An email is sent to the requester as part of the auth policy work, but this did not include contract auth (4 eyes) as that was not a developed feature at the time.

A new email should be created that can be sent to the requester with the result of a contract auth result (accepted or rejected) and should include any notes about the reasons.