VOI and Client Authorisation: Essential Risk Mitigation to Avoid e-Conveyancing Fraud

In today's digital era of Australian property conveyancing, Verification of Identity (VOI) and Client Authorisation are more than just checkboxes in a process—they are your best defence against fraud and cybercrime. ARNECC Model Participation Rules (MPR) set out detailed obligations for legal practitioners and conveyancers to verify their clients' identities and authorisation to act before conducting electronic transactions in the national e-conveyancing system through Electronic Lodgement Network Operators (ELNO) like PEXA.

Understanding the Legal Framework

The Model Participation Rules (MPR) were drafted by the Australian Registrars’ National Electronic Conveyancing Council (ARNECC) to provide a nationally consistent set of rules for all jurisdictions in Australia. The MPR sets out the obligations on all parties (practitioners and conveyancers) who are to participate in e-conveyancing and are expected to act at all times in a trustworthy, secure and accountable manner.

Two of the main obligations under the MPR are:

• Verification of Identity (VOI) – Reasonable steps must be taken to verify the identity of the client (or his agent) prior to any dealings or instruments being lodged on his behalf; and
• Client Authorisation – A written authority given by the client to the practitioner (or conveyancer) authorising them to act on behalf of the client in relation to the property or interest in question.

These two obligations are at the heart of the e-conveyancing system and are in place to ensure that only verified and authorised people can make transactions over a property title. This is of critical importance given the online nature of the system and the risks of identity theft, phishing scams and unauthorised lodgements.

Why VOI and Client Authorisation Matter

The shift to digital property settlements has streamlined conveyancing but also introduced new threats. Cybercriminals increasingly target property transactions because of their high monetary value and reliance on electronic communication.

Common fraud risks include:

• Email interception or “man-in-the-middle” attacks, where bank account details are altered.
• Fake VOI documents submitted by impostors posing as legitimate clients.
• Unauthorised client authorisations were created or signed without the client’s knowledge.
• Malware attacks are compromising practitioner systems or PEXA logins.

In this context, compliance with VOI and Client Authorisation requirements is not just regulatory — it is an essential risk mitigation strategy that protects practitioners, clients, and the property market as a whole.

What Are the Mandatory VOI Requirements?

Under the MPR, practitioners must take reasonable steps to verify their client’s identity. While there is flexibility in the methods used, ARNECC provides a VOI Standard as a benchmark.

This involves a face-to-face interview (either in-person or via an approved agent) and the sighting of original identification documents, such as:

• Australian passport or driver’s licence
• Birth certificate with supporting photo ID
• Foreign passport with visa evidence

Practitioners can also use VOI service providers, provided the provider complies with the ARNECC standards and records are maintained.

Best practice dictates that the practitioner should:

• Confirm the client’s physical likeness to the photo ID.
• Ensure the documents appear authentic and unaltered.
• Record details of the verification process, including copies of the ID and date of verification.
• Reverify identity if significant time elapses between verification and settlement.

Failure to meet VOI obligations can result in regulatory sanctions, professional negligence claims, or even criminal liability if fraud occurs due to insufficient verification.

What Is Client Authorisation and Why Is It Important?

The Client Authorisation Form (CAF) is a prescribed document under the MPR that grants the practitioner authority to sign, lodge, and complete documents electronically on behalf of the client through an ELNO such as PEXA.

The CAF must:

• Be in writing and in the prescribed ARNECC format.
• Identify the client, practitioner, and specific property transaction.
• Be signed by the client after the VOI is completed.
• Be retained for at least seven years.

Client Authorisation ensures there is clear, auditable consent from the property owner, reducing the likelihood of disputes or allegations of unauthorised dealing.

Best practice risk management includes:

• Completing the CAF in a secure environment.
• Avoiding remote signing without identity verification.
• Confirming all signatories understand the scope of the authorisation.
• Regularly reviewing internal file management procedures.

Risk Management Strategies for Preventing E-Conveyancing Fraud

To comply with property law CPD requirements and to protect client interests, practitioners must adopt a proactive risk management approach that goes beyond compliance.

1. Implement Robust Cybersecurity Controls
Use multi-factor authentication, encrypted email, and up-to-date antivirus software. Avoid public Wi-Fi when accessing PEXA or client files.

2. Verify Bank Account Details Directly
Always confirm client or agent bank details verbally using known contact numbers before disbursing settlement funds.

3. Use VOI Agents and Secure Platforms
Engage accredited VOI agents who follow ARNECC standards, or use secure digital platforms that incorporate biometric verification.

4. Train Staff on Fraud Detection
Regular staff training — often covered in CPD property law programs — can help teams recognise suspicious behaviour, phishing attempts, or inconsistent documentation.

5. Maintain Detailed Records
Keep copies of VOI and Client Authorisation documents for the required retention period, including audit trails of digital lodgements.

6. Review Policies Regularly
Revisit and update office procedures annually to reflect changes in ARNECC rules, technology, or known fraud risks.

Frequently Asked Questions

Q1: What happens if I fail to properly verify a client’s identity?
Failing to perform VOI correctly can lead to professional misconduct findings, compensation claims, or liability for losses arising from fraud. It may also breach your obligations under the MPR and relevant state legislation.

Q2: Can I rely on another practitioner’s VOI or Client Authorisation?
Generally, no. Each practitioner acting for a party must complete their own VOI and hold a valid Client Authorisation. Reliance on another party’s verification is only permissible under limited, clearly documented circumstances.

Q3: Are remote VOI processes compliant?
Yes, if they meet the ARNECC’s definition of “reasonable steps.” Video verification may be acceptable when conducted via secure platforms that capture live images, verify document authenticity, and store audit trails.

Q4: What are some red flags for potential fraud?

• Sudden changes in client instructions or contact details.
• Urgent settlement requests with incomplete documentation.
• Unusual payment directions.
• Clients are unwilling to meet in person or provide original ID.

Q5: How can CPD programs help practitioners manage these risks?

Ongoing CPD for lawyers — especially in property law CPD — offers practical guidance on fraud prevention, cyber risk management, and ARNECC compliance. Participating in regular CPD property law workshops ensures practitioners stay current with best practices and evolving legal standards.

As Australia’s property sector continues its digital evolution, Verification of Identity and Client Authorisation are indispensable tools for maintaining trust and security in e-conveyancing. Adherence to the ARNECC Model Participation Rules is not simply a legal necessity — it is an ethical and professional responsibility.

By integrating robust verification processes, sound client authorisation practices, and comprehensive risk management, practitioners can significantly reduce exposure to cybercrime and identity fraud.

Continued engagement with Property Law CPD, including sessions focused on the latest property law CPD requirements, enables lawyers to strengthen compliance while enhancing practical competence. Through proactive learning and vigilant practice, CPD lawyers safeguard both their clients and the reputation of Australia’s e-conveyancing system.