[Congressional Bills 105th Congress]
[From the U.S. Government Publishing Office]
[S. 1594 Introduced in Senate (IS)]







105th CONGRESS
  2d Session
                                S. 1594

 To amend the Bank Protection Act of 1968 for purposes of facilitating 
     the use of electronic authentication techniques by financial 
                 institutions, and for other purposes.


_______________________________________________________________________


                   IN THE SENATE OF THE UNITED STATES

                            February 2, 1998

  Mr. Bennett introduced the following bill; which was read twice and 
    referred to the Committee on Banking, Housing, and Urban Affairs

_______________________________________________________________________

                                 A BILL


 
 To amend the Bank Protection Act of 1968 for purposes of facilitating 
     the use of electronic authentication techniques by financial 
                 institutions, and for other purposes.

    Be it enacted by the Senate and House of Representatives of the 
United States of America in Congress assembled,

SECTION 1. SHORT TITLE.

    This Act may be cited as the ``Digital Signature and Electronic 
Authentication Law (SEAL) of 1998''.

SEC. 2. FINDINGS AND PURPOSES.

    (a) Findings.--Congress finds that--
            (1) technology has had a tremendous impact on the manner in 
        which banks and other financial institutions conduct their 
        businesses, and has affected virtually all aspects of their 
        operations;
            (2) such changes relate not only to the creation, 
        retention, and delivery of documents and other information, but 
        also to the receipt and payment of funds, the purchase and sale 
        of goods and services, and other aspects of the ability of a 
        financial institution to communicate with and service its 
        customer base;
            (3) financial and other transactions will increasingly be 
        carried over open electronic networks such as the Internet, and 
        through other methods where the identity of the parties 
        participating in such transactions may not be easily verifiable 
        and where there is a need to assure that information 
        transmitted among the parties has not been altered;
            (4) banks, by virtue of their role in the Nation's payment 
        system, their relationships with their customers, and through 
        the prudent use of technology, are well placed to facilitate 
        financial transactions over such electronic media as the 
        Internet;
            (5) the parties to such financial and other transactions 
        may previously have entered into agreements or system rules 
        pursuant to which the transactions subsequently take place 
        (known as ``closed system transactions'');
            (6) if the formation of system rules and agreements are 
        otherwise valid and effective under applicable law, such as 
        under State contract law, the parties should be able to use 
        electronic authentication under the terms and conditions of 
        those system rules and agreements, to help ensure that the 
        development of electronic authentication will be appropriately 
        market driven;
            (7) premature, conflicting, or unwise regulation can 
        inadvertently discourage the use of technology in financial 
        transactions, can inhibit the development of electronic 
        commerce, and can reduce security in financial transactions;
            (8) it is appropriate for Congress to enable a framework 
        under which banks and their subsidiaries and affiliates can 
        participate in electronic commerce and electronic banking 
        without undue premature or unnecessary regulation, but under 
        which appropriate oversight is provided; and
            (9) in particular, it is appropriate for the Board of 
        Governors of the Federal Reserve System to consult with the 
        other Federal and State banking regulators and report to the 
        Congress regarding the use of electronic authentication 
        techniques, in order to facilitate electronic commerce and 
        electronic banking, and to study the need for and wisdom of 
        consumer protection in the context of the developing area of 
        electronic commerce.
    (b) Purposes.--The purposes of this Act are--
            (1) to facilitate the participation by financial 
        institutions in the burgeoning area of electronic commerce and 
        electronic banking;
            (2) to ensure that the interests of consumers are 
        adequately protected; and
            (3) to avoid the effects of premature or conflicting 
        regulation that could inadvertently impede the development of 
        electronic banking and commerce or imperil the security of 
        electronic banking and commerce.

SEC. 3. AMENDMENTS TO THE BANK PROTECTION ACT OF 1968.

    (a) Definitions.--Section 2 of the Bank Protection Act of 1968 (12 
U.S.C. 1881) is amended--
            (1) by inserting ``(a) Federal Supervisory Agency.--'' 
        before ``As used'';
            (2) in paragraph (4), by inserting ``associations'' before 
        the period; and
            (3) by adding at the end the following:
    ``(b) Affiliate.--The term `affiliate' has the same meaning as in 
section 2(k) of the Bank Holding Company Act of 1956.
    ``(c) Appropriate Federal Banking Agency.--The term `appropriate 
Federal banking agency' has the same meaning as in section 3 of the 
Federal Deposit Insurance Act, and includes the National Credit Union 
Administration with respect to an insured credit union under the 
Federal Credit Union Act.
    ``(d) Association.--The term `association' means an organization or 
association engaged in receiving, sending, and settling payment 
transactions and instructions, and includes credit and charge card 
associations, payment clearinghouses, and automated teller machine 
networks in which insured depository institutions are members or 
stockholders or in which they participate, or which are supervised and 
examined by 1 or more of the Federal banking agencies.
    ``(e) Bank Holding Company.--The term `bank holding company' has 
the same meaning as in section 2 of the Bank Holding Company Act of 
1956.
    ``(f) Document.--The term `document' means any message, instrument, 
information, data, image, text, program, software, database, or the 
similar item, regardless of how created, if such item can be retrieved 
or displayed in a tangible form.
    ``(g) Electronic Authentication.--The term `electronic 
authentication' means a cryptographic or other secure electronic 
technique that allows the user of the technique--
            ``(1) to authenticate the identity of or information 
        associated with a sender of a document;
            ``(2) to determine that a document was not altered, 
        changed, or modified during its transmission to a recipient; or
            ``(3) to verify that a document received was sent by the 
        identified party claiming to be the sender.
    ``(h) Federal Banking Agency.--The term `Federal banking agency' 
has the same meaning as in section 3 of the Federal Deposit Insurance 
Act, and includes the National Credit Union Administration.
    ``(i) Financial Institution.--The term `financial institution' 
means--
            ``(1) an insured depository institution and any branch, 
        representative office, or subsidiary thereof;
            ``(2) a bank holding company and any subsidiary thereof;
            ``(3) an affiliate of an insured depository institution;
            ``(4) an association;
            ``(5) a foreign bank maintaining an agency or branch (as 
        such terms are defined in section 1(b) of the International 
        Banking Act of 1978) in the United States; or
            ``(6) any entity that is not described in paragraphs (1) 
        through (5) that is a financial institution, as defined in 
        section 903 of the Electronic Fund Transfer Act, or a card 
        issuer, as defined in section 103 of the Truth in Lending Act, 
        but only to the extent that the transactions of such entity are 
        subject to those Acts, respectively,
that affirmatively elects to be subject to the provisions of this Act 
by providing appropriate notice of such election in accordance with any 
commercially reasonable practice.
    ``(j) Insured Depository Institution.--The term `insured depository 
institution' has the same meaning as in section 3 of the Federal 
Deposit Insurance Act.
    ``(k) State Bank Supervisor.--The term `State bank supervisor' has 
the same meaning as in section 3 of the Federal Deposit Insurance Act.
    ``(l) Subsidiary.--The term `subsidiary'--
            ``(1) has the same meaning as in section 2(d) of the Bank 
        Holding Company Act of 1956; and
            ``(2) includes a `subsidiary', as defined in section 
        23A(b)(4) of the Federal Reserve Act.''.
    (b) Electronic Commerce.--The Bank Protection Act of 1968 (12 
U.S.C. 1881 et seq.) is amended by adding at the end the following new 
sections:

``SEC. 6. ELECTRONIC AUTHENTICATION OF DOCUMENTS.

    ``(a) Electronic Authentication of Documents, Information, and 
Identity.--
            ``(1) In general.--A financial institution may use 
        electronic authentication in the conduct of its business if it 
        has entered into an agreement regarding the use of electronic 
        authentication with any counterparty, or if it has established 
        a banking, financial, or transactional system using electronic 
        authentication.
            ``(2) Applicable rules.--The establishment and use of 
        electronic authentication pursuant to this section shall be 
        valid according to the relevant agreements or system rules.
    ``(b) Oversight.--
            ``(1) In general.--The appropriate Federal banking agency 
        or the appropriate State bank supervisor may preclude, by 
        regulation or order, an insured depository institution or a 
        subsidiary or affiliate thereof, or other institution subject 
        to its jurisdiction, from using electronic authentication in 
        the conduct of its business if it determines that--
                    ``(A) such use would not be consistent with safe 
                and sound banking practices; or
                    ``(B) such use would threaten the safety and 
                soundness of the institution, subsidiary, or affiliate.
            ``(2) State authority.--
                    ``(A) In general.--No financial institution shall--
                            ``(i) be regulated by, be required to 
                        register with, or be certified, licensed, or 
                        approved by; or
                            ``(ii) be limited by or required to act or 
                        operate under standards, rules, or regulations 
                        promulgated by,
                a State government or agency or instrumentality thereof 
                with regard to the use of electronic authentication, 
                including acting as a digital certification authority 
                or performing a similar role, pursuant to this Act.
                    ``(B) Limitation on fees.--No State may--
                            ``(i) impose a fee with respect to 
                        electronic authentication services performed by 
                        a financial institution subject to the 
                        provisions of this Act; or
                            ``(ii) impose any required minimum fee or 
                        otherwise limit the fee that may be charged by 
                        a financial institution with respect to 
                        electronic authentication services subject to 
                        the provisions of this Act.
                    ``(C) Other regulatory authority.--Nothing in this 
                subsection precludes a State bank supervisor from 
                regulating a State-chartered financial institution that 
                is otherwise subject to its jurisdiction.
                    ``(D) Consumer protection.--Nothing in this section 
                impairs the rights afforded to consumers under State 
                general consumer protection laws.

``SEC. 7. CONSUMER PROTECTION.

    ``Nothing in section 6(a) shall be construed to impair the rights 
afforded to consumers under--
            ``(1) the Truth in Lending Act or the Electronic Fund 
        Transfer Act, or the implementing regulations of the Federal 
        Reserve Board thereunder applicable to electronic funds 
        transfers from a consumer account or extension of credit to 
        consumers; or
            ``(2) any State law of a similar nature or purpose.''.

SEC. 4. FEDERAL RESERVE BOARD STUDY.

    (a) Report.--Not later than July 1, 2000, the Board of Governors of 
the Federal Reserve System (hereafter in this section referred to as 
the ``Board''), in consultation with the Federal banking agencies and 
State bank supervisors, shall report to the Congress regarding the use 
of electronic authentication under section 6 of the Bank Protection Act 
of 1968, as added by this Act by financial institutions.
    (b) Considerations.--In preparing the report required under 
subsection (a), the Board shall include consideration of--
            (1) the appropriateness of applying the consumer protection 
        provisions of the Truth in Lending Act, and the Electronic Fund 
        Transfer Act, or the implementing regulations of the Board 
        promulgated thereunder, to such transactions;
            (2) whether protections for consumers should be changed in 
        light of the experience of financial institutions and consumers 
        in transactions where electronic authentication is used in 
        connection with third-party assurances; and
            (3) the need for consultation and coordination with other 
        nations concerning the international use of electronic 
        authentication by financial institutions and others, with the 
        purposes of--
                    (A) encouraging simplified regulatory governance, 
                foreign recognition of electronic authentication under 
                this Act, and United States recognition of foreign 
                electronic authentication;
                    (B) encouraging the greatest possible 
                interoperability across borders;
                    (C) imposing the least possible regulation 
                consistent with security and safety and soundness 
                considerations;
                    (D) promoting the smooth functioning of the 
                payments system; and
                    (E) facilitating the opportunity for financial 
                institutions to participate freely and fairly in 
                foreign markets.
    (c) Incorporation of Defined Terms.--Any term used in this section 
that is defined in section 2 of the Bank Protection Act of 1968 (as 
amended by this Act) shall have the same meaning as in that section 2.

SEC. 5. RULES OF CONSTRUCTION.

    (a) Effect on Use.--Nothing in this Act or the amendments made by 
this Act may be construed to limit the right of any financial 
institution or other entity to use electronic authentication or other 
authentication technique in the conduct of its business.
    (b) Effect on Otherwise Lawful Agreements.--Except as otherwise 
specifically provided, nothing in this Act or the Bank Protection Act 
of 1968, as amended by this Act, shall be construed to affect the 
validity of the formation of relevant agreements or system rules in 
accordance with the provisions of otherwise applicable Federal or State 
law.
                                 <all>