Pre-Settlement Flash Audit for Mandurah Conveyancers: Deepfake-Voice Wire Instructions Against ARNECC Verification Duties

The phone rings on a Mandurah file two days before settlement. The voice sounds like your client — same cadence, same first-name greeting, same reference to the chat you had last week — and they want the trust transfer redirected to a “new” account because their bank flagged the original one. You hesitate, but the voice is right. Synthetic voice cloning has made that hesitation the only thing standing between your firm and an irreversible loss, and the ARNECC Model Participation Rules are explicit that the verification duty does not move because the instruction sounded familiar.

Why it matters now

Under the Electronic Conveyancing National Law, Subscribers (including licensed settlement agents acting as Subscribers in WA) must comply with the Participation Rules determined by the Registrar in each jurisdiction. The Australian Registrars’ National Electronic Conveyancing Council publishes the Model Participation Rules — currently Version 7 (January 2024) — which set out Verification of Identity and Client Authorisation obligations that survive any phone-based instruction change. Separately, the Australian Cyber Security Centre and ACCC ScamWatch have both flagged AI-generated voice impersonation as an emerging vector against professional services firms where payment instructions can be altered late in a transaction. A Mandurah conveyancer sitting between a remote vendor, an interstate lender, and a buyer reachable only by mobile has the exact threat profile attackers now target with cloned audio.

The 5-minute view

The ARNECC Model Participation Rules Version 7 (January 2024) are the current model rules adopted by each State Registrar under the Electronic Conveyancing National Law
Subscribers must comply with Verification of Identity standards and Client Authorisation requirements as set out in the Participation Rules and supporting Guidance Notes published by ARNECC
Voice-based instruction changes are not a substitute for the verification standard owed to the Registrar — a phone call alone does not satisfy a Subscriber’s verification duty
AI voice cloning now requires only a short audio sample of the target (a voicemail, a recorded settlement call, or social media video) to generate convincing instruction-change calls
Common deepfake-voice indicators on settlement files include: instruction changes initiated by phone rather than the client’s usual channel, urgency framing tied to a “bank issue,” resistance to call-back on a previously-verified number, and small inconsistencies in transaction history that the synthetic caller cannot recover
The ARNECC framework places the verification burden on the Subscriber, not the counterparty — meaning the cost of a deepfake-driven misdirection sits with the conveyancer’s firm
Out-of-band verification using a previously-recorded number (not a number supplied during the suspect call) is the baseline control referenced by Australian cyber and consumer regulators

What DRMO does about it

The Pre-Settlement Flash Audit is a single-transaction diagnostic scoped to one Mandurah settlement file where a phone-based instruction change has occurred or is anticipated. You submit the file reference, the timeline of voice contacts on the file, and any recorded or logged metadata available (call times, originating numbers, voicemail audio if retained). We run a fixed-scope review covering: the call-pattern history against the client’s prior contact behaviour with your firm, the consistency of the instruction change against the documented Client Authorisation on file, the call-back verification path your team used or proposed to use, and the evidence trail that would be required to demonstrate compliance with the Verification of Identity and Client Authorisation provisions of the Participation Rules. The deliverable is a 15-page PDF audit report identifying indicators present on the file, gaps against the ARNECC verification standard, and the verification steps to complete before funds release.

This is the Pre-Settlement Flash Audit productised L2 offer — same diagnostic engine as Step 2 of the Pre-Settlement Shield consulting engagement, scoped to one file and delivered without a discovery call.

The deliverable

15-page PDF audit report scoped to one settlement file
Executive summary with a Red / Amber / Green status and the recommended next action before settlement
Per-indicator review of the suspect voice contact(s), with timeline and call-pattern evidence cited
Gap analysis against the ARNECC Model Participation Rules Version 7 verification provisions
Out-of-band verification checklist for your settlement team to complete before funds release
Evidence-preservation note covering what your firm should retain for any later AFCA or insurer review
Delivered via email within 1 business day of file submission and payment

CTA

Run the Pre-Settlement Flash Audit — AUD $499

A single-transaction productised offer. No discovery call required. Suitable for any Mandurah conveyancing or settlement file where a payment instruction has been issued, changed, or confirmed by phone in the 14 days before settlement.

For ongoing protection across all files, the DRMO Retainer is available as a separate consultative engagement.

Sources

Australian Registrars’ National Electronic Conveyancing Council — Model Participation Rules (Version 7, January 2024): https://www.arnecc.gov.au/publications/model-participation-rules/
Australian Cyber Security Centre — general guidance on social engineering and impersonation threats: https://www.cyber.gov.au/
Australian Competition and Consumer Commission — ScamWatch guidance on impersonation and payment-redirection scams: https://www.scamwatch.gov.au/
PEXA Group Limited — electronic settlement workflow documentation: https://www.pexa.com.au/

DRMO capability references:

Pre-Settlement Flash Audit (L2 productised service shape)
Pre-Settlement Shield (L3 consulting package — Step 2 diagnostic is the basis for this audit)