Electronic Signature Software in Asia Pacific: Legality, Security, and Other Considerations
While e-signing is still a nascent practice in parts of the world, we are seeing a surge of interest in e-signatures globally. Closer to home for me is the Asia Pacific region, where OneSpan has e-signature customers from Australia to Hong Kong. Most recently, our team deployed electronic signature software for two prominent organizations in the region. One is a government agency that deals with enterprises for property and land leases, while the other is a large international bank whose business banking operations required time-sensitive counter-party confirmations for their customer trades.
Based on our experience expanding e-signatures in Asia Pacific over the past year, this blog shares some of our top insights regarding how organizations in the region should approach electronic signatures.
Electronic Signature Software: How to Avoid a Common Project Failure Scenario
At the onset, most businesses start out with electronic signature software by thinking about the legal aspect. A common approach that we see is organizations may try to go it alone by incorporating the necessary security constructs, such as digital signatures and digital certificates, to meet local legal and regulatory requirements for e-signed documents.
If an organization only focuses on e-signature as a legal or technical requirement, however, they may overlook a purpose-built electronic signature software solution (that can leverage digital signature and digital certificate technology as part of the signing process) in favor of a quick fix. For example, the organization’s in-house IT team or existing service provider may attempt to issue some form of digital certificate credential to signers, and rely on the built-in capability in applications, such as Microsoft Office or Adobe Acrobat, to digitally sign the document.
When this happens, the organization quickly realizes that such a solution is highly inconvenient to use, lacks scalability beyond a closed group of users, and does not support many of the business use cases for document signing workflows. This type of project-failure scenario is common when organizations treat e-signature as a technical requirement, rather than a business enabler.
Electronic Signature Software as an Enabler of a Better Business Process
If organizations look at e-signing from a business workflow perspective rather than simply trying to solve for a digital document that needs a signature, they realize that a document is only one part of a larger business process. The process typically involves multiple parties that will acknowledge, append, approve, or act on multiple documents at different stages.
For example, take a simple contract signing process. The contract may need to be reviewed, commented on, revised, approved, and signed by multiple people at different points in time. How all of this is tracked and how the documents move from one party to the next is crucial to the completion of the contract.
To design an appropriate e-sign flow that is easy and intuitive, you need an e-signature solution that incorporates business features such as the hierarchy of roles, next signer notification, reminders, strong authentication, workflow rules, and a full audit trail of the signing journey.
A good outcome would be for signers to see a simple interface that guides them to review the document and indicate their intent to sign, while all other process complexities are handled transparently. Decisions about things like whether to use a digital certificate, which certificate to use, what to do if the certificate is unavailable, where to place the e-signature, who to route the document to next, etc., should be automatically orchestrated by the e-signature service – not left to the signer.
Legal Status of E-Signatures
Electronic signature laws differ across jurisdictions. Some countries recognize different types of e-signature (for example, the Qualified Electronic Signature, Advanced Electronic Signature, or Basic Electronic Signature).
In countries where only Basic and Advanced E-Signatures are required, such as in Singapore with the Electronic Transactions Act of 2010, electronic records and signatures are treated as any other type of electronic data and are as admissible to court as if they were paper-based records.
With Basic and Advanced E-Signatures, it is up to the organization to authenticate the signer, but with a Qualified E-Signature the organization must use a personal digital certificate to do so. The end-user certificate required for a Qualified E-Signature does not make the document “more legitimate”, but rather reduces the legal burden of proof in the event of a dispute.
While some countries may favor electronic signatures based on digital certificates, others recognize that enforcing third-party certificates for all e-signed documents will increase the cost and inconvenience to signers. Researching the electronic signature laws in your country or region will help determine whether digital certificates should be used, and if so, for which use cases and scenarios (tip: your e-signature provider should be able to provide guidance here as well).
In addition, local laws and regulations may also require:
• Organizational-level security and operational processes such as strong user identification and authentication for KYC (Know Your Customer) or PYC (Prove Your Customer) compliance
• A secure audit trail of the signing journey for proof of intent
• Reliable long-term archival of e-signed documents and audit trails
• In-country data hosting for data residency and privacy (tip: look for a provider that offers on-premises, and public and private cloud deployment options, to meet this requirement)
OneSpan Sign: Electronic Signature Software
Organizations around the world are rapidly going digital and e-signatures are essential to this transformation. Partner with an e-signature provider that can support the full digitization of the customer journey – from a customer’s initial application and digital identity verification, through to electronic delivery, presentation, signing, and secure storage of an agreement – as well as the capture and management of all supporting audit trails.
Learn how to digitize your internal, B2B, and B2C signing workflows with the OneSpan Sign e-signature service. Or, if you are researching a solution for end-to-end digital account openings, asset financing, or leasing, visit our Agreement Automation page to see how we can help you digitize the customer experience through multiple technologies such as digital identity verification and e-signatures.