Pre-Settlement Flash Audit for Geraldton Conveyancers: Surface Settlement-Hijack Indicators Before You Sign Off in PEXA

You are running a settlement file from Geraldton against parties spread across Perth, the eastern states, and sometimes offshore. The financial settlement schedule lands in PEXA, account details get confirmed by email, and you have a narrow window to sign before the workspace locks. If any one of those payment lines has been tampered with — or the Subscriber on the other side has had their digital certificate misused — the funds move and the title transfers in the same atomic step. The Pre-Settlement Flash Audit is a one-shot diagnostic that surfaces settlement-hijack indicators on a single file before you authorise.

Why it matters now

Settlement hijack is the threat class where an attacker either compromises a Subscriber’s PEXA credentials, manipulates payment destination details on the financial settlement schedule, or impersonates a counterparty Subscriber to redirect proceeds. The ARNECC Model Participation Rules (Version 7, January 2024) set the baseline obligations on every Subscriber, including Verification of Identity, the Client Authorisation requirement, retention of supporting evidence, and — critically for hijack risk — the obligation on Subscribers to maintain the security of their Digital Signing Certificate and to ensure that only authorised Signers use it. The Rules are determined by each State Registrar under section 23 of the Electronic Conveyancing National Law; in Western Australia they apply to every settlement agent operating in PEXA, with Landgate as the responsible Registrar. The Australian Cyber Security Centre (https://www.cyber.gov.au/) publishes general guidance on credential compromise and payment-redirection attacks that map directly to this threat class.

The 5-minute view

• Settlement hijack typically combines two failures: a compromised email channel and a missed verification of payment destination details prior to PEXA workspace lock
• The ARNECC Model Participation Rules Version 7 (January 2024) is the current baseline; each State Registrar (Landgate in WA) determines the local Participation Rules under section 23 of the Electronic Conveyancing National Law
• The Rules place direct obligations on Subscribers covering Verification of Identity, Client Authorisation, retention of supporting evidence, and Digital Signing Certificate security
• Geraldton settlement files frequently involve remote VOI, interstate counterparties, and email-mediated payment instruction exchange — all of which extend the attack surface compared to a face-to-face metropolitan file
• Once the PEXA workspace is signed and locked by all Subscribers, the financial settlement executes atomically; reversal after settlement is materially harder than holding a file overnight to verify
• The audit checks the specific file: payment line destinations against independently-verified sources, Subscriber correspondence patterns, email authentication on instruction changes, and whether the VOI and Client Authorisation evidence on the file matches the Rules’ retention requirements

What DRMO does about it

The Pre-Settlement Flash Audit is a single-transaction diagnostic against one Geraldton settlement file. You submit the file reference, the financial settlement schedule (or its draft state in PEXA), and the email chain covering payment instructions and any Subscriber-to-Subscriber correspondence. The review covers four fixed areas: (1) payment destination verification — whether each line on the financial settlement schedule has been confirmed against an out-of-band source independent of email; (2) counterparty Subscriber correspondence patterns — domain authentication results (SPF/DMARC/DKIM), signature consistency, prior history; (3) instruction-change pattern against published settlement-hijack indicators; and (4) Participation Rules evidence check — whether the VOI, Client Authorisation, and supporting retention requirements are satisfied on the file as it currently stands. The output is the Pre-Settlement Flash Audit deliverable from the DRMO service catalogue.

The deliverable

• 15-page PDF audit report scoped to one Geraldton settlement file
• Executive Red / Amber / Green status with the single recommended next action before workspace lock
• Per-line review of the financial settlement schedule with the verification status of each destination
• Counterparty correspondence review with email-authentication evidence cited
• Participation Rules evidence checklist (VOI, Client Authorisation, retention) mapped to Version 7 of the Model Rules
• Delivered via email within 1 business day of file submission and payment

CTA

Run the Pre-Settlement Flash Audit — AUD $499

Single-transaction productised offer. No discovery call required. Suitable for any Geraldton settlement file where payment destinations have been exchanged or changed by email, where the counterparty Subscriber is unfamiliar, or where you simply want a second pair of eyes before you sign in PEXA.

Sources

1. Australian Registrars’ National Electronic Conveyancing Council — Model Participation Rules (Version 7, January 2024): https://www.arnecc.gov.au/publications/model-participation-rules/
2. Australian Cyber Security Centre — general guidance on credential compromise and payment-redirection threats: https://www.cyber.gov.au/
3. Landgate — Western Australian Registrar (Participation Rules in WA jurisdiction): https://www.landgate.wa.gov.au/
4. PEXA Group Limited — electronic conveyancing platform documentation: https://www.pexa.com.au/

DRMO capability references:

• Pre-Settlement Flash Audit (L2 service shape, single transaction)
• Pre-Settlement Shield (L3 consulting package — for firms wanting ongoing coverage across all files)