Skip to content

Trust audit trail

Available on every plan

The trust audit log is required by bar rules in every U.S. jurisdiction and is therefore included on every CaseFlow plan, including the Solo trial. CaseFlow does not gate trust-account compliance behind a subscription tier.

What this is

The trust audit trail is a separate, dedicated record of every action that affects a trust account. It is distinct from the general firm-wide activity log and is never pruned, merged, or deleted by any retention policy. Every deposit, disbursement, transfer, reconciliation, and account change generates an immutable entry with a full record of who acted, when, from what IP address, and what changed.

img_10.png

Each U.S. state bar requires a firm to maintain complete trust-account records and make them available for examination. ABA Model Rule 1.15(d) and the American Bar Association's Client Trust Account Records Rule 1 mandate retention of all transaction records. Specific state rules reinforce this requirement with explicit time horizons: New York DR 1.15(d) requires five years; California Rule 4-100 requires five years; Texas Rule 1.14 requires five years; several states including New York (under current guidance) and those with IOLTA program rules expect seven years. CaseFlow retains trust-audit entries for seven years on every plan, meeting the most demanding state-bar standard regardless of the firm's subscription tier.

Why it is separate from the general activity log

Trust events have stricter retention requirements, a narrower access control model, and a distinct compliance audience than general firm activity. If trust records were stored alongside general activity entries, a retention policy that shortens the general log window could silently remove bar-mandatory data. By maintaining a fully separate record, CaseFlow keeps the two stores from ever interfering with each other: the general log can be configured for a shorter retention window without any risk of touching trust records. Both records exist side by side, carry independent tamper-evidence chains, and cover their respective surfaces completely.

Where to find it

Open Trust Accounts from the sidebar. At the top of the dashboard, click the Trust Audit Log button (next to the + New account button).

img_11.png

The viewer is restricted to firm administrators. Paralegals and other staff with trust-create permission can post entries that the log records, but they cannot open the viewer. This mirrors the bar's expectation that trust records are under the supervising attorney's or administrator's control.

Columns

ColumnWhat it shows
WhenDate and time the event occurred, displayed in the firm's local timezone
WhoThe staff member, contact, or system process that triggered the event, with a role label
EventA plain-English label for the event type (for example, "Deposit posted" or "Reconciliation completed")
AccountThe trust account name the event affects
Client / MatterThe associated client and matter, when the event is linked to one
AmountThe transaction amount with currency symbol; blank for non-financial events such as account configuration changes
IPThe originating IP address of the action
DetailsAn expandable view of the structured change record for events that carry before/after data

Filters

The viewer includes seven filters that can be combined freely:

FilterPurpose
EventLimit the list to a single category, such as all disbursements or all reconciliations
AccountRestrict to a specific trust account within the firm
From / ToNarrow to a date range; useful for producing records covering a specific audit period
Matter IDShow only events linked to a particular matter
Client IDShow only events linked to a particular client
Team memberFilter by the staff member who recorded the entries; the dropdown shows only staff who have actually written a trust-audit row

What is logged (event taxonomy)

Every event type in the table below generates a separate, immutable row in the trust audit trail.

EventWhen it is recorded and what it captures
Account openedA new trust account is created. Captures the account name, bank name, account number, and IOLTA designation.
Account updatedThe account's name, bank, account number, or IOLTA flag is changed. Captures the before and after values of each changed field.
Account deactivatedAn account is closed or taken out of active service. Records who deactivated it and when.
Account reactivatedA previously closed account is returned to active service. Records who reactivated it and when.
Deposit postedClient funds are received into the trust account. Captures the amount, currency, client, matter, and transaction reference.
Disbursement issuedFunds are paid out of the trust account. Captures the amount, currency, payee, client, matter, and transaction reference.
Transfer postedFunds are moved to the operating account or to an external payee. Captures the amount, currency, destination, client, and matter. The destination payee field is required by bar rules to answer where trust funds went.
Interest credit postedInterest or IOLTA bar-foundation accrual is credited to the account. Captures the amount, currency, and client if the credit is attributable to a specific matter.
Bank fee debitedA bank service charge is posted. Captures the amount, currency, and client if the fee is attributable to a specific matter.
Overdraft attempt blockedA transaction was submitted that would have overdrawn the trust account and was rejected by CaseFlow before posting. See the subsection below for details.
Transaction editedAn administrator corrects the reference, description, check number, or payee on an existing transaction. Captures the field, the value before, the value after, the administrator, and when. The amount, transaction type, client, matter, and trust account cannot be edited and never appear in this row.
Reconciliation completedA three-way reconciliation is completed. Records the reconciling administrator, the account, and the reconciliation date.
Reconciliation reviewedAn administrator opens and reviews the reconciliation page. Recorded at most once per administrator per five-minute window to prevent log noise from repeated page loads.
Statement generatedA trust account statement PDF is produced. Records who generated it, the account, and the date range covered.
Statement emailedA trust account statement PDF is emailed to a client. Records who sent it, the recipient client, and the account.
Trust audit log exportedAn administrator downloads a self-contained export bundle of the audit log. Records the filter scope, the row count, the first and last row id covered, and the first and last row hash.

Overdraft attempts

CaseFlow refuses any transaction that would overdraw a trust account. When a withdrawal is attempted for more than the available balance, the transaction is rolled back and the attempt is recorded in the trust audit trail before any funds move. This means the audit trail contains a complete record of both successful transactions and rejected attempts.

Bar examiners look for overdraft attempts because they can indicate billing disputes, clerical errors, or unauthorized disbursement attempts that a firm must be able to account for. Because CaseFlow records the attempt regardless of outcome, a firm can demonstrate to a bar examiner not only what happened but also what was prevented and who submitted the request.

Exporting the audit log

Firm administrators can produce a self-contained export bundle of the trust audit log to share with a bar examiner, an outside auditor, an opposing-counsel discovery request, or to retain after a CaseFlow subscription ends. Open the Trust Audit Log viewer, apply any filters that scope the request (event type, account, client, matter, team member, date range), and click Export bundle.

The download is a single ZIP archive containing five files:

FileWhat it is for
cover_sheet.pdfA signed certification of the export under Federal Rule of Evidence 902(13) (FRE 902(13)). Names the firm, the generating administrator, the software version, the filter scope, the row count, and the first and last row hash. Designed to satisfy the "certified records of an electronic process" path to self-authentication.
trust_audit_log.csvOne row per audit event, in chain order, with every column. The first columns are the canonical fields the row hash was computed from. The prev_hash and row_hash columns close out the chain. Trailing account_name, client_name, matter_name columns are joined in for readability and are explicitly outside the hash chain.
hash_chain_spec.jsonThe cryptographic specification for the hash chain. Names the algorithm (SHA-256), the field order, the length-prefixed canonical encoding, and the genesis sentinel. An auditor with no CaseFlow source code can re-verify the chain from this file plus the CSV.
verifier.phpA small, self-contained PHP 8 script that reads the CSV in the same directory, recomputes every row hash, and exits with status 0 only if every row verifies. No CaseFlow dependencies; the script runs anywhere PHP is installed.
README.txtPlain-text orientation for the recipient. Describes the bundle contents, the purpose of each file, and how to run the verifier.

The export is admin-only. Every export is itself recorded in the trust audit log as a Trust audit log exported event, capturing the administrator who generated it, the filter scope, the row count, and the first and last row id covered. A bar examiner reviewing an export can therefore see the prior history of exports in the same log without needing a separate report.

The export is unbounded: the viewer caps to 500 rows for forensic readability, but the bundle always contains every row matching the filter scope. If a single export would be unusably large for a downstream tool, narrow the date range and run a series of contiguous exports; the recipient can concatenate the CSVs.

Retention and access

Trust-audit entries are retained for seven years on every plan. There is no UI control, administrator function, or API endpoint that can delete or edit a recorded entry. This applies equally to firm administrators, paralegals, and CaseFlow support staff. The retention period and the no-deletion guarantee hold regardless of whether the trust account the entry references has since been closed or deactivated.

Each firm's trust-audit records are held in an isolated store. No other firm's entries ever appear in your records, and your entries cannot be accessed from another firm's account.

Learn more

  • Audit log — the general firm-wide audit log covering sign-in, matter, client, and billing activity
  • Daily checkpoints — RFC 3161 third-party timestamp certificates on the audit-log chain, available on Multi-Practice
  • Setting up trust accounts — configuring IOLTA and operating trust accounts before posting transactions