Platform
Use Cases
Developers
Blog
Company
Login
Book a Demo
Platform
Use Cases
Shareholder services page
Bankruptcy
Class Action
Mass Tort
Developers
Blog
Company
Login
Book a Demo
See what faster, higher redemption campaigns look like.
We’ll demo the platform and show you what you could save by switching to Talli.
Thank you!
Your submission has been received!
Something went wrong while submitting the form. Please refresh the page and try again.
Not sure if your disbursements are compliant? Find out.
Take a 2 minute assessment and get a 
personalized score card
Get My Risk Score →
500,000+ recipients paid across settlement distributions
Blog /
Fiduciary Due Diligence Disbursement Vendor Checklist: 15 Questions to Ask Before You Sign (2026)

Fiduciary Due Diligence Disbursement Vendor Checklist: 15 Questions to Ask Before You Sign (2026)

The Talli Team
April 15, 2026
4 min read

Fiduciary due diligence on a disbursement vendor is one of the most consequential decisions a settlement administrator or trustee makes all year. If you sit on the trustee side of a qualified settlement fund, serve as a claims administrator, or partner at a firm that signs disbursement contracts, your due diligence on a payment vendor is a fiduciary act — not a procurement exercise. The money you are moving belongs to class members, tort claimants, or shareholders, and a court may one day review how you picked the vendor that touched it.

Most vendor due diligence checklists on the internet were written for generic third-party risk programs — cloud software, cybersecurity tools, HR systems. They miss the settlement-specific risks that matter most: commingled fund accounts, missed 1099 reporting, OFAC gaps on claimant payouts, and audit trails that do not hold up in front of a judge. This checklist fills that gap. It is organized the way a fiduciary review should flow — from fund segregation out to claimant experience and court reporting — and every question has a right answer and a red flag you can recognize in the first call.

Key Takeaways

  • Fiduciary due diligence on a disbursement vendor is different from standard vendor risk review — the assets you are moving are not your own, and the court expects documented controls.
  • This fiduciary vendor checklist gives you 15 specific disbursement vendor questions, organized into five risk areas, that you can put in front of any vendor before you sign.
  • Use it to compare vendors side by side and document your selection process.
  • The biggest red flag is weak fund custody. If a vendor cannot name the chartered bank holding the funds, explain how accounts are titled, and show per-matter segregation in reporting, the review should stop there.
  • A defensible vendor selection process should be scored and saved in the matter file. A simple weighted scorecard helps fiduciaries compare vendors consistently, document why a platform was chosen, and show a court or auditor that the review was disciplined rather than ad hoc.

Why Fiduciary Due Diligence on a Disbursement Vendor Is Different from Standard Vendor Review

A normal vendor due diligence questionnaire focuses on information security, financial health, and business continuity. Those questions still apply, but they are not sufficient. A disbursement vendor is handling other people's money — usually under court supervision — and the reviewer is effectively protecting beneficiaries, not just the firm.

Three things change once the fiduciary lens is on. First, fund segregation matters more than uptime. A vendor with a 99.99% SLA that commingles client funds in an operating account is a worse choice than a vendor with a slightly lower SLA that keeps every dollar in a segregated, FDIC-insured, QSF-compliant account. Second, tax and sanctions compliance shifts from "nice to have" to "required by regulators". The IRS treats a qualified settlement fund as a taxable entity, and OFAC compliance should be built into the payout workflow through risk-based screening of payees and transactions. Third, the audit trail must be court-ready, not just internally auditable. The test is not whether your operations team can reconcile; the test is whether you can hand a judge a report that explains exactly who was paid, when, how, and under what claim determination.

Before You Start: What a Fiduciary Review Requires

Before you send the questionnaire, pull three things together. You will need the scope of the engagement (estimated payout volume, number of claimants, geographic distribution, payout methods you expect to support), the court documents or trust instrument that define your fiduciary duties and reporting obligations, and any insurance and bonding requirements from your carrier. You should also confirm your own firm's vendor risk policy — banks, trust companies, and large litigation practices often have standing rules that apply on top of the checklist below.

Set a fair timeline. A thorough fiduciary review usually takes two to four weeks: one week for the vendor to return the questionnaire and supporting documents (SOC 2, insurance certificates, sample reports), one week for your security and tax team to read them, and one week for follow-up calls. Compressing this into 48 hours because a settlement closed faster than expected is how compliance gaps slip through.

Section 1: Fund Segregation and QSF Compliance (Questions 1-3)

This is the most important section, and the one generic vendor due diligence templates skip entirely. Under 26 CFR 1.468B-1, a qualified settlement fund must be established by court order or approval, resolve qualifying claims, and be structured so that its assets are held in a trust or otherwise segregated from the transferor’s other assets. IIf a vendor cannot prove segregation, it cannot support a QSF payout cleanly.

Question 1 — Where exactly will the settlement funds be held, and at which chartered bank? The right answer names a specific FDIC-insured bank, identifies whether the account is held by a trust company with statutory trust powers, and explains how the account is titled. Talli, for example, holds settlement funds in segregated QSF-compliant accounts through FDIC-insured banking via Patriot Bank, N.A. A vague answer — "we use a major US bank" — is a red flag.

Question 2 — Are the funds segregated per matter, and how is that segregation proven in your reporting? You want per-matter sub-accounts or ledgers that can be reconciled independently, and you want to see a sample statement that demonstrates it. Commingled pooled accounts where matters are only tracked in software — with no bank-level segregation — are a fiduciary problem.

Question 3 — Can the vendor support the IRS treatment of a QSF, including annual filings and quarterly estimated tax payments? Because the IRS treats a QSF as a taxable entity, someone has to handle Form 1120-SF filings and estimated payments. The vendor does not have to be the tax preparer, but they must produce the data the preparer needs, on time, in a format that ties to the bank statements.

Section 2: Regulatory and Tax Compliance (Questions 4-6)

Once segregation is clear, move to the regulatory stack that touches every individual payout.

Question 4 — How does the platform handle KYC verification and OFAC screening on claimants? The right answer describes automated identity verification at payment time, continuous OFAC screening against the Specially Designated Nationals list (not just a one-time check), and a documented workflow for blocked matches. Guidance discussing recent OFAC settlements suggests that higher-risk digital payout flows may warrant additional controls such as transaction-level and geolocation checks, depending on the platform’s sanctions risk profile. A vendor that screens only at onboarding may be insufficient, depending on the payout flow and the organization’s sanctions risk profile.

Question 5 — Does the platform collect W-9s and generate 1099s automatically, and what is the backup withholding workflow? For settlement payouts, the disbursing entity typically has 1099 reporting obligations when payments cross reportable thresholds, and backup withholding kicks in when a W-9 is missing or invalid. You want a vendor that collects W-9s in the claimant portal, validates TINs, triggers backup withholding automatically when required, and produces year-end 1099s without a manual spreadsheet operation.

Question 6 — How are medical liens, attorney fee splits, and structured payments coordinated within the platform? For tort and mass tort matters, a single claimant payout often needs to be split between a lien holder, plaintiff counsel, and the claimant. Ask for a specific workflow walk-through, not a slide. The right answer shows a coordinated split at payment time with a reconciled ledger entry per party.

Section 3: Security, SOC 2, and Data Protection (Questions 7-9)

This is where standard vendor due diligence checklists start — and for a disbursement platform, it is still essential.

Question 7 — Can you provide a current SOC 2 Type II report, and what is the reporting period? SOC 2 Type II reports provide independent validation of a provider's security controls over a defined period. Vendor management guidance from audit firms recommends confirming the report is current (usually within the last 12 months), that the system in scope matches the services you will use, and that the five trust services criteria relevant to you (Security, Availability, Processing Integrity, Confidentiality, Privacy) are assessed. A SOC 2 Type I or an expired Type II is not a substitute.

Question 8 — How is claimant personal data encrypted at rest and in transit, and who at the vendor has access to it? You want answers that specify the encryption standard (AES-256 at rest, TLS 1.2+ in transit), role-based access controls, and the number of employees with production data access. If the vendor cannot name the access controls or gives a generic "industry standard" answer, push harder.

Question 9 — What is the incident response and breach notification workflow, and what is the contractual notification window? A fiduciary-grade contract should require notification within 24 to 72 hours of a confirmed incident, with defined roles for the vendor, the administrator, and any downstream reporting to the court or regulators. Ask to see the incident response runbook; vendors that have practiced it recently will have no trouble walking you through it.

Section 4: Payment Rails, Redemption, and Claimant Experience (Questions 10-12)

Redemption rate is a fiduciary concern, not just a marketing metric. Every unredeemed payout is money that either reverts, escheats, or lingers in the fund — all of which create work and risk. Digital disbursement methods consistently outperform paper checks on redemption, often by roughly a factor of two.

Question 10 — Which payment rails are supported, and can claimants choose their preferred method? The strong answer covers ACH, prepaid cards, and digital wallets at minimum, with claimants selecting their method in a self-service portal. Narrow vendors that only offer ACH will leave underbanked claimants behind; narrow vendors that only offer prepaid cards create tax and inactivity fee issues.

Question 11 — What is the typical claimant redemption rate on settlements of similar size and demographics? Ask for real numbers with context — matter type, claim size, demographics. A vendor that cannot answer, or that quotes 100% redemption without qualifiers, is not trustworthy. Talli operates on the premise that modern digital disbursement roughly doubles traditional check-based redemption; any vendor in this category should be able to show comparable ranges.

Question 12 — How does the platform handle returned payments, expired cards, address changes, and re-issuance? Returned checks and failed ACH transfers are the single largest source of manual work in settlement disbursement. You want an automated workflow: the platform detects the failure, notifies the claimant, offers an alternate method, and logs every step. Manual re-issuance queues belong to last-decade vendors.

Section 5: Audit Trail, Reporting, and Court-Readiness (Questions 13-15)

The final section is the one a judge will actually see.

Question 13 — Can the platform produce a real-time dashboard and a court-ready final report on demand? Full audit transparency is compliance critical — you should be able to pull a single PDF that ties the bank ledger, the claim determinations, and the payout events together, plus a live dashboard for the administrator during the payout window. Ask to see a sanitized example from a prior matter.

Question 14 — How long is payout data retained, and in what format can it be exported? Retention periods should align with your trust instrument and applicable state law — usually seven years or longer. Export formats should include CSV, PDF, and an API or bulk download that your e-discovery team can ingest without reformatting.

Question 15 — What references can you provide from active class action, mass tort, or shareholder settlement matters? Ask for at least three references, ideally from different matter types. Talk to them about reconciliation headaches, court reporting turnaround, and how the vendor handled the inevitable issue. A vendor without live references in your specific use case has not earned your fiduciary trust yet.

Common Mistakes Fiduciaries Make During Vendor Review

Even experienced administrators slip on the same handful of mistakes. Watch for these.

  • Accepting a SOC 2 Type I in place of a Type II. Type I is a point-in-time design review; Type II tests operating effectiveness over a period. Type II is generally the stronger option for fiduciary review because it tests operating effectiveness over time, but you should also confirm that the report scope matches the services you will use.
  • Treating commingled accounts as acceptable if the software tracks matters separately. Software-level segregation is not the same as bank-level segregation, and it will not satisfy a court question about fund custody.
  • Skipping live references. A perfect questionnaire with no references is a resume with no employment history.
  • Ignoring the tax operational load. If nobody in the room can name who will produce the 1099s and the 1120-SF data, the vendor selection is not done.
  • Compressing the timeline when a settlement closes unexpectedly. Two weeks of review protects years of exposure.

Scoring the Answers: How to Compare Vendors Objectively

Score each of the 15 questions on a simple 0 / 1 / 2 scale — 0 for missing or evasive, 1 for acceptable, 2 for clearly strong with documentation. Weight Sections 1, 2, and 5 more heavily than Sections 3 and 4, because fund segregation, regulatory compliance, and court-readiness are the non-negotiable fiduciary minimums. A passing vendor should score at least 24 out of 30 with no zeros in Section 1. Keep the scored sheet in the matter file — it is the record that documents your process if the selection is ever questioned.

Table
Section Focus Weight
1. Fund Segregation and QSF Compliance Custody, bank, segregation 3x
2. Regulatory and Tax Compliance KYC, OFAC, 1099, liens 2x
3. Security and SOC 2 Data protection, incidents 1x
4. Payment Rails and Redemption Methods, returned payments 1x
5. Audit Trail and Court-Readiness Reporting, references, retention 3x

Next Steps

Run this checklist against every disbursement vendor on your shortlist, score the answers, and keep the scored sheet in the matter file. If you are evaluating platforms for a class action, mass tort, or shareholder settlement and want to see how a modern digital disbursement infrastructure answers all 15 questions, book a demo with Talli.

Frequently Asked Questions

What is fiduciary due diligence on a disbursement vendor?

Fiduciary due diligence is a documented review of a disbursement vendor's controls conducted on behalf of beneficiaries whose funds the vendor will handle. It goes beyond standard vendor risk management to cover fund segregation, court-readiness, and regulatory obligations specific to settlement payouts.

How is this different from a normal vendor risk assessment?

A standard vendor risk assessment focuses on cybersecurity and business continuity. A fiduciary review adds fund custody, QSF compliance, tax reporting, sanctions screening on claimants, and court-ready audit trails — the risks specific to moving other people's money under judicial supervision.

Do disbursement vendors need SOC 2 Type II?

Yes. SOC 2 Type II is the practical minimum for any vendor handling claimant personal data and settlement funds. Type I reports are insufficient because they only attest to control design, not operating effectiveness over time.

What is a QSF-compliant account?

A QSF-compliant arrangement is one that satisfies 26 CFR 1.468B-1 — established by court order or approval, used to resolve qualifying claims, and held in a trust or otherwise segregated from the transferor’s other assets. Disbursement platforms may support that structure with segregated banking arrangements and clear custody reporting.

Who is responsible for 1099 reporting in a class action settlement?

The disbursing entity — typically the QSF or the settlement administrator — is responsible for 1099 reporting to the IRS. A modern disbursement platform collects W-9s, validates TINs, triggers backup withholding when required, and generates year-end 1099s so the administrator does not have to run the process manually.

How long should the due diligence review take?

Plan for two to four weeks: one week for the vendor to return the questionnaire and supporting documents, one week for your team to review them, and one week for follow-up calls and reference checks.

What is the single biggest red flag?

A vendor that cannot name the chartered bank holding the funds or cannot show per-matter segregation at the bank level. Everything else can be negotiated; fund custody cannot.

On this page
Text Link
4 min read

Delivery vs. Notification Successful Payment Definition Disbursement: 2026 Court Guide

Understand delivery vs notification success in payments—2026 court guide on disbursement status definitions, compliance, and reporting accuracy.
4 min read

How Courts Are Raising the Bar on Post-Distribution Accounting — And What That Means for Your Next Settlement

Courts are tightening post-distribution accounting rules. Learn what judges now require and how to make your next settlement report court-ready.
4 min read

The Fiduciary Risk Disbursement Scorecard: Are Your Disbursement Processes Court-Defensible?

Assess fiduciary risk in disbursements with a practical scorecard—identify gaps, strengthen controls, and ensure court-defensible payment workflows.

Ready to speed up your payouts? Request a demo of Talli

Book a Demo
Company
About
Careers
Contact
Resources
Blog
For Developers
Use Cases
Bankruptcy
Class Action
Mass Tort
Social
LinkedIn
Links
Privacy Policy
All rights reserved. © 2024 Talli Corporation.
Banking services provided by Patriot Bank, N.A., Member FDIC.
The Easy Prepaid Mastercard is issued by Patriot Bank, N.A., Member FDIC, pursuant to a license from Mastercard International. The card can be used everywhere Mastercard is accepted.

Gift Cards are issued by InComm and distributed by Talli. The gift cards are redeemable at participating merchants as specified in the accompanying terms and conditions Mastercard and the Mastercard Brand Mark are registered trademarks of Mastercard.