As per the email and digitally signed document you have received, Nyrstar confirms that official banking details for our entities have changed.
Kindly ignore any other form of communication about change in the bank details from any source other than the PDF that has been digitally signed by Kevin Quaak.
Any banking details communication that is not sent from Nyrstar and that is not in a digitally signed PDF you should treat as highly suspicious. Please forward any such communication to compliance.officer@nyrstar.com.
Instructions on how to validate the digital signature, to verify the PDF is a legitimate communication, is as follows.
An Introduction to Nyrstar Electronic Signatures
Nyrstar has implemented digital document signing with Qualified Electronic Signatures, the highest level of trustworthiness and evidentiary value. All signed documents on bank SSI’s that you receive from Nyrstar should be signed to this level.
Treat anything signed to a different level as suspicious and forwarded to compliance.officer@nyrstar.com.
How to check Digital Signature validity
To establish the validity of the Digital Signature, open the signed PDF document with the Adobe Acrobat Reader program, which is available free of charge from the Adobe.com website.
As a first indicator that the document is valid, you will see that the document status is "Signed and all signatures are valid", indicated with 1 in Figure A below. To complete verifying the validity of the document, check the details of the signatures by clicking on the Signature Panel, indicated with 2 in the below.
1. Checking the Signature Panel
The Signature Panel will indicate validity of signature(s) and key properties of the certificates.
As per the example below, check that the Source of Trust is from "European Union Trusted Lists (EUTL)" and that it states “This is a Qualified Electronic Signature according to EU Regulation 910/2014”. An example of the correct information is indicated by (3) and (4) in the figure below.
The names of the signatory on the letter you receive MUST match the list of digital signatures in the document’s Signature Panel on Adobe Acrobat.
2. Verifying Signing Certificate details
You may also examine details of the signing certificate to confirm that it is issued by the expected certificate authority. To do this, navigate to certificate details link by expanding Signature Details (1) and clicking on the Certificate details link (2) indicated in Figure C below.
Clicking on the "Certificate Details" link will open a dialog box, as shown in Figure D below. Please check that the Certification path (1) and Issued by field (2) both indicate “TrustPro Qualified CA 1”, and that the values for (3) and (4) match what is shown below.
In example, for (3), your document should also say “This certificate is Qualified according to EU Regulation 910/2014 Annex I” and for (4), “The private key related to this certificate resides in a Qualified Signature Creation Device”.
What to do if the signature does not show as valid
If Adobe Acrobat Reader does not reflect that the signatures are valid, try the troubleshooting guidance below.
In order for the signatures to be validated by Adobe Acrobat, the trusted certificates must be loaded.
To verify that the trusted certificates are loaded in Adobe Acrobat, go to Edit > Preferences > Trust Manager. In the dialog box, verify that both “Load trusted certificates from an Adobe AATL server” and “Load trusted certificates from an Adobe EUTL server” settings are selected. Refer to the figure below.
If they are not checked, please select both options and refer to the Signature Panel again to verify the validity of the signatures.
If the above information does not resolve the signature validity issue, please contact compliance.officer@nyrstar.com for additional support.
What to do if the signature still does not show as not valid, or is issued by incorrect authority or the signatory name do not match
Contact compliance.officer@nyrstar.com and send the document so we can investigate. To facilitate a thorough investigation, please do also include (as an attachment) the email in which you received the suspicious document.
