ALTA Best Practices is the framework the title and settlement industry uses to document that an office holds settlement funds under controls a lender, underwriter, or examiner can evaluate. The American Land Title Association publishes it as a voluntary set of standards, but in practice many lenders require evidence of compliance before they will place orders with an agent, and underwriters often write it into agency agreements (ALTA Best Practices). What began as a self-governance tool has become a de facto condition of doing business.
This article walks through what the seven pillars ask of an office that handles settlement funds, which pillars bear most directly on fund security, and how to turn the documentation expectations into file-level records an examiner can actually inspect. The office decides. Veto records the review.
What ALTA Best Practices means for settlement fund security
A few terms first. ALTA is the American Land Title Association, the national trade association for the abstract and title insurance industry, founded in 1907 (ALTA Best Practices FAQ). Settlement funds are the money an escrow or settlement agent holds in trust for the parties to a real estate transaction: buyer purchase money, seller proceeds, lender disbursements, payoff funds, and broker commissions. Best Practices is ALTA's voluntary framework describing how a title and settlement company should license, account, secure, settle, produce, insure, and resolve.
The framework is voluntary in origin. ALTA itself states the Best Practices are a tool used at the discretion of each title insurer and title agent (ALTA Best Practices FAQ and Help). But because the CFPB treats settlement agents as service providers under federal consumer-finance law, and because lenders are accountable for the vendors they fund through, the discretion has narrowed. An office that cannot show its controls loses access to lender orders. Settlement fund security is the part of the framework where that pressure lands hardest, because it is where the money sits.
The seven pillars of ALTA Best Practices
ALTA organizes the framework into seven pillars. Only two bear directly on settlement fund security, but the office has to keep all seven current to stay in good standing with lenders and underwriters.
| Pillar | Focus Area | Relevance to Settlement Funds | | --- | --- | --- | | 1. Licensing | Establishment and maintenance of license and business authority | Indirect | | 2. Escrow Trust Accounts | Appropriate and effective escrow controls and staff training | Direct | | 3. Information Security | Privacy and information security programs | Direct | | 4. Settlement Procedures | Settlement processes and closing procedures | Moderate | | 5. Policy Production | Policy production and remittance of premiums | Indirect | | 6. Insurance Coverage | Professional liability and fidelity coverage | Indirect | | 7. Consumer Complaints | Consumer complaint resolution | Indirect |
### Pillar 1: Licensing and business authority
The office maintains the licenses and business authority required to operate in each jurisdiction where it closes files. A lapsed license puts every file at risk, but the pillar itself is administrative rather than operational.
### Pillar 2: Escrow trust account controls
The office segregates client funds in escrow or trust accounts, reconciles them, and controls who can move money out. This is the pillar most directly tied to settlement fund security, and the one an examiner interrogates first after a loss.
### Pillar 3: Privacy and information security
The office maintains a written information security program covering the nonpublic personal information it holds, including bank account and routing numbers that appear on wire instructions. Wire fraud almost always runs through this pillar before it reaches Pillar 2.
### Pillar 4: Settlement procedures
The office follows documented settlement processes, including TRID and RESPA compliance. The pillar touches funds because disbursement sequencing depends on it, but the controls themselves live in Pillar 2.
### Pillar 5: Policy production and premium remittance
The office issues title policies and remits premiums correctly. Indirect to funds security, but a failure here is what underwriters notice first.
### Pillar 6: Professional liability and fidelity coverage
The office maintains E&O and fidelity coverage appropriate to its size and volume. Indirect to daily fund security, but the coverage is what responds when a control fails.
### Pillar 7: Consumer complaint resolution
The office has a written process for receiving and resolving consumer complaints. Indirect, but a complaint is often the first signal that something went wrong on a file.
Pillar 2 requirements for escrow trust account controls
Pillar 2 is the longest and most detailed section of the framework, and it is where fund security lives. ALTA's published guidance breaks it into four control areas that an office has to document and operate (ALTA Title Insurance and Settlement Company Best Practices).
### Segregation of client funds
Client funds must be held in separate escrow or trust accounts, never commingled with operating funds, and held at FDIC-insured depositories. Each file's balance must be trackable within the trust account so the office can show, at any moment, which dollars belong to which file. Commingling is the failure mode an examiner looks for first, because once funds are mixed the office cannot prove whose money was whose.
### Authorized signer limits and dual control
The office must maintain a list of authorized signers on each trust account, with limits, and require two signatures or approvals for outbound wires above a stated threshold. Dual control means the person who initiates a wire is not the person who approves it. The threshold and the signer list are decisions the office makes and documents; ALTA does not set the dollar figure, it asks the office to have one and follow it.
### Background checks for trust account access
Staff with access to trust accounts must pass background checks at hire, and the office should re-check periodically. ALTA treats access to client funds as a position of trust that warrants screening, not just a job function.
### Outstanding file balance reporting
The office must track outstanding balances by file, report aged items, and resolve them. This is distinct from a bank reconciliation. A bank reconciliation confirms the trust account matches the bank statement. An outstanding file balance report confirms that every dollar in the trust account is claimed by an open file, and that no file is carrying a balance it should not. The two reports answer different questions and an office needs both.
How to implement three way reconciliation and positive pay
Three-way reconciliation is the reconciliation method ALTA Pillar 2 expects for escrow trust accounts. It compares three balances: the bank statement, the book balance (the office's ledger), and the sum of file-level balances (what each individual file says it holds). When all three agree, the office can show that the money in the account is the money the files claim. When they do not, the office has a problem to find and document.
### Step 1: Reconcile bank, book, and file balances on a set schedule
Reconcile the bank statement, the office ledger, and the file-level sub-ledgers on the schedule the office's procedures require (ALTA recommends at least monthly, many offices reconcile daily during heavy closing weeks). Investigate every variance until it is explained. An unexplained variance is an open item the office has to carry and resolve.
### Step 2: Enable positive pay and ACH debit blocks at the bank
Positive pay is a bank-side control where the office transmits its issued-check file to the bank, and the bank pays only checks that match that file. ACH debit blocks reject unauthorized automated clearing house debits against the trust account. Both controls move the trust account from "pay what is presented" to "pay only what the office told the bank to expect." The office enrolls with its depository and configures the controls; ALTA recommends them as part of an effective escrow controls program (ALTA Best Practices).
### Step 3: Record the reconciliation review and sign off
This is the step offices skip, and it is the one that matters most under examination. ALTA expects the office to document who performed the reconciliation, who reviewed it, and when. The sign-off is the artifact an examiner asks for. If the reconciliation happened but no one recorded the review, the office cannot later prove it occurred. The review record, timestamped and retained, is what turns a reconciliation from an activity into evidence.
How to implement wire transfer verification and dual control
Wire transfers are where Pillar 2 and Pillar 3 intersect. The funds move under Pillar 2 controls, but the instructions that direct them arrive as information the office has to protect and verify under Pillar 3. Three steps carry the load.
### Step 1: Verify wire instructions through an independent channel
Call back to a known number, not the number printed on the wire instructions or the number in the email that sent them. Email is not a verification channel because business email compromise is the primary vector for wire fraud, and a verification sent over the same channel the fraud is riding does not verify anything. The FBI's Internet Crime Complaint Center has documented tens of thousands of real estate wire fraud complaints and hundreds of millions in reported losses, and its central recommendation is to verify any change in payment instructions through a secondary, known-good channel (FBI IC3 2025 annual report). For a full treatment of why offices that did verify still lost, see Before buyer funds move, build the record.
### Step 2: Require a second approver on outbound wires
The person who initiates the wire cannot be the person who approves it. Dual control means a second authorized signer reviews the instruction, the verification, and any open items before the wire is released. The threshold above which dual control is required is an office policy decision, but the policy has to exist and the office has to follow it. For the foundational record this gate produces, see Why every covered instruction requires a current review record.
### Step 3: Record the sources reviewed before release
The verification check is not permission. The office may verify an instruction against a source and still face an open item the source could not resolve. What the file has to capture is which source was reviewed, what that source could and could not prove, what stayed open, and who approved release anyway. That record is the audit trail ALTA Pillar 2 expects and the artifact an examiner or E&O carrier eventually asks for. A check that came back clean, with no record of what it was checked against, is not the same as a documented review. For the distinction that makes this argument, see Account checks are evidence, not approval.
Pillar 3 protection of nonpublic personal information tied to wires
Wire instructions carry nonpublic personal information: bank account numbers, routing numbers, and party identifiers. Pillar 3 is the framework that governs how the office collects, stores, transmits, and disposes of that information. The underlying federal requirement is the Gramm-Leach-Bliley Act's Safeguards Rule, which ALTA's framework operationalizes for title and settlement companies.
### Written information security program
The office must maintain a written information security program (WISP) covering the collection, storage, transmission, and disposal of nonpublic personal information. The WISP is the document an examiner asks to see first under Pillar 3. It has to name a responsible employee, describe the controls in place, and be reviewed and updated. A WISP that exists in a binder and has not been touched since it was written does not satisfy the pillar, because the threat model changes.
### Access logs and restricted evidence handling
Access to nonpublic personal information must be logged and limited to staff who need it. Field-level access controls, where a processor can see the file but not the bank account number inside it, are the operational expression of this requirement. The office has to be able to show who accessed what, and when, because that is the record that demonstrates the restriction is real rather than nominal.
### Incident response and customer notification
The office must maintain a written incident response plan and follow state breach notification laws when nonpublic personal information is exposed. ALTA publishes wire fraud response resources that presume a documented trail exists before the incident, because the office cannot reconstruct what it never recorded (ALTA Wire Fraud resources). The response plan is the playbook; the review record is what the plan runs on.
Written procedures and documentation required on file
ALTA is documentation-heavy by design. The framework asks the office to show its work, not just claim it. Three categories of documentation have to exist on the file and be producible on request.
### Escrow trust account procedures
The office must maintain written procedures covering reconciliation frequency, the list of authorized signers and their limits, the disbursement workflow, and the handling of shortages. The procedures manual is the document an examiner uses to decide whether what the office did on a given file matches what the office said it would do. A gap between the written procedure and the actual practice is itself a finding.
### Wire disbursement and callback procedures
The office must document its wire verification method, including the callback script, the dual approval threshold, and the procedure for handling changed wire instructions. Changed-instruction handling is where most wire fraud succeeds, because the fraud arrives as a revision to instructions already on file. The procedure has to state how a change is verified, who verifies it, against what source, and what happens when something does not match. The mechanics of handling a change without losing the prior record are laid out in Managing stale records and material changes in closing files.
### Exception approval records
When the office departs from its standard procedures, the departure must be documented with the approver's name, the reason, and the date. A named exception is a record that says the office knew it was departing from procedure, who authorized the departure, and why. An undocumented bypass, where the office proceeds differently from its written procedure and records nothing, is the pattern that creates the most audit and liability exposure. The framework accepts exceptions. It does not accept silence. For the doctrine behind naming exceptions rather than leaving them implicit, see The Review Record standard.
The ALTA Best Practices assessment and certification process
There are two ways an office demonstrates compliance: self-assessment and third-party assessment. In a self-assessment, the office works through the ALTA Best Practices workbook and attests to its own implementation. In a third-party assessment, an independent assessor (typically a CPA firm) tests the office's controls and issues a report. ALTA publishes certification report templates for both paths, and third-party assessments carry more weight with lenders and underwriters because an independent party performed the testing (ALTA Best Practices framework and certification reports).
ALTA itself does not certify offices. ALTA publishes the framework and the report templates. The certification is issued either by the office itself (self-assessment) or by an independent assessor (third-party). An office that says it is "ALTA certified" without naming the assessor or the path is being imprecise in a way an examiner will notice. The accurate phrasing is that the office has completed a self-assessment or received a third-party assessment under the ALTA Best Practices framework.
What underwriters and E&O carriers expect from a compliant office
Compliance shows up in two commercial relationships: the agency agreement with the underwriter, and the professional liability policy with the E&O carrier. Both treat ALTA Best Practices compliance as a condition or a pricing factor, and both ask practical questions when a file goes wrong.
### Underwriter expectations
Underwriters frequently write ALTA Best Practices compliance into agency agreements. The expectation is operational, not ceremonial. When a loss occurs, the underwriter asks whether the escrow trust accounts were reconciled on the schedule the office's procedures require, whether dual control was in place on the wire disbursement, and whether the office can produce the documentation that supported the release. An office that can answer those questions with timestamped records has a different conversation than one that cannot.
### E&O carrier expectations
E&O carriers may require evidence of compliance as a condition of coverage, and some offer premium considerations for offices with documented controls. The question a carrier asks after a claim is the same one an examiner asks: can the office produce evidence of what was reviewed before funds moved? A claim defended with a file-level review record is a different claim than one defended from memory. The record does not make the office safe and it does not clear the fraud, but it shows the office applied its own procedures, which is what the underwriter and the carrier agreed to insure.
Adapting ALTA Best Practices to AI driven impersonation risk
ALTA Best Practices was written before synthetic voice and video were readily available to fraudsters. In 2025 and 2026, wire fraud increasingly involves AI-generated voice and video impersonation, where a fraudster synthesizes a party's voice or appearance to defeat a callback verification. The framework's documentation and verification requirements remain sound, but the threat model has moved.
A callback to a number that sounds like the seller is no longer sufficient if the voice on the line can be synthesized. The office's verification procedure has to account for the limitation of every source it relies on. A callback confirms the number was reached and a voice answered. It does not, by itself, rule out an AI impersonation if the number was diverted or the voice was generated. The record has to capture both what the source confirmed and what it could not confirm, so the file does not overstate the strength of the check.
This is the Veto thesis stated plainly: a check is not permission. A passed verification is not permission. Permission is an office state created by policy, evidence, source limitations, and the record of all three. When the threat model evolves, the record is what keeps the office honest about what its checks actually proved.
Building a no bypass control layer on settlement fund releases
ALTA establishes the what: written procedures, documented reconciliation, dual control, verification, and exception records. It does not enforce the how. An office can have compliant procedures on paper and still release funds on a stale or unsupported record, because the procedures sit in a binder and the release happens in a production system that does not consult them.
A control layer sits on top of the office's existing production systems (Qualia, SoftPro, ResWare, and similar platforms) and blocks the release of a covered instruction when the Review Record is missing, stale, or unsupported. The control layer does not decide whether the instruction is correct. It requires that the office's review be current, named, and on file before money moves.
Three properties make the layer work. First, every covered instruction requires a current Review Record, timestamped at sign-off. Second, the record goes stale automatically when a material value changes on the instruction, so a fresh review or a named exception is required before release. Third, exceptions are named (approver, reason, date) and never silent, so the office cannot bypass the layer without leaving a trail. For the full doctrine, see Preventing wire fraud in escrow offices using automated control layers.
This is the layer that turns ALTA's documentation expectations into an operational control rather than a paper exercise. The office still decides. The layer makes sure the decision is recorded.
Run a live-file control test
The way to see whether this control layer belongs in the office is to run it on one real disbursement before the next one closes.
Take a covered instruction from a recent or pending file. Build the Review Record: what changed from what was already on file, what source each value was checked against, what the check could and could not prove, what stayed open, who reviewed it, and what the office decided. Then map that record to the ALTA pillar it satisfies, and ask whether the file would answer the questions an examiner or E&O carrier asks if the file were reconstructed six months from now.
If the record is already there, the layer is already operating. If it is not, the file test is where to start. Run a live-file control test and see what the file can prove today.
Frequently asked questions about implementing ALTA Best Practices
### Is ALTA Best Practices certification required?
No. ALTA publishes the framework as a voluntary tool, and each title insurer and agent decides whether to adopt it (ALTA Best Practices FAQ). In practice, many lenders require evidence of compliance before they will place orders, so the discretion is narrower than the word voluntary suggests.
### How long does ALTA Best Practices certification take?
It depends on the office's starting point and the assessment path. An office with documented procedures and current reconciliations can complete a self-assessment in weeks. An office building its procedures from scratch, or pursuing a third-party assessment with an independent assessor, should plan for months.
### How often should an office recertify under ALTA Best Practices?
Annually. The framework expects the office to review its procedures, reconcile its accounts, and refresh its assessment on a yearly cadence. Lenders and underwriters typically ask for current evidence, and an assessment more than a year old is treated as stale.
### How does ALTA Best Practices differ from SOC 2 or ISO 27001?
ALTA Best Practices is industry-specific to title and settlement companies, with pillars that address escrow trust accounting and settlement procedures that general security frameworks do not cover. SOC 2 and ISO 27001 are general information security and service-organization standards that apply across industries. An office can hold all three; they answer different questions. ALTA asks about the funds. SOC 2 and ISO 27001 ask about the information systems.
### Does Pillar 2 require positive pay?
Positive pay is recommended as part of an effective escrow controls program, not mandated as a specific control. ALTA Pillar 2 asks the office to maintain appropriate and effective escrow controls and to document them. Positive pay and ACH debit blocks are widely treated as the bank-side controls an examiner expects to see, because they move the trust account from paying what is presented to paying only what the office told the bank to expect (ALTA Best Practices).
### What counts as a documented exception under ALTA Best Practices?
A documented exception is a departure from the office's standard procedures, recorded with the approver's name, the reason for the departure, and the date. A named exception shows the office knew it was departing from procedure and who authorized it. An undocumented bypass, where the office proceeds differently and records nothing, is the pattern the framework targets, because it leaves no trail for an examiner to evaluate.
This article describes the ALTA Best Practices framework and how its documentation expectations map to file-level controls. It is not legal advice and does not classify any office as compliant or noncompliant. Veto does not verify, approve, certify, guarantee, insure, authorize, or clear any instruction, wire, or account. Veto does not make wires safe and does not prevent fraud. Veto records the review, marks records stale on material changes, blocks releases on stale records, and logs the audit trail. The office decides. Veto records the review.
