The electronic signature is becoming an unprecedented compliance issueBy Alain Thériault | November 22 2017 07:00AM
Research by The Insurance and Investment Journal has found that insurers are increasing their level of security to ensure the validity of electronic signatures, while others are still reflecting on this possibility.
The approach to electronic signatures varies greatly from insurer to insurer, from the technology provider selected to how the signature is created. Among external providers most often mentioned is VASCO, an American firm which owns eSignLive. VASCO recently acquired the Canadian firm Silanis, which dominates the market and developed the eSignLive software. Other providers are Adobe with eSign, and DocuSign. Some insurers have their own technology.
Insurers that do not already have electronic signature capabilities are looking to catch up, as the electronic application trend takes off in the industry. The recently launched RBC Insurance e-app supports eSign technology, said Maria Winslow, senior director, life and living benefits product management. The electronic signature mimics the physical signature of the person and can be done with finger or mouse, she says.
Adopt and sign
For its e-app launched in 2016, Manulife did not offer any physical signature option, whether by finger, mouse, or other. “We offer the ‘adopt a signature’ feature. The client simply enters his name in the system, and the system subsequently generates a formatted version of the signature. The customer can then approve that the signature is his, accepting the ‘adopt and sign’ functionality. This is how we collect signatures from our clients and advisors,” said spokesperson, Steve La Barbera.
Insurers rely on their advisors to identify the signer beyond any doubt. “As the advisor must meet with the client beforehand, he can verify the identity of the client by telephone when the advisor’s password is transferred to clients (or to the policyholders),” explained Nathalie Tremblay, head of life insurance products and living benefits, Desjardins Insurance. For remote signatures, authentication is done by creating a personal identification number (PIN), adds Tremblay.
At Assumption Life, the signature is linked to the signer’s unique e-mail and automatically captures the signing location from the IP address of the device, said CEO André Vincent. Assumption Life uses advanced digital signature technology to protect the integrity of signed documents, while capturing the most comprehensive audit trails.
Like Assumption Life, Manulife clearly identifies the signer by e-mail. “An email is sent to all participants with a password-protected link. This password, which is generated by our system, is unique for each user. A certification of authenticity is generated by our system and contains information such as the date on which the signature was registered, the e-mail address of the client, as well as its IP address,” says La Barbera.
At Assumption Life, Vincent added that the eSignLive by VASCO provider authenticates signers, presents documents to sign, captures additional data as required, and tells people to sign and sign all required locations. “The signed documents are then transmitted to the downstream system. The final document includes a certificate confirming that the document has not been modified. It also ensures the integrity of electronically signed documents by applying a digital signature and sealing the document against alterations after the signature of each person,” he explained.
The Co-operators' provider is eSignLive by VASCO. “We use a multi-step authentication process,” says the insurer's spokesperson Leonard Sharman. “Clients can log in using a unique code provided to them by their advisor, and can ‘click’ online to accept. We are confident that our multi-step authentication process provides an appropriate level of security,” he says. For each signed agreement, documents are inextricably linked to the associated signing ceremonoy data and retained securely in an electronic recordkeeping system. System controls render the combined data and document packages as tamper-proof by restricting any modifications, updates or edits. Audit trails and logging is in place to monitor access to the data, he adds.
Insurers who have not yet enabled remote electronic signatures are thinking about it. “Our electronic signing process, to allow our advisors to do transactions remotely, is not planned at this time. We have adjustments to make to our current process to allow this in full compliance. We will make these adjustments in the near future,” said Anne Girard, senior director, Support Services, Distribution Networks at iA Financial Group.
In its career network, La Capitale, uses a stylus signing process internally with its Mirego system. “Signing is in-person only. The advisor acts as a witness. We are starting a project to choose an electronic signature provider,” said Francine Hampleman, senior director, IT Development, Individual Insurance and Financial Services at La Capitale.
Hampleman says that security is at the heart of the insurer’s current process. “The PDF document is locked and cannot be changed except by our application. If it is modified, the application forces the signatures to be redone,” she says.
BMO Life Insurance expects to launch both an e-app and an e-signature process by the end of the summer, said vice president, Business Development, Daniel Walsh. “Right now, for insurance sales, without meeting the customer, we do not offer an electronic application.” Walsh said.
He added that BMO Life Insurance currently uses a PDF application that the advisor completes on the phone. He explains they have a partnership with the paramedical firm Watermark whereby, at the meeting for the paramedical, the client’s identity is verified and then the client signs the printed PDF application. This makes it possible to identify the signer beyond any doubt,” he says.
Insurers with complex structures may have significant differences between subsidiaries or departments. For example, iA Financial Group uses the eSignLive electronic signature by VASCO. IA Excellence also uses it, but only when signing the required documents, once the application has been received at the head office of the subsidiary. If the transaction takes place on its Assure & Go digital platform, the electronic app is signed before it is sent to iA Excellence, and is supported by a system developed internally, Anne Girard said.
In terms of security, the document is protected in the same way in both organizations. It is an encrypted PDF on which the insurer is able to detect any alterations. “In addition, we have an ‘evidence summary’ file that contains information such as the client’s IP address,” Girard said.
For Great-West Life and its subsidiaries Canada Life and London Life, the use of electronic signatures is not channel-specific, but relates to products and services within its Individual Customer and Group Customer divisons.
“Our electronic signature solution for advisors was built in-house as part of our web application (web app) solution for Individual Insurance launched three years ago as part of New Business Now,” said spokesperson Marlene Klassen.
In the case of the web app for individual insurance, Great-West’s system emails a PDF of the final submitted application to the client. “We require the advisor to witness the clickwrap stage of our web app signature.”
When the signature has been entered using eSignLive, the document is doubly protected since it locks the PDF document and captures the electronic data that provides the full record and physical location of what was done, when it was done and what IP address was used,” says Klassen.
The electronic signature solution for transactions made from mobile devices, allows advisors to sign with their finger, stylus or mouse.
For group products, the person must be positively identified before signing the document online, says Klassen. In most cases, the client is identified when he logs into a secure portal like Wayfinder. Great-West allows customers to enrol as a plan member with a single click. “In some situations, we use the identity verification services offered by eSignLive,” she said.
Using eSignLive involves entering the signature of a person electronically by means of a mobile device or a mouse, or by a finger, says Klassen. “For our mobile signature capture, we send a text message or email to the individual. They click on a link that launches a ‘sign-on-screen’ experience on a phone or tablet. Once the signature is has been captured, a single click adds the actual signature to the document,” she explains.
For more about e-app and e-signature technology, read Smart e-apps revamping the industry.