Implementing ALTA Best Practices for Settlement Fund Security
ALTA Best Practices certification is voluntary, but try telling that to a lender who requires it before they'll add you to their approved vendor list. The…

ALTA Best Practices certification is voluntary, but try telling that to a lender who requires it before they'll add you to their approved vendor list. The framework exists because lenders bear regulatory responsibility for the third-party vendors they use, and they want evidence that your office has real controls over settlement funds.
This guide covers the seven pillars, with a focus on the three that govern fund security: escrow trust account controls, information security, and insurance coverage. You'll also find the specific procedures assessors look for and how to build controls that hold at the moment funds leave the account.
What ALTA Best Practices requires for settlement fund security
ALTA Best Practices is a voluntary framework from the American Land Title Association. It helps title and escrow companies show lenders they have real controls in place. For settlement fund security, the framework requires daily three-way account reconciliation, written wire transfer verification procedures, and documented controls over who can authorize disbursements.
Why does this matter to lenders? They bear regulatory responsibility for the third-party vendors they use. When your office handles a lender's transaction, the lender wants evidence that you have appropriate controls. ALTA Best Practices gives you a standardized way to show that evidence.
The seven pillars and which ones govern settlement funds
ALTA Best Practices organizes requirements into seven pillars. Three of them directly govern settlement fund security: Pillar 2 (escrow trust account controls), Pillar 3 (information security), and Pillar 6 (insurance coverage).
Pillar 1 licensing
Current state licenses for conducting title insurance and settlement services.
Pillar 2 escrow trust account controls
Written procedures, reconciliation, and controls over escrow funds. This is the primary pillar for settlement fund security.
Pillar 3 information and wire security
Protection of non-public personal information and secure handling of wire instructions.
Pillar 4 settlement procedures
Compliance with federal and state consumer financial protection laws during closing.
Pillar 5 policy production
Title policy issuance, delivery, and premium remittance.
Pillar 6 insurance and fidelity coverage
Professional liability insurance and fidelity bonds to protect against employee theft and errors.
Pillar 7 consumer complaints
Written procedures for handling and resolving consumer complaints.
Pillar 2 controls for escrow trust accounts
Pillar 2 is where most settlement fund security requirements live. The framework expects written procedures that allow for electronic verification of reconciliation, along with documented controls over who can move money and how.
Three-way reconciliation
Three-way reconciliation means matching three numbers: the bank statement balance, the book balance (your accounting records), and the file balance (the sum of what each open file owes). When all three match, you know funds are where they belong.
ALTA expects offices to reconcile on at least a daily basis. The dated report is the artifact assessors look for, not just the act of reconciling.
Segregation of duties on disbursements
The person who initiates a wire or check is not the same person who approves it. This separation prevents a single employee from moving funds without oversight.
If one person handles both functions, that gap will appear during an assessment.
Positive pay and ACH blocks
Positive pay is a bank service that matches checks presented for payment against a list of checks your office actually issued. If a check does not match, the bank flags it before paying. ACH debit blocks prevent unauthorized electronic debits from pulling funds out of the escrow account.
Both are bank-level controls that offices configure and then document in their procedures.
Wire transfer authorization and verification
Before sending a wire, the office verifies the instructions by calling the recipient at an independently sourced phone number. "Independently sourced" means a number the office already has on file or can verify through a trusted source, not a number that appeared in the wire instruction itself.
This callback verification is where the moment of release matters most. ALTA expects a written procedure describing how verification happens and who is authorized to approve the wire after verification.
Background checks on signatories
Employees with access to escrow funds or signing authority undergo background checks. This applies to new hires and, depending on office policy, periodically to existing employees.
Pillar 3 information security controls for wire and settlement data
Pillar 3 protects the information used to authorize fund movements. A compromised email or exposed wire instruction is a fund security risk even if the escrow account itself is secure.
Non-public personal information handling
Non-public personal information (NPI) includes social security numbers, financial account numbers, and other data that could be used for identity theft or fraud. ALTA expects a written information security program that complies with Gramm-Leach-Bliley Act requirements and applicable state privacy laws.
Restricted access to wire instructions
Only authorized personnel see or handle wire routing details. Role-based access means the receptionist does not have the same access as the escrow officer handling the file.
Offices maintain logs showing who accessed sensitive data and when. Logs become evidence during an assessment.
Secure delivery and clean desk practices
Wire instructions and other sensitive documents travel through secure channels, whether encrypted email, a secure portal, or hand delivery. Printed wire instructions do not sit on desks where visitors can see them.
Pillar 6 insurance and fidelity coverage requirements
Even with controls in place, losses can occur. Pillar 6 requires professional liability (E&O) insurance and fidelity coverage, which protects against employee dishonesty.
Many lenders require specific coverage minimums as a condition of doing business. A gap between policy renewals creates exposure that assessors will flag.
No-bypass controls at the moment of release
ALTA Best Practices sets the standard. Your office operationalizes it. The risk point is the moment funds leave the account, and that moment is where controls either hold or fail.
A covered money instruction is any instruction that, if followed, moves settlement funds. The question is whether the office can show what it relied on before it acted.
Step 1 define covered money instructions
The office identifies which fund movements require formal review. Common starting points:
- Seller proceeds: The largest disbursement on most files
- Payoff demands: Funds going to existing lienholders
- Earnest money refunds: Funds returning to buyers when transactions fail
The office chooses what to cover based on risk.
Step 2 normalize evidence into source rows with limitations
Each piece of evidence (callback confirmation, payoff statement, wire instruction) becomes a documented source. Each source has limitations: what it proves and what it does not prove.
A callback to a known number confirms the recipient answered. It does not confirm the recipient is who they claim to be. Making that limitation visible creates traceability.
Step 3 require a current review record before release
No covered instruction proceeds without documented review. The review record shows what was checked, by whom, and when. This is the artifact that proves compliance during an assessment.
If the record is missing, the release is blocked. If the record exists, the file shows what the office relied on.
Step 4 stale records on material change
When a file value changes after review (wire amount changes, routing number updated), the prior review no longer supports the current instruction. The record goes stale.
A stale record requires a new review before the release can proceed.
Step 5 route exceptions to a named approver
When policy cannot be followed (missing callback, unusual instruction), the action requires explicit owner or manager approval. The exception, reason, and approver are documented on the file. No silent bypass.
Evidence and review records assessors and underwriters expect
During an assessment, the assessor looks for artifacts that prove controls are configured and followed.
| Assessment item | What the assessor looks for |
|---|---|
| Written procedures | Documented, current, accessible to staff |
| Reconciliation evidence | Dated reports showing three-way match |
| Wire verification | Callback logs with independent phone source |
| Exception handling | Documented approvals with reasons |
| Access controls | Logs showing who accessed sensitive data |
The common thread is documentation. A control that exists but leaves no record provides no audit evidence.
Handling exceptions without silent bypass
ALTA expects offices to have a process for when normal procedures cannot be followed. The key is documentation.
- Named exception: Documented, approved, and retained on the file
- Silent bypass: No record, no approval, no audit trail
Assessors look for evidence that exceptions are rare, justified, and visible. The exception path is not a workaround. It is a control that ensures unusual situations receive appropriate oversight.
Preparing for an ALTA Best Practices assessment
Assessments are typically conducted by independent third parties. The process follows a predictable pattern:
- Pre-assessment: Gather written procedures, insurance certificates, reconciliation samples, and access logs
- On-site or remote review: Assessor interviews staff, reviews documents, tests controls
- Report and remediation: Assessor identifies gaps; office addresses findings
- Certification: If requirements are met, office receives certification for that assessment period
Certification is point-in-time. It confirms the office met requirements during the assessment, not that it will meet them tomorrow.
Common implementation mistakes that weaken fund security
- Procedures exist but staff cannot locate them. Written procedures are accessible, not filed away.
- Reconciliation is performed but not documented. The act of reconciling without a dated report provides no audit evidence.
- Callback verification uses numbers from the wire instruction itself. Independent sourcing means using a known, pre-existing number.
- Exceptions are granted verbally. If there is no written record of the exception and approver, it did not happen for compliance purposes.
- Insurance coverage lapses between renewals. Pillar 6 requires continuous coverage.
The question is whether your current controls would satisfy ALTA Best Practices. Run a live transaction through your review process and ask: does the file show what the office relied on before it released funds?
Frequently asked questions about implementing ALTA Best Practices for settlement fund security
Is ALTA Best Practices certification legally required for title and escrow companies?
ALTA Best Practices certification is voluntary. However, many lenders require it as a condition of doing business, and underwriters may expect it for agency appointments.
How often do escrow trust accounts require reconciliation under ALTA Best Practices?
ALTA Best Practices requires timely reconciliation with written procedures. Most offices reconcile daily, though the framework does not mandate a specific frequency.
Does ALTA Best Practices address wire fraud prevention directly?
ALTA Best Practices covers wire security through Pillar 2 (verification procedures) and Pillar 3 (information security). It does not prescribe specific anti-fraud technologies.
Can software alone make an escrow office ALTA Best Practices compliant?
Software can support compliance by enforcing controls and producing audit records. The office remains responsible for written procedures, staff training, and documented policy decisions.
How do title underwriters verify ALTA Best Practices compliance for their agents?
Underwriters typically require agents to submit current assessment reports and insurance certificates. Some conduct their own audits or request control telemetry as part of agency agreements.
One page in the file before money moves.
Your office decides. Veto records what was reviewed, what stayed open, and who reviewed it.