ALTA Best Practices Revisions Go Into Effect
May 9, 2023
New digital payment options, increasing fraud threats and new regulations and laws, as well as changes to business and market needs led to recent revisions of the ALTA Title Insurance and Settlement Company Best Practices.
The changes, which go into effect May 23, are focused on the continual improvement to operations and primarily involve escrow accounting, and privacy and information security programs to protect non-public information, as well as an overhaul to enhance the closing and settlement process.
New documents available to ALTA members and Best Practices subscribers to assist with implementation include:
- Pillar 1-7 Assessment Readiness Guide
- Policy and Procedure Creation Guidance
- Policy and Procedures Sample Table of Contents
- Template for Policy and Procedures
These documents are available here. Login is required to access the documents.
The revisions have been made with the specific objective of allowing title agents and direct operations to continually improve their practices and procedures to ensure financial, data security and operational stability, and to provide lenders and other constituents with the assurances that their needs are being fulfilled by these efforts.
Any assessments—whether first-time assessments or renewals—performed after the effective date should use the framework.
- Pillar 1 (Current Licenses):
- Revisions to language for clarity and alignment with new defined terms.
- Pillar 2 (Escrow Accounting):
- Purpose section is updated to note that the Loss of Funds may fall outside of E&O Insurance coverage.
- Updates to the treatment of non-settled funds and outstanding file balances, following state good funds laws.
- Control the use of fintech application.
- Ensure that third party earnest money platforms for receiving or disbursing escrow funds meet Good Funds law requirements and not subject to EFTA, verification of outgoing wire transfers including MFA and similar to ALTA’s outgoing Wire Preparation Checklist.
- Extend the background check refreshes beyond those employees having access to customer funds to include all employees.
- Review of Escrow file balances older than six months and manager approval of activity.
- Use of wire verification services.
- Use of manual or electronic methods for daily reconciliation, and specific action of identification and investigation of discrepancies.
- Pillar 3 (Privacy and Information Security Programs to protect NPI):
- Use of the defined term “WISP” to identify the written information security plan.
- Use of specific measures to protect both NPI and company systems by including MFA (expanded beyond use with remote systems), a password management plan, and software updates.
- Require background checks for employees not just for access to NPI, but also for access to systems, and include service providers.
- Explicitly specify that physical forms of NPI must also be protected.
- Extend network security requirements to the use of cloud systems, virtual equipment, data centers, and hosting by third parties.
- Inclusion in the DR/BC plan occurrence where there is a compromise of systems or facilities.
- Include in the definition the continuity of operations for Consumer Settlements along with timely notifications of delay.
- Expand the scope of the written response plan from compromises of NPI now to any cybersecurity incident.
- Specify that service providers required to be consistent with the Company’s WISP also include IT consultants, outsourcing company employees, and third-party software employees.
- Extend the need to be consistent with the Company’s WISP to software tools that may have access to NPI, along with other systems that may provide an inadvertent gateway to the Company systems (such as security systems, guest Wi-Fi, smart devices, and personal devices.
- Pillar 4 (Settlement):
- Include establishing “consumer objectives” with the training of staff.
- Disclosure of Affiliated Business Arrangements.
- Establishment and implementation of procedures related to closing documents.
- Delineate expanded best practices requirements for internal and external signing professionals, including:
- Background Checks for employee signing professionals,
- Proof of E&O and Notary coverage if required by state law or the title insurer.
- Included requirements related to remote notarization and e-recording vendors.
- Require compliance with Escrow Trust Account procedures and controls, including e-recording accounts, for recording fees and taxes upon recording.
- Pillar 6 (Insurance and Fidelity Coverage):
- Cyber, Crime, and E&O coverage limits and exceptions should now be reviewed with the Company’s insurance broker or agent at least yearly.
As part of this revision, ALTA also is publishing the following ALTA Best Practices Framework documents:
- The Best Practices Assessment Procedures
- The Internal Assessment Report and Letter
- The Third-Party Assessment Report
The Best Practices Framework and Assessment Procedures are available to the public, but the Internal Assessment Report and Letter, and Third-Party Assessment Report are only available to ALTA members and non-members who have purchased access to this Best Practices collection.
Contact ALTA at 202-296-3671 or email@example.com.