Pre-Settlement Flash Audit for NSW Conveyancers: Detect Settlement Hijack Indicators Before Funds Move

It’s the day before settlement on a Sydney file. A new email from “the incoming mortgagee” asks you to update the destination account in the financial settlement schedule. Same matter reference, plausible signature, slightly different BSB. Your Subscriber obligations under the NSW Participation Rules sit on you, not on the impostor. The Pre-Settlement Flash Audit is a one-shot diagnostic that surfaces the indicators most often present on settlement-hijack attempts before your team acts on them inside the Electronic Lodgment Network.

Why it matters now

Settlement hijack — where an attacker injects altered payment, identity, or instruction data into the days immediately before an electronic settlement — sits directly inside the obligation surface that the Australian Registrars’ National Electronic Conveyancing Council (ARNECC) sets for Subscribers. Under the Electronic Conveyancing National Law, every Subscriber must comply with the Participation Rules determined by the Registrar in their jurisdiction, modelled on the ARNECC Model Participation Rules (Version 7, January 2024). Those rules require Subscribers to verify the identity of their clients, confirm client authority to act, retain evidence, and maintain the security of their digital signing credentials and Subscriber account. The Australian Cyber Security Centre also publishes general guidance on payment-redirection and impersonation threats targeting professional services at https://www.cyber.gov.au/. For NSW conveyancers, hijack attempts most often target the seam between client communication and ELN data entry — the moment where an unverified instruction can become a Subscriber-signed action.

The 5-minute view

ARNECC publishes the Model Participation Rules (current version: Version 7, January 2024) which each State and Territory Registrar adopts as binding Participation Rules under the Electronic Conveyancing National Law
In NSW, Subscribers are required to comply with the Participation Rules determined by the Registrar General; obligations sit on the Subscriber, not on the party who supplied false information
Settlement hijack typically arrives in the final 3–10 days before settlement, when payment directions, mortgagee details, or client instructions are being finalised in the ELN workspace
Common indicators include late-stage changes to disbursement account details, instructions arriving from a new email address on a familiar domain, and pressure to skip verification “because settlement is tomorrow”
The Model Participation Rules require Subscribers to take reasonable steps to verify the identity of their client and the client’s right to deal with the land — and to retain that evidence
Subscriber digital signing credentials are personal and must not be shared; compromise of those credentials is a hijack vector distinct from the email channel
A pre-settlement flash audit checks one specific file: email authentication on inbound instructions, the change pattern across the matter timeline, and the verification evidence on record against the relevant Participation Rule requirements

What DRMO does about it

The Pre-Settlement Flash Audit is a single-transaction diagnostic delivered against one NSW settlement file. You submit the matter reference and the correspondence chain covering client instructions, payment directions, and any late-stage changes. We run a fixed-scope review covering: SPF/DMARC/DKIM authentication results on inbound mail tied to the file, the sender and instruction-change pattern across the matter timeline against published hijack indicators, and a mapping of the verification evidence on file to the relevant Participation Rule requirements for client identification and right-to-deal verification. The deliverable is a 15-page PDF audit report identifying the indicators present and the recommended verification steps before the Subscriber signs and the workspace locks.

This is the productised single-file version of the diagnostic that runs as Step 2 of the DRMO Pre-Settlement Shield engagement, scoped for self-serve use without requiring a discovery call.

The deliverable

15-page PDF audit report scoped to one NSW settlement file
Executive summary with a Red / Amber / Green status and recommended next action
Per-indicator findings with the underlying email or instruction evidence cited
Mapping table: file evidence against the relevant ARNECC Model Participation Rule clauses (verification of identity, client authorisation, retention)
Verification checklist for the settlement team to complete before Subscriber signing
Delivered via email within 1 business day of file submission and payment

CTA

Run the Pre-Settlement Flash Audit — AUD $499

A single-transaction productised offer. No discovery call required. Suitable for any NSW conveyancing file where payment directions, mortgagee details, or client instructions have been issued or changed in the 10 days before settlement.

This is an operational diagnostic against the Participation Rules surface. It is not legal advice and does not replace your firm’s own verification process.

Sources

Australian Registrars’ National Electronic Conveyancing Council — Model Participation Rules (Version 7, January 2024): https://www.arnecc.gov.au/publications/model-participation-rules/
Australian Cyber Security Centre — general guidance on payment redirection and impersonation threats: https://www.cyber.gov.au/
PEXA Group Limited — Electronic Lodgment Network operator documentation: https://www.pexa.com.au/

DRMO capability references:

Pre-Settlement Flash Audit (L2 service shape, single-transaction productised offer)
Pre-Settlement Shield (L3 consulting engagement, Step 2 diagnostic source)