Q&A with Mark Gorriceta on trust, e-signatures and new laws affecting Philippines businesses
Trust and security are on everyone’s radars right now. In the Philippines, the government is redoubling its efforts to help protect citizens from fraudsters, with the recent announcement that financial services institutions must follow a prescriptive list of measures designed to help prevent and detect scams.
To help shed light on what this new legislation means for businesses in the region, and to answer local companies’ questions about the legality of e-signature solutions like Docusign, we recently spoke to Mark Gorriceta, Managing Partner of Gorriceta Africa Cauton & Saavedra – an internationally ranked and recognized full-service law firm in the Philippines.
First up, let’s talk about trust. What do you recommend to your clients when it comes to trust, cyber security and risk?
Common parlance in the tech space says: “Do not trust. Verify.”
Ideally, a company should be guided by inherent mistrust, which can only be assuaged by thorough verification of the parties you deal with, and the systems or software that you adopt. This culture of mistrust should extend even to your company’s findings and measures, which is why we recommend regular external audits – which in cases of regulated financial institutions, is actually a compliance requirement.
While cyber security and risk management can require extensive capital outlay, it could well be your key defence and insurance for business continuity – particularly if your business is ultimately digital. The last thing you want is a loss of customer assets (financial or data), or reputational damage in the event of a data breach.
Do you think the Philippine business community trusts that Docusign is a legally binding way to sign agreements?
Although the Philippines still lags in the World Digital Competitiveness Ranking (56th out of 63), our pandemic experience showed a capacity to rapidly shift to technologies that enable seamless and instantaneous work collaboration. Docusign proved to be an indispensable business solution for professionals, especially in our practice.
As Docusign says itself, “electronic signatures are legally recognized in the Philippines and are provided for in Republic Act No. 8792 or the Electronic Commerce Act of 2000 (the “E-Commerce Act”) and its implementing rules and regulations.”
We believe that Docusign is the best industry example in the Philippines to showcase the use and wide-scale impact of the E-Commerce Act, which is crafted to enable commercial transactions to move swiftly and benefit from innovative technologies.
What would you say to any business that is concerned about the legality of Docusign?
As early as 2000, the E-Commerce Act recognized the enforceability of electronic signatures in contracts and other agreements. They are even admissible in evidence in judicial proceedings, proving that the digitalization of signatures is well-accepted, embraced and even protected by law.
Following the E-Commerce Act, the execution of agreements via Docusign produces a legally binding instrument between parties.
The definition of an e-signature has been adopted by the Supreme Court under its Rules on Electronic Evidence (A.M. No. 01-7-01-SC), which refers to “any distinctive mark, characteristic and/or sound in electronic form, representing the identity of a person and attached to or logically associated with the electronic data message or electronic document or any methodology or procedure employed or adopted by a person and executed or adopted by such person with the intention of authenticating, signing or approving an electronic data message or electronic document.”
This definition establishes that e-signatures are recognized under Philippine courts in the case of legal disputes, provided that the procedure of authentication can be established.
Generally, contracts may be signed electronically as long as they do not involve matters which require certain formalities (i.e. must be notarized to be a public instrument), which typically involve properties (i.e. deed of sale), one’s legal status under the law (i.e. marriage contract), or documents which are for filing before governmental authorities. In these instances, it’s best to consult your counsel.
What are the key pieces of advice you give to clients who want to meet legal requirements and tap into the transformative benefits of Docusign?
As legal counsel, we ensure that the documents we prepare are crafted and executed to produce a legally binding effect. And we provide guidance and confirmation on which documents can be executed via Docusign.
Additionally, particularly for startups, we also recommend that our clients explore Docusign’s Contract Lifecycle Management, which can be of great aid in organizing and tracking their contracts and an essential tool particularly in times of investors’ due diligence.
Another Docusign product which they can benefit from is Docusign’s Insight – an AI-powered tool that enables automated data analysis of a client’s contract repository, which is stored within Docusign.
Given that Docusign already meets the technical requirements for e-signatures and e-documents to be authenticated and to be considered as legally binding (again, except for those with required formalities under Philippine laws), we further recommend to our clients to explore enterprise-level solutions where they can harness and leverage their organizational data embedded within their DocuSigned agreements.
What can you tell us about the recent legislation to ban clickable links in emails from financial services organizations?
The Bangko Sentral ng Pilipinas (Central Bank of the Philippines) has advised BSP-Supervised Financial Institutions (BSFIs) to take steps in countering cyber crimes – such as phishing schemes – through Memorandum No. M-2022-015. This Memorandum required the removal of clickable links in emails or SMS sent to BSFIs’ consumers followed by an information campaign that said BSFIs will no longer be sending clickable links.
While email and SMS are key marketing channels for BSFIs to promote financial products and services, the recent proliferation of phishing schemes through these channels likely pushed BSP towards this enforcement measure.
We advocate for a balanced measure between financial consumer protection and promoting a free marketplace where customers are made aware of products and services tailored to their risk profile and interests. In our view, the said Memorandum may be a short-term solution while regulators and the telecommunications sector work to combat and remove system vulnerabilities that are presently being exploited by malicious entities to commit cybercrimes.
In the interim, we also advocate for financial service providers to promote public financial literacy through education, so consumers are aware of personal measures they can implement to safeguard their electronic financial accounts and assets.
How does this legislation impact financial services organizations that want to use technologies like Docusign?
Under Republic Act 11765 or the Financial Products and Services Consumer Protection Act of the Philippines, financial service providers should ensure that their product and services are appropriately targeted to the needs, understanding and capacity of their market and their clients. This is all definitely shifting towards a digital platform and ecosystem, which remove physical barriers in accessing financial services.
Docusign is one of these enabling platforms. In this regard, financial service organizations can tap into the power of Docusign to execute contracts with both partners and customers, and thus migrate all of their partnership and/or onboarding documentation into a digital environment. Indeed, this should be the standard practice in light of the government’s roadmap towards a digital Philippine economy.
To learn more about how financial services organizations in the Philippines can still use Docusign while meeting the ‘no click’ rule, here are two easy options.