Frequently Asked Questions + Get Help
This information is not a substitute for legal advice, is for your reference only, and is not intended to represent the only approach to any particular issue. This information should not be construed as legal, financial or business advice, and users should consult legal counsel and subject-matter experts to be sure that the policies adopted and implemented meet the requirements unique to your company.
Is there a recommended “look back” period when performing a Best Practices assessment?
ALTA does not recommend a specific “look back” period for Best Practices assessments. When determining an appropriate look back period for assessments, it is important to consider the activity of the company to ensure there is a sufficient sample size of transactions to test for compliance with the Best Practices.
Does employee training on company policies and procedures need to be performed by a third party or can it be conducted internally from an experienced staff member?
Employee training may be conducted using whatever method the company determines best fits its needs, and such training methods should be noted in the company’s policies and procedures.
According to the ALTA Best Practices Assessment Guide and FAQ Resource, it is recommended that the ALTA cert be renewed every 24 months. Are there repercussions if there is a month gap (25 months)?
The 24 month timeline is suggested by ALTA. However, each lender and underwriter requiring a ALTA Best Practices certification letter is free to choose a shorter or longer timeline. Given the importance of updates in each revision of Best Practices, it may be worth considering addressing the changes reflected in the updates before the 24 month certification timeline.
Does ALTA provide any type of badge or other designation that a company is compliant with the Best Practices?
No, ALTA does not conduct any assessment or certification services, and does not have a badge or similar designation to indicate that a company is Best Practices compliant.
Whom should I send my assessment and certification to once my company completes these documents?
You should send any evidence of your assessment and certification to your lender partners or underwriter, if requested. You do not send a copy to ALTA.
Does ALTA perform any Best Practices assessments?
No, ALTA does not perform any Best Practices assessments, nor does ALTA certify any company’s compliance with the Best Practices. However, ALTA does provide a number of tools to help companies and third parties conduct assessments.
How can I verify that a company is an active ALTA Policy Forms licensee?
Every ALTA Policy Forms licensee should have a copy of its license. Alternatively, you may contact ALTA at firstname.lastname@example.org to determine whether the company has an active Policy Forms License or has obtained an applicable waiver.
If a company is an active ALTA member, it will also have a current Policy Forms License. You may search for ALTA members by visiting http://www.alta.org/membership/directory.cfm.
Does Best Practice Pillar 1 require licensing of an individual who is engaged in the sale, preparation or issuance of title insurance – or the settlement of real estate transactions if the state where these activities are performed does not require such a license?
No, the licensing requirements of Best Practices Pillar 1 are applicable to business entities and to individuals working in states where individual licensure is required.
I own a small firm and am not able to completely segregate reconciliation functions from disbursement functions. To help mitigate any risk associated with this overlap of duties, I maintain compensating controls to help ensure reconciliations and disbursements are properly conducted. Is this practice acceptable under the Best Practices?
Compensating controls may be acceptable to your customers; however, this practice does not meet the minimum standards of Pillar 2 of the Best Practices. Pillar 2 states that “Segregation of duties is in place to help ensure the reliability of the reconciliation and reconciliations are conducted by someone who does not have signing or disbursing authority.”
The segregation of duties requirement within the Best Practices is designed to deter mishandling of accounts and to allow the company to promptly detect errors. Given the importance of monitoring Escrow Trust Accounts, it is crucial that reconciliations be performed by a person or entity that is independent from the receipt and disbursement function in order for the company to comply with this aspect of the Best Practices. Companies may elect to engage a third party, such as a bookkeeper, or use a software program to prepare reconciliations. If a company does not use or engage an independent person or entity to perform reconciliations, the company may impose controls to help detect errors or concerns in the reconciliation process, though such controls would not render the company in compliance with this aspect of the Best Practices. ALTA recommends that you note any deviations from the Best Practices in any assessments conducted to ensure transparency regarding your company’s policies and procedures.
Neither my underwriter nor my state department of insurance considers funds held in recording accounts to be escrow funds. Do the ALTA Best Practices consider recording accounts to be Escrow Trust Accounts, requiring daily two-way reconciliations and monthly three-way reconciliations?
Yes, recording accounts are Escrow Trust Accounts because the funds in such accounts are held on behalf of third parties and are not property of the settlement company.
I am a solo-practicing attorney and I would like to add a non-employee attorney as an additional signatory to my real estate Interest on Lawyer Trust Account (IOLTA). This non-employee attorney does not have wire authority or the ability to access blank checks and only is authorized as a signatory on my IOLTA account. Is this permissible under Best Practices?
No. Pillar 2 of the ALTA Best Practices requires that transactions "are conducted by authorized employees only," and thus engaging a non-employee signer for a fiduciary account is not permissible.
Does ALTA Best Practices allow for automatic ACH account debits for eRecording fees?
Some eRecording vendors require clients to allow recording fees to be automatically debited from their accounts via ACH. Under ALTA Best Practices Pillar 2, a Company must prohibit or control the use of ACH transactions. An appropriate control includes, but is not limited to, the establishment of a separate recording fee disbursement account. In working with an eRecording vendor, a Company should establish specific controls for the use of ACH to ensure that only the eRecording vendor can debit funds from the Escrow Trust Account and that those debits are for the correct amount. Also, be cognizant of the EFTA related controls, which may impact ACH transfers, as found in Best Practices.
What is the Best Practices position on International Wires?
If there is a business need to send an international wire, Pillar 2 states that you must have policies and procedures in place that prohibit or control the use of international wire transfers to protect against unauthorized transactions. We recommend caution with all wires, including international wires, and it is a recommendation that wire transfer verification services may provide additional safety.
May I rely on a confidentiality agreement in lieu of performing independent due diligence on third parties that have access to NPI?
No, you may not use a confidentiality agreement in lieu of performing due diligence requirements on third parties with access to NPI. Pillar 3 of the ALTA Title Insurance and Settlement Company Best Practices requires that companies "Select service providers and third-party systems whose information security policies are consistent with Company’s WISP."
The purpose of this provision of the Best Practices is to ensure that any third parties to whom the company provides customer NPI protects that NPI to the same extent as the company itself. Companies are expected to maintain controls to monitor the security procedures of third-party service providers, which can include, but are not limited to, reviewing background checks of third parties, reviewing audits of security tests, and viewing intrusion logs. Though companies may also elect to have third-party service providers enter into confidentiality agreements to prevent disclosure of company NPI, such agreements do not take the place of a third-party service provider’s compliance with the Company's WISP.
The Best Practices requires that individuals authorized to access company NPI follow a “clean desk policy.” If I have the ability to lock my private office to prevent any unauthorized individuals from accessing NPI, must I also remove files containing NPI off my desk?
As long as the method selected by the company prevents any unauthorized individuals from viewing or accessing files containing NPI, the company has met this provision of the Best Practices.
To assist in closings, my company engages third-party signing professionals. These documents contain NPI of my company’s customers. Is my company required to perform any special due diligence to ensure that the third-party signing professionals we engage can adequately protect customer NPI?
Yes, the Best Practices have in place specific due diligence requirements a company must meet when engaging a third party that has access to NPI. When engaging a third-party signing professional who will have access to customer NPI, the company must meet the standards contained within Pillar 3 that pertain to oversight of service providers. Specifically, Pillar 3 states that the Company must "Select service providers and third-party systems whose information security policies are consistent with Company’s WISP."
In addition, Pillar 4 requires the following oversight for signing professionals: "Establish and implement written procedures to monitor and verify that all signing professionals possess the appropriate state licensing and insurance to notarize documents (both in person and remotely, if applicable), conduct the Settlement (if applicable), and safeguard NPI. These requirements are determined by a mix of legal and contractual obligations, including state regulations and Title Insurer requirements and restrictions."
My company uses the cloud to store company data, including data containing customer NPI. Is this practice prohibited by the ALTA Best Practices?
No, this practice is not prohibited and in fact is commonly utilized. The ALTA Best Practices do not express a preference regarding technology or software providers, including the use of cloud technology. A company should perform due diligence on any third parties, including technology and software providers, to ensure those third parties protect the company's customer NPI to the same extent as the company itself.
Does Best Practice Pillar 3 – or any other Best Practice - prohibit the sharing of consumer data with vendors? And, what obligations exist if consumer data is shared with a vendor?
Our entire office is locked during off-business hours and we have an alarm system, but individual files are not locked in drawers or file cabinets. Is that acceptable?
Locking your office at night is sufficient when no person will have access during off-business hours. If cleaning people, security or other individuals are able to access your office during off-business hours then files should be locked up in a drawer, filing cabinet or separate file room that the cleaning people, security or other persons are not be able to access.
Should closing agents have a separate privacy notice from the one they issue on behalf of their underwriter?
Yes. Pillar 3 and Gramm Leach Bliley require title and settlement companies to provide their own privacy notices consistent with their unique operations, practices and usage of consumer data.
What is the industry standard on closing file retention?
There is no national industry standard on closing file retention, but Pillar 3 requires you to have a policy regarding record retention and disposal of information. In addition, various state laws, underwriting agreements, local customs and practices, legal advice and your own needs should guide your policy on closing file retention.
Does ALTA have a best practice or policy as it pertains to mobile device data security?
Yes, the standards in ALTA Best Practices Pillar 3 apply to any devices where NPI may be found.
Pillar 4 of Best Practices 4.0 refers to situations where a third-party signing professional is retained by a Consumer. Does this mean that a seller should always be permitted to select their own Notary?
No. Pillar 4 identifies who is responsible to oversee signing professionals, including third-party signing professionals (aka notaries). As stated in Pillar 4, if the Consumer (which includes a seller) in a transaction is being permitted to select their own notary, then the vetting of that notary remains with the party selecting the notary:
However, there are many instances where aspects such as the Title Agent’s internal policy or risk mitigation concerns, contractual requirements between a Title Agent and the Title Insurer, and/or requirements imposed by a lender, result in the seller, purchaser, or other ancillary parties to a transaction not being permitted to select their own notary and instead utilizing a Title Agent’s selection of a verified notary.
It is worthwhile for the Title Agent to review their contractual requirements with the Title Insurer, their own policies, and to actively address any concerns, including of potential seller impersonation and fraud (see, Red Flags and Tips to Help Prevent Seller Impersonation in Real Estate) that would drive a decision as to whether to permit any third party request to provide their own notary.
The Best Practices require that I submit documents for recording within two business days of closing. For a variety of reasons, that is not always possible. Does this mean I fail this aspect of the Best Practices?
Not necessarily. Pillar 4 of the best practices requires that documents be “Submit[ted] electronically or deliver documents for recording to the appropriate recording jurisdiction or the person or entity responsible for recording within two (2) business days of the later of: (i) the date of Settlement, or (ii) receipt by Company if the Settlement is not performed by Company.” In the context of Pillar 4, the “date of Settlement” should be viewed as the date that the closing occurred—that is, the date that any conditions that must occur prior to recording a document are completed. Only once the transaction is complete, and the documents are ready to be recorded, will the two-day time frame for recording be triggered. ALTA recommends that companies outline the prerequisites to recording, along with any statutory or regulatory requirements for recording, within the company’s policies and procedures.
If a lender or a customer directs my settlement company to send closing documents to a third-party signing professional, is my company required to perform any specific level of due diligence on the third-party signing professional?
No, the Best Practices do not require the company to perform any specific due diligence requirements when the lender or customer selects the third-party signing professional. Pillar 4 of the Title Insurance and Settlement Company Best Practices states, “For a third-party signing professional contractually retained by anyone other than Company (e.g., the lender, Consumer, or an attorney representing any of these parties), the responsibility for verifying that the third-party signing professional meets applicable standards rests with that party.”
Many customers are unlikely to cash small refund checks (i.e., checks under $10.00). My company would like to establish a policy to allow customers to direct us in the handling of refunds under a nominal, predetermined amount. Do the ALTA Best Practices provide any guidelines on refunds under a predetermined amount?
No, the ALTA Best Practices do not provide specific guidelines for issuing refunds under a certain predetermined amount. Pillar 4 of the Best Practices requires companies to issue refunds upon discovery regardless of the refund amount.
How is the two day recording timeframe calculated? Does the time frame include intervening weekend days or holidays? And, when does the timeframe start?
Documents must be submitted for recording by the end of the second day following the date of Settlement. For example, if the Settlement occurs on a Monday, the Best Practice requires the Company to submit documents for recording by close of business on Wednesday. If the Settlement occurs on a Thursday or Friday – or on a day immediately preceding a holiday when the recorder’s office is closed - the weekend days, or holiday day(s) are not included in the 2 day timeframe.
When a refund to a party to the transaction is necessary, how many days do I have to complete the refund?
The Best Practices in Pillar 4 do not provide a specific time frame for refunds. The company should define a reasonable time frame for refunds in its policies and procedures.
In order for my company to comply with Best Practices, is it sufficient to require our third-party signing professionals to maintain $1million of E&O insurance?
Best Practice Pillar 4 does not specify a minimum amount of E&O coverage to be required of third party signing professionals. Settlement companies should set their E&O minimums based on the state law requirements and other considerations appropriate under the circumstances.
Is Internet Liability/Cyber Risk insurance required or optional for ALTA Best Practices?
ALTA Best Practices Pillar 6 recommends cyber liability insurance, according to company size and settlement volume. Best Practice Pillar #6 requires that title companies have at a minimum errors and omissions insurance and fidelity or surety bonds as required by state law and that those insurances be adequate for the company's size and risk. With the greater level of cyber liability and crime coverage have become more important to the safety of operations.
Do ALTA Best Practices promote obtaining Kroll Bond Ratings?
There is nothing in Best Practices that requires or promotes the use of Bond Ratings.
What constitutes a “complaint”?
The term “complaint” is not defined within ALTA’s Best Practices; however, ALTA recommends that companies define the term within their policies and procedures. When defining the term, ALTA recommends that companies consider definitions that are common in the market, including definitions from their state regulators, lender partners, or other title insurance and settlement companies.
My company has never received a complaint. Do I still need to maintain a complaint log?
The ALTA Best Practices requires that companies develop a standard consumer complaint form and maintain a log of consumer complaints that includes whether and how the complaint was resolved. If you have not received a complaint, your company should still have in place policies and procedures for handling a complaint. Your company may also want to consider how it communicates with consumers to determine whether there are undocumented complaints.