Defending against fraudsters
By David Knapp
T he last five to ten years has seen an ever-increasing wave of fraud and cyber-crime affecting lawyers and their clients. Computer crime has been around for many decades, but the general feeling was that you were unlucky to be targeted and even more unlucky to be involved unwittingly or otherwise in a crime of this type. The general feeling of those who are looking to prevent computer related or cybercrime, is that you are lucky if you are not a target. The largest investment that the vast majority of people make is in property, and as consumers we are remarkably relaxed in the way we approach spending such a huge sum of money. The average viewing time of a property by a prospective buyer is probably no more than 45 minutes, and in many cases, decisions are made on one viewing. To an extent, solicitors have had a similar approach which is borne out by the statistics that show the huge number of solicitors’ professional indemnity insurance claims are due to mistakes made in residential conveyancing. Wise solicitors started introducing efficient and reasonably sophisticated case management systems, and carrying out identity checks of their clients, some 15 to 20 years ago to try to reduce and eradicate the mistakes that were being made. As the benefits became apparent, the professional indemnity insurers began to flex their muscles by giving preferential financial treatment to those solicitors who were able to demonstrate they had such case management and quality procedures in place by reducing their premiums.
STANDARDS
In subsequent years what started off as the British standard kite mark for lawyers has expanded to LEXCEL accreditation, ISO and the Conveyancing Quality System (CQS) for many areas of law but most importantly, from a practitioner’s point of view, for conveyancing. Recently the Law Society introduced a requirement for all CQS accredited firms to produce a core practice management standard manual to cover residential conveyancing work. This is very much in line with the LEXCEL quality manual which solicitors have to write and perform on their becoming LEXCEL accredited. As time goes by there will be more organisations that require a similar type of management standard document to be prepared to ensure that standards are heightened to reduce to a minimum any form of fraud and the ensuing loss. Sadly, the fraudsters will often be a step ahead of the practitioners just as in athletics drug cheats are ahead of the testers, as they wish to continually gain from their illegal acts. The concerns are that not all lawyers are members of the CQS nor have LEXCEL or ISO accreditation, meaning that they are very susceptible to attack from criminals in the various ways available. In order to retain accreditation to an organisation such as LEXCEL, ISO and CQS, a law firm is audited annually with re-accreditation each year being required. The visits by the auditors are very in-depth and all firms therefore have to continually maintain their standards and regularly visit, update, and change their manuals. It is necessary to ensure all staff are fully compliant, which can only happen if they have full knowledge of the quality standards and obligations contained within the various manuals.
COMPLIANCE BURDEN
In order to be sure that fee earners are complying in all regards, there is a need to carry out regular random audits on files with the various accreditations requiring a different number of random file audits per year, per fee earner. As each organisation produces its own practice manual the number of audits of files has increased. The audits are extremely useful as it does highlight issues that arise out of files from a compliance perspective. Since the introduction of the practice manual by the various organisations, with their own unique requirements, law firms have had to appoint people to specific roles. In particular these are the compliance officer for legal practice (COLP), the compliance officer for financial administration (COFA) and anti-money laundering officer in addition to the senior reporting officers that are required by the organisations. Lenders too have particular requirements with regards to their panel obligations which are similarly put in place for compliance and risk purposes. Some of these tasks can be outsourced externally, which some firms are more comfortable in doing than others. Those that do not outsource need to appoint people from within and so this will either take lawyers away from fee earning work, or specialist individuals will be appointed in order to fill these roles. Over the years Hart Brown’s compliance department has expanded to cater for the various roles, but in addition we have had to appoint new lawyers to fill the spaces of those existing lawyers who have also been moved across to fill the roles. In times of pressure on fees, the cost of compliance is increasing annually and for some firms this can have a major impact on the profitability of a firm.
INCREASING FRAUD RISKS
There is no question that these roles and compliance are absolutely critical to the protection of clients and firms. The impact of fraud has a devastating effect on the public who are caught out, the lawyers who are unwittingly involved and all firms in the UK, as insurance premiums are rising as a result of professional indemnity insurers having to cover their losses from claims that are made. There have been many cases highlighted in the media in the last few years and generally speaking those that do reach the media relate to big monetary figures. Fraudsters prey on those who are under great pressure and often the mistakes that have led to the fraud being perpetrated are careless mistakes caused by the pressure under which lawyers and their staff are put under. Without having a stringent set of internal and external compliance rules, the possibility of fraud is heightened dramatically. One doubts that fraud will ever be completely eradicated from law firms, when so much money can change hands at the press of a button. Compliance is clearly here to stay for as long as cyber-crime, fraud, or any financial risk exists and compliance is bound to become tighter and tighter as time goes by. Firms cannot bury their head in the sand and hope that they will never be affected. We are conscious that some firms do not follow as safe a practice as they could, which is very worrying. On looking at the detail of some of the published cases involving massive sums of fraud, it is very concerning to see how lax some firms processes and procedures are.