Importance of Electronic Signatures
Controlling and Proposed Legislation
Importance of Electronic Signatures
Russia's leading banks are increasingly becoming involved with the development of the Internet and e-commerce. For example, a select group of Russian customers will soon be able to purchase goods from an online store by making a direct electronic payment from their bank account. Wireless application protocol technology is also being introduced to facilitate internet banking over the telephone.
As the number of services increase, Russian banks will have to pay particular attention to their internal payment procedures and their contracts with customers. This is especially true for instructions authorizing the transfer of funds. Such orders have historically relied on printed documentation and written signatures, yet a pure e-commerce transaction requires that these matters be handled electronically. This inevitably means that special attention must be paid to electronic signatures. An electronic signature is important in virtually any internet transaction because:
- it identifies the parties involved;
- it signifies their intent to be bound by the agreement; and
- it ensures the integrity of the signed document.
Controlling and Proposed Legislation
A draft law on electronic digital signatures is being discussed in the Russian Duma. Until such legislation is approved, however, the main provisions on electronic signatures can be found in the Russian Civil Code. According to Articles 160(2) and 434(2), electronic signatures will be enforced if (i) there is a mutual agreement between the parties to use electronic signatures, and (ii) it can be established that the particular document comes from one of the contracting parties. Thus, the Civil Code provisions are quite flexible, since the parties themselves decide how to verify whether a signature is genuine.
The use of electronic signatures by Russian banks is subject to more detailed regulations. Article 847 of the Civil Code states that a contract can provide the customer with the right to make a non-cash payment from a bank account with the use of analogues of the customer's signature, codes, passwords and other means certifying that the instruction was given by the person authorized to do so. In order to establish the process for making such payments, the Central Bank issued Provisional Regulation 17-P of February 10 1998 on the Order of Acceptance for the Execution of Orders of the Account Owners, Signed by the Analogues of their Own Signature when Making Non-Cash Transactions by Credit Organizations.
The 1998 order defines an analogue of one's signature as "a personal identifier of a credit organization which is a control parameter of the correctness of compiling all obligatory requisites of a payment document and invariability of their content". Although this may be an unwieldy definition, it does not refer to cryptography. Therefore, an analogue does not have to meet the rigorous standards of a digital signature.
The 1998 order authorizes the establishment of an administrative body to verify electronic signatures 'in the flow of documents'. The administrator must be either a legal entity or a subdivision of a legal entity. It does not have to be licensed by the state.
According to Article 3.5 of the 1998 order, the participants in the flow of documents (ie, a credit organization and the client of the credit organization) can agree (in writing) to designate one administrator to review the analogues of a signature. Such an agreement must indicate the functions of the administrator and how these responsibilities will be fulfilled. Also, a participant in the flow of documents can simultaneously serve as the administrator.
Alternatively, Article 3.4 enables the participants to agree (in writing) on the procedures to be followed in reviewing the analogues of a signature. Here, it appears that the participants can themselves decide how to verify the signatures without having them confirmed by an administrator.
An administrator plays a secondary role in the verification process. A credit organization must first authenticate the validity of the client's analogue of his signature and establish that the payment document conforms to established requirements. A credit organization then reduces such documents to paper, which the administrator, according to Article 4.7 of the 1998 order, authenticates with his own signature and stamp. A credit organization is obliged to keep these records for the period stipulated under Russian legislation.
If a bank followed all of the above steps, it would possess the most foolproof electronic signature currently available under Russian law. Article 2.3 states that documents, signed by analogues of one's signature, shall have the same legal force as documents that are personally signed. Electronic signatures concluded under Articles 160(2) and 434(2) of the Civil Code cannot offer a similar guarantee since Russian practice still requires that a contract be signed and stamped to be valid. Thus, it remains uncertain to what extent a court will uphold an electronic signature, verified by the parties themselves (as opposed to the administrator).
Despite certain clear-cut advantages, individual banks are not necessarily required to follow the demands in the 1998 order. Articles 4.4, 4.5 and 4.6 state that credit organizations 'shall have the right' to certify copies of payment documents - certification is not mandatory. Therefore, banks appear to have some discretion as to whether to follow the 1998 order or to introduce their own verification procedures, with the risk that their own measures may eventually be judged in court to be inadequate.
Much of the flexibility concerning electronic signatures contained in the Civil Code (and in the 1998 order) would be lost if the most recent version of the draft law on electronic digital signatures (January 27 2000) were adopted. To begin with, the Civil Code contains a technologically neutral definition of an electronic signature, meaning that a wide variety of signatures are acceptable. In contrast, the draft law only recognizes digital signatures, which rely on a specific type of technology (ie, cryptography). Moreover, the draft law introduces a state-licensed certification centre that will review the signatures, whereas the 1998 order steers clear of direct state involvement in the verification process and allows any independent legal entity to be an administrator.
The one clear disadvantage of the 1998 order is that all documents must be printed out as part of the authorization process. This, of course, defeats the purpose of an internet transaction since the objective is to verify everything electronically and not require paper records.
The issue of electronic signatures is by no means the only issue that Russian banks will have to confront as they become more involved with e-commerce and the Internet. For example, Russian banks will have to review each customer's power of attorney, especially if the latter is used to authorize the transfer of funds in an electronic transaction. It must be emphasized, however, that Russian banks are in a unique position compared to other e-commerce businesses, in the sense that specific regulations actually exist that recognize their use of electronic signatures. At the same time, Russian banks will have to monitor the progress of draft legislation carefully to ensure that they observe any new regulations.
For further information on this topic please contact Will Pomeranz or Alla Izmailova at Baker & McKenzie by telephone (+7 095 230 60 36) or by fax (+7 095 230 60 47) or by e-mail ([email protected]).
The materials contained on this web site are for general information purposes only and are subject to the disclaimer.