Escrow Recommended Controls (AC July 2023)
1. Only close with collected funds.
2. Ensure new escrow employees are well trained.
3. Consider adding a recommended layer of protection to escrow accounts with ClosingLock, CertifID or PayOffAssist to prevent wire fraud.
4. Monthly “three-way reconciliations” of ALL escrow accounts including dormant, premium, and recording accounts are required.
5. Indicate management review of reconciliation reports as required by BOI by signing and dating on cover sheets, monthly. Ensure proper segregation of duties is in place, especially segregating check signors from those authorized to perform bank reconciliations.
6. Ensure Payee Positive Pay/Positive Pay (regular)/Reverse Positive Pay is established for all escrow accounts. Review any exceptions in accordance with the bank’s instructions and timelines. Set the default to “return” any exception items where no decision has been made.
7. If paying SimpleFile via ACH, ensure proper filters or controls are in place with the bank to prevent escrow fraud.
8. When switching to another software vendor, open new escrow accounts.
9. In addition to the monthly reconciliation, bank account activity should be monitored daily. A daily reconciliation includes verification of all receipts and disbursements.
10. Dual control over wire transfers is established. Do not share passwords or tokens to online bank accounts.
11. Review/approve wire transfers in a thorough manner: reviewing backup documentation, verifying third-party wire transfer instructions, and making sure the payoff amount is from a valid escrow file. Any request to change the (wire payoff) payment instructions should require a callback or verification from a trusted source. Do not rely on the contact information provided in the suspect communication.
12. Use high-quality check stock with security features. Protect checks and company check stock by limiting access and keeping inventory in locked cabinets when not in use. Keep printed or copies of printed checks out of sight and in locked cabinets when unattended, as these checks contain sensitive bank account information.
13. ACH Debit blocks OR ensure filters/controls are available with ACH e.g., Positive Pay services.
14. Do not access your bank website via an email link, even if the email looks legitimate. Do not give out account or password information to anyone who calls or emails you for this type of personal information. Banks typically do not solicit this information from you in this manner.
15. International transactions are strongly discouraged and should be avoided unless you have the legal and underwriting expertise to manage it. In addition to fraud originating from foreign countries, other issues to be aware of are OFAC requirements, tax withholding, anti-money laundering laws and others. Should you decide to accept international transactions, develop a policy to address the extra risk associated with them e.g., fraud/diverted funds or delayed returns at lower exchange rates, if any.
16. Accepting substantial amounts of cash is strongly discouraged.
17. Obtain background checks on all employees who have access to escrow functions.