15 April 1998 Source: http://www.access.gpo.gov/su_docs/aces/aaces002.html ------------------------------------------------------------------------- [DOCID: f:h3472ih.txt] 105th CONGRESS 2d Session H. R. 3472 To amend the Bank Protection Act of 1968 for purposes of facilitating the use of electronic authentication techniques by financial institutions, and for other purposes. _______________________________________________________________________ IN THE HOUSE OF REPRESENTATIVES March 17, 1998 Mr. Cook introduced the following bill; which was referred to the Committee on Banking and Financial Services _______________________________________________________________________ A BILL To amend the Bank Protection Act of 1968 for purposes of facilitating the use of electronic authentication techniques by financial institutions, and for other purposes. Be it enacted by the Senate and House of Representatives of the United States of America in Congress assembled, SECTION 1. SHORT TITLE. This Act may be cited as the ``Digital Signature and Electronic Authentication Law (SEAL) of 1998''. SEC. 2. FINDINGS AND PURPOSES. (a) Findings.--Congress finds that-- (1) technology has had a tremendous impact on the manner in which banks and other financial institutions conduct their businesses, and has affected virtually all aspects of their operations; (2) such changes relate not only to the creation, retention, and delivery of documents and other information, but also to the receipt and payment of funds, the purchase and sale of goods and services, and other aspects of the ability of a financial institution to communicate with and service its customer base; (3) financial and other transactions will increasingly be carried over open electronic networks such as the Internet, and through other methods where the identity of the parties participating in such transactions may not be easily verifiable and where there is a need to assure that information transmitted among the parties has not been altered; (4) banks, by virtue of their role in the Nation's payment system, their relationships with their customers, and through the prudent use of technology, are well placed to facilitate financial transactions over such electronic media as the Internet; (5) the parties to such financial and other transactions may previously have entered into agreements or system rules pursuant to which the transactions subsequently take place (known as ``closed system transactions''); (6) if the formation of system rules and agreements are otherwise valid and effective under applicable law, such as under State contract law, the parties should be able to use electronic authentication under the terms and conditions of those system rules and agreements, to help ensure that the development of electronic authentication will be appropriately market driven; (7) premature, conflicting, or unwise regulation can inadvertently discourage the use of technology in financial transactions, can inhibit the development of electronic commerce, and can reduce security in financial transactions; (8) it is appropriate for Congress to enable a framework under which banks and their subsidiaries and affiliates can participate in electronic commerce and electronic banking without undue premature or unnecessary regulation, but under which appropriate oversight is provided; and (9) in particular, it is appropriate for the Board of Governors of the Federal Reserve System to consult with the other Federal and State banking regulators and report to the Congress regarding the use of electronic authentication techniques, in order to facilitate electronic commerce and electronic banking, and to study the need for and wisdom of consumer protection in the context of the developing area of electronic commerce. (b) Purposes.--The purposes of this Act are-- (1) to facilitate the participation by financial institutions in the burgeoning area of electronic commerce and electronic banking; (2) to ensure that the interests of consumers are adequately protected; and (3) to avoid the effects of premature or conflicting regulation that could inadvertently impede the development of electronic banking and commerce or imperil the security of electronic banking and commerce. SEC. 3. AMENDMENTS TO THE BANK PROTECTION ACT OF 1968. (a) Definitions.--Section 2 of the Bank Protection Act of 1968 (12 U.S.C. 1881) is amended-- (1) by inserting ``(a) Federal Supervisory Agency.--'' before ``As used''; (2) in paragraph (4), by inserting ``associations'' before the period; and (3) by adding at the end the following: ``(b) Affiliate.--The term `affiliate' has the same meaning as in section 2(k) of the Bank Holding Company Act of 1956. ``(c) Appropriate Federal Banking Agency.--The term `appropriate Federal banking agency' has the same meaning as in section 3 of the Federal Deposit Insurance Act, and includes the National Credit Union Administration with respect to an insured credit union under the Federal Credit Union Act. ``(d) Association.--The term `association' means an organization or association engaged in receiving, sending, and settling payment transactions and instructions, and includes credit and charge card associations, payment clearinghouses, and automated teller machine networks in which insured depository institutions are members or stockholders or in which they participate, or which are supervised and examined by 1 or more of the Federal banking agencies. ``(e) Bank Holding Company.--The term `bank holding company' has the same meaning as in section 2 of the Bank Holding Company Act of 1956. ``(f) Document.--The term `document' means any message, instrument, information, data, image, text, program, software, database, or the similar item, regardless of how created, if such item can be retrieved or displayed in a tangible form. ``(g) Electronic Authentication.--The term `electronic authentication' means a cryptographic or other secure electronic technique that allows the user of the technique-- ``(1) to authenticate the identity of or information associated with a sender of a document; ``(2) to determine that a document was not altered, changed, or modified during its transmission to a recipient; or ``(3) to verify that a document received was sent by the identified party claiming to be the sender. ``(h) Federal Banking Agency.--The term `Federal banking agency' has the same meaning as in section 3 of the Federal Deposit Insurance Act, and includes the National Credit Union Administration. ``(i) Financial Institution.--The term `financial institution' means-- ``(1) an insured depository institution and any branch, representative office, or subsidiary thereof; ``(2) a bank holding company and any subsidiary thereof; ``(3) an affiliate of an insured depository institution; ``(4) an association; ``(5) a foreign bank maintaining an agency or branch (as such terms are defined in section 1(b) of the International Banking Act of 1978) in the United States; or ``(6) any entity that is not described in paragraphs (1) through (5) that is a financial institution, as defined in section 903 of the Electronic Fund Transfer Act, or a card issuer, as defined in section 103 of the Truth in Lending Act, but only to the extent that the transactions of such entity are subject to those Acts, respectively, that affirmatively elects to be subject to the provisions of this Act by providing appropriate notice of such election in accordance with any commercially reasonable practice. ``(j) Insured Depository Institution.--The term `insured depository institution' has the same meaning as in section 3 of the Federal Deposit Insurance Act. ``(k) State Bank Supervisor.--The term `State bank supervisor' has the same meaning as in section 3 of the Federal Deposit Insurance Act. ``(l) Subsidiary.--The term `subsidiary'-- ``(1) has the same meaning as in section 2(d) of the Bank Holding Company Act of 1956; and ``(2) includes a `subsidiary', as defined in section 23A(b)(4) of the Federal Reserve Act.''. (b) Electronic Commerce.--The Bank Protection Act of 1968 (12 U.S.C. 1881 et seq.) is amended by adding at the end the following new sections: ``SEC. 6. ELECTRONIC AUTHENTICATION OF DOCUMENTS. ``(a) Electronic Authentication of Documents, Information, and Identity.-- ``(1) In general.--A financial institution may use electronic authentication in the conduct of its business if it has entered into an agreement regarding the use of electronic authentication with any counterparty, or if it has established a banking, financial, or transactional system using electronic authentication. ``(2) Applicable rules.--The establishment and use of electronic authentication pursuant to this section shall be valid according to the relevant agreements or system rules. ``(b) Oversight.-- ``(1) In general.--The appropriate Federal banking agency or the appropriate State bank supervisor may preclude, by regulation or order, an insured depository institution or a subsidiary or affiliate thereof, or other institution subject to its jurisdiction, from using electronic authentication in the conduct of its business if it determines that-- ``(A) such use would not be consistent with safe and sound banking practices; or ``(B) such use would threaten the safety and soundness of the institution, subsidiary, or affiliate. ``(2) State authority.-- ``(A) In general.--No financial institution shall-- ``(i) be regulated by, be required to register with, or be certified, licensed, or approved by; or ``(ii) be limited by or required to act or operate under standards, rules, or regulations promulgated by, a State government or agency or instrumentality thereof with regard to the use of electronic authentication, including acting as a digital certification authority or performing a similar role, pursuant to this Act. ``(B) Limitation on fees.--No State may-- ``(i) impose a fee with respect to electronic authentication services performed by a financial institution subject to the provisions of this Act; or ``(ii) impose any required minimum fee or otherwise limit the fee that may be charged by a financial institution with respect to electronic authentication services subject to the provisions of this Act. ``(C) Other regulatory authority.--Nothing in this subsection precludes a State bank supervisor from regulating a State-chartered financial institution that is otherwise subject to its jurisdiction. ``(D) Consumer protection.--Nothing in this section impairs the rights afforded to consumers under State general consumer protection laws. ``SEC. 7. CONSUMER PROTECTION. ``Nothing in section 6(a) shall be construed to impair the rights afforded to consumers under-- ``(1) the Truth in Lending Act or the Electronic Fund Transfer Act, or the implementing regulations of the Federal Reserve Board thereunder applicable to electronic funds transfers from a consumer account or extension of credit to consumers; or ``(2) any State law of a similar nature or purpose.''. SEC. 4. FEDERAL RESERVE BOARD STUDY. (a) Report.--Not later than July 1, 2000, the Board of Governors of the Federal Reserve System (hereafter in this section referred to as the ``Board''), in consultation with the Federal banking agencies and State bank supervisors, shall report to the Congress regarding the use of electronic authentication under section 6 of the Bank Protection Act of 1968, as added by this Act by financial institutions. (b) Considerations.--In preparing the report required under subsection (a), the Board shall include consideration of-- (1) the appropriateness of applying the consumer protection provisions of the Truth in Lending Act, and the Electronic Fund Transfer Act, or the implementing regulations of the Board promulgated thereunder, to such transactions; (2) whether protections for consumers should be changed in light of the experience of financial institutions and consumers in transactions where electronic authentication is used in connection with third-party assurances; and (3) the need for consultation and coordination with other nations concerning the international use of electronic authentication by financial institutions and others, with the purposes of-- (A) encouraging simplified regulatory governance, foreign recognition of electronic authentication under this Act, and United States recognition of foreign electronic authentication; (B) encouraging the greatest possible interoperability across borders; (C) imposing the least possible regulation consistent with security and safety and soundness considerations; (D) promoting the smooth functioning of the payments system; and (E) facilitating the opportunity for financial institutions to participate freely and fairly in foreign markets. (c) Incorporation of Defined Terms.--Any term used in this section that is defined in section 2 of the Bank Protection Act of 1968 (as amended by this Act) shall have the same meaning as in that section 2. SEC. 5. RULES OF CONSTRUCTION. (a) Effect on Use.--Nothing in this Act or the amendments made by this Act may be construed to limit the right of any financial institution or other entity to use electronic authentication or other authentication technique in the conduct of its business. (b) Effect on Otherwise Lawful Agreements.--Except as otherwise specifically provided, nothing in this Act or the Bank Protection Act of 1968, as amended by this Act, shall be construed to affect the validity of the formation of relevant agreements or system rules in accordance with the provisions of otherwise applicable Federal or State law.