Navigating the “Non-Clickable Link” Rule: A Docusign Guide for Financial Institutions Across Asia
In Singapore and the Philippines, financial services institutions can't include clickable links in emails. To enable customers, we have two workarounds.
Since early 2022, financial services regulators across Singapore, Philippines, Vietnam and other Asian regions have required that financial institutions remove clickable links from emails and SMS messages to their customers. This initiative helps to protect customers against phishing scams and social engineering attacks. Digital signatures are still possible without clicking a link
To support our customers’ compliance with messaging and anti-phishing requirements in Asian markets, we enable financial institutions to design customer-facing use cases for Docusign - without embedding clickable links in their external communications. To navigate this requirement, two commonly adopted approaches include:
Removing hyperlinks from Docusign’s email and SMS notifications.
Directing customers to a secure session within the bank’s authenticated web portal (or mobile app) to complete the requested actions.
Let’s take a look at both approaches.
Option 1: Remove clickable links in email notifications
To remove clickable links in Docusign’s email notification, an administrator needs to access the email resource files from the admin panel.
1. Go to Admin
2. In the navigation panel, under the Account heading, click Brands
3. Select the brand for the email profile you want to change. If a brand doesn’t exist, then select ADD BRAND to create one. Learn more about adding brands.
4. Click on the Resource Files
5. In the Select Resource File Type dropdown, select Email and then Download Master.
6. After downloading the Email Resource file, open it with a source code editor (i.e. NotePad++) and remove the links within the document.
Note: In this example, we’re showing you how to remove the “Review Document” link. HTML/XML knowledge is recommended before working on this file. If you don’t have a technical resource, get in touch with your Docusign Account Team to get a Professional Service quotation to complete this.
7. After making necessary changes to the resource file, upload it by selecting Upload on Email Resource File.
8. On the Email Notification, you may customise the following:
==Starts here===
Follow the Instructions below to sign the document:
Security code: [[Data:DocumentCode]]
==End here===
Then, the email that’s sent out to customers looks like this. Signers simply follow the instructions to open the document from the Docusign website, using a security code instead of clicking “Review Documents”.
Option 2: Integrate signing experience on portal or application
The other approach is to integrate the Docusign signing experience into the bank’s portal or app. This uses embedded signing*.
*The animation above illustrates the process of a banking portal where the customer logins to the portal, fills up the mortgage application form and gets directed straight to the Docusign signing page within the bank’s portal for sign off.
Embedded signing enables users to view and sign documents directly through your app or website. This way, users work off only one system and do not have to straddle between your app and emails. It’s a more fluid document transaction, appearing as a seamless extension of the client application.
Given the tight integration with Docusign, there are more technical and functional burdens on the client application – including addressing security, legal, and user experience requirements that are engineered into the Docusign application in the Remote Signer pattern. Embedded signing is implemented only via API and maintains its connection allowing them to visit a one-time secured link.
As per option 1, if your team needs help with embedded signing, we encourage you to contact Docusign.
Related posts
Docusign IAM is the agreement platform your business needs
