With the advent of the E-Sign law, which permits electronic records and signatures, and the adoption of the Uniform Electronic Transactions Act, which parallels E-Sign in many significant respects, it would appear that we now have the legal infrastructure to enable electronic banking.
Why would we need another bill, such as the Uniform Computer Information Transactions Act, that covers much of the same ground? The law, like the Uniform Electronic Transactions Act, is proposed by the National Conference of Commissioners on Uniform State Laws for state-by-state enactment.
The answer is that both E-Sign and the Uniform Electronic Transactions Act are minimalist statutes. They provide only that the electronic signature and the electronic record are as enforceable as the manual signature on a paper document. They do not contain detailed rules that establish the identity of the parties bound by the agreement. Only the Uniform Computer Information Transactions Act provides these detailed rules.
For a retailer selling clothing over the Internet, or a software house selling computer games, legal rules that provide certainty as to the customers identity may not matter very much. These purchases are made by credit card, and if some purchases are disclaimed, the vendor can simply adjust its pricing to reflect loss history.
Financial transactions are different. A bank may not wish to burden electronic banking by charging fees to cover the greater risk of loss. Also, financial transactions may be larger in amount than the typical clothing or software purchase. For all these reasons, financial transactions require certainty: The bank must know that if it follows specified rules, the transaction is not subject to disclaimer.
The Uniform Computer Information Transactions Act provides those rules. It states that if the bank can establish the commercial reasonableness of a security procedure used to identify the customer, the transaction cannot be disclaimed.
Like E-Sign and the Uniform Electronic Transactions Act, no particular type of technology is specified by the Uniform Computer Information Transactions Act. A digital signature would doubtless satisfy the commercial reasonableness standard. But so would other types of customer identification.
One form of customer identification that would appear to satisfy this requirement is the ATM card. (A bank that wishes to be belt-and-suspenders secure might ask the customer to select an additional PIN just for Internet transactions.)
The use of an ATM card number and PIN to identify the customer enables cross-selling. If a bank customer is opening a securities account online or purchasing insurance using the ATM card and PIN as identification and the Uniform Computer Information Transactions Act as the governing law, it is hard to see how the transaction could be disclaimed.
Apart from electronic banking, the Uniform Computer Information Transactions Act assists banks that license technology. It provides a comprehensive framework that governs software licensing and provides rules for warranties, system performance, and default. As most rules are default rules that apply in the absence of a contract, or in the absence of a contract provision, most licensing rules in the Uniform Computer Information Transactions Act can be varied by agreement.
Therefore, in a state that has adopted the Uniform Computer Information Transactions Act, it is relatively easy to draft a licensing agreement that will be enforced, as written, in that state, and that will be similarly enforced, as written, in the licensees state. Without the Uniform Computer Information Transactions Act, one would have to research the common law in order to determine the enforceability of contract provisions and would have to accept a degree of uncertainty as to the enforceability of many provisions.
Suppose that the retail banking units and the MIS department of a bank wish to use the Uniform Computer Information Transactions Act but that other units of a bank, or an affiliate, wish to conduct business electronically relying on common law or system rules? The Uniform Computer Information Transactions Act enables such choice.
Through a unique set of opt-in/opt-out rules that were developed for financial transactions, parties to Internet banking transactions may choose to use the law or not, or to use only those sections of the Uniform Computer Information Transactions Act that enable a bank to identify its customers.
How does a bank use the opt-in/opt-out election? On the initial screen, the bank states the sections of the act the transaction is subject to and requires the customer to click an I agree button in order to proceed further.
Banks in Maryland and Virginia, the only states that have enacted the Uniform Computer Information Transactions Act, can avail themselves of its provisions. The bill will be introduced in other states during the coming legislative session.
Banks in states that do not enact the Uniform Computer Information Transactions Act might consider how to avail themselves of the Maryland and Virginia laws much as banks availed themselves of the laws of commercially conscious states in the 1970s to overcome usury restrictions.
The basic principle that parties ought to be free to contract as they see fit should enable a bank and a sophisticated party to agree that their contract is governed by the Uniform Computer Information Transactions Act, even though neither party is located in a state that has adopted the legislation.
Ms. Stern is a partner in the Nordquist & Stern law firm in New York. She represents New York State on the Conference of Commissioners on Uniform State Laws.
