Your IOLTA stays yours.
Disbo never holds your client funds. Money moves only when you authorize it, and only to recipients you've verified. Here's exactly how that works — and how we keep it secure.
You authorize. Disbo executes. Nothing moves without you.
Disbo is your authorized agent — not a place your money sits. Under ABA Model Rule 1.15, your firm remains the direct holder of the trust account. We simply carry out the disbursements you approve.
At your own bank. You remain the sole account holder — Disbo can't change your account or move its ownership.
Every payment starts with you
You approve each disbursement inside Disbo, the same way you'd hit send in online banking. No one at Disbo can release your funds for you.
To a recipient already checked
The payee has a W-9 on file and is screened against OFAC and sanctions lists. The payment runs over Modern Treasury's regulated rails — ACH, RTP, or wire.
Money reaches only who you chose
Funds land in the enrolled account — your client, a medical provider, an expert. Every step is timestamped and logged for three-way reconciliation and CTAPP audits.
At no point does Disbo hold, own, or control your client funds. Funds leave your trust account only as a disbursement you authorized, sent to a recipient you verified.
Money can only reach people you've verified.
You can't mistype a wire to the wrong account, and a bad actor can't redirect a payment to their own. Disbo pays only recipients who have been verified and enrolled — never a raw routing or account number.
W-9 on file
Every payee is identified and documented before a single dollar can be sent to them.
OFAC & sanctions screening
Recipients are screened against federal watchlists as part of payout readiness.
Enrolled recipients only
Payments route to a verified account on the network — not to numbers typed in on the fly.
Dual approval
Sensitive transfers use maker-checker approval, so no single action releases funds.
Built on regulated, audited infrastructure.
The platform that moves money for you sits on the same infrastructure trusted by banks and fintechs — with controls layered at every step.
AES-256 encryption
Data is encrypted in transit and at rest.
Least-privilege access
Role-based permissions limit who can see or do what, internally and at your firm.
Immutable audit log
Time-stamped records of every login, view, edit, approval, and transfer.
Daily off-site backups
Backed up daily with integrity checks for resilience and recovery.
Regulated payment rails
Payments run on Modern Treasury, which is SOC 2 Type II.
Verified bank linking
Plaid links to your trust account to read balances and verify it — we never get your banking login.
Disbo attestations
Disbo's own SOC 2 Type II and HIPAA examinations are underway.
HIPAA & PHI
A Business Associate Agreement (BAA) is available to every firm; PHI is handled under HIPAA-aligned controls.
Paper checks are the riskier option.
The status quo for trust disbursements — the paper check — carries the very exposure attorneys worry about. Disbo removes the document, verifies the destination, and records the trail.
Paper check
- Can be lost, stolen, or altered in the mail
- Payee identity is never verified before sending
- No real-time tracking once it leaves your office
- Reconciliation is manual and error-prone
- A physical document anyone in the chain can intercept
Disbo
- No physical document to intercept or wash
- Payee is verified and screened before payment
- Funds reach only the enrolled account you chose
- Automatic three-way reconciliation
- A full, timestamped audit trail for every dollar
Designed around the rules that govern your trust account.
Disbo is built so the way money moves and the way it's recorded both line up with what regulators expect.
ABA Model Rule 1.15
You stay the holder of your trust account at a state-bar-approved institution. Disbo acts only as your authorized agent — not a money transmitter. Our fees are billed to your operating account, never deducted from trust.
Three-way reconciliation
Automatic matching across your bank, your trust ledger, and your client/matter ledgers, with exceptions flagged for review.
CTAPP-ready exports
Generate the reports and ledgers an examiner asks for — reconciliation packets, subledger activity, and audit logs — in a click.
You stay responsible — we make it provable
The State Bar holds you accountable for your trust account, and that doesn't change. What changes is your ability to prove compliance on demand, and to prevent the errors that lead to discipline in the first place.
The questions attorneys actually ask.
Does Disbo have access to my IOLTA?
Disbo links to your existing trust account through Plaid to read balances and verify the account, and to initiate the payments you approve. It can't change your account, move its ownership, or send funds anywhere you haven't verified. You remain the sole account holder.
Can Disbo move money on its own?
No. Every disbursement requires your authorization. Disbo executes the instruction you approve — nothing moves without you. It works like clicking “send” in your own online banking.
What happens if Disbo is breached?
Because Disbo never holds your funds, and money can only reach recipients you've already verified and authorized, a breach of Disbo can't drain your trust account. Sensitive data is encrypted, access is least-privilege and logged, and we maintain an incident response plan with notification to affected firms.
Where do Disbo's fees come from?
Disbo's fees are billed to your operating account — never deducted from your trust account, in keeping with trust accounting rules.
Is this compliant with the State Bar?
The architecture is built around ABA Model Rule 1.15: you remain the sole holder of your trust account, and Disbo acts only as your authorized agent. You also get audit-ready three-way reconciliation and CTAPP exports to demonstrate compliance.
See it move, end to end.
Watch a settlement go from deposit to verified disbursement to a reconciled, audit-ready record — on your own trust account, with you in control the whole way.
Built to manage IOLTA accounts and send secure disbursements.
"You keep custody. We move the money you tell us to."
This page describes Disbo's platform and security practices and is provided for general information; it is not legal advice. Capabilities and certifications described here reflect Disbo's current platform and may be updated as the product and its attestations evolve. Modern Treasury and Plaid are third-party infrastructure providers; SOC 2 Type II is an attestation held by Modern Treasury. © 2026 Disbo.