BEST PRACTICES PORTFOLIO BUILDER
For Implementing the Industry Best Practices
The Fidelity National Title Group has developed this Best Practices
Portfolio Builder for our agents. This tool, which is designed to be
used in concert with ALTA’s Best Practices – Version 2.0 (released
07/19/2013), is a comprehensive plan to assist in developing your
unique Best Practices Policies & Procedures.
Lenders will be expected to do ongoing due diligence of their thirdparty providers under the requirements of Consumer Financial
Protection Bureau (CFPB), relative to concerns for the protection of
consumers.
Each of ALTA’s 7-Pillars of Best Practices are addressed in this
Portfolio Builder with considerations that need your thought, by
providing detailed explanations, suggested solutions, providing
samples of written policies, procedures, checklists, links and
resources.
NOTE: This information is for your reference only and is not intended to represent the only approach to any particular
issue. These guidelines should not be construed as legal, financial or business advice. We recommend you consult
your legal counsel and subject-matter experts to determine appropriate policies, procedures and strategies applicable
to your office or organization. For more information about the ALTA Best Practices, please visit www.alta.org.
Putting ALTA Best Practices in Motion
Summary of the 7-Pillars of ALTA’s Best Practices
Start Here
Best Practice 1 - Licensing:
Click here to go to page 3
Establish and maintain current license(s) as required to conduct the business of title insurance and settlement
services. Purpose: Maintaining state mandated insurance licenses and corporate registrations (as applicable)
helps ensure the Company remains in good standing with the state.
Best Practice 2 - Escrow Account Controls:
Click here to go to page 9
Adopt and maintain appropriate written procedures and controls for Escrow Trust Accounts allowing for
electronic verification of reconciliation. Purpose: Appropriate and effective escrow controls and staff training
help title and settlement companies meet client and legal requirements for the safeguarding of client funds.
These procedures help ensure accuracy and minimize the exposure to loss of client funds. Settlement
companies may engage outside contractors to conduct segregation of trust accounting duties.
Best Practice 3 - Information and Data Privacy:
Click here to go to page 25
Adopt and maintain a written privacy and information security program to protect Non-public Personal
Information as required by local, state and federal law. Purpose: Federal and state laws (including the GrammLeach-Bliley Act) require title companies to develop a written information security program that describes the
procedures they employ to protect Non-public Personal Information. The program must be appropriate to the
Company’s size and complexity, the nature and scope of the Company’s activities, and the sensitivity of the
customer information the Company handles. A Company evaluates and adjusts its program in light of relevant
circumstances, including changes in the Company’s business or operations, or the results of security testing and
monitoring.
Best Practice 4 – Settlement Policies and Procedures:
Click here to go to page 60
Adopt standard real estate settlement procedures and policies that help ensure compliance with Federal and
State Consumer Financial Laws as applicable to the Settlement process. Purpose: Adopting appropriate policies
and conducting ongoing employee training helps ensure the Company can meet state, federal, and contractual
obligations governing the Settlement.
Best Practice 5 - Title Production:
Click here to go to page 70
Adopt and maintain written procedures related to title policy production, delivery, reporting and premium
remittance. Purpose: Adopting appropriate procedures for the production, delivery, and remittance of title
insurance policies helps ensure title companies can meet their legal and contractual obligations.
Best Practice 6 - Errors & Omissions and Fidelity Coverage:
Click here to go to page 83
Maintain appropriate professional liability insurance and fidelity coverage. Purpose: Appropriate levels of
professional liability insurance or errors and omissions insurance help ensure title agencies and settlement
companies maintain the financial capacity to stand behind their professional services. In addition, state law and
title insurance underwriting agreements may require a company to maintain professional liability insurance or
errors and omissions insurance, fidelity coverage or surety bonds.
Best Practice 7 - Consumer Complaints:
Click here to go to page 88
Adopt and maintain written procedures for resolving consumer complaints. Purpose: A process for receiving
and addressing consumer complaints helps to ensure reported instances of poor service or non-compliance do
not go undiscovered.
Please refer to the full version of ALTA Best Practices Framework to correlate when using this
Portfolio Builder to be sure that all items referenced in the ALTA Best Practices (Version 2.0
Published July 19, 2013) are incorporated in your Portfolio.
Industry
Best Practice

Pillar 1
Licensing
Establish and maintain
current license(s) as
required to conduct the
business of title insurance
and settlement services.
Purpose:
Maintaining state mandated insurance licenses and corporate registrations (as applicable) helps ensure the
Company remains in good standing with the state.
Considerations:
1.
2.
3.
4.
5.
6.
7.
What job functions need to be licensed?
Who is performing those functions?
Are individual licensees affiliated with your agency according to state and underwriter records?
How are individual and agency licenses tracked?
Who is responsible for tracking?
How is tracking documented?
Do you have an adequate number of licensees to cover vacations, medical leave, etc.?
Solutions/Suggestions:
1. Research your state insurance laws to ensure that licensing practices are in compliance.
2. Appoint person responsible for updating licensing appointments/terminations. Duties should include
notifying both the applicable state agency and underwriters to all personnel changes affecting
appointments.
Tools & Resources:
SAMPLE: Licensing Basic Checklist
Links to Midwestern State Information:
o State Statute Requirements
o Licensing Status
o License Renewal Procedures
SAMPLE: Licensing Basic Checklist
Date
Completed
Function
Completed By
Notes
Establish list of functions that
need to be licensed
Create file/notebook of license
copies
Contact underwriter to appoint
each licensee (if applicable)
Verify appointment status using
Department of Insurance
website (if applicable)
Regularly review applicable
state website for expirations
and accuracy of licensee
information.
Notify Underwriters when a
licensee is no longer with your
agency
ALTA Forms Licensing Fee Paid?
Example:
List of agency employees
(that need to be licensed)
License
Number
License expires:
Jane Doe
N43442
3/13/2014
1. Assign the duty of confirming annually that all employees required to be licensed under your state laws
are licensed, properly appointed by your underwriters, and license information is accurate, (ie; name
changes and current addresses). Document annual confirmation.
2. Establish and maintain appropriate compliance with ALTA’s Policy Forms Licensing. Any issuing agent
of title insurance is required to hold a license for the continued use of ALTA’s commitment, policy and
endorsement forms. The annual cost of a Policy Forms license is $195. Membership with ALTA includes
a Policy Forms license at no additional cost. http://alta.org/forms.
3. Create a licensing log with at least the following:
Employee Name
License Number
License Expiration Date
State Statute Requirements
Illinois:
http://www.idfpr.com/DFI/TitleInsur/titleinsur_main.asp
http://www.idfpr.com/DFI/TitleInsur/titleinsur_acts_rules.asp
Indiana:
http://www.in.gov/idoi/files/Bulletin135.pdf
Kansas:
http://kansasstatutes.lesterama.org/Chapter_40/Article_49/ (statutes)
https://www.ksinsurance.org/legal/regs_list.htm (regulations)
Michigan:
http://legislature.mi.gov/doc.aspx?mcl-500-1201a
http://legislature.mi.gov/doc.aspx?mcl-500-1202
http://legislature.mi.gov/doc.aspx?mcl-500-1208a
http://legislature.mi.gov/doc.aspx?mcl-500-1451
http://legislature.mi.gov/doc.aspx?mcl-500-7301
Minnesota:
https://www.revisor.mn.gov/statutes/?id=60K.32
https://www.revisor.mn.gov/statutes/?id=60K.31
https://www.revisor.mn.gov/statutes/?id=60K.34
Missouri:
http://insurance.mo.gov/laws/381title.php (statutes)
http://sos.mo.gov/adrules/csr/current/20csr/20csr.asp (regulations)
Nebraska:
http://nebraskalegislature.gov/laws/browse-chapters.php?chapter=44 (View 44-4047 through 44-4066)
North Dakota:
http://www.legis.nd.gov/cencode/t26-1c26.pdf?20130308084138
Ohio:
http://codes.ohio.gov/orc/3953
http://codes.ohio.gov/oac/3901
South Dakota:
http://legis.state.sd.us (Chapter 58)
Wisconsin:
http://www.sircon.com/resource/layout.jsp?page=wisconsinLps&type=wisconsin
Licensing Status
Illinois:
Business Entity must be registered to do business in IL though the IL Secretary of State Office
http://www.cyberdriveillinois.com/departments/business_services/corp.html
Title Entity must have a certificate to do business in Illinois – application must be submitted through an
underwriter
http://www.idfpr.com/DFI/TitleInsur/titleinsur_main.asp
http://www.idfpr.com/dfi/TitleInsur/TISearch.asp
Indiana:
http://www.sircon.com/resource/layout.jsp?page=indianaLps&type=indiana
Kansas:
https://towerii.ksinsurance.org/kid/psignon.do http://www.ksinsurance.org/industry/agent/conted.htm
Michigan:
http://www.dleg.state.mi.us/fis/ind_srch/ins_agcy/insurance_agency_criteria.asp (Title Agency)
http://www.dleg.state.mi.us/fis/ind_srch/ins_agnt/insurance_agent_criteria.asp (For Individual Title
Licensees)
Minnesota:
http://www.sircon.com/resource/layout.jsp?page=minnesotaLps&type=minnesota
Missouri:
http://insurance.mo.gov/agents/
https://sbs-mo.naic.org/Lion-Web/jsp/login/login_lsx.jsp (For continuing education status)
Nebraska:
http://www.statebasedsystems.com/
North Dakota:
http://www.nd.gov/ndins/producers/
Ohio:
https://gateway.insurance.ohio.gov/UI/ODI.Agent.Public.UI/AgentLocator.mvc/DisplaySearch
South Dakota: No licensing required
Wisconsin: http://www.sircon.com/resource/layout.jsp?page=wisconsinLps&type=wisconsin
License Renewal Procedures
Illinois: http://insurance.illinois.gov/producer/
Indiana: http://www.in.gov/idoi/2473.htm
Kansas: http://www.ksinsurance.org/industry/agent/conted.htm
Michigan: http://www.michigan.gov/difs/0,5269,7-303-22535_23031---,00.html
Minnesota: http://mn.gov/commerce/insurance/producers-adjusters/agencies.jsp Agencies
http://mn.gov/commerce/insurance/producers-adjusters/producers-nonresident.jsp Non-Resident Agents
http://mn.gov/commerce/insurance/producers-adjusters/producers-resident.jsp Resident Agents
Missouri: http://insurance.mo.gov/agents/
http://insurance.mo.gov/industry/faq/license.php (facts & questions)
Nebraska: http://www.doi.nebraska.gov/license/
North Dakota: http://www.nd.gov/ndins/producers/resident/renew/
Ohio: http://www.insurance.ohio.gov/Agent/Pages/HouseBill300-ChangestoOhioRevisedCode3905.aspx
South Dakota: No licensing required
Wisconsin: http://www.sircon.com/resource/layout.jsp?page=wisconsinLps&type=wisconsin
Back to Top
Industry
Best Practice

Pillar 2
Escrow Account
Controls
Adopt and maintain appropriate
written procedures and controls for
escrow trust accounts allowing for
electronic verification of
reconciliation.
Purpose:
Appropriate and effective escrow controls and staff training help title and settlement companies meet client and
legal requirements for the safeguarding of client funds. These procedures help ensure accuracy and minimize
the exposure to loss of client funds. Settlement companies may engage outside contractors to conduct
segregation of trust accounting duties.
Considerations:
1. Reconciliation frequency? Discussion of monthly, weekly, daily (recommended), and hourly.
2. Who prepares your escrow account reconciliations? Consider the value of staff time/experience to prepare
reconciliations?
3. Is now the time to consider using an outside reconciliation service? What software is available? What 3 rd
Party services are available?
4. How many escrow accounts do you have?
5. How many escrow accounts do you need?
 One for each office location or one for the agency
 One for recording and premium accounts
6. For multiple branch locations, are disbursements centralized?
7. What procedures are in place to ensure timely and appropriate handling of deposits?
8. Do you have the proper segregation of duties in place?
9. Are reconciliations reviewed by management, (initialed/dated) and are problems/shortages resolved in a
timely manner?
10. Who has access to your escrow account? How many check signers do you need?
11. Do you have proper safety measures for wiring funds out of escrow?
12. Are there procedures in place to immediately remove an escrow signatory upon employee termination or
resignation?
Solutions / Suggestions:
You probably already have many of these best practices in place, but not necessarily documented well (meaning
there is no written procedure or written collection of materials stating that you have the processes in place).
Below are the categories where written procedures are needed.
1. Escrow funds and operating funds are separately maintained.
 Escrow funds or other funds the Company maintains under a fiduciary duty to another are not
commingled with the Company’s operating funds or an employee/manager’s personal account
2. Escrow trust accounts are prepared with trial balances.
 On at least a monthly basis, and within 10 business days of the closing date of the bank statement,
escrow trust accounts are prepared with trial balances (“three-way reconciliation”), listing all open
escrow balances
 Consider outside 3rd party reconciliation services
3. Segregation of duties is in place to help ensure the reliability of the reconciliation and reconciliations are
conducted by someone other than those with signing authority
 Results of the reconciliation are reviewed by management and are accessible electronically by the
Company’s contracted underwriter(s)
 Immediate action is taken to fund shortages. If you utilize a third party reconciliation service, reports are
reviewed in a timely manner and all reconciling items are resolved
4. Escrow trust accounts are properly identified as “escrow” or “trust” accounts and this identification appears
on all account-related documentation including bank statements, bank agreements, disbursement checks
and deposit tickets.
5. Create a written policy for any interest bearing account for which the title company retains the interest.
Obtain written instruction, documentation and proper IRS forms to open a special interest bearing account
for a specific customer directing that the interest be paid to the customer and not the company.
6. All disbursements must be accurately documented and that documentation retained in the escrow file for
audit purposes.
7. Transactions are conducted by authorized employees only.
 Only those employees whose authority has been defined to authorize bank transactions may do so.
Appropriate authorization levels are set by the Company and reviewed for updates at least annually.
Former employees are immediately removed as authorized signatories on all bank accounts.
8. Unless directed by the beneficial owner, escrow trust accounts are maintained in federally insured financial
institutions.
 Background checks are completed in the hiring process. At least every three years thereafter, obtain
background checks going back five years for all employees, including managers and owners who have
access to customer funds.
 The ALTA Best Practices makes it clear that each agency should be monitoring their own
employees.
9. Utilize Positive Pay or Reverse Positive Pay, automated clearing house blocks and international wire blocks,
if available. Document utilization and maintain with all banking agreements.
10. Ongoing internal file and account audits are performed.
11. Training is conducted for employees in the management of escrow funds and escrow accounting.
12. Maintain a log of all training performed and attendance.
Tools & Resources:
MANUAL - Escrow Accounting Standards for Agents – available on the National Agency Website, under Training
SAMPLE 1: Simplified Escrow Account Checklist
SAMPLE 2: Guidelines for Disbursement of Proceeds
SAMPLE 3: Escrow File Audit Checklist for Closers
SAMPLE 4: (Internal Use) Escrow File Audit Procedures for Managers - Safeguarding Clients Funds
SAMPLE 5: Template for Escrow Accounting Procedure
Reconciling Your Escrow Account – Video Courseware – Located on the FNTG National Agency Website
www.nationalagency.fntg.com - Log in, click “Want to Learn” under the Training Tab drop down menu.
FNF Fraud Insights - Newsletters - This links to the National Agency Website - Log in, click Fraud Insights
under the Resources drop down menu.
Solution Providers:
 www.Rynoh.com
 www.SoftproCorp.com
 www.ADP.com
The costs are reasonable (for example, background checks are in the $30-$40 range and credit reports
are in the $8-$10 range).
 www.nationalagency.fntg.com
Our Agency Website has several direct resources, solution provider information and several educational
and training options for both internal and client use.
Sample 1: Simplified Escrow Account Controls Checklist
Function
When
Who
Notes
Last Completed
Date
Create List of Accounts, including contact person at bank
(Note if any Accounts are Interest Bearing and who the interest
is paid to)
Is each account titled as an ‘escrow account’ or ‘trust
account’?
Are Positive Pay, Automated Clearing House blocks and
international wire blocks in place for each account?
List of Authorized Signatories, including designations of who is
the account owner
List of personnel for whom credit report and background
checks were performed, as well as last date each report was
completed
Current month reconciliations completed?
Owner/Manager Review completed and documented?
Attach summary report of open issues (i.e., files that need
correction) for each month. (This will help tracking of specific
items and trends)
Closers Initials __________
Sample 2: Guidelines – Disbursement of Proceeds
Buyer/Borrower Proceeds:
Any amount shown on line 303 of the HUD-1 Settlement Statement (funds due from Buyer/Borrower) must come into our
escrow/trust account from the borrower or be disbursed to our borrower. Any funds received by any other party must reflect
on a separate line in the 200 series designating the source of funds.
In regions in the Western US where the buyer/borrower funds are credited prior to the printing of the final HUD-1 statement,
those funds should be reflected in the 200 series of the HUD-1 statement showing the source of funds and line 303 should
reflect zero proceeds or a refund, if any due to the buyer/borrower.
Seller Proceeds:
Most lenders closing instructions contain provisions which prohibit the assignment of proceeds due the borrower or seller
without the written consent of the lender prior to closing. Here are two examples:
"ANY disbursement on the seller side of the HUD-1 (excluding lien-related items specified in the title commitment and
standard closing costs) must be approved in writing by the Lender prior to disbursing the loan proceeds."
"Closing agent must not make disbursements from the loan proceeds unless they are specifically authorized by these or the
Supplemental Closing Instructions."
Each lender’s requirement could be different. Written requests to pay proceeds to anyone other than the seller(s) named on
the settlement statement must be shown in the miscellaneous section of the settlement statement and approved by the
funding lender as specified in their instructions.
In a refinance transaction, the loan proceeds may only be paid in strict compliance with the written closing instructions
provided by the funding lender. Any request to pay additional parties must be listed in the 1300 section of the HUD-1 and
approved in accordance with the lender’s instructions. In most cases, the funder’s approval of the HUD-1 or closing statement
is not sufficient.
If a principal requests these types of disbursements, it is best to say it is against our Company policy. It is the settlement
agent’s fiduciary duty to remain neutral and safeguard the funds on deposit. Lenders expect full disclosure of all receipts and
disbursements in accordance with written mutual instructions. If a lender disapproves of any requested disbursement be sure
to notify the party in writing. As the settlement agent it is our duty to ensure all of the conditions are met.
Settlement agents may accept written instructions to deposit proceeds directly into a bank account on behalf of the principals.
Settlement agents may also cut separate checks or send a wire in the name of each individual seller or borrower. Multiple
disbursements to the same payee are not acceptable especially when asked to disburse in increments of $10,000 or less as
this may be perceived as participation in a money laundering scheme.
Escrowed Funds Disbursement:
All escrow disbursements (check and/or wire) require two approvers. Evidence of the two approvals is required on the
check/wire request and the check disbursement register for every escrow.
a. Approvers’ and/or check signers’ responsibilities on external disbursements are to ensure the payment amounts are
supported, proper vendors are paid, and disbursements have been properly authorized by the escrow officer.
b. Approvers’ and/or check signers’ responsibilities over our fee income are to ensure that check/journals to recognize our
Title/Settlement fees are only processed after the order has closed.
Most lenders closing instructions contain provisions which prohibit the assignment of proceeds due the borrower or seller
without the written consent of the lender prior to closing. Here are two examples:
“ANY disbursement on the seller side of the HUD-1 (excluding lien-related items specified in the title commitment
and standard closing costs) must be approved in writing by the Lender prior to disbursing the loan proceeds.”
“Closing agent must not make disbursements from the loan proceeds unless they are specifically authorized by
these or the Supplemental Closing Instructions.”
Each lender’s requirement could be different. Written requests to pay proceeds to anyone other than the seller(s) named on
the settlement statement must be shown in the miscellaneous section of the settlement statement and approved by the
funding lender as specified in their instructions.
In a refinance transaction, the loan proceeds may only be paid in strict compliance with the written closing instructions
provided by the funding lender. Any request to pay additional parties must be listed in the 1300 section of the HUD-1 and
approved in accordance with the lender’s instructions. In most cases, the funder’s approval of the HUD-1 or closing statement
is not sufficient.
If a principal requests these types of disbursements, it is best to say it is against our Company policy. It is the settlement
agent’s fiduciary duty to remain neutral and safeguard the funds on deposit. Lenders expect full disclosure of all receipts and
disbursements in accordance with written mutual instructions. If a lender disapproves of any requested disbursement be sure
to notify the party in writing. As the settlement agent it is our duty to ensure all of the conditions are met.
Settlement agents may accept written instructions to deposit proceeds directly into a bank account on behalf of the principals.
Settlement agents may also cut separate checks or send a wire in the name of each individual seller or borrower. Multiple
disbursements to the same payee are not acceptable especially when asked to disburse in increments of $10,000 or less as
this may be perceived as participation in a money laundering scheme.
Cancelled Checks and Stop Payments:
Cashier's or Teller Checks
Payment on a Cashier’s or Teller check issued by the Company may not be stopped without observing special procedures. A
Cashier or Teller check in the hands of holder without knowledge of a defense must be honored by the financial institution on
which it is drawn because it is the obligation of the financial institution not “ABC Title”. For this reason to avoid duplicate
payment, issuing a new Cashier’s or Teller check can only be done after the person whose obligation is paid by the Cashier’s
or Teller check has completed an affidavit concerning the lost, stolen or destroyed item. Generally, the issuing bank will
require a bond or other form of security for the amount of the check if it is going to reissue the check before a 90 day period
has elapsed.
When a Cashier’s or Teller check has been issued to pay off an obligation that is part of closing and the check is lost, stolen
or destroyed, the Settlement Agent must obtain approval from the appropriate supervisor before directing that a replacement
item is issued. Under Company policy failure to observe this requirement may result in the Settlement Agent being personally
liable if the Company suffers a loss on the transaction when the lost, stolen or destroyed item is subsequently presented and
paid.
Trust Account Checks
A check that has been issued, processed in the accounting records, but subsequently lost, stolen or returned to the Company
must be canceled. If the original check has been returned, mark it “Canceled”, remove the signature portion of the check and
forward it to accounting for adjustment to the appropriate records. Canceled checks, if found, must be retained.
Unless a check has been lost or stolen, do not stop payment without consulting your supervisor. If the check has been lost or
stolen, first determine if the check has cleared the bank. The accounting department should contact the bank to verify that the
check has not cleared the bank. If it has not cleared, the bank should be advised both orally and in writing to place a stop
payment on the check. No check may be reissued until it has been determined that it has not cleared the bank and you have
received authorization from the accounting department. If the original check is subsequently found, it should be forwarded to
the accounting department with a note across the face of the original check stating that a stop payment was issued on this
check and indicating the date of the stop payment.
Disbursement or Receipt of Funds By Wire:
Wire transfer transactions usually involve large dollar amounts that must be processed quickly. There is also finality to a wire
transfer transaction at the time of execution. Generally (but not always), wire transfers are not subject to a stop payment,
recall, cancellation or adjustment; once a wire request has been executed the funds immediately become the property of the
transfer recipient. Because of these concerns and to minimize the risk of loss from errors or fraud, wire transfer authority is to
be centralized within a limited number of management, accounting or administration employees. No escrow department
employee shall be unilaterally authorized to issue or accept a wire transfer. Customers are to communicate all wire transfer
requests in writing and each escrow officer is then to communicate the wire transfer information to one of the authorized
employees in writing or by fax and confirmed in writing. In all cases of initiation of a wire transfer by a Settlement Agent,
escrow officer or other authorized party, a reasonable security procedure must be used to validate the transfer.
Closers Initials __________
Sample 3: Escrow File Audit Checklist for Closers
Issue/Topic
The print date noted by the system on the HUD-1 (where applicable)
is the same or prior to the signature date of the buyer/seller.
The HUD-1 was signed by all parties to the transaction.
An amended HUD-1 was prepared for any updates subsequent to the
closing.
Evidence that an amended HUD-1 (if applicable) was sent to the
affected parties (borrower/seller/lender) is in the file.
Supporting documentation exists for all disbursements including
payoffs (invoice, demand, etc.).
Supporting documentation agrees to the amount and payee shown on
the HUD-1.
Transactions on the HUD-1 are accurately stated and in agreement
with the check register (the HUD-1 and check register are consistent
and in agreement) and purchase contract.
Requirements specified in the lender's instructions pertaining to the
preparation of the HUD-1 were met.
The HUD-1 loan terms agree to the lender’s closing instructions.
The GFE comparison box does not obscure a tolerance violation.
For short sales, the transaction complies with all requirements outlined
in the Short Sale Final Approval Letter from the lender.
If the Short Sale Final Approval Letter is not received directly from the
short sale lender (i.e., it is addressed to the seller/borrower), the
contents, include- ing the amount,expiration date and terms and
conditions are verified with the lender, and the date, time and name of
person with whom you spoke documented on the letter.
For short sales, the transaction includes the required Short Sale
language in an amendment.
For short sales, the short sale approval letter was signed by the
buyer(s) and the seller(s) on a short pay sale and the borrower(s) on
a short pay refinance.
Third party deposits are disclosed on the HUD-1.
Third party deposits are processed via third party deposit instructions.
Third party deposits are noted in the lender’s instructions or approved
by the lender (in writing).
For transfers between escrow accounts, proper authorization from the
affect-ed principals is noted in both escrow files.
For transfers between escrow accounts, proper authorization from the
operation’s manager (or designee) is noted in both escrow files.
Disbursements are made when funds are available and in accordance
with state and local regulations as applicable-(Good Funds Law
applies in certain states).
Seller, lender and/or mortgage broker credits are fully described and
supported.
Title fees do not vary from filed or promulgated rates (where
applicable).
Note:If the Title unit is solely responsible for calculating rates and is
separate from the County Office (such as a CPF), exceptions will be
classified as “Other.”)
Escrow fees (including ancillary fees) do not vary from filed or
promulgated rates (where applicable).
Payoff demands are not accepted from mortgage brokers, realtors or
borrowers and all precautions taken to prevent fraud
Other fees properly disclosed and payee’s disclosed
Other charges properly disclosed and payee’s indicated
Yes/No
Comments
Issue/Topic
Seller proceeds are only disbursed to owners of record.
Disbursements to any other parties are approved in writing by the
lender.
Borrower proceeds (if applicable) are disbursed per funding lender’s
instructions. Disbursements to any other parties are approved in
writing by the lender.
For all Home Equity Lines of Credit (HELOCs) noted on schedule C of
the prelim/commitment, the Credit Line Authorization form is sent
with the payoff demand request or the payoff to the lender.
For all HELOCs, the written payoff request sent to the lender includes
specific “freeze language”.
Review Document Execution Guidelines (Approved Notaries in most
cases).
Underwriting requirements: There is a current title report/date down.
Underwriting requirements: Recorded liens on the prelim/commitment
are satisfied/cleared.
Underwriting requirements: Party names and legal descriptions are
correct on the insured documents.
Underwriting requirements: Documents are recorded within two
business days of settlement.
Seller, lender and/or mortgage broker credits are properly disclosed on
the HUD-1.
For all HELOCs, updated payoff figures were obtained no more than
two days prior to full payment of the loan.
Checks payable to credit card companies at the lender’s instruction,
are mailed directly to the credit card companies (not given back to
the borrower). The file copy of the check includes complete payee
name, address, and account number. These are disclosed in the
1300 series, unless the file contains specific instructions to the
contrary receivedfrom the funding lender. Approval is obtained from
the lender for payments made to credit card companies based
oncredit card statements retained in the file that differ from amounts
listed in the lender’s instructions.
The correct lines/series per RESPA guidelines and/or company policy
are used for entries on the HUD-1. In addition,a supplemental page
is attached when there is not enough space on the designated line
item. Earnest money deposits are properly disclosed on the HUD-1 in
accordance with RESPA guidelines.
State Withholding (CA, CO, GA, HI, ME, MD, MS, NJ, NY, OR, RI, SC,
VT, VA, WV) is appropriately documented and processed.
For FIRPTA (Foreign Investment in Real Property Tax), the Waiver of
Settlement Agent Responsibility form is completedfor all purchase
transactions or the waiver language is incorporated into the escrow
instructions, where applicable unless the principals determined
withholding applied and signed the FIRPTA Escrow Instructions.
Copies of the applicable IRS forms are in the file.
IRS reporting requirements are met including completion of a 1099-S
or 1099-S solicitations form.
Photocopy of deposit check, incoming wire and/or funding number (as
applicable) is located in the escrow file or is readily accessible.
A payoff demand is addressed to the respective title company, or the
payoff information is verified via phone, and the result is documented.
The payoff demand is not expired.
Sections A through I of the HUD-1 are complete and accurate.
Yes/No
Comments
Closers Initials __________
Sample 4 Internal use only: Escrow File Audit - Procedures for Managers
checklist for safeguarding of clients funds
Date:
__________________
Company/Branch:
Address:
City, State & Zip:
__________________
__________________
__________________
Escrow Officer:
__________________
Escrow File No.
Title Order No.
__________________
__________________
Auditor/Escrow Manager:
__________________
This audit checklist for fraud is provided as a general guidelinefor FNTG agents to assist with ALTA Best
Practice implementation.
I. View and print system generated statements:
______
______
Final HUD Settlement Statement; or
Master Closing Statement (buyer and seller)
Note: Escrow officers are trained to use a HUD-1 Settlement Statement only when required
under RESPA to do so. RESPA governs all federally regulated mortgage loans that are secured
by residential real property (including condos and co-ops) designed principally for the
occupancy of 1-4 families. In all cash or commercial transactions, you should only find a
Closing Statement, not a HUD form Settlement Statement.
II. Compare the system generated statements to the statements in the
escrow file. Look for the following issues:
______
Does the system generated statement match the statement shown in
the escrow file?
______
Were final settlement statements delivered to the parties (evidenced
by fax transmittal, cover letter(s), email or notes in settlement system)?
______
Does the total consideration (purchase price) reflected on the
settlement statements match when compared to the purchase and sale
agreement and/or escrow instructions?
______
Does the total consideration (purchase price) reflected on the
settlement statements match when compared to the lender’s
instructions (if any)?
Note: Any differences between the total consideration reflected on the settlement statement
and the total consideration reflected on the purchase and sale agreement and/or escrow
instructions and/or lender’s instructions must be documented by a subsequent amendment
agreed to by all parties to the transaction.
______
Are all debits and credits between parties to the transaction reflected
on the settlement statement properly documented in the purchase and
sale agreement and/or escrow instructions and/or lender’s instructions
and/or commission or payoff demand?
Note: If a HUD form of settlement statement is used look for credits to the buyer/borrower in
the 200 section. All credits should be fully described. The words “deposit” or “credit” is not
sufficient. Credits should be reflected as a credit from “whomever” and normally there will be
an offsetting debit from the seller’s column. Look in the 500 series of the HUD for offsetting
debits from the seller, the 700 series for offsetting debits from the real estate agents and the
800 series for offsetting debits from the mortgage broker or lender.
______
Are all items reflected on the settlement statement as “P.O.C.” (paid
outside closing) properly documented and agreed to on the purchase
and sale agreement and/or escrow instructions and/or lender’s
instructions?
III. Receipts: Compare the statement to the final check register.
______
From the register, are the amount of funds receipted into the file in
favor of the Buyer the same amount as shown on the statement?
Note: Funds received from the buyer should show on line 201 if the statement is a HUD form.
______
From the register, are the amount of funds receipted into the file from
third parties the same amount as shown on the statement?
Note: Funds received from third parties in favor of the buyer should be reflected on line 204,
if the statement is a HUD form.
______
Are the third party remitters disclosed on the receipts correctly?
Note: The system generated receipts should reflect the name of the remitting party, not the
buyer or seller who received benefit of the funds at closing.
______
Does the escrow file contain Third Party Deposit Instructions for
deposits received from parties outside of the escrow transaction?
______
Were the good funds laws followed for each receipt and subsequent
disbursement? In other words, did the escrow operation wait for the
funds to clear the bank prior to making disbursements?
______
Were funds transferred between files? Any incoming transfer of funds
between files should have a signed transfer instruction from the
transferring file.
IV. Disbursements: Compare the statement to the final check register.
______
From the register, do all disbursements match the amounts and
payees shown on statement?
Note: Outgoing wire transfers may reflect the receiving bank as the payee on the register.
Verify that the payee’s account name on the outgoing wire authorization form in the file
matches to the payee shown on the closing statement.
______
If Seller proceeds are wired and the account name or beneficiary name
for the payee of the outgoing is different than the Seller/Title holder
name, then review the file for an irrevocable assignment of proceeds.
______
Lender's instructions typically prohibit the payment of seller proceeds
to parties other than the record title holder. Verify that estimated and
final settlement statements to the lender reflect the payments to any
third parties on the 1300 section of the HUD.
______
Verify that there are not multiple disbursements of seller's proceeds
due to money laundering risks/
______
From the statement, add all receipts and all disbursements to verify
that the totals match the receipt and disbursement totals from the
register.
______
Were funds transferred between files? Any outgoing transfer of funds
between files should have a signed transfer instruction authorized by
the parties to the transaction.
______
Match the check copies or cancelled checks (if available) to the payees
and amounts shown on the check register and closing statements.
Please note any exceptions to the matching process.
______
All check registers or disbursement logs should reflect the initials of
the original check signers for all disbursements.
______
Were funds held and then disbursed after close of escrow? There
should be a new check register or disbursement log each time an
additional check is disbursed.
______
If there are still funds held in the file verify that there are proper
instructions as to the future disbursement of the funds.
______
Review the payoff of existing encumbrances:
______
Is there a current payoff statement in the file?
______
Is the statement issued in the name of the Company?
Note: There are exceptions to this rule. For instance, when escrow is ordering the payoff
statement over the payoff lender’s automated voice response system or from the lender’s
website, the statement will not be addressed to anyone. Escrow officers have been advised to
either stamp or write the Company name, date and sign their signature attesting to the receipt
of the statement from the payoff lender.
______
______
______
______
Does the amount paid match the amounts on the payoff
statement?
Did the owner/borrower sign the payoff statement,
approving the amounts to be paid?
Were the funds paid and delivered to the correct payee?
Was the correct loan paid off?
Note: Sometimes borrowers can have multiple loans on different properties with the same
lender. From time to time escrow will order a payoff statement and the lender will issue the
statement on the incorrect loan. Escrow then unknowingly pays off the wrong loan. It is
important to compare the payoff statement with the title report to validate that the principal
balance could have been paid down to the amount shown on the payoff statement within the
time allowed from date of origination.
______
Was payoff made to a private party beneficiary?
Note: If a private party beneficiary was paid through the escrow, verify that an original
release of the borrower’s obligation (satisfaction of mortgage or request for reconveyance or
consummation deed) was given exchange for the payoff check.
______
Was the payoff statement a result of a short sale?
Definition of Short Sale: A sale in which the outstanding obligations (loans) against the real
estate are greater than the amount for which the property can be sold. The seller must
provide an appraisal (typically outside of escrow) to the payoff lender validating the decreased
market value of the property. For example: If the property value has decreased to $300,000
and the owner owes $330,000. The owner may negotiate with the payoff lender to accept a
$300,000 payoff and forgive the $30,000 balance. The lender will sometimes accept the
shortage in lieu of having to foreclose on the property and sell it to regain some of their costs.
______
______
If the payoff was a short sale, read the payoff statement
and verify that the terms and conditions of the short
sale statement were strictly followed. The statement
will usually indicate that there can not be a subsequent
or concurrent transaction and will provide any amounts
that may be paid to the seller or any other party in
connection with the transaction.
______
If the statement represents the payoff of an existing
Home Equity Line of Credit, then look for a “freeze
letter” signed by the borrower instructing the payoff
lender to “freeze” the account so that the borrower can
no longer draw against it.
Review the payment of invoices to verify that the checks are made
payable to the invoicing parties.
______
Watch for bogus invoices which bear no invoice number
or property address and may appear to have been cut
and pasted or are otherwise incomplete.
V. Premium to the Underwriter
______
Review the posted premium in the file (fee ticket) to the settlement
statement to verify that fees collected were accurately paid to the
Underwriter from the trust account. Look for a reduction in any premium
fees to cover a shortage of funds in the file.
______
Verify that fees were accurately charged in accordance with the Company’s
published rates and is in compliance with the state’s filed rates (if applicable).
Note: Title rates are based on the property location. If the property is not located in the same
County as the office, different title rates apply (look for title invoice in the file). Escrow rates
are charged based on closing location, regardless of property location, so they should always
be consistent with the escrow office’s filed schedule of fees.
______
If notary fees are collected through the escrow file for a notary who is
also an employee of the Company, verify that the notary fees were
paid to the Company and not the employee. Note: Make sure you use approved and
insured Notaries for any transaction.
Note: It is our Company’s policy to pay notary fees to the Company and not the employee.
We accumulate the notary fees collected on behalf of the employee on a monthly basis and
pay the total through the Company’s payroll system, deducting the proper state and federal
withholdings.
VI. Forgery/Notary fraud: Compare copies of the notarized documents in
the file.
______
Are the buyer’s documents and seller’s documents acknowledged by
the same notary?
______
Are the grantors (sellers) named on the conveyance deed the same as
listed on the preliminary report or commitment?
VII. Check for inflated purchase price:
______
If possible, review the conveyance deed that was recorded just prior to
this transaction. Look for documentary transfer tax, if any, and
multiply the applicable rate times $1,000 to determine the prior sale
price on the property.
______
Is the price extremely inflated since the last purchase? If the
documentary transfer tax is not available, request the Affidavit of
Property Value or Preliminary Change of Ownership or similar form
that would have accompanied the prior transfer to determine the prior
sales price.
VIII. Verify that governmental reporting requirements were followed:
______
Is there a 1099-S Certification for No Reporting in the file? Federal
law requires that, unless the specific real estate transaction is exempt,
the transferor’s name, address, tax identification number, and the
amount of the proceeds must be reported to the Internal Revenue
Service.
______
Is the seller a foreigner? If so, did escrow withhold and report?
Note: FIRPTA - the Foreign Investment in Real Property Tax Act of 1980 - is a
Federal statute that authorizes the United States to tax foreign persons when they
transfer real estate located in the United States.
In order to help ensure that the federal government receives the taxes that are due
from foreign transferors, the statute requires the transferee to find out if the real
estate transferor is a foreign person.
If a real estate transferor is a foreign person and an exception as specified in the Act
does not apply, the transferee - or, in our case, the Settlement Agent - must
withhold 10 percent of the gross purchase price and report the transaction to the IRS
within 20 days after the closing.
If the transferor is a foreign person and we fail to submit the required tax, we may
be held liable for the tax that should have been withheld - as well as for penalties for
noncompliance.
______
Is the property located in California? Look for California withholding or
exemption from withholding forms.
Note: The California Revenue and Taxation Code requires that the buyer or other
transferee of California real estate withhold 3-1/3 percent of the total sales price.
This withholding is, in effect, a prepayment of the seller’s estimated state income tax
due from the gain on the sale of the real estate. Exemptions or waivers need to be
noted in the escrow file.
Sample 5: Template for Escrow Accounting Procedure
As you use this template, please keep in mind the following: This is a template. You must modify it to
reflect how you do things in your office. When your office is audited for compliance with Best
Practices, the auditor will compare your procedure manual to your actual practices.
Types of accounts
Our office has the following accounts:
Type of Account
Escrow/Trust Account
Incoming Wire Account
Account Number
Name of Bank
Notes
Provides a firewall between
the escrow account and
fraudsters.
Long-term Escrow
Accounts
Premium Trust Account
Recording Trust Account
Escrow trust account
The escrow trust account is required for closings and settlements. Incoming funds are
directed to the Incoming Wire Account and are transferred manually to the escrow trust
account when:_________________
Two signatures are required on all checks.
Long term escrow account.
This account is for construction holds, water holds, and other transactions where funds are being
held pending the resolution of a task or tasks, such as the issuance of a final water bill or the
completion of repairs or improvements.
Two signatures are required on all checks.
Premium trust account
This account holds the underwriter’s portion of the premium.
Two signatures are required on all checks.
Recording trust account
This account holds the funds being used for recordings.
Two signatures are required on all checks.
Deposits. Physical escrow account deposits are made daily and all deposits in transit over three days
old (i.e., weekends) are investigated. Separate deposit slips are prepared for each file indicating the file
number on each deposit slip. Copies of all deposited information (i.e. checks received as well as
validated deposit tickets) are kept in the closing files to prove funds were received in accordance with
the settlement statement or closing disclosure.
Wire Transfers. Wire transfer logs are maintained to by: ______________ in a ___________ (or
within our escrow software system). These logs are a special log specifically used to track wires and
supplement the data electronically maintained for individual files.
Check controls.
All escrow account bank statements and checks state the words “escrow account” or “trust
account”
(For paper checks) We lock our unused when not in the printer. W e also use locking printer
stands. Log checks out. We keep a record of all blank checks ordered and received and log
them out as each user is given a new supply. Inventory checks are performed randomly by
________. Unused checks are compared against the log to ensure they are still unused.
(For laser checks) Our safeguards for our laser check programs/systems include, but are not limited
to: 1) Print & Review the check register DAILY; 2) Print & Review a daily Void Transaction Report; 3)
Designate one employee to assume ALL wire transfer responsibilities; 4) Designate one additional
employee in the accounting department to confirm and verify ALL outgoing wires.
Copies of all disbursed checks are maintained in each file to prove funds were disbursed through the
escrow account in accordance with the HUD-1 settlement statement.
Signature stamps are not used on escrow checks.
Positive Pay or Reverse Pay services are recommended for escrow accounts whenever possible to
provide additional protection against fraudulent disbursements.
Voided checks are defaced by physically removing the signature line. The originals are retained with
accounting records.
Outstanding checks that were issued for payoffs and other lienable events, and checks for recording
are investigated if they have not cleared within ___3____ days.
Outstanding checks for other matters are reviewed monthly.
Long Term (Dormant) Escrow Account Procedures:
Long Term (Dormant) accounts are reconciled monthly using the same procedures noted for the
primary escrow account.
Signed escrow agreements detailing terms of release of funds, for example, funds being held for
earnest money; water/utility escrows; unfinished construction/repair escrows, are maintained in all
files where escrow funds are being held. Contact information for all the involved parties is also
contained in the file. Current copies of the file ledger showing disbursements-to-date are also held
in the relevant file.
Closing transaction records
We utilize _________ brand of escrow closing and accounting software.
The software
maintains an electronic log many of the following things (see the software documentation for
exact specifications), in an electronic format that can be printed as needed:

Unique file number. All records relative to a transaction must bear the unique case
number.

Receipts log, which lists all incoming funds and can be used to help verify daily deposits.

Checkbook register for each escrow account in which a record is kept of all
incoming and outgoing funds identified with the unique case number.

Ledger card for each case file, which details in chronological order all receipts and
disbursements for the particular case.

Trial Balance listing of all cases by number showing open balances (whether positive
or negative, and showing the total. This total should equal the running balance in the
checkbook register.
Reconciliation Procedures
Our escrow account is reconciled _________ (daily, weekly, monthly). A three-way reconciliation
is performed and any file shortages are investigated and resolved immediately – usually by funding any
shortages from the operating account. To the extent that we recover shortages from other parties at a
later date, we reimburse our operating account.
The three-way reconciliation is done using the generally accepted title agency accounting procedures.
The checkbook balance, reconciled bank balance and the escrow trial balance/ledger balance report
balances are reviewed for agreement.
The owner/manager, _________, critically reviews and formally approves the bank reconciliation by
initialing and noting the date of review. This process serves to verify that file shortages are timely
funded.
Escrow Account Controls
Our agency has policy of strict segregation of duties. Here is a summary of our closing function
staffing and procedures
What
Receiving and logging funds
Recording transactions in the
Checkbook register (electronic)
Preparing checks
Signing checks
Reconciling
Review of reconciliation issues
Who
Notes
Our Closers Officers handle the following tasks:
•
Receive Closing/Escrow Instructions
•
Record the Receipt of Funds in the software
•
Verify Good Funds
•
Work Up the Planned Disbursements
•
Balance the File Before Closing
•
Match the Checks to the Ledger Card Before Disbursing
•
Sign the Checks, along with a Countersigner
•
Initiate Outgoing Wire Transfers
•
Conduct the Closing
•
Perform Post-Closing Activities
•
Match the File Balance to the Trial Balance Line Item After Closing
Receptionist handle the following tasks:
•
Receive the Funding Check or Bank W ire
(Often Closer receives and gives to Receptionist for next step)
•
Enter Funding Check data in the software
•
Restrictively Endorse the Funding Check
•
Follow Up on Mortgage Releases
Bookkeeper handles the following tasks:
•
Record the Receipt in the Checkbook Register
•
Prepare the Daily Deposit
•
Compare the Deposit Slip to the Checks Received Before the Deposit is Made
•
Generate Checks
•
Record the Disbursements on the Ledger Card
•
Record the Disbursements in the Checkbook Register
•
Verify Outgoing Wire Transfers
•
Generate the Daily Escrow Trial Balance of Open Escrows
•
Confirm/Balance the Trial Balance Total to the Checkbook Register Total 2-Way
Reconciliation
•
Perform a 3-Way Reconciliation of the Monthly Bank Statement to the Trial Balance and
Checkbook Register—Note that the Manager reviews this 3-Way Reconciliation
Add other personnel or management who handle any escrow funds or who can approve any
disbursement of funds within internal accounts or through external accounts or procedures.
Back to Top
Industry
Best Practice

Pillar 3
Information &
Data Privacy
Adopt and maintain a written
privacy and information security
program to protect Non-public
Personal Information as required
by local, state and federal law.
Purpose:
Federal and state laws (including the Gramm-Leach-Bliley Act) require title companies to develop a written
information security program that describes the procedures they employ to protect Non-public Personal
Information. The program must be appropriate to the Company’s size and complexity, the nature and
scope of the Company’s activities, and the sensitivity of the customer information the Company handles. A
Company evaluates and adjusts its program in light of relevant circumstances, including changes in the
Company’s business or operations, or the results of security testing and monitoring.
Considerations:
1. Assess the physical security of Non-public Personal Information (NPI) – both hard copy and
digitally stored information.
 Only employees that have undergone a background check should be able to access NPI.
 For NPI - know “what you have” and “where you have it” and “what format it is in” to be
able to protect it.
 Physically separate any area where NPI may be accessed by a door, receptionist or other
controllable portal from your closing/conference rooms, public areas.
 Lock file rooms, file cabinets when not in use or when no one is present.
 Implement a Clean Desk Policy for your office.
 Consider how to eliminate access to areas containing NPI for external cleaning services,
repair technicians, vendors that deliver supplies, services that provide file storage or
shredding services, Realtors® and other third parties.
2. Make sure you have secure delivery methods in place.
 “Hard Copy”/Paper delivery and electronic delivery of information containing NPI.
 Implement required use of encrypted email for electronic transmissions when sending NPI.
3. Establish Information Technology Policy, Record Retention & Record Disposal Policy, Privacy &
Information Security Plan, Clean Desk Policy & Physical Security Compliance Notice for your
operation.
 Appropriate ongoing review of your implemented policies, management and training of
employees on your adopted policies to help ensure compliance with the company’s
Information Security Plan and any other written policies/procedures.
 Company policies communicated and training provided to new hires.
 Employees must acknowledge by signature that they have reviewed and will abide by your
established policies.
 Company policy in place to “vet” your 3rd Party Vendors and a requirement of those
Vendors to acknowledge by signature the company Information Security Plan using a
Compliance Notice required by your company.
4. Establish an internal audit process to ensure ongoing compliance and employee training with
the company’s Information Security Policy and other Data Security Policies.
5. Establish that your computer system server is securely isolated in a locked closet, room, or other
area with limited access or securely located offsite.
6. Consider disabling portals on all company computers where the employees job function does not
require access, so that an employee or someone else would not be able to upload or download
data using a portable memory device (USB, jump/thumb drive, external hard drive, phones, etc.).
 Establish employee training not to insert any unknown device into company systems (i.e.
found a thumb drive in the parking lot).
 Establish ongoing employee training or notifications to employees on current types of
cyber threats (i.e. phishing, etc.)
7. Establish company protocols to properly dispose of paper records and electronic records, including
those contained on hard drives of smart copiers/printers, as established under the Federal Trade
Commission (FTC) Disposal Rule.
 Complete your due diligence on a 3rd party provider that you give paper records to for
destruction and maintain your receipts from the disposal company for audit purposes.
8. Complete and establish your Business Continuity Plan (a/k/a Disaster Plan) in the event of a
natural disaster (flood, tornado) or accidental disaster (power outage, fire, sinkhole, vehicle impact
to building), etc. (See FNTG Tools/Resources)
 Review your current insurance coverage in the event of disasters.
 Research various insurance coverage’s available.
 Adjust your coverage as necessary.
9. Establish a plan/procedure for your company to follow to notify customers and/or law enforcement
of a data security breach as required by law.
10. Develop a Privacy Statement and provide to customers/consumers as required by law.
 Post your company Privacy Statement on your website.
 Separately post language that describes how you obtain NPI through the closing process
(see section in Sample Privacy Policy called “Personal Information Collected”).
Solutions/Suggestions:
1. Create and/or Adopt written policies/procedures:
 Information Security Plan (minimum requirement)
 Information Technology Policy
 Record Retention & Record Disposal Policy
 Privacy & Information Security Plan
 Clean Desk Policy
 Physical Security Compliance Notice
2. When you are creating your written policies/procedures that comply with Best Practice #3 – we
recommend you consult with 3rd party experts on computer security, data security and completing
annual system testing for external infiltration into your system (testing must be completed by
outside company vs. your internal I.T. employees) to see if your system can be “hacked”. Retain
documentation each time you have this testing done.
3. Audit and oversight procedures to ensure compliance with company’s information security
program.
4. Audit and oversight procedures to ensure ongoing training and compliance by both employees and
vendors, which includes signature acknowledgment of the company policies.
5. Audit and oversight procedures that provide for ongoing testing of your Information Security Plan.
Tools/Resources:
FTC Privacy Rule, 16 CFR Part 313: http://www.business.ftc.gov/documents/bus67-how-comply-privacyconsumer-financial-information-rule-gramm-leach-bliley-act
FTC Safeguards Rule, 16 CFR Part 314: http://www.business.ftc.gov/documents/bus67-how-complyprivacy-consumer-financial-information-rule-gramm-leach-bliley-act
FTC Disposal Rule, 16 CFR Part 682: http://cfr.regstoday.com/16cfr682.aspx
FORMS REFERENCE TOOL 1: Business Continuity Assessment Tool
REFERENCE TOOL 2: What you should know about NPI
SAMPLE 1: Data Security Policy Structure (has been replaced by ITP)
SAMPLE 2: Information Technology Policy
SAMPLE 3: Record Retention & Record Disposal Policy
SAMPLE 4: Privacy Statement
SAMPLE 5: Privacy & Information Security Plan
SAMPLE 6: Clean Desk Policy & Physical Compliance Notice
Training for employees  Real Estate Data Shield’s website: www.realestatedatashield.com
Allows agents to then demonstrate to lender clients or to regulators (CFPB, FTC, etc.), their
compliance with the staff training component of the applicable privacy laws, rules and regulations.
 NPI Training provided by FNTG’s Agency Staff (Based on Federal Trade Commission (FTC)
Materials)
Commercial National Companies –
 Iron Mountain: http://solutions.ironmountain.com/FNF
 Your Docs: www.ptghome.com/yourdox.html
Compliance Success Program (CPA)  HABIF, AROGETI & WYNNE, LLP (HA&W)
COMPLIANCESUCCESS PROGRAMsm: www.compliancesuccess.com/fidelity
Cyber-Security Insurance –
 ARTHUR J. GALLAGHER & CO.
FIDELITY-PAK AND SECURITY-PAK: fntgins@ajg.com
Email Encryption DATAMOTION: www.datamotion.com/fntg-info
Business Continuity / Business Disaster Planning –
3rd Party Company that will create a Business Continuity Plan for your operation(s):
 Continuity Secure: http://continuitysecure.com/fntg-info
FNTG Business Continuity Planning Introductory PowerPoint & Work Books to “Do It Yourself” –
 Sample BCP/BDP: Click this link to presentation – BCP - PowerPoint Presentation
 Sample BCP/BDP: Click this link to document – BCP - Full Management Plan
 Sample BCP/BDP: Click this link to document – BCP - Departmental Workbook
 Sample BCP/BDP: Click this link to document – BCP – Abbreviated 5 R’s Plan
Written Policy Templates – Data Security  LenderSecure: www.lendersecure.com
 Real Estate Data Shield: http://realestatedatashield.com/fidelity-agents
 Security Compliance Associates (SCA): www.scasecurity.com/fidelity
Reference Tool 1: Business Continuity Assessment Tool
Part I: Business Information
1
Locations/branches for each operation.
2
Departments in each of your operations.
Emergency Evacuation Plan that accounts for all personnel and clearly sets forth
procedures to protect life safety in the event of an evacuation, heart attack, Bomb
threat and other disasters.
Disaster Management Program in place, including a Crisis Management plan,
Department Recovery workbooks, Emergency Evacuation Plan.
3
4
5
6
7
8
Disaster Management Program in place that is documented and audited.
Disaster Management Program in place where documents and operations are
tested annually.
Program in place that allows company to track audit requirements for your
documentation annually so that you remain in a state of audit readiness.
Company is prepared for If a disaster happens today - company is aware and
prepared to the cost in lost opportunity, recovery expenses, penalties and fees.
Part II: Operational Information
10
Established a Local Crisis Management Team with predestinated and well defined
rolls and responsibilities and test them annually.
Documented prioritized recovery strategies for critical departmental processes in
the companies and branch operations.
11
Company is prepared, both financially and technologically, if the company were to
shut down due to an unplanned business outage. Company has the resources
and preparedness to recovery from any short or long term loss.
9
12
13
Company has a plan in place to alert or contact certain personnel in the event of a
disaster, and is that list is documented and updated quarterly.
Documented procedures for recovering lost or destroyed original documents and
forms are in place and are reviewed quarterly since technology is fluid.
Part III: Technology Information
Company is prepared for any loss of critical applications and data, and is
prepared to utilize outside documented resources that would compensate the cost
14 in lost opportunity, recovery expenses, penalties and fees.
15
16
17
Company has a system in place to recover lost data that is stored locally in their
office, and those procedures are clearly documented.
Applications are in place for the companies operation which relies on in order to
perform its business tasks. Those applications are hosted locally or by a third
party provider.
18
Company is prepared for any long recovery of lost data.
If Company experiences any lost access to all applications, priority has been
established in which those applications would be restored according to potential
revenue loss and Company has established a contingency plan and process.
19
Company has documented procedures to replicate your technology infrastructure
at an alternate work facility.
20
Company has documented procedures that outline what you would do with your
phone system in the event of the loss of your work facility.
21
Applications are accessible outside of the office and how is documented
Part IV: Vendor Information
23
Company is aware and prepared as to the impact of a disaster on any of their
critical vendors and has a plan in place to adjust their operational plan.
Company is aware of what the recovery time capabilities of your critical vendors
have in place.
24
Company has documented their critical vendors plans that are in place that
ensures the continuity of their service to you.
22
25
26
27
Company has a SLA (Service Level Agreement) with all critical vendors.
Company has standardized documentation for inquiring about critical vendor's
recovery capabilities and time frames. Company has established a
comprehensive list of questions and criteria for all service providers.
Company has established a contact list of vendors which are prioritized in order of
importance in the event of a disaster.
Processes and Procedures
Reference Tool 2: What You Should Know (NPI – Non-Public Information)
The Federal Trade Commission defines NPI as:

any information an individual gives you to get a financial product or service (for example, name,
address, income, Social Security number, or other information on an application);

any information you get about an individual from a transaction involving your financial product(s) or
service(s) (for example, the fact that an individual is your consumer or customer, account numbers,
payment history, loan or deposit balances, and credit or debit card purchases);

any information you get about an individual in connection with providing a financial product or
service (for example, information from court records or from a consumer report).
Examples of NPI include:

Bank loan payoff and credit card statements;

Insurance retirement and tax information;

Social Security numbers and dates of birth; and

Real estate/title related items, commission amounts and loan fees.
There are many sources within a company where NPI can be found, such as: physical locations such as
paper-based files, desktop or reception area, the closing table and warehouse. With the widespread use of
smart phones, be vigilant of the documents visible to anyone other than vetted employees, such as at the
closing table.
There are also many electronic locations where NPI is housed. These include:
Computers,
 Network servers
 Email servers
 Instant messaging servers
 Fax servers
 Copy machines with internal hard drives
 Smart printers with internal hard drives or network storage devices
 Web servers
 Cloud storage (e.g., Google, Dropbox)
 Backup tapes; online backup services
 User-provided devices/media (e.g.,
o Employee smart phones
o Tablets
o USB storage devices)
 And more as we speak …..
Additionally, NPI can be in the possession of vendors a company may utilize.
These include:
 Mobile notaries
 Mobile closers
 Couriers
 Online backup
 Services or off-site backup tape storage vendors
 Email service providers
 Server and website hosts
Take reasonable steps to select and retain service providers that are capable of appropriately safeguarding
NPI.
Sample 1: Data Security Policy Structure
NOTE: This document does not constitute a data security policy; however, if you, with your IT consultant, take
this form and expand on each of the concepts by listing the specific steps/procedures, software, systems, etc.
and timeframes that you are implementing, you can turn it into a Data Security Policy.
Security Statement
(Title Agency) has taken measures to guard against unauthorized or unlawful processing of personal data and against
accidental loss, destruction or damage.
This includes:

Adopting an information security policy (this document is our policy)

Taking steps to control physical security (projects and staff records are all kept in a locked filing cabinet)

Putting in place controls on access to information (password protection on files and server access)

Establishing a business continuity/disaster recovery plan (including, at a minimum taking regular backups of its computer data files and this is stored away from the office at a safe location)

Training all staff on security systems and procedures

Detecting and investigating breaches of security should they occur
Basic Principles
1. Personal data is to be collected only for the purpose specified.
2. Data collected is to be relevant but not excessive for the purposes required.

On an annual basis, title insurance application forms and any other forms that we use are
reviewed to confirm that we are not asking for irrelevant information
3. Data is not to be kept for longer than is necessary for the purposes collected, including complying with
applicable laws. Within 30 days of closing:

Files are scanned into our secure server and paper copies are shredded

Files are moved to locked files in a secure location in our office
4. We protect the data with appropriate technical and organizational measures to minimize the risk of
unauthorized or unlawful processing and against accidental loss or destruction or damage to personal data.

Servers are stored in locked facilities with access limited to:

Remote access to files (is)(is not) available.

The servers and computers are disconnected from the internet during non-business hours.

[other procedures]

Annual Testing for External Penetration to try to hack in – it is recommended to be done by
outside company or can be done by an independent staff member that does not control any data
technologies, not internal I.T. Department
5. Data is not removed from the office, except when contained on/within appropriately secured data transmission
methods.

Paper files are never removed from the office except as needed for a remote closing

Remote access (is) (is not) provided to our server for employees.

When access is provided, the following security measures are in place: It is a condition of
remote access to the office network by staff that their home computers also have anti-virus
software installed which is regularly updated with the latest virus definitions.

Company to have acceptable I.T. Computer Use Policy that each employee has read and
acknowledged by signature on an annual basis.
6. Access to data whether current or archived is provided to those individuals who, in the course of performing
their responsibilities and functions, must use the specified data.
Access is limited to the following job positions:_____________
7. All data on the network is protected by XXXXXXXXXX anti-virus software that runs on servers and
workstations, and is updated automatically with on-line downloads from the XXXXXXXXXX website / via
updates received on CD. (Use as applicable). This includes alerts whenever a virus is detected.
8. Any viral infection that is not immediately dealt with by XXXXXXXXXX is notified to the (Agency Owner).
9. All user data is backed up to tape automatically on a daily basis, using an appropriately secure system for fast
indexing and data restoration.
10. A full server backup to tape takes place weekly.
11. Daily and weekly backups are securely stored in a room remote from the server room and reused on a
fortnightly basis.
12. A half-termly archive tape is preserved, and for the next half-term is securely stored off site, in case of
catastrophic system loss such as office-wide fire.
13. A separate business continuity plan is established.
14. Company to implement a Clean Desk Policy.
15. Company to post their Privacy Statement on their website.
16. Use Encryption to transmit any NPI
The information provided in this SAMPLE Policy Document is for your reference only and is not
intended to represent the only approach to any particular issue. These guidelines should not be
construed as legal, financial or business advice, and you should consult legal counsel and subjectmatter experts to determine the appropriate policies, procedures and strategies applicable to your
office or organization.
Sample 2: Information Technology Policy
Purpose of Information Technology Company Policy
This policy covers the access to Information Technology (IT) assets, including but not limited to
network and applications, owned or operated by ABC Company (ABC).
Application of Policy
This policy applies to all ABC Company employees, affiliates, contractors, and vendors.
Information Technology Company Policy
The company shall establish processes to properly control access to the information
technology assets. Access to information assets is to be controlled through a managed
process that addresses authorizing, modifying, revoking, and periodic review of access
privileges to all of the company’s technology systems. This company policy provides the
minimum requirements for authorizing and authenticating users prior to granting them access
to information technology assets.
1) Roles and Responsibilities
a) Managers are responsible for reviewing and approving all requests for access to the
information assets for all users under their supervision, including modification of access
rights.
b) Managers are responsible for reporting changes in user duties or employment status
for all employees under their supervision to the IT department
c) The IT department is responsible for granting the level of access that has been
approved by the Business Manager.
d) The IT department is responsible for maintaining record of the access requests in
compliance with the Access Control Standard. This includes roles, and access
modification, and termination.
e) Only administrators explicitly authorized to create new accounts may create new users
and user groups.
f) Third parties given access must be bound under a non-disclosure or other binding
agreement of confidentiality that includes restrictions on the subsequent dissemination
and usage of the information and defines the terms and conditions of such access.
2) User Enrollment and Authorization
ABC's Enrollment Process establishes a user's identity and anticipated business needs to
information and related information technology assets prior to granting user access to
the Company network and systems. The user is granted access to various information
assets of the Company once the network user identification is assigned.
a) For all Company employees, contractors or service providers that require access to a
Company information asset, a New User request must be submitted by the appropriate
requestor (i.e. HR).
b) The New User request must indicate the IT assets to which the user would need
access and the level of access.
c) The New User request must be approved by the appropriate approver (i.e. new
employee supervisor) before being transmitted for execution to the IT department.
d) The IT department will grant access to the Company information assets as indicated on
the previously approved request.
3) User Rights Modification
a) A request shall be submitted by the appropriate requestor (i.e. the employee
requesting access) for each modification to a user's access rights.
b) The user rights modification request should indicate the IT assets to which the user will
need access.
c) The request must be approved by the appropriate approver (i.e. employee’s
supervisor) before being transmitted for execution to the IT department.
d) The IT department grants access to the Company information assets as indicated on the
approved request.
4) User Access termination
a)
Managers are responsible for communicating user access termination for all users
under their supervision to the IT department.
b) The access termination communication must indicate the IT assets to which the user
had access.
c) The Access termination communication must be submitted by the end of the last day
worked by the user to HR & IT.
d) User access privileges for terminated employees must be performed in compliance with
the Company’s Access Control Standard.
e) In case of a high-level employee termination, the employee’s supervisor must
immediately coordinate the disabling of all the accounts for that employee.
5 ) Review of User Access Rights
a)
Managers are responsible for reviewing the access rights for all users under their
supervision to determine if access rights are commensurate to the users’ job duties.
b) User Access Rights Review should be performed and documented at least as often
as defined in the Company’s Access Control Standard.
c) Evidence of account reviews shall be maintained in compliance with the Company’s
Access Control Standard.
6) Inactive Accounts
Review of accounts for general users shall occur in compliance with the Company’s
Access Control Standard to identify unused or inactive accounts.
b) Accounts that have not been used for a period of time (spell out 30-90 days), as defined in
the Company’s Access Control Standard, will be automatically disabled.
a)
7) Identification
a) User IDs must be associated with the individual user to whom they have been
assigned.
b) To minimize the risk that dormant access permissions accidentally being inherited by a
new user, there should be no re-use of any User IDs.
c) User IDs are not to be utilized by anyone except the individual to whom the IDs have
been issued. No shared IDs!
d) Users are responsible for all activity performed with their personal User IDs.
e) All users with access to the Company's information assets are to use a User ID
that has been specifically assigned to them. No shared IDs!
8) Password Requirements
a) Access to ABC’s computers, applications, and systems must be protected by
passwords to prevent unauthorized use, following the Access Control Standard.
b) There are change parameters in place.
9) Password Protection Requirements
These requirements apply to both user and service accounts.
a) The password for ABC’s accounts must not be for other non- ABC access (e.g.,
personal ISP account, option trading, benefits, etc.).
b) A B C passwords must not be shared with anyone, including administrative assistants
or secretaries. All passwords are to be treated as sensitive, confidential information.
c) If someone demands a password, refer them to this document or have them call
someone in the Information Security Office (IT).
d) The "Remember Password" feature of applications must not be used unless the
credentials are stored encrypted.
e) Passwords must not be stored in a file on ANY computer system without
encryption.
f) If the compromise of an account or password is suspected, the incident must be
reported to the Information Security Office and all passwords must be changed.
g) The ISO or its delegates may perform password cracking or guessing on a periodic or
random basis. If a password is guessed or cracked during one of these scans, the user
will be required to change it.
10) Authentication
a) Authentication methods should be consistent with the level of sensitivity of the
information that the system in question contains.
b) At a minimum, a username and password are required.
c) Appropriate authentication controls are required when accessing internal system
resources from outside the ABC network.
d) All passwords, pass codes, access control devices, keys, security passes/badges,
personal identification numbers and the like (collectively, “Keys”) issued for the purpose
of accessing A B C Company premises or Systems are the property of ABC Company.
e) The use any Key to access, store or retrieve any Company information is not permitted
unless (i) specifically authorized in a particular instance or (ii) authorized in advance as to
the type of Company information and Key to be used.
11) Privileged Account Access
a) Administrator accounts must only be used to perform administration duties.
b) All users that have access to privileged accounts must have their own personal
accounts for normal business use.
c) Users with access to super-user or privileged accounts must use their normal
account to log into information resources for day-to-day use.
d) Privileged Account passwords must be updated immediately after the dismissal of any
employee who had access to administrator-level or privileged accounts.
e) Any combination of special privileges which could grant inappropriate privileges when
combined (e.g., system administration and auditing) should be segregated among
different users to ensure proper segregation of duties.
f) Privileged accounts not associated with an individual must each be approved,
documented and strictly limited to those with a business justification for use.
g) Persons with administrative rights must lock or log out of any active session prior to
leaving the device unattended.
12) Service Account Password Requirements
a) Service Account passwords must comply with the ABC Company Access Control
Standard.
b) Changed on a regular basis
13) Internet-Facing Web Application Password Requirements
a) Passwords in this category must comply with the ABC Company Access Control
Standard.
b) Changed on a regular basis
14) Database Credential Requirements
a) Storage of Data Base Usernames and Passwords must comply with the ABC
Company Access Control Standard.
b) Retrieval of Database Usernames and Passwords must comply with the ABC
Company Access Control Standard.
c) Access to Database Usernames and Passwords must comply with the ABC
Company Access Control Standard.
15) Temporary Employees
a) Temporary employees will be issued individual accounts with passwords that
automatically expire after a predetermined date.
b) When setting up temporary employees, the length of their employment should be
identified, not to exceed the maximum temporary employee employment length defined
in the ABC Company Access Control Standard.
c) Access should be reviewed at the end of a temporary employee’s employment.
d) If the employee’s employment will not continue, the access to all systems must be
removed.
16) Enforcement
a) Any employee found to have violated this policy may be subject to disciplinary action,
up to and including termination of employment.
b) External service providers found to have violated this policy may be subject to
financial penalties, up to and including termination of contract.
Definitions
Term
Definition
Privileged Account
A privileged account is an account that provides the ability to
establish or change IDs and or access rules, or the ability to modify
production applications, operating systems or network parameters.
Service Account
An access account to a computer system or application that is controlled
and used by an application.
User Account
An access account to a computer system or application that is controlled
and used by a person.
Revision History
Rev #
Date
Description
1
Enter Date
Original Date Published (Add any revision dates/notes below)
The information provided in this SAMPLE Policy Document is for your reference only and is not intended to
represent the only approach to any particular issue. These guidelines should not be construed as legal,
financial or business advice, and you should consult legal counsel and subject-matter experts to determine the
appropriate policies, procedures and strategies applicable to your office or organization.
Sample 3: Record Retention & Record Disposal Policy
RECORD RETENTION POLICY
ABC Company (ABC) is establishing its Record Retention Policy (“RRP”).
This Policy is so important that every ABC Employee at every level must learn and observe its requirements.
Compliance with the RRP is an important part of every Employee’s daily responsibilities and is mandatory for
every Employee with respect to that Employee’s work as an employee of the ABC Company and its 3rd Party
Vendors.
This Policy has three broad goals:
1) To make sure that ABC maintains its Records in the ordinary course of business in compliance with
legal and business requirements.
a) This means that Records are protected against deliberate or accidental destruction for as long
as ABC needs to retain them by law and for business requirements; that the correct version of
each Official Record is retained and kept only in authorized locations; that Records are retained
only as long as ABC is required to keep them (in accordance with the appropriate Record
Retention Schedule or in compliance with a Legal Hold Order issued by Management); and that
Records are retired in a suitable way at the end of their retention period, unless such Records
are subject to a Legal Hold Order.
2) To ensure Legal Hold Orders are issued, when necessary, and enforced.
a) Legal Hold Orders are orders to ABC Employees and 3rd Party Vendors to preserve Records
that relate to current or reasonably anticipated litigations, government investigations, subpoenas
or claims. Compliance with a Legal Hold Order is critical. Every Employee must understand
how to respond to a Legal Hold Order if he or she receives one.
3) To be sure that Company Information is treated as confidential information and is always protected
against unauthorized disclosure.
a) Records may contain Company Information, which should be kept as confidential information.
Some of the Company Information may be non- public personal information that, if
disclosed, could enable identity theft.
b) Such non-public, personal information and ABC’s Trade Secrets must always remain
confidential. It is essential that confidentiality requirements are always observed, even after
an Employee leaves ABC.
c) Preserving the confidentiality of Company Information means protecting it from intrusion by
people outside the Company, as well as by people inside ABC who are not authorized to see that
Company Information. It also means making sure that when Records containing Company
Information are retired, the retirement is handled properly and securely: (i) Company Information
containing ABC’s Trade Secrets, non-public personal information of past, present or potential
customers or Employees (such as social security numbers, health information, credit card
information and the like) should be destroyed so that it cannot be read or reconstructed and (ii) all
other Company Information should be destroyed in accordance with the Company’s practices
applicable to such information.
d) This Policy tells you how to handle and maintain Records and how to determine how long
Records need to be kept. (In this Policy, “Records” means any information under ABC’s control
that relates to ABC’s business; finances; past, present or potential customers and Employees;
operations; research and development; and facilities). Records fall into one of two classes:
Official Records and Convenience Records defined as:
“Official Records” are Records that must be kept for specific periods of time to meet legal and
business requirements. Examples of Official Records include tax records or HR records. Official
Records are listed on the appropriate Record Retention Schedule, along with the period of time
they need to be kept. After that time, they are routinely retired (unless subject to a Legal Hold
Order).
“Convenience Records” are Records that have no retention requirement unless they are
subject to a Legal Hold Order. Convenience Records include working copies, drafts of Official
Records, notes, telephone messages and similar items. Convenience Records may also
include information that you generate or receive and does not pertain to ABC business (such as
personal e-mails, calendars or notes), but that is stored on ABC technological property.
Convenience Records can be discarded when you no longer need them (unless they are
subject to a Legal Hold Order).
As between ABC Employees or 3rd Party Vendors and ABC, Records are the property of ABC and subject to its
control. Such control shall be exercised over the creation, distribution, utilization, retention, storage, retrieval,
protection, preservation and final disposition of these Records.
NOTE: This Policy provides basic information about your responsibilities and the structure of the Program. The
first section provides definitions of terms; the second and third sections provide basic procedures on retaining and
retiring (disposing of) Records; sections four, five and six outline various responsibilities, including your
responsibilities and those of the personnel involved in creating and implementing this Policy; and the remaining
sections address auditing, compliance, methods for reporting violations and penalties for violating this Policy, which
could include immediate termination.
The information in this Policy will give you guidance as to what you must do. You should look to the Company’s
Record Retention Officer. If the Record Retention Officer is not available, and you need an immediate answer, you
should contact the Company’s Chief Compliance Officer. Other individuals and resources you can turn to for
information are discussed in the following pages. The personnel responsible for Record Retention have been
trained to respond to your questions and they are waiting to help you.
Section 1.
Definitions.
a.
“Company” or “ABC” means A B C C o m p a n y .
b.
“Company Information” means all materials or information in whatever form, whether written,
oral, digital or otherwise that is (a) defined as “confidential” or is a Trade Secret hereunder or
under any ABC policy or under any agreement to which ABC is a party; (b) subject to special
protections that require confidentiality under any law or regulation; (c) non-public and that
relates to ABC’s finances, Employees (whether past, present or potential), research,
development, facilities or business or (d) non-public personal information relating to a past,
present or potential customer of ABC that identifies the customer in any way (including information
that is publicly available, but whose disclosure would indicate that ABC had a customer
relationship with that individual).
c.
“Convenience Record” means a Record that has no retention requirement and that
may be retired at any time unless it is subject to a Legal Hold Order. Convenience Records
include working copies, drafts of Official Records, notes, telephone messages and similar items.
Convenience Records may also include Employee generated or received information that does
not pertain to ABC business (such as personal e- mails, calendars or notes), but that is stored on
ABC’s technological property.
d.
“Corporate Record Retention Officer” is a member of the Company’s Record Retention
Committee with special duties, which are set forth in Section 4(b) below.
e.
“Employee” means every person employed by ABC at any level.
f.
“Legal Hold Officer” is a member of the A B C ’ s Legal Department or Management Group
(designated by the Company) with special duties related to Legal Hold Orders, which duties are
set forth in Section 4(e) below and in the ABC Legal Hold Order Procedure.
g.
“Legal Hold Order” means a direction to preserve and to prevent the destruction of Records
that may be required for a pending or reasonably anticipated litigation, government investigation,
subpoena or claim. As a general matter, a Legal Hold Order issued pursuant to the ABC’s Legal
Hold Order Procedure does not apply to the litigation of insurance claims or policies issued by
ABC or to tax disputes (such litigation and disputes are subject to other ABC practices to preserve
and to prevent the destruction of relevant Records).
h.
“Legal Hold Order ID Number” is a number that will be assigned to each Legal Hold Order
by the Legal Hold Officer and will be included on all documentation (e.g., communications sent to
potential custodians, data users, records managers, IT personnel, Listed Vendors, etc.) related to
the Legal Hold Order.
i.
“Legal Hold Team” means the group of individuals with duties related to Legal Hold Orders,
which duties are set forth in Section 4(d) below.
j.
“Listed Vendor” means any third-party service provider of ABC that either controls or has access
to Records and is listed on the Vendor List on the Record Retention Website.
k.
“Litigation Counsel” means the attorney with ultimate responsibility for the particular litigation
or investigation in question.
l.
“Record Retention Officer” is a person at A B C responsible for answering questions with
respect to the Program and who reports on such matters to the Corporate Record Retention
Officer, as set forth in Section 4(c) below.
m.
“Official Record” means a Record that must be kept for a specific period of time (identified in the
Record Retention Schedules) to meet legal and business requirements.
n.
“Record” means any information under ABC’s control that relates to ABC’s business; finances;
past, present or potential customers and Employees; operations; research and development; and
facilities. Records fall into one of two classes: Official Records and Convenience Records.
o.
“Record Retention Committee” means a permanent committee of representatives drawn from
the Legal, Regulatory, Compliance and IT departments at ABC with duties related to oversight of
the Program, which duties are set forth in Section 4(a) below.
p.
“Record Retention Schedules” means the Company-approved schedules that set forth the
relevant periods of time that particular Official Records of the Company are to be retained in
the ordinary course of business to meet ABC’s legal and business requirements. There are
currently two (2) Record Retention Schedules: (i) for the title and escrow business (the
“Title/Escrow Schedule”), (ii) for general corporate information of ABC (the “General Company
Schedule”).
q.
“Trade Secrets” means information that gives A B C a competitive advantage in its markets,
including information about how ABC does business, ABC’s corporate, competitive, and strategic
plans, pricing information, ABC’s customer lists, ABC’s proprietary operating data and anything
else about ABC that is not public.
r.
“Training Materials” means materials designed to train Employees about the importance of
Records and how to comply with the Policy.
s.
“You” and “your” means (i) an Employee with respect to that Employee’s work as an employee or
(ii) a 3rd Party Vendor.
2.
Record Retention - Basic Procedures.
This Policy sets retention standards for Records so that (i) complete and accurate copies of Records can be located when
needed; (ii) Records are stored only under authorized conditions in authorized facilities; and (iii) Records will be appropriately
retired when their retention requirements have expired or their useful life has ended, unless subject to a Legal Hold Order.
To achieve the goals of this Policy,
i.
ii.
iii.
a.
b.
Official Records should be stored, arranged and/or indexed so that they can easily and
accurately be identified when required.
All Records should be maintained on A B C owned or leased premises, on ABC
systems, or under a contract approved by ABC’s Company Legal Department with an
approved 3rd Party Vendor. They should not be stored anywhere else.
All Records that contain Company Information should be handled, stored and retired in
such a way to maintain the confidentiality of the Company Information so that people who
are not authorized to see the Company Information do not have access to it.
For Official Records:
i.
If ABC creates and uses a Record Retention Website, it will contain a list of approved
locations in which Official Records should be stored. These approved locations may be
electronic servers for imaged Records, local operation offices or warehouses for paper
Records or other types of authorized repositories.
Official Records for the applicable
local offices should be stored only in those authorized locations, once identified in
connection with the RRP.
ii.
The Record Retention Officer is expected to be aware of the location of where Records
(Official Records and Convenience Records) are stored that are his or her responsibility.
The Record Retention Officer may find it helpful to keep a master list that includes the
storage locations for Records of the branch offices that are his or her responsibility.
iii.
Official Records must always be kept for the specific period of time listed in the
appropriate Record Retention Schedule. This is critical and is required to meet legal or
business needs.
iv.
Where there is only one copy of a Record, that copy is the Official
Record.
v.
If a Record was created in paper form but is later imaged, the image is always the
Official Record. The paper document can be discarded once the document has been
imaged, so long as no Legal Hold Order applies to them.
vi.
If a Record exists in more than one form or if there are multiple copies of a Record,
you should consult your manager to determine which copy constitutes the “Official
Record.” Duplicates shall be retired, so long as no Legal Hold Order applies to them.
vii.
If there is any uncertainty about which constitutes the Official Record, you or your
manager should consult the Record Retention Officer.
For Convenience Records:
i.
ii.
Convenience Records should be retired as soon as you no longer need them for any
business purpose, unless they are subject to a Legal Hold Order.
Convenience Records that may be subject to a Legal Hold Order should be preserved in
accordance with the instructions in the Legal Hold Order or as otherwise given by the Legal
Hold Officer.
c.
3.
For Official Records & Convenience Records if they may be subject to a Legal Hold Order:
i.
The Legal Hold Officer will issue a Legal Hold Order whenever Records may be
required for a pending, or reasonably anticipated litigation, government investigation,
subpoena or claim.
ii.
Generally, the Legal Hold Order will cover a specific subject by name and date and
will tell you what categories of Records you now need to keep until the Legal Hold
Order is cancelled. Every Legal Hold Order will have its own Legal Hold Order ID Number.
iii.
Once you receive a Legal Hold Order, you must protect and preserve any
Records covered in the Legal Hold Order, even if their normal retention time has
expired and even if they are Convenience Records.
iv.
If you ever have any question about what Records the Legal Hold Order covers, please
contact the person identified in the applicable Legal Hold Order or, if he or she is not
available or if you are unsure whether any Legal Hold Order applies, contact the Legal
Hold Officer. If the Legal Hold Officer is not available and your question is urgent, please
contact the Record Retention Officer.
v.
The Legal Hold Officer will provide you with updates on the Legal Hold Order as the
matter proceeds. When requested, you should confirm to the Legal Hold Officer that you
are in compliance with the Legal Hold Order.
vi.
When there is no longer a need for the Legal Hold Order, the Legal Hold Officer will inform
Employees and Listed Vendors subject to the Legal Hold Order that it has now been lifted.
vii.
Once a Record is no longer subject to a Legal Hold Order as a result of a direction
from the Legal Hold Officer, you should retain the Record for the time period set forth in
the appropriate Record Retention Schedule if the Record is an Official Record (or retire it
if it is a Convenience Record that has outlived its usefulness) unless the Record is subject
to another Legal Hold Order.
Retiring Records – Basic Procedures.
a.
You are expected to make sure that Convenience Records under your control are retired at the
end of their useful life. You should assess periodically whether Convenience Records under your
control need to be retained. Whenever a file is closed, you should review and retire any
Convenience Records in that file.
b.
You must not retire any Record (Official Records or Convenience Records) if any Legal Hold
Order applies to that Record. If you have questions as to whether a Record is covered by a Legal
Hold Order, please contact the person identified in the applicable Legal Hold Order or, if he or she
is not available or if you are unsure whether any Legal Hold Order applies, contact the Legal Hold
and retain the records until you have the official answer
c.
Whenever you retire either Official Records or Convenience Records, you must use methods
appropriate to preserve the confidentiality of information in those Records. Official Records or
Convenience Records containing Company Information must be retired properly and securely: (i)
Company Information containing ABC’s Trade Secrets, non-public personal information of past,
present or potential customers or Employees (such as social security numbers, health information,
credit card information and the like) should be destroyed so that it cannot be read or reconstructed
and (ii) all other Company Information should be destroyed in accordance with the Company’s
practices applicable to such information. If you have questions, you should ask your Record
Retention Officer how to retire applicable Records.
d.
Computer and IT equipment disposal carries risks to the Company after that equipment leaves the
Company’s premises, both environmentally (such as landfill “superfund” laws) and with respect to
the potential disclosure of Company Information. ABC contracts with disposition services and
uses various forensic tools to cleanse electronic data storage devices (including computers, hard
drives, copiers and other equipment). You should make sure that your IT Department uses such
appropriate disposition services before removing any computer and IT equipment from ABC
premises for disposal. If you have concerns about whether the IT Department is using the
appropriate disposition services, you should raise the concerns with your Record Retention Officer.
Record Retention Personnel.
5.
a.
The main oversight and approval body for this Policy and the rest of the Program is the
Record Retention Committee.
This committee will be the final and ultimate authority for
implementation and revision of this Policy and the Program.
b.
The Company Record Retention Officer is a member of the Record Retention Committee.
The Company Record Retention Officer is the main point of contact with Record Retention
Officer and the second point of contact for Employees for routine record retention matters,
including the application of the Policy.
c.
A Record Retention Officer i s appointed based on geographical area and is trained to serve
as the administrator and first point of contact for record retention issues in a specified area.
The Record Retention Officer may have other job titles as well, but when it comes to record
retention, they report to the Company Record Retention Officer.
d.
The Legal Hold Team will administer and implement each Legal Hold Order. The members
of the Legal Hold Team may be different for different Legal Holds.
e.
The Legal Hold Officer is responsible for helping to determine when a Legal Hold Order is
needed, for issuing, updating, monitoring and releasing the Legal Hold Order, for answering
questions about the scope and status of a Legal Hold Order and for maintaining a list of Legal
Hold Orders in effect at ABC.
Your Record Retention Responsibilities as an Employee or Listed Vendor.
a.
You must create, maintain and dispose of all Records in accordance with
this Policy and the appropriate Record Retention Schedule.
b.
You must properly handle Records and always respect, maintain, and enforce existing ABC
safeguards against unauthorized or improper destruction of Records.
c.
You should not retain Convenience Records that are copies of Official Records for longer than the
underlying Official Record unless the Convenience Record is subject to a Legal Hold Order.
d.
You must retain Official Records under your control for the time periods
in the applicable Record Retention Schedule. If there is a business need to retain Official Records
longer than the retention period in the applicable Record Retention Schedule, you must request an
extension from the Local Record Retention Officer. If the Local Record Retention Officer grants
the request, the applicable Official Record should be kept only for so long as designated by the
Record Retention Officer and the Record Retention Officer should maintain documentation of the
request and the grant until the applicable Official Record is destroyed.
e.
If you receive a Legal Hold Order, you must immediately turn to it and follow all instructions in the
Legal Hold Order to preserve all relevant Official Records and Convenience Records. (See
Section 2(c)).
f.
You must maintain the confidentiality of Records that contain Company information.
g.
You must retire Records in accordance with this Policy. (See Section 3).
h.
If you learn of any potential litigation, government investigation,
i.
6.
subpoena or claim (other than the litigation of insurance claims or policies issued by ABC or to tax
disputes) against ABC, you should contact the Legal Hold Officer immediately.
If you transfer to another office or department or if you leave ABC’s employment, you must notify
your manager before your departure or transfer and help with the transfer of Records under your
control.
j.
Whenever an Employee transfers or leaves, managers must consult the Local Record Retention
Officer and must make sure they promptly review with the Employee the status of all Records
under the Employee’s control.
k.
If the transferring or leaving Employee has any Records that must be retained under the
appropriate Record Retention Schedule or that are subject to a Legal Hold Order, the manager
should take appropriate steps to ensure that the Employee’s Official Records are retained for the
applicable retention period and that any Official Records and/or Convenience Records of the
transferred or terminated Employee are retained until the applicable Legal Hold Order(s) have
been lifted.
Awareness of this Policy.
a.
Senior management at ABC Company is responsible for distributing this Policy to ABC’s
Employees and 3rd Party Vendors.
b.
All current Employees will receive a copy of this Policy when it is adopted.
c.
Future Employees will receive the Policy when they are hired.
d.
ABC will also post the current version of this Policy, along with the
Record Retention Schedules, on ABC’s Record Retention Website, when/if created or will post the
information in the Company Employee Handbook.
e.
Any ABC Employee responsible for dealing with a 3rd Party Vendor that has control of Records
must provide the 3rd Party Vendor with a copy of this Policy.
f.
Every 3rd Party Vendor must distribute the Policy to those of its employees who control ABC’s
Records, as applicable.
7.
Periodic Audits. ABC’s Internal Audit Department may conduct periodic, unannounced audits of each of
ABC Company’s Branch locations for compliance with this Policy.
8.
How to Report Violations
9.
10.
a.
If you suspect or know of a violation of this Policy, you should immediately notify the Record
Retention Officer, and if he or she is not available, the Company Record Retention Officer or
ABC’s Chief Compliance Officer.
b.
Your report will be kept confidential.
Employee Violations.
a.
Because of the extreme importance of this Policy, any Employee who violates any of its terms
may be subject to disciplinary actions, including but not limited to oral or written warnings,
suspension or immediate termination.
b.
The type of disciplinary action taken will depend on the type of violation of this Policy. ABC does
not promise, imply or represent that one form of disciplinary action will occur before another.
Collective Effort Required to Make this Policy Work. ABC counts on each of its Employees to make this
Record Retention Policy work. If you have any suggestions on how to make it more effective or efficient,
please contact ABC’s Record Retention Officer.
The information provided in this SAMPLE Policy Document is for your reference only and is not intended to
represent the only approach to any particular issue. These guidelines should not be construed as legal,
financial or business advice, and you should consult legal counsel and subject-matter experts to determine
the appropriate policies, procedures and strategies applicable to your office or organization.
Sample 4: Privacy Statement
ABC Company
Privacy Statement
ABC Company (“ABC”) respects the privacy and security of your non-public personal information
(“Personal Information”) and protecting your Personal Information is one of our top priorities. This
Privacy Statement explains ABC’s privacy practices, including how we use the Personal
Information we receive from you and from other specified sources, and to whom it may be
disclosed. A B C follows the privacy practices described in this Privacy Statement and,
depending on the business performed, ABC Company may share information as described herein.
Personal Information Collected
We may collect Personal Information about you from the following sources:
• Information we receive from you on applications or other forms, such as your name, address,
social security number, tax identification number, asset information, and income information;
• Information we receive from you through our Internet websites, such as your name, address,
email address, Internet Protocol address, the website links you used to get to our websites,
and your activity while using or reviewing our websites;
• Information about your transactions with or services performed by us, our affiliates, or others,
such as information concerning your policy, premiums, payment history, information about
your home or other real property, information from lenders and other third parties involved in
such transaction, account balances, and credit card information; and
• Information we receive from consumer or other reporting agencies and publicly recorded
documents.
Disclosure of Personal Information
We may provide your Personal Information (excluding information we receive from consumer or
other credit reporting agencies) to various individuals and companies, as permitted by law, without
obtaining your prior authorization. Such laws do not allow consumers to restrict these disclosures.
Disclosures may include, without limitation, the following:
• To insurance companies, agents, brokers, representatives, support organizations, or others
to provide you with services you have requested, and to enable us to detect or prevent
criminal activity, fraud, material misrepresentation, or nondisclosure in connection with an
insurance transaction;
• To third-party contractors or service providers for the purpose of determining your eligibility
for an insurance benefit or payment and/or providing you with services you have requested;
• To an insurance regulatory authority, or a law enforcement or other governmental authority, in
a civil action, in connection with a subpoena or a governmental investigation;
• To companies that perform marketing services on our behalf or to other financial institutions
with which we have joint marketing agreements and/or
• To lenders, lien holders, judgment creditors, or other parties claiming an encumbrance or an
interest in title whose claim or interest must be determined, settled, paid or released prior to a
title or escrow closing.
We may also disclose your Personal Information to others when we believe, in good faith, that such
disclosure is reasonably necessary to comply with the law or to protect the safety of our
customers, employees, or property and/or to comply with a judicial proceeding, court order or legal
process.
Disclosure to Affiliated Companies – We are permitted by law to share your name, address
and facts about your transaction with other ABC companies, such as insurance companies,
agents, and other real estate service providers to provide you with services you have requested,
for marketing or product development research, or to market products or services to you. We do
not, however, disclose information we collect from consumer or credit reporting agencies with our
affiliates or others without your consent, in conformity with applicable law, unless such disclosure
is otherwise permitted by law.
Disclosure to Nonaffiliated Third Parties – We do not disclose Personal Information about
our customers or former customers to nonaffiliated third parties, except as outlined herein or as
otherwise permitted by law.
Confidentiality and Security of Personal Information
We restrict access to Personal Information about you to those employees who need to know that
information to provide products or services to you.
We maintain physical, electronic, and
procedural safeguards that comply with federal regulations to guard Personal Information.
Access to Personal Information/
Requests for Correction, Amendment, or Deletion of Personal Information
As required by applicable law, we will afford you the right to access your Personal Information,
under certain circumstances to find out who your Personal Information has been disclosed to, and
request correction or deletion of your Personal Information. However, ABC’s current policy is to
maintain customers’ Personal Information for no less than your state’s required record retention
requirements for the purpose of handling future coverage claims.
For your protection, all requests made under this section must be in writing and must include your
notarized signature to establish your identity.
Where permitted by law, we may charge a
reasonable fee to cover the costs incurred in responding to such requests. Please send requests
to:
Chief Privacy Officer
ABC Company
123 Happy Street
Anywhere, USA 00000
Changes to this Privacy Statement
This Privacy Statement may be amended from time to time consistent with applicable privacy laws.
When we amend this Privacy Statement, we will post a notice of such changes on our website.
The Effective Date of this Privacy Statement, as stated above, indicates the last time this
Privacy Statement was revised or materially changed.
The information provided in this SAMPLE Policy/Plan Document is for your reference only and is not
intended to represent the only approach to any particular issue. These guidelines should not be construed
as legal, financial or business advice, and you should consult legal counsel and subject-matter experts to
determine the appropriate policies, procedures and strategies applicable to your office or organization.
Sample 5: Privacy & Information Security Plan
Overview
ABC Company is committed to maintaining the integrity and security of Company
Information and customer non-public information and it is the policy of ABC to secure
that information from unauthorized use. ABC embodies this policy in specific, required
security procedures, as set forth in this Privacy & Information Security Plan (“Plan”).
The Plan – in conjunction with more detailed standards and guidelines developed by
ABC and distributed separately – sets forth ABC’s requirements with respect to the
storage and transmittal of information in electronic, voice or written forms. This Plan is
mandatory for all Employees, Vendors, Contractors, and other third parties granted
access to an ABC’s Systems or Information.
All Employees, Vendors, Contractors, and other third parties are expected to
familiarize themselves with the following ABC policies:

Code of Business Conduct and Ethics;

Record Retention Policy;
The purpose of this Plan is to ensure that ABC has taken steps to ensure the
availability, confidentiality and integrity of Company Information. A B C has identified
potential sources of vulnerability of Company Information such as:

Unauthorized incursion by third parties into Company Information maintained
electronically on servers and other databases or on paper;

Unauthorized interception of Company Information in transit from one secure
ABC location to another, or between a secure ABC location and an external
location;

Unauthorized access to Company Information by Employees or
Vendors;

Unauthorized changes, additions, deletions, misdirection or distribution of
Company Information;

Unauthorized interference with the availability of Company Information needed
for Company-authorized purposes; and

Misuse of Company Information.
The nature of the precautions required to mitigate those risks will vary based on the
sensitivity of the Company Information and the architecture of the Systems on which
that information is stored. The objective in each instance should be to prevent the
unauthorized disclosure, change or interruption to Company Information.
Scope
This Plan applies to all Company Information, whether in paper, stored voice or
electronic form, and to anyone who has access to Company Information or to the
Systems. This Plan is mandatory for all Employees, Vendors, Contractors, and other
third parties granted access to an ABC’s System.
Exceptions to this plan may be requested on a case-by-case basis by
contacting the Information Security Office.
Organization, ownership and enforcement
The Chief Information Security Officer is the owner of this plan and responsible for
its approval. The Chief Information Security Officer in conjunction with the ABC’s
Information Security Advisory Committee approves any deviations from this policy.
If an employee violates any of the terms of this Plan, the employee may be subject to
disciplinary actions, including but not limited to, oral or written warnings, suspension
or immediate termination. The type of disciplinary action does not depend on the
nature of the violation. ABC does not promise, imply or represent that one form of
disciplinary action will occur before another. If a Vendor violates any of the terms of
this Policy, the vendor’s contract with ABC may be subject to immediate termination
for cause, in accordance with its terms. In addition, certain violations of this Policy
may result in criminal prosecution and/or liability.
Maintenance of this Policy
This policy is maintained by the Chief Information Security Officer to ensure
relevance, quality and completeness.
Requests for Change are reported to the Information Security Officer, who is
responsible for analyzing the impact of the change from a business, security and
financial perspective. Changes approved by the Chief Information Security Officer will
be sent to the ABC Information Security Advisory Committee for review prior to
implementation.
ABC reserves the right to supplement, change or discontinue any portion of this
Policy from time to time at its sole discretion.
Review of this Policy
The Chief Information Security Officer and the ABC Information Security
Advisory Committee will review the Information Security Policy at least
annually.
1
Security Management
a) Policy Framework
The ABC Privacy & Information Security Plan Framework describes the
hierarchical structure of the ABC policy on Information Security. The
framework is based on the internationally accepted best practice defined in
ISO 27002.
b)
Your Responsibilities
You have a responsibility to maintain and preserve the security of the Company
Information resident on or accessible from Systems to which you have access. You
must respect, maintain, and enforce at all times existing ABC safeguards against
unauthorized access to, or unauthorized use or alteration of Company Information.
For any Company Information or Systems in their possession or under their control,
Vendors must themselves provide good and sufficient security features and services
to prevent unauthorized access to, or unauthorized use or alteration of such Systems
or Company Information, and must comply with current ABC plans, policies,
procedures, standards, guidelines or requirements provided to Vendor and to
prevailing industry standards.
When a conflict arises between ABC standards and industry standards, ABC
standards will take precedence. You are prohibited from attempting to circumvent
any security feature, device, or practice established by ABC or its Vendors.
c)
Management Responsibility
Senior management at ABC Company is responsible for distributing this
Plan to ABC’s Employees and Vendors.
2
Risk Management
The IT Risk Management Committee drives the IT Risk Management Program. IT Risk
Management is performed in accordance with the IT Risk Management Framework.
3
Personnel Security
a)
Business Uses Only
Employees and Vendors may access Company Information only for legitimate business
purposes and to perform the job functions they have been assigned.
b)
Awareness and Training
All current Employees with access to Company Information or the Systems must receive
and acknowledge a copy of this Policy. Future Employees will receive and acknowledge
the Policy upon hire by ABC. The Policy also must be retained by each ABC Company
Branch Office in an accessible location, and must be posted on the ABC intranet website
or in the Company Employee Handbook or as an Addendum to the Employee
Handbook. A copy of the Plan must be provided to all current Vendors with access to
Company Information or the Systems and to future Vendors at the time they are
retained. Vendors are responsible for disseminating the Policy to all employees,
permitted subcontractors, and any party that may have access to Company Information.
c)
Monitoring
To help ensure compliance with this Policy, authorized ABC representatives may
monitor Systems usage from time to time. This may include, but not be limited to,
inspecting log reports of System access, accessing stored voice- mail messages,
retrieving Email messages, and inspecting any other System file. No right of privacy
exists with respect to any information on any System, or any activity conducted
through a System.
d)
Unacceptable Use
1) The use of peer-to-peer file sharing applications (e.g. Bit Torrent, gnutella,
etc…) is prohibited unless specifically approved by management with
notification given to the Information Security Office. Such approval will only be
given for specific use for a defined period of time. Blanket approval for use of
peer-to-peer file sharing will not be allowed.
2) Effecting security breaches or disruptions of network communication.
Security breaches include, but are not limited to, accessing data of which the
employee is not an intended recipient or logging into a server or account that
the employee is not expressly authorized to access, unless these duties are
within the scope of regular duties. For purposes of this section, "disruption"
includes, but is not limited to, network sniffing, traffic flooding, packet spoofing,
denial of service, or forged routing information unless it is a part of normal job
duties.
3) Port scanning or security scanning is expressly prohibited unless prior
notification to Information Security Office is made and approval received.
4) Executing any form of network monitoring which will intercept data not
intended for the employee's host, unless this activity is a part of the
employee's normal job/duty.
5) Circumventing user authentication or security of any host, network or
account unless it is a part of normal job duties.
6) Interfering with or denying service to any user other than the
employee's host (for example, denial of service attack) unless it is a part of
normal job duties.
7) Using any program/script/command, or sending messages of any kind,
with the intent to interfere with, or disable, a user's session, via any means,
locally or via the Internet/Intranet/Extranet unless it is a part of normal job
duties.
8) Providing information about, or lists of, ABC employees to parties
outside ABC unless it is a part of normal job duties.
9) Unauthorized use, or forging, of email header information.
10) Solicitation of email for any other email address, other than that of
the poster's account, with the intent to harass or to collect replies.
11) Creating or forwarding "chain letters", "Ponzi" or other "pyramid"
schemes of any type.
12) Use of unsolicited email originating from within ABC's networks or
other Internet/Intranet/Extranet service providers on behalf of, or to
advertise, any service hosted by FNF or connected via ABC's
network.
13) Posting the same or similar non-business-related messages to large
numbers of Usenet newsgroups (newsgroup spam).
e)
Email and Communications Activities
1) The ABC Chief Information Security Officer must approve virus or
other malware warnings before sending.
2) Unless approved by an employee's manager, ABC email will not be
automatically forwarded to an external destination. Sensitive Information will
not be forwarded via any means, unless that email is critical to business and is
encrypted in accordance with the Acceptable Encryption Policy.
4
Physical Security
a)
Protection of Non-Electronic Information
Employees and Vendors are expected to follow the policies listed in Section 1 in their
approach to protection of Company Information in non-electronic form (e.g., paper,
microfilm, microfiche). Measures for information deemed highly sensitive or
vulnerable to misappropriation should include storage in locked file cabinets or similar
locations or in file cabinets or other storage that clearly delineate that they contain
Company Information and that are located in
offices that are kept secure both during and after business hours. Employees and
Vendors must not take Company Information off ABC or Vendor premises, as
applicable, except when necessary to the efficient discharge of their job
responsibilities, consistent with all other corporate policies, and when appropriate care
is exercised to protect against misappropriation or loss.
b)
Protection of Electronic Information
Protection of electronic information will be done in accordance with the
Physical Security Policy and Standards
5
Operations Management
a)
Protection of Electronically and Voice-Stored Information
Those Employees and Vendors responsible for designing, implementing or
managing Systems Must comply with ABC policies for the protection of
electronically stored information. Several types of measures are required for
protection of Company Information stored electronically, whether on servers,
individual computers, voicemail systems or other media. These measures include
password protection, electronic measures (such as file protection or encryption) and
common-sense procedures to minimize the possibility of theft or unauthorized
access, change or interruption. These measures are set forth in separate policies,
standards, and guidelines, promulgated by ABC and
made available, as appropriate, to Employees and Vendors.
b)
Only Approved Software and Virus-Checked Files May Be Used
As with any computer system, and despite precautions, viruses pose a threat to
ABC’s Systems. Before any software can be installed or used on any System, the
software must be virus-tested and approved for use by the ABC IT Department.
Executable files and other files capable of containing viruses must similarly be virustested and approved for use by the IT Department before being introduced to any
System. Strict compliance with this Section by each Employee and Vendor is
necessary to minimize the threat.
c)
Configuration Management
All PCs, laptops and workstations should be secured in accordance with the
ABC IT Operations Management Policy.
6
Security Monitoring and Response
a)
Management of Information Security Incidents
In the event an Employee or Vendor becomes aware or is informed of a breach or
potential breach of security relating to Company Information or Systems, the
Employee or Vendor must immediately (1) notify the Information Security Office of
such breach or such potential breach, and (2) follow the procedures defined in ABC
Information Security Incident Response Plan.
If the applicable Company Information or System was in the possession or under the
control of a Vendor at the time of such breach or such potential breach, the Vendor
(without prejudice to ABC’s other remedies) must immediately (a) investigate such
breach or such potential breach; (b) inform ABC of the results of such investigation;
and (c) assist and cooperate with ABC in all reasonable efforts to locate the source of
the breach or threatened breach, assess the possible compromise of Company
Information and prevent a recurrence of the breach or threatened breach.
b)
Notice of Security Breach or Compromise
Communication and/or notification of a breach or suspected breach with third parties
(people whose information may have been compromised as well as law
enforcement) shall be at the direction of the Chief Compliance Officer.
c)
Systems and Network Monitoring
Authorized individuals within ABC may monitor equipment, systems and network
traffic at any time, in accordance with the ABC Security Monitoring and Response
Policy and Standard.
7
Communications Management
a)
Protection of Information in Transit
Company Information must not be transmitted between Employees, between ABC
and third parties (including Vendors), or between Vendors and third parties, except
as set forth herein:

Any such transfer must be in accordance with applicable privacy and data protection
laws and ABC’s Privacy Statement. Questions regarding the requirements of such
laws or regulations, or the Privacy Statement, should be directed to the ABC’s Chief
Compliance Officer.

Company Information that is transmitted in electronic form outside of a secure
ABC environment must be protected using commercially reasonable methods as
determined by the ABC Information Security Office (“ISO”) and in accordance with
any applicable policies and guidelines separately promulgated by ABC. Any
Customer Information received by ABC or a Vendor electronically over the Internet
must be received through a secure method of transmission (e.g., encrypted
transmission) and stored in accordance with applicable policies and guidelines
separately promulgated by ABC.

Company Information transmitted in non-electronic form must be transmitted
in sealed, opaque packages (For example, Company Information must not
be displayed on postcards except where appropriate under the
circumstances (e.g., name and address)).

If Company Information is faxed to third parties, the sender should ensure that a
“confidential” sigil appears on the front page of the fax and take due care to ensure
that the fax number is correct and that the fax is expected at that number by the
recipient. Faxes containing Company Information should not be sent to recipients in
the care of third-party kiosks or similar “fax-for-fee” locations, unless necessary due
to extraordinary circumstances.
8
Access Control
a)
Passwords And Other Keys
All passwords, pass codes, access control devices, keys, security passes/badges
and personal identification numbers (collectively, “Keys”) issued for the purpose of
accessing ABC Company premises or Systems are the property of that ABC
Company. You are not permitted to use any Key to access, store or retrieve any
Company Information unless (i) specifically authorized in a particular instance or (ii)
authorized in advance as to the type of Company Information and Key to be used.
Without regard to whether information on any System such as Email, voice mail or
document files are Key-protected, you may not access any information on any
System maintained by any other employee unless specifically authorized by the
Employee maintaining that information or an Employee with supervisory authority
over the Employee maintaining that information (For example, logging onto a
System using another employee’s user name or password is strictly prohibited).
b)
Passwords and Accounts Security
Keep passwords secure and do not share accounts. This includes family and
other household members when work is being done at home. Authorized users are
responsible for the security of their passwords and accounts. Password
requirements can be found in the ABC Access Control Policy and Standard.
9
Network Security
Controls must exist to protect information when transiting trust boundaries. At a
minimum, the following controls must be taken into consideration;




Authentication – i.e. domain credentials, physical links, or shared secrets.
Logging - i.e. authentication failures, security events, or connection events.
Inspection - i.e. intrusion detection or prevention systems, malware
detection, or vulnerability detection.
Protection - i.e. firewalls, routers, or proxies.
These controls will be implemented in accordance with the Network Security
Policy and Standard.
10 Third Party Services
a) Third Parties
From time to time, ABC may provide Company Information to other third parties
in accordance with the Privacy Statement and applicable law and regulation.
Any such third party must agree to abide by the terms of this Policy.
11 Application Management
To protect information processed by applications developed and maintained by
ABC’s controls must be implemented in accordance with Software Lifecycle Policy
and Standards.
12 Business Continuity
a ) Business Continuance/Disaster Plan
For any Company Information or Systems in their possession or under their
control, management or Vendors must provide good and sufficient business
continuity provisions, in accordance with applicable laws and regulations, which at
a minimum must comply with accepted industry standards.
Employees and Vendors must familiarize themselves with ABC’s own business
continuity procedures/disaster plan (where applicable) to maximize efficiencies in the
event such procedures need to be implemented.
13 Compliance
a ) Applicable Laws
Certain kinds of computer abuse and computer-related fraud are not only against
this Plan, they are illegal and punishable by civil sanctions, criminal fines,
imprisonment, or some combination, or all of the above. Statutes prohibiting such
conduct include, but may not be limited to, 18 U.S.C. §1030, (Fraud and Related
Activity In Connection With Computers) and 18 U.S.C.
§§2510-2520, 2701, 2710 (Wiretap and Electronic Communications Privacy Acts).
State laws may also apply. ABC will report suspected criminal conduct to the Chief
Compliance Officer and law enforcement.
b) Encryption
1) Any information that is classified by the information owner as
Sensitive or Restricted should be encrypted.
2) When possible the ABC’s Encryption Platform should be used for encryption
of Sensitive and Restricted information.
3) Proven, standard algorithms must be used as the basis for encryption
technologies.
4) Use encryption of information in compliance with the ABC IT
Compliance Policy and Standard.
5) For guidance on encrypting email and documents, contact the ISO.
b) Unacceptable Use
The following activities are, in general, prohibited. Employees may be exempted
from these restrictions during the course of their legitimate job responsibilities (e.g.,
systems administration staff may have a need to disable the network access of a
host if that host is disrupting production services).
Under no circumstances is an employee of ABC authorized to engage in any
activity that is illegal under local, state, federal or international law while utilizing
ABC-owned resources.
The lists below are by no means exhaustive, but attempt to provide a
framework for activities that fall into the category of unacceptable use.
c)
The following activities are strictly prohibited, with no exceptions:
1)
Violations of the rights of any person or company protected by
copyright, trade secret, patent or other intellectual property, or
similar laws or regulations, including, but not limited to, the
installation or distribution of "pirated" or other software products that
are not appropriately licensed for use by ABC.
2)
Unauthorized copying of copyrighted material including, but not
limited to, digitization and distribution of photographs from
magazines, books or other copyrighted sources, copyrighted music,
and the installation of any copyrighted software for which ABC or
the end user does not have an active license is strictly prohibited.
3)
Exporting software, technical information, encryption software or
technology, in violation of international or regional export control
laws, is illegal. The appropriate management should be consulted
prior to export of any material that is in question.
14 IT Management
ABC Company’s Executive Management has charged Information Technology with
the responsibility for developing, maintaining and communicating a comprehensive
information systems management program to support the development, deployment
and operation of Company information resources.
a) Change Management
Change Management controls are implemented in accordance with the IT
Operations Management Policy and Procedures.
b) Quality Management
Quality Management controls are implemented in accordance with the ABC’s
Quality Management IT Framework.
15 IT Incident Management
IT incidents and problems shall be managed according to the IT Management
policies, procedures and standards.
16 Privacy
Security Classification
All Company information or information entrusted to the Company from a third
party should be identified and classified by the Information Owner according to its
level of confidentiality. The classification levels used by the Company are:



Public;
Sensitive;
Restricted.
Public information is information that can be disclosed to anyone. It would not
violate an individual's rights to privacy. Knowledge of this information does not
expose the Company to financial loss, embarrassment or jeopardize the security
of Company assets. Examples include:





Marketing brochures
Published annual reports
Interviews with news media
Business cards
Press releases
Sensitive Information is information whose unauthorized disclosure,
compromise or destruction would directly or indirectly have an adverse impact on
the Company, its customers or employees. Sensitive information may be shared
with parties who have a relationship with the Company, if they have signed a nondisclosure agreement, and have a need to know. Information that should be
classified as sensitive is:


Customer Information
Company Information
Restricted Information is characterized as sensitive information that is intended
for a very limited group of individuals who should be specified by name. This
level contains information, which if disclosed would provide access to business
secrets and could jeopardize important interests or actions of the Company or its
clients and would be to the serious personal or financial detriment if revealed to
unauthorized persons. Information should be classified as Restricted if it includes
at least one of the following characteristics:








Strategic planning information, prior to general or public disclosure
Information on mergers, acquisitions or divestitures, prior to general or public
disclosure
Financial forecast or results, prior to general or public disclosure
Information that would enable clients with numbered accounts to be identified
Information pertaining to business strategy, raw closing data, closing analyses
or secret reports
Passwords
Any form of security key
Any other information that may be damaging to the Company, if
disclosed
a) Privacy Statement
The ABC Company Privacy Statement must be included as part of all Internet or
Intranet sites/applications.
c) Collection of Sensitive or Restricted Information
Should be limited to that which is necessary to conduct company business.
d) Copying and dissemination (including internal) of Sensitive Information
Should be limited to those purposes that are necessary to conduct
company business.
e) Retention of Sensitive or Restricted Information
Shall be in accordance with the Record Retention Policy.
f)
Internet/Intranet/Extranet Systems
The user interface for information contained on Internet/Intranet/Extranet- related
systems should be classified in accordance with this policy. Employees should
take all necessary steps to prevent unauthorized access to Sensitive or
Restricted Information.
17 Audit Management
a ) Internal Audits
An Internal Audit Department may be created by Management and if created,
conduct periodic, unannounced audits of each ABC Company’s compliance with
this Plan. A Vendor’s compliance with the Plan is subject to Audit consistent with
the terms of that Vendor’s contract.
b) Network and Systems Audits
ABC reserves the right to audit networks and systems on a periodic basis to
ensure compliance with this Plan.
18 Definitions
ABC – ABC Company
Blogging - Writing a blog. A blog (short for weblog) is a personal online journal that is
intended for general public consumption.
Chain email or Letter - Email sent to successive people. Typically the body of the
note has direction to send out multiple copies of the note and promises good
luck or money if the direction is followed.
Customer - An individual or entity who is a consumer and with whom ABC has or had an
ongoing customer relationship
Customer Information - All materials or information in whatever form, whether written, oral,
digital or otherwise that is (a) defined as “confidential” or is a Trade Secret hereunder
or under any ABC policy, plan or under any agreement to which ABC is a party; (b)
subject to special protections that require confidentiality under any law or regulation;
(c) non-public and that relates to ABC’s finances, employees past, present or
potential), research, development, facilities or business or (d) non-public personal
information relating to a past, present or potential customer of ABC that identifies the
customer in any way (including information that is publicly available, but whose
disclosure would indicate that ABC had a customer relationship with that individual).
Company Information - All materials or information in whatever form, whether written,
oral, digital, or otherwise, (a) that is defined as “confidential” or a “trade secret”
under any ABC Policy, Plan or under any agreement to which ABC is a party; (b)
that is subject to special protections that require confidentiality under any law or
regulation; (c) that is non-public and that relates to ABC’s finances, customers,
employees, operations, research, development, facilities, etc.
Email – The electronic transmission of information through a mail protocol such as
SMTP or IMPA. Typical email clients include Eudora and Microsoft Outlook.
Employee – Every person employed by ABC at any level
Forwarded email – Email resent from an internal network to an outside point.
Spam – Unauthorized and/or unsolicited electronic mass mailings.
Systems - Collectively, (a) computer systems (both hardware and software),
including networks, web sites, servers, personal computers, handheld
computing devices, and remote devices (whether connected to a network by
wireline or wireless connections); (b) communications systems, including
telephones, fax machines, modems and network communications devices
and software, personal digital assistants; and (c) other equipment used to
store and retrieve data (such as paper-based filing systems), which are in the
possession or under the control of ABC.
Unauthorized Disclosure - The intentional or unintentional revealing of Sensitive
Information to people, both inside and outside ABC, who do not have a need
to know that information.
Vendor - Any person or entity, including its employees and all permitted agents
and subcontractors, which is not an employee of ABC, and which provides
goods or services to ABC by agreement.
Virus warning - Email containing warnings about virus or malware (The
overwhelming majority of these emails turn out to be a hoax and contain
bogus information usually intent only on frightening or misleading users).
You and your – An Employee or Vendor
19 Revision History of this Privacy & Information Security Plan
Rev
#
Date
Description (Examples Below)
1
Enter Date
Original Creation of Plan Document
2
Enter Date
Published
3
Enter Date
Draft release for review
4
Enter Date
Revised draft release for review
5
Enter Date
Published (should correspond w/Employee Acknowledgment)
6
Enter Date
Published (should correspond w/Employee Acknowledgment)
Continue entering anytime there is a revision or change, etc.
The information provided in this SAMPLE Policy Document is for your reference only and is not
intended to represent the only approach to any particular issue. These guidelines should not be
construed as legal, financial or business advice, and you should consult legal counsel and subjectmatter experts to determine the appropriate policies, procedures and strategies applicable to your
office or organization.
Sample 6: Clean Desk Policy
ABC Company
Clean Desk Policy & Physical Security
Compliance Notice
Dated: __________________











All desks must be cleared off at end of day
All files must be returned to file cabinets prior to leaving for the day
All users must lock their computers whenever they leave their work site
All users are required to shut down their computers at end of day
Exception: ABC Company IT/IS advises users to log off but leave computer on for system
updates, etc.
All file cabinets are locked at end of day
Users are not authorized to download or use personal applications on their desktops/laptops
(Refer to Employee Handbook or ABC Company Policy regarding computer use)
Users are not authorized to live stream any application outside of ABC’s domain or control
Users have access and are authorized internet usage as defined:
ABC’s Employee Handbook and Company Policies (including, but not limited to Code of
Business Conduct and Ethics and/or Company Policy regarding computer use)
Users are required to remove all printed material from their work station and put in the locked
file cabinets or locked shredding bins (if the printed materials are no longer needed) at the
end of the day
Users must not allow any person other than a regular employee into the office unless the
following conditions are met:
1.) Guest/Visitor must sign in on Visitor’s Log Sheet – do not leave sign in sheet openly
visible to the public
2.) Guest/Visitor must be escorted by an Employee at all times while in the office
3.) Guest/Visitor must be issued a pass
4.) In order to receive a pass, Guest/Visitor must show a government issued picture ID
5.) Guest/Visitor must wear the pass in a highly-visible location
6.) No delivery services of any kind are authorized to enter the facility unless they have
completed all these requirements
7.) Guest/Visitor must sign out when they leave for the day
8.) Guests/Visitors that are to be at the facility for more than one business day must repeat
the sign-in procedures on a daily basis.
Users must check out and out all physical files that are taken from any of the storage
cabinets.
Check out:
User must enter date and time of file removal from cabinet.
Check in:
User must enter date and time of file return to cabinet
This is a zero tolerance policy. Failure to comply may result in additional training
and/or disciplinary actions, including but not limited to, oral or written warnings,
suspension or immediate termination.
Organization, ownership and enforcement of ABC’s “Clean Desk” Policy
ABC’s Compliance Officer is the owner of this policy and responsible for its approval. The
Compliance Officer in conjunction with the ABC Management Team must approve any
deviations from this policy.
If an employee violates any of the terms of this Policy, the employee may be subject to
disciplinary actions, including but not limited to, oral or written warnings, suspension or
immediate termination. The type of disciplinary action does not depend on the nature of the
violation. ABC does not promise, imply or represent that one form of disciplinary action will occur
before another.
If a Vendor violates any of the terms of this Policy, the vendor’s contract with ABC may be
subject to immediate termination for cause, in accordance with its terms. In addition, certain
violations of this Policy may result in criminal prosecution and/or liability.
Maintenance of ABC’s “Clean Desk” Policy
This policy is maintained by ABC’s Compliance Officer to ensure relevance, quality and
completeness.
Requests for Change are reported to the Compliance Office in conjunction with ABC
Management Team, which is responsible for analyzing the impact of the change from a
business, security and financial perspective. Changes approved by the Compliance Officer will
be sent to the ABC Management Team for review prior to implementation.
ABC reserves the right to supplement, change or discontinue any portion of this Policy from
time to time at its sole discretion.
Back to Top
Industry
Best Practice

Pillar 4
Settlement Policies
& Procedures
Adopt standard real estate settlement
procedures and policies that help
ensure compliance with federal and
state consumer financial laws as
applicable to the settlement process.
Purpose:
Adopting appropriate policies and conducting ongoing employee training help ensure the Company can meet
state, federal, and contractual obligations governing the settlement process.
Considerations:
1. If there are two sets of contradicting closing instructions, (one general and one specific) what is your
office procedure? Who is responsible for handling those conflicts?
2. What are your contractual and legal requirements in regards to recording documents?
3. Are recordings tracked? Who is responsible for tracking?
4. Which counties in your area of service accept eRecording?
5. Could eRecording streamline your closing and title processes?
6. Are rejected recordings handled in a timely manner?
7. Does the company ensure consumers are charged the correct title insurance premium and other fees?
8. Are file audits completed to ensure compliance with company policies and procedures?
9. Is the Company making sure all employees are kept current with state and federal requirements?
10. Is all training documented in a training log?
Solutions/Suggestions:
1.
2.
3.
4.
5.
6.
Use your underwriter’s rate calculator. Print the calculation provided and maintain in the file.
Review electronic recording resources to determine availability and benefits.
Review the sample checklists and customize them to meet your agency and county’s specific situation.
Create written policies and procedures regarding pricing, recording, and settlement.
Maintain a separate Training Binder to document ongoing employee training.
Create an internal audit process to ensure compliance with all written procedures.
Tools & Resources:
SAMPLE 1: Real Estate Closing Checklist
SAMPLE 2: Documents for Recording Checklist
SAMPLE 3: Recording Checklist
SAMPLE 4: Written Policy - Settlement Policies & Procedures – Pricing Procedure
SAMPLE 5: Written Policy - Settlement Policies & Procedures – Recording Procedure
SAMPLE 6: Written Policy - Settlement Policies & Procedures – Disbursement
Pricing resources:
FNTG GFE calculator: http://title.com/gfe/
FNTG rate calculator: http://ratecalculator.fntg.com
Electronic recording resources: www.simplifile.com
www.cscglobal.com/global/web/csc/fntg.html
Sample 1: Real Estate Closing Checklist
Title Commitment
Check Title exceptions and review with examiner if needed
Survey ordered, received and reviewed prior to closing
Mortgage payoffs ordered and received or Releases acquired for old mortgages on title
Home Equity payoffs ordered and received, if applicable
Check transfer tax guide for your municipalities' requirements for transfer stamps
Check on real estate tax payments
Tax proration’s computed for closing; real estate taxes, insurance, association fees, water,
sewer
Real estate broker commission and splits
Amount of earnest money; brought to closing or retained by broker
Power of Attorney
Seller's documents for closing:
Deed (check vesting, spelling of names)
Affidavit of Title
Bill of Sale
State and County Tax Revenue Declaration
Check for any municipality requirements, for example
If a Chicago property and or Cook/Will County property:
IL Anti-predatory lending database certificate to be attached to mortgage
Water Certification and Zoning Compliance
Grantee/Grantor clause attached to Deed
If Condominium
Right of First Refusal
Paid Assessment Letter
Certificate of Insurance transferred to new owner
Water Certification letter if in Chicago
If Investment
Copies of Leases
Security Deposit Log
Letters to Tenants
Proration’s of Rents and Security Deposits
If in a Land Trust
Letter of Direction signed
Trustee's Deed and ALTA from Trust
Buyers Documents for Closing
Drivers’ license or acceptable form of I.D. from each buyer
Home Owners Insurance with paid receipt
Settlement Statement from sale of previous home, if applicable
Closing confirmed with all parties
Buyer(s) – Borrower(s)
Seller(s)
Lender
Seller’s attorney (if applicable)
Buyer’s attorney (if applicable)
Listing Broker
Selling Broker
Closers Initials __________
Sample 2: Documents for Recording Checklist
DEEDS – INDIVIDUAL
Address of party that prepared document
Address of where to return document after recording
Address of property
Name and address of the Grantee for tax billing purposes
Deed dated
Legal description same as the commitment and survey
Consideration recited (actual consideration should be used on an administrator's, executor's or
guardian's deed)
Notarized
PIN# match the commitment
Grantor/ Grantee Statement - recorded with all exempt deeds (Cook County, IL)
GRANTOR - INDIVIDUALS
Marital status stated? (Does the grantor have the capacity to convey? I.E.; a minor or disabled
person)
If titleholder is married and the property is their primary residence; spouse must sign to due to
homestead rights (or Dower Rights)
If the property is not the primary residence, deed should recite "Grantor hereby states that subject
property is neither his/her homestead nor of his/her spouse"
GRANTOR - PARTNERSHIPS
Deed must recite the state in which the partnership was formed
Do you know who has the authority to sign the Deed?
Need to consider the rights of the Partners
Terms of the Partnership Agreement
Copy of the Agreement
Copy of any Amendments, if any
GRANTOR – CORPORATIONS
Deed must state the state of incorporation
Certified copy of the Corporate Resolution authorizing the conveyance of the property
or the mortgage
Corporate By-laws
Certificate of Good Standing
GRANTOR - RELIGIOUS CORPORATIONS
Do you know who is authorized to sign the Deed?
Corporate By-laws
Resolution passed by the members of the party in title authorized the conveyance
Names of all persons elected members of the Board of Trustees at the last election
Form of notice for the election
Total number of members entitled to vote on corporate matters
Proper notice given to all members
Number of members present at such meeting
Number of "ayes" and "nays"
GRANTOR - LIMITED LIABILITY COMPANY
Deed must recite the state in which the company was formed
Underwriting Conditions:
Certificate from Secretary of State that it has filed its Articles of Organization (where
applicable)
Copy of the Articles of Organization
List of managers or members
Certification that no event of dissolution has occurred
Closers Initials __________
Sample 3: Recording Checklist
File Number:
Task
Notes
Date Completed
Grantor Name/Address/All Owners are
Conveying
Grantee Name/Address
Mortgagee/Assignee/Borrower Name Address
Marital Status
Legal Description (Proofed against title
commitment)
Sidwell Number (a/k/a property tax ID number)
Signature(s) – match typed names beneath
Light ink or blurry Notary Stamp (will get kicked
back unrecorded)
Notarized
Notary acknowledgment properly completed
Drafted By Name/Address
Return To Name/Address
Printed Notary Name
Margins Sizes – meet state requirements – all
blank
a/k/a or f/k/a verbiage, if needed
POA/Trust/Probate/Death Certificate Verbiage,
if needed
Document Dated date
Printed ink color – black (ROD Requirements?
Lender Requirements?)
If Consideration/$$$ are not recited on deed –
Real Estate Transfer Valuation Affidavit listing
consideration & attached to deed
Exemption clauses for revenue stamps &
transfer taxes, if applicable
Trust/Corporate or other entity signature
block/identification
Document identified by name
Exhibit/Rider indicated and/or attached (i.e. see
attached Exhibit A)
Dower/Homestead Verbiage, if applicable
Capacity/marital Status in Acknowledgement
Name(s) printed under all signature(s)
Reference information top of page 2 (deed)
Print size in accordance with your state/local
requirements
DOUBLE CHECK sending to correct property
County/Counties
Closers Initials __________
Sample 4: WRITTEN POLICY - Settlement Policies & Procedures - Pricing Procedure
1. On a semi-annual basis, the “Rates and Remittances” language in the Issuing Agency
Contract is reviewed with all personnel responsible for rate and split calculations, policy
issuance and policy reporting. When rate change bulletins are issued, the reviews are
immediate in order to ensure that proper rate changes are made.
2. When rate change bulletins are issued, the software provider (Softpro Corp., Ramquest,
etc.) is contacted to confirm that they have been notified by the underwriter and will have
the proper updates made to the software.
3. On each title order, rate manuals and online calculators (as appropriate) are used to
ensure correct fees are being charged for policy premiums, state specific fees, and
endorsements.
4. Applicable rate discounts, such as Simultaneous Issue, Reissue, and Refinance Rates (if
applicable in state) are calculated and charged when appropriate.
5. A written record of all rate calculations is kept in the file.
6. On a quarterly basis, a quality check of 5% of all files is made to verify compliance with
rate calculations and recording procedures.
Sample 5: WRITTEN POLICY - Settlement Policies & Procedures - Recording Procedure
1. Documents are submitted or shipped for recording to the proper recording office within 2
business days of the later of (i) the date of Settlement, or (ii) receipt by the agency if the
Settlement is not performed by the agency.
2. Where available, electronic recording is used.
3. For counties where we do not have an office and electronic recording is not available, we
use a third party recording service__________.
4. Shipments of documents for recording are tracked and a log is kept.
5. We verify that recording actually took place and maintain recording information for each
document in each file, as well as a separate log of all recordings.
6. When notice is received that a document has been rejected, the document is treated as a
‘new closing’ and all effort is made to resolve the problem and submit for re-recording
within two days. If a solution is not forthcoming, we consult with our underwriter and
develop a strategy to mitigate immediately.
Sample 6: WRITTEN POLICY – Settlement Policies & Procedures - Disbursement
1) We acknowledge that Lenders expect full disclosure of all receipts and disbursements in accordance
with written mutual instructions.
2) All sets of Closing Instructions are collected and reviewed prior to closing.
3) If any one set of Closing Instructions is adverse to another set of closing instructions – we obtain in
writing from all parties consent to the changes made to correct the adverse matters prior to closing.
4) The closing is performed in accordance with all instructions including:
a) Lender Closing Instructions
b) Title Commitment
c) Purchase Agreement
d) Any other misc. agreements (Escrow Agreements, etc.)
5) Follow all HUD Regulations in preparation of the HUD-1 Settlement Statement and be sure that ALL
disbursement checks MATCH EXACTLY as to what is shown on the HUD-1 Settlement Statement.
6) We will adhere to all State and Federal laws.
Specific Detailed Guidelines: Disbursement Of Proceeds
Buyer/Borrower Proceeds:
Any amount shown on line 303 of the HUD-1 Settlement Statement (funds due from
Buyer/Borrower) must come into your escrow/trust account from the borrower or be disbursed to your
borrower as shown in Section D.
Any funds received by any other party must reflect on a separate line in the 200 series designating the
source of funds.
In regions where the buyer/borrower funds are credited prior to the printing of the final HUD-1
settlement statement, those funds are reflected in the 200 series of the HUD-1 settlement statement
showing the source of funds and line 303 should reflect zero proceeds or a refund, if any, due to the
buyer/borrower.
Seller Proceeds:
Seller proceeds are not assigned and are disbursed to Seller, as defined in the Loan Closing
instructions and in accordance with the HUD-1 settlement statement. Where the Seller requests the
proceeds be paid otherwise, pre-closing clearance is obtained by us.
Multiple disbursements to the same payee are not acceptable especially when asked to disburse in
increments of $10,000 or less.
Borrower proceeds from a refinance, if any, are only paid in strict compliance with the written closing
instructions provided by the funding lender. Pre-closing consent is obtained from the lender on any
request to pay additional parties. If such consent is granted, the changes are listed in the 1300 section
of the HUD-1. We do not rely on approval of the mortgage broker. Additionally, the funder’s approval
of the HUD-1 or closing statement is not sufficient as evidence of consent.
If a lender disapproves of any requested disbursement, appropriate parties are notified in writing.
Where directed or allowed by Lender, we will accept written instructions for the following:


Deposit proceeds directly into a bank account on behalf of the principals.
Cut separate checks or send a wire in the name of each individual seller or borrower.
Mortgage Payoffs:





Must be in writing and should reference the loan number and property address in
addition to the borrower’s name
Monitor home equity lines of credit and obtain a signed ‘closing letter’ from the
borrower to the lender requesting that the credit line be closed.
Put sufficient detail on the payoff check to identify the property, loan number and
borrower.
If property is in foreclosure, make certain you have accounted for any attorney’s fees
and other court costs.
Sellers or borrowers are never to deliver their own payoff check. Payoff checks must
be delivered in a manner in which the date and time of receipt of the check can be
documented.
Escrowed Funds Disbursement:
Purpose:


Approvers’ and/or check signers’ responsibilities on external disbursements are to
ensure the payment amounts are supported, proper vendors are paid, and
disbursements have been properly authorized by the escrow officer.
Approvers’ and/or check signers’ responsibilities over our fee income are to ensure
that checks/journal entries to recognize our fees are only processed after the order
has closed and been fully funded.
Procedure:
All escrow disbursements (check and/or wire) require two approvers. Evidence of the two
approvals is required on the check/wire request and the check disbursement register for every
escrow.
Cancelled Checks and Stop Payments:
Purpose:

There is a growing body of law on the concept that, for example, a title agency may be
responsible for their own losses if they do not have proper controls and safeguards in
place. This is in contrast to the historical laws that generally put the loss for fraud on
banks.

In the U.S., one of the legal principals involved in the cashing and clearance of checks is
that a check that appears to be in the proper form and has the appearance of being
issued in the normal course of business must be honored (paid and cleared) by the bank
on which the check is drawn.
So, if a title agency issues a check, which is then taken and carefully modified by a forger
or otherwise, is deposited and processed, then the title agency is not automatically
protected from loss. Similarly, if there is fraudulent bank wire.

Procedure:
Cashier’s or Teller Checks
Stop payment on a Cashier’s or Teller Check is issued by the company once the following
criteria are met:
Approval from the appropriate supervisor is obtained directing that a replacement item is
issued.
An affidavit concerning the lost, stolen or destroyed item from the person whose obligation is
paid by the Cashier’s or Teller Check is obtained.
Any requirement by the bank upon which the check is drawn to obtain a bond or other form of
security for the amount of the check is satisfied, if the bank is going to reissue the check
before a 90 day period has elapsed.
Trust Account Checks
A check that has been issued and processed in the accounting records, but subsequently lost,
stolen or returned to the Company is “voided”.
If the original check has been returned, it is marked “Void”, the signature portion of the check
is removed, and the check is forwarded to accounting for adjustment to the appropriate
records. Voided checks, if found, are retained.
Prior to reissuance of a returned check, the accounting department must verify the check has
not cleared the bank. A holding period of 36 hours may be necessary to ensure no one has
attempted to process the check electronically.
If the check has been lost or stolen, the accounting department determines if the check has
cleared the bank.
If the check has not cleared the bank, the bank is notified to place a stop payment on the
check.
Upon authorization from the accounting department, a lost check is reissued.
If lost checks are later returned, the check is forwarded to the accounting department and
properly noted across the face of the original check that a stop payment was issued on the
check and the date the stop payment was placed.
Disbursement or Receipt of Funds By Wire:
Purpose:
Wire transfer transactions usually involve large dollar amounts that must be processed quickly.
There is also finality to a wire transfer transaction at the time of execution. Generally, wire
transfers are not subject to a stop payment, recall, cancellation or adjustment. Once a wire
request has been executed, the funds immediately become the property of the transfer recipient.
Because of these concerns and to minimize the risk of loss from errors or fraud, wire transfer
authority is to be centralized within a limited number of management, accounting or
administration employees.
Procedure:



No escrow department employee shall be unilaterally authorized to issue or accept a wire
transfer.
Customers are to communicate all wire transfer requests in writing and each escrow officer is
then to communicate the wire transfer information to one of the authorized wire transfer
employees in writing or by fax. Verbal notification is not sufficient.
In all cases of initiation of a wire transfer by a Settlement Agent, escrow officer or other
authorized party, a reasonable security procedure must be used to validate the transfer.
Mortgage Fraud Awareness and Prevention:
Purpose:
It is in our own self-interest to be vigilant for signs of potential mortgage fraud. The cost of becoming
drawn into a mortgage fraud investigation is substantial, and employees may personally be drawn into
an investigation. Regulators and Underwriters, as well as the general public, consider us to be a
significant part of the process and system for minimizing mortgage fraud.
Our agency will not tolerate ANY deviation from standard closing procedures that would result in
mortgage fraud.
Procedure:
 Adhere to all Underwriting Bulletins concerning Settlement Issues.
 The Company understands that a person that knowingly, with the intent to defraud, does
any of the following may be guilty of the crime of residential mortgage fraud:
o A person that makes a false statement or misrepresentation concerning a material
fact or deliberately conceals or fails to disclose a material fact during the mortgage
lending process.
o A person that, during the mortgage lending process, makes or uses a false
pretense, or uses or facilitates the use of another person's false pretense,
concerning the person's intent to perform a future event or to have a future event
performed.
o A person that uses or facilitates the use of a false statement or misrepresentation
made by another person concerning a material fact or deliberately uses or
facilitates the use of another person's concealment or failure to disclose a material
fact during the mortgage lending process.
o A person that receives or attempts to receive any proceeds or any other money in
connection with the mortgage lending process that the person knows resulted
from a violation.
o A person that files or causes to be filed with the register of deeds of any county of
this state any document involved in the mortgage lending process that the person
knows to contain a deliberate material misstatement, misrepresentation, or
omission.
o A person that fails to disburse funds in accordance with the settlement or closing
statement for the mortgage loan.
o A person that solicits, encourages, or coerces another person to participate in any
of the above activities.
 Company employees are trained to be aware of any of the above listed issues related to a
closing. If an employee believes any of the above items are relevant to a transaction, the
appropriate supervisor will be notified immediately. The transaction will not close or
disburse until appropriate authorization is received.
Back to Top
Industry
Best Practice

Pillar 5
Title Production
Policy production,
delivery, reporting and
premium remittance
Purpose:
Adopting appropriate procedures for the production, delivery, and remittance of title insurance policies helps
ensure that title companies can meet their legal and contractual obligations.
Considerations:
1. Title policy production and delivery.
 Title insurance policies are issued and delivered to customers in a timely manner to
meet statutory, regulatory or contractual obligations.
 Issue and deliver policies within thirty days of the later of (i) the date of Settlement, or
(ii) the date that the terms and conditions of title insurance commitment are satisfied.
2. Premium reporting and remittance.
 Title insurance policies are reported and premiums are remitted to the underwriter in a timely
manner to meet statutory, regulatory or contractual obligations.
o Report policies (including a copy of the policy, if required) to underwriter by the last day of
the month following the month in which the insured transaction was settled.
o Remit premiums to underwriter by the last day of the month following the month in which
the insured transaction was settled.
3. Review title policy production, delivery, reporting and premium remittance requirements with your
Underwriter(s) or review your Underwriter Agency Contracts and Underwriter Bulletins for
details/requirements/expectations.
For policy production and delivery; premium reporting and remittance:
 Establish procedure on how you will track this data. Determine “location” and maintenance of
documentation of submitted remittance reports and premium payment (copies of checks)
submitted to underwriter(s).
 Designate employee(s) responsible for making sure the procedures are being adhered to.
 Communicate the adopted written procedures to your employees.
 Establish training to ensure compliance to effected employees. Document employee training.
 Develop a department (title production) written process (see attached sample) to outline how to
implement the written policy based on day to day operations/workflow.
 Establish agency internal auditing process to ensure ongoing compliance in the workflow
(Frequency of audit, quality control on policy inventory reporting, monitoring and monthly
resolution of any A/R issues with underwriters – i.e. review of underwriter monthly billing
statements and documentation of policies processed).
4. Maintain underwriter premium remittances separately from operating funds.
Solutions/Suggestions:
1. Establish written procedures for the following:
 Title policy production and file maintenance
 Title policy delivery, policy reporting and premium remittance
2. Establish and document employee training to ensure compliance of written policies and procedures.
3. Establish an internal audit process to ensure ongoing compliance with policies and procedures as
outlined.
4. Provide a copy of title production written policies and procedures to applicable employees and obtain
their signed acknowledgement.
Tools and Resources:
Forms:
SAMPLE 1 – Written Policy - Title Policy Production and File Maintenance
SAMPLE 2 – Written Policy - Title Policy Delivery, Policy Reporting and Premium Remittance
Tools:
SAMPLE 3 – Abstractor / Searcher - Outside Vendor Checklist Tool
SAMPLE 4 – Internal Audit Tool: Title File - Quality Control Evaluation
SAMPLE 5 – Internal Audit Tool: Quality Control Review - Individual Title File Audit
Resources:
TitleWave® provides title search products, creates TSR’s, data transfers to your software.
https://www.titlewave.net/Anon/Login.aspx?ReturnUrl=/
Property Insight provides you with one of the industry's largest repository of electronic starter records
covering 50 states. http://www.propertyinsight.biz/dataservices_starters.asp
SoftPro helps keep you compliant with several of the Best Practices. www.softprocorp.com
AgentTRAX provides FNTG Agents with online policy jackets, tracking, reports and Closing Protection
Letters. www.AgentTRAX.com
The information provided in this SAMPLE Policy Document is for your reference only and is not intended to
represent the only approach to any particular issue. These guidelines should not be construed as legal,
financial or business advice, and you should consult legal counsel and subject-matter experts to determine
the appropriate policies, procedures and strategies applicable to your office or organization.
Sample 1: TITLE POLICIES - PRODUCTION AND FILE MAINTENANCE POLICY
Title insurance orders will be processed either on the same day or the next business day after
receipt.
Title insurance searches and exams will be made with due regard to recognized title insurance
underwriting practices and in accordance with your Underwriter's bulletins, manuals and other
instructions, including any state or federal applicable requirements.
Each policy issued on behalf of your Underwriter is issued upon a determination of
insurability of title which includes, but may not be limited to:
a. A search from earliest public records or in accordance with applicable state law
and/or Underwriter's written instructions; and
b. An examination of all documents affecting title to the subject property.
Each title order or transaction is prepared and maintained in a separate title file that contains all
documents upon which we relied to make our determination of insurability, including, but not limited
to: affidavits, maps, plats, lien waivers, surveys, title reports, searches, examinations, and work
sheets, together with a copy of each commitment, policy, endorsement and other title assurance
issued. All title orders that are revised will be tracked by adding “REVISION 1”, 2, 3, 4 respectively
with notes in the production system as to what the revision was and who requested it, when it was
sent out, etc.
We maintain a separate closing file for each transaction, with closing file containing, without
limitation; closing statements, disbursement worksheets, copies of all checks disbursed and
receipted, deposit slips, escrow agreements and any other instruments or documents executed or
created at Closing. We generally keep both the title and closing files for each property together in
one physical folder or electronic filing system that allows tracking and future review. A checklist is
performed electronically or a manual checklist is placed in the folder.
The title and closing files are preserved in accordance with our contractual obligations with our
underwriters, in addition to applicable State document retention requirements, or in the case of a
legal hold order, in accordance with instructions of our Underwriter(s).
In the event that we destroy or disseminate the files for any reason, we shall maintain and protect
any confidential or private information contained in such files in accordance with applicable State
and Federal law and with any permissions needed per our underwriting contracts.
We perform an Open File Audit every month. An “Open File” is defined as ~ a title commitment was
issued with no further communication from the customer who ordered it and no payment of premium
has been received. Monthly, all open files will be reviewed that have aged three months or older.
We follow up with the party that ordered the commitment to find out the status of the transaction. At
each monthly Open File Audit, the file status will be updated to either cancel the file or confirm that
the transaction is still active.
A quarterly internal audit is completed using a random selection of 25 files from those files that have
closed and policies where policies were issued in the last three months. This audit is performed by
our Title Production Manager. The following items listed on the “Quality Control Review – Individual
Title File Audit” checklist are reviewed:
a.
b.
c.
d.
e.
Date of Settlement vs. Date All Conditions Met vs. Date of Policy
Confirmation appropriate premium was charged to the customer
Documentation of a refund to the customer if an over-charge was discovered
Date policy was reported to the underwriter
Date premium was remitted to the underwriter. Remittance to underwriter is
confirmed by reviewing account statements, cleared checks or transfers and
bank statements for Trust/Escrow Account and/or Premium Account
When claims are filed and the underwriter requests a copy of the file in question, or when files are
requested for other reasons, we promptly search for and provide the requested documentation.
These include:
A. all documents received by Agent in which Underwriter is a party to any administrative and/or
judicial proceedings;
B. all written complaints or inquiries made to any regulatory agency regarding transactions
involving title insurance policies, endorsements, commitments or other title assurances of a
particular Underwriter;
C. any information alleging a claim involving a policy, commitment, endorsement or other title
assurance of an Underwriter or a transaction for which an Underwriter may be liable;
D. all original documentation and work papers associated with the transaction or conduct giving
rise to any examination, claim or complaint.
In the event a request for a copy of a title policy or settlement statement presented to our Company,
we will assist customers to the best of our ability, but will be mindful of our obligation to ensure that
the party requesting the title policy or other documentation is entitled to it. The title policy is a
contract between the Company and the insured party, and, with few exceptions, we may only give a
copy to our insured. Other documentation likely will fall under the definition of Non-Public Personal
Information. When faxing, emailing, scanning or in any way delivering a policy, the policy jacket and
the schedules and all endorsements must be sent, as all the components together make up the
policy.
The following parties may receive copies of a Lender’s Title Policy:
A. The insured lender named in the Lender’s Title Policy.
B. MERS, if MERS is named in the insured deed of trust as the nominee of the insured
lender.
C. A loan servicer, if the loan servicer provides satisfactory documentation to establish
they service the loan for the insured lender. If you receive a written letter from a party
who states they service the loan on behalf of the lender, you may rely upon that
representation without having to obtain the written consent of the lender. Use good
judgment – if a request from a servicer appears questionable, of course contact the
lender to be sure the request is legitimate.
D. A party claiming to be the current holder of the indebtedness, if there is evidence of
record such as an assignment of lien that indicates they are the holder of the
indebtedness, or other evidence such as a copy of the original note and it shows the
note has been endorsed to the party requesting a copy of the policy.
E. Any other party with the written consent of the insured lender.
The following parties may receive copies of an Owner’s Title Policy:
A. The insured party named on the Owners Policy. We have the customer submit a
signed, written request when asking for a duplicate of the Owners Policy.
**For
situations such as heirs requesting policy copies (i.e., “my parents are deceased and I
need a copy of their “Owners Policy”), please consult local underwriting for the correct
practice.
B. When an Owner’s Policy is requested by Law Enforcement we instruct our staff to
consult local underwriting for the correct practice.
The information provided in this SAMPLE Policy Document is for your reference only and is not
intended to represent the only approach to any particular issue. These guidelines should not be
construed as legal, financial or business advice, and you should consult legal counsel and subjectmatter experts to determine the appropriate policies, procedures and strategies applicable to your
office or organization.
Sample 2: TITLE POLICY DELIVERY, REPORTING & PREMIUM REMITTANCE POLICY
Policy Delivery to Insured Parties: Relative to the issuance and delivery of title policies, we will
comply with all state and federal regulations, along with our contractual obligation with our
underwriter(s) to deliver title policies the within prescribed time periods.
1. Title policy production and delivery.


Title insurance policies are issued and delivered to customers in a timely manner to meet
statutory, regulatory or contractual obligations.
Issue and deliver policies within thirty days of the later of (i) the date of Settlement, or (ii) the
date that the terms and conditions of title insurance commitment are satisfied.
2. Premium reporting and remittance.

Title insurance policies are reported and premiums are remitted to the underwriter in a
timely manner to meet statutory, regulatory or contractual obligations.
o Report policies (including a copy of the policy, if required) to underwriter by the
last day of the month following the month in which the insured transaction was
settled.
o Remit premiums to underwriter by the last day of the month following the month in
which the insured transaction was settled.
3. Premium accounts for funds owed to underwriters: We maintain the underwriter portion of the title
premium in a separate premium escrow account (a separate account for each underwriter) or in a
separate file identified in our escrow/trust account for each underwriter. When we perform a closing
or when we receive payment for a policy, the underwriter portion of the premium is transferred to the
underwriter file for premium remittance for each underwriter within the escrow account OR the
underwriter premium share will be transferred/deposited directly from the escrow bank account used
for closing/disbursing the transaction to an escrow premium bank account for each underwriter. This
escrow premium bank account is “2-way reconciled” monthly. If there are monthly bank fees
assessed on the account, the account is reimbursed monthly from our operating account. If this
account is an interest bearing account, the interest will be transferred to our general account on a
monthly basis.

If we discover that a consumer has overpaid for a policy, our physical file and electronic
file will be documented and we will process a refund for the amount of the overpayment
of premium to the consumer with an approval from the Title Manager / Supervisor.
Sample 3: ABSTRACTOR / SEARCHER - OUTSIDE VENDOR CHECK LIST
Vendor Name: ___________________________________________
Date W-9 on file _________________________________________
Date E&O received ______________________________________
Need to verify (monthly / bi-monthly / semi-yearly / when you use them)
Call to confirm the E&O Policy is valid & the binder is not altered.
What is the dollar coverage? _____________________________
Recommend a coverage of $1,000,000 or higher
Coverage is for “employees and outside contractors” with the entity you’re hiring.
(This should be stated in the policy somewhere and they should be able to point
those specific coverages out to you.)
References provided and verified via called / emailed. Results reviewed.
Have a complete understanding of what the charges will be and what is provided for those specific
charges. Ask about the following details:
What is the geographical coverage area they provide?
What is their Turn-Around-Time (TAT)?
What type of searches do they provide and does it match your underwriter(s) guidelines?
Current Owner… back to what type of deed?
Purchase Money Mortgage (PMM) Search?
Does the PMM match your guidelines for a stopping point?
Two Owners…two Warranty Deeds or what type of deed combo?
40 year search or “X” number of years search?
Do they find a Warranty Deed or any Deed outside of the 40 year mark?
Do they provide all Easements & Restrictions with the search?
Ask for details… ingress / egress, back to 1920, reviewing CCR’s / B&U’s?
Pricing? Have them provide you with a pricing sheet with products outlined?
Pricing for copies? Do they call you before sending you “x” amount of pages?
What is the best way to communicate with them? Website / Email / Text Msg. / Fax
Do they search Commercial Property?
Other:
Sample 4 - Internal Audit: TITLE FILE - QUALITY CONTROL EVALUATION
Order #: _______________________ Examiner: ______________________________________
Application
1.
2.
3.
4.
commitment/invoice not emailed or faxed
endorsement requests not considered
lender insured clause not shown correctly
special instructions not followed
Schedule ‘A’
1.
2.
3.
4.
5.
6.
7.
effective date incorrect
estate being other than shown or reported
title vesting missing
title vesting inaccurate
type of tenancy incorrect
legal description – wrong property
legal description – typographical errors
Schedule ‘B’ Taxes
1.
2.
3.
4.
5.
wrong pin/typo
incorrect year or payment status reflected
missing tax sale, forfeitures, assessments
missing additional pin
missing tax exception
Schedule ‘B’ Mortgages, Liens, Judgments
1. lien not raised
2. inaccurately shown (does not affect)
3. other
Schedule ‘B’ building lines, easements, restrictions
1. inaccurately raised
2. missing exceptions
Title Procedures
1.
2.
3.
4.
rules for judgment search not followed
rules for prior unreleased mortgages not followed
unnecessary exceptions raised
exceptions not raised
Billing
1.
2.
3.
4.
filed rates not applied
items not properly billed
missing billable items
rate calculation sheet in file for later reference on how calc was done
Other
Sample 5 - Internal Audit: QUALITY CONTROL REVIEW – INDIVIDUAL TITLE FILE AUDIT
File #: ___________________
Examiner: ___________________________________________________________
I.
Title Evidence/Application
1. Are there written instructions from the customer in the file (i.e. order form)? ___yes ___no
If so, do they ask us to perform services we should not be providing? ___yes ___no
2.
Type of title evidence in file:
____Search Notes
____Title Report
____Prior Policy from _________________________Company – Dated __________
____Commitment/Binder from _________________Company – Dated __________
Search performed by or obtained from: ___________________________________
3.
Search period from ____________________ to _____________________________
4. What evidence of the status of taxes is in the file?
____Paid Tax Receipts
____Letter or computer print-out from tax assessor
____Notes (i.e. Oral conversation with tax assessor)
____Other _________________________________
____None
5. Within the time frame covered, was the search complete, i.e. were all parties searched; did
search include special assessments; financing statements; judgments, etc.? ____yes
____no
If no – explain:
_______________________________________________________________
6. Can the search be reconstructed from notes or other evidence in the file? ___yes ___no
II.
1.
Commitment/Binder Policy
Does the effective date of the title evidence match the effective date of the commitment?
___yes ___no, Explain:
2. Are all open liens of record shown in Schedule B of the commitment? ___yes no___
3. Do the exceptions on the commitment match the title report or search results? ___yes
___no
4. Is the status of taxes reflected properly in the commitment? ___yes ___no
5. Are current forms/schedules being used & identified by date, etc.? ___yes ___no
6. Is the “type of policy” to be issued identified in the “proposed insured” section? (i.e. ALTA
Owners Policy 06/17/2006 OR ALTA Loan Policy 06/17/2006, etc.) ___yes ___no
III.
1.
Title Clearance
Is the evidence to clear title in the file? ___yes ___no
Specifically:
_____ Required Deeds, Affidavits, etc.
_____Evidence of Mortgage Payoff (check copy)
_____Discharges or releases of all prior mortgages
_____Partial Releases of mortgages
_____Subordinations, assignments, discharges of liens, judgments, etc.
_____Personal undertakings (Indemnifications), Letter of Credit, Bonds
If these documents were prepared by the title office, were they prepared properly?
___yes ___no
LIST ALL MISSING ITEMS:
2. Are the names of the deed mortgage, commitment identical? ___yes ___no
3. Was a construction loan disbursed? ___yes ___no
Were all underwriting guidelines follow for construction as required? ___yes ___no
4. If yes, what documentation supports the disbursement?
_____Sworn Statements
_____Lien Waivers
_____Builder/Contractor’s Indemnity
_____Owner’s Indemnity
_____Developer’s Indemnity
_____Financial Statements
_____Contract for Construction
_____Construction first lien letter
_____Written approval from Underwriter to do construction transaction
IV.
1.
Policy Information
Schedule A Information:
_____Owners Policy; Liability Amount ________________ Policy Number:
______________
_____Loan Policy; Liability Amount __________________ Policy Number:
______________
Type of Loan: Permanent ______ Construction ______
Are current Schedules/Forms being used with identifiable information (date) on form?
2. Was the Policies issued within 30 days of the terms and conditions of title insurance
commitment have been satisfied?
Owners Policy; date all was met ________________ Date Policy was sent for delivery:
_____________
Loan Policy; date all was met ________________ Date Policy was sent for delivery:
____________
3. Was the appropriate premium amount charged to the customer?
Owners Policy; Liability Amount $_______________ Amount for Policy Charged
Customer: ______________
Amount for Policy as applicable: $______________
Loan Policy; Liability Amount $_______________ Amount for Policy Charged Customer:
______________
Amount for Policy as applicable: $______________
Problem sited: ___yes ___no
If yes, how was this resolved, explain:
4. Property Type:
_____1-4 Family Residential
_____Industrial
Home
_____Vacant Land
_____Apartment Building
_____Condominium/PUD
_____ Commercial
_____ Manufactured
_____Agricultural
5. Legal Description:
Does the policy legal description match the legal description in the commitme3nt, deed
and/or mortgage, and/or survey? ___yes ___no/Explain:
6. Schedule B information:
a. Do the exceptions found on the commitment and subsequent title evidence
corresponds to the exceptions on Schedule B? ___yes ___no/Explain:
b. Were the exceptions worded correctly? ___ ___no/Describe:
7. Were standard Schedule B exceptions deleted?
A. “Rights of present tenants, lessees or parties in possession” ___yes ___no
B. “Any liability for mechanics’ or material-mans’ liens” ___yes ___no
C. “Discrepancies, conflicts in boundary lines, shortage in area, encroachments, and any
facts which an accurate survey and inspection of the premises would disclose”
___yes ___no
D. If yes, check for the following types of support documentation in the file:
___Owners Affidavit
___Construction Loan Disbursement Agreement
___Construction lien indemnity
___Plat plan or location survey
___Full ALTA survey
___Surveyor’s report/affidavit
___Standard Extended Coverage Questionnaire
___Estoppel Certificate
E. Does the survey disclose any matters that are not shown on the policy? ___yes
___no
F. Has the question of access been considered and properly “disposed of”? ___yes
___no
8. If the policy insures a condominium unit: Was the appropriate language included in
Schedule B?
___yes ___no
9. Are there any affirmative insurance notes in Schedule B (excluding endorsements) in the
owner and/or lender’s policies? ___yes ___no If yes, what are they ______________
10. Were endorsements issued properly, if any:
___yes ___no If done incorrectly, follow up noted:
11. If the commitment disclosed taxes due, does the file contain evidence of payment?
___yes ___no
12. Does the tax exception in the policy correspond to the tax information in the file? ___yes
___ no
13. What was the period of gap between date of closing and issuance of policy?
___________
a. Was the title search brought down to cover closing date? ___yes ___no
b. Is there evidence in the file? ___yes ___no
V.
Post Issuance
1.
Were all of the instructions on the application complied with? ___yes ___no
2.
Is the date on the policy and date of recording the same? ___yes ___no;
If no, what is the Gap? ___________ Explain briefly:
______________________________________________
3. Was a continuation search run from the end date of the original title evidence to the date of
recording?
___yes ___no; if no, explain briefly: __________________________________
4. What proofs of recording are in the file?
_____Recording receipt
_____Stamped document copies
_____File notation (i.e., Liber and page and date of document recording information)
_____Log entry
_____Canceled check for fees
Back to Top
Industry
Best Practice

Pillar 6
Errors, Omissions
& Fidelity Insurance
Maintain appropriate
professional liability
insurance and
fidelity coverage.
Purpose:
Appropriate levels of professional liability insurance or errors and omissions insurance help ensure title
agencies and settlement companies maintain the financial capacity to stand behind their professional services.
In addition, state law and title insurance underwriting agreements may require a company to maintain
professional liability insurance or errors and omissions insurance, fidelity coverage or surety bonds.
Considerations:











Have you obtained confirmation that E&O Coverage is acceptable by your underwriters and that it
meets your contractual obligations?
Does your coverage/deductible match your agency contract with your underwriter?
What coverages does your state require?
Is your coverage sufficient for the type of business you are conducting?
Do you have cyber liability insurance coverage?
 Including coverage for the loss of confidential consumer information
What does your policy define as a title claim?
What are your coverage dates?
Do you have coverage for future claims related to mistakes made prior to your current policy?
Do your policies cover directors and officers?
Who is monitoring your expiration date and ensuring timely renewal?
Are the following third-party vendors covered (if you utilize their services)
 Independent Contractors
 Title Agents
 Title Abstractors
 Searcher
 Escrow Agent
 Closing Agent
 Public Records Searcher
 Corporate Document Searcher
Solutions/Suggestions:
1. Create a written policy for monitoring adequate coverages and renewals.
2. Research and obtain pricing for comprehensive insurance packages that include cyber liability
insurance, Fidelity Bond, and E&O coverage.
Tools & Resources:
FORMS:
SAMPLE 1 – GUIDE - Insurance policy riders that: cover computer systems; cover the theft of escrow funds;
make your title underwriter a loss payee.
SAMPLE 2 - TABLE - that helps you compile information about your insurance policies:
SAMPLE 3 - POLICY - Professional Liability and Fidelity Coverage Policy
Sample 1 - Guide: INSURANCE COMPANIES & BROKERAGES
 Ritman & Associates, Inc. (Adam Gwaltney) www.ritmanassoc.com
TIAC - The Title Industry Assurance Company is a member-owned, ALTA- endorsed insurance provider
www.alta.org/tiac/

Arthur J. Gallagher & Co (Dan Riebling of The Trieber Group) http://www.ajg.com/locations/newyork/garden-city/#4
In addition to a recommended minimum of $1 million E&O coverage, which may or may not
exceed the contractual requirements contained in an Agency Agreement, a comprehensive
fidelity policy will include the following:
Coverage of at least a minimum of $500,000 per occurrence, $500,000 aggregate (check
your Agency Contract for possible minimums).
Protection against theft from operating or escrow accounts by either agency employees
AND the agency principal and corporate officers.
Protection against computer fraud including third party account hacking.
Ensure that coverage does not lapse. This could cause you to lose retroactive coverage
Moreover, this coverage is affordable and is based on the agency’s number of
employees. For example, the basic policy which provides $500,000 of coverage per
claim in the aggregate limits of liability, subject to a $15,000/claim deductible, costs
$2,000 for ten employees, $3,280 for 25 employees, etc. Call Arthur J. Gallagher & Co.
for rates and more specifics at 800-749-7326 or by e-mail at fntgins@ajg.com .

Your Fidelity Agency Account Manager www.nationalagency.fntg.com
Sample 2: TO COMPILE INFORMATION ABOUT YOUR INSURANCE POLICIES
Part 1.
State/Underwriter
Required Coverage –
Type and amount
Requirements Met?
Part 2.
Type of policy
(E&O, Fidelity,
etc.)
Policy #
Policy Limit &
Deductible
Carrier
Expiration Date
Part 3.
Type of Supplier/Service
Provider
Independent Contractors
Title Agents
Title Abstractors
Searcher
Escrow Agent
Closing Agent
Public Records Searcher
Corporate Document
Searcher
Directors and Officers
Do we use them?
Covered?
Which policy(ies)
Sample 3: PROFESSIONAL LIABILITY AND FIDELITY COVERAGE POLICY
1. Professional liability or errors and omissions insurance
The company maintains professional liability insurance in the amount of no less than
$___________________. This amount is appropriate given the company’s size and
complexity and the nature and scope of its operations; the amount is not less than the
amount agreed to in the company’s underwriting agreement(s).
The insurance carrier is nationally known and has appropriate Best ratings.
Coverage’s / Endorsements are reviewed annually and are added or subtracted to reflect
current changes in the practices of the industry and to reflect new threats to our business as
they arise, such as cybercrime.
2. Fidelity bond coverage (Protection for Agent against employee dishonesty)
The company maintains a fidelity bond policy in an amount of not less than
$___________________. The company reviews both State law and our Issuing Agency
Contracts to verify that our coverage meets or exceeds their respective requirements. This
coverage is carried even if State law or our Issuing Agency Contract does not require it from
time-to-time as conditions or laws change.
3. Surety coverage, Closing Protection Letters (Protection for consumers against closing disbursement
issues). For Example:
(Alternate A) In Ohio, state law requires us to offer closing protection coverage to buyers,
sellers, and lenders. We encourage buyers, sellers, and lenders to purchase those products
and maintain a signed disclosure form in our files evidencing our compliance with state law in
connection with those.
(Alternate B) Also as required by state law, the company possesses surety bond coverage
for closings where title insurance is not being purchased. Coverage is in the greater of the
$250,000 or state mandated amount.
(Alternate C) Alternatively, the company ensures that the Closing Protection Letter
coverage, where mandated by statute, is issued in connection with the disbursement or that
a statutory indemnity fund is established to cover.
Back to Top
Industry
Best Practice

Pillar 7
Consumer
Complaints
Adopt and maintain
procedures for resolving
consumer complaints.
Purpose:
A process for receiving and addressing consumer complaints helps ensure reported instances of poor service
or non-compliance are discovered and promptly resolved.
Considerations:
1. What constitutes a complaint?
2. What is the ‘type’ of complaint and who will need to be notified?
3. How does your state handle consumer complaints?
 Some states send consumers directly to the CFPB to make complaints
4. Who will be responsible internally for tracking and addressing complaints?
5. Are you going to use the complaint policy and procedure as a training tool for employees?
Solutions / Suggestions:
1. Define consumer complaints, including types and levels of complaint.
2. Identify single point of contact for consumers to contact for follow-up
3. Identify person or department responsible for intake, logging, tracking progress and resolution of
complaint
4. Utilize complaint procedure as a training tool
Tools:
FORMS:
SAMPLE 1 – Complaint Resolution Policy & Procedure
SAMPLE 2 – Complaint Intake Form
SAMPLE 3 – Complaint Resolution System Annual Log
The information provided in this SAMPLE Policy Document is for your reference only and is not
intended to represent the only approach to any particular issue. These guidelines should not be
construed as legal, financial or business advice, and you should consult legal counsel and subjectmatter experts to determine the appropriate policies, procedures and strategies applicable to your
office or organization.
Sample 1: COMPLAINT RESOLUTION POLICY & PROCEDURE
Policy Statement
ABC Title Agency (ABC) is committed to providing a professional, fair, efficient, courteous and
helpful service to the public and a key aspect for achieving this is to promptly investigate and, where
possible, resolve complaints about its service to the satisfaction of the customer.
Dealing with complaints effectively and efficiently is a core element of ABC Title Agency’s customer
service and reflects ABC’s commitment to service excellence.
ABC’s Complaint Policy & Procedure will be posted on the Company website for easy access
by consumers.
Scope
This policy applies to the handling of all formal complaints submitted to ABC. For the purposes of
this policy, a complaint is defined as any expression of dissatisfaction about the service/s
provided by the ABC and/or about the professional conduct of ABC staff, including any subcontractors used by ABC.
Examples of the types of complaints are (do not have an exhaustive list):
Poor service or failure to meet promise/commitment
A failure to follow policies, procedures or written instructions
Mistakes/Errors by ABC personnel
Unreasonable delay caused by ABC
Wrong or misleading information provided to consumer
(NOTE: ABC is NEVER to provide advice!)
A failure to provide explanations or give reasons for decisions
Discrimination of any kind, inconsistency or lack of objectivity
Inappropriate staff behavior, discourtesy, disrespect or rudeness
Purpose:
It is the policy of ABC Title Agency to provide a complaint resolution procedure that is timely and
responsive to consumers of our services.
 The compliant procedure will be timely and accessible to the consumer.
 All employees will welcome complaints with the understanding that our goal is satisfied
customers.
 Where possible, all ABC staff should endeavor to resolve complaints at the first point of
contact or knowledge of the complaint.


Customers who remain dissatisfied after speaking to an ABC Employee should be offered
the option of being transferred to a ABC Complaint Coordinator (CC). If the CC is
unavailable to take the call and/or the consumer would prefer to write in to complain, the ABC
Employee should provide the consumer with the company address details (email and/or
postal address) and should direct the consumer to the ABC’s website where ABC’s
Complaint Policy is posted.
ABC will always endeavor to respond to consumer complaints using the consumers preferred
mode of communication. Where this is not specified, ABC will usually respond using the
same mode of communication as the complainant has used to raise the complaint.
Step One: Upon the receipt of a complaint (all employees need to be sensitive to the idea that
consumers may make a complaint in a variety of ways including phone calls, voice mail, email, or
regular mail) the person receiving the complaint or becoming aware of a complaint will fill out the
Company Complaint Intake Form, attaching a copy of any emails, letters, or notes from the voice
mail, that will be helpful in providing a full picture to the Complaint Coordinator or anyone else
involved later in the process.

Contact the customer by telephone / email to acknowledge receipt of the complaint. Discuss
the complaint with the customer and ask the customer how they would like the matter
resolved.

The Complaint Intake Form should be delivered to the Company’s designated Complaint
Coordinator (CC) as soon as possible, but in no event later than the end of the business day
which the complaint came in or was discovered. The employee will provide the consumer
with the Company Complaint Coordinator’s name and contact information.
Step Two: The Complaint Coordinator (CC) will review the Complaint Intake Form and any
documentation attached.

The Complaint will be logged on the Company’s Annual Complaint Log and the CC will
determine if there is a need to notify any other parties about the complaint.

If necessary, the CC will request additional information or speak directly with any employees
involved to be sure the CC has all the necessary information (employee’s “side of the story”
and surrounding circumstances of any other entities or parties involved) and respond to the
party who made the complaint to the best of their ability and authority.

The goal is to resolve any complaints within three business days. Depending on the nature of
the complaint, the CC will contact the consumer by the end of the second business day from
the Complaint Intake to acknowledge receipt of the complaint and update the customer with
the status.

If the CC is unable to resolve the complaint within three business days, the consumer will be
updated by the Complaint Coordinator on progress (even if there is no progress) every 3rd
day from initial contact until resolution is reached.
If the CC is unable to satisfactorily resolve the complaint within three business days, they will
bring the matter to the attention of the Office Manager/Owner/CEO.

Step Three: The Company CEO, will respond to the consumer within two business days of being
notified by the Complaint Coordinator that the issue has not been resolved.

The CEO will utilize objectivity and flexibility (being mindful of state and federal regulations
for the title industry) in determining the proper resolution.

The decision of the CEO is final. Only the CEO shall have the authority to revise the decision
should additional information be provided that would warrant a change in part or whole of the
CEO’s original decision for resolution.

The CEO’s explanation and resolution will be communicated to the party that made the
complaint directly by the CEO or if the CEO designates, by the Complaint Coordinator the
same business day as the CEO outlines the resolution.
HOW MIGHT ABC RESPOND AFTER REVIEWING A COMPLAINT?
• An explanation
• Provision of a service, an additional service or a follow up service;
• A change of the initial decision;
• Confirmation of the original decision;
• Additional training for staff;
• A change in operational practice to try to prevent a similar event from occurring; and
• In some cases, a change in policy or practice.
Record Keeping and Reporting:
 copies of all documentation related to the complaint, such as the initial email, the Complaint
Intake Form, notes, etc. will be scanned to the server and held in an electronic file folder (or
hard copy Complaint Portfolio).

All complaints will be updated on the Annual Complaint Log completing all the areas listed on
the Log at the close/resolution of complaint.
Monthly Meeting:

On a monthly basis, Complaint Coordinator will make a brief presentation to the Staff about
the complaints received and any resolutions.

The purpose is to keep the Staff informed and to provide an opportunity for suggestions on
how to avoid similar complaints in the future, illuminate training needs and discuss trends.
Revision History
Rev #
Date
Description
1
Enter Date
Original Date Published (Add any revision dates/notes below)
Sample Action Plan
Timeframe
Complaint intake form is filled out
By end of the day
Complaint intake form emailed to Complaint Coordinator
By end of the day
Customer is contacted for acknowledgment of receipt of
complaint, to obtain any additional information needed and
explanation of follow-up procedure
By end of the second day
If applicable, outside parties notified (Lender, Realtor,
Underwriter, etc.)
By end of the second day
Status update is made to the consumer If the complaint is not
resolvable within 3 additional business days.
By the end of the 5th business day
Status update is made to the consumer
Every 3rd business day thereafter.
Complaint intake form is completed and complaint log is
updated by Complaint Coordinator
At resolution of the complaint.
Sample 2: COMPLAINT INTAKE FORM
Complaint Intake Form
Attach copies of any emails, notes, letters, etc.
Use extra sheets as necessary
File #
Complaint Type
Customer Information
Name:
Phone #
Address
Email
Complaint Information
Date
Details:
(Attach extra sheets if necessary)
Other persons/parties
involved
Notified ?
Notes
Person assigned to resolve
Suggested Course of Action
Contact #1
Date and Time:
Notes:
Contact #2
Date and Time:
Notes:
Date
Resolution
Complaint Closed/Resolved?
Complaint added to Annual Log?
All related documents scanned and saved?
x
Signature of Owner or Complaint Coordinator (Indicates close of complaint)
Sample 3: COMPLAINT RESOLUTION SYSTEM ANNUAL LOG
SAMPLE: ABC TITLE AGENCY - Complaint Resolution System Annual Log
Office Location/Branch Office Location:
Complaint #
1
2
3
4
5
6
7
8
9
10
Complainer Name
(Person Making
Complaint)
Respondent Name
(Who/What Comp.is
against)
Year:
*Type of
Complaint
Date Filed
Staff Person
Intake Form
Staff Person Complaint
Resolution &
Referred to for Resolution Date Resolved
Back to Top
Thank you for utilizing this portfolio. We are
confident that it has assisted in memorializing
your title company’s processes, procedures,
safeguards and your consistent monitoring.
We appreciate your business and look forward
to bringing you additional tools and resources,
not only for your Best Practices but also to
prepare you for the New CFPB Forms, a
changing market and the future of our industry.
FNTG’s Portfolio Builder
For Implementing Title
Industry Best Practices