New Electronic Documents Regulations for Financial Institutions: Consent Requirements Defined
The range of documents that banks and other federally regulated financial institutions (FIs) can provide to their customers exclusively by electronic means will get much broader when the new federal Electronic Documents Regulations come into force on June 1, 2011. However, FIs must first obtain the customer’s consent. The principal purpose of the Regulations is to set out the requirements that must be met for that consent to be valid.
While provincial electronic commerce laws and the Personal Information Protection and Electronic Documents Act (PIPEDA) have been in force for about ten years, the electronic document provisions of PIPEDA have never applied to banks and other federally regulated FIs. As a result, provincial law has continued to govern, subject to specific federal requirements.
In 2005, the Bank Act and other federal statutes dealing with FIs were amended to specify the conditions under which documents and other information could be provided electronically, but the implementation of the new provisions was delayed until the necessary regulations were settled. After almost five years of discussion, the Electronic Documents Regulations were published in final form in November 2010 and will come into force on June 1, 2011. At that time, the statutory amendments will also become effective.
Specifically, the new Regulations provide that:
- Before consent is given, the FI must notify the recipient: (i) that the consent may be withdrawn; (ii) that the recipient is responsible for informing the FI of any change in their e-mail or fax address; (iii) that any document will be retained only for a specified period of time and that the recipient is responsible for keeping a copy; and (iv) when the consent will take effect.
- The consent must list all of the "notices, documents and other information" that may be sent electronically and must and designate an "information system" which the FI is willing to use.
- If the recipient consents to receiving documents over the Internet, it will be sufficient to post the document on a website and notify the recipient by e-mail that the document is available on that site. This may be the preferred method of delivery because of its secure nature.
- Both the notice to the recipient and the consent must be accessible to the recipient and capable of being retained by them.
- If the recipient gives consent orally, the required information that would have been contained in the notice and consent must be sent to them promptly, in paper or electronic form.
- None of the foregoing requirements applies to the provision of an electronic document on a "one-time basis." This is an important exemption for an FI that carries on a mortgage or wealth management business.
- If the FI, or a service provider for the FI, has reason to believe that the intended recipient has not received a document electronically, a paper copy must be mailed. However, the electronic document is still considered to have been "provided" to the intended recipient when it leaves the "information system" within the control of the FI or the person who has sent the document on behalf of the FI, or when it is posted or made available through the secure website of the FI.
Since a consent may cover any number of specified documents, FIs will probably take the opportunity to list in the consent as many documents as possible to streamline operations and reduce costs. Because a notice or consent given under the Regulations "must be made in a language and presented in a manner that is clear, simple and not misleading," care must be taken in drafting the notice and consent so that they may be relied upon.
The Office of the Superintendent of Financial Institutions will, no doubt, be closely monitoring compliance with these requirements.