Many title and escrow companies undergo cybersecurity and IT compliance audits. In April 2012, the Consumer Financial Protection Bureau (CFPB) issued Bulletin 2012-03 titled “Service Providers”. The CFPB bulletin included expectations around supervised banks and non-banks (i.e. lenders) to oversee business relationships, including compliance initiatives, with their service providers. The bulletin was meant to ensure practices were in place to meet Federal consumer financial law, which is designed to protect the interests of consumers and avoid consumer harm.
The title and escrow marketplace has been baffled on the best way to demonstrate adherence to the new CFPB guidance. Amid the fog of uncertainty, the SOC 1 audit is the prevailing compliance vehicle of choice when meeting the CFPB requirements. In response to the CFPB bulletin, many title and escrow companies have been in search of specific guidance to follow to come into compliance. One of the more popular sources of guidance has come from the American Land Title Association® (ALTA®). ALTA® has created the Title Insurance and Settlement Company Best Practices. To test compliance with these best practices, many in the title and escrow industry are using the SOC 1 audit as the “go-to” compliance vehicle of choice.