UT Administrative Rules (2019)
Rule/Regulation
Effective: November 01, 2019
SummaryA new rule issued by the Utah Lieutenant Governor prescribes standards for remote online notarization.
AffectsAdds Sections R623-100-1 through R623-100-9 to the Utah Administrative Code.
Changes
Definitions
- Defines (a) “credential analysis,” (b) “identity proofing,” (c) “knowledge-based authentication,” (d) “multi-factor authentication,” (e) “principal,” (f) “record,” (g) “remote notarial act,” (h) “remote notarial certificate,” (i) “remote notarization solution,” (j) “solution provider” and (k) “tamper-evident.”
Remote Notarization Certification Application
- Requires a Notary to submit to the Lieutenant Governor the following information for certification as a remote Notary: (a) the Notary’s commission number as assigned by the Lieutenant Governor; (b) the Notary’s commission expiration date; (c) the name of the solution provider authorizing the Notary’s use of the remote notarization product; (d) a copy of the Notary’s electronic seal and electronic signature provided by the solution provider; and (e) a statement certifying that the Notary will comply with the provisions of R623 (remote notarization rules) and UCA Title 46, Chapter 1 (Notaries Public Reform Act).
- Clarifies that a Notary Public providing remote notarial services without a current remote Notary certificate is subject to suspension or revocation of his or her Notary commission and other penalties as prescribed by UCA Title 46, Chapter 1 (Notaries Public Reform Act).
- Provides that any suspension or revocation of a remote Notary’s commission will result in suspension or revocation of the Notary’s remote certification until such time that the Lieutenant Governor lifts the suspension or revocation.
Multi-Factor Authentication
- “Multi-factor authentication” is defined as “a means a method of access control in which a principal is granted access after successfully presenting personal identity evidence using at least two or more of the following mechanisms: knowledge-based authentication; credential analysis; or biometric data.”
- Requires credential analysis to be provided by a reputable third-party vendor or software tool that can demonstrate proven credential analysis processes and employ technology that binds the identity of the principal following successful knowledge-based authentication, or biometric data.
- Requires credential analysis technology to allow human visual comparison between the principal and the principal’s ID presented to the remote Notary.
- Requires remote notarization solution providers to use an automated software process to aid the Notary in verifying each principal’s identity.
- Requires identification for credential analysis to pass an authenticity test that: (a) uses appropriate technologies to confirm the integrity of visual, physical or cryptographic security features; (b) uses appropriate technologies to confirm that the identification is not fraudulent or inappropriately modified; (c) uses information held or published by the issuing source or authoritative source, as available, to confirm the validity of the identification details; and (d) provides the result of the authenticity test to the notary.
- Requires the identification analysis procedure to enable the Notary to visually compare the information and photo on the identification image presented, and the principal as viewed by the Notary in real time through the audio-video system.
- Provides that if the remote Notary is unable to validate the identification of the principal, or to match the principal’s physical features with the credential, the notarial act must be stopped, and the credential cannot be used again for a remote notarial act.
- Requires IDs presented for credential analysis to be a type required under UCA 46-1-2(19)(b).
- Requires the ID image to be captured and confirm that the principal is in possession of the ID at the time of the notarial act, the ID images have not been manipulated, and the ID images match the ID in the principal’s possession.
- Provides the principles that should be considered related to the image resolution used in credential analysis: (a) captured image resolution should be sufficient for the issuing source or authoritative source to perform credential analysis per the requirements above; (b) image resolution should be sufficient to enable visual inspection by the Notary, including legible text and clarity of photographs, barcodes, and other identification features; and (c) all images necessary to perform visual inspection and credential analysis must be captured.
- Requires that knowledge-based authentication (KBA) assessments must contain 5 multiple choice questions and a minimum of 5 possible answers per question.
- Requires a principal to achieve a passing score of 80% and complete the KBA in under two minutes.
- Requires each principal to be provided a reasonable number of attempts to pass the KBA per signing session.
- Provides that if a principal fails their first KBA quiz, they may attempt up to two additional quizzes within 48 hours from the first failure.
- Provides that during any KBA quiz retake, a minimum of 40% (2) of the prior questions must be replaced.
- Provides that biometric sensing technologies for remote notarization in the areas of authentication, credential analysis, and identity proofing verification may include facial, voice, and fingerprint recognition.
- Requires a principal who exits the notarial act during the notarial act to restart the credential analysis and authentication workflow from the beginning.
Audio-Video Communication
- Requires a reliable remote notarization operating model to consist of continuous, synchronous audio and video feeds with good clarity such that all participants can always be clearly seen and understood.
- Requires the remote Notary to determine if the quality of the audio and video are adequate for communication and to terminate the session if they are not.
Certificate of Remote Notarial Act and Signature
- Requires any document notarized remotely to clearly state, in the remote notarial certificate, that the principal making the acknowledgment, oath or affirmation and signing the document appeared remotely using audio-video communication technology.
- Requires each document completed as part of a remote notarization to be electronically signed and rendered tamper-evident.
Records of Remote Notarial Acts
- Requires each entry in the electronic journal to clearly indicate the notarial act performed, the date and time of its performance, the name of the principal performing the action, and the IP address of the principal performing the action.
- Requires the audio-video recording to include the person-to-person interaction required as part of the remote notarial act, to be logically associated to the electronic Notary journal, and to be capable of being viewed and heard using broadly available players.
- Prohibits the transaction documents executed in the remote notarization from being recorded.
Solution Providers
- Requires a remote Notary to use an approved solution vendor to perform remote notarial acts.
- Provides rules for the solution provider application process.
- Requires an approved solution provider to provide secure access to the solution by password or other secure means identifying the Utah remote Notary.
- Requires an approved solution provider to verify from the Lieutenant Governor’s Notary registry each time a remote Notary Public logs into the solution to ensure that the remote Notary Public is in active status before performing a remote notarization.
- Requires the solution provider’s system, process, and procedures to be capable of generating a printable version of all documents executed in the system, including but not limited to the documents executed in the notarial act and associated tamper-evident certifications as required by the Lieutenant Governor.
- Requires solution providers to have comprehensive security programs in place to ensure privacy and data security.
- Requires solution providers to be vigilant to ensure consumer data, privacy, and information security laws and regulations are satisfied through their information security programs.
AnalysisCoinciding with the effective date of Utah’s remote online notarization statute on November 1, 2029, the Lieutenant Governor, who is the commissioning official for Utah Notaries Public, adopted rules to implement the new statute. The rules provide standards for how Notaries can apply for certification as a remote Notary, how Notaries must identify principals who request a remote notarial act, and how Notaries utilize communication technologies to perform a remote online notarial act. The rules also require remote Notaries to use only approved remote online notarization solution providers and provides rules for solution provider applications. On the whole, the rules borrow many provisions from the Mortgage Industry Maintenance Standards Organization’s standards for remote online notarization.
Read the adopted administrative rules.