Electronic signatures (or eSignatures) are one of my favourite examples of being able to use process and technology to strike the trifecta of improved client experience, efficiency, and risk management. Yet it’s also an example of a no-brainer change that is taking far too long to be adopted widely. In this article, I’m covering electronic signatures, but I’m also covering something much larger: What the failure to adopt them represents.
Specifically, I’ll be covering:
- eSignatures defined
- The risk management benefits of eSignatures
- What the failure to adopt eSignatures really represents
- How you can avoid the same mistakes
Whilst it’s a bit technical, it’s worth taking a moment to define what an electronic signature is and how it differs from some other terms:
- A wet signature leverages cutting edge 5th century technology based on a blue or purple-black liquid (not red or green mind you) typically intended to replicate the look of iron gall ink, a compound made from iron salts and tannic acid. This liquid is applied to paper using a pre-set written design crafted by a human to reflect their name in an illegible format, typically finalised by the human in question between ages 8-14. The application of this design, using this liquid, is considered to be a wet signature.
- Indicating that you are signing a document or contract using software is usually an electronic signature. This can be done with a click of a button, typing a name, or any number of ways. It does not need a squiggle that matches your driver’s license or any other document. eSignatures are what we are really referring to when we talk about services like DocuSign and Adobe Sign.
- When a document has a digital signature it means it’s authenticity is digitally certified. This could include a contract between two parties, but can also be used to certify authenticity of documents, messages, websites, and more. (In short, digital signatures are complicated.) It can include high standards of identification including two-factor authentication. This is usually in excess of the requirements for what we need at the licensee or practice level.
- When you put an image of a signature on a document that you’ve sourced from scanning a signature (or using some kind of signature capture tool such as this free one), that is called sticking an image on a document that looks like a wet signature. That is neither an electronic signature nor a digital signature.
- A completely valid alternative to eSignatures is when the user can self-serve online. This can be done through an adviser’s own website or client portal where the login is verified (can be as simple as being password protected). When done at the product level, often this is frustrating for advisers as telling the client to login and DIY is not aligned with their service proposition, however there is a range of very good reasons for a product to take this route. Where this is so, they get a pass in my book.
The risk management benefits of eSignatures
eSignatures are well established as legally acceptable in Australia. This is covered at the below:
- eSignature Legality in Australia via DocuSign
- Electronic signatures in Australia: Legal considerations and recommended best practices, An Adobe / Norton Rose Fulbright Whitepaper
Whilst eSignatures have powerful benefits for the speed of doing business (compressing the x-axis of the Trust Canyon), client experience, and back office efficiency, that’s mostly a given and not what I want to focus on here.
I want to look at it from a purely risk management perspective. Even on this one metric, the benefits are plain to see:
|Legally accepted for most uses|
|Protected from access to identifier by your kids school, your GP, and all the other places you sign stuff|
|Hard for your ex to imitate|
|Hard for practice staff to imitate after a screw up|
|High quality verification||Sometimes||Always|
|Captures supporting evidence of intent||1|
|Trackable date/time||Maybe they signed the day it was dated?||Tracked to the second2|
|Inability to get lost|
|Speed3||Post takes days, sometimes weeks||Email takes seconds, sometimes minutes|
1eSignatures typically capture IP address, browser, device, and time-zone details. They may include GPS location and MAC address depending on if a phone was used and the privacy settings within.
2Tracking usually doesn’t just cover the signature itself, but also when it was emailed, when that email was opened, when the document was viewed, how long it was viewed for, and then it was signed. All of these are tracked to the second.
3Whilst speed is often cited as an efficiency or customer experience benefit, I’d argue it also lives in a risk management camp. Generally speaking, the quicker things are implemented the lower the risk of error or complaint.
If digital signatures had been the norm for the last five hundred years, and you proposed wet signatures to a compliance team now, you’d be laughed out of the room and rightly dubbed a moron for proposing such an insecure method. You’d feel embarrassed the entire horse ride home.
The important part isn’t the squiggle, it’s evidence of the intent and commitment by the signatory. In that respect, the case for eSignatures is a powerful one.
What the failure to adopt eSignatures really represents
It’s funny. eSignatures, while relatively new, are objectively superior as a risk management tool in any format where they have legal authority.
However, who are the advocates for this risk management tool within organisations? It’s typically customer facing staff and their managers, desperate to improve client experience or efficiency to meet business demands.
Why don’t these calls come from risk management teams? Why aren’t they seeking superior fidelity in the signature capture process? Why aren’t luddite advisers being pushed towards digital signatures against their will by compliance teams, instead of innovative ones screaming in frustration?
I’d like to suggest a few reasons why I think this is so.
Disproportionate weight to the status quo
I see this in decision making too often at all levels of organisations, big and small. The status quo is given disproportionate weight.
The very worst example is of course when a situation is expressed as being justifiable because “we’ve always done it that way”.
Of course, most people know better than to say this out loud, but you can see it when the case for a new method needs to be strongly made as opposed to a dispassionate comparison of two options: Existing and proposed.
Lack of interest in understanding the alternatives
Risk management functions are all too rarely interested in improving efficacy of the organisation, even within their own mandate of risk management. This is the difference between a policing approach and a genuine risk management approach.
For as long as those tasked with risk management have a limited interest in finding new ways to improve their own functions, we’ll continue to see a dearth of innovation on this front.
Not convinced? Whilst eSignatures are a nice clear example, you need not look further than the Advice RegTech space for confirmation. Check out the 2019 ASIC RegTech symposium. A range of software innovators demonstrate objective ways to improve upon everyday compliance, yet none have widespread take up (neither individually, nor collectively). Whilst some of this can be put to slow institutional decision making (as Midwinter’s Julian Plummer highlighted well here) that does not account for all of it.
This is a failure of risk managers to take an interest in alternative methods, and a failure of senior management to tackle that issue head on.
Lack of commitment to a very long-term view
Again, this points the finger at senior management. Complacency and short-term-ism in large institutions has enabled this, and it’s coming under increasing threat.
Whilst it’s easy to say the Royal Commission has had an impact on the ability to move to new things, these issues pre-date it. The underlying issue, in my humble opinion, is a failure to take risks, invest, and cannibalise oneself in the interests of long-term survival.
Neo-banks like 86 400 and products like Spaceship Voyager (seriously, check out that client experience and that fee) promise a 2020 experience and to meet 2020 expectations. If questions about ING post-Barefoot Investor were frustrating, wait until these start getting more and more traction with those who hold the money.
If you dislike change, you’re going to dislike irrelevance even more.Eric Shinseki
Institutional change resistance
Institutions, which continue to govern too much of the advice space, have change resistance. Legacy infrastructure that’s too expensive to change informs too much decision making.
Beyond eSignatures, the best example I have of this comes from the 2019 Netwealth Advice Tech report, which highlights that 5.9% of survey respondents still use Temenos’ (formerly Rubik’s) COIN. Who? Institutional advisers whose management simply won’t commit to six-seven figure expenses in order to improve the efficacy of their workforce where the benefits aren’t reaped for a few years.
This will change in time, but for those advisers whose processes are governed by institutions; the impact will be felt quite keenly over time. Those advisers that embrace newer breeds of product provider will benefit.
Don’t make the same mistakes
Whilst eSignatures are a great example of a way the advice and product engagement processes can be improved, with many and varied benefits, that’s little more than a powerful example.
For advice practices and licensees are there are practical takeaways you can ensure you adopt in your own decision making:
- Scrutinse the status quo and avoid giving it an undue preference when comparing options.
- Take a real interest in the alternatives, if not directly, through your staff, through your partners (there is a huge differential in licensee offerings here), and your peers (the less like you, the better for this).
- Commit to a long-term view and embrace change, as times and client expectations are changing. Fear of change or the cost associated with change will have long-term impacts on a business that intends to remain here for a long time.
- Don’t let the old guard define your client service offer. Ask your product BDMs and licensees: Do you enable eSignatures or online client self-service? What does your end-client experience look like? Do the answers align with your own experience working with the organisation? Does their client experience align with what you want your client proposition to be? Does that align with what your future clients will expect?
- Adopt eSignatures or similar into your practice where you can. If you need some documents signed as part of your own process, start implementing that now. The review stage is a great one where an updated fact find or an ATP from an RoA may be all you need to go from physical to fully digital.