Finch digital forms and contracts become a New Homes Quality Board accredited supplier

Finch: NHQB accreditation

Finch are delighted to be the latest supplier accredited by the New Homes Quality Board for
their services in providing digital forms & contracts to home builders and their agents.

Created following an all-party parliamentary group which outlined concerns with the new
build industry, the NHQB established a New Homes Ombudsman Service and industry code
of practice called the New Homes Quality Code (NHQC). The framework, which is endorsed
by the government – oversees reforms in two areas: the quality of new homes, and the
customer service provided by developers.

The Finch new homes reservation form provides clear, concise, and timely information to
buyers so that they may properly understand the reservation agreement, and understand
what to do or who to speak to if they have any questions. Finch can therefore help
developers and agents align to NHQC principles, particularly those of customer service, and

Alexander Ali, chief executive officer at Finch, said: “We’re delighted to be supporting the
aims of the New Homes Quality Board by providing software driven digital forms rather than
paper templates for the communication touchpoints in the buying journey. Buyers who use
Finch for their reservations get a great customer experience and builders can secure sales
even when their offices are closed, from anywhere in the world. It’s a win-win.”

Leon Livermore, chief executive officer at the NHQB, said: “We’re thrilled to announce Finch
are now one of our Accredited Suppliers. Not only will Finch be able to boost developer’s
customer service and transparency, which are two key aims of our Code, but we also trust
they share the same mission as us in increasing the quality of the housebuilding sector for

Finch's digital reservation form helps you secure the sale:
  • Give buyers a link so they can reserve anytime, anywhere
  • Delivers the required documentation to the buyer
  • Collect a reservation fee cleared into your bank account using faster payments, no charge backs
  • All your reservations recorded in a secure database
Try the reservation form now and see the difference for yourself:
Digital forms trusted by:

Email threats facing estate agency in 2022

Email is one of the biggest cyber security challenges facing not just estate agents but all businesses today. Research conducted by Microsoft indicates that over 90% of cybercrime begins with email, so it’s important that every organisation has a plan to prevent these threats reaching staff.

The reason email is the prefered choice of cyber criminals is simple – it bypasses the technical measures and protections your IT administrators have put in place and preys on the social fallibility of people working within the organisation to unknowingly breach your cyber security.

A sophisticated or targeted breach can be devastating, with criminals then able to embed themselves within your IT estate, sometimes installing backdoors making themselves perrenial, which can then require a complete rebuild of networks, devices, and infrastructure to ensure bad actors don’t still have access to your data. Late last year, the conveyancing firm Simplify was victim to a cyber security incident which directly obstructed business for weeks and ultimately took months to fully remedy. I observe now that solicitors have created landing pages allowing canned legal claims against Simplify for the disruption caused to property transactions, which I’m sure is one of many knock on effects from this incident which has distracted Simplify from its core business for much of this year.

This is why paying attention to your cyber security practices proactively is so important: because if you are unfortunate enough to suffer a breach, despite you being a victim of crime, the attention of your customers and the media will not be of pity, but rather of skeptism regarding your processes put in place to prevent the breach (e.g. security), and measures applied to minimize the damage should there be one (e.g. encryption). Don’t be one of the businesses closing the stable door after the horse has bolted, much like Uber, seen hiring for an increased number of cyber security professionals following their breach this month.

So how are the criminals breaking in?

1) Spear phishing

“Hi it’s Alex here, landlord at 13 Kingston Road. You and I spoke last Thursday about my rent payments. I need you to change my bank details…”

Spear phishing is a targeted, often researched cyber attack. The research allows the criminal to appear legitimate to your member of staff. This is a particular threat to agencies who tend to communicate personally identifiable information about their customers, or the nature of their business via email. Bear in mind, if a hacker has gained access your clients email, they may know a huge amount of information about names, places, dates and amounts that would lead you to believe the communication is genuine.

2) Business Email Compromise

“Hi John it’s Mary here at accounts. The supplier at Queen Street have issued this invoice and it’s urgent we pay this today…”

Business email compromise is an advanced form of spear phishing where the criminals will impersonate key members of your staff, either to other staff in your organisation or to your clients. This attack is most commonly seen in the property industry as fraudsters sending false bank details during the conveyancing process to persons about to commit to a transaction, such as a deposit.

3) Ransomware, trojans, malware

“There is a tax issue on your account. Click this link or face legal consequences”

Usually the first phase in an attack, the criminal will attempt to trick a member of your staff into opening an attachment or link which causes their computer to run a malicious program of software (malware). Because the program is running within your IT estate, it is often the case that such programs can run rampant stealing, damaging or holding to ransom your business data across all departments. Many businesses are surprised that their backup and disaster recovery plans fail entirely when faced with ransomware – which can end up unfortunately ransoming the backups and cloud-stored data as well if they are not properly protected. Fortunately, your IT administrator can help protect against this by running and maintaining anti-virus software, but do make sure this is running on all devices (difficult when staff are using their own phones!).

How can we improve?

Don’t rely on email for communicating sensitive business transactions. Use it to arrange people into safe spaces to conduct business, such as face to face meetings or secure property technology platforms where the identity of your customer is verifiable.

Most agents I have worked with have been using Microsoft Outlook as their app for working with email. By integrating property technology into Outlook directly, we can help make email more secure.

  • Clients will always end up using email to communicate with your business, even when other solutions exist, such as a portal app. They will take the path of least resistance to them and follow the process they are the most familiar with. Access to email is ubiqitious, access to your app might not be.
  • Thus, your staff will receive requests for account changes or personally identifiable information via email. It’s easiest if your staff can respond intuitively from within Outlook to close the opportunity for a potential threat to be realised.
  • For instance, when receiving a request to change bank details, your staff can now be prompted with your (customizable) notices to them helping them further secure that request, like so:

If you’d like to learn more about how Finch can protect your organisation from email threats, please get in touch, or join our newsletter for more tips.

UK Right to Work from October 2022

Using innovative technologies to onboard British employees

According to law, all UK employers must complete right to work checks for new British employees. The right to work process includes collecting and verifying documentation for an employer to confirm that the job applicant is allowed to work for them. In fact, employers can face a civil penalty if they employ an illegal worker or have not carried out the correct right to work check.

Until now, interviews with potential candidates and right to work checks were required to happen face-to-face, again prescribed by the government. One of the main reasons for this was that both the identity of the applicant and the documents they provided needed to be verified in person.

During the restrictions put in place as a result of Covid-19, the government permitted virtual right to work checks, but this will be ending soon. The country will be reverting back to a face-to-face process, barring a few approved virtual right to work check vendors.

Using innovative technology, we have developed an app that we believe will streamline and improve the onboarding process for British employees.

The information-gathering needed for British recruitment

After a face-to-face interview and if the applicant is successful, a right to work check must take place. The successful candidate must send the employer documentation to prove their right to work. The applicant must then visit the employer’s office with original versions of all the documents previously provided, and the employer must then conduct laborious checks on each document.

Employers are required to check the following during the right to work check, as per UK law:

  • They must check that all the documents provided are genuine, original, unchanged, and belong to the applicant in a face-to-face meeting.
  • They need to check that the dates on the applicant’s right to work in the UK have not expired.
  • Employers must ensure photographs are the same across all documents.
  • They need to check that the applicant has permission to do the type of work offered, including any limitations on the number of hours they can work.
  • In the case where the applicant is a student, the employer must be provided with evidence of their study and vacation times.
  • If the documents presented have different names on them, the employer must receive supporting documents showing why they’re different.

Perhaps the most frustrating part of the right to work process for both the employer and the new employee is that if any step in the process is missed or occurs incorrectly, the process has to start over from the beginning.

How Covid-19 changed the onboarding of British employees

When the Covid-19 pandemic hit the UK, harsh restrictions were put in place by the government, including total lockdowns. As restrictions eased and companies could function again, the government made provisions to allow the right to work checks to happen virtually.

From 30 March 2020, the government allowed employers to conduct interviews virtually via video call platforms like Zoom or Microsoft Teams. They were also permitted to conduct a provisional right to work check via video call, where the applicant was required to hold up their original documents to the camera for verification. It was also permitted that Identification Document Validation Technology (IDVT) could be used to carry out the checks.

However, employers must still conduct a face-to-face verification of the applicant’s documentation as soon as possible following the remote check. Following the end of temporary Covid-19 measures, a deadline will be enforced for right to work checks conducted provisionally to be completed either in person or using post-pandemic rules.

What changes post-pandemic?

When restrictions eased completely, and the UK economy settled into the new norm, the government released new guidance that, from 17 May 2021, virtual right to work checks were no longer allowed. They stated that the face-to-face process was to be restored.

However, after some consideration, the guidance has changed once more. Virtual right to work checks are still permitted until and including 30 September 2022. Thereafter, right to work checks must either happen in person or through government-approved technology vendors.

From 1 October 2022, employers can conduct right to work checks and onboard new employees remotely through complaint digital trust frameworks. For the first time ever, employers will be able to conduct the right to work check entirely remotely.

How a Right to Work app changes employee onboarding

We have developed an app that we believe is the perfect alternative to face-to-face and video call right to work checks. The face-to-face process is archaic and unnecessary, and holding up documents on a video call is a risky way to verify someone’s right to work information.

The Right to Work app is an innovative remedy as it allows for the entire right to work check process to happen virtually on one secure app. Right to Work is a fully digital, remote complaint solution that allows for the right to work check to happen virtually. It also ensures that every step of the right to work check is completed in full and accurately, preventing the employee and candidate from starting over again as mistakes won’t be made – this ultimately saves time and money.

Right to Work allows employers to provide successful applicants with their job offer, letter of employment, and contract – which they can sign electronically on the app. All records of the documents in the right to work check process are stored safely in our vault, which can be accessed by HR.

You’re also able to verify bank details for payroll, capture ID in a compliant way with the UK digital trust framework, and have all documents signed electronically.

Now available – Finch 2022.1.1

Our January 2022 release is available right now. Here’s what’s new:


  • When using the Outlook integration, the salutation line on email templates can now always be generated automatically rather than having to overtype it


  • Fixed an issue on iPhone where some vertical screen space may be used up unintentionally for data collection users
  • Fixed an issue where our address service provider would provide both the county and town as “London” for a set of post codes, providing an unnaturally reading address

Now available – Finch 2021.12.1

Our December 2021 release is available right now. Here’s what’s new:


  • Received data fields can now have corrections made onto them directly by staff with the relevant permissions. Originally supplied values are always still shown.
  • Added HM Land Registry Business Gateway integration which allows UK proof of address to be verified digitally

Now available – Finch 2021.11.1

Our November 2021 release is available right now. Here’s what’s new:


  • Added ability to attach custom data sets into workflows which can then be used to provide defaulting to fields supplied by staff and recipients and lookups within content and reports.

Now available – Finch 2021.10.1

Our October 2021 release is available right now. Here’s what’s new:


  • Refreshed the look and feel of all transactional/notification emails and added white labelling support to them
  • Developed visual no-code workflow editor
  • Added collaboration pane to the display of collated data which allows staff to communicate, use “@ mentions” and make referrals to other departments
  • Added support for the user input of dates during data collection processes
  • Added support for recipients to be entered directly via Finch rather than using Outlook
  • Added support to stagger the dispatch of calls to action between parties
  • Added ability for address entry validation to be relaxed for the capture of address data in the UK without postcodes (e.g. plots)
  • All ISO-3166-1 country codes added for interactive user address entry
  • Custom legal declarations can be configured when signing documents

Now available – Finch 2021.8.1

Our August 2021 release is available right now. Here’s what’s new:


  • Administrators can now specify security rules for which folders users will have access to, and what permissions users have within a folder
  • All transactional emails sent by Finch now include the customer logo and have been cosmetically improved
  • Improved the dynamism of email templates used when composing a new file

110+ data points collected by lettings agents up to instruction

I decided to try and answer a few questions for myself. 🤔

  1. Just how much data, exactly, are letting agents collecting prior to instruction?
  2. How much of this data is regulated/subject to compliance rules?
  3. What risks, issues and problems have I seen agents encounter surrounding these data points?

I found that for a potential new business enquiry involving a single individual landlord, an agent is already looking at collecting over 110 fields of data with 72 of these within regulatory scope of at least 14 acts of parliament, where malpractice in collecting or handling this data, either deliberate or accidental, can lead to unlimited fines, fines chargeable to company officers, and/or prosecution leading to criminal liability and potentially jail time 😲!

It’s easy to think you’d have to be a bad egg indeed to get sent down to funky town on a charge sheet for “didn’t collect data properly”. I’ve never met anyone yet in the industry who isn’t trying to do their best work for their clients. But the potential value and opportunity for fraud within property transactions can bring criminals to you, who may be attempting to launder money or fund terrorism. We need to be vigilant and thorough in our checks on who we are doing business with and ensure continuous compliance.

I’ve decided to share my analysis as a spreadsheet with the community as a resource to help those in and out of the industry understand:

  • The day-to-day challenges faced by negotiators and valuers as they look to onboard new business. There’s a lot of information there to gather and we don’t want to burden our new prospective landlord with doing too much of this.
  • What regulations apply to data collected by agents. Disclaimer – this document is a research piece, not legal advice. It may be inaccurate (I hope someone will tell me if I’ve made any obvious mistakes!) or out of date. Speak to your legal team to ensure you are currently compliant.
  • What risks apply to onboarding data during and after collection.

If you find this useful, please let me know. You can find me over on LinkedIn.

Now available – Finch 2021.7.1

Our July 2021 release is available right now. Here’s what’s new:


  • Users can now set their preference on which folder they create flows into by default
  • First time users can have their folders defaulted based on their Active Directory profile
  • Added anti-spoof (presentation attack) detection to ID capture
  • Created a variant of our Outlook add-in which runs as a native Windows application. This is easier to deploy in certain enterprise scenarios.
  • Updated the Open Banking user flow
  • Improved the usability of the vault folder list when handling large lists of folders