Pre-Settlement Flash Audit for Bunbury Conveyancers: Detect Settlement Hijack Indicators Before Funds Move

You are running a Bunbury settlement file the week before lodgement. A workspace invitation lands from a Subscriber you do not recognise, or a party in the workspace asks you to update the destination account at the last minute. Your team has hours, not days, to decide whether the change is legitimate. The Pre-Settlement Flash Audit is a one-shot diagnostic that reviews a single PEXA workspace and surrounding correspondence for the structural indicators of a settlement hijack attempt before financial settlement is locked.

Why it matters now

A settlement hijack is the operational tail of business email compromise inside the electronic conveyancing workflow: an attacker either compromises a Subscriber’s email or impersonates a counterparty to redirect proceeds or alter workspace details. Under the Electronic Conveyancing National Law, Subscribers must comply with Participation Rules made by the Registrar in each State and Territory, and the Model Participation Rules published by ARNECC set the baseline obligations those rules implement — including Verification of Identity, Client Authorisation, Certifications, and the security of the Subscriber’s digital signing certificate. For a Bunbury settlement agent operating in Western Australia, those obligations sit alongside Landgate’s jurisdictional Participation Rules and PEXA’s workspace controls. The Australian Cyber Security Centre publishes general guidance on email-borne impersonation at https://www.cyber.gov.au/, and ACCC Scamwatch tracks payment redirection as a high-loss scam category at https://www.scamwatch.gov.au/. A settlement hijack failing inside a regulated workspace is not just a financial loss — it is a documentation problem against ARNECC-derived obligations.

The 5-minute view

• ARNECC publishes the Model Participation Rules (Version 7, January 2024) for determination by each Registrar under Section 23 of the Electronic Conveyancing National Law
• The Model Participation Rules cover Subscriber obligations including Verification of Identity, Client Authorisation, retention of supporting evidence, and security of the Digital Signing Certificate
• Settlement hijack attempts most often surface as: late-stage changes to payment destination, unexpected Subscriber invitations into a workspace, or out-of-pattern correspondence from a known counterparty’s domain
• ACSC guidance recommends out-of-band verification — a phone call to a previously-known number — for any change to payment instructions, regardless of how plausible the email looks
• Once a financial settlement schedule is locked and funds are moved through PEXA, reversal is operationally difficult; the window for detection is the days before settlement, not after
• A pre-settlement flash audit is scoped to one workspace and the email correspondence that supports the Client Authorisation and payment direction on that file

What DRMO does about it

The Pre-Settlement Flash Audit is a single-transaction diagnostic delivered against one Bunbury settlement file. You submit the workspace reference and the email correspondence chain that supports the Client Authorisation, the destination account details, and any workspace invitations or party changes. We run a fixed-scope review covering: SPF/DMARC/DKIM authentication on inbound mail relating to the file, the counterparty Subscriber’s correspondence pattern and signature consistency with prior dealings, the timing and provenance of any late-stage change to payment direction, and a cross-check of the file’s documentary trail against the Subscriber obligations articulated in the ARNECC Model Participation Rules. The deliverable is a 15-page PDF audit report identifying the specific indicators present on the file and the recommended verification steps before financial settlement. This is the same Step 2 diagnostic that runs inside the DRMO Pre-Settlement Shield consulting engagement, productised here for single-transaction use without a discovery call.

The deliverable

• 15-page PDF audit report scoped to one PEXA workspace and its supporting correspondence
• Executive summary with a Red / Amber / Green status and the recommended next action before financial settlement
• Per-indicator review with the underlying email evidence and workspace event cited
• Mapping of the file’s documentary trail against the relevant Subscriber obligation categories in the ARNECC Model Participation Rules (Verification of Identity, Client Authorisation, Certifications)
• Verification checklist for the settlement team to complete before funds release
• Delivered by email within 1 business day of file submission and payment

CTA

Run the Pre-Settlement Flash Audit — AUD $499

A single-transaction productised offer. No discovery call required. Suitable for any Bunbury settlement file where workspace party changes, late payment-direction edits, or unexpected Subscriber invitations have occurred in the days before financial settlement.

Sources

1. Australian Registrars’ National Electronic Conveyancing Council — Model Participation Rules (Version 7, January 2024): https://www.arnecc.gov.au/publications/model-participation-rules/
2. Australian Cyber Security Centre — general guidance on email-borne impersonation and business email compromise: https://www.cyber.gov.au/
3. Australian Competition and Consumer Commission — Scamwatch, payment redirection scam category: https://www.scamwatch.gov.au/
4. PEXA Group Limited — electronic settlement workspace platform: https://www.pexa.com.au/
5. Landgate (Western Australia) — jurisdictional land titles registry administering Participation Rules in WA: https://www.landgate.wa.gov.au/

DRMO capability reference:

• Pre-Settlement Flash Audit (L2 single-transaction service shape, productised from Step 2 of the DRMO Pre-Settlement Shield package)