Prior to COVID-19, electronic signatures were already relatively common, but their adoption has since accelerated, for obvious reasons. Electronic signatures present unique risks, such as whether an electronic signature is a valid form of execution and the risk of unauthorised use by someone who has either gone beyond their authority or is even a fraudster. This article looks at the latter. This is a significant risk since manufacturing a fake electronic signature is as easy as taking a screenshot of the genuine article and then applying a cut-and-paste. Gone are the days of the skilled artisan who mimicked a wet-ink signature!
The starting point for assessing the legal ramifications of an unauthorised electronic signature is that if a document is purportedly executed without the authority of the person whose signature is applied, the document is null and void. But that may not be the end of the matter. A party who wishes to enforce the document against the purported signatory may be able to rely on legal doctrines such as ostensible authority, estoppel and ratification. The application of these doctrines very much depends on the facts of the case. The NSW Court of Appeal decision of Williams Group Australia Pty Ltd v Crocker  NSWCA 265 provides a useful study of their operation, plus some of the working arrangements that have become common during COVID-19, such as remote working and relying on document execution software to sign agreements.
So what was Williams Group v Crocker about?
Messrs Crocker, Walsh and Brooks were directors of a company called IDH Modular Pty Ltd. IDH operated from Murwillumbah on the north coast of NSW, but Mr Crocker usually worked remotely some 125km away in Brisbane.
Around May 2012, Mr Brooks introduced the "HelloFax" software system to IDH to allow the directors to sign documents electronically. The directors could upload their electronic signature onto HelloFax and, by entering their email address and password, then apply it to electronic documents. Mr Brooks provided Mr Crocker with a password when Mr Brooks set up the system but Mr Crocker never changed his password. Mr Crocker first logged onto HelloFax on 26 June 2012 and uploaded his electronic signature.
Williams Group Australia Pty Ltd was a supplier of buildings materials. On 2 July 2012, an unknown person in the Murwillumbah office of IDH, using the HelloFax system, applied Mr Crocker's electronic signature to a credit application form, which was later presented to Williams Group, with a guarantee of IDH's debts from Mr Crocker in favour of Williams Group. The unknown person also applied Mr Crocker's signature to the guarantee. The electronic signature of Mr Crocker on each document was purportedly witnessed by IDH's administration manager. The electronic signature was not the one that Mr Crocker uploaded to HelloFax on 26 June 2012. Instead, this signature was uploaded by the unidentified person on 2 July. HelloFax sent an email to a signatory upon their signature being applied to a document. However, Mr Crocker never received the email in relation to the credit application and guarantee or at least never saw the email. Mr Crocker was completely unaware of the unauthorised use of his electronic signature on the credit application and guarantee.
On 6 July 2012, Williams Group approved the credit application from IDH. It assumed the signatures were authorised without making any inquiries. Williams Group then supplied building materials on credit to IDH with a total value of around $890,000. IDH defaulted and went into liquidation. Williams Group sought to enforce the guarantee against each director. Summary judgment was given against Mr Brooks and Mr Walsh, but Mr Crocker contested the claim on the basis that he did not fix his electronic signature to the guarantee and did not know of it until after William Group commenced its claim. Mr Crocker succeeded at first instance, but Williams Group appealed to the NSW Court of Appeal.
On appeal, Williams Group accepted that Mr Crocker had not given the unknown person actual authority to place his electronic signature on the guarantee, but argued that the unknown person had Mr Crocker's ostensible authority. Williams Group also argued that Mr Crocker had ratified his electronic signature and was estopped from denying that he was bound by the guarantee. So what did the NSW Court of Appeal say on each of these issues?
Williams Group argued that whoever fixed Mr Crocker's signature to the guarantee was "cloaked" with ostensible authority to do so by Mr Brooks' setting up the HelloFax system, Mr Crocker's failure to change his password and Mr Crocker uploading his electronic signature to HelloFax on 26 June 2012. In other words, IDH had created an organisational structure within IDH which amounted to holding out to trade creditors that electronically signed documents had been authorised by the relevant signatories.
The Court said the test for ostensible authority was whether Mr Crocker had "held out to Williams Group that whoever placed his electronic signature on the relevant documents … was authorised by him to do so". The "holding out" did not need to arise from a "direct communication" by Mr Crocker to Williams Group. "It could, in an appropriate case, arise out of some omission on his part", but "there needs to have been a representation of authority by Mr Crocker (not the agent who applied the electronic signature)… for Mr Crocker to be bound by the guarantee".
So, did Mr Crocker represent to Williams Group that the unidentified person who placed his electronic signature on the guarantee had his authority to do so? The Court concluded that he did not for the following reasons.
- The mere fact Mr Crocker used HelloFax did not amount to a representation that he authorised the application of his signature by the unidentified person.
- Williams Group did not know the guarantee had been signed with HelloFax so it is difficult to see how a representation was made to it regarding the authority of a signature applied using HelloFax.
- Mr Crocker did not "arm" anyone at IDH with a document which, when signed, would bear the hallmark of authenticity nor did he "arm" anyone at IDH with the means of affixing his signature to documents. For example, he did not provide someone at IDH "with a blank order form, or blank cheque, which when signed would appear to be an authentic document".
Matters might have been different if the dispute was whether Mr Crocker's signature, as a director of IDH, bound IDH to the credit application. The Court said "the signature of a person who appeared to be an officer of the company, and the fact that the application was sent to Williams Group by IDH, may well have amounted to a representation by IDH, or an officer or employee at IDH, that Mr Crocker was authorised to bind the company to the credit application".
Had the signature been ratified?
Williams Group's next argument was that Mr Crocker was bound by the guarantee because he ratified the unauthorised signature. The Court noted the following principles of ratification.
- For a principal to ratify an unauthorised act of their agent, the principal must have "full knowledge of all the material circumstances". Provided the principal has this knowledge, their ratification may be implied by silence or acquiescence.
- A principal may be attributed with knowledge of unauthorised acts of their agent if they wilfully shut their eyes to the obvious fact that the agent had gone beyond their authority.
The Court concluded that Mr Crocker did not have full knowledge of the application of his signature to the guarantee nor did he shut his eyes to this fact. For that reason, he could not have ratified the signature.
The final hope for Williams Group was its argument that Mr Crocker was estopped from denying that he was bound by the guarantee. The Court rejected this estoppel argument since Mr Crocker did not represent to Williams Group "the genuineness of his signature on the guarantee or… his authorisation of anyone else to place his electronic signature on the guarantee".
Relying on an electronic signature
Some valuable lessons can be learned from Williams Group v Crocker. For those seeking to rely on an electronic signature to enforce a document, it may be dangerous to assume it was applied with authority without making any inquiries. Williams Group made precisely that assumption and found itself without any recourse against Mr Crocker. Unless there is a representation by the signatory that the signature was applied with authority, arguments about estoppel and ostensible authority are unlikely to assist. The risk is elevated when an individual is the purported signatory instead of a company. This is for two reasons.
First, the assumptions in Part 2B.2 of the Corporations Act are available when a company is executing a document. We don't have time to address these in detail in this article but it is worth noting the following.
- In relation to dealings with a company, a person is entitled to make several assumptions even if an officer or agent of the company acts fraudulently or forges a document.
- These assumptions include:
- "anyone who is held out by the company to be an officer or agent of the company … has been duly appointed and … has authority to exercise the powers and perform the duties customarily exercised or performed by that kind of officer or agent of a similar company";
- "anyone who appears, from information provided by the company that is available to the public from ASIC, to be a director or a company secretary of the company … has been duly appointed and … has authority to exercise the powers and perform the duties customarily exercised or performed by a director or company secretary of a similar company"; and
- "a document has been duly executed by the company if the document appears to have been signed in accordance with subsection 127(1)" of the Act.
- A person is not entitled to make any of these assumptions if at the time they knew or suspected the assumption was incorrect.
Second, a company may hold someone out as having ostensible authority to bind the company by establishing an "organisational structure" that "presents to outsiders a complex of appearances as to authority". It is much less likely that an individual will establish an "organisational structure" for themselves. For a business, the holding out may arise "from equipping an officer of a company with a certain title, status and facilities"; providing a person with "a blank order form, thus arming him with a document which, when he signed it, would bear the hallmark of authenticity"; or "from permitting a person to act in a certain manner without taking proper safeguards against misrepresentation". It is interesting that the Court said (as obiter) that the provision, by an officer of IDH, of the credit application form with the false signature of Mr Crocker "may well have amounted to a representation by IDH… that Mr Crocker was authorised to bind the company to the credit application" where Mr Crocker was an officer of IDH.
Before finishing, it is important to note that unique issues regarding enforceability may arise for transactions concerning registered property due to indefeasibility. These issues did not arise in Williams Group v Crocker.