29 January 1998
The Bankers Roundtable supports federal legislation that would provide validity and certainty for private sector contracts relating to electronic authentication.
Electronic authentication provides a critical element for electronic commerce, particularly its role in verifying the identity of parties in financial transactions.
State laws on digital signatures and electronic authentication represented the first efforts to provide a solid foundation for electronic commerce within state borders. The interstate and international nature of electronic commerce requires electronic authenication devices that are valid regardless of location. The policy of supporting private sector initiative and not favoring one technology over another applies to electronic authentication.
Internationally, other countries and the European Community are considering actions to provide certainty and uniformity for electronic authentication.
Precedents exist for limited federal action to provide validity and certainty for private sector contracts for electronic authentication.
Federal action would support private contracts for electronic authentication and would provide certainty for these contracts in the face of differing state laws.
The time for federal legislation has arrived as electronic commerce faces
the need for strong authentication arrangements before a truly open system
of operation may be realized for users. Federal action would resolve domestic
issues and would create a strong foundation for United States actions in
the international community.
Mr. Chairman and members of the Subcommittee, my name is Alfred Pollard and I serve as Senior Director for Legislative Affairs at The Bankers Roundtable. The Roundtable represents the nation's major banking organizations, with a membership open to the 125 largest institutions. Roundtable member companies range in size from $800 million to over $300 billion in assets, represent some two thirds of all domestic banking assets and provide services in nearly every city and town in the United States and in countries around the world. The Roundtable appreciates the opportunity to address the Subcommittee on the important topic of new technology that affects the banking industry.
The Roundtable has been active for some time in the area of technology. Long before current interest in new retail delivery mechanisms, the Roundtable provided a major forum for discussion and industry policy making on the payments system.
Today, the Roundtable continues its efforts through its Technology and Payments Committee and addresses such diverse issues as regulation of delivery vehicles, encryption, privacy and security of new technologies, authentication, international technology issues and related topics. In 1996, the Roundtable issued a set of industry principles as guidance to the banking industry on technology issues entitled Banking and Technology: Statement of Industry Principles. This year the Roundtable spearheaded an effort to join industry groups in a common position on privacy in electronic media and on September 18th produced a joint release on Privacy Principles to benefit bank customers.
The Roundtable has taken a more targetted action in creating the Banking Industry Technology Secretariat or BITS. BITS aims to foster growth and development of electronic banking and commerce in an open environment that will encourage greater choice in banking software, access devices and the development of more efficient processing capabilities for the benefit of bank customers. BITS focuses on the business side of technology issues for the banking industry and has on its board not only Roundtable member companies, but as well members of the American Bankers Association and the Independent Bankers Association of America.
The Roundtable welcomes the opportunity to provide comments on the need for federal action on electronic authentication. For banking, a business founded on customer trust, operational security and privacy, certainty in authentication processes represents a key element of moving forward with new electronic commerce that will occur in an "open" marketplace. Old fashioned "know your customer" concepts remain just as valid in this new electronic age.
Defined. Electronic authentication refers to the use of various technologies that validate the identity of a party or device and, as well, may validate the transaction itself in electronic systems. In other words, electronic authentication verifies that a message was sent by a party and that the message has not been altered, thus proving the origin of information and its integrity. Authentication may come in the form of familiar PIN numbers or passwords or new biometric devices-- thumbprints or retinal scans-- or cryptographic measures such as digital signatures which involve mathematical formulas.
Electronic authentication does not relate to encryption or confidentiality of the message or information, only to the identity of the party and that the message is indeed the one sent by the party. None of the issues relating to law enforcement concerns with encryption or access to information arise here. Authentication, indeed, meets a key goal of the private sector and law enforcement-- assisting in the avoidance of fraud and the maintenance of system integrity and confidence.
Today, the private sector has acted to add this essential component to electronic commerce-- developing, refining and deploying authentication techniques. This means better protection for consumers and for financial institutions and greater utility for electronic commerce. At a recent forum on digital signatures, Department of Commerce General Counsel Andrew J. Pincus indicated that digital signatures are a "critical ingredient" for public and private sector confidence in electronic commerce.
Just as we do not know the exact direction technology and electronic commerce will take in the future and we do not want to impair its development, the future of electronic authentication should continue to evolve and is expected to add more value to electronic commerce, if its development is unimpaired.
Simply put, electronic authentication's role in electronic commerce begins when private parties negotiate agreements, for example to accept credit cards over the Internet, in which provisions exist for electronic authentication. These agreements serve the same function as existing arrangements among parties for retail and wholesale banking products, again such as PIN numbers for credit cards.
State Regulation. State governments have recognized the need for certainty and clarity in agreements between parties to employ electronic authentication. States have enacted laws that would create support for electronic authentication within their borders and for other purposes, such as legal validity and certificate authorities.
As an industry, banking supports a dual banking system and state banking regulation. Many of the nation's top banking firms operate under state charters and state regulation, including some of the nation's largest banks. The banking industry takes state initiatives seriously.
In the instance of authentication, a need exists for federal action in a "narrow band" to create a national approach that facilitates the creation of authentication agreements. State laws, that conflict with one another as enacted or that may conflict later under regulatory and judicial interpretation, run counter to the critical need for certainty in the authentication process.
Before specifics on authentication, a threshold issue must be addressed. Most parties to electronic commerce and the federal government's policies support development of technology and electronic services free from government intervention that would either hinder development of technology or steer it in one direction or another. Why would private sector parties, therefore, indicate that a need exists for federal action to provide certainty for electronic authentication?
Two fundamental reasons exist. First, government action has occurred at the state level and that action hinders development of electronic commerce; federal action would restore open marketplace operation by validating contracts between private parties. Second, evidence exists that as digital signature technology comes on line, there is reluctance to make major investments and deployment with legal uncertainty from differing state rules. In short, federal action is needed to restore private sector development.
Domestic. At the domestic level, electronic commerce would operate under extreme disadvantage and development would be hindered if state laws subjected a device intended to provide customer security and system integrity to uneven and conflicting enforcement. As new electronic commerce opportunities come on line, authentication must be there to assure that parties may identify one another and know that their actions and requests have been heard.
Simply put, why would we want different routing numbers on our checks, those band of numbers that are read electronically and help direct the payments process. Those numbers identify parties to the transaction, but no one wants to have fifty different rules on those simple identifying marks. In another example, VISA has asked the question of whether its hologram, an identifying safety device, needs to be produced in 50 different forms. Yet that is what differing state laws on digital signatures and electronic authentication would create.
Ironically, state banks may be disadvantaged by differing state laws. For the most part and with significant exceptions, state banks are smaller institutions. In a world where the costs are higher to conduct electronic business in a multistate environment, interstate activities for smaller institutions could be severely impacted. Larger institutions would be more likely to bear the extraordinary and unnecessary costs than smaller, primarily state chartered institutions.
Obviously, this subject has critical importance for financial services. Almost every electronic transaction involves the payment of funds. The identity of parties where financial transactions occur is fundamental to electronic commerce.
Simply put, in this narrow area of authentication, agreements signed by parties should be enforced as negotiated. They should be viewed as valid and should not be subject to different interpretation.
In the context of a "narrow band," such a policy affects only the authentication mechanism. If a violation of some other state law occurs, then that law applies to the overall transaction. If fraud, duress, impossibility or any other law violation occurs, a transaction would be subject to that law.
As Commerce Department General Counsel Pincus stated, not only domestic but as well international consensus is needed on digital signatures, because "...fragmentation is the great enemy here." He also supported technology neutrality by government and the need for private sector leadership.
In short, the need is for a federal statement that authentication and identification agreements are valid between the parties and that local laws will not upset this expectation of validity.
International. As transactions in this open marketplace move to an international level, the need for global recognition of identification that permits this one element of the process to proceed smoothly will press upon us.
Internationally, Japan, Denmark, Germany, Italy and the European Union are working to provide legal recognition for electronic authentication agreements. The United Nations has indicated interest in exploring the need for an international law on electronic authentication.
The European Union has published a paper entitled Towards a European Framework for Digital Signatures and Encryption, COM(97)503 released October 8, 1997. The paper highlights the significance of establishing a community-wide approach to electronic authentication in Europe in order to permit electronic commerce to advance. The paper sets forth a number of questions that need answers across national lines. Perhaps of most significance, the paper calls for European action with a common legal framework by the year 2000.
[Of note, the EU Commission paper indicated that key escrow of private keys would endanger the presumption that a document has been signed by the person whose public key corresponds to the private key used to create the digital signature.]
Federal action has been taken on a number of occasions to address issues that have an impact on financial service providers at the federal level and at the state level. While not routine, separate approaches have been taken for financial institutions.
At the federal level, banks have differing treatment under securities, merger and bankruptcy laws. Banks, in certain instances, face regulation under differing legal regimes due to the unique role of depository institutions. This has been the basis in many cases for such separation of legal treatment. It must be remembered that banks are key participants in the Federal Reserve's payment system.
Federal law has determined in limited occasions that state laws should not interfere with the operation of financial businesses across state lines. Since 1864, federal law has governed the charging of interest by national banks and has led to banks charging interest rates across state lines in accordance with limitations set forth in federal law, despite state usury laws; 12 USC 85.
Perhaps, the most pertinent and relevant example of a limited action that assured the validity of contracts, critical to commerce, came with congressional action on bilateral netting arrangements. In 1991 as part of the Federal Deposit Insurance Corporation Improvement Act, PL 102-242, a section of the law addressed reducing risk in the payment system.
Congress noted in Section 401 of the law, that financial institutions participate in thousands of transactions daily, that processing those transaction is essential to a "smoothly functioning economy" and that "such transactions can be processed most efficiently if, consistent with applicable contractual terms, obligations among financial institutions are netted." Finally, Congress noted that "the effectiveness of such netting procedures can be assured only if they are recognized as valid and legally binding..."
To that end, Congress provided that such contracts "notwithstanding any other provision of law...shall be netted in accordance with, and subject to the conditions of, the terms of any applicable netting contract." Section 403. [Text of Sections 401-407 is attached.]
Here Congress acted on a key element of commerce, upholding the validity of contracts in one area-- netting-- and not otherwise interfering with state laws.
Limited action now by the federal government would have major benefits for
all parties involved in the future of electronic commerce. A measure that
provides validity to contracts between parties and provides such valid contracts
should not be affected by other laws would provide a clear signal from the
United States on its intentions on an international level. Such a measure
would provide certainty in the United States without interfering with fundamental
commercial laws, most of which emanate from the states. In the end, what
should result is a system of business dealings through new technologies in
which customer security is increased and the integrity of our payment system
Federal Deposit Insurance Corporation Improvement Act of 1991, PL 104-242 (1991), Sections 401-407
The Congress finds that--
(1) many financial institutions engage daily in thousands of transactions with other financial institutions directly and through clearing organizations;
(2) the efficient processing of such transactions is essential to a smoothly functioning economy;
(3) such transactions can be processed most efficiently if, consistent with applicable contractual terms, obligations among financial institutions are netted;
(4) such netting procedures would reduce the systemic risk within the banking system and financial markets; and
(5) the effectiveness of such netting procedures can be assured only if they are recognized as valid and legally binding in the event of the closing of a financial institution participating in the netting procedures.
For purposes of this subtitle--
(1) BROKER OR DEALER.-- The term broker or dealer' means--
(B) to the extent consistent with this title, as determined by the Board of Governors of the Federal Reserve System, any company that is an affiliate of a company described in subparagraph (A) and that is engaged in the business of entering into netting contracts.
(2) CLEARING ORGANIZATION-The term "clearing organization" means a clearinghouse, clearing association, clearing corporation, or similar organization--
(A) that provides clearing, netting, or settlement services for its members and--
(i) in which all members other than the clearing organization itself are financial institutions or other clearing organizations; or
(ii) which is registered as a clearing agency under the Securities Exchange Act of 1934; or
(B) that performs clearing functions for a contract market designated pursuant to the Commodity Exchange Act.
(3) COVERED CLEARING OBLIGATION.-- The term "covered clearing obligation" means an obligation of a member of a clearing organization to make payment to another member of a clearing organization, subject to a netting contract.
(4) COVERED CONTRACTUAL PAYMENT ENTITLEMENT.-- The term "covered contractual payment entitlement" means--
(A) an entitlement of a financial institution to receive a payment, subject to a netting contract from another financial institution; and
(B) an entitlement of a member of a clearing organization to receive payment, subject to a netting contract, from another member of a clearing organization of a covered clearing obligation.
(5) COVERED CONTRACTUAL PAYMENT OBLIGATION.-- The term "covered contractual payment obligation" means--
(A) an obligation of a financial institution to make payment, subject to a netting contract to another financial institution; and
(B) a covered clearing obligation.
(6) DEPOSITORY INSTITUTION.-- The term "depository institution" means--
(A) a depository institution as defined in section 19(b)(1)(A) of the Federal Reserve Act (other than clause (vii));
(B) a branch or agency as defined in section 1(b) of the International Banking Act of 1978;
(C) a corporation chartered under section 25(a) of the Federal Reserve Act; or
(D) a corporation having an agreement or undertaking with the Board of Governors of the Federal Reserve System under section 25 of the Federal Reserve Act.
(7) FAILED FINANCIAL INSTITUTION.-- The term "failed financial institution" means a financial institution that--
(A) fails to satisfy a covered contractual payment obligation when due;
(B) has commenced or had commenced against it insolvency, liquidation, reorganization, receivership (including the appointment of a receiver), conservatorship, or similar proceedings; or
(C) has generally ceased to meet its obligations when due.
(8) FAILED MEMBER.-- The term "failed member" means any member that--
(A) fails to satisfy a covered clearing obligation when due,
(B) has commenced or had commenced against it insolvency, liquidation, reorganization, receivership (including the appointment of a receiver), conservatorship or similar proceedings, or
(C) has generally ceased to meet its obligations when due.
(9) FINANCIAL INSTITUTION.-- The term "financial institution" means a broker or dealer, a depository institution, a futures commission merchant, or any other institution as determined by the Board of Governors of the Federal Reserve System.
(10) FUTURES COMMISSION MERCHANT.-- The term "futures commission merchant" means a company that is registered or licensed under Federal law to engage in the business of selling futures and options in commodities.
(11) MEMBER.-- The term "member" means a member of or participant in a clearing organization, and includes the clearing organization.
(12) NET ENTITLEMENT.-- The term "net entitlement" means the amount by which the covered contractual payment entitlements of a financial institution or member exceed the covered contractual payment obligations of the institution or member after netting under a netting contract.
(13) NET OBLIGATION.-- The term "net obligation" means the amount by which the covered contractual payment obligations of a financial institution or member exceed the covered contractual payment entitlements of the institution or member after netting under a netting contract.
(14) NETTING CONTRACT.--
(A) IN GENERAL.-- The term "netting contract"--
(i) means a contract or agreement between 2 or more financial institutions or members, that--
(I) is governed by the laws of the United States, any State, or any political subdivision of any State, and
(II) provides for netting present or future payment obligations or payment entitlements (including liquidation or close-out values relating to the obligations or entitlements) among the parties to the agreement; and
(ii) includes the rules of a clearing organization.
(B) INVALID CONTRACTS NOT INCLUDED.-- The term "netting contract" does not include any contract or agreement that is invalid under or precluded by Federal commodities law.
(b) LIMITATION ON OBLIGATION TO MAKE PAYMENT.-- The only obligation, if any, of a financial institution to make payment with respect to covered contractual payment obligations to another financial institution shall be equal to its net obligation to such other financial institution, and no such obligation shall exist if there is no net obligation.
(c) LIMITATION ON RIGHT TO RECEIVE PAYMENT.-- The only right, if any, of a financial institution to receive payments with respect to covered contractual payment entitlements from another financial institution shall be equal to its net entitlement with respect to such other financial institution, and no such right shall exist if there is no net entitlement.
(d) PAYMENT OF NET ENTITLEMENT OF FAILED FINANCIAL INSTITUTION.-- The net entitlement of any failed financial institution, if any, shall be paid to the failed financial institution in accordance with, and subject to the conditions of, the applicable netting contract.
(e) EFFECTIVENESS NOTWITHSTANDING STATUS AS FINANCIAL INSTITUTION.-- This section shall be given effect notwithstanding that a financial institution is a failed financial institution.
(b) LIMITATION OF OBLIGATION TO MAKE PAYMENT.-- The only obligation, if any, of a member of a clearing organization to make payment with respect to covered contractual payment obligations arising under a single netting contract to any other member of a clearing organization shall be equal to its net obligation arising under that netting contract, and no such obligation shall exist if there is no net obligation.
(c) LIMITATION ON RIGHT TO RECEIVE PAYMENT.-- The only right, if any, of a member of a clearing organization to receive payment with respect to a covered contractual payment entitlement arising under a single netting contract from other members of a clearing organization shall be equal to its net entitlement arising under that netting contract, and no such right shall exist if there is no net entitlement.
(d) ENTITLEMENT OF FAILED MEMBERS.-- The net entitlement, if any, of any failed member of a clearing organization shall be paid to the failed member in accordance with, and subject to the conditions of, the applicable netting contract.
(e) OBLIGATIONS OF FAILED MEMBERS.-- The net obligation, if any, of any failed member of a clearing organization shall be determined in accordance with, and subject to the conditions of, the applicable netting contract.
(f) LIMITATION ON CLAIMS FOR ENTITLEMENT.-- A failed member of a clearing organization shall have no recognizable claim against any member of a clearing organization for any amount based on such covered contractual payment entitlements other than its net entitlement.
(g) EFFECTIVENESS NOTWITHSTANDING STATUS AS MEMBER.-- This section shall be given effect notwithstanding that a member is a failed member.
No stay, injunction, avoidance, moratorium. or similar proceeding or order. whether issued or granted by a court, administrative agency, or otherwise, shall limit or delay application of otherwise enforceable netting contracts in accordance with sections 403 and 404.
This subtitle shall have no effect by implication or otherwise on the validity or legal enforceability of a netting arrangement of any payment system which is not subject to this subtitle.
The provisions of this subtitle may not be construed to limit the authority
of the President under the Trading With the Enemy Act (50 U.S.C. App. 1 et
seq.) or the International Emergency Economic Powers Act (50 U.S.C. 1701