• Editor

5 Tips to secure electronic signatures in your retirement fund

With many board members of retirement funds forced into remote working by the Covid-19 pandemic - and likely to continue working a physical-virtual hybrid model for the foreseeable future - paperless processes and stricter privacy requirements are top priorities for board members.

This presents retirement funds with several opportunities in terms of cost savings on printing, courier fees, storage and retrieval of documents.

However, the challenges that must be met for legal compliance with the Protection of Personal Privacy Act (PoPIA) in South Africa and the EU’s General Data Protection Regulation (GDPR) may include the signing of documents remotely using digital signatures, often by more than one party.

Take board resolutions, where members are based in offices around the region or even the country. Like every legal document, resolutions need to be signed and dated by the members of the board as they would do with minutes of meetings.

Such signing of documents using digital or electronic signatures brings its own specific complications. Signatures can easily be copied and pasted into online versions of documents using simple technology, such as standard snipping tools, an online signing tool or any graphic design system. This makes signatures vulnerable to cyber threats.

Electronic and digital signing technology is often costly, particularly where several individuals in an organisation are signatories. Digital signatures can lock a document once signed and will not allow any changes, but the same is not always true of electronic signatures.

Secure solutions for legal compliance

Sending a document via email for various individuals to sign can also be time-consuming and presents a security risk. So, what can organisations and businesses do to ensure secure electronic signatures and compliant documentation?

1. Find signature technology that all of your main signatories will have access to, and be able to use for all documents. This must be a single system, controlled centrally in your organisation or for your board of directors. If this functionality is embedded within software that your company or board already uses, such as your paperless agenda software, it will ensure lower cost and maximum efficiency.

2. Ensure that the signature created using this system has both a “user identity” stamp and a “date and time” stamp created automatically by the secure signature system with each signature made. Ensure these electronic stamps are entirely tamper-proof. Note that where user identity and date and time stamps are not present, the signature might not be valid and documents can be contested.

3. Make sure documents to be stamped can only be signed by designated signatories. Using software such as your cloud agenda software, this can be controlled by the individual who makes the document available for signing.

4. A signing system that keeps a record of document version control is vital, and your software must note a version for every person who has edited a document.

5. A truly secure system where individuals can sign documents legally has the necessary security protocols in place, such as:

a. Secure login credentials with an email notification to the user for every login.

b. One-Time-Pins (OTPs) sent via SMS or Email of the appropriate signatory; or an Authenticator App for each login.

c. Encryption of all documents for signing.

d. Secure audit logs of who signed which document, on which days and at what time.

e. The ability to lock the file once signed.

Even as retirement funds resume face-to-face meetings as the economy normalises, they may find that electronic and digital signatures are more prevalent due to their speed and efficacy. However, cyber security risks will also increase proportionately and the software utilised will have to mitigate those risks.

According to cyber security giant Kaspersky, Covid-19 brought with it a tsunami of cyber threats and breaches. From phishing e-mails to vulnerabilities in collaboration tools, Africa was targeted by increasingly sophisticated attacks.

We urge the use of retirement fund-approved software for work, and the configuration of programs and devices properly to mitigate damage. Implementing software with add-on features such as secure signing functionality included in your cloud agenda software, for all your retirement fund board members, can be a key way to reduce the impact of threats and keep documents as safe as the risk landscape will allow.


PROMOTIONAL OFFER: 10% Discount applicable to fees in 1st year if you sign up now and use PROMOTIONAL CODE: EBAW090621