How does delegation of authority support SOX compliance?

Authorization limits and segregation of duties are core internal controls over financial reporting. Aptly holds those limits as structured, versioned records and logs every approval, delegation, and acceptance, so §404 evidence that the control operated throughout the period is captured automatically rather than reconstructed.

What's the difference between documenting controls and proving they operated?

A documented control shows intent; an operated control shows evidence. Auditors increasingly want the latter: proof the control worked on every day of the period, for every approver. Aptly captures that evidence continuously, so "show your work" is an export, not a project.

Does Aptly map to frameworks outside the US?

Yes. The same authority layer produces evidence for the UK Corporate Governance Code (Provision 29), APRA CPS 230, Singapore MAS, NIS2, the NZ FMC Act, and others. You map authority once; each framework reads the evidence in its own terms.

How fast can Aptly produce audit evidence?

Because evidence is captured as authority is exercised, you generate it on demand, for any approver, any limit, any period, in seconds, rather than assembling it after the fact.

Is Aptly itself certified?

Aptly is SOC 2 Type II, ISO 27001 (Stage 1), and GDPR compliant, with full version history and action logs on every record.

Use Case · Contract Approval

Govern who can approve, and who can sign.

Approving a deal and signing it are two different powers. Someone with approval authority can greenlight the commercial terms; only someone with signature authority can legally bind the company to them. When those two rights drift apart, a contract gets signed by someone who was never authorized to bind, and the agreement can be challenged. Aptly holds both as live, structured authority, keeps your authorized-signatory list current as your organization changes, and records who held the right to approve and to sign, so you can prove both for any contract, on any date.

See Aptly in your environment Get the Contract Approval Decision Map

Aptly showing a contract where approval authority and signature authority are tracked as distinct rights, with the authorized signer confirmed at execution.

The Gap

A signature isn't the same as the authority to sign.

Most companies can name who approves a contract, and almost all of them have a delegation-of-authority policy on paper. Far fewer can prove, at the moment a deal is signed, that the person placing the signature actually held the authority to bind the company, and that the approval behind it came from someone with the right to give it. That gap is quiet until a counterparty, a bank, or a dispute forces the question.

Approval and signature get conflated. The commercial owner who negotiated the deal signs it, even though binding authority sits with a named officer or an attorney-in-fact under a board resolution. The contract is executed by someone without actual authority to bind.

The signatory list goes stale on every change. Authorized signatories derive their power from board resolutions, powers of attorney, and signing policies. Every leadership change, restructuring, or new entity quietly invalidates part of the list, but the spreadsheet that records it does not keep up.

No one can prove authority at the moment of execution. When a contract is questioned months later, reconstructing who was authorized to approve and to sign on that date means digging through resolutions, email approvals, and HR records that have all since moved on.

~90%

Third-Party Research

Almost 90% of organizations already have a delegation-of-authority policy, formal or informal. The problem is rarely the policy. It is keeping it live, and proving who could actually sign on the day a contract was executed.

Survey-based; EY and the Society for Corporate Governance, 2025; 200+ respondents.

The fix isn't a better signing workflow. It's treating approval authority and signature authority as distinct, enforced rights, and proving both at the moment of execution.

The Authority Layer

Two rights, one authority layer.

Aptly sits between your identity systems (Okta, Microsoft Entra ID, SailPoint) and the systems where contracts are routed and executed (your CLM and e-signature tools, your ERP), connecting to them through its integration platform, as the system of record for who can approve a deal and who can sign it. These are different powers: approval authority is the internal right to greenlight commercial terms up to a limit; signature authority is the formal, often board-conferred power to legally bind the entity. Aptly holds both as structured, versioned records and enforces the difference.

This is who can approve and who can bind, decision authority and signature authority, not contract workflow or e-signature execution. Your CLM moves a contract through its stages; your e-signature tool captures the signature. Neither governs whether the person approving had the right to greenlight the deal, or whether the person signing had the authority to bind the company. Aptly is the authority layer those tools assume already exists: it defines the two rights, keeps the authorized-signatory list current as a live output of the delegation of authority (DOA), and records that both were authorized at the point of execution.

Identity systems

Who can log in

OktaMicrosoft Entra IDSailPoint

The Authority Layer

Aptly governs who can approve and who can sign

Delegations, limits, conditions, and the authorized-signatory list, versioned and evidenced.

Execution systems

Where contracts are routed and signed

CLME-signatureERP

Aptly supplies the authority to approve and to sign into the systems where contracts are routed and executed.

Identity proves who you are. Your CLM and e-signature tools move and capture the contract. Aptly is the system of record for who can approve it and who can sign it.

How It Works

From approval to binding signature, in four steps.

Define approval and signature authority as distinct rights.

Capture who can approve commercial terms (with limits and conditions) separately from who holds the formal authority to bind the entity, each as structured records traceable to its source: a delegation, a board resolution, or a power of attorney.

Keep the authorized-signatory list current automatically.

Treat the signatory list as a live output of the DOA, not a standalone spreadsheet. When a delegation expires, an officer changes, or an entity is added, the list updates and stale signing authority is retired.

Connect to the systems where contracts are routed and signed.

Connect Aptly to your CLM and e-signature tools through its integration platform, so the authority to approve and to sign is supplied into the systems where contracts are routed and executed, and a contract reaches an approver who holds approval authority and a signer who holds binding authority for that entity and value.

Prove both held authority.

Every approval, delegation, acceptance, and signatory confirmation is logged with actor, limit, condition, and timestamp, so you can show who was authorized to approve and to bind on the exact date a contract was executed.

Define the two rights once, keep the signatory list live, and every contract carries proof that the right people approved and signed it.

The Platform

The platform behind every authorized signature.

Signatory Management

Available

Keep a validated, always-current list of who can bind each entity, with specimen signatures, the resolution or power of attorney behind each authority, and automatic retirement when delegations or officers change.

Learn more →

Delegation of Authority

Available

Hold approval authority as structured, versioned records, with limits, conditions, and roles, so the right to greenlight a deal is explicit, tracked, and distinct from the right to sign it.

Learn more →

Authority Hub

Available

See approval and signature authority across every entity and connected application from one dashboard, kept in step with the CLM and e-signature tools you connect through Aptly's integration platform, with immutable action and audit logs for every contract executed.

Learn more →

Decision Compass

In Preview

Give deal owners and legal instant, policy-aligned answers on who can approve a deal and who can sign it for a given entity, with every request checked against current approval and signature authority.

Learn more →

What Binds

What makes a signature actually bind.

An electronic signature can be valid and still not bind your company. Validity comes from e-signature law; binding comes from authority. Aptly governs the authority behind the signature and maps it to the corporate-law realities that decide whether a contract holds:

Agency law

Actual vs. apparent authority.

A contract can bind a company through actual authority (formally conferred) or apparent authority (a counterparty reasonably relying on the company's own conduct), and a signature from someone without authority can leave the agreement contestable or expose the signer personally. A current, enforced signatory list keeps the company bound only where it intends to be.

US, UK (indoor-management rule), EU, and APAC agency-law doctrine.

Corporate law

Board-delegated signing authority.

Signing authority traces to board resolutions, bylaws, and powers of attorney, and corporate statutes set how a company executes a binding instrument. Aptly keeps every signatory linked to the resolution or delegation behind their authority, with version history and effective dates.

e.g. California Corporations Code §313; UK Companies Act 2006 s.44; Australia Corporations Act 2001 s.127.

E-signature law

An e-signature is not signing authority.

ESIGN and UETA in the US, eIDAS in the EU, and electronic-transactions acts across the UK and APAC make an electronic signature legally valid and non-deniable for being electronic. None of them establishes that the signer was authorized to bind the entity. Aptly supplies and records that authority into the tools where signatures are captured.

ESIGN, UETA (US); eIDAS (EU); electronic-transactions acts (UK, APAC).

Bank mandates

Bank mandates and KYC.

Every entity with a bank account maintains authorized-signatory mandates and specimen signatures that banks verify. Aptly keeps those lists current and provable as officers and entities change, so you can show a bank exactly who is authorized today.

Authorized-signatory mandates; specimen signatures; KYC.

For public companies, authorization is also a core internal control over financial reporting under SOX §404.

Legal and framework references last verified June 2026. General explanation, not legal advice; corporate-authority and e-signature rules vary by jurisdiction.

See how approval and signature authority map from board resolution to executed contract →

Validity comes from e-signature law. Binding comes from authority. Aptly governs the authority, so the contracts you sign actually hold.

Proof

What it looks like when approval and signature stay distinct.

A regional commercial lead at Meridian Industries negotiated a multi-year customer agreement and wanted to close it before quarter-end. Under the old way of working, they would simply have signed it: they owned the deal, so they signed the deal, without anyone checking whether they held the authority to bind the company to a 30-month, $4.5M commitment.

$4.5M ACV, 30-month term. Any term beyond 12 months requires General Counsel co-sign.

Approval routed to authority

The Chief Revenue Officer holds revenue-side approval authority at $4.5M.

Condition enforced

A standing rule requires General Counsel co-sign for any term beyond 12 months.

Authorized signatory confirmed

The General Counsel co-signs as authorized signatory; the CFO is notified per the >$1M rule.

Approver, condition, and authorized signatory, all logged at execution. Had the deal been routed to someone without binding authority, Aptly would have flagged it Out of Authority and escalated before any signature was placed.

Illustrative scenario based on Aptly's canonical Meridian Industries dataset. Not a real customer.

FAQ

Questions legal and commercial teams ask before signing.

What's the difference between approval authority and signature authority?

Approval authority is the internal right to greenlight a deal's commercial terms, usually up to a financial limit and subject to conditions. Signature authority is the formal, often board-conferred power to legally bind the entity to a contract. They frequently sit with different people: a commercial owner can approve a deal they have no authority to sign. Aptly holds both as distinct, enforced rights and confirms each at execution.

Who can sign a contract on behalf of a company?

Only a person with authority to bind the entity, typically a director or officer named in the corporate records, or an attorney-in-fact acting under a power of attorney or a board resolution that confers signing authority for that type and value of commitment. Who holds that authority changes with leadership and restructuring, which is why an authorized-signatory list has to be kept current rather than maintained as a static document.

What makes a contract signer authorized?

The signer's authority must trace to a valid source (a board resolution, a power of attorney, or a signing policy) that grants the right to bind the entity for that contract's type and value, and that authority must be in effect on the date of signing. Aptly keeps that chain explicit: every authorized signatory links to the resolution or delegation behind their authority, with version history and effective dates.

What is the difference between actual and apparent authority?

Actual authority is power the company has formally given the signer. Apparent authority is power a counterparty reasonably believes the signer has, based on the company's own conduct, even if it was never formally granted, and it can bind the company anyway. The principle runs through US, UK, EU, and APAC law. Keeping the authorized-signatory list current and enforced reduces the gap between the two, so the company is bound only where it intends to be. (General explanation, not legal advice; consult counsel for your jurisdiction.)

Is an electronic signature enough to bind the company?

A valid electronic signature makes the signature itself legally effective under laws like ESIGN, UETA, and eIDAS, but it does not establish that the signer had authority to bind the company. A perfectly valid e-signature from someone without signing authority still leaves the contract open to challenge. Aptly governs the authority behind the signature, so the people signing in your CLM and e-signature tools are the people authorized to bind.

Does Aptly replace our CLM or e-signature tool?

No. Aptly governs who is authorized to approve and to bind; your CLM routes the contract and your e-signature tool captures the signature. Aptly connects to those tools through its integration platform and records that both the approver and the signer held authority, so the systems you already use execute only contracts that the right people approved and the right people signed.

Home

Product

Aptly Overview

Delegation of Authority

Signatory Management

Authority Hub

Integrations

Resources

Blog

FAQs

Help Center

Pricing

Company

About

Services

Careers

Contact Us

Govern who can approve, and who can sign.

A signature isn't the same as the authority to sign.

Two rights, one authority layer.

From approval to binding signature, in four steps.

The platform behind every authorized signature.

What makes a signature actually bind.

Actual vs. apparent authority.

Board-delegated signing authority.

An e-signature is not signing authority.

Bank mandates and KYC.

What it looks like when approval and signature stay distinct.

Questions legal and commercial teams ask before signing.

Built to work with the rest of your authority program.

See who can approve, and who can actually sign.

Getting Decision Rights Right.