Placing You First Insurance Podcast by CRC Group
The Placing You First Podcast spans a diverse spectrum of insurance industry issues to keep you and your clients informed.
Placing You First Insurance Podcast by CRC Group
From Ink To Encryption: Understanding E-Signature Risks in the Digital Banking Era
Speed is winning deals, but speed is also feeding fraud. We sit down with CRC Specialty Professional Lines Broker Mark Waldeck to unpack the messy middle where e‑signatures, legacy policy language, and decentralized bank controls collide. From the difference between a simple e‑signature and a cryptographically protected digital signature to why underwriters hesitate when controls vary by department, we map the risk pathways that turn convenience into claims friction.
We examine a headline‑grabbing fraud where a bank funded a multimillion‑dollar loan to an impersonator despite notary involvement and remote verification. The dispute with the insurer highlights a wider issue: policy forms born in the era of signature cards are being stretched to cover today’s remote closings, and the gaps show up at the worst time. If you work with financial institutions, you’ll get a practical checklist to help ensure your banking clients are protected, from enforcing MFA and encryption to tightening scrutiny as transaction size grows.
Tune in to understand how small cracks in verification can become multimillion-dollar failures—and what you can do right now to help clients stay ahead of emerging fraud risks.
Visit REDYIndex.com for critical pricing analysis and a snapshot of the marketplace.
Do you want to take your career to the next level? Join #TeamCRC to get access to best-in-class tools, data, exclusive programs, and more! Send your resume to resumes@crcgroup.com today!
Welcome to the Placing You First Podcast, where we explore the issues and trends shaping insurance. I'm your host, Amanda Knight, joined by my co-host, Scott Gordon. And today we've got a great episode lined up.
Scott Gordon:That's right, Amanda. Today we're diving into a topic that touches, well, nearly every corner of the financial world. The shift from traditional wet signatures, as they're called, to digital and e-signatures. What risks does that introduce? And how can clients protect themselves against these risks?
Amanda Knight:Well, and as more financial institutions move operations online, we're all seeing tremendous benefits, right? Speed, convenience, accessibility, but that also creates exposures and underwriting considerations that we have to think about. So to help us unpack all of that, we're joined by Mark Waldeck, professional lines broker with CRC Chicago. This is the Placing Your First Podcast from CRC Group. This podcast features news and insights from a vast knowledge base of more than 5,500 associates who write more than 30 billion in premium annually.
Mark Waldeck:Mark, welcome back to the show. Thanks for having me. And this is obviously top of mind uh a big item for a lot of our clients.
Amanda Knight:Absolutely. But you know, I can't say that when you hear the word e-signature, you're like, yes, let's talk about that. So I duck up a little trivia, right? A little a little bit of bits and pieces to get us uh going this morning. Did you know? And maybe you did, Mark, because you know a lot about this. Did you know that the very first e-signature actually dates back to 1869? How you ask? British courts ruled that a telegram could serve as a legally binding agreement. So basically the Victorian version of DocuSign. 1896. Who knew? Take that to your next cocktail hour. Um when do you think, Mark and Scott, is the most popular time of day for people to e-sign documents? Because there is indeed a most popular time of day according to data.
Mark Waldeck:I'd probably go with yeah, I'd go first thing in the morning, but uh who knows?
Amanda Knight:Yes, I wake up and immediately think e-signatures. No, actually. According to DocuSigns data, the most common time people sign digital documents is around 3 p.m. local time. Right after lunch, caffeine kicks in, inboxes get cleared. So, you know, if you want to rebel everyone, don't sign anything at 3 p.m. Pick another time of day. All right, last one. How many trees do digital signatures save? All of them. All the trees. Going digital saves an estimated 2.5 billion sheets of paper a year globally. That's about 270,000 trees saved annually, thanks to e-signatures. So now that we're all a little bit smarter onto the serious stuff, Mark, you've been in this game a long time and you've seen firsthand how banking and financial services have evolved over the years. Can you walk us through how we went from signature cards all the way now to digital verification?
Mark Waldeck:Yeah, it's it's a strange transition because um banks have 100% embraced this, others have not. So it really is the Wild West. And I'd say the history behind it is uh that push for greater convenience, uh faster transactions makes perfect sense. Save the environment. There's a million reasons why you should do it, but it comes with risk that I believe everyone is overlooked. And the risk is: do we make it somehow easier for the bad actors to either impersonate the real individuals that are trying to effect a transaction? And then what controls, if any, of has the bank considered that should be inserted to prevent the bad actors from seizing control? So I think that's really the big, you know, elephant in the room that we have to figure out because digital signatures are here to stay. They're not going away, they're only going to get bigger and um it's widespread use. So now the function is how do we make sure the insurance contracts can keep pace because they're always playing catch-up? And then how do we also make sure that the controls and procedures are also uh revised again to reflect this new environment?
Amanda Knight:Well, and you mentioned how big of an industry this is from a market standpoint, it's huge. Uh the digital signature market is currently valued at over $12 billion as of 2025 and is growing at an annual rate of about 26.5%. That's massive.
Mark Waldeck:And I think part of the part of the problem is the competition that if a credit union or a non-sanctioned lender makes these um uh closings easier, let's use a real estate closing, well then uh banks have to keep up or they're gonna lose that business. And that's the problem is you have the sales side which is pushing for this, but uh behind the scenes, you have the audit side or the control side that is probably resisting.
Scott Gordon:It occurred to me, I mean, when we were talking about the amount of trees save, it's not just the page that the signatures on, it's all those documents that come before it. That's just page after page after page. So I can see why it's gone away. Um I use digital signatures every day, but some people still feel a little uneasy, Mark, about doing something as important as say signing for a loan document online or something. Some say that uh digital is safer, while others are not uh convinced. So, how do you see the trade-off between traditional security and modern convenience?
Mark Waldeck:I'm okay with our banks embracing it, provided they have the infrastructure backing it up. And what I found within my own book of business is the majority of the banks I interact with, they have decentralized controls, which runs counter to their organization. Normally the way banks are set up, because they're so highly regulated, you have to be licensed to open your doors. So if they don't follow certain safety and soundness procedures and practices, regulators can shut them down. They haven't really looked in this area yet because we haven't had a lot of claims, and we'll get to that later, but I believe the challenge is getting the banks to embrace a centralized approach to okay, if we're gonna accept electronic signatures in a remote environment, this is how we're gonna do it, and we're gonna do it the same way across all the silos or divisions within the bank. And what I'm finding is the lending area has their own set of rules, the trust area has a completely uh different set of rules, etc. That's the problem. There's no consistency even within the bank on how do we address it. And there's no regulatory guidance. The regulators haven't weighed in at all, which is frustrating. But they're usually slow to react, much like the insurance industry. We need a lot of losses or claims, I think, to spur them to act.
Amanda Knight:Well, and even at a more basic level, even you know, from the consumer or the insurance standpoint, there's a lot of confusion about e-signatures versus digital signatures. Can you clarify? Because I would assume that those are the same thing, but they're not. So what is the difference between an e-signature and a digital signature?
Mark Waldeck:Um, I I can address that if you want. The the uh it's the encryption behind it, the protection. So uh what you want to make certain is that there's some type of encryption software that wraps around uh the document itself. So that acts similar to a moat or a barrier to keep the bad guys away. Um if you don't have that barrier, you make it very easy then for them to see what you're signing. It makes it easy for someone who wants to reproduce your signature. All those things become very simple and easy for the hacker.
Scott Gordon:So even though both of these are legally recognized, the level of security really depends on the platform and the process. Correct.
Mark Waldeck:Um, and that's why, again, it's it's really the Wild West. Every time I go into a bank, I get a different response and answer from one bank to the next. And then even I was in a I was with a bank in Colorado maybe a few months ago, and I'm sitting in a room with their head of commercial lending, the head of their trust area, their head of IT, the CFO, and the CEO. And I said, What's your current stance on accepting digital signatures, if at all? And the CEO piped up right away and she said, We don't ever do it, we wouldn't consider it. And the guy to her right said, Well, that's not entirely accurate. And I could just see the whole room was about to explode. She's like, What do you mean we're doing this? But that's a great example where some cases the bank doesn't even know what the other departments are doing. So when I left that meeting, she said, We're not doing this anymore. And if we are, I want a written uh agreement that everybody in the bank signs on to, not just lending, it could be any department. And I thought that was really eye-opening for me because it highlights the fact that the different silos don't talk to each other. And if we have a problem, it's gonna be the same problem over and over again within the same bank. He hacked us in the lending area, he hacked us in treasury risk management, he hacked us in uh the trust department. It just goes on and on. So I think the fear is for me to prove our loss with the carrier, having that consistency will go a long way in our ability to trigger coverage. If we lack that, we make it much easier, I think, for the underwriters and the claims adjusters to push it back and say, well, you didn't even try and prevent the loss.
Amanda Knight:You know, speaking of triggering coverage, um, I actually saw this in the news uh recently, Mark. Um, and in an Indiana bank, I believe it was, recently sued its insurer after falling victim to a fraud scheme involving someone in vel impersonating an NFL player. Um, Scott, did you see that?
Scott Gordon:This is a true story. Uh the bank, first farmers bank and trust, they made a multi-million dollar loan to someone claiming to be Njoku, assuming that's how you pronounce his name. Uh the whole deal was done remotely over Zoom, and documents were uploaded digitally. Everything looked legitimate, and the notary even verified the ID in person, but it turned out to be a complete identity theft scam.
Mark Waldeck:And the and the dispute with the carrier is you needed to have the original documents in the bank's possession before you would close and release the funds. And the bank's defense, and it's gonna be litigated for a long time, but the bank's defense was we went out of our way to hire an independent notary as our representative to go to the remote location, sit with the borrower, in this case the fraudster, who was pretending to be the NFL player. Um, so as far as I can see, it appears that the bank did everything they could in their power. So the only thing they probably lacked was physical possession of the signature, but I would argue the notary did possess it. And if that individual was your designee, you can see where I'm taking it. The notary is no different than a bank employee. It's he's that guy's just an independent contractor. So I think this is gonna uh go many rounds in the court system to try and unravel it. And what I'm telling all my banks is this is an example of a three plus billion dollar asset bank publicly traded. They tried to do the right thing, and uh sending a notary to a remote location is going above and beyond, and yet here we are with coverage being denied. And the big issue in the denial is you did not physically possess those signatures at time of closing and remittance. And uh I think we have to sort of pay attention to what's going on because the carriers are dealing with a policy form that was written in the 1950s, and they haven't, they're not sure. In my opinion, the adjuster can only go with what's inside the boundaries of that margin of the of the policy, and they can't, everything is silent, they can't find anything that that fits perfectly into this scenario. Uh, and when they set up some of these requirements, it started with the physical signature cards, the physical authentication. We're not remotely authenticating you. You have to be in the bank. So uh what I'm cautioning all my banks is let's not wait for the other shoe to drop and the lawyers get involved. Let's have the right controls up front. And then what I'm encouraging my banks to do is let me upload a copy with their permission of your procedures, not only to the regulators, to your audit team within the bank and to the underwriter. That way everyone's got it. We've all agreed up front. There shouldn't be anything to argue over, should there ever be a claim. Because I don't have confidence that we can rely on our individual underwriters to sort through this. They're learning as we go.
Scott Gordon:So this is where the underwriting comes in figuring out how to adapt the coverage to reflect how business is actually done today, right, Mark?
Mark Waldeck:And we have endorsements. Some of our underwriters will issue an endorsement for electronic securities or e-signatures. Um, but there's usually a sublimit. There may be a callback requirement. You can accept this, but you need to have a customer agreement in file prior to any of these real estate closings in this example. And you need to call the pre-arranged, pre-agreed um number that's in that file. So there's a million trapdoors, in my opinion, as you travel down that path. All of them end poorly for the bank unless they follow it to a T. So what I'm that's why I'm pushing the controls so hard. If we can't demonstrate our controls, we're gonna have a hard time proving our loss. So I think it's gonna start with how do we authenticate? What customer agreement is in file that allows a remote transaction or an electronic signature? And then how do we, if we are in this remote environment, how do we authenticate? It all needs to be, I hate to say it, codified up front. Because if we don't, now we're fighting with the carrier and the adjuster, and it's I think we're gonna have a lot of angry um clients because no two frauds are the same, but I think the biggest challenge will be getting the underwriter to sign on to the controls that I will upload to them. Hey, if you have a problem with our controls, speak now. And if you're quiet, then I'm gonna take that as acceptance that this is okay, and we're not gonna have a problem should this scenario present.
Scott Gordon:Well, and working, I love I love when you refer to them as your banks. Because only King's CEOs and Mark Waldeck can refer to them legally as his banks. I love it. So for other listeners who work with financial clients, Mart, what are some top security measures you recommend to reduce e-signature risk?
Mark Waldeck:Um I think the regular employee training is critical. Um, we definitely want to uh you know carefully screen whoever those key third-party vendors are that we're relying on, um, because that is a whole nother area of uh risk. We don't control those third parties. Um I think having that sensitive data encrypted is really, really important. Uh, and that's both at rest and in transit. Um, we talked about multi-factor authentication and having sort of that pre-agreed customer agreement in file. Um I'm trying to think if there's any other ones. We talked about the callback, some type of password verification. Um what I find though is the bigger the loan, the less stringent the bank's requirements are. So that feels like if you want to borrow $100,000. Yeah, it's a lot of work and they make you jump through hoops. But if you want to borrow five to ten million, they're lining up to hand you the keys to the vault. And I don't know why, but that's just human nature.
Amanda Knight:Well, that's all great advice and a reminder, I think, that customer experience and security they can coexist. We're not trying to make anybody's life harder, but banks really do have a responsibility to balance both if we're going to build trust and loyalty at the same time. So all right, Mark. The hard parts behind you. We've come to the best part. Before we let you go, we know we always, you know, we always like to end with a little fun. Are you up for a few rapid fire questions?
Mark Waldeck:Sure.
Amanda Knight:Okay. All right. The holidays are quickly approaching, or maybe they've they've passed by the time our listeners are uh digging into this episode. But what is your favorite holiday and why?
Mark Waldeck:I'm probably gonna go with Thanksgiving, not just because it's nearby on the calendar, but it's it's easy, there's no pressure. Yes, all you gotta do is all you gotta do is show up and eat, and you don't have to get any gifts.
Amanda Knight:That's right.
Scott Gordon:Well, I'll come over to your house because there's a lot of pressure over here. I'll tell you that.
Amanda Knight:No, I agree. You just get to eat good food with people you love or like or tolerate, depending on your scenario. And uh no gifts, no pressure, just wear your stretchy pants.
Mark Waldeck:So, Scott, what would be your holiday if it's not Thanksgiving?
Scott Gordon:Um, I you know, for an atheist, I really enjoy Christmas and always have. Um so yeah, probably Christmas. Because I really like wrapping my grandmother used to teach me how to wrap presents, so it's like my connection with her. And plus, everyone wants me to wrap their presents so that I feel useful.
Amanda Knight:So I mean, can you wrap mine? Because you can always tell when I wrap the presents because it looks like a toddler did it. I don't know. You'd think it's not that hard, but it's that's my wife.
Scott Gordon:And my grandmother worked uh at Pizz department store in the gift wrap department back when they had such a thing. So she's a property.
Amanda Knight:She was a pro.
Scott Gordon:All right, Mark, next question. What's one thing you always keep in your briefcase? Backpack or desk drawer?
Amanda Knight:Never leave home without it.
Mark Waldeck:This is gonna sound weird, but I always bring airborne. I keep a tuba airborne, the fizzies in all of the above. So if I'm on a plane and somebody's hacking on me, I just pound one of those and I'm fine. Um I not that I'm a germ freak, but I'm just I don't have time. So I'm running too fast. So I just pop that stuff. When we were when I was overseas a couple weeks ago, I went to a pharmacy in France and asked in my broken French, I'm looking for an airborne. I showed them the two. I said it's a fizzy, it goes in water. He sells me it's like a vitamin C chewable, but it's all in French. I drop it in a glass of water, it just sits there, it doesn't dissolve, and I'm thinking, okay, he's he sold me the kind you got the chewables.
Amanda Knight:So well, that's one way to get it.
Mark Waldeck:But I'm I swear by that.
Scott Gordon:I you gotta have that effervescence. Yeah. And they also they taste good. Sorry, I'm not doing an ad for airborne, but they're actually pleasant for what it is.
Amanda Knight:Yeah. And they do work. I mean, I feel like they are helpful in preventing getting whatever funk is trapped with you on the phone. Right.
Mark Waldeck:It doesn't hurt you.
Amanda Knight:Yeah. Okay. And most important question we've all established we're food people. What is your go-to Chicago deep dish spot? If you're in Chicago, where are you going?
Mark Waldeck:That's a really good one. Uh we have a lot of good deep dish pizza places. I'd go Giordano's. They're sort of the original. And it's, you know, it's one slice will put you to sleep. You can't eat, you can't eat more than one slice. It's too thick.
Amanda Knight:Yeah.
Mark Waldeck:It's good.
Amanda Knight:It's really good though. It's worth every it's worth every calorie.
Scott Gordon:Well, Mark, thanks for joining us again and sharing your insights on digital and e-signature risks. It's pretty clear that this is an area with both opportunity and exposure. And the right guidance makes it makes all the difference.
Mark Waldeck:No, thanks for having me. And uh I think there's a lot we can do here at CRC to help our clients and prospects. And I think unlike a lot of wholesalers, placement is just one slice of this discussion. And I think it's all the other stuff that really uh makes all the difference if a claim comes in.
Amanda Knight:Absolutely. For more insights, visit CRCgroup.com. You've been listening to the Placing You First Podcast. Be sure to follow and subscribe wherever you get your podcasts, and we'll see you next time.
