Fraud is on the increase. The Autumn edition of the SRA Risk Outlook, has identified both internal fraud and client fraud as significant current risk issues. This is in line with the pattern identified across a range of reports in recent years - all showing a year on year increase in reported fraud since the economic downturn six years ago. According to the latest KPMG Fraud Barometer report (July 2013), fraud cases are up 38% on the same period in 2012.
The risks for lawyers are very real. Not only do solicitors risk reputational damage, and potential loss of business, they also risk losing time and money investigating frauds in which they have been implicated, and the cost of any resultant claims. Claims trends identified by Lockton confirm that fraud accounts for a far larger number of claims than was the case a few years ago.
According to the Financial Action Task Force report in June, solicitors are particularly vulnerable to frauds and scams relating to:
- misuse of client accounts
- purchase of property
- creation of trusts and companies
- management of trusts and companies
- managing client affairs and making introductions
- undertaking certain litigation
- setting up and managing charities
Property lawyers appear to be, yet again, bearing the brunt of the risk. While lender claims have been commonly acknowledged as the single largest source of claims against solicitors in the last 5 years, KPMG's statistics bear out insurer's continued emphasis on the risk of lender claims, revealing that loan and mortgage fraud remains a key driver of losses to financial institutions: actually increasing from £59m in 2012 to £160m in 2013.
Take positive action against fraud
While acknowledging the challenges that solicitors face in avoiding falling foul of fraud, there is a lot you can do to minimise your risks. Effective risk management is about tackling the weak spots in your systems and procedures without strangling your business with red tape. Fraudsters will seek out firms that they regard as easy targets. The more difficult you make it for a fraudster to slip through the net, the less likely you are to be targeted.
How well do you know your client? How can you evidence this? The client vetting process is a critical risk control. How do you perform identity checks on your clients? If you rely on photocopies of documents taken by your front office staff - have they been trained in what to look for? How do you know if the documents copied were genuine? How do you decide if you need to conduct any more comprehensive checks?
Your AML file opening process should risk score your client and transaction. It should provide a clear pathway to approval or escalation/referral. If you do not already use some form of AML checklist/workflow, consider downloading the simple table from our website. Simply log-in, and click on the Guidance tab.
Source of business
Is your client an established, well known client, instructing you in the type of work that is in keeping with who they are/what they do?
Be wary of introductions or apparent 'recommendations'. Social engineering is very easily achieved by virtue of information available on Linked-In, Facebook, blogs and the company website.
Ongoing transaction vetting
Ideally your AML/vetting checks should be refreshed periodically, and the transaction vetting process should not be a one-off at the commencement of the transaction. Particularly where there have been changes in instructions, revisit the logic of the transaction, and question materially inconsistent or unreasonable instructions.
Red flags include:
- the client that actively avoids personal contact without good reason
- client that instructs you where there is no particular nexus between you/the client or you/the transaction in question
- willingness to transfer funds or pay fees in advance/without legal work being undertaken
- funds being sent to/from one or more countries (especially 'high risk' countries) [with a high degree of secrecy]
- requests for payments to third parties without strong rationale
- involvement of third party funding without apparent connection or legitimate explanation
- disproportionate levels of private funding/cash, inconsistent with the individual
- over complex structuring of transaction without legitimate reasons
- undue pressure, often concerning apparently illogical/inexplicable last minute changes in instruction
While levels of internal fraud within law firms are far lower than the incidence of client fraud, the SRA report nonetheless flagged internal fraud as an area of increased risk activity. There is a frequently-quoted statistic that 10% of people in any given population are absolutely honest, 10% absolutely dishonest, and the remaining 80%, to variable degrees, are capable of being dishonest. The pressure of personal circumstances, or discontent with an employer, can often lead to a member of staff justifying their dishonest acts.
The same rules apply as for client frauds: eliminate opportunity as far as possible, and you will reduce the likelihood of your controls being tested. And remember, if is usually those who are most trusted who have the greatest opportunity to defraud.
Red flags include:
- members of staff apparently living beyond their means
- colleagues who are always in first thing, leave last, and rarely take holiday (at the very least, it is a sign of other claims related risks such as failing to cope with workload)
- suspicious patterns of transactions in the accounts
- suspicious patters of expenses claims
- multiple disputed fees relating to the one fee earner
Effective supervision - both active and passive, including audits of files, complaints, accounts and disbursements are valuable tools in the armoury.
Theft of the firm's own money can be as much an issue as theft of client funds. Cash-room procedures should be designed, insofar as possible, to require two people to sign off/complete cash transactions and/or build in effective audit processes.
You may also wish to check whether you have insurance cover for theft of the firm's own funds. This is not included in all PII policies, so if in doubt, check with your broker.
For more detailed advice on managing a range of fraud risks, log-in to the LocktonSolicitors website, and check out the various practical resources we have on offer. For more information, contact your Lockton Broker or email Calum MacLean, Risk Manager for UK Professions.