REAL ESTATE TITLE AND SETTLEMENT BEST PRACTICES

REAL ESTATE TITLE AND SETTLEMENT BEST PRACTICES IOWA TITLE GUARANTY SETTLEMENT SERVICE WORKSHOP ALTOONA, IOWA APRIL 14, 2015 CHARLES P. AUGUSTINE KL...
Author: Hope Nichols
20 downloads 2 Views 295KB Size
REAL ESTATE TITLE AND SETTLEMENT BEST PRACTICES

IOWA TITLE GUARANTY SETTLEMENT SERVICE WORKSHOP ALTOONA, IOWA APRIL 14, 2015

CHARLES P. AUGUSTINE KLATT, AUGUSTINE, SAYER TREINEN & RASTEDE, P.C. 531 Commercial Street, Suite 250 Waterloo, Iowa 50701 Telephone (319) 232-3304 Fax (319) 232-3639 [email protected]

REAL ESTATE TITLE AND SETTLEMENT BEST PRACTICES ______________________________________________________________________________

I.

INTRODUCTION Independent title and settlement agents play a critical role in the mortgage lending and closing process. They work to ensure the clear transfer of title from sellers to buyers and to ensure first lien status for purchase money mortgage lenders. Further, their expertise with and knowledge of local rules and customs, coupled with their local relationships provide lenders with the ability to provide their loan products nationwide. However, ever-increasing regulatory compliance requirements are beginning to significantly impact the relationship between these title and settlement providers and their lender clients. In this heightened regulatory environment the onus is on the several participants in that environment to adapt and to adopt and adhere to practices that lower the risk to those participants, their partners and clients, and their consumers.

II.

BACKGROUND A.

SPECIFIC LAWS AFFECTING THE TITLE/SETTLEMENT INDUSTRY. 1.

The Real Estate Settlement Procedures Act (RESPA). RESPA is a federal law passed by Congress in 1974, and is codified at Title 12, Chapter 27 of the United States Code. The Act prohibits kickbacks in connection with real estate settlements1 and requires the use of the good faith estimate and the HUD-1 and HUD-1A forms.2 Amendments to RESPA effective January 1, 2010, restrict the amount that fees related to a settlement can increase between the GFE and the HUD-1 or HUD-1A.

2.

The Gramm, Leach, Bliley Act (GLB). The Gramm, Leach Bliley Act, also known as the Financial Services Modernization Act of 1999, became effective November 12, 1999. The GLB imposes an affirmative duty on every financial institution to respect the privacy of its customers and to protect the security and confidentiality of their non-public personal information.3 The GLB further provides rule making authority to various federal agencies and mandates that they establish standards consistent with

1

See 12 U.S.C. §§ 2607.

2

See 12 U.S.C. §§ 2603-2604.

3

15 U.S.C. § 6801. 2

the purposes of the GLB for the financial institutions subject to their jurisdiction.4 a.

GLB Applies to Settlement Service Providers. The GLB applies to financial institutions and defines them as “any institution the business of which is engaging in financial activities as described in section 1843(k) of title 12 [of the U.S. Code].”5 Real estate settlement service providers are considered financial institutions subject to the GLB.6

b.

Financial Privacy Rule. The Financial Privacy Rule restricts the disclosure of nonpublic personal information by financial institutions and requires the delivery of a privacy notice to consumers in certain instances.7 (1)

4

15 U.S.C. §§ 6801, 6804.

5

15 U.S.C § 6809.

General Rule Prohibiting Disclosure of NPI. Generally, a financial institution may not, directly or through any affiliate, disclose to a non-affiliated third party any nonpublic personal information, unless such financial institution provides or has provided to the consumer a notice that complies with the provisions of 15 U.S.C. § 6803.8 Such notice must disclose that the information may be disclosed to such third party, and must disclose how the consumer may opt out of having the information disclosed.9

6

See 12 C.F.R. 225.28 (including real estate settlement services as an example of financial activities). 7

See generally 15 U.S.C. §§ 6801-6809. “Consumer” is defined as “an individual who obtains, from a financial institution, financial products or services which are to be used for personal, family, or household purposes, and also means the legal representative of such an individual.” 15 U.S.C § 6809(1). 8

15 U.S.C § 6802(a).

9

15 U.S.C § 6802(b). 3

(2)

Exceptions. The disclosure of nonpublic personal information is not prohibited in the following cases:10 (a)

When it is necessary to effect, administer, or enforce a transaction requested or authorized by the consumer, or in connection with certain servicing, processing or maintaining functions related to a financial product or a consumer account.

(b)

When it is with the consent or at the direction of the consumer.

(c)

In any of the following situations:

(d)

10

See 15 U.S.C § 6802(e).

11

See id.

(i)

To protect the confidentiality or security of the financial institution’s records pertaining to the consumer, their service or product, or the transaction therein.

(ii)

To protect against or prevent actual or potential fraud, unauthorized transactions, claims, or other liability.

(iii)

When it’s disclosed for required institutional risk control, or for resolving customer disputes or inquiries.

(iv)

When it’s disclosed to persons holding a legal or beneficial interest relating to the consumer.

(v)

When it’s disclosed to persons acting in a fiduciary or representative capacity on behalf of the consumer.

When the disclosure is required to comply with the law or a properly authorized investigation and in certain other situations as specifically provided for under 15 U.S.C. § 6802(e).11

4

(3)

c.

12

Disclosure of Privacy Policy. In some instances, a financial institution is required automatically to deliver to the consumer a disclosure of the institution’s privacy policy. More specifically, this is the case when the consumer has become a customer12 of the institution. At the time of establishing a customer relationship with a consumer and not less than once per year thereafter during such relationship, a financial institution must provide a disclosure of the institution’s privacy policy with respect to the disclosure of NPI to affiliates and non-affiliated third parties, the disclosure of NPI of persons who have ceased to be customers of the financial institution, and the protection of NPI.13 (a)

Obtaining Real Estate Settlement Services. “A consumer has a continuing relationship with you if the consumer . . . obtains real estate settlement services from you.”14

(a)

Exemption for CPA’s. These disclosure requirements generally to not apply to a licensed certified public accountant.15

Safeguards Rule.16 The Safeguards Rule implements portions of the GLB concerning the development, implementation and maintenance of safeguards to protect customer information. It requires financial institutions to develop a written information security program that is appropriate to the size and complexity of the company, the nature and scope of its activities and the sensitivity of any customer information at issue.

“Customer means a consumer who has a customer relationship with you.” 16 C.F.R.

313.3. 13

15 U.S.C § 6803(a). A customer relationship is defined as “a continuing relationship between a consumer and [the financial institution]” under which the financial institution provides one or more financial products or services to the consumer. 16 C.F.R. 313.3(i)(1). 14

16 C.F.R. 313(i)(2).

15

15 U.S.C § 6803(d).

16

16 C.F.R. 314 5

(1)

3.

17

Elements of the Information Security Program. Pursuant to the Safeguards Rule, a financial institution’s information security program shall do the following: (a)

Designate an employee to coordinate the program.

(b)

Identify reasonably foreseeable internal and external risks and assess the sufficiency of any safeguards in place to control these risks. At a minimum, such risk assessment should include consideration of risks in each relevant area of the company’s operation, including: employee training and management; information systems, including network and software design, as well as information processing, storage, transmission and disposal; and detecting, preventing and responding to attacks, intrusions, or other systems failures.

(c)

Provide for the design and implementation of information safeguards to control risks identified through risk assessment and provide for the regular testing or monitoring of the effectiveness of those safeguards.

(d)

Provide for the overseeing of service providers by: taking reasonable steps to select and retain service providers that are capable of maintaining appropriate safeguards for the customer information at issue; requiring them by contract to implement and maintain such safeguards; and evaluating and adjusting the information security program in light of the results of testing and monitoring, changes in business operations or business arrangements, or any other circumstances that may materially impact information security.

Disposal Rule.17 The Disposal Rule was promulgated by the FTC under authority of the Fair and Accurate Credit Transactions Act of 2003. It provides that any person who maintains or otherwise possesses consumer

16 C.F.R. 682. 6

information derived from a consumer report for a business purpose must properly dispose of such information by taking reasonable measures to protect against unauthorized access to or use of the information in connection with its disposal. 4.

Dodd-Frank. The Dodd-Frank Wall Street Reform and Consumer Protection Act (Dodd-Frank), was signed into law on July 21, 2010, and made enormous changes to the financial regulatory landscape in the United States. These changes have had a dramatic impact every federal financial regulatory agency and affect virtually all of the nation’s financial services industry. The Act was intended “[t]o promote the financial stability of the United States by improving accountability and transparency in the financial system, to end ‘too big to fail’, to protect the American taxpayer by ending bailouts, to protect consumers from abusive financial services practices, and for other purposes.”18 a.

The Consumer Financial Protection Bureau (CFPB). The CFPB was established by Title X of the Dodd-Frank Act. The CFPB is an independent agency of the U.S. Government and is responsible for regulating the offering and provision of consumer financial products and services under federal consumer financial laws. The CFPB is to “enforce federal consumer financial law consistently for the purpose of ensuring that all consumers have access to markets for consumer financial products and services and that markets for consumer financial products and services are fair, transparent, and competitive.”19 (1)

Authority of the CFPB. The CFPB has authority to administer, enforce and otherwise implement federal consumer financial laws, which includes the power to make rules, issue orders and issue guidance.20 The CFPB is authorized to engage in investigations, issue subpoenas and demand the production of information and materials, conduct hearings and adjudication proceedings, and commence administrative actions and civil actions in federal court seeking any appropriate or equitable relief

18

The Dodd-Frank Wall Street Reform and Consumer Protection Act of 2010, H.R. 4173, 111 Cong. (2010). th

19

12 U.S.C. § 5511(a).

20

See 12 U.S.C. § 5511(c). 7

against any person that violates a federal consumer financial law.21 4.

State Law. Pursuant to section 535B.4 of the Code of Iowa, no person shall act as a closing agent without first being licensed to do so with the superintendent of the division of banking of the department of commerce.22 Chapter 535B of the Code of Iowa and the Iowa Administrative Code provide further rules governing the provision of real estate closing services by licensed closing agents.23

B.

OCC GUIDELINES. The Office of the Comptroller of the Currency (OCC) has issued numerous guidelines concerning the use by banks of service providers. In these guidelines, the OCC has advised regulated institutions to exercise due diligence in selecting their service providers, enter into contracts requiring service providers to implement appropriate measures to protect customer information, and monitor service providers to confirm that they have implemented said measures.24 In Bulletin 2013-29, the OCC discusses the risk management life cycle related to third party service providers and states that comprehensive and rigorous oversight and management is required for third-party relationships that involve critical activities - significant bank function (including settlements) or significant shared services (including information technology).25

C.

CFPB BULLETIN 2012-03. In Bulletin 2012-03, the CFPB declared that supervised banks and non-banks are expected to oversee their business relationships with service providers in a manner that ensures compliance with federal consumer financial laws that are designed to protect the interests of consumers and avoid consumer harm. The bulletin makes clear that the CFPB’s exercise of its supervisory and enforcement authority will closely reflect this orientation and emphasis.

21

See 12 U.S.C. §§ 5562-65.

22

Iowa Code § 535B.4 (2013). Note, however, that section 535B.2 sets forth several exceptions to the licensing requirement under Chapter 535B. 23

See Iowa Code Ch. 535; 187 Iowa Admin. Code 18.

24

12 C.F.R 30, App B.

25

OCC Bulletin 2013-29. 8

1.

Service Providers Defined. The Dodd-Frank Act defines a service provider as “any person that provides a material service to a covered person in connection with the offering or provision by such covered person of a consumer financial product or service.”26

2.

Responsibility For the Acts of Service Providers. In Bulletin 2012-03, the CFPB recognizes the value and utility of outsourcing various functions to separate service providers. Yet, the Bureau also makes clear that “the mere fact that a supervised bank or nonbank enters into a business relationship with a service provider does not absolve the supervise bank or nonbank of responsibility for complying with federal consumer financial law . . . .”27

3.

CFPB’s Expectations as to Service Provider Relationships. The CFPB advises regulated institutions to take steps to ensure that their business relationships with service providers do not put consumers at risk, which steps should include at a minimum the following:28 a.

Conducting thorough due diligence to verify that the service provider understands and is capable of complying with federal consumer financial law;

b.

Requesting and reviewing the service providers policies, procedures, internal controls, and training materials to ensure that the service provider conducts appropriate training and oversight of employees or agents that have consumer contact or compliance responsibilities;

c.

Including in the contract with the service provider clear expectations about compliance, as well as appropriate and enforceable consequences for violating any compliance-related responsibilities, including engaging in unfair, deceptive, or abusive practices;

d.

Establishing internal controls and on-going monitoring to determine whether the service provider is complying with federal consumer financial law; and

26

12 U.S.C. § 5481(26).

27

CFPB Bulletin 2013-03.

28

Id. 9

e.

III.

Taking prompt action to address fully any problems identified through the monitoring process, including terminating the relationship where appropriate.

BEST PRACTICES

A.

THE ALTA’s BEST PRACTICES. 1.

Generally. In response to the ever-increasing regulatory environment in which its members are operating, the ALTA published the ALTA Title Insurance and Settlement Company Best Practices on January 2, 2013. On July 19, 2013, it published a revised Version 2.0. The ALTA Best Practices are part of the ALTA Best Practice Framework, comprised of specific Best Practices, an Assessment Procedure and a Certification Package. According to the ALTA, the Framework was developed to assist lenders in satisfying their responsibility to manage third party vendors.29

2.

Written Policies. Every title and settlement services provider should adopt specific written policies. These policies should spell out the provider’s procedures and best practices and should be made available to the provider’s employees and customers. Also, the provider should take steps to implement the policies through adequate training and supervision. a.

Living Document. A title and settlement services provider’s policies manual should be a “living document.” In other words, it should be a document that changes from time-to-time to ensure compliance by the company and its employees with applicable laws and industry best practices. (1)

Document Changes. Changes and amendments to a company’s policies manual should be adequately documented. Each policy change or addition should result

29

Special thanks is given to the American Land Title Association for its ongoing efforts to lead the title industry into and through an ever-increasing regulatory environment. Many of the best practice recommendations set forth in this outline are based on recommendations made by the ALTA. The author has received written permission from the ALTA to use and discuss the ALTA’s Title Insurance and Settlement Company Best Practices in connection with this presentation. 10

in a new, dated and documented version of the policy or policy manual. All prior versions of policies or the policy manual should be retained. 3.

Self Assessment. The Board of Governors of the ALTA approved a motion in June, 2014, encouraging its members to conduct a selfassessment of their adoption of ALTA’s Title Insurance and Settlement Company Best Practices by no later than September, 2014.

4.

Certification. As a part of its Best Practices Framework, the ALTA has developed a Best Practices Certification Package. The Certification Package contemplates that the title services provider will hire a third party to audit and evaluate the provider’s adoption of an compliance with ALTA’s Best Practices. a.

B.

Certification Package. ALTA has developed a suggested Certification Package relative to its Best Practices and their adoption. The Certification Package consists of three components: (1)

Cover Letter. A sample cover letter from the title services provider that would be sent to customers of that title services provider.

(2)

Best Practices Certificate. A sample Best Practices Certificate to be executed by the entity who has conducted the review and has determined Best Practices compliance by the title services provider.

(3)

Declarations Page. A copy of the declarations page from the title services provider’s errors and omissions or professional liability policy.

SELECTED BEST PRACTICES.

1.

LICENSING. A title services provider should maintain current licensing as required to conduct its business of providing title and/or real estate settlement services and products.

11

a.

Iowa Law. Generally, a person shall not act as a closing agent in Iowa without first obtaining a license from the Superintendent of the Iowa Division of Banking.30 (1)

Iowa Code Chapter 535B. Chapter 535B of the Code of Iowa governs the provision of real estate closing services in the state of Iowa. Every closing agent providing settlement services in Iowa should be familiar with the provisions of Chapter 535B. (a)

(2)

2.

Exemptions. Various entities and individuals, under certain circumstances, are exempt from the licensing provisions of Chapter 535B, including certain lenders, real estate brokers, nonprofit organizations, attorneys performing closings incident to their practice of law. and government officers or employees.31 However, these entities and individuals generally are subject to other licensing rules specific to their professions.

Iowa Administrative Code. Every closing agent also should be familiar with 187 Iowa Administrative Code, Chapter 18, which provides additional rules and regulations relative to the licensing and operation of real estate closing agents in the state of Iowa.

TRUST ACCOUNTS. Real estate settlement services providers must adopt and maintain appropriate written procedures and controls relative to their escrow trust accounts.

30

Iowa Code § 535B.4 (2013). Section 535B.1 defines “closing agent” as “a person who is not a party to the real estate transaction, who provides real estate closing services.” Iowa Code § 535B.1 (2013). It further defines “real estate closing services” as the “administrative and clerical services required to carry out the conveyance or transfer of real estate or an interest in real estate located in [the state of Iowa] to a purchaser or lender . . ., [including] preparing settlement statements, determining that all closing documents conform to the parties’ contract requirements, ascertaining that the lender’s instructions have been satisfied, conducting a closing conference, receiving and disbursing funds, and completing form documents and instruments selected by and in accordance with instructions of the parties to the transaction.” Id. 31

Iowa Code § 535B.2 (2013). See section 535B.2 for further particulars. 12

a.

Separate Maintenance of Escrow Funds. Escrow and trust account funds must be kept entirely separate and apart from company operating and any and all other funds. Every escrow account is for escrow funds and escrow funds only and no personal or other funds shall be commingled with trust account funds. (1)

Exception for Bank Service Charges. Under section 535B.19 of the Code of Iowa, a licensed closing agent “may deposit and keep a sum not to exceed one thousand dollars in the trust account from the licensee’s personal funds, which sum shall be specifically identified and deposit to cover bank service charges relating to the trust account or to advance funds to pay incidental fees as permitted in section 535B.20(2).”32

b.

Trial Balance. A trial balance is an accounting tool used to check that the debits and credits in a double-entry bookkeeping ledger are equal. A settlement company should prepare a trial balance for each trust account and each subsidiary ledger at least once each month.

c.

Reconciliation. (1)

Daily Reconciliation. A settlement company should conduct a daily reconciliation of the receipts and disbursements relative to each escrow trust account. The goal is to make sure that previous-day ledgers balance, and to be sure that internal records relative to disbursements and receipts match the records maintained by the bank. For instance, if the settlement company’s subsidiary ledger as to a closing reflects a wire receipt of $100,000, the daily reconciliation performed on the following day should reflect a matching bank credit as to said receipt.

(2)

Monthly Three-Way Reconciliation. Settlement companies must perform a three-way reconciliation on a monthly

32

Iowa Code § 535B.19(6) (2013). Note that pursuant to section 535B.20(2), a licensed closing agent may “[advance] funds not exceeding one thousand dollars from a trust account or otherwise on behalf of a party to a real estate closing for the purpose of paying incidental fees, such as conveyance and recording fees, in order to effect and close the sale, purchase, exchange, transfer, encumbrance, or lease of residential real property that is the subject of the real estate closing.” Iowa Code § 535B.20(2) (2013). 13

basis. Put simply, a three-way reconciliation is used to account for every cent in an account. A proper three-way reconciliation will reflect that the book balance, the adjusted bank balance and the trial balance are all equal.33 (a)

Reconciliation Reports. Generally, a settlement company’s records relative to each monthly threeway reconciliation should include the following: i.

Reconciliation Summary Report.

ii.

Trial Balance Report.

iii.

Outstanding Receipts Report.

iv.

Outstanding Disbursements Report.

v.

Cleared Items Report.

vi.

Monthly Bank Statement.

(3)

Segregation of Reconciliation Duties. In order to ensure the reliability of a reconciliation, the reconciliation should be conducted by a person who has no authority to sign checks or initiate wires or other disbursements, and who does not make deposits or record receipts.

(4)

Review of Results of Reconciliation. Reconciliation reports should be reviewed thoroughly by appropriate company management personnel.

(5)

Follow Up With Outstanding Items. A settlement company should follow up on outstanding items regularly. Outstanding receipts would be of particular concern and should be revealed in the daily reconciliation. In addition, however, outstanding checks and other disbursements should be monitored regularly. A good practice in this

33

The Book Balance is also referred to as the checkbook register. The Adjusted Bank Balance is derived by starting with the Ending Bank Statement Balance, adding Outstanding Deposits, and then subtracting Outstanding Disbursements. 14

regard would be to designate one employee to follow up on stale outstanding checks listed the Outstanding Disbursement Report immediately following its preparation. d.

Proper Identification of Escrow Accounts. All escrow trust accounts should be identified as “escrow” or “trust” accounts on all account-related materials, including checks, deposit slips, bank statements and bank agreements.

e.

Proper Employee Authorization. Only those employees with proper authorization should handle escrow account funds. (1)

f.

Use of Federally Insured Financial Institutions. All escrow trust accounts should be with federally insured financial institutions.

g.

Positive Pay, Automated Clearing House Blocks, and International Wire Blocks. Positive pay is a fraud reduction tool offered by a bank that electronically matches checks that are presented for payment to the checks that the settlement company has issued. A standard positive pay package will match the check number and the check amount. A payee positive pay component also will match the payee on the check. The use of positive pay is recommended for all settlement companies.

h.

Escrow Agreements. Often the parties to a sales transaction have agreed to close despite the existence of a title or other issue that remains unresolved at the time of closing. In these situations, the parties may agree to escrow a portion of the seller’s proceeds to ensure that the issue is resolved in a timely and otherwise satisfactory way following closing. Often, the settlement agent is asked to serve as the escrow agent. (1)

34

Background Checks. Rule18.23(1) requires that a licensed closing agent conduct a background investigation and credit check for each employee responsible for handling funds.34

Written Escrow Agreement. In situations where the settlement company is holding a portion of the seller’s proceeds post-closing, the settlement company should require that the parties to the transaction execute a written

187 Iowa Admin. Code 18.23(1). 15

escrow agreement that spells out the terms of the of the agreement and the respective duties of the parties. At a minimum, the agreement should identify the parties, including the party serving as the escrow agent; describe the issue that warrants the post-closing escrow arrangement; describe the measures that will be taken to resolve the issue and the time frame in which the issue is to be resolved; describe the escrow agent’s duties relative to the release of the escrowed funds.

3.

35

(2)

Follow the Terms of the Escrow Agreement. It should go without saying that the escrow agent should act in a manner entirely consistent with the terms of the escrow agreement.

(3)

Follow-Up. A settlement company should develop a system to monitor and follow up on every escrow agreement with regard to which it is serving as escrow agent.

i.

Custody of Checks. A settlement company should keep an inventory of its escrow account checks and should keep unused checks locked away.

j.

Reporting Defalcation. Pursuant to Rule 18.24, if a closing agent detects defalcation regarding the closing agent’s trust account funds, the closing agent must file the following notice with the division of banking within three days of discovering the defalcation: “We have detected circumstances regarding our trust account funds that may warrant an investigation by the banking division. The amount of the funds involved is believed to be $_______.”35

k.

Ongoing Training. A settlement company should provide ongoing training to its employees relative to its escrow account policies.

GENERAL CHECKING ACCOUNTS. Settlement service providers also should adopt written policies and procedures relative to their general checking accounts.

187 Iowa Admin. Code 18.24. 16

a.

Reconciliation. As is the case with every escrow account, a threeway reconciliation should be performed as to every general checking account on a monthly basis. The policies concerning reconciliation of general checking accounts should include the segregation of reconciliation duties, the review of the results of reconciliation by management, and the regular follow up with outstanding items.

b.

Proper Employee Authorization. Only those employees with proper authorization should handle general checking account funds. (1)

4.

Background Checks. Rule18.23(1) requires that a licensed closing agent conduct a background investigation and credit check for each employee responsible for handling funds.36

c.

Use of Federally Insured Financial Institutions. All general checking accounts should be with federally insured financial institutions.

d.

Positive Pay. A settlement company may also want to consider utilizing positive pay with regard to its general checking accounts.

e.

Custody of Checks. As is the case with escrow account checks, a settlement company should keep an inventory of its general checking account checks and should keep unused checks locked away.

e.

Ongoing Training. A settlement company should provide ongoing training to its employees relative to its general checking account policies and procedures.

PRIVACY AND INFORMATION SECURITY. a.

Information Security Generally. The Gramm, Leach Bliley Act (GLB) imposes an affirmative duty on every financial institution to respect the privacy of its customers and to protect the security and

36

187 Iowa Admin. Code 18.23(1). Rule 18.23 does not limit the requirement for background and credit checks to employees who handle escrow account funds. Therefore, such checks should be conducted as to those who have occasion to handle general checking account funds. 17

confidentiality of their non-public personal information.37 Due to laws such as GLB and similar federal and state law, title companies must adopt a written information security program that details the procedures it employs to protect non-public personal information. The scope and breadth of the information security program a title company adopts should be appropriate based upon the size and resources of the company, its activities and the types of information it handles. Also, a title company should evaluate and adjust its security program regularly in response to changes in operations or the law or to address specific needs. b.

Physical Security of Non-public Personal Information. Title companies should adopt policies to ensure the physical protection of non-public personal information. (1)

37

Restriction of Access. Non-public personal information should be kept in non-public areas of the title office. Access to those non-public areas should be restricted to employees and only authorized third parties on an entirely as-needed basis. (a)

Employees. If possible, a title company should restrict employee access to NPI to those employees who must have access to perform their duties. Also, it is a good idea to conduct background checks as to any such employees.

(b)

Clean Desk Policy. Every title company should adopt a clean desk policy. Documents should be positioned in a way so as to prevent unauthorized viewing and all documents containing NPI should be removed from sight when an employee leaves his/her desk area. Documents containing NPI should be removed promptly from printers, copiers and fax machines. Also, public areas, including reception, waiting room and conference room areas should be free of files and paperwork not in immediate use.

15 U.S.C. § 6801. 18

(2)

Removal of Files and Paperwork. The removal of files and paperwork should be restricted to authorized employees only and should be done strictly as necessary. (a)

(3)

c.

Custody of Files and Paperwork. An employee who has removed files or paperwork should be required to retain physical custody of the files or paperwork at all times unless the material has been securely locked away.

Secure Delivery of Non-public Personal Information. Title companies should adopt policies that provide for the secure delivery of NPI. Such policies may include requiring a delivery means that is trackable.

Network Security of Non-public Personal Information. Title companies should adopt policies to ensure the network security of non-public personal information. (1)

General Network Security Measures. Title companies should adopt and implement policies to guard against unauthorized access to computer networks. These measures should include protection against viruses and other malware, username and password requirements and access restrictions.

(2)

Appropriate Use of Company Information Technology. Title companies should adopt policies governing the appropriate use of IT by its employees. These policies should restrict the removal of electronic or media storage devices. They further should limit use of company IT facilities to work purposes.

(3)

Secure Collection and Transmission of NPI. Title companies should implement procedures to provide for the secure collection and transmission of NPI. A secure connection providing for the encrypted exchange of information should be provided for purposes of the placement of orders on a title company’s website. Title companies also should employ encryption technology that ensures that NPI it sends by email is encrypted.

19

(4)

Regular Review of Policies. As with other policies, a title company should review and adjust as necessary its policies relative to its network security on a regular basis.

d.

Disposal of Non-public Personal Information. NPI must be disposed of in a manner that protects against the unauthorized access or use of that information. Every title company should have in place a policy that requires the shredding or other proper disposal of paper and other trash containing NPI.

e.

Management and Training. A title company’s privacy and information security policies should provide for proper training and supervision. Employees should be taught the importance of NPI security and must be entirely familiar with the company’s policies relative to such security. Further, management must actively supervise compliance with the policies.

f.

Selection and Supervision of Third Party Service Providers. It’s not enough for a title company to be sure that its employees know and follow its privacy and information security policies. In addition, a title company must be sure that those third parties who provide it with services and in the process of doing so gain access to NPI will NPI will protect that NPI.

g.

(1)

Selection of Third Party Services Providers. Care must be exercised in selecting third party service providers. A title company should undertake a review of the written privacy and security policies of its third party service providers. Further, it is recommended that any such parties sign confidentiality and non-disclosure agreements related to NPI that they may obtain in the course of providing services to the title company.

(2)

Monitoring Third Party Service Providers. Title companies also should implement policies to monitor its third party service providers for compliance with expectations relative to the protection and security of NPI.

Security Policies Review. A title company should conduct a regular review, no less than once annually, of its privacy and security policies.

20

h.

5.

CLOSING AND SETTLEMENT PROCEDURES. a.

b.

38

Security Breach Incident Management. Title companies should adopt policies that provide for the notification of appropriate law enforcement authorities in the case of a NPI security breach.

Closing Settlement Statements. A settlement statement should be used for every transaction with regard to which a title company performs real estate closing services. In the case of a closing subject to RESPA, a HUD-1 (or HUD-1A where appropriate) settlement statement must be used.38 The final settlement statement shall be signed by all parties to the transaction and shall be maintained in the closing file. (1)

Sums Should Balance and be Supported. The settlement statement should properly balance and all sums set forth thereon should be accurately supported by written evidence thereof, such as invoices, payoff statements or lender instructions.

(2)

Reflect All Sums Received or Paid Out. The settlement statement should reflect all sums that are received or paid out in connection with a closing transaction. This also is true for sums to be paid by the title company outside of closing. With regard to payments to be made, the settlement statement should reflect the amount paid, to whom paid, by whom paid and the reason for the payment.

(3)

Corrections. A title company should have procedures for correction and re-execution of any settlement statements determined to be incorrect following closing.

Conducting the Closing. (1)

Closing Instructions. A closing agent should read and comply with all closing instructions from the lender.

(2)

Confirmation of Identity of Parties to Transaction. It is important that the closing agent confirm the identity of any person who is a party to or a representative for a party to a

See 12 U.S.C. §§ 2603. 21

closing transaction who will be executing documents at a closing conducted by the closer. In this regard, the closer should review the personal identification card of any such person and make a copy for the title company’s closing file. c.

Post Closing. A title company should adopt written policies that address the post-closing process. These policies should provide at a minimum for prompt completion of the following tasks: (1)

Deposit of Incoming Funds. Incoming funds should be deposited as soon as possible.

(2)

Delivery of Payoffs and Recording Documents. Payoffs and all other sums to be paid in connection with the closing should be paid pursuant to the written instructions related thereto. Documents for recording should be promptly efiled or otherwise delivered for recording by trackable means. (a)

d.

Request for Release of Mortgage. In the case of a mortgage payoff, the payoff should be accompanied by a written request for cancellation of any line of credit and release of the mortgage.

(3)

Delivery of Any Loan Documents to Lender. Documents related to any loan transaction should be sent to the lender by trackable means.

(4)

Post-Closing Checklist. It is good practice to adopt a postclosing checklist form to be used by the post-closer in connection with the completion of the post-closing process.

(5)

1099 Reporting. The post-closing procedures should include a process for ensuring that any necessary 1099 reporting relative to the transaction will be addressed.

(6)

Follow Up Title Work. Procedures also should be employed to be sure that any post-closing title work will be completed.

Recording Procedures. Documents to be recorded should be sent out for recording on the day of closing whenever reasonably possible, but in no event later than the next business day following closing. All documents for recording should be delivered by 22

personal delivery, trackable overnight delivery or by electronic means. A title company should adopt a procedure for the tracking shipments for recording and addressing any recording objections or rejections. e.

39

The Closing File. The Iowa Administrative Code requires that a closing agent maintain a closing file for each real estate transaction for which the closing agent performed real estate closing services.39 The closing file shall include, at a minimum, the following records: (1)

Complete and Accurate Ledger. An accounting ledger or disbursement sheet that details all receipts and disbursements with date, transaction type, check number, payee, amount, and the file’s ending balance. All ledger or disbursement sheets shall balance zero after the transaction is completed. If any balance remains, the date, reason for the balance, and to whom the balance belongs shall be clearly documented in the file.

(2)

Signed Settlement Statement. A signed settlement statement that totals properly and is supported by written instructions for all amounts (such as closing instructions, invoices, or written payoffs). If it is determined that the settlement requires corrections, a copy of the signed corrected settlement statement with changes clearly documented is to be maintained in the file as well.

(3)

Closing Instructions. A copy of the closing instructions from the lender (if applicable) and from other parties to the transaction (if applicable).

(4)

Signed Real Estate Contract. A copy of the signed real estate contract, if applicable.

(5)

Identification and Closing Details. Detailed records of the parties to the transaction that are present at each closing, including copies of photo ID’s, and specifying where and when each closing was held.

(6)

Properly Executed Affidavits. Properly executed affidavits, where required.

187 Iowa Admin. Code 18.25. 23

(7)

Evidence of Recording of Documents. Evidence that the real estate transaction documents were filed with the county recorder.

f.

The Closing Register and Closing Index. A licensed closing agent in Iowa also is required to maintain a closing register and a closing index.40

g.

Quality Control and Follow Up. A title company should consider a procedure that provides for the internal auditing of its closing files to ensure proper compliance with the company’s closing and other policies. Any such policy should provide guidance on how files are selected and should ensure that the selected files are reasonably sufficient in terms of number and types to achieve the auditing objectives.

h.

Notarial Activities. Title companies should adopt policies relative to it notarial activities. Such policies should at a minimum cover the following matters:

i.

(1)

Licensing. All notaries acting for the title company should be properly licensed and should be familiar with applicable notary laws.

(2)

Verification of Identity. The notarial policy should make clear that no notary employee shall notarize any document without first verifying the identity of the person with regard to whom the instrument is being notarized. The best practice is to require that the person executing the instrument first produce his/her photo ID for inspection by the notarial officer.

1099's and 1099 Reporting. A title company should adopt a written procedure relative to 1099 reporting.

40

187 Iowa Admin. Code 18.25. Rule 18.25 defines a closing register as a chronological list of real estate closings and requires that it include for each closing the date of the transaction, name of the buyer/borrower, name of the seller, name of the lender, the mortgage loan originator, and the property address, as applicable. According to Rule 18.25, a closing index shall make all records accessible by the names of the parties to the transaction (including name of the buyer/borrower, name of the seller, and the name of the mortgage loan originator, if any) and file number. A searchable database containing the required information is sufficient. 24

(1)

General Rule. Pursuant to the Internal Revenue Code, a real estate closer is required to report to the IRS a transaction for the sale of real estate. This report is made by means of the filing of an IRS Form 1099-S.

(2)

Exceptions to the General Rule. The following types of transfers need not be reported by the closing company: (a)

A gift.

(b)

A refinance.

(c)

A sale with regard to which the following five statements are true: (i)

The seller owned and used the residence as the seller’s principal residence for periods aggregating 2 years or more during the 5year period ending on the date of the sale or exchange of the residence.

(ii)

The seller has not sold or exchanged another principal residence during the 2-year period ending on the date of the sale or exchange of the residence.

(iii)

No portion of the residence has been used for business or rental purposes after May 6, 1997, by the seller (or by the seller’s spouse or former spouse, if the seller was married at any time after May 6, 1997).

(iv)

At least one of the following three statements applies:

25

-

The sale or exchange is of the entire residence for $250,000 or less; or

-

The seller is married, the sale or exchange is of the entire residence for $500,000 or less, and the gain on the sale or exchange of the entire residence is $250,000 or less; or

-

(v)

The seller is married, the sale or exchange is of the entire residence for $500,000 or less, and (a) the seller intends to file a joint return for the year of the sale or exchange, (b) the seller’s spouse also used the residence as his or her principal residence for periods aggregating 2 years or more during the 5-year period ending on the date of the sale or exchange of the residence, and (c) the seller’s spouse also has not sold or exchanged another principal residence during the 2-year period ending on the date of the sale or exchange of the residence.

During the 5-year period ending on the date of the sale or exchange of the residence, the seller did not acquire the residence in an exchange to which section 1031 applied.

(d)

A transfer with regard to which the transferor is a corporation or a governmental unit (such as a city or state). If the transferor is a limited liability company, a partnership, or any other entity that is not a corporation, the transfer should be reported.

(e)

A transfer in full or partial satisfaction of any indebtedness secured by the property transferred. This would include a foreclosure or forfeiture, or a transfer in lieu of foreclosure or forfeiture.

(f)

A de minimis transfer in which it can be determined with certainty that the total consideration (in money, services and property), received or to be received in connection with the transaction is less than $600 in value as of the date of the closing.

(g)

A transfer by an exempt volume transferor, if the closing agent receives a certification of exempt status.

26

j.

Closing Training. A settlement company should provide regular training for its employees involved in the closing process.

6.

ABSTRACTING PROCEDURES. For those title companies that provide abstracting and title searching services and products, policies should be adopted pertaining to the preparation of such products and the provision of such services. Also, procedures should be adopted relative to employee training.

7.

BILLING PROCEDURES. a.

Billing and the Generation of Invoices. Billing and the generation of invoices should be completed only by employees specifically authorized to do so. All billing should be consistent with the title company’s written pricing schedules or a written pricing agreement it may have with a third party. Also, every invoice should clearly disclose the services rendered and/or products provided and should disclose any services or products that may have been provided by any third party for which the title company is seeking reimbursement for any costs advanced by the title company to any such third party. (1)

b.

8.

Post-Closing Review of Files. It is recommended that title companies adopt a quality control review policy of files post closing to help ensure that consumers were charged the correct rates for the company’s services and products and for other charges related to settlement. The policy should provide for timely refunds to consumers where any overpayment is determined.

Managing Accounts Receivable. A title company also should adopt written policies relative to the management of accounts receivable.

FILE MANAGEMENT. a.

Opening Files. Title companies should adopt policies relative to the opening of files. It is recommended that a file be opened as to any order immediately upon its receipt. Also, the opening of files should be restricted to authorized personnel. 27

b.

Custody and Maintenance of Open Files. Policies should be adopted and implemented relative to the custody of open files. (1)

Restrictions Relative to File Removal. It is recommended that these polices restrict the taking of open files from the office. Only authorized employees should remove open files, and only when such removal is necessary in connection with the services that are to be provided to the consumer. Further, only that portion of the file as is necessary to complete any such work away from the office should be removed.

(2)

File Protection. Company policies should provide for the protection of open files. When a file or a portion of a file must be removed from the office, it must remain in the custody of the employee removing the file or must otherwise be securely stored.

(3)

File Documentation. Policies also should be adopted that require employees to document activity and the custody of open files.

c.

Closing Files. Files should be closed as soon as possible upon completion of all work on that file. In some cases, policies may be necessary to provide for follow up work

d.

Final Title Work. As applicable, title companies should adopt appropriate procedures for the production, delivery and remittance of title insurance/guaranty policies. These recommendations are consistent with ALTA’s Best Practices recommendations and are necessary to help ensure that title companies can meet their legal and contractual obligations. (1)

Title Policy Production and Delivery. Title policies should be issued and delivered in a timely manner. It is recommended that policies be delivered within 30 days of the later of the date of settlement, or the date that the terms and conditions of the title insurance commitment are satisfied.

(2)

Premium Reporting and Remittance. Title insurance policies and premiums should be reported to the underwriter in a timely manner consistent with the requirements of the underwriter. 28

9.

10.

INSURANCE AND BONDS. Every title company should have clear policies relative to the maintenance of professional liability insurance, surety and other bond coverage and other insurance protections. a.

Professional Liability or Errors and Omissions Insurance. A title company should carry sufficient professional liability or errors and omission insurance to meet the requirements of its customers and allow it to adequately stand behind its work.

b.

Surety Bonds. Every closing agent licensed in the state of Iowa must obtain a surety bond of no less than $25,000.41

c.

Additional Coverages. In some cases, it is necessary for a title company to carry additional coverages and protections. For instance, every title company should carry adequate property and casualty insurance and workers compensation insurance as required under state law. Also, some customers may require additional protection such as fidelity bond coverage. A title company also may want to consider additional coverage relative to employee theft.

CUSTOMER INQUIRIES AND COMPLAINTS. Every title company should adopt policies to address and resolve customer complaints in a polite and timely manner. Responses to complaints should contain complete and accurate information and should be and based on a well-considered evaluation of the matter.

41

Iowa Code § 535B.9(5) (2013). Pursuant to section 535B.9 of the Code of Iowa, and Rule 187-18.2(6) of the Iowa Administrative Code, a licensed closing agent shall file with the Administrator of the Division of Banking a bond in the amount of $25,000, furnished by a surety company authorized to do business in the state of Iowa. The bond shall be continuous in nature until canceled by the surety with not less than 30 days’ prior written notice to the closing agent and to the Administrator indicating the surety’s intention to cancel the bond on a specific date. The bond shall be conditioned upon the closing agent’s faithfully conforming to and abiding by Chapter 535B of the Code of Iowa and any rules adopted under that chapter and shall require that the surety pay to the state all moneys that become due or owing to the state from the applicant by virtue of Chapter 535B. In lieu of filing a bond, a closing agent may pledge an alternative form of collateral acceptable to the administrator, if the alternative collateral provides protection to the state and any aggrieved person that is equivalent to that provided by a bond. Iowa Code § 535B.9(4) (2013). 29

11.

a.

Complaint Form. It is recommended that all customer complaints that require a response be documented by the title company on a standardized “complaint form.” The complaint form should include the details relative to the complaint and should further include an area to describe the manner in which the complaint was addressed and resolved. Customer complaint forms should be kept for future reference.

b.

Single Point of Contact for Customer Complaints. It is recommended that a single point of contact be established for receiving customer complaints. Complaints may then be forwarded to the appropriate personnel.

DISASTER RECOVERY AND BUSINESS CONTINUITY. Title companies should develop a business continuity and disaster recover plan and provide adequate employee training relative to such plan.

30

Suggest Documents