Spark Title Best Practice Policies

Best Practice Policies

Version 1.1

This Best Practices Manual has been set forth in accordance to the guidelines set by the American Land Association and in compliance with the Gramm-Leach Biley Act and the Consumer Financial Protection Bureau established under the Dodd-Frank Act.

PROCEDURES FOR MAINTAINING LICENSES REQUIRED TO CONDUCT THE BUSINESS OF TITLE INSURANCE

Spark Title, LLC (The Company) maintains state mandated licenses and corporate registrations to remain in good standing with the state of Texas.

  1. The Company is organized as a Texas limited liability company and the company’s Certificate of Formation is on file with the Texas Office of the Secretary of State.
  2. The Company is licensed by the Texas Department of Insurance (TDI) as a Texas title insurance agent.
    • The Company’s TDI license number is 2311791.
    •  Company’s TDI license expires July 1, 2020.
  3. Only individuals holding an escrow officer license issued by TDI will be allowed to perform the duties of an escrow officer in Texas on behalf of the Company.
  4. The Company’s management personnel will review TDI regulations to ensure necessary personnel are properly licensed at all times.
  5. The Company’s management personnel will renew licenses and submit regulatory filings as necessary to maintain compliance with TDI rules and regulations.
  6. The Company will provide copies of licenses to State regulators, underwriters, and lenders upon request.

ESCROW TRUST ACCOUNTS PROCEDURES AND CONTROLS

Spark Title, LLC (the Company) maintains procedures and controls to safeguard client funds. These procedures help ensure accuracy and minimize the exposure to loss of client funds.

  1. All funds the Company maintains under a fiduciary duty to another are held in an account identified as an “escrow account” or “trust account.”
    • Funds maintained under a fiduciary duty to another are not commingled with the Company’s operating account.
    • Funds maintained under a fiduciary duty to another are not held in a personal account of an individual employed by the Company.
  2. The Company regularly prepares Trial Balances of its Escrow Trust Accounts.
    • Escrow Trust Accounts are prepared with Trial Balances (“Three-Way Reconciliation”), listing all open escrow balances monthly.
  3. The Company regularly reconciles Escrow Trust Accounts.
    • On at least a daily basis, reconciliation of the receipts and disbursements of the Escrow Trust Account is performed.
    • On at least a monthly basis, a Three-Way Reconciliation is performed reconciling the bank statement, check book and Trial Balances.
    • Duties are segregated to help ensure the reliability of the reconciliation. Reconciliations are conducted by someone that does not have signing authority on the Escrow Trust Account.
    • Results of the reconciliation are reviewed by management and are accessible electronically by Company’s contracted underwriter(s).
  4. Escrow Trust Accounts are properly identified.
    • Accounts are identified as “escrow” or “trust” accounts. Appropriate identification appears on all account-related documentation including bank statements, bank agreements, disbursement checks and deposit tickets.
  5. Outstanding file balances are documented.
  6. Transactions are conducted by authorized employees only. Spark Title, LLC reserves the right to amend or modify these policies at any time. Page 4 of 14
    • Only employees whose job functions require the ability to transfer funds to and from Escrow Trust Accounts will be authorized to do so. Appropriate authorization levels are set by the Company management and reviewed for updates annually. Former employees are immediately deleted as listed signatories on all bank accounts.
  7. Unless otherwise directed by the beneficial owner, Escrow Trust Accounts are maintained in Federally Insured Financial Institutions.
  8. The Company utilizes Positive Pay or Reverse Positive Pay, and has policies and procedures in place that prohibit or control the use of Automated Clearing House transactions and international wire transfers.
  9. The Company performs background checks during the hiring process.
    • The Company performs background checks on employees during the hiring process.
    • The Texas Department of Insurance performs criminal background checks on escrow officers before issuing an individual a Texas escrow officer license. The Texas Department of Insurance requires escrow officer licenses to be renewed every two years.
    • The Company only allows individuals licensed by the Texas Department of Insurance as Texas Escrow Officer’s to disburse funds from the Company’s escrow or trust accounts.
  10. The Company regularly conducts training for employees in management of escrow funds and escrow accounting.
    • The Company is a member of the Texas Land Title Association (TLTA).
    • The Company regularly sends employees and management personnel to continuing education sessions hosted by TLTA and the Company’s underwriters.

 

PRIVACY AND PROTECTION OF NON-PUBLIC PERSONAL INFORMATION POLICY

Title V of the Gramm-Leach Bliley Act (GLBA) generally prohibits any financial institution, directly or through its affiliates, from sharing nonpublic personal information about you with a non-affiliated third party unless the institution provides you with a notice of its privacy policies and practices, such as the type of information that it collects about you and the categories or persons or entities to whom it may be disclosed. In compliance with GLBA, we are providing you with this document, which notifies you of the privacy policies and practices of Spark Title, LLC (the Company).

We may collect non-public personal information about you from the following sources:

  • Information we receive from you, such as on applications or other forms.
  • Information about your transactions we secure from our files, our affiliates, or others.
  • Information we receive from a consumer reporting agency.
  • Information that we receive from others involved in your transaction, such as the real estate agent or lender.

Unless it is specifically stated otherwise in an amended Privacy Policy Notice, no additional non-public personal information will be collected about you.

We may disclose any of the above information that we collect about our customers or former customers to our affiliates or to non-affiliated third parties as permitted by law.

WE DO NOT DISCLOSE ANY NON-PUBLIC PERSONAL INFORMATION ABOUT YOU WITH ANYONE FOR ANY PURPOSE THAT IS NOT SPECIFICALLY PERMITTED BY LAW.

Federal and state laws (including the GLBA) require title companies to develop a written information security program that describes the procedures they employ to protect Non-public Personal Information (NPI). The program must be appropriate to the company’s size and complexity, the nature and scope of the company’s activities, and the sensitivity of the customer information the company handles. A company evaluates and adjusts its program in light of relevant circumstances, including changes in the company’s business or operations, or the results of security testing and monitoring. Spark Title, LLC’s written information security program is outlined below.

  1. The Company restricts access to NPI Spark Title, LLC reserves the right to amend or modify these policies at any time. Page 6 of 14
    • Access to NPI is limited to individuals whose access is necessary to perform legitimate business functions.
    • Employees with access to NPI, or individuals being considered for positions with access to NPI, must undergo a criminal background check prior to hiring or receiving access to NPI. Employees with access to NPI must undergo subsequent criminal background checks at least every three years.
    • Cooperation and compliance with this policy is a condition of employment or continued employment with the Company. Refusal by an employee or applicant may result in disqualification from employment with the Company.
    • The Company shall maintain records regarding employee background checks for at least three years from the date of the criminal background check.
    • The Company strongly encourages a “Clean Desk Policy.” During the workday, employees should not leave documents or files containing NPI open or accessible at unattended work stations. Before leaving for the day employees must place all documents, files, portable devices, and electronic media containing NPI in a locked private office, file cabinet, or drawer.
    • The Company’s file cabinets and file rooms are kept locked when not in use.
    • The Company’s employees must accompany any nonaffiliated persons, including but not limited to couriers, vendors, third party service providers or customers, if the nonaffiliated person must pass through an area of the Company office that contains NPI.
  2. The Company shall take appropriate measures to maintain the security of its computer networks.
    • The Company’s computer systems permitting access to NPI shall require users to log-in with a unique User ID and password before obtaining access to NPI.
    • The Company’s computers shall require an employee to enter a password after a period of inactivity of 15 minutes or less.
    • The Company’s wireless networks shall require a password to join.
    • The Company shall establish general password standards for employees.
    • The Company shall require employees to change passwords at least every 90 days.
    • The Company will maintain up-to-date operating systems for servers, desktops, laptops and other devices that access the Company networks.
    • The Company maintains up-to-date network firewalls, malware, virus protection, and spyware programs as appropriate.
    • The Company will apply security patches as recommended by the provider after ensuring that any patches will not negatively affect the Company’s software or processes.
    • The Company will perform periodic independent third-party network security assessments including intrusion detection and penetration testing, and will consider the recommendations of the third-party service provider in updating the Company’s network and policies.
    • The Company shall periodically back-up servers as appropriate to the data and processes they support.
    • Portable or Removable Media, including, but not limited to, laptops, tablets, smart phones, USB drives, CDs, DVDs, tapes, and flash drives, containing NPI shall be password-protected or encrypted.
    • Employees must report the loss or theft of Portable or Removable Media immediately to their direct supervisor.
    • Portable or Removable Media containing NPI shall not be left in an unlocked vehicle or where visible from outside the vehicle.
    • Portable or Removable Media containing NPI shall not be left in a hotel room, conference room, reception area, or other location accessible by others without authority to access the NPI.
    • Each employee is responsible for protecting Portable or Removable Media containing NPI in their possession from theft or unauthorized access.
    • If the Company adopts or amends its best practices or policies, all employees shall read and sign an acknowledgement of the new best practice or policy.
  3. Collection and transmission of NPI shall be secure and/or encrypted.
    • Data, files, or other information containing NPI must be stored on the Company’s encrypted network. Data, files, or other information containing NPI may not be stored on computer servers, desktops, copiers, laptops, smart phones, tablets, Portable or Removable Media, or other types of electronic devices.
    • Employees may not load data, files, applications, databases, or other programs containing NPI on to personal computers.
    • The Company will physically secure assets with NPI by limiting physical access to the Company’s servers and server hardware.
    • The Company shall establish a business domain (@envisiontitletexas.com), email server, and each employee will be given a Company email address.
    • The Company shall use an email encryption service to transmit any email containing NPI.
    • The Company shall use a spam or content filtering program on all email servers.
    • Employees shall not use any public or free email addresses (i.e. gmail.com, aol.com, apple.com etc.) to send or receive business related emails containing NPI.
    • If an employee receives an un-encrypted email containing NPI, the employee must notify their direct supervisor. The Company should request that the sender use an alternate delivery method.
  4. The Company shall appropriately maintain and dispose of NPI.
    • Access to NPI shall be limited on a “need-to-know” basis. Employees shall be granted the minimum amount of access necessary for their job functions.
    • The Company will immediately review and adjust access privileges any time a Company employee is terminated or changes job functions, as well as any time an independent contractor, or third party service provider severs its relationship with the Company. Upon termination of employment all access to Company computer systems must be promptly removed and discontinued.
    • The Company will maintain records consistently with rules and regulations promulgated by the Texas Department of Insurance.
    • Obsolete documents containing NPI will be shredded. The Company shall maintain locked shredding containers for documents containing NPI that are to be destroyed.
    • Before disposing of decommissioned components (servers, computers, laptops, copiers, scanners, fax machines, external hard drives, etc.), the Company shall encrypt decommissioned components that may contain NPI before deleting data and/or destruction. Alternatively, hard drives may be shredded or taken to an approved electronics disposal provider. All NPI stored on decommissioned components must be removed or made unrecoverable. If the NPI cannot be made unrecoverable, physical destruction of the decommissioned component is required.
  5. The Company shall maintain a disaster management plan.
    • Business continuity and disaster recovery planning shall be included in the Company’s employee training and information systems security plan.
    • The Company shall take appropriate measures to protect facilities and equipment from physical and environmental threats and interruption to business activities.
  6. The Company shall train all employees on its Privacy and Protection of NPI Policy.
    • A member of the Company’s management team shall explain this Policy to all incoming employees and temporary contract personnel, as well as the individual’s responsibilities under this Policy, and the potential consequences for non-compliance.
    • Each new employee will receive training regarding the importance of information security and NPI during new employee orientation. This training will include the proper use of computer information, passwords, controls and procedures to prevent employees from providing NPI to unauthorized persons, and methods for proper storage and disposal of documents containing NPI.
    • New employees and temporary contract personnel will receive a copy of this Policy, and must acknowledge in writing that they have read, understand, and will abide by this Policy.
    • Direct supervisors of employees with access to NPI must actively ensure that their employees understand and have adequate training in handling NPI. Any concerns should be immediately brought to the attention of the Company’s management team.
    • The Company will conduct annual training for all employees regarding the importance of information security and the proper handling of NPI. Training activities may be modified based upon the employees’ perceived risks, tasks, scope of employment, and access to NPI.
  7. The Company shall require third-party service providers to comply with this Policy.
    • The Company will select and retain service providers that are capable of appropriately handling and safeguarding NPI.
    • The Company’s contracts with third-party service providers will require the third-party service provider to implement or maintain policies for NPI consistent with this Policy.
    • The Company’s contracts with third-party service providers will include assurances that:
      • The third-party service provider has satisfied its obligations regarding the handling of NPI;
      • The third-party service providers will immediately notify the Company following discovery of a breach or suspected breach involving NPI; and
      • To the extent the third-party service provider is unwilling to include such contractual language the Company will seek to obtain an alternative assurance.
  8. The Company will periodically review its policies to ensure proper handling of NPI.
    • Network vulnerability testing shall be performed periodically to ensure that NPI and the Company network are protected.
    • Remediation of any discovered vulnerability shall be initiated with reasonable promptness, with consideration given to the severity of the vulnerability.
    • As part of this Policy, the Company will conduct annual reviews to identify and assess external and internal risks to NPI associated with the Company’s information systems, including network and software design, network access, information processing, and the storage, transmission, and disposal of NPI.
    • The Company shall evaluate procedures and methods for detecting, preventing, and responding to system failures or external attacks.
  9. The Company will appropriately report data breaches.
    • The Company shall take all necessary actions to protect NPI in accordance with this Policy and applicable legal requirements. Actual and suspected data breach incidents shall be reported, investigated, and handled in a timely manner. The Company shall work with the affected clients, consumers, and local law enforcement as may be appropriate under the circumstances.

REAL ESTATE SETTLEMENT PROCEDURES AND POLICIES

Spark Title, LLC (The Company) has adopted policies to ensure the Company meets state, federal, and contractual obligations governing the settlement process.

  1. The Company submits documents for recording to the county recorder, or the person responsible for recording the documents, within two business days of the later of (i) the date of the Settlement, or (ii) the Company’s receipt of the documents if the Settlement is not performed by the Company.
  2. The Company logs and tracks the shipment of documents for recording.
  3. The Company logs, reviews and responds to recording rejections in a timely manner.
  4. The Company verifies that recordings occurred and maintains a record of the recording information for each document.
  5. The Company only uses rates for title insurance premiums promulgated by the Texas Department of Insurance (TDI)
    • The Company’s management personnel review guarantee files to ensure that rates and fees are applied correctly.
    • Refunds for overpayments are paid to consumers consistent with TDI rules and regulations.
  6. The Company requires and verifies that third-party signing professionals engaged by the Company possess the appropriate qualifications, professionalism, and knowledge.
    • Third-party signing professionals engaged by the Company must be covered by Errors and Omissions insurance, and a Notary surety bond, if required by applicable state law.
    • Third-party signing professionals engaged by the Company must furnish evidence of their current state licensure, where required, or evidence if they have attained a recognized and verifiable industry designation.
    • Third-party signing professionals engaged by the Company must provide an acknowledgement of compliance with the Company’s Privacy and Protection of Non-Public Personal Information Policy.
    • If a third-party signing professional is contractually retained by anyone other than the Company (including the buyer or seller), the responsibility for verifying that the third-party signing professional meets applicable standards rests with that party.

TITLE POLICY PRODUCTION, DELIVERY, REPORTING AND PREMIUM REMITTANCE POLICY

Spark Title, LLC (the Company) maintains procedures and controls to ensure that the Company meets its legal and contractual obligations regarding the production, delivery, and remittance of title insurance policies and premiums. These procedures ensure that the Company delivers policies to consumers in a timely and accurate manner. Additionally, they ensure that premiums are remitted correctly.

  1. The Company issues and delivers title insurance policies to customers within thirty days of the later of: (i) the date of Settlement, or (ii) the date that the terms and conditions of the title insurance commitment are satisfied.
  2. The Company reports title insurance policies to the underwriter (including a copy of the policy, if required by the underwriter) to meet applicable statutory, regulatory and contractual obligations, but not to exceed 45 days following the later of: (i) date of Settlement, or (ii) date the terms and conditions of the title insurance commitment are satisfied.
  3. The Company remits title insurance premiums to the underwriter in compliance with rules promulgated by the Texas Department of Insurance and the Company’s contractual agreements with its underwriters.

PROCEDURES FOR MAINTAINING INSURANCE COVERAGE

Spark Title, LLC (The Company) maintains insurance and fidelity coverage to meet its legal and contractual obligations.

  1. The Company maintains insurance coverage in accordance with State law and the Company’s contractual obligations.
    • The Company maintains a Texas Title Insurance Agent Bond. The coverage is renewed annually and maintained in the amount required by State law.
    • The Company maintains a Texas Escrow Officer Schedule Bond. The coverage is renewed annually and the bond is maintained in the amount required by State law.
    • The Company maintains a Texas Title Insurance Agent’s Minimum Capitalization Bond. ​The coverage is renewed annually and maintained in the amount required by State law.
    • The Company maintains a Title Insurance Agent’s Errors and Omissions policy with an insurance company and in a form satisfactory to its underwriter. The Company maintains this coverage in an amount equal to, or greater than, the amount required by the Company’s underwriters.
    • The Company maintains fidelity insurance covering the Company’s officers, employees, shareholders, partners, members and other principals of the Company. The coverage is renewed annually and adjusted as required by the Company’s underwriters.
  2. The Company reviews all insurance policies and bonds on annual basis and adjusts coverage as necessary to meet requirements specified by State law, underwriter agreements, or based upon general business prudence.
  3. The Company will provide evidence of coverage to State regulators, underwriters, and lenders upon request.

POLICIES AND PROCEDURES FOR RESOLVING CONSUMER COMPLAINTS

Spark Title, LLC (the Company) maintains procedures and controls to address consumer complaints. These procedures help ensure that reported instances of poor service or non-compliance are discovered and addressed by the Company’s management team.

  1. The Company has adopted a consumer complaint form that allows the consumer to identify the property involved in the transaction, the Guaranty File number, the escrow officer or other Company personnel involved with the transaction, and the date of the closing.
  2. All consumer complaints should be directed to the Company’s designated on-site manager. Consumers may send complaints to the designated on-site manager by email at [email protected]
  3. The designated on-site manager will work with the consumer and the appropriate Company personnel to resolve any complaints. The designated on-site manager will notify the Company’s Chief Executive Officer of any complaints the company receives and provide monthly updates on the complaint until the matter is resolved.
  4. The designated on-site manager will maintain a log of consumer complaints that includes whether and how the complaint was resolved.

Spark Title, LLC reserves the right to amend or modify these policies at any time.

Superior Performance And Reliable Knowledge.