MO Emergency Rules 2020 (Remote Online Notarization)
Rule/Regulation
Effective: September 15, 2020
SummaryThe Missouri Secretary of State has adopted emergency rules to implement its new remote online notarization (RON) statutes that took effect on August 28, 2020.
Affects
Amends 15 CSR 30-110.030, 15 CSR 30-110.040, 15 CSR 30-110.050, 15 CSR 30-110.060, 15 CSR 30-110.070 and 15 CSR 30-110.080.
Changes
Remote Notarization Vendor Systems
- Provides rules for RON vendor system approval, as specified.
- Clarifies that once the Secretary of State has determined that a vendor’s system is approved, the name of the vendor will be posted on the Secretary’s website.
- Provides the RON software must allow for at least two of the following: (a) Credential analysis of government-issued identification; (b) Dynamic knowledge-based authentication; and (c) biometrics.
- Requires RON software to provide for a live session using audio-video communication integrated with electronic document processing as described in RSMo 110.060.
- Requires RON software to be able to capture the necessary details for the Notary to keep an accurate record of the transaction as described in Section 110.070 of the Code of State Regulations.
- Requires RON software to provide an audit trail for each session as described in Section 110.080 of the Code of State Regulations.
Standards for Credential Analysis
- Requires vendors to use automated software processes to aid the Notary in verifying each principal’s identity.
- Requires a credential to pass an authenticity test, consistent with sound commercial practices that (a) uses appropriate technology to confirm the integrity of visual, physical, or cryptographic security features; (b) uses appropriate technology to confirm that the credential is not fraudulent or inappropriately modified; (c) uses information held or published by the issuing source or authenticity source(s), as available, to confirm the validity of credential details; and (d) provides the output of the authenticity to the Notary.
- Requires the credentials analysis procedure to enable the Notary to visually compare (a) the information and photo on the presented credential image; and (b) the principal as viewed by the Notary in real time through the audio/video system.
- Clarifies that credentials must be a government issued document meeting the requirements of the state that issued the document, may be imaged, photographed, and video recorded under state and federal law, and can be subject to credential analysis.
- Requires the credential image capture procedure to confirm that (a) the principal is in possession of that credential at the time of the notarial act; (b) that the credential image submitted for analysis has not been manipulated; and (c) the credential image matches the credential in the principal’s possession.
- Provides the following general principles should be considered in the context of image resolution: (a) the captured image resolution should be sufficient for the service provider to perform credential analysis per the requirements above; (b) the image resolution should be sufficient to enable visual inspection by the notary, including legible text and clarity of photographs, barcodes, and other credential features; (c) all images necessary to perform visual inspection and credential analysis must be captured – e.g. U.S. Passport requires identity page; state driver’s license requires front and back.
Standards for Dynamic Knowledge-Based Authentication
- Requires the dynamic knowledge-based authentication (KBA) procedure to require each principal to answer questions and achieve a passing score from at least five (5) questions drawn from public or private data sources, minimum of five (5) possible answer choices per question, at least four (4) of the five (5) questions answered correctly to pass (a passing score of eighty percent (80%)); and all five (5) questions answered within two (2) minutes.
- Clarifies that each principal must be provided a reasonable number of attempts per signing session as follows: (a) if a principal fails their first quiz, they may attempt up to two (2) additional quizzes within forty-eight (48) hours from the first failure; and (b) during any quiz retake, a minimum of forty percent (40%), or two (2), of the prior questions must be replaced.
- Clarifies that a RON system provider must not include the KBA procedure as part of the video recording or as part of the system provided person-to-person video interaction between the Notary and the signatory; and must not store the data or information presented in the KBA questions and answers.
- Requires the result of KBA assessment procedure to be provided to the Notary.
Standards for Biometrics
- Provides that biometric sensing technology must include, but not be limited to, facial, voice, and fingerprint recognition.
Audit Trail Standards
- Provides that the significant actions completed as part of a RON signing session should be recorded in an audit trail.
- Clarifies that each entry in this audit trail should clearly indicate the action performed (e.g. addition of an electronic signature), the date/time of its performance (e.g., Coordinated Universal Time, 2018-08-21 01:14:22 UTC), the name of the party performing the action (e.g. John Doe), and the IP address of the party performing the action.
- Requires each document completed as part of a RON to be electronically signed and rendered tamper-evident.
Standards for Audio-Visual Communication
- Requires a reliable RON operating model to consist of continuous, synchronous audio and video feeds with good clarity such that all participants can be clearly seen and understood at all times during the notarial act.
- Clarifies that while inherent in online audio/video technology is the presence of temporary surges or spikes in quantitative measures like bitrate and/or frequency of communications a sounder approach to ensuring reliable real-time communications is to rely on the judgment of the Notary to determine the adequacy of the communications and provide direction to terminate the session if those conditions are not met.
- Requires the audio/video recording to include the person-to-person interaction required as part of the notarial act as defined by the state, must be logically associated to the electronic audit trail, and must be capable of being viewed and heard using broadly available audio/video players.
- Clarifies that the video recording of the transaction documents executed in the RON process is not required as part of the standards.
Standards for Storage and Retention of Notarial Records
- Provides that RON systems must (1) facilitate the process of collecting the required notarial records; (b) provide a method by which a Notary can access and/or export the notarial records; and (c) provide automated backup of the notarial records and audio/video recording to ensure redundancy.
- Requires RON technology solutions to employ data protection safeguards consistent with generally accepted information security standards.
- Clarifies that retention of the audio/video recording and notarial records by either the Notary or their designated third party, as directed by the Notary, must adhere to the laws, directives, rules, and regulations of the state.
- Requires a notary to retain an electronic journal and an audio-visual recording created under Chapter 486, RSMo in a computer or other electronic storage device that protects the journal and recording against unauthorized access by password or cryptographic process.
- Requires the recording of the remote online notarial act to be created in an industry standard audio-visual file format and must not include images of any electronic record on which the remotely located individual executed an electronic signature.
- Clarifies that an electronic journal must be retained for at least ten years after the last notarial act chronicled in the journal and that an audio-visual recording must be retained for at least the years after the recording is made.
- Requires a Notary to take reasonable steps to ensure that a backup of the electronic journal and audio-visual recording exists and is secure from unauthorized use.
AnalysisWith Missouri’s new remote online notarization statutes taking effect on August 28, 2020, the Missouri Secretary of State has adopted emergency rules to implement these statutes. The standards for remote online notarization draw heavily from the Mortgage Industry Standards Maintenance Organization’s technical standards, and are mostly uniform with the standards of most other states with permanent RON laws. The emergency rule is effective until March 13, 2021. At the time the Secretary adopted the emergency rule, the Secretary also proposed the same rules as its permanent rules. That proposal will go through the usual administrative rules process prior to adoption.
Read the emergency administrative rules (beginning on page 1373).