Appropriateness of usage of tag-line: ‘It is computer generated letter/report/ statement/advice and therefore does not require any signature’ in commercial communications
In every walks of life, we come across a situation where we receive an unsigned business letter/Receipt/Advice which bears the legend “ This letter/Report Advice is computer generated and therefore does not require any signature”, or similar to that. I think it is the best route for the originator to escape.
This has become rampant practice to use this tag line across industries, without understanding the technical intrigues of the Information Technology Act and the process. Due to the practice of reading this myth/legend, people assume the tag line as supported by law of the land (is in sync) and treat it on par for full face value with a properly signed (manually) or document digitally signed under IT Act and is legally valid business communication.
Without any legal basis, in gross violation of established norms and without the backing of any law many banks have started new products like e-fixed deposit and started e-mailing e-FD receipts (PDF) as attachments to depositors/recipients using password protection mechanism provided by software vendors for email attachments. Many NBFC’s have joined banks and started issuing e-FD deposit, eFD advice etc. Banks/NBFs contemplate that password-protected email attachments (mostly PDF) to be an e-signed / electronically signed documents. Gullible depositors get misdirected/confuse it with an electronic or digital signed.
In response to my RTI query RBI informed me that in past RBI wrote to IBA to explore the possibility of issue of ‘FD advice’ in place of ‘FD receipt’ and RBI has no information about the issue of e-FD/e-FD receipt etc.
RBI cannot be a mute spectator to all these happenings when FD form about 65%-75% of banking sector’s deposits and should ensure that the sound banking practices are observed (not hijacked by modern tech-savvy bankers, NBFCs etc which help them in reducing their overheads). RBI and other financial market regulators, Govt must examine the matter thoroughly to ensure that practices of banks/NBFCs etc stand to test the law.
I wonder who told banks, financial, corporates that computer-generated paper does not require a signature.
The mere fact of a generation of letter/intimation/advice or confirmation on the electronic system (computer) does not confirm the authenticity of the document as such does not prima-facie bind its originator. Standalone letter/intimation/advice cannot become a valid legal document as it is not, ‘duly executed’.
Instances form financial sector:
In respect of certain types of inter-bank FX contracts, derivative contracts many banks send unsigned computer-generated deal confirmations with an above legend (probably to circumvent the stamp duty issue associated with the term “duly executed”) requesting counterparty to sign such document and return. Similar instances can be quoted from insurance, trade and industry segment of the business.
In 1985 FEDAI had issued a circular to its members approving the procedure of issuing unsigned “inter-bank FX FE contracts” without a signature, provided the banks issuing the unsigned confirmation execute an indemnity in favour of counterparty bank/s. The managing committee of FEDAI in Nov 1986 approved format of indemnity.
In the above case, the FEDAI Approved format of indemnity inter-alia provides that “the oblige has agreed to accept computerized confirmations of FE contracts originated by an obligor upon executing an indemnity by the obligor in favour of obligee in the manner hereinafter appearing —–“. The indemnity inter-alia puts a responsibility on the oblige that obligee shall immediately on receipt of computerized confirmation advise the obligor of exception that obliges may have in respect of contents of the computerized confirmation/s. Thus above FX confirmations, etc that are in continuation of duly executed indemnity between parties concerned may stand on a better platform.
Notwithstanding the validity of such documentation, the practice continued with respect to the inter-bank players for FX contracts. Stretching a portion of this untested practice by all and sundry (without underlying indemnity) and without realizing that it may have serious commercial implications as it would not be termed as “properly executed” in a court of law.
Though there are some advantages of sending unsigned communication (like no waiting time for the signatory to authenticate several stereo-typed communications, intimations that serve as reminder or intimation) system generated communication could suffer from several serious deficiencies. It is possible that system would generate (or used to generate) incorrect letter/Receipt/Advice (due to wrong data input etc) or it may generate a document as per the set standard parameters and mistake in document generation/communication may creep-in and fraud/lapse may go unnoticed.
While there has been a provision for a facsimile signature I am at a loss to understand as to why the senders of the business letter don’t use facsimile signatures of originators. In bulk routine mail communication a facsimile signature could be tolerated / acceptable to the recipient and help prima-facie to know who has originated the communication etc.
However, in respect of Papers like Term Deposit advice/receipts, cheque return memo and many other documents which has evidentiary value and could impact as it would not comply to ‘duly executed status’.
Unless the recipient of the communication at any time agreed to receive such unsigned letters/intimations/ advice, explicitly, while understanding its implications, such unsigned communication would not be binding on the receiver of the communication nor binding on the originator (in spite of any disclaimer) whether due to commercial / industry practice / conventions or otherwise.
The parties to any commercial transaction should endeavour, to replace invalid, illegal or unenforceable provisions, with valid provisions.
Under no provisions of Indian Technology Act, 2000 or otherwise, one can bind oneself /or the other party to the contract/transaction or to information where such paper/document is not properly executed by the originator (of such communication).
Only a few days ago, I came across a case where the validity of such ‘legend’ appearing on a cheque return memo issued by the drawee bank by questioned in a civil suit. In respect of proceedings, u/s 138 of NI Act defendant’s advocate raised an issue about the validity of this unsigned (not duly signed) cheque return memo as a valid document from an evidence point of view.
Though using supplementary documentation to corroborate return of cheque for financial reason, the complainant can attempt to convince the court about the cause of bouncing of the cheque. Had this been ‘duly signed’ case would be smooth.
Now due to the faulty process of bankers in issuing unsigned memo if the payee succeeds in getting the dismissed or halted who would be responsible for the goof? Bank may go scot-free citing industry practice the complainant would lose legal remedy. Regulators should direct susceptible general public, and regulated entities appropriately.
Hence, Regulators may initiate a debate on this and advise all concerned to ensure that documents representing commercial/business transactions are properly executed and the invalid practices are not allowed to spread.
An electronic document requires an electronic signature to be legally valid, in most nations of the world. In India, in most of the cases, we generate paper and state that ‘no signature is required’, making it appear to be legally valid due to this legend.
As per the Indian IT Act, an electronic document requires an electronic signature as prescribed by the Act, to gain legal sanctity in the court of law. Hence saying that the printed document in the subject is produced electronically and therefore does not require a signature is not acceptable.
There are two main reasons why documentation requires a signature:
1. To check the authenticity of the document itself.
2. As a record-keeping within a business or an organization intended to determine who drafted the document
The statement “This is an electronically generated report, hence does not require a signature” is not intended for the first aforementioned reason. The unsigned computer-generated document has no evidentiary value.
It can be mentioned for the second reason. When the business or organization has an electronic software-based document generation, its database will have the record of the user who signed in to generate the document hence can be used internally.
While a computer-generated letter without signature may be accepted in ordinary communications, like on general matters, dividends based on standard calculation etc., any document that requires authenticity of the document validation by digital signature or manual signature, should bear such signatures.
Unlike electronically transmitted messages, which can be traced and established, other documents which are printed out cannot be proved unless they are signed. The consequences of relying on such an unsigned document could be disastrous.
Cases that are not typically appropriate for Electronic Signatures or Digital Signatures under IT Act,2000
Use cases that are specifically barred from digital or electronic processes or that include explicit requirements, such as handwritten (e.g. wet ink) signatures or formal notarial process or registration with Registrar or Sub-Registrar that are not usually compatible with electronic signatures or digital transaction management.
What is digital signature: A ‘Digital Signature’ is the authentication of an electronic record by means of an electronic method or in accordance with the procedure as set out in the IT Act. The subscriber of such an electronic signature may authenticate an electronic record by affixing his electronic signature, stored on a private key. Such authentication is effected by the use of the asymmetric cryptosystem and hash function. The electronic record can be verified by any person who has a public key of the subscriber. The private key and the public key are unique to the subscriber and constitute a functioning key pair. An ‘asymmetric cryptosystem’ refers to a system of a secure key pair consisting of a private key for creating an electronic signature and a public key to verify the electronic signature.
Qualified Electronic Signature is an Advanced Electronic Signature based on a qualified certificate. It is created by a Qualified Electronic Signature Creation Device (QSCD). The Qualified Electronic Signature (QES) includes all the security features that an Advanced Electronic Signature (AdES) provides by:
– Having the ability to uniquely identify and link its signatory to the electronic signature.
– Allowing the signatory to have sole control of the keys used to create the electronic signature.
– Identifying if the data has been tampered with after its accompanying message has been signed.
– Invalidating the signature if signed data has been altered in any manner.
Difference between the AdES and the QES is the addition of a qualified certificate. This certificate is issued by a qualified service provider, and it attests to the authenticity of the electronic signature to serve as proof of the identity of the signatory. However, there is more to creating the QES than just the addition of the qualified certificate to an AdES. The signature itself must be created using a Qualified Signature Creation Device (QSCD). This device is responsible for qualifying a digital signature with specific software and hardware that ensures that:
– Only the signatory has control of their private key
– The signature creation data that is generated is managed by a qualified provider
– The signature creation data is unique, confidential and protected from forgery. There is no practical application of QES in India.
What is Aadhar based authentication:
Government of India had introduced a different QES whereby the person who has an official identity card issued by the Government (Aadhar) is able to authenticate a document using the Aadhar eKYC services. Through the interface provided by the Application Service Provider (ASP), users can apply electronic signatures on any electronic content by authenticating themselves through biometric or OTP using Trusted Third Party (TTP) Aadhaar eKYC services through an eSign Service Provider. The interfaces are provided to users on a variety of devices such as a computer, mobile phone etc. The eSign service provider facilitates key pair generation and the Certifying Authority issues a Digital Signature Certificate. The eSign Service Provider facilitates the creation of the Digital Signature of the user for the document which will be applied to the document on acceptance by the user.
In India currently authenticity of the document can be ensured by duly signing by any of the following:
1. Wet ink / manual / actual signature
2. Digital signature as defined under the Information Technology Act, 2000.
3. Document created in accordance with the provision of the IT Act, 2000 and signed using an electronic signature to authenticate the documents
The Information Technology Act, 2000 has made provisions for ‘electronic signatures’ normally used by us which is different from the “digital signature”.
Even after authenticating some documents with the ‘electronic signature’ in many cases, issuers are required to put an actual signature or digital signature where there is no explicit legal provision to that effect under the relevant Act.
In order to address this issue some acts have been so that a document is issued bearing ‘electronic signatures’ in accordance with the provision of the Information Technology Act, 2000 then there will not be a requirement of putting the wet-ink/manual signature or usage of a digital signature.
Under Rule 46 of the CGST Rules, 2017 signature or digital signature of the supplier or his authorized representative was a must on the invoice. Later it was amended to Provide that the ‘signature’ or ‘digital signature’ of the supplier or his authorized representative shall not be required in the case of issuance of an electronic invoice in accordance with the provisions of the Information Technology Act, 2000 (21 of 2000).
It is important to note that the Information Technology Act, 2000 validates the electronic signatures only of the issuer has following reliable process (this process is as mentioned in Section 3-A of the Information Technology Act, 2000),
(a) the signature creation data or the authentication data are, within the context in which they are used, linked to the signatory or, as the case may be, the authenticator and of no other person;
(b) the signature creation data or the authentication data were, at the time of signing, under the control of the signatory or, as the case may be, the authenticator and of no other person;
(c) any alteration to the electronic signature made after affixing such signature is detectable
(d) any alteration to the information made after its authentication by electronic signature is detectable; and
(e) it fulfills such other conditions which may be prescribed
Even if it can be claimed that the concerned individual can always demand that the hard copy should be properly ‘signed’ by the competent person, the onus should be on the originator. Majority of the customers of the bank do not ask for a stamped and signed bank statement of account, acknowledgement for the deposit of cheque pay-in-slip (the staff directs them coolly to ‘cheque dropbox’).
I had appealed financial market regulators, dept of CoA Insurance and PF regulators to take active interest in resolving this matter otherwise, the simple activity of passing the would continue till infinity (without initiating any possible action, within their respective domain).
In this connection, none except legal dept RBI replied (to me) on 14th Aug 2019 through an email as under:
“We advise that Reserve Bank has not issued any instruction to banks on the above matter, as such matters are governed by ‘Statutes’ which are not within the purview of RBI. The customers can obtain signed copies of statements, other advice etc. from banks if they have a specific requirement.”
I expected from RBI etc to flag the matter to other financial market regulators and take up with the govt for an appropriate advise and/or formulation of legislation. Least could have directed RBI regulated entities appropriately. It communicated me casually (not to the public in general, through appropriate communication channel). I have written to PMO and MoF following this.
While a computer-generated hard copy of letter without signature may be accepted in ordinary communications, on general matters, any hard copy of document that requires authenticity should be validated by ‘manual / wet-ink signature’ and e-document that requires authenticity should be validated by ‘digital signature’ or by ‘e-signature’ (wherever permitted and is created in the manner prescribed).
I appeal all concerned to desist from using reckless tag-line: It is computer generated letter/report/statement/advice and therefore does not require any signature”, at least in important and non-routine commercial communications and follow legal methods.
(Shivaprasad Laxman Chhatre)
Bavdhan, Pune 411021
Contact: 9819380114 Land: 020 22947152