For NPT Consideration

(1)

1

For NPT Consideration

To: National Project Team

From: Ann Kinnear

Date: 31 July 2009

Re: Document Signing Revisited

Purpose: To obtain the National Project Team (NPT)’s views on recommendations for the signing of documents in NECS.

Antecedents: On 6 March 2009 the NPT was issued with a paper canvassing options for the signing and unsigning of documents in NECS1. The paper was considered at the NPT meetings on 24 March and 12 May 2009 and at the latter meeting a consensus was reached on how documents should be unsigned (ie invalidated). On 29 May 2009 a further paper was issued on options for the process of unsigning documents in NECS2. This paper was considered at the NPT meeting on 23 June 2009 and again on 21 July 2009 where a resolution was reached that documents in NECS are to be invalidated by:

• any Certifier for the Subscriber responsible for the document (this means that once a document is signed the workspace data items it contains are to be locked from User access but not from Certifier access)

• the Certifier changing a data item in the workspace that has been included in the document (this means the Certifier changes a data item for which the Subscriber is the Authoritative Supplier3).

A consequence of document invalidation in this way is that all signed documents in the workspace containing the changed data item will also be invalidated and their responsible Subscribers will be notified that their documents need to be re-prepared and re-signed if satisfactory after the workspace data change.

The NPT discussions leading up to this resolution exposed the need to revisit the signing of documents in NECS and particularly the presumption that all document types need to be signed by a Certifier. There are also further issues as to whether provision needs to be made for Subscribers to be able to nominate particular Certifiers as being able to certify particular document types only and that all or some document types in some circumstances may require dual certifications and/or signings.

Background: The National Business Model4 (NBM) and the NECS Requirements Definition5 (NRD) describe three document (or authorisation) types needing to be prepared, certified and signed in NECS to effect the requirements of conveyancing transactions. These document types are:

• Registry Instruments, which instruct the Land Registry on the changes to be made to its Torrens Title Register (eg transfers, mortgages, discharges, etc)

• Information Reports, which provide transaction information for use by government agencies (eg notices of sale, notices of acquisition, etc) for taxing and rating purposes

• Settlement Statements, which certify the sources and destinations of settlement funds.

Registry Instruments and Information Reports are of multiple types in different formats with varying contents determined by the Land Registry in each jurisdiction on its own behalf for Registry Instruments and on behalf of other government agencies in its jurisdiction receiving Information Reports.

Settlement Statements are of only two types, each with standardised content determined by the NECS Operator. Funder Statements are prepared for certification and signing by Subscribers who are financial institutions with Exchange Settlement Accounts at the Reserve Bank of cleared funds availability for settlements. Receiver Statements are prepared for certification and signing by Subscribers representing vendors and purchasers of the destination of settlement disbursements.

1

NPT Paper on Document Signing 060309.

2

NPT Paper on Document Unsigning Refined 290509.

3

The Authoritative Supplier for a workspace data item in NECS is the Subscriber whose supply of the data item takes preference over all other Subscribers participating in the same transaction.

4

National Business Model v10 150607.

5

(2)

2

The NBM and the NRD take the simplest view that all documents in NECS are certified and signed by a Certifier on behalf of the Subscriber responsible for the document. However, this may not be the arrangement best suited to many industry participants’ preferred way of working. Furthermore, for internal control purposes some

Subscribers in some circumstances may want to have two Certifiers or other Users certify and/or sign particular document types.

Subject to final resolution by the NPT of the eligibility requirements for Subscribers and Certifiers in NECS6,7, a Certifier is either:

• an industry practitioner (legal practitioner or licensed conveyancer) when the Subscriber is not a legal or conveyancing practice and is representing independent transacting party(ies), or

• a delegated employee or empowered contractor (who may, but need not, be an industry practitioner) of the Subscriber when the Subscriber is either a legal or conveyancing practice representing independent transacting party(ies) or a financial institution, government agency or other entity representing itself. Certifiers are to be nominated by a Subscriber and registered with NECS and their industry practitioner

qualifications where necessary are supplied to and verified by the NECS Operator. Certifiers have their identity verified by their Subscriber and are issued with Child Organisation DSCs by their Subscriber. Certifiers may be nominated to certify and sign documents by more than one Subscriber, but in doing so they must be separately nominated as a Certifier by, and hold separate DSCs issued by, each Subscriber. They must use the relevant DSC when signing for the Clients of each Subscriber.

Further relevant details are contained in the related papers attached.

Issues: The issues that arise in revisiting the signing of documents in NECS include: 1. Are there essential differences between the three document types?

The three document types – registry instruments, information reports and settlement statements – are different in their intended purpose.

Registry Instruments are legal instruments in the format and with the content required by the Land Registry to change its Torrens Title Register (TTR). Once used by the Land Registry to update its TTR, the new or changed Register entries are indefeasible and the registry instruments become part of the TTR and available for public searching. As such, it is critical they be correct and as intended by the transacting parties in all respects and when not being signed by the transacting party include independent certifications as to the compliance by the Subscriber with all procedures prescribed by the Land Registry.

Information Reports are required notifications to government agencies of changes in land holdings for the purposes of levying duties, taxes and rates. In general, they result in the issue of assessment notices where any error occurring from their content can be subsequently brought to attention and corrected without undue inconvenience.

Settlement Statements are confirmations to NECS of either the availability of cleared funds for settlements or the intended destination of settlement disbursements. They provide confidence and traceable certainty in the accuracy of the workspace data (settlement schedule details) necessary for a successful financial settlement. 2. Do all document types in NECS need to be certified and signed by a Certifier?

While all three document types are essential to the integrity of the transaction completion process using NECS, Registry Instruments are the most critical in ensuring transacting party confidence. For the confidence of transacting parties and Land Registries, and the integrity of the Land Registry’s TTR, Registry Instruments need to be certified and signed by the transacting party or a person on the transacting party’s behalf who is

thoroughly familiar with conveyancing requirements and practices. In the latter instance this means someone with professional qualifications in law or conveyancing or someone working under the close supervision of such a professionally qualified person.

Information Reports and Settlement Statements are essentially of a different nature not requiring a thorough knowledge and understanding of conveyancing. They do not affect the property interests of transacting parties and are not legal instruments. They could be certified and signed by Users rather than Certifiers on the direction of Subscribers. Neither requires the practical knowledge of conveyancing of a Certifier who is an industry practitioner or working under the supervision and control of a legal or conveyancing practice when representing transacting parties. Funder Settlement Statements in particular will always be certified and signed on behalf of a financial institution representing itself.

6

NPT Paper on Operational Roles 240409.

7

(3)

3

3. Are there options for the signing of Information Reports? Information Reports could be certified and signed by:

• a Certifier nominated by the Subscriber, or • any User issued with a DSC by the Subscriber

For the most part, Information Reports will be the electronic equivalent of Notice of Sale, Notice of Acquisition and like paper documents in the existing paper conveyancing process in each jurisdiction. They will therefore most commonly be the responsibility of Subscribers acting for purchasers with those Subscribers most likely to be legal or conveyancing practices.

The circumstances for such certifications and signings could be as follows:

Certification & Signing by Subscriber is the Transacting Party Subscriber is representing the Transacting Party

Certifier Possible but not necessary Same as minimum requirement for Registry

Instruments

User with DSC Same as minimum requirement for

Registry Instruments

Can be made available if Relying Parties agree

The principal Relying Parties for Information Reports are the Revenue Offices whether or not they are delivered directly to the Revenue Office or lodged with the Land Registry for subsequent providing of the data they contain to the Revenue Office. Therefore, to allow Information Reports to be signed by a User who is not a Certifier the Revenue Offices as Relying Parties must accept such an arrangement as sufficient for their purposes.

In determining whether or not to allow certification and signing of Information Reports by other than a Certifier, consideration needs to be given to the trade-off between increased convenience and flexibility in preparing transactions for settlement and/or lodgment and the potentially increased risk of using more than one person to certify and sign the documents in a transaction for which the same Subscriber is responsible.

4. Are there options for the signing of Settlement Statements?

Settlement Statements are of two types – Funder Statements and Receiver Statements. They are in effect the equivalent in NECS of bank cheques in the existing paper conveyancing processes8.

Funder Statements are to be certified and signed only by financial institutions holding Exchange Settlement Accounts at the Reserve Bank. They certify the availability of an amount of cleared funds for a specific

settlement. They are relied upon by vendors and discharging mortgagees that funds are being made available by the purchaser and/or incoming mortgagee to complete the transaction.

Financial institutions certifying and signing Funder Statements are doing so on their own behalf and Funder Statements could therefore be certified and signed by a Certifier nominated by the Subscriber (which for a financial institution acting for itself includes any User issued with a DSC by the Subscriber).

Receiver Statements are to be certified and signed by the representatives of vendors and purchasers. They certify the destinations of specific amounts as disbursements from a specific settlement. They are relied upon by vendors and discharging mortgagees that funds have been properly allocated from the settlement.

Subscribers certifying and signing Receiver Statements are doing so on behalf of vendors and purchasers. Receiver Statements could therefore be certified and signed by:

• a Certifier nominated by the Subscriber, or • any User issued with a DSC by the Subscriber.

The circumstances for Receiver Statement certifications and signings are therefore the same as for Information Reports, that is, to allow Receiver Statements to be signed by a User who is not a Certifier the other

Subscribers as the Relying Parties on behalf of their Clients must accept such an arrangement as sufficient for their purposes.

However, as with Information Reports, in determining whether or not to allow certification and signing of Receiver Statements by other than a Certifier, consideration needs to be given to the trade-off between increased convenience and flexibility in preparing transactions for settlement and/or lodgment and the potentially increased risk of using more than one person to certify and sign the documents in a transaction for which the same Subscriber is responsible.

8

(4)

4

5. Do all document types need to be signed with a DSC?

It is a fundamental premise of the National Business Model9 that all documents upon which other parties are to rely during and after the transaction are to be signed with a Gatekeeper-compliant Digital Signature Certificate (DSC). Requiring the use of a DSC to sign documents in NECS provides:

• a second credential to the user-id provided to all persons given access to NECS

• a credential that is issued by a party independent of all the parties involved in the transaction (the Certification Authority)

• a credential whose renewal and currency at any point in time is maintained by a party independent of all parties involved in the transaction (the Certification Authority)

• a credential which when used is unequivocally attributable to a specific Subscriber • protection against repudiation of the signing or the document contents.

These arrangements give greater certainty to both the legitimacy of document signings and the responsibility for consequences flowing from the signings. They particularly mitigate the risk of the Certifier or Subscriber

subsequently repudiating a signing. While it is possible for a Certifier’s user-id and DSC to both be compromised, the likelihood of both being compromised is significantly less than for a user-id alone. 6. Are there circumstances where Subscribers may want to limit who can certify and sign particular

document types?

NECS will control the circumstances in which a Certifier or other registered User with a DSC can certify and sign each document type. For example, the system will only allow a User who is registered with NECS as a Certifier to certify and sign Registry Instruments.

Subscribers may however want to control which of their Certifiers can certify and sign particular document types. For example:

• a Subscriber representing transacting parties may want to have different Certifiers certify and sign relinquishing and receiving Registry Instruments

• a Subscriber who is a financial institution may want to have different Certifiers certify and sign mortgage instruments (mortgage department) and funder statements (treasury department)

• a Subscriber who is a mortgage processor representing lenders may want to have different Certifiers certify and sign mortgage and discharge of mortgage instruments

• a Subscriber who is a non-bank lender and a mortgage processor may want to have different Certifiers certify and sign mortgage and discharge of mortgage instruments for which it is the lender and mortgage and discharge of mortgage instruments for which it is representing the lender.

To provide this risk management facility for Subscribers it would be possible to have Subscribers nominate, when they register Users as Certifiers, what document types they want each Certifier to be able to certify and sign.

7. Are there circumstances where Subscribers may require more than one certification and signing of a document?

The NECS Operations Description10 provides for financial institutions to require, for internal control purposes, two signatures on Funder Statements by pre-setting their preference. The two signatures could if necessary be required from Certifiers assigned to different workgroups. Such dual signing is the electronic equivalent of a financial institution requiring two signatures on behalf of the institution on its bank cheques. However, the criticality of Funder Statements being correct in NECS is greater because the funds committed by the Statements are cleared funds immediately available for withdrawal once deposited in the receiver’s account. An existing industry practice has also been identified where some mortgagees require dual signing of mortgage discharges to ensure mortgages are not discharged inappropriately, for example, where they are securing other loans.

A facility for Subscribers to be able to pre-set a preference for dual certification and signing of any or all document types in NECS can be readily provided. In so doing, the arrangements would be:

• Subscribers to be able to set their preference globally by document type (ie all document types for all transactions or specific document types only for all transactions)

• Subscribers to be able to set a minimum monetary amount for dual certification and signing to be required for documents with a financial implication (eg mortgage and discharge of mortgage instruments and settlement statements) 9 NBM v10 150607 §11 page 25. 10 NOD v6 150607 §9.4.10 page 51.

(5)

5

• the second signing is to confirm the certification of the first signatory

• the document is to remain unsigned until all required signatures have been applied

• both signatures are to be included in the document and attributed to the responsible Subscriber.

Being able to set a minimum monetary amount for dual certification and signing to be required of documents with a financial implication, enables Subscribers to exercise their own risk management over the certification and signing process.

8. Are there any implications for the invalidation of signed documents?

Allowing Information Reports and Settlement Statements to be certified and signed by either a Certifier or other registered User of the Subscriber means that the workspace data items included in those documents that are not also included in Registry Instruments cannot be locked for Certifier change only once the documents that contain them are signed.

There is not expected to be any workspace data item common to both Registry Instruments and Settlement Statements. There are, however, expected to be some workspace data items common to both Registry Instruments and Information Reports and those data items will not be locked for Certifier only access to change once the Registry Instruments are signed. If Subscribers chose to set their system preferences to require a Certifier to certify and sign Information Reports, the common data items with Registry Instruments will only be accessible after document signing by a Certifier.

Recommendations: Having regard to the above issues, it is recommended that: 1. Registry Instruments are to be certified and signed by a Certifier in all instances.

2. Information Reports and Settlement Statements are to be able to be certified and signed by either a Certifier or other registered User of the Subscriber at the Subscriber’s discretion.

3. Subscribers are to be able to register their Certifiers and Users as entitled to certify and sign all or particular document types only.

4. Subscribers are to be able to pre-set a preference for all or particular document types only to require two signatures, if necessary from Certifiers or Users allocated to different workgroups. For documents with a financial implication, Subscribers are to be able to set a minimum monetary amount above which they require two signatures.

Feedback: A template for securing industry feedback is attached and provided separately for ready completion and return.

(6)

6

NPT FEEDBACK FORM – Document Signing Revisited

This template is intended as a ready means for industry participants to document their feedback. Please provide your name, industry involvement and contact details for validation purposes.

(Replace with name, industry involvement and contact details)

1. What is your general view on the recommendations for signing documents in NECS? (Replace with your feedback)

2. How will your business or practice be affected by the recommendations? (Replace with your feedback)

3. Which of the recommendations, if any, do you believe is not in the best interest of all parties? (Replace with your feedback)

4. What is your preference for the signing of documents in NECS? (Replace with your feedback)

(7)

1

For NPT Consideration

Date: 29 May 2009

Re: Document Unsigning Refined

Purpose: To obtain the National Project Team (NPT)’s views on a remaining aspect of invalidating signed documents in NECS.

Background: The attached paper on Document Signing was distributed on 6 March 2009 and discussed at the NPT meetings on 24 March and 12 May 2009.

At the NPT meeting on 12 May, a consensus emerged that signed documents should be able to be invalidated by any Certifier appointed by the Subscriber responsible for the document. This approach of requiring a Certifier to invalidate a signed document was seen as providing protection against the Subscriber’s general Users

intentionally or accidentally invalidating a signed document without the restriction of requiring the specific Certifier who signed the document to invalidate it.

Electronic documents in NECS are prepared from pre-defined templates and specific workspace data items. It is possible for the same workspace data item to be used:

• in more than one document signed for a Subscriber (eg purchaser’s name in transfer counterpart and in mortgage)

• in documents signed for more than one Subscriber (eg sale consideration in both transfer counterparts). A change in a workspace data item after documents have been signed can, therefore, affect more than one signed document and documents signed on behalf of more than one Subscriber participating in the transaction. Issues: To complement the preferred approach on responsibility for invalidating documents, it is necessary to consider the way in which a signed document is to be invalidated by a Certifier.

1. Should invalidation of signed documents require a Certifier to invalidate the document before being able to change a workspace data item?

This method of invalidating signed documents would rely on workspace data items that have been used in preparing one or more signed documents being individually locked against change until a signed document containing the data item had been invalidated by a Certifier in a “document invalidation” process. The system would automatically invalidate all other signed documents containing a shared workspace data item and notify their respective Subscribers of their documents having been invalidated and why.

Once all signed documents sharing a workspace data item have been invalidated, the relevant data items would become unlocked for change by any participating User or Certifier and following the necessary change having been made, all affected documents would need to be re-prepared, certified and signed on behalf of their relevant Subscribers.

2. Should signed documents be able to be invalidated by a Certifier changing a workspace data item that has been included in the signed document?

This method of invalidating signed documents would rely on workspace data items that have been used in preparing a signed document being individually locked against change by a User but not by a Certifier. The Certifier needing to invalidate a signed document because of a data entry error or something having changed about the transaction would enter the workspace and change the relevant data item and in so doing all signed documents that have used that data item would be automatically invalidated. This invalidation may include documents signed on behalf of other Subscribers participating in the transaction and the system would notify those Subscribers of their signed documents having been invalidated and the documents needing to be re-prepared, certified and signed before the workspace can be ready for settlement and/or lodgment.

The Certifier would only be able to change a workspace data item for which the Subscriber they are representing is the authoritative supplier1.

1

Every workspace data item will be required to have an authoritative supplier from the roles participating in the workspace in order for competing demands to update data items to be satisfactorily resolved, especially among web services users.

(8)

2

3. Should the Certifier invalidating signed documents be required to apply their DSC to authenticate their action?

For either of the above methods of invalidating a signed document, the Certifier can be required to apply their DSC in the process to authenticate the action. Requiring application of a DSC prevents general Users of the Subscriber who gain access to a Certifier’s user-id and password from invalidating a signed document and puts beyond any doubt which Subscriber is responsible for the action and any consequential delay to a financial settlement2.

Options: The above issues lead to four possible methods of invalidating signed documents in NECS:

1. Document Invalidation: a Certifier in an “invalidation process” invalidates a signed document and all other signed documents sharing one or more of the workspace data items

2. Document Invalidation with DSC: a Certifier applying their DSC in an “invalidation process” invalidates a signed document and all other signed documents sharing one or more of the workspace data items

3. Data Change: a Certifier changing an affected workspace data item automatically invalidates all signed documents sharing that workspace data item

4. Data Change with DSC: a Certifier applying their DSC in changing an affected workspace data item automatically invalidates all signed documents sharing that workspace data item.

For all options, the identity of the Certifier invalidating the signed document would be recorded on the workspace’s noticeboard as well as being included in the workspace’s activity audit trail. Invalidated documents would also be posted to the workspace’s noticeboard and retained in the workspace’s audit trail. Invalidated documents would not be lodged or delivered after settlement and would not be available for re-use in any way.

Analysis: The four options can be compared on the basis of their:

• convenience

• security

• efficiency.

In terms of convenience, Options 3 & 4 are more convenient than Options 1 & 2. A Certifier need only enter the workspace and change an affected data item to invalidate all signed documents containing that data item. Option 3 is more convenient than Option 4 because of not needing to apply a DSC in the process.

In terms of security, Options 1 & 2 are more secure than Options 3 & 4. Requiring a specific signed document to be invalidated reduces the potential for an invalidation to occur in error with potential consequential implications for the transaction being completed as required by all parties. Option 2 is more secure than Option 1 because of the need for a DSC to be applied and the irrefutable attribution of the action to a specific Subscriber.

In terms of efficiency, Options 3 & 4 are more efficient than Options 1 & 2. Invalidating all signed documents sharing workspace data items potentially invalidates documents that do not contain the workspace data item needing to be changed to correct the situation. The Subscribers responsible for such documents will need to have a Certifier re-enter the workspace and re-prepare, certify and sign the document in exactly the same form as it was previously.

Summary: Each of the options has benefits and disadvantages that can be summarised as follows:

Option Benefits Disadvantages

Document Invalidation (Certifier invalidates specific signed document)

• less risk of accidental invalidation • less secure

• dependent only on user-id and password to identify Certifier

• less efficient

• may cause other signed documents to be unnecessarily invalidated

Document Invalidation with DSC (Certify required to apply DSC to invalidate specific signed document)

• least risk of accidental invalidation

• more secure

• unequivocal attribution to Subscriber

• less convenient

• less efficient

• may cause other signed documents to be unnecessarily invalidated

Data Change

(Change of workspace data item by

• more convenient • less secure

2

(9)

3

Certifier invalidates all signed

documents sharing that data item) • more efficient • dependent only on user-id and password _{to identify Certifier}

• greater risk of accidental invalidation Data Change with DSC

(Certifier required to apply DSC to change data item)

• more secure

• more efficient

• unequivocal attribution to Subscriber

• less convenient

Conclusion: There are at least four methods for invalidating signed documents in NECS and the choice among them is a trade-off between convenience, security and efficiency.

(10)

4

NPT FEEDBACK FORM – Document Unsigning Refined

1. What is your general view on the way signed documents should be invalidated in NECS? (Replace with your feedback)

2. How will your business or practice be affected by each of the options proposed? (Replace with your feedback)

3. Which option do you believe is in the best interest of all parties? (Replace with your feedback)

4. What is your preference for the method of invalidating signed documents in NECS?

(Replace with your feedback)

PLEASE RETURN YOUR FORM TO ... BY ... PLEASE RETURN YOUR FORM TO ... BY ...

(11)

1

For NPT Consideration

Date: 6 March 2009

Re: Document Signing & Un-signing

Purpose: To obtain the National Project Team (NPT)’s views on options for the un-signing and re-signing of documents in NECS.

Background: NECS provides for three types of documents to be prepared, certified and signed in the process of authorising a transaction for financial settlement and lodgment. These are:

• Registry Instruments (sometimes referred to just as instruments for short) that deliver data items to the Land Registry and authorise specific changes to the Land Registry’s Torrens Title Register. The equivalent of these in today’s paper process are the transfer, discharge, mortgage and other instruments prepared on paper, signed, if necessary exchanged at settlement and eventually hand-delivered to the Land Registry1,2. • Information Reports that deliver data items to government agencies, such as Land Registries, Revenue

Offices and Local Councils, but do not authorise any specific actions on the Land Registry’s Torrens Title Register. The equivalent of these in today’s paper process are the Notice of Sale in NSW, Notice of Acquisition in Victoria, Advice of Sale in WA and similar notifications in other jurisdictions.

• Settlement Statements that provide certification of the sources and disbursements of funds for settlements. There are to be two types3 of Settlement Statement – Funder Statements and Receiver Statements. The closest equivalent of these in today’s paper process is bank cheques. They are not delivered but remain in NECS as evidence of the details of the settlement having been certified correct.

Funder Statements are to provide confirmation that cleared funds have been made available for a financial settlement. Each statement contains an amount, an account where it is available and a certification from the financial institution holding the account that the funds are cleared and ready for the settlement.

Receiver Statements are to provide confirmation of the details of disbursement payments from the settlement. The statements contain data items from the transaction’s settlement schedule and a certifications as to the amounts and account details on which the settlement will rely.

Each of these documents is prepared by NECS, on the instruction of a Subscriber, from:

• a template containing fixed text identifying its purpose and places for particular data items to be inserted • data items taken from the transaction’s workspace and inserted into the template

• specific certification statements needing to be affirmed prior to signing • the name of the Subscriber responsible for the document

• the name and digital signature of the Certifier certifying and signing the document on behalf of the Subscriber. For Registry Instruments, the fixed text in the document template includes the operative words that give effect to the document’s purpose of authorising changes to the Land Registry’s title records.

All three document types are electronic documents. While they are screen-viewable and can be printed, their primary purpose is to provide an electronic record of:

• the workspace data at the time of document signing

• instructions and certifications lodged with or delivered to government agencies4 .

Copies of all three document types are retained in NECS for viewing by any Client or their Subscriber in the transaction.

1

Or, as is the case with a significant proportion of instruments in Queensland, scanned and an image sent electronically to the Land Registry, and in Tasmania a limited number of instrument types prepared online and sent electronically to the Land Registry. Nevertheless, the majority of instruments across Australia are currently prepared on paper and the majority are lodged on paper.

2

While some traditional instruments may be prepared in NECS as instrument counterparts, such counterparts are still instruments.

3

This is a rationalisation of the three types indicated in the latest published version of the National Business Model v10 150607 p11.

4

(12)

2

The number of Registry Instruments needing to be prepared for any transaction will be determined by: • the transaction scope enabled by the Land Registry in the jurisdiction at the time5

• the nature of the transaction being undertaken

• the instruments selected by each participating Subscriber for lodgment from the workspace.

The instrument types available for the jurisdiction where the land is located will be displayed in workspaces and when an instrument type is selected by a participating Subscriber the workspace will be configured (or

re-configured) to include the data items needed for all of the selected instruments. The template for each instrument type, the data items needed to complete it and the business rules applying to those data items are all

pre-determined by the Land Registry.

The number of Information Reports needing to be prepared for any transaction will be determined by:

• the number of report types enabled by the Land Registry in the jurisdiction for delivery to government agencies • the requirements of the government agencies in the jurisdiction

• the rules in the jurisdiction requiring particular reports to be delivered when specific instruments are being lodged.

As with Registry Instruments, the available reports in the jurisdiction where the land is located will be displayed in the workspace for the transaction. Where a particular report is mandatory the workspace will be configured with the required data items included and the participating Subscribers will be prompted to enter the required data and certify and sign the required report.

The number of Settlement Statements needing to be prepared for any transaction will be determined by: • the number of separate sources of mortgage and private funds required for settlement of the transaction

(Funder Statements)

• the number of participating Subscribers nominating separate disbursement payments from the settlement. (Receiver Statements)

Each Funder Statement will require a financial institution6 with an Exchange Settlement Account (ESA) at the Reserve Bank of Australia (RBA) to certify the amount and source account details of cleared funds for the settlement by completing a Settlement Statement. This is irrespective of whether the funds are a mortgage advance or private funds (see Cleared Funds Protocol7).

Each Receiver Statement will require a Subscriber participating in the transaction and nominating a disbursement payment to be made from the settlement to certify the amount and destination account details of each payment. A Receiver Statement may contain certification of more than one settlement disbursement payment by the same Subscriber. Subscribers representing the vendor, the purchaser, an incoming mortgagee or an outgoing

mortgagee may nominate disbursement payments.

Settlement Statements will only be required when the transaction involves a settlement. When a participating Subscriber (most probably a Subscriber representing either the purchaser or an incoming mortgagee) selects8 a settlement as a necessary feature of the transaction, the workspace will be configured with a Settlement

Schedule providing for the sources and disbursements of funds. The Settlement Schedule9 will provide for an unlimited number of funding sources and disbursement payments for each settlement and for the preparation, certification and signing of a Funder Statement for each funding source and of a Receiver Statement for the disbursement payments nominated by each participating Subscriber. At the discretion of Subscribers responsible for funding settlements, two Funder Statements certified and signed by separate Certifiers may be required for each funding source10.

All three document types are to be printable11 after certification and signing. Once each document is certified and signed, a copy is to be posted11 to the noticeboard in the workspace for all participating Subscribers and Clients to view. Any personal information in the documents not generally available to others in the workspace, and especially account details in Settlement Statements, will be redacted on the copies before posting to the workspace’s noticeboard.

5

While it is expected that all Land Registries will enable a minimum transaction scope, some may enable a greater range of transactions either initially or after an initial familiarisation period.

6

There are some non-financial institutions with ESAs authorised by the RBA to provide agency services to credit unions, building societies and other deposit holders. For a full list of ESA account holders, see http://www.rba.gov.au/PaymentsSystem/Rits/membership_list.html.

7

Cleared Funds Protocol refers to a NECO Issues Paper yet to be distributed. It is intended to describe a uniform process by which financial institutions will make funds available for settlements using NECS.

8

A financial settlement as a characteristic of the transaction is to be selectable either before or after the workspace is created.

9

The Settlement Schedule is a component of the workspace that will be printable if necessary for verification with Clients. It may include a Settlement Adjustments Calculator for apportioning liability for local government rates and service utility payments between vendor and purchaser.

10

This feature can be compared to requiring two signatures on a bank cheque.

11

(13)

3

The procedure for signing of documents is yet to be fully described but the thinking at this time is that documents will be signed either in:

• the browser of users using the NECS via direct Internet access, or • the in-house systems of users using web services access12

.

In both instances the document will be formatted and populated in NECS, using the appropriate document template and the relevant workspace data items, and transferred to the user in a convenient screen-viewable format11 using the NECDS13. If the user is a Certifier and is happy with the presented document they will affirm the certifications required and apply their digital signature14. The completed and signed document will then be transferred back to NECS, again using the NECDS15. If the document is not signed, such as when a user is simply viewing the document for confidence everything in the workspace is in order, the unsigned document will not be retained nor allowed to be stored or printed locally. Instead, a new document will be generated

subsequently when a Certifier is ready to certify and sign it.

While the integrity of all three document types is important, that of Registry Instruments is critical to the accurate and safe updating of the Land Registry’s Torrens Title Register. It is for this reason that the nature and signing of all three document types is based for consistency on the requirements for Registry Instruments.

Issues: The issues that arise in signing documents in NECS are: 1. Should unsigned documents be able to be stored and/or printed?

The intention is that documents prepared in NECS will only be able to be locally stored and printed after having been certified and signed. The thinking behind this intention is that documents that are unsigned have no legitimate standing and run the risk of being mistakenly relied upon and/or used to facilitate a fraud. The issue that arises is whether a means should be provided for Subscribers to be able to review prepared documents with their Clients before having them certified and signed. Subscribers may choose not to do so, being wholly confident in their instructions from the Client, but some may and in some circumstances all may wish to have the ability to do so.

2. Should there be a minimum duration before the scheduled settlement time that all documents need to be signed by?

The intention is that workspaces will be created, configured and populated, and documents prepared for certification and signing, at the discretion of the Subscribers participating in the transaction on behalf of their Clients. Some Subscribers may have a Certifier complete all of their documents well before the scheduled settlement time, while others may leave it until the last minute.

The issue that arises is whether under such an arrangement all Subscribers participating in the transaction will have sufficient time to review the final state of the workspace before settlement occurs. In the current paper process, the transacting parties or their representatives can refuse to settle if there is any aspect of a document that they are not happy with at the point of settlement.

3. What is to be the procedure if a signed document needs to be changed and re-signed?

This issue is the culmination of the two above. If review of a signed document with the Client or review of the workspace by the Subscriber identifies something about the transaction that needs to be changed, there needs to be a means for effecting the change that satisfactorily balances risk mitigation, user convenience and industry efficiency and suitability.

If this can be achieved, it will not be necessary to locally store or print unsigned documents and an industry protocol about signing documents sufficiently in advance of the scheduled settlement time will be better than a system control in NECS that prevents settlement if all Subscribers don’t have sufficient time to review

workspaces and signed documents to satisfy themselves on behalf of their respective Clients that the settlement should proceed.

The overall issue is what procedure for un-signing and re-signing documents is going to satisfy the requirement of being able to review and adjust workspaces and signed documents prior to settlement and thereby maximise the take-up and use of NECS. Unlike documents prepared on paper, an electronic document in NECS cannot just be torn up and another one prepared!

12

This approach avoids the risks inherent in transferring Certifiers’ digital signatures to NECS for document signing.

13

The National Electronic Conveyancing Data Standard currently being developed with LIXI Ltd.

14

The application of digital signatures to a document will be facilitated by use of an open source signing package such as CSI (Common-use Signing Interface) available at http://csi.business.gov.au/CSI/Welcome.asp.

15

(14)

4

Options: Five of the options for un-signing and re-signing documents are:

1. Workspace Data Change – meaning any change in the workspace to any data item included in a document by the authoritative supplier16 of that data item automatically renders the document invalid and, if necessary17, changes the status of the workspace to being not ready for settlement.

This option is the most convenient and efficient but is potentially open to abuse as a settlement could easily be frustrated by what was later claimed to be an accidental change to a workspace data item. Registry

Instruments in particular are likely to contain workspace data items for which the authoritative supplier is not the Subscriber responsible for the instrument.

2. Any Certifier Action – meaning any Certifier for the same Subscriber can “un-sign” it and thereafter any of the data items in the workspace used to create the document can be changed and a new version of the document prepared, certified and signed by the same Certifier, or another Certifier.

This option requires the workspace data items used in preparing a document to be locked from any change once the document is signed. It eliminates the risk of a settlement being accidentally or intentionally frustrated by a change to a workspace data item but allows for one Certifier to invalidate the signings of another Certifier for the same Subscriber. There would also be implications for any other participating Subscriber responsible for another signed document containing one or more of the same workspace data items.

3. Signing Certifier Action – meaning the Certifier who signed the document is required to un-sign it before any of the data items in the workspace used to create the document can be changed and a new version of the document prepared, certified and signed by the same Certifier, or another Certifier.

This option requires the workspace data items used in preparing a document to be locked from any change once the document is signed. It eliminates the risk of a settlement being accidentally or intentionally frustrated but may be inconvenient if the Certifier who signed the document is not readily available to un-sign it. There would also be implications for any other participating Subscriber responsible for another signed document containing one or more of the same workspace data items.

In the absence of the Signing Certifier, Option 4 would be available.

4. Subscriber Action – meaning a Subscriber if a natural person (or their Authorised Officer) can “invalidate” any document certified and signed on their behalf, after which data items in the workspace can be changed and a new version of the document prepared, certified and signed by the same Certifier or another Certifier.

This option requires the workspace data items used in preparing a document to be locked from any change once the document is signed. It avoids the need to have access to the same Certifier who signed the document and provides some additional risk mitigation by requiring another party to invalidate the signed document. It is also potentially more flexible in getting a document re-signed but introduces some inefficiency as the cost of that increased risk mitigation and convenience.

5. Subscriber Nomination – meaning Subscribers can nominate (when being registered to use NECS and at any time thereafter) which of Options 1, 2, 3 or 4 they wish applied to documents certified and signed on their behalf.

This option allows Subscribers to tailor their approach to their situation and their perceived need for risk mitigation, convenience and efficiency. A sole practitioner, for example, may be perfectly comfortable with Option 1 as he/she is in total control of all aspects of their business. A large financial institution or legal practice may however, prefer the increased control of Options 3 or 4.

Analysis: The five options for un-signing and re-signing documents in NECS offer increasing levels of protection against accidental and intentional system manipulation in exchange for increasing inconvenience for users and inefficiency generally when something needs to be changed prior to a scheduled settlement time.

The relative merits of each option can be assessed in terms of their relative risk, convenience, efficiency and suitability.

16

Each data item in a workspace is to be allocated an “authoritative supplier” by the Land Registry or NECS to ensure that once the item has been populated the data cannot be over-written by a Subscriber in a less authoritative position to know its accuracy. This is necessary to manage multiple user access to workspaces as well as to ensure the integrity of workspace data.

17

(15)

5

For maximising risk mitigation against error and/or fraud, Option 4 is preferred. This option ensures the Subscriber or their Authorised Officer is involved in the workspace change requiring preparation and re-signing of a new document. But this protection against error or fraud has a trade-off in less convenience and less efficiency. For maximising convenience without unduly reducing risk mitigation, Options 2 and 3 are preferred. A preference for the greater risk mitigation of Option 3 over Option 2 comes down to the size of the Subscriber’s business and the likely ready availability when required of the Certifier who signed the document needing to be changed. For maximum convenience and efficiency, Option 1 is preferred but there is a real risk of settlements being accidentally or intentionally frustrated.

For maximum suitability to the wide range of potential Subscribers, Option 5 is preferred.

Summary: Each of the options has benefits and disadvantages that can be summarised as follows:

1. Workspace Data Change Workspace data change renders document invalid

• Provides greatest convenience and efficiency for users

• Suits web services users

• Allows frustration of settlements by other Subscribers

2. Any Certifier Action Any Certifier for the same Subscriber can un-sign a document

• Provides some risk mitigation

• Suits smaller Subscriber

businesses where Signing Certifier may not always be readily available

• Allows frustration of settlements by Certifiers for the same Subscriber

3. Signing Certifier Action Certifier who signed document required to un-sign it with Option 4 available if Signing Certifier not available

• Provides additional risk mitigation

• Suits larger Subscriber businesses where Signing Certifier likely to be readily available

• Introduces some inconvenience and inefficiency

4. Subscriber Action

Subscriber or Authorised Officer required to invalidate document

• Provides greatest risk mitigation

• Suits Subscriber businesses using non-practitioner Certifiers

• Most inconvenient and inefficient

5. Subscriber Nomination Subscriber nominates which of Options 1, 2, 3 and 4 required

• Allows matching to Subscriber’s business needs and risk profile

• Maximises acceptability of NECS

• Dependent upon Option nominated

Conclusion: Which of these options is best suited to industry users can only be determined by industry stakeholders. While Option 3, with Option 4 as a back-up, provides a reasonable level of risk mitigation against frustration of settlements, industry may prefer the greater convenience and efficiency of Options 1 or 2, or the wider suitability of Option 5.

(16)

6

NPT FEEDBACK FORM – Document Signing

1. What is your general view on the options for un-signing documents in NECS? (Replace with your feedback)

2. How will your business or practice be affected by each of the options? (Replace with your feedback)

3. Which option do you believe is in the best interest of all parties? (Replace with your feedback)

4. What is your preference for the method of un-signing and re-signing documents in NECS?

(Replace with your feedback)

PLEASE RETURN YOUR FORM TO ... BY ... PLEASE RETURN YOUR FORM TO ... BY ...