A recent New South Wales Court of Appeal decision concerned a guarantee purportedly signed by e-signature without the guarantor's knowledge. It is an interesting case-study, though the decision is really about ostensible authority and ratification. Senior Finance Counsel Diccon Loxton considers its implications.
A director of a company (using a platform described as 'HelloFax') put in place a system so that directors could sign documents electronically on behalf of the company. He set up user names and passwords for the other directors, including a Mr Crocker. Mr Crocker did not change his password.
A supplier supplying goods on credit to the company sent a credit application to be signed by the company, and by each director individually as a guarantor. It was signed through the system purportedly by a director on behalf of the company and by each director (including Mr Crocker) individually as guarantor, but actually it was signed by persons unknown.
Typically, the system would email signatories informing them that a document was to be signed, and email them once the document was signed. But there was no evidence that such emails were sent, or if sent, were received and read by Mr Crocker. The system also kept a list of documents signed by Mr Crocker which was available when he logged on. He did log on in connection with other transactions before and after the purported signing.
The company defaulted and the supplier sued Mr Crocker under the guarantee, claiming that he was bound because it was executed with his actual or ostensible authority and in any event he had ratified it.
The supplier failed. The court found Mr Crocker was not bound. There was no actual authority, the system was only set up for use by signatories on behalf of the company, not Mr Crocker as an individual. Nor was there ostensible authority as there was no holding out by Mr Crocker. The mere fact that he had not changed the password was not a holding out. There is case law (including High Court authority) cited by the supplier to the effect that a company, by setting up its organisational structure, can institutionally hold out officers or employees as having authority. But that did not have any application in this case where the principal was an individual. There was no ratification because Mr Crocker had no knowledge of the guarantee.
The supplier appealed – Williams Group Australia Pty Limited v Crocker  NSWCA 265 – but the Court of Appeal upheld the first instance decision.
There was no ostensible authority. Nothing moved from Mr Crocker. His mere use of the system as a director did not amount to a holding out so as to bind him personally. The reasonableness of the supplier's conduct is not to the point in the absence of relevant representational conduct by Mr Crocker.
Mr Crocker had insufficient knowledge for a ratification. On the facts, there was no knowledge, nor wilful shutting a blind eye to the obvious which might constitute knowledge. There is no evidence that emails referring to the document were received. And, though when he subsequently used the system Mr Crocker would have seen a list of signed documents, even if he had read the list it would have only referred to the relevant document as a 'credit application'.
Ratification is not available for forgeries. There is some authority that the placement of a 'genuine' electronic signature on the document without any authority could amount to forgery at common law, but the court did not need to decide that issue.
E-signature is increasingly being used by businesses large and small, including banks. They like its convenience, efficiency and cost effectiveness, its compatibility and potential integration with business processes, and its improvement of the customer experience. Allens is providing e-signature as a service to clients. For more information read our E-signature brochure.
Our view is that e-signature is generally effective to create binding documents. But, like all methods of executing documents, it is not immune from fraud, forgery or unauthorised use. As ever, those relying on signatures and documents need to assess the risk. This includes assessing the possibility of an unauthorised signature being affixed, and if it is, the possibility of the purported principal still being bound by it (for example, by ostensible authority, the statutory assumptions or estoppel). This could be compared against other methods currently considered acceptable (for example exchanging signature pages by email). Compared to other methods e-signing may have advantages (in pinpointing signers) or disadvantages.
Knowing how the particular e-signing platforms operate procedurally does help in assessing that risk, and that possibility.
The case does illustrate the usefulness of having access to records showing the steps taken in the process. This can be a certificate produced by the platform on completion of the document showing the steps, which can be stored with the document. But also when businesses are selecting an e-signing platform provider to use, one important criterion is the provider's readiness to supply records and and assistance in a dispute.
Not necessarily. Some facts in this case may distinguish it from other situations. The purported principal, Mr Crocker, did not do anything to give the system or the actual signer any clothing of authority. There was no evidence emails to him were sent or opened. And it appears from the judgment that the system allowed a person to sign a document on behalf of a signatory merely by having access to the signatory's password to the system.
The result might have been different if, for example, Mr Crocker had given the password and access to others, had allowed another person to affix his signature or had received emails as to execution, or opened them. It may also have been different if it concerned the e-signature on behalf of the company rather than Mr Crocker.
Many platforms used in the market (like the platform used by Allens, DocuSign) have in-built or optional security features, which may give parties more assurance and also improve the likelihood of ostensible authority. These may include giving access to documents only by email (so a signer must have access to the signatory's email box), requiring SMS security codes or answers to security questions, and recording IP addresses and geolocations. Some banks in some product lines give access through on-line banking platforms.