Column National Association
Deposit Account and Debit Cardholder Agreement
Point Card Operations, Inc, a wholly owned subsidiary of Point Up, Inc. (together referred to as “Point”) and Column Association N.A. (“Column”) have entered into a bank program. Under the program, Point markets to and solicits consumers interested in obtaining transaction and debit and charge card accounts from Column. Such accounts are originated in accordance with Column’s credit criteria. In connection with such accounts, Point processes all applications for credit and manages the accounts, on an ongoing basis, on behalf of and with direct oversight by Column.
This E-Sign Act Policy (this “Policy”) has been approved by the Executive Operating Committee (the “EOC”) of Point and has been reported to the Board of Directors. This confidential document has been created to provide management, employees, personnel, officers and directors (“Point Personnel”) with guidance with respect to their responsibilities regarding compliance with the E-Sign Act as it relates to the conduct of Point’s business.
E-Sign Act Program
The Electronic Signatures in Global and National Commerce Act of 2000, 15 U.S.C. §§ 7000-7031 (“ESIGN Act”) allows the use of electronic records to satisfy any statute, regulation, or rule of law requiring that such information be provided in writing, if the consumer has affirmatively consented to such use and has not withdrawn such consent.
The ESIGN Act imposes special requirements on businesses that want to use electronic records or signatures in consumer transactions and contains certain record-keeping requirements.
Point will comply with the ESIGN Act and this Policy if it provides electronic documents or disclosures to customers such as electronic statements, preauthorized electronic fund transfers authorizations or billing dispute resolution notices and documents related to extensions of credit.
The ESIGN Act provides that information required by law to be in writing may also be made available electronically to a consumer, but only if the consumer affirmatively consents to receive the information electronically and the business clearly and conspicuously discloses specified information to the consumer before obtaining the consumer’s consent. The ESIGN Act also provides that consumers be allowed to withdraw their consent at any time. Point will adhere to these requirements providing disclosures electronically.
Prior to Obtaining Consumer’s Consent
Point prior to obtaining customers’ consent will:
Indicate whether customers have a right or option to receive information on paper.
Identify whether the consent relates to a particular transaction (e.g., account opening disclosures) or to ongoing disclosures over the course of the relationship (e.g., monthly statements).
Explain that the customer has the right to withdraw consent and provide the procedures to withdraw consent as well as the consequences of withdrawing consent, such as fees, termination of the relationship, loss of preferred pricing or having to switch account types.
Describe the procedures for updating the customer’s contact information.
Outline the hardware and software requirements for accessing and retaining records.
Explain how to obtain paper disclosures after consent has been given and describe any associated fees.
Customers must also consent electronically, or electronically confirm consent, in a manner that reasonably demonstrates their ability to receive or access the information electronically.
Point will provide customers with a statement detailing any revised hardware and software requirements for access to and retention of electronic records, and the right to withdraw consent without the imposition of any fees for such withdrawal and without the imposition of any condition or consequence that was not disclosed. After providing this statement, Point will again obtain customers’ affirmative consent.
Consumers may withdraw consent to receive electronic notices at any time. No charge will be imposed for paper copies of electronic records.
Point may rely on an electronic record of the information that accurately reflects the information in a contract or other record provided it remains accessible to all persons who are legally entitled to access the information in a form that can later be reproduced. Electronic records must comply with formatting, proximity, and other requirements of the statute, regulation, or other rule of law that imposes the obligation to provide or make available the particular record.
Column may retain electronic records that are required to be retained by any statute, regulation, or other rule of law. Such electronic records must accurately reflect the information set forth in the contract or other record, and must remain accessible to all persons who are entitled to access by statute, regulation, or other rule of law, for the period required, and in a form that is capable of being accurately reproduced for later reference.
Point hardware and software requirements require the customers have Adobe Acrobat and all disclosures will be provided in a PDF format that can be printed and retained by the customers.
If a change is made to the hardware or software requirements to access or retain electronic records, a statement of the revised hardware and software requirements along with a statement regarding the consumer’s right to withdraw E-Sign Consent must be provided to consumers. Confirmation that consumers received the statement of changes to the hardware or software requirements, and E-Sign consent, must be obtained. It must be noted that if a change gives rise to a material risk that a consumer will not be able to access or retain records, a consumer may be deemed to have withdrawn the E-Sign Consent (at the consumer’s election) in the event the notice of change and confirmation of consent is not obtained. No fees or conditions must be imposed in such event to the extent the fees or conditions were not disclosed at the time the consumer provided his/her initial E-Sign Consent.
Reporting and Monitoring
Compliance and the Legal Department are responsible for developing, implementing and administering the ESIGN Program. Compliance and the Legal Department and Column will approve all ESIGN Disclosures and Consents provided to customers. Compliance and the Legal Department will keep apprised of agency guidance and decisional law related to the ESIGN Act and will report on an as-needed basis, but no less than annually, to the EOC on compliance with the ESIGN Act Program. Compliance and the Legal Department will also provide recommendations to the EOC for changes to the ESIGN Act Program.
Events of noncompliance and compliance risks should be promptly reported to the Chief Compliance Officer. Employees may report events of noncompliance and compliance risks to their respective manager(s) in addition to reporting to Chief Compliance Officer.
Also, in accordance with Point’s Compliance Management System Policy, the Chief Compliance Officer should provide periodic reports to senior management and the Board of Directors regarding execution of the Compliance Management System and identified compliance risk; such reporting should include E-Sign compliance risk as appropriate
New Point Personnel will receive ESIGN Act Program training as it relates to their job responsibilities within thirty (30) days of the employee’s start date. All affected employees will receive ESIGN Act Program training annually or as necessary when changes are made to this Policy and its procedures. Point Personnel questions related to compliance with this Policy should be directed to Compliance or the Legal Department. Evidence of training will be retained and made available upon request.
Compliance and the Legal Department will be responsible for maintaining a record of the form of ESIGN Consent used by Point, Compliance and Vendor Management will be responsible for ensuring that Point maintains (1) customer records that include E-Sign Consents, if applicable, in accordance with the Record Retention Policy and (2) electronic records in a form that can later be produced. Refer to the Record Retention Policy for additional information on departments responsible for retaining evidence of record retention, the manner of retention, and the period of retention.
TESTING AND REVIEWS
At a minimum, annual testing and risk-based reviews should be performed as appropriate and in accordance with Point’s Compliance Management System Policy and risk assessments.