Companies that use the Income Verification Express Services (IVES), and particularly the IRS forms 4506-T and 4506T-EZ, need to explicitly configure their Adobe Sign group or account settings to ensure compliance.
The core document from the IRS regarding IVES compliance can be found here: https://www.irs.gov/individuals/income-verification-express-services-ives-electronic-signature-requirements
Adobe Sign is a fully ESIGN Act compliant solution. All the IRS definitions and ESIGN law requirements are met by the core solution for all agreements sent through the service.
IVES has additional requirements that must be followed to ensure compliance with and participation in using the 4506-T and 4506T-EZ forms.
Below you will find the requirements set forth by the IRS requirements document, and the related Adobe Sign application configurations that ensure compliance.
Access to the configuration settings below requires an Adobe Sign business or enterprise level of service.
IVES compliance requires two-factor authentication when signing documents. Adobe Sign delivers all requests for signature as a unique link per signer to an email address. The unique signing URL and access to the email inbox constitutes the first factor authentication. To meet the requirement for the second factor authentication, the Adobe Sign account can be configured to require the signer to provide a second level of authentication before being able to sign the document. Adobe Sign supports three options for the second factor:
It is recommended that the group or account sending document that require IVES compliance configure the following settings:
IVES requires that signers explicitly consent to doing business electronically.
IVES document require an electronic signature to be validated against the name on the form.
IVES documents must be made tamper proof after the signatures are applied.
An audit log of the entire signature process must accompany the document. The audit log must contain all the document lifecycle information.
i. Attach audit report to completed documents → Always
ii. Send an extra copy of every signed agreement to these email addresses → An internal archival email address
The Audit Trail itself contains all the elements required by IVES:
A. Date and time of creation
B. IP address of the signer
C. Document lifecycle notifications
D. Result of authentication
E. Result of consent
F. Result of each electronic signature
All 4506-T and 4506T-EZ forms, including their audit reports, must be retained for two years.
All participants using an electronic signature solution must use an independent party to audit the signatures annually.
Enterprise level customers can create discrete workflows using the workflow designer.
This option allows for a document specific workflow, including user verification methods and notification processes, without having to employ group or account wide settings.
Given the IVES requirements are fairly strict and unforgiving of human error, this option is strongly recommended.