ARTL: friend or foe?
Against a background of property-related Master Policy claims, some questions to Registers of Scotland regarding ARTL and risk management
Over 70% of all intimations under the Master Policy in the last two years have related to property work. The Society’s Insurance Committee recently set a target to eliminate certain recurring causes of claims. All relate to property work. Does the use of ARTL impact on the likelihood of certain types of claim, either positively or negatively?
One of the main advantages of ARTL is how quickly a deed can be registered. The process can be done in minutes if necessary, and confirmation of registration is sent out to agents within 24 hours. This has a number of risk management benefits. For example, the speed of registration reduces the danger of another deed winning the “race to the register”, and consequently the risk inherent in granting letters of obligation.
ARTL also offers the option of a data feed, providing lenders with tracking of registered or discharged securities. This substantially reduces the risk of a security or discharge failing to be registered, as it should alert the lender to any failure on the part of their agent to present deeds timeously and allow them to take action at an earlier stage.
So, Registers believe that ARTL has definite risk management benefits in relation to the problems of late and non-registration of deeds. Are there any other perceived benefits? For example, in relation to mortgage fraud, currently a particular concern for insurers?
Mortgage fraud comes in various guises. One of the most common is when a fraudster forges and then registers a deed discharging a standard security, usually over property in the fraudster’s name. To avoid raising suspicions, the fraudster will continue payments on the standard security whilst marketing the property. The solicitors in the sale transaction will notice after examination of title that there is no outstanding standard security on the register. After completion of the sale the price is paid to the seller, who does not repay the loan but then stops making payments on it, thus making a profit. It may therefore be some time before the creditor becomes aware of the fraud.
ARTL can help prevent this situation because it is not possible for such a fraudulent deed of discharge to be registered through ARTL. The system requires the discharge to be digitally signed by the lending institution and it would not be possible for a fraudster to present their own discharge for registration. This ensures that all discharges submitted for registration via ARTL have been approved by the appropriate lenders, thereby reducing the potential for fraud.
How does the ARTL process compare,in terms of risk and risk management, from the traditional registration process?
ARTL imposes a procedural framework on the registration of deeds – and in that sense, risk management procedures are inherent in the ARTL process. ARTL tracks every stage of a registration transaction, including the creation of a deed, the completion of the statutory questions, the signing of the deed, the payment of registration fees and then the final registration itself. All these steps can be traced back to the individuals who carried them out, therefore providing an audit trail. In that sense, it is very similar to a case management system. It can be used in whatever way the licensee (e.g. legal firm, lender) requires to fit their own risk management profile, as it is possible to give different levels of permission to specific members of staff – thus incorporating a degree of risk control through the allocation of permissions to particular staff.
Registration of deeds via ARTL is analogous to a paper-based transaction, in that solicitors are acting as agents for the applicant and the same basic rules of agency apply. As in any transaction, agents should ensure that they have their clients’ explicit instructions to do anything on their behalf. Solicitors should consider carefully to whom they will delegate any element of an ARTL transaction. As already emphasised, the system allows flexibility as to how permissions are set. However it is expected that the crucial parts of the transaction (i.e. confirming the answers to the statutory questions, signing the deed, authorising payment of fees and the final registration request itself) should be actions undertaken by a solicitor or trusted senior employee.
The essential difference is that under ARTL, deeds are digital and execution requires the application of a digital certificate to create a digital signature. These digital signatures are adhibited by solicitors acting under mandates from their clients. Lending institutions will execute discharges using their own digital signatures. The digital certificates are held on smartcards provided by RoS which are PIN-protected for security.
Current versions of the ARTL mandates approved by the Society’s Council in terms of the rules can be downloaded from the Society’s website.
There has been a lot of press comment regarding the increase in cyber crime and the prevalence of online fraud. Can you allay possible concerns regarding security risks of an online system?
ARTL has been developed in line with best practice e-Government standards, and includes methods for authenticating individual users at the time they are enrolled.
There is a strict process of limiting access to ARTL to verified professional users, and the issue of high security “digital certificates” is strictly controlled. It is therefore very difficult for fraudsters to hack into the system – Registers of Scotland have used the highest security system design to minimise this risk. A number of other features also make illicit use of the system almost impossible, or certainly at least as difficult as in a traditional transaction. For example: ARTL is fully audited; it requires two parties to interact with RoS to transfer a title; and lenders can receive a daily data feed of all relevant transactions. The system can be set so that security deeds can only be signed by a verified lending institution, thereby ruling out the possibility that a fraudulent or even careless solicitor could remove a security without permission.
RoS sets high standards for the operation of ARTL. The digital signatures used comply with the criteria for an advanced electronic signature as defined in the Electronic Communications Act 2000. RoS directly manages registration of licensees and authorisation of users (e.g. solicitors and bank staff), to control access to the system.
ARTL has been accredited for both tScheme (www.tscheme.org, an independent, industry led scheme which regularly tests ARTL’s online security against a range of strict criteria) and the technical standard ISO27001. These assessments cover not only the quality of the ARTL technical solution but also the policies and procedures for management of the system and the controls on its use by administrators and users.
Even if you consider that external threats have been addressed, what about internal risks – for instance, the risk of misuse, by either authorised or non-authorised personnel?
RoS staff make personal visits to law firms, mortgage lending institutions and local authorities that want to use ARTL, and validate the identities of persons who will act as local registration authorities (LRAs) in face-to-face meetings. Trust is a key element of any security/encryption system and the personal identity check is necessary for the creation of bonds of trust between RoS and LRAs.
This trust is continued by the delegation of authority by the LRA to the authorised users within the law firm etc. As already explained, it is possible to adjust the level of permission for access to ARTL. Obviously there will still be a danger (as there is in any paper-based system) that someone will abuse their rights to access the system by carrying out transactions that they are not authorised to do. But the audit trail designed within ARTL allows any actions to be tracked back to individuals in a way that would not be possible in a paper transaction, so the risk of abuse is less likely.
An audit trail is very important for solicitors, particularly if a complaint or claim arises. How does ARTL provide for this?
ARTL doesn’t track every step of a property transaction, so it is not a substitute for a case management system or proper file management. However, it does provide a clear audit trail for the registration aspects of a transaction. An ARTL user can save and print copies of digital deeds and any transaction screen during the transaction for their own records. Complete audit trails and logs are kept by RoS.
All digital deeds created by the ARTL system are retained by RoS and official copies can be produced if required, for example as evidence for the courts. The ARTL (Electronic Communications) (Scotland) Order 2006 amended the Requirements of Writing (Scotland) Act 1995 to ensure that all parties may rely upon electronic documents and digital signatures within ARTL in the same way as they currently do upon paper deeds signed by handwritten signature.
A number of your arguments in favour of ARTL seem to assume that users are highly proficient in all aspects of the operation of ARTL. How does RoS ensure that users have the necessary confidence and support to use the system?
RoS offers extensive ARTL training and familiarisation at the customer’s premises as well as providing online training modules accessed through the RoS website www.ros.gov.uk/artl . A full online training environment mirrors the ARTL system in all respects and, together with extensive “step-by-step” user manuals, ensures that users have the ability to practise using ARTL and gain the necessary confidence in the system before they attempt a live registration.
Further information about the operation and legal framework for ARTL can be found at www.ros.gov.uk/artl/legal.html .