Exclusive Interview With Tommy Petrogiannis, President of eSignLive

IDM recently had the pleasure of interviewing Tommy Petrogiannis, President of eSignLive (formerly Silanis Technology), the electronic signature provider he co-founded in Canada in 1992. Acquired in 2016 by Vasco Data Security International Inc. for $US85 million, eSignLive is using the funding to fuel international growth, which is increasing at three times the rate of people performing transactions electronically in North America.

IDM: Only 1 in 5 deals are signed electronically these days, according to recent research released by Aberdeen Group. Why the holdout?

TP: There are several things that have driven the holdout on e-signature adoption and the biggest one we’ve seen is the need for education. In the US, we cracked that phase about five years ago when people stopped asking whether e-signatures were legal and safe. Canada followed  about two years later, and I see APAC coming to the end of its education phase in the next few years.  What we've found accelerates that education phase is when a leading brand goes public that they’ve deployed e-signatures, say a large financial institution or a large government agency. Then those perceived barriers evaporate because it becomes a competitive disadvantage if you don’t adopt the technology.  Europe is a good example of one of the other holdouts on e-signature adoption. There we saw e-signature laws that were rather technology specific – to e-sign, you used to have to use digital certificates or a credential that was issued to you, which is an extremely hard thing to deploy. I haven’t seen anyone do it successfully, at least not at a government level, and very few agencies do it for their own users but not for the citizen and not for your end customer, if you're a financial institution.  Since the introduction of eIDAS, the European Union has relaxed its e-signature laws we’re seeing the region starting to catch up on e-signature adoption.  Intuitively it's a no brainer.  Intuitively, everyone should’ve adopted e-signatures already. 

IDM: It’s been 17 years since they got the legal tick of approval in Australia, which seems like a technological lifetime ago. Yet, only in recent times have we seen a reduction in the fear and resistance associated with accepting e-signatures are valid and legally binding.

TP:  After e-signatures became legal around 2000, it took about five years for North American financial institutions to say, “Okay, the laws are there, how does that apply to me when I'm doing a mortgage application or loan process?”  But before they could even bring electronic signatures into the equation to really get the true benefits of straight-through processing they first had to update their backend systems to have intelligent forms. That took them a few years.   The US market’s grown since then, but it’s still only around 15% adoption.  Other countries including Australia are at single digit adoption, so there's still a lot of market expansion potential. 

IDM: Many see key restraints hampering the growth in the signature market being the lack of cross order standardisation related to ecommerce laws and directives and high cost of e-Signature software licence.  What would you say in respect to both of those?

TP:  When it comes to cross border transactions, governments are still grappling with how to have true interoperability. I don’t expect that to go away anytime soon. One thing that has changed dramatically though is the cost of e-signature software. eSignLive is unique in the sense that we’re the only major e-signature vendor that allows you to use our multi-tenant SaaS if you want, or have the exact same code base as a private instance on the cloud or on premises. So, depending on the risk profile of the transaction that you're automating or digitising, and depending on the budget and how quickly you need to get up and running, you can select how you want to consume and deploy e-signatures because it's a per consumption model regardless of how you deploy it. Obviously the more you go to on premises, the more additional costs there are like hardware, or for a managed service if you have someone managing a private instance for you, but the actual use of the e-signature solution is the same regardless. If you go on premises, you just have more control about when things get updated, and when you release new features, whereas if you're using our multi-tenant SaaS we’re pushing out new features every month. Some agencies say, “Whoa, that’s too fast for us. We can't do enough testing.” No problem, you can go to a dedicated instance and consume e-signatures at your own pace. So it's just a control aspect. But the cost aspect has pretty much gone away.

IDM: How to do you see the impact of the cloud model impacting on the adoption of e-signature solutions?

TP: We’re seeing a number of customers adopt multiple models. For instance if you're doing a very high volume complex transaction like a mortgage closing: in the U.S. you can have up to 85 documents involved in a closing package, so that’s a lot of data (eight of the top 10 U.S. banks are using eSignLive). And what we found for the very large producers like the Tier One institutions -  pushing that data up to a cloud instance and then bringing information back and tracking it - the physical network latencies become an issue for them. So, for processes which don’t need to be close to your data centre or document generation engines, you can use the SaaS model but in some cases where you may have very, very high volumes of data that needs to talk to home grown loan origination systems or underwriting systems, this may not be appropriate. In some instances they need to have it on-premises because everything else that it connects to is on-premises and they weren’t designed to actually talk to the Web effectively and get out to public cloud instances. The SaaS model is great for the flexibility of developing and deploying solutions, but there may be some exceptions with high volume complex processes that requires the flexibility to put it in your own data centre, which gives you tremendous performance and ease of use and scalability. When eSignLive started, the Cloud didn’t exist, which meant all our customers were on-premises. But when we said, “Okay, the market’s matured now to the point that a SaaS model is going to get adoption”, we were fortunate enough that Amazon had been out for a couple of years. So we jumped onto Amazon Web Services, then IBM SoftLayer and Azure: we support all of them. It’s because of this that when we said we were coming into Australia, we had a production grade system up and running two weeks later. And we did that in Germany, we did that in the UK. Because again, data residency and sovereignty absolutely matters for government agencies, for banks, for healthcare providers. eSignLive is the only e-signature vendor that has the ability to quickly spin up a data centre pretty much anywhere in the world and that’s an important differentiator in driving adoption in regulated and government markets.

IDM: You mentioned the challenge for the banks to update their backend systems, in the public sector one of the obstacles to eservices is often the limited budget and resources to update legacy systems for smartforms and e-signatures.

TP: Preparing your systems to create forms that are practical and useful when they're electronic as opposed to fill and print is a barrier that still exists for government. For ad hoc processes, not high volume processes, deploying electronic signatures is very simple. If you're creating a Word document that you want people just to sign, that’s super simple to do, there's nothing holding you back from using it. You can literally start using electronic signatures right now as part of that solution. However, when you have backend systems that are producing the content, that is always the barrier. That and also willingness to move to the cloud. It’s only in the last year and a half that we have seen major agencies move to the cloud in the U.S. Agencies couldn’t use solutions on the cloud unless they were FedRAMP certified which is another level above SOC 2 certification. And to date we've been the only e-signature provider that has a FedRAMP certified solution. In the U.S. market place, we've been providing solutions to the government since 1995 and most of those solutions were for internal process improvement, rather than citizen-facing. It was all for streamlining expense reports, requests to travel, etc. Once they wanted to move to citizen-facing transactions or government-to-business transactions, they had massive investments that they had to do because they had to get their systems converted and ready to go. Governments around the world haven’t yet grasped the power of the cloud and the SaaS delivery model because they do have additional regulatory concerns, and privacy concerns that most commercial organisations don’t have to factor in.

IDM: One of the perceptions that can cause people to be negative about e-signatures is how is that signature retained, how can I guarantee that I’ll have a record of it in 7 years, whatever period I need to retain it for, if the platform disappears or the company disappears, what are the assurances you're able to offer in that regard?

TP: I think it used to be a fair concern but for folks who follow standards, it's not an issue and I’ll give you a simple example. Adobe has done a great job of publishing its standards so we follow Adobe’s standard for how you sign a PDF document. This means anyone who wants to verify a document signed by eSignLive can do so independent of eSignLive, unlike some of our competition where if you want to verify a document you have to go back to the service provider to actually verify it. So we can disappear tomorrow and as long as you have an application that follows today’s standard, you have retention for as long as the stamp is there and it's a published stamp. So you don’t have a big issue and the truth is what we've seen after about seven to 10 years, if there hasn’t been a need to go back to that document, that requirement for retention drops off pretty dramatically. There still are a lot of companies that don’t follow standards, but as long as you pick a vendor that does, you can't go wrong from a retention point of view.. 

IDM: Does the eSignLive e-signature solution also require that the signed documents are hosted on your platforms?

TP: We offer it for many smaller customers, as they also want us to do the basic document retention so that’s part of the service but it's not a requirement. The larger organisations are typically integrating eSignLive into their systems, they use a transaction platform and then they take the content, store it in their own ECM or content management solution. In the larger organisations you typically start off in one line of business. It might be the retail banking person who’s responsible for that.  And usually after the first successful project that they deploy, the buyer ends up going into the IT department because they now make it as a short service across the enterprise. What we also do – and we’re unique in the space – is we’re capturing everything that’s happening during the transaction. Every page you saw, how long you saw it, what actions you took, and what IP address you're coming in from (because in the more complex and sophisticated transactions, it’s not a single ‘come in once and get off’ process). If you're doing a mortgage closing, this could span two to three weeks. From a consumer protection point of view and from the governance point of view, it's not just about signing the document, it's about, “Did you present that disclosure? Did you present your truth in lending policy? Your privacy policy? Were they accepted?” So the user’s going, “I accept, I acknowledge, I agree.”  We’re recording everything that’s happening, what they’ve done and then at the end of the process, we sign the transaction also – all that data – and we link that into the document that you actually sign so you can demonstrate cryptographically that the only way that this final contract got signed is if all these steps took place. If a regulator or an auditor wants to see that you're following the rules, with our system you can push rewind and it’ll recreate a transaction completed five years ago. Look at what happened in the UK with the PPI (Payment Protection Insurance) scandal, that was more than £26B of damages where the banks were accused of upselling, slipping in mortgage protection which they weren’t disclosing properly.  So the regulator came in and slapped them silly, £26B in damages, and it was not about the fact that the person didn’t sign the document, it was about the process that they used which didn’t meet the regulations. From a functionality point of view, all the signature providers look and feel pretty much the same, features and functionality and virtually on par. But it’s these core underlying things – the white labelling, the evidence and audit trail, the common code base across deployment models – that the consumer doesn’t see, but the organisations who provides the service definitely understand. And for them, doing it right absolutely matters.