However, using a process selected by the customer or “home grown” by the customer may not properly address the foregoing. These considerations are especially significant if the funder intends to securitize or syndicate leases or loans.
Another important question is whose e-sign account is to be used? Even if the customer and funder use the same e-sign provider, the customer or vendor will be responsible for selecting the signer authentication settings of the transaction if you use their account. In the case of electronic leases, the customer may not have selected the “single authoritative copy” process to establish who has the sole “original.”
In terms of signer authentication, does the e-sign provider offer a two-step verification, such as a text with a code or an out of wallet identity check service? Without any face-to-face interactions, taking this extra step is important. In terms of cost/benefit, the incremental time and cost to do so is generally not significant.
Retaining an audit trail (sometimes called a certificate of completion) for the e-signer authentication process is vital. This is not simply akin to a cover sheet and should not be discarded. This document is very important and will, among other things, summarize who signed the lease, the date and time when the signing occurred and the IP address(es) used.
In the digital world it is absolutely crucial to remember the basics. Due diligence on the customer and its email address is critical. Do not skip any steps — small details are important. Look at the customer’s email address closely. If anything looks the least bit suspicious in an email, hover your cursor over the email address(es) and any embedded links BEFORE clicking. You will see the actual email address near the bottom of your screen, and it may not have any relationship to the one showing in the email.
Be on the lookout for emails that are not from an actual company email domain (John.DoeatABC@aol.com vs. John.Doe@ABC.com). Ask yourself, does the email look fishy, include typos or just seem off somehow? If so, dig deeper.
Funders must train their employees on basic technology issues, including IP addresses, URLs, website addresses, internet links and internet names. This training needs to be followed by regular updates and refreshers because technology and fraud techniques are constantly changing.
To minimize the risk of fraud in the modern world, whether dealing with email correspondence and attachments, an old fashioned wet ink signed paper lease delivered to you or an electronically signed (or full blown electronic lease), funders must institute standard back-office processes, including required lessee due diligence, and should consistently apply these, even for repeat business. Funders should remember that common sense and due care are needed just as much in the digital world as in the paper world.
Sometimes a funder will face old fashioned deception and theft. However, increasingly funders will face higher tech versions of fraud that are much more difficult to detect. Remember, fraud is a constantly evolving threat. If some component of a deal does not feel right, it may well not be right. Drill down, whether this means picking up the phone, going out to the customer or performing some other form of due diligence necessitated by the facts and circumstances.
And trust your instincts. Don’t be timid about challenging what doesn’t look right.