documents.
Virginia modifies RON to permit knowledge-based authentication. On April 17, Virginia enacted HB1372 which modifies existing state law regarding RON to permit satisfactory evidence of identity based on video and audio conference technology to be confirmed, in part, by a knowledge-based authentication assessment (KBA). This new law brings Virginia into conformance with the requirements of many other RON states and the RULONA which generally permit authentication of principals through use of credential analysis, KBA and the notary’s review and acceptance of the principal’s identity credential (eg, driver’s license) presented remotely to the notary.
eRecording
Utah enables recordation of electronically notarized documents. On March 19, Utah enacted HB25 which will take effect on May 1, 2024 and provides for electronically notarized documents to be recorded electronically with a county recorder.
eWills
Washington enables electronic nontestamentary estate planning documents. On March 13, Washington enacted SB 5787, which adopts the Uniform Electronic Estate Planning Documents Act in the state. The new law enables the electronic execution of certain nontestamentary estate planning documents, such as a power of appointment or an inter vivos trust, but not for wills or codicils, as well as the in-person and remote notarization of such electronic documents.
Wisconsin enables RON for eWills and estate planning. On March 21, Wisconsin enacted SB898, which enables remote execution of wills, codicils, trusts, and powers of attorney for healthcare, finances and property, as well as healthcare declarations.
CASE LAW
FEDERAL
Electronic fund transfers (EFTS)
In Virginia is for Movers, LLC v. Apple Fed. Credit Union, No. 1:23CV576 (DJN), 2024 WL 1091786, at *10–11 (E.D. Va. Mar. 13, 2024), a putative class action lawsuit brought by credit union members against the credit union surrounding overdraft fees, a Virginia Federal Court concluded that overdraft fees were indeed subject to disclosure under the Consumer Financial Protection Bureau's (CFPB) Opt-In Rule, which forms part of the regulations stipulating the disclosure of terms and conditions for EFTs under Regulation E, which implements the Electronic Fund Transfer Act (EFTA). The court determined that the defendants’ application of CFPB's interpretive guidance regarding EFTA provisions related to required disclosure of EFT charges was not entitled to deference and application of the CFPB’s guidelines was unsupported by the plain text of the EFTA or Reg E, and that deference to an agency's interpretive guidance is only merited if the regulation in question is ambiguous and if the agency's interpretation is reasonable – neither of which the court believed to be the case here. Consequently, the court decided that since overdraft fees are EFT charges, the requirement for their disclosure is valid, and any violation of this requirement would mean non-compliance with Section 905, giving rise to a cause of action under Section 916(a).
Electronic signatures
Email signature may satisfy merchant’s exception to statute of frauds. In City Calibration Centers Inc. v. Heath Consultants Inc., No. 22-CV-7845 (JS)(ST), 2024 WL 1345330, at *12–13 (E.D.N.Y. Mar. 29, 2024), a New York federal court concluded that an electronic signature present in an email with language that included “I have reviewed the changes, and the proposed insertions are acceptable” was sufficient to meet the requirements of the statute of frauds for a sale of goods over $500 under New York law and imply the acceptability of the electronic signature in the email to authenticate the transmission. Past case law supported the view that electronic communications, including signatures, when precise enough, can meet the definition of a confirmatory writing that satisfies the merchant’s exception to the statute of frauds. The court thus enforced the agreement.
Money transmission
Miami cryptocurrency exchanger pleads guilty. The DOJ announced on January 23 that Raul Rodriguez, the owner of a Miami-based digital currency exchange, pled guilty to operating an unlicensed money transmitting business in violation of title 18 USC Sec. 1960. Rodriguez, through his platform LocalBitcoins.com, was in the business of converting cash into bitcoin and other digital currency in exchange for a fee. According to his plea agreement, Rodriguez exchanged at least $5,047,462 in digital currency from 2016 through 2022. Rodriguez further admitted that his customers included an online narcotics trafficker and a professional money launderer, both of whom were previously prosecuted in the Southern District of Florida. Rodriguez faces up to five years in prison.
DOJ charges major exchange KuCoin with BSA violations. On March 26, the Department of Justice (DOJ) announced criminal charges against major centralized exchange KuCoin for violating the Bank Secrecy Act (BSA), and against two of its founders for conspiracy to violate the BSA, by failing to maintain an anti-money laundering (AML) program, failing to maintain reasonable procedures for verifying the identity of customers, and allegedly never filing any Suspicious Activity Reports. The indictment alleges the exchange and its founders were also charged with operating an unlicensed money transmitter (MT) business under 18 USC § 1960. The DOJ alleges that KuCoin received and sent billions of suspicious and criminal transactions while KuCoin allegedly tried to hide the number of US customers it had to justify its lack of AML and KYC requirements. In reality, the DOJ alleges, US customers are 17 percent of KuCoin’s userbase. The two founders, who are both Chinese citizens, each face one count of conspiracy to violate the BSA and one count of operating an unlicensed MT business, each of which carries a five-year maximum sentence. The CFTC also announced a parallel action for Commodity Exchange Act violations.
Virtual currency
FTX customers sue for custody of deposited assets. On January 31, a group of international customers of the now-defunct crypto exchange FTX sued for a declaratory judgment that, according to the terms of the FTX terms of service, FTX deposits are customer property and, therefore, cannot be treated as part of the debtor’s estate in Chapter 11 proceedings. The complaint relies on the following language in the terms of service: “Title to your Digital Assets shall at all times remain with you and shall not transfer to FTX Trading.” This language, the customers contend, should have barred FTX from treating customers as unsecured creditors and blocking access to their funds. The customers’ position echoes the reasoning of the US Bankruptcy Court presiding over Celsius Network’s bankruptcy proceedings. Read more about that case in our prior alert.
Bitcoin kiosk operator ordered to pay restitution to romance scam victims. On February 13, the US Attorney’s Office for the District of New Hampshire announced that a court had ordered the operator of a bitcoin ATM service to pay restitution of more than $3.5 million to 29 victims of romance scams, many of whom were elderly. According to the press release, the defendant took money from victims and charged them exorbitant fees to convert their money into bitcoin that could then be sent to scammers. To cater to these fraudsters, the defendant disabled KYC requirements on his kiosks and failed to register his business with the Financial Crimes Enforcement Network. A parallel press release from the IRS further reported that the defendant concealed his income and paid no taxes. Earlier this year, he was sentenced to 96 months in prison for these crimes.
STATE
Electronic signature and online contract formation
Two North Carolina cases find that emails contemplating an agreement did not form an agreement.
- In 603 Glenwood, Inc. v. 616 Glenwood, LLC, No. COA22-943, 2024 WL 1399367, at *6 (N.C. App. Apr. 2, 2024), a plaintiff argued that the parties had “impliedly agreed to conduct themselves via electronic means, subjecting themselves to the provisions of the Uniform Electronic Transactions Act” and that an “electronic signature” on emails related to a transaction was enough to both create a settlement agreement and fulfill the statute of frauds requirements for real estate conveyance agreements under North Carolina law, or as the court summarized plaintiff’s position, “they had implicitly agreed … that the names at the bottom of the e-mails were sufficient to create a valid contact.” The court noted that although precedent existed concluding that the collective reading of emails and drafts complied with the statute of frauds, the prior case's application of judicial estoppel by the North Carolina Supreme Court was due to an in-court acknowledgment of a binding agreement, which differed from the current case where no such admission was made. Moreover, the court found that there was no meeting of the minds, acceptance, or execution of a valid contract concerning the sale of the premises between the plaintiffs and defendant, as communications between the parties demonstrated that they both explicitly expected the property sale agreement to be signed in a traditional manner, not merely through email correspondence.
- Similarly, in Garland v. Orange Cnty., No. COA23-588, 2024 WL 1392264, at *3–4 (N.C. App. Apr. 2, 2024), a North Carolina appellate court found that the trial court was incorrect in enforcing a purported settlement agreement based on a series of emails. The appellate court held that an email sent by defense counsel to memorialize terms agreed to within a mediated settlement conference that referenced a draft settlement agreement that would be circulated for review and signature was not enforceable as an agreement. The court indicated that because the email contemplated a future signed agreement, it was “at best an agreement to agree.” Although the plaintiff suggested that the email signature from defendant's counsel sufficed under the state’s UETA, the court noted that the email explicitly mentioned the anticipation of a future signed draft, indicating no intention to finalize an agreement electronically at that time. Moreover, statutory requirements for mediated settlement agreements stipulate that any agreement must be written and signed by the parties concerned or their designees. Further, the court found that the clear indication within the email that counsel would send a future draft of the agreement for review signature, there was no evidence of intent of the defendant to execute the settlement agreement via an email electronic signature so the state UETA did not apply. Consequently, the court found that the July 21, 2022, email did not constitute an enforceable mediated settlement agreement due to its failure to satisfy statutory signature requirements.
Electronic records
Electronic audit log of loan agreement execution deemed admissible. In Jones v. Solgen Constr., LLC, 318 Cal. Rptr. 3d 313, 323–24 (Cal. App. 5th Dist. 2024), an appellate court found that the trial court correctly used its discretion and did not err in determining that the viewing-time and signing-time information from an electronic certificate associated with the loan agreement met the business record hearsay exception under California laws of evidence. This was because testimony from the lender’s chief revenue office confirmed that the lender consistently used the electronic program to create and maintain secure loan agreements containing encrypted certificates of completion with detailed timestamps. The court found that this created a reliable electronic audit trail that tracked and recorded the times in which documents were viewed and signed and created a certificate of completion which included viewing and signing times, sufficient to meet the foundational requirements of the laws of evidence to be offered to prove that the electronic signature certificate for consumer's loan was trustworthy.
Money transmission
California settles with Sigue Corporation to cease money transmission. On March 22, the California DFPI announced it entered into a consent order with Sigue Corporation which requires Sigue to cease all money transmission activity in California. According to the announcement, the “DFPI issued the order due to Sigue’s deteriorating financial condition.”
UPCOMING EVENTS
David Whitaker and Emily Honsa Hicks will speak at The Conference on Consumer Finance Law’s Spring Consumer Financial Services Conference on May 30-31, 2024 at Loyola University Chicago School of Law. The conference will offer CLE credit, and in-house counsel may register to attend free of charge.
RECENT EVENTS
The Financial Times recognizes DLA Piper as one of the Most Innovative Law Firms in North America.
RECENT PUBLICATIONS
Emily Honsa Hicks co-authored the “Electronic Signatures and Records” chapter in the Consumer Financial Services Answer Book, 2024 Edition.
Cryptocurrency and Digital Asset Regulation, published by the American Bar Association and co-edited by Deborah Meshulam and Michael Fluhr, including chapters by Meshulam and Fluhr as well as by Margo H.K. Tank.
The MBA Compliance Essentials Remote Online Notarization State Surveys, developed by DLA Piper, provides a comprehensive look at RON requirements in each state that has enacted RON legislation. These fully editable surveys are organized by category of requirements, including registration, technology, seal and signature, certificates of RON acts, journal, authentication, session, recording and additional requirements. Companies can purchase the full package which includes surveys for all states that have enacted RON legislation along with a matrix summarizing state requirements, or companies can purchase information about individual states as needed.
Read
The Corporate Transparency Act is coming: What you should know
CFTC Tech Advisory Committee’s DeFi report: key takeaways for DeFi builders and innovators
In case you missed it
Read the latest issue of our bulletin Blockchain and Digital Assets News and Trends
Read the latest issue of our bulletin Bank Regulatory News and Trends
Contacts
Learn more about our eSignatures and ePayments practice by contacting:
The editors send their thanks and appreciation to Marc Aronson and Raymond Janicko for their contributions to this and prior issues.
