Security & Compliance

Your IOLTA stays yours.

Disbo never holds your client funds. Money moves only when you authorize it, and only to recipients you've verified. Here's exactly how that works — and how we keep it secure.

You keep the accountYou authorize every paymentVerified payees onlyEvery transaction logged
How money moves

You authorize. Disbo executes. Nothing moves without you.

Disbo is your authorized agent — not a place your money sits. Under ABA Model Rule 1.15, your firm remains the direct holder of the trust account. We simply carry out the disbursements you approve.

Your IOLTA

At your own bank. You remain the sole account holder — Disbo can't change your account or move its ownership.

01You authorize

Every payment starts with you

You approve each disbursement inside Disbo, the same way you'd hit send in online banking. No one at Disbo can release your funds for you.

Dual approvalRole-based access
02Disbo verifies & sends

To a recipient already checked

The payee has a W-9 on file and is screened against OFAC and sanctions lists. The payment runs over Modern Treasury's regulated rails — ACH, RTP, or wire.

W-9OFAC / sanctionsCleared-funds check
03Verified payee is paid

Money reaches only who you chose

Funds land in the enrolled account — your client, a medical provider, an expert. Every step is timestamped and logged for three-way reconciliation and CTAPP audits.

Verified payees onlyImmutable audit log

At no point does Disbo hold, own, or control your client funds. Funds leave your trust account only as a disbursement you authorized, sent to a recipient you verified.

Where money can go

Money can only reach people you've verified.

You can't mistype a wire to the wrong account, and a bad actor can't redirect a payment to their own. Disbo pays only recipients who have been verified and enrolled — never a raw routing or account number.

W-9 on file

Every payee is identified and documented before a single dollar can be sent to them.

OFAC & sanctions screening

Recipients are screened against federal watchlists as part of payout readiness.

Enrolled recipients only

Payments route to a verified account on the network — not to numbers typed in on the fly.

Dual approval

Sensitive transfers use maker-checker approval, so no single action releases funds.

Security

Built on regulated, audited infrastructure.

The platform that moves money for you sits on the same infrastructure trusted by banks and fintechs — with controls layered at every step.

AES-256 encryption

Data is encrypted in transit and at rest.

Least-privilege access

Role-based permissions limit who can see or do what, internally and at your firm.

Immutable audit log

Time-stamped records of every login, view, edit, approval, and transfer.

Daily off-site backups

Backed up daily with integrity checks for resilience and recovery.

Regulated payment rails

Payments run on Modern Treasury, which is SOC 2 Type II.

Verified bank linking

Plaid links to your trust account to read balances and verify it — we never get your banking login.

Disbo attestations

Disbo's own SOC 2 Type II and HIPAA examinations are underway.

HIPAA & PHI

A Business Associate Agreement (BAA) is available to every firm; PHI is handled under HIPAA-aligned controls.

Why it's safer than checks

Paper checks are the riskier option.

The status quo for trust disbursements — the paper check — carries the very exposure attorneys worry about. Disbo removes the document, verifies the destination, and records the trail.

Paper check

  • Can be lost, stolen, or altered in the mail
  • Payee identity is never verified before sending
  • No real-time tracking once it leaves your office
  • Reconciliation is manual and error-prone
  • A physical document anyone in the chain can intercept

Disbo

  • No physical document to intercept or wash
  • Payee is verified and screened before payment
  • Funds reach only the enrolled account you chose
  • Automatic three-way reconciliation
  • A full, timestamped audit trail for every dollar
Built for the State Bar

Designed around the rules that govern your trust account.

Disbo is built so the way money moves and the way it's recorded both line up with what regulators expect.

ABA Model Rule 1.15

You stay the holder of your trust account at a state-bar-approved institution. Disbo acts only as your authorized agent — not a money transmitter. Our fees are billed to your operating account, never deducted from trust.

Three-way reconciliation

Automatic matching across your bank, your trust ledger, and your client/matter ledgers, with exceptions flagged for review.

CTAPP-ready exports

Generate the reports and ledgers an examiner asks for — reconciliation packets, subledger activity, and audit logs — in a click.

You stay responsible — we make it provable

The State Bar holds you accountable for your trust account, and that doesn't change. What changes is your ability to prove compliance on demand, and to prevent the errors that lead to discipline in the first place.

Common questions

The questions attorneys actually ask.

Does Disbo have access to my IOLTA?

Disbo links to your existing trust account through Plaid to read balances and verify the account, and to initiate the payments you approve. It can't change your account, move its ownership, or send funds anywhere you haven't verified. You remain the sole account holder.

Can Disbo move money on its own?

No. Every disbursement requires your authorization. Disbo executes the instruction you approve — nothing moves without you. It works like clicking “send” in your own online banking.

What happens if Disbo is breached?

Because Disbo never holds your funds, and money can only reach recipients you've already verified and authorized, a breach of Disbo can't drain your trust account. Sensitive data is encrypted, access is least-privilege and logged, and we maintain an incident response plan with notification to affected firms.

Where do Disbo's fees come from?

Disbo's fees are billed to your operating account — never deducted from your trust account, in keeping with trust accounting rules.

Is this compliant with the State Bar?

The architecture is built around ABA Model Rule 1.15: you remain the sole holder of your trust account, and Disbo acts only as your authorized agent. You also get audit-ready three-way reconciliation and CTAPP exports to demonstrate compliance.

See it for yourself

See it move, end to end.

Watch a settlement go from deposit to verified disbursement to a reconciled, audit-ready record — on your own trust account, with you in control the whole way.

Built to manage IOLTA accounts and send secure disbursements.

"You keep custody. We move the money you tell us to."

This page describes Disbo's platform and security practices and is provided for general information; it is not legal advice. Capabilities and certifications described here reflect Disbo's current platform and may be updated as the product and its attestations evolve. Modern Treasury and Plaid are third-party infrastructure providers; SOC 2 Type II is an attestation held by Modern Treasury. © 2026 Disbo.