News May 20, 2020

Virtually endorsed: The electronic signature

Worldwide pandemic or not, the requirements for informed consent and signature of documents are the same. As such, the use of new authentication technology, expedient in the times of social distancing, should comply with ethical obligations accordingly.

In practical terms, the advisor must always ensure that his or her client is given all the necessary information, and also confirm their understanding before initialling any document. It is also important to remember that under no circumstances may the advisor forge a client’s signature, even with their consent. Engaging in such conduct constitutes grounds for disbarment, regardless of whether the act was committed in good or bad faith.

Furthermore, a signature may never be photocopied, the date or place of the signature may not be changed nor added retroactively, and a blank signed form may neither be kept for future use. In the event of a pandemic, clients worried about signing contaminated printed documents are compelled to stay at home. Fortunately, remote signing apps offer those housebound clients an interesting, paperless solution.

“The technological resources for this tool abound and the legislative code authorizes its use,” notes Lyne Duhaime, president of the Canadian Life and Health Insurance Association in Quebec (CLHIA-Quebec). Since 2001, the Act to establish a legal framework for information technology has enabled electronic documents to perform the same functions as traditional hard copy documents. Any individual can therefore provide consent by affixing their virtual signature.

Electronic or digital: what’s the difference?

According to Notarius, which manages the Québec Certification Centre for Digital Signatures* (CCQ), an electronic signature can take many forms, such as a scanned image of a handwritten signature; a name entry integrated into an online form; an e-mail signature or header; a click-through agreement; a combination of a user name and a password (or PIN); and even an audio recording

On the other hand, the more sophisticated digital signature authenticates the author, date and place of the signature while also safeguarding the integrity and origin of an electronic document through fully or partially reinforced cryptography. This technology allows the signatory to verify that the data contained within the document that he or she will be signing has not been tampered with. It also prevents the signatory from denying the authenticity of their signature (non-repudiation). Hence, digital signatures offer the reliability required to execute legal instruments officially, which isn’t always the case with electronic signatures.

A user-friendly and thorough process

Éric F. Gosselin, of Services financiers Éric F. Gosselin Inc. has been using digital signatures since 2016. At the time, he was in Asia with a colleague for several weeks and was looking for an efficient way to sign documents remotely. He finally opted for an electronic tablet with a fine-point pen and the SignEasy application, a subscription-based service. “All of a sudden, I could sign documents effortlessly, anywhere I was,” he recalls. “When I came back home, I kept on using it. Now my customers use it too.”

Clients can sign via mobile phone, tablet or a PC (with the mouse). Documents provide a follow-up audit, consisting of a long identification number. The audit reveals when the form was downloaded, where it was downloaded (since it records the IP address of the device used) and when it was signed. It is then sealed. “The process must remain comprehensive enough to be legally valid, but it must also be efficient and user-friendly,” says Gosselin.

UV Assurance manages a similar digital signature service with My Universe, its new platform for advisors. Clients can sign a document on the smart device of their choice (phone, tablet, or computer) and can do so by e-mail, among other uses.

“In this case, the system requires the e-mail addresses of all signatories and generates a secure link for them,” explains Guillaume Fauteux, vice-president of business development and marketing in individual insurance and investment & retirement. “It then gives the advisor a private key unique to the transaction. Signatories must enter this key to access the signing interface.” The advisor can then track the status of the agreement with updates in real time (e.g. “pending requirements”; “approved”; “awaiting payment”; “current policy in effect”). 

Diversico, for its part, relies on a very thorough authentication process with iGeny Sign. No client can initiate the digital signature process before first being identified by the firm’s personnel, whether by telephone or video call. Diversico then sends the identified parties an e-mail with a link to the document. However, the document can only be opened by entering a security code that is sent by text message. This is called two-step authentication.

The signature is made by clicking a button provided in the form. Several pieces of information, such as the e-mail address and IP address are then automatically logged. Diversico can view when and where the document was received, uploaded and signed. It also monitors how long the person consulted the form before signing it.

This document, a PDF that contains the information of all signatories, is then forwarded to Notarius. “It is the only organization in Canada to be certified by Adobe,” says Daniel Guillemette, president of Diversico. Notarius then seals the PDF, rendering it immutable. A certificate of authenticity is affixed to the document before it is returned to Diversico. If an individual somehow succeeds in accessing and modifying the PDF, the altered version will now indicate that the document has been tampered with each time it is opened and therefore it no longer conforms to the original.

To reduce the risk of data breach, iGeny Sign does not use any application based in the U.S. “The intent is to always be able to determine that the document was signed by the right person, with his or her informed consent, and that the document has not been subsequently modified, in order to ensure its legal validity and compliance with ethical standards,” Guillemette concludes.

*The Registre foncier du Québec recognizes two certification service providers for digital signatures: the Centre de certification du Québec (CCQ), managed by Notarius, and the Government Public Key Infrastructure (PKI), administered by the Ministère de la Justice du Québec.