Pre-Settlement Flash Audit for Perth Sole Practitioners: Catch Settlement-Hijack Indicators Before You Sign the Workspace

You are a one-person firm. The file has been running for six weeks. The PEXA workspace is populated, the destination account is sitting on the financial settlement schedule, and you are the only person on your side of the transaction who will see it before funds move. If a hijack attempt has already been planted — a swapped trust-account line, a substituted representative on the other side, an instruction email that did not actually come from your client — there is no second pair of eyes to catch it. The Pre-Settlement Flash Audit is a single-transaction diagnostic that puts that second pair of eyes on the file before you click sign.

Why it matters now

Electronic conveyancing in Western Australia operates under Participation Rules determined by the Registrar of Titles under the Electronic Conveyancing National Law, with the model text maintained by the Australian Registrars’ National Electronic Conveyancing Council (ARNECC). The current Model Participation Rules (Version 7, published January 2024) place direct obligations on Subscribers — including sole practitioners — covering client authorisation, verification of identity, retention of evidence supporting right-to-deal, and account-security controls used to access the Electronic Lodgment Network. A settlement hijack — where an attacker manipulates the destination account, the representative identity, or the client instruction chain in the final days before lodgement — is a failure of exactly the controls these rules require a Subscriber to maintain. For a sole practitioner, the compliance record sits with you personally, and so does the trust-account exposure if funds move to the wrong destination.

The 5-minute view

• ARNECC’s Model Participation Rules Version 7 (January 2024) is the current model text Registrars draw from; Western Australia’s Participation Rules are determined by the Registrar of Titles under the Electronic Conveyancing National Law
• The Model Participation Rules require Subscribers to verify the identity of their client, establish the client’s right to deal with the land, and retain evidence of both
• Subscribers are required to maintain the security of their digital credentials used to access the Electronic Lodgment Network Operator’s system
• Settlement-hijack patterns typically combine a late-stage payment-instruction change, a plausible-but-substituted email domain, and time pressure tied to the scheduled settlement date
• Sole practitioners are structurally exposed because there is no second reviewer on the file; the Subscriber, the Signer, and the file-handler are the same person
• A Flash Audit reviews one specific workspace before signing: the financial settlement schedule lines, the inbound instruction chain authenticating those lines, and the Subscriber’s account-access posture against the Participation Rules’ security obligations

What DRMO does about it

The Pre-Settlement Flash Audit is the single-transaction productisation of Step 2 of the DRMO Pre-Settlement Shield package, scoped to a one-person firm with one file in flight. You submit the workspace reference, the inbound payment-instruction correspondence chain, and a redacted copy of the financial settlement schedule. We run a fixed-scope review covering three areas: (1) the financial settlement schedule destination-account lines reviewed against the instruction chain that authorised each one; (2) email-authentication results (SPF, DKIM, DMARC) on the inbound instructions and the sender’s prior correspondence pattern with your firm; (3) your Subscriber account-access posture (MFA enrolment, credential-sharing indicators, session-handling) mapped against the security obligations Subscribers carry under the ARNECC Model Participation Rules. The output names the indicators present and the verification steps to take before you sign.

The deliverable

• 15-page PDF audit report scoped to one settlement file
• Executive Red / Amber / Green status with the recommended next action before signing
• Financial settlement schedule line-by-line review with the underlying authorisation evidence cited
• Inbound instruction authentication results (SPF / DKIM / DMARC) with the email evidence cited
• Subscriber account-access checklist mapped to Participation Rules security obligations
• Pre-sign verification checklist for you to complete in the workspace
• Delivered via email within 1 business day of file submission and payment

CTA

Run the Pre-Settlement Flash Audit — AUD $499

A single-transaction productised offer. No discovery call required. Suitable for any sole-practitioner file where the PEXA workspace is populated and you have not yet signed. This door is operational support for your Participation Rules obligations; it is not legal advice and does not substitute for your own professional judgment as the Subscriber.

Sources

1. Australian Registrars’ National Electronic Conveyancing Council — Model Participation Rules (Version 7, January 2024): https://www.arnecc.gov.au/publications/model-participation-rules/
2. Australian Cyber Security Centre — general guidance on business email compromise and credential-security threat classes referenced in the audit: https://www.cyber.gov.au/
3. Australian Competition and Consumer Commission — Scamwatch domain reference for payment-redirection scam categories: https://www.scamwatch.gov.au/
4. PEXA Group Limited — Electronic Lodgment Network Operator referenced in the workspace review: https://www.pexa.com.au/

DRMO capability references:

• Pre-Settlement Shield (L3 Shield package, §Package 1) — source: DRMO service-packages catalogue
• Pre-Settlement Flash Audit (L2 service shape) — source: DRMO surface-area matrix