5. Digitizing from the first interaction
eSignatures allow processes that are usually paper based to be digitized from the start
6. Banking Relevant Legislation Cases
Banking compliance spans several pieces of RSA legislation
The National Credit Act describes which particulars need
to be included on every credit agreement.
Section 2.
(3) If a provision of this Act requires a document to be
signed or initialled by a party
(a) (a) an advanced electronic signature, as defined in
the Electronic Communications Act, 2002 (Act No.
25 of 2002); or
(b) (b) an electronic signature as defined in the
Electronic Communications Act, 2002 (Act No. 25 of
2002), provided that-
(a) (i) the electronic signature is applied by each
party in the physical presence of the other party
or an agent of the party; and
(b) (ii) the credit provider must take reasonable
measures to prevent the use of the consumer’s
electronic signature for any purpose other than
the signing or initialling of the particular
document that the consumer intended to sign
or initial.
Advanced Electronic Signatures are defined in the
Electronic Communications and Transactions Act, 2002
(Act No. 25 of 2002) as:
• An electronic signature which results from a
process which has been accredited by the
Accreditation Authority.
Section 37 and 38 of the Act stipulate the criteria for
accreditation:
(Section 38.1) - The electronic signature:
• is uniquely linked to the signer;
• is capable of identifying the signer;
• is created under a means that can be maintained
under the sole control of the signer;
• will be linked to the data or data message to
which it relates in such a manner that any
subsequent change of data or data message is
detectable;
*Advanced Electronic Signature is the South
African equivalent to QES
8. The role of evidence in regulatory compliance
• Currently it is costly, companies are forced to push the costs on to
customers
• Without digitisation it is nearly impossible to get compliance right
• Paper based processed are disparate and haphazard, with
incomplete information
• Digital footprints and fingerprints allow for the capture of evidence
and proof required to prove compliance
• Auditable and tracked processes stored in digital documents
reduce opportunities for abuse and fraud
9. Consent & Agreement
The intersection of privacy and proof of intent
• Always keep a record of any consent, agreement or notification
• Don’t use consent where you should use a contract
• Don’t notify where you should get consent, always notify of data
processing activities
• Do provide a closed loop process where agreements cannot be altered
• Do track signatory’s interactions with the agreement to prove intent
10. Contracting parties & Identity
Compliance and trust require that all parties are identified
• Both or all parties to a contract must be identifiable, during
and after the signing ceremony for the contract to be valid
• Do ensure that the agreement is only available to the
intended signatory
• Layer controls to ensure that only the signatory can access
and apply their signature
11. Restrict alteration after signing
Technical controls must be in place to ensure integrity
• Ensure that documents are stored in an immutable format, like PDF
• Digitally sign on completed documents to prevent tampering
• Highlight any attempts at tampers after signing
• Provide technical proof of a document original -
• Annotations made during signing
• Signing workflow
12. Provide proof of compliance
Proof of compliance is required from the sending party
• Understand consent requirements within existing processes and solutions
• Create secure consent, agreement and approval processes that do not
allow for unintended intervention or alteration
• Provide technical proof of the signing process, workflow and signatory
interactions
• Make technical audit trails easily understood through a Chain of Custody
Certificate m
16. Return on digitisation
A few of the things we’ve seen our customers achieve
• Improved process & regulatory compliance
• Entire company secretarial functions digitised
• Governance, Risk & Compliance function digitised
• Time savings through efficiencies
• Requirement for printing eliminated
• Signed documents returned within hours or days
• Operational processes reduced from weeks to hours
• Reduced costs
• Paper & printing – Sh23.3mil a month in a single division of Absa Bank
• Administration staff redeployed into skilled roles
• Rapid implementation
• 2 – 3 weeks integrated deployment at many large customers
• Instant adoption on internal use
• Phased embedding into own infrastructure & environment
17. Prevent fraud before it starts
Learn from our customers experience
Certainty of identity & non-repudiable
contracting
Propensity for fraud, credit checks,
medical aid & bank account verification
Automation, auditability, AI driven
processing & voice lie detection
Manual validation, fraud investigation
& evidence for prosecution
20. WebTrust Assurance
The WebTrust program is based on the following Trust Services
Principles and Criteria
Security The system is protected against unauthorized access (both physical
and logical).
Availability The system is available for operation and use as committed or
agreed.
Processing Integrity System processing is complete, accurate, timely, and authorized.
Online Privacy Personal information obtained as a result of e-commerce is
collected, used, disclosed, and retained as committed or agreed.
Confidentiality Information designated as confidential is protected as committed or
agreed.
21. WebTrust Assurance
Standards and security control framework
3rd Party Annual Audit
• KPMG independent audit against
global framework
• Auditors are granted the right to
conduct the audit
• Evaluate controls for effectiveness,
and then evaluate actual
adherence to controls
Controls evaluated
• Physical & Logical security
• Availability & Business continuity
• Incident management
• System development & practices
• Risk management practices
• Asset classification & management
• Access management & Personnel
security
Standards
• ISO - International Organization for
Standardization
• ETSI - European Telecommunications
Standards Institute
• ANSI - American National Standards
Institute
• CAB Forum – Certificate
Authority/Browser Forum
26. References
APIs form the core of their data
security overhaul
• API integrations implemented by
their own developers across
their internal systems of record
• Signing capability extended to
broker network for contract
consolidation
• Reduced costs
• Infrastructure has replaced
multiple disparate manual
processes
• Bulk sending capability extending
cyber security into marketing
operations
SAP integration for financial
statements and world first
electronic scripting
• Integrated to SAP to enable the
distribution and signing of
monthly financial statements
across every hospital – saving
weeks and avoiding fines
• Internal signoffs for supplier
documents and timesheets
• eScripting solution that’s
boosting medicine sales,
reducing prescription fraud and
supporting no-touch initiatives
during covid
Remote signing in 10 days during
lockdown
• Dashboard signing set-up within
10 days during lockdown
• Enabling Assupol’s future state
digitization initiative where all
client documentation will be
signed via Impression
• API integrations implemented by
their own developers across
their internal systems of record
• Integrated into contract
management system
• Remote customer onboarding
with biometric and multifactor
onboarding
Use holistic solution to kick start
digital transformation
• Real time USSD signing for Call
Centre initiated contracts
signature pad signing in branch
• Dashboard signing for
relationship banking
• Dashboard access for internal
daily operations
• API triggered contracts across
the business
• API integrations implemented by
their own developers across
their internal systems of record
Interface between disability grant
recipients and doctors
• USSD enabled signing of
disability grant applications by
doctors
• Dashboard signing integrated
and rolled out in 10 days
• Further enabling digital
document management across
the organisation