Frequently Asked Questions
This information is not a substitute for legal advice, is for your reference only, and is not intended to represent the only approach to any particular issue. This information should not be construed as legal, financial or business advice, and users should consult legal counsel and subject-matter experts to be sure that the policies adopted and implemented meet the requirements unique to your company.
Is there a recommended “look back” period when performing a Best Practices assessment?
ALTA does not recommend a specific “look back” period for Best Practices assessments. When determining an appropriate look back period for assessments, it is important to consider the activity of the company to ensure there is a sufficient sample size of transactions to test for compliance with the Best Practices.
Does employee training on company policies and procedures need to be performed by a third party or can it be conducted internally from an experienced staff member?
Employee training may be conducted using whatever method the company determines best fits its needs, and such training methods should be noted in the company’s policies and procedures.
Best Practice Pillar #1: Licensing
How can I verify that a company is an active ALTA Policy Forms licensee?
Every ALTA Policy Forms licensee should have a copy of its license. Alternatively, you may contact ALTA at firstname.lastname@example.org to determine whether the company has an active Policy Forms License or applicable waiver. If a company is an active ALTA member, it will also have a current Policy Forms License. You may search for ALTA members by visiting http://www.alta.org/membership/directory.
Best Practice Pillar #2: Escrow Trust Accounting
I own a small firm and am not able to completely segregate reconciliation functions from disbursement functions. To help mitigate any risk associated with this overlap of duties, I maintain compensating controls to help ensure reconciliations and disbursements are properly conducted. Is this practice acceptable under the Best Practices?
Compensating controls may be acceptable to your customers; however, this practice does not meet the minimum standards of Pillar 2 of the Best Practices. Pillar 2 states that “Segregation of duties is in place to help ensure the reliability of the reconciliation and reconciliations are conducted by someone other than those with signing authority.” To test compliance with this provision of the Best Practices, the Best Practices Assessment Procedures require that “daily reconciliations of the receipts and disbursements and monthly Three-Way Reconciliations are prepared independently by someone not associated with the receipt and disbursement function” (emphasis added).
The segregation of duties requirement within the Best Practices is designed to deter mishandling of accounts and to allow the company to promptly detect errors. Given the importance of monitoring Escrow Trust Accounts, it is crucial that reconciliations be performed by a person or entity that is independent from the receipt and disbursement function in order for the company to comply with this aspect of the Best Practices. Companies may elect to engage a third party, such as a bookkeeper, or use a software program to prepare reconciliations. If a company does not use or engage an independent person or entity to perform reconciliations, the company may impose controls to help detect errors or concerns in the reconciliation process, though such controls would not render the company in compliance with this aspect of the Best Practices. ALTA recommends that you note any deviations from the Best Practices in any assessments conducted to ensure transparency regarding your company’s policies and procedures.
Neither my underwriter nor my state department of insurance considers funds held in recording accounts to be escrow funds. Do the ALTA Best Practices consider recording accounts to be Escrow Trust Accounts, requiring daily two-way reconciliations and monthly three-way reconciliations?
Yes, recording accounts are Escrow Trust Accounts because the funds in such accounts are held on behalf of third parties and are not property of the settlement company.
I am a solo-practicing attorney and I would like to add a non-employee attorney as an additional signatory to my real estate Interest on Lawyer Trust Account (IOLTA). This non-employee attorney does not have wire authority or the ability to access blank checks and only is authorized as a signatory on my IOLTA account. Is this permissible under Best Practices?
No, Pillar 2 of the ALTA Best Practices requires that companies “verify all signers…are actively employed” and thus engaging a non-employee signer for a fiduciary account is not permissible.
Best Practice Pillar #3: Protecting NPI
May I rely on a confidentiality agreement in lieu of performing independent due diligence on third parties that have access to NPI?
No, you may not use a confidentiality agreement in lieu of performing due diligence requirements on third parties with access to NPI. Pillar 3 of the ALTA Title Insurance and Settlement Company Best Practices requires that companies conduct “[o]versight of service providers… to help ensure compliance with Company’s information security program.” As part of this oversight, companies should take “reasonable steps to select and retain service providers that are capable of appropriately safeguarding NPI.”
The purpose of this provision of the Best Practices is to ensure that any third parties to whom the company provides customer NPI protects that NPI to the same extent as the company itself. Companies are expected to maintain controls to monitor the security procedures of third-party service providers, which can include, but are not limited to, reviewing background checks of third parties, reviewing audits of security tests, and viewing intrusion logs. Though companies may also elect to have third-party service providers enter into confidentiality agreements to prevent disclosure of company NPI, such agreements should not take the place of a thorough evaluation of the third-party service provider’s safeguarding of NPI.
The Best Practices requires that individuals authorized to access company NPI follow a “clean desk policy.” If I have the ability to lock my private office to prevent any unauthorized individuals from accessing NPI, must I also remove files containing NPI off my desk?
As long as the method selected by the company prevents any unauthorized individuals from viewing or accessing files containing NPI, the company has met this provision of the Best Practices.
To assist in closings, my company engages third-party signing professionals. These documents contain NPI of my company’s customers. Is my company required to perform any special due diligence to ensure that the third-party signing professionals we engage can adequately protect customer NPI?
Yes, the Best Practices have in place specific due diligence requirements a company must meet when engaging a third party that has access to NPI. When engaging a third-party signing professional who will have access to customer NPI, the company must meet the standards contained within Pillar 3 that pertain to oversight of service providers. Specifically, the Title Insurance and Settlement Company Best Practices states that the company must perform “Oversight of service providers, including third-party signing professionals, to help ensure compliance with Company’s information security program.” The Best Practices continues to state, “Companies should take reasonable steps to select and retain service providers that are capable of appropriately safeguarding Non-public Personal Information.” The Best Practices Assessment Procedures further details the testing criteria for determining whether the company meets this provision of the Best Practices. Such criteria can be found in Assessment Procedure 3.14.
My company uses the cloud to store company data, including data containing customer NPI. Is this practice prohibited by the ALTA Best Practices?
No, this practice is not prohibited. The ALTA Best Practices do not express a preference regarding technology or software providers, including the use of cloud technology. A company should perform due diligence on any third parties, including technology and software providers, to ensure those third parties protect the company's customer NPI to the same extent as the company itself.
Best Practice Pillar #4: Settlement Processes
The Best Practices require that I submit documents for recording within two business days of closing. For a variety of reasons, that is not always possible. Does this mean I fail this aspect of the Best Practices?
Not necessarily. Pillar 4 of the best practices requires that documents be “submit[ted] or ship[ped] … for recording within two business days of the later of (i) the date of Settlement, or (ii) receipt by Company if the Settlement is not performed by Company.” In the context of Pillar 4, the “date of Settlement” should be viewed as the date that the closing occurred—that is, the date that any conditions that must occur prior to recording a document are completed. Only once the transaction is complete, and the documents are ready to be recorded, will the two-day timeframe for recording be triggered. ALTA recommends that companies outline the prerequisites to recording, along with any statutory or regulatory requirements for recording, within the company’s policies and procedures.
If a lender or a customer directs my settlement company to send closing documents to a third-party signing professional, is my company required to perform any specific level of due diligence on the third-party signing professional?
No, the Best Practices do not require the company to perform any specific due diligence requirements when the lender or customer selects the third-party signing professional. Pillar 4 of the Title Insurance and Settlement Company Best Practices states, “In the event that a third-party signing professional is contractually retained by anyone other than Company (including the buyer or seller), the responsibility for verifying that the third-party signing professional meets applicable standards rests with that party.”
Many customers are unlikely to cash small refund checks (i.e., checks under $10.00). My company would like to establish a policy to allow customers to direct us in the handling of refunds under a nominal, predetermined amount. Do the ALTA Best Practices provide any guidelines on refunds under a predetermined amount?
No, the ALTA Best Practices do not provide specific guidelines for issuing refunds under a certain predetermined amount. Pillar 4 of the Best Practices requires companies to issue refunds upon discovery regardless of the refund amount.
Best Practice Pillar #7: Consumer Complaints
What constitutes a “complaint”?
The term “complaint” is not defined within ALTA’s Best Practices; however, ALTA recommends that companies define the term within their policies and procedures. When defining the term, ALTA recommends that companies consider definitions that are common in the market, including definitions from their state regulators, lender partners, or other title insurance and settlement companies.
My company has never received a complaint. Do I still need to maintain a complaint log?
The ALTA Best Practices requires that companies develop a standard consumer complaint form and maintain a log of consumer complaints that includes whether and how the complaint was resolved. If you have not received a complaint, your company should still have in place policies and procedures for handling a complaint. Your company may also want to consider how it communicates with consumers to determine whether there are undocumented complaints.
To help ensure industry receives consistent guidance about the Best Practices, ALTA will be publishing answers to frequently asked questions on its FAQ Portal. If you do not see an answer to your question, you can fill out the FAQ Question Form below.