ALTA Publishes Major Revision to Best Practices

January 24, 2023

Changes to the ALTA Title Insurance and Settlement Company Best Practices have been published and go into effect May 23, 2023.

Title and settlement companies may implement the new version of the Best Practices whenever they are ready. Any assessments—whether first-time assessments or renewals—performed after the effective date should use the version 4.0 framework.  

The revisions have been made with the specific objective of allowing title agents and direct operations to continually improve their practices and procedures to ensure financial, data security and operational stability, and to provide lenders and other constituents with the assurances that their needs are being fulfilled by these efforts.

Changes include:

  • Pillar 1 (Current Licenses):
    • Revisions to language for clarity and alignment with new defined terms.
  • Pillar 2 (Escrow Accounting):
    • Purpose section is updated to note that the Loss of Funds may fall outside of E&O Insurance coverage.
    • Updates to the treatment of non-settled funds and outstanding file balances, following state good funds laws.
    • Control the use of fintech application.
    • Ensure that third party earnest money platforms for receiving or disbursing escrow funds meet Good Funds law requirements and not subject to EFTA, verification of outgoing wire transfers including MFA and similar to ALTA’s outgoing Wire Preparation Checklist.
    • Extend the background check refreshes beyond those employees having access to customer funds to include all employees.
    • Review of Escrow file balances older than six months and manager approval of activity.
    • Use of wire verification services.
    • Use of manual or electronic methods for daily reconciliation, and specific action of identification and investigation of discrepancies.
  • Pillar 3 (Privacy and Information Security Programs to protect NPI):
    • Use of the defined term “WISP” to identify the written information security plan.
    • Use of specific measures to protect both NPI and company systems by including MFA (expanded beyond use with remote systems), a password management plan, and software updates.
    • Require background checks for employees not just for access to NPI, but also for access to systems, and include service providers.
    • Explicitly specify that physical forms of NPI must also be protected.
    • Extend network security requirements to the use of cloud systems, virtual equipment, data centers, and hosting by third parties.
    • Inclusion in the DR/BC plan occurrence where there is a compromise of systems or facilities.
    • Include in the definition the continuity of operations for Consumer Settlements along with timely notifications of delay.
    • Expand the scope of the written response plan from compromises of NPI now to any cybersecurity incident.
    • Specify that service providers required to be consistent with the Company’s WISP also include IT consultants, outsourcing company employees, and third-party software employees.
    • Extend the need to be consistent with the Company’s WISP to software tools that may have access to NPI, along with other systems that may provide an inadvertent gateway to the Company systems (such as security systems, guest Wi-Fi, smart devices, and personal devices.
  • Pillar 4 (Settlement):
    • Include establishing “consumer objectives” with the training of staff.
    • Disclosure of Affiliated Business Arrangements.
    • Establishment and implementation of procedures related to closing documents.
    • Delineate expanded best practices requirements for internal and external signing professionals, including:
      • Background Checks for employee signing professionals,
      • Proof of E&O and Notary coverage if required by state law or the title insurer.
    • Included requirements related to remote notarization and e-recording vendors.
    • Require compliance with Escrow Trust Account procedures and controls, including e-recording accounts, for recording fees and taxes upon recording.
  • Pillar 6 (Insurance and Fidelity Coverage):
    • Cyber, Crime, and E&O coverage limits and exceptions should now be reviewed with the Company’s insurance broker or agent at least yearly.

As part of this revision, ALTA also is publishing the following ALTA Best Practices Framework documents:

    1. The Best Practices Assessment Procedures
    2. The Internal Assessment Report and Letter
    3. The Third-Party Assessment Report 

The Best Practices Framework and Assessment Procedures are available to the public, but the Internal Assessment Report and Letter, and Third-Party Assessment Report are only available to ALTA members and non-members who have purchased access to this Best Practices collection. 


Contact ALTA at 202-296-3671 or communications@alta.org.