Fraud schemes, including check counterfeiting losses, cost U.S. companies and financial institutions more than $10 billion annually. The number of fraudulent checks presented increased 28 percent last year, according to an American Bankers Association fraud survey. Often the perpetrators escape detection and/or prosecution, leaving the bank or the customer to incur the loss. Applicable law and contractual relationships may place liability on either the bank or its customer (the attorney/law firm) for fraud losses, depending on the facts specific to that loss. Attorneys, specifically, are often targeted by counterfeit check schemes. This is because we routinely represent a broad array of clients and handle large dollar transactions. These wide variations allow perpetrators to more easily slip by, undetected, as they attempt to infiltrate our operating and IOLTA accounts.
In today’s day and age, attorneys need to be vigilant as financial crimes continue to increase in frequency and sophistication. If strict protocols are not followed, attorneys who fall victim to these crimes could themselves face possible charges of malpractice, possible ethical violations, and could be held civilly liable for the missing money. With advanced computer technology on the rise, fraud artists can now counterfeit checks and perpetrate fraudulent schemes with greater ease than ever before. This article is meant to serve as a warning for solo practitioners and larger firms alike. It will also serve as a guide for what to look for and what you can do to prevent your firm from falling prey to these financial predators.
Types of Fraudulent Schemes
Counterfeiting is one of the most rapidly growing areas of check fraud. Since business checks are circulated with company checking account numbers and authorized signatures in “plain view,” scam artists have access to all the information they need to produce a counterfeit check. Using basic personal computers, Internet technology, computer software, color copiers and color printers, the perpetrator can easily produce counterfeit checks substantially or completely identical to genuine checks.
Fraudulent schemes targeting attorneys, typically, but not always, involve a new “client” contacting the attorney for possible representation. The “client” will typically describe an unremarkable factual scenario which, on its face, makes sense and requires legal representation. Shortly thereafter, the attorney will receive a purported cashier’s or corporate check (usually for an amount in excess of $100,000) consistent with the set of facts described by the “clients.”
The purported check will look legitimate, may appear to be drawn on a large, well known bank, and may contain little or no clues as to its fraudulent nature. The “client” will have instructed the attorney to deposit the check into their attorney trust account and wire the proceeds (minus the attorney’s fee or commission) to the “client” at a bank outside of the United States. Generally, the attorney will receive a phone call, text message or email from the “client” shortly after the attorney received the check expressing urgency in having the proceeds wired to the “client”. After the attorney sends the wire transfer, the bank named on the purported check will dishonor the check and return it as a counterfeit/fraudulent item. The attorney’s bank will then debit the attorney’s account for the amount of the dishonored check. Please note that while the counterfeiting scheme has historically involved the “client” soliciting the attorney through the internet, other variations have occurred where the criminals have orchestrated the contact through an existing and legitimate client of the attorney.
The debt collection scheme involves a contact (usually by e-mail) to an attorney from the prospective “client”. The “client” purports to be a foreign corporation or individual that needs assistance in collecting a debt owed by an individual or entity located in the same general area as the attorney.
The scheme has multiple sub-variations, but usually results in the attorney receiving “payment” of the “claim” in the form of a purported cashier’s or corporate check. The “client” requests that the attorney to wire funds to the “client’s” account (typically overseas) as soon as possible. Some “client” may offer a larger “commission” if the attorney wires the funds on an expedited basis. The paying bank later returns the check as counterfeit and the attorney’s account is debited for the full amount of the check.
Real Estate Scam:
In this scenario, a foreign individual/entity seeks assistance in the sale or purchase of high end residential property. The “client” reaches out to a local real estate broker who then engages an attorney to assist in the settlement. The attorney once again receives “payment” in the form of a large dollar purported cashier’s check. Shortly after receiving this purported check, the attorney is asked to wire a portion of the money once again, usually overseas. The paying bank later returns the check as counterfeit and the attorney’s account is debited for the full amount of the check.
Altered checks are another common type of fraud that can affect a business. This scheme involves a perpetrator intercepting a check that the business has issued for legitimate purposes. He then uses chemicals to erase the amount, or the name of the payee, and enters new information. In many cases, the business’ failure to examine its own bank statements containing the altered check and its failure to report it as a fraud promptly, results in the attorney/firm being held liable for some or all of the resulting losses.
While many of the fraudulent schemes requiring the attorney’s active participation may be considered easier to identify and avoid, electronic bank fraud can often evade detection with greater ease. This is because there is no active participation required. Perpetrators can merely hack and attack our operating and/or IOLTA accounts via the Internet by initiating fraudulent Electronic Fund Transfers (EFTs) and Automated Clearing House transactions (ACHs). While sometimes the perpetrator will push through one large fraudulent transaction, often these Internet financial crimes occur by the perpetrator first making one or two attempts at small fraudulent transactions, usually under $100 and often under $20. If these small transactions go through uncontested, the perpetrator will then place an EFT or ACH request for a randomly selected large amount and however much is in the account that can cover the request will then go through with it. Once again, failure of the attorney to report the fraudulent activity in a timely fashion, as dictated by the bank, can result in the attorney being held responsible for some or all of the loss.
Attorney’s Liability For Fraudulent IOLTA Transactions
Most banks will cover personal account losses due to fraud if the suspected fraudulent activity is reported to the bank within 30 days of its occurrence. This is a general policy/guideline and while each bank is different, most provide some basic level of individual insurance/fraud protection. This individual protection typically provides for a reporting time frame that recognizes that it is unreasonable to expect an individual to review and balance their personal bank account more than once a month.
In the business world, the time frame banks allow for reporting this type of activity is significantly less than what is permitted for personal accounts. Once again, while each bank is different, many allow a business as little as 48 hours (from when the fraudulent transaction posts to the account) to report the electronic fraudulent activity (i.e. EFTs and ACH transactions). There are similar time restrictions on reporting fraudulent wires transactions (which can often be shorter than 48 hours) and on reporting fraudulent checks (which is typically greater than 48 hours.) Failure of the victimized business to report the suspected fraudulent activity to its bank, within the bank’s designated time frame, can result in the business being held liable for part or all of the loss.
For any business, a significant monetary loss due to fraud can be financially devastating. To an attorney, the consequences can be even more severe. Pursuant to the Maryland Rules of Professional Conduct (MRPC) 1.15 and Title 16 Chapter 600 of the Maryland rules, it is an attorney’s duty to ensure that the IOLTA account, where all client moneys are maintained, is protected and precisely managed. Such requirements include properly naming the IOLTA account (See Md Rule 16-606) and properly documenting any and all IOLTA account transactions (Md Rule 16.606.1). In addition, Md Rule 16-610 states that the institution where the IOLTA account is located is required to report to Bar Counsel any and all dishonored instruments coming from the IOLTA account. This means that if funds are fraudulently withdrawn from the IOLTA account and said funds exceed the balance of the account, the bank must report the overdraft to the attorney and to Bar Counsel. If the attorney, or their office, has failed to report the suspected fraudulent activity to the firm’s bank (within the bank’s allotted time frame) then the attorney could be held liable for the monetary loss by the bank, by the firm and by the firm’s clients. If the attorney can satisfy the missing amount, then they may be able to avoid a malpractice claim and/or ethical violation charge. However, if the amount fraudulently withdrawn is in excess of what the attorney can cover, then this failure to report the suspected fraudulent activity to the bank in a timely fashion (and subsequently satisfy the missing moneys), could result in the attorney facing charges of malpractice and/or ethics violations as it pertains to the management of the IOLTA account. While this specific ethical issue has not occurred in Maryland, it has been reportedly seen in other states and is of growing concern to Maryland practitioners.
Attorneys must protect themselves from this kind of monetary and professional liability. This includes being aware of our bank’s policies regarding fraudulent activity and the reporting of such suspected activity. Ask for a copy of the bank’s fraud policies and then implement a system within your firm to ensure that your bank accounts are regularly monitored in accordance with the bank’s reporting requirements.
Larger firms may have the luxury of an onsite bookkeeper who can review the daily transactions of the operating and IOLTA accounts via online banking. Smaller firms and solo practitioners, however, will likely struggle more with this burden. Diligence in monitoring our business accounts is crucial, but the practicality of running a busy business and a hectic trial schedule cannot be underestimated. As such, in addition to implementing an internal system, it would behoove most to consider contacting their bank and finding out what kind of additional fraud protections are available. This is especially true for EFTs and ACH transactions, which have the shortest reporting time period. The following section will address in further detail what you can do to protect yourselves and limit your exposure and liability should your professional accounts fall victim to fraud.
Ways Attorneys Can Avoid Falling Victim To Fraudulent Schemes And Electronic Bank Fraud
To avoid falling victim to these schemes, make sure to carefully scrutinize unsolicited emails and phone calls from individuals or entities with whom you have no prior dealings requesting your services, particularly if the email/phone calls originate from a foreign country or contain misspellings and grammatical errors.
When undertaking representation of an existing client, be on the lookout for any of the common fraud elements between your existing client and their purported client including:
- An apparent legitimate transaction, which may involve an individual/entity located outside of the United States
- Contact with the ultimate “client” almost exclusively done by phone, email or other electronic means
- Receipt of a large dollar cashier’s or corporate check
- The large check, or the envelope in which it is sent, in is handwritten
- Pressure placed on attorney from “client” to wire funds immediately after receipt of check
- Request that the funds be wired to an account outside the United States
- The potential to earn a significant fee/commission for little or no work
Take steps to independently verify the information provided by your “client”. For example, if the “client” asserts a claim against ABC Company in Hometown, U.S.A., that entity probably exists and using the name of an actual business will add legitimacy to the “client’s” story. Use the internet and sources other than those provided by the “client” to develop contact information for ABC Company. Once you have received the purported cashier’s check, contact ABC Company using your independently derived contact information and verify elements of the “client’s” story and the transmittal of the purported check. However, be careful when doing so and make sure to keep all communications limited so as not to possibly incur a separate set of ethical violations by improperly communicating with an opposing party. Make sure, as an attorney, that you use your best legal and ethical judgment when performing these verifications.
In addition, many of these fraudulent companies are now attempting to “validate” their appearance by loosely affiliating themselves with large legitimate corporations. Follow a similar verification protocol as described in the preceding paragraph to see if the association of the contacting corporation and the well-known company is legitimate. As always, make sure to limit the substance of the communications so as not to incur an additional ethical violation by communicating with a third party.
Using contact information you independently obtain, contact the bank named on the purported cashier’s check two times in this process. First, contact that bank once you receive the purported check, but before you deposit it, to see if they can verify that they did indeed issue that particular check (for a cashier’s check) or if it is consistent with their client’s checks (for a corporate check) After depositing the purported check, contact that bank a second time before you wire any funds. Ask the bank to confirm that bank has received and paid the purported check. Keep a record of what that the bank stated and the name and title of the individual with whom you spoke. Try to speak with an individual with sufficient authority and be clear on what they say.
Whenever possible, take steps to identify and verify “client” information. Ask yourself why the purported “client” seeks your services. For example, if your practice centers on domestic relations law, ask why a foreign company would contact you to collect a large commercial debt. Be suspicious of a solicitation that offers a relatively large fee or commission for little or no work. Finally, educate your staff to be on the lookout for these types of schemes.
If, after taking the steps outlined herein, you feel the transaction is probably OK and you desire to proceed, explain your concerns to your bank branch manager at the time you seek to deposit the purported check and ask to be put into contact with the bank’s corporate security office.
In addition to all of the above, law firms can take the following additional steps to prevent fraud loss. Some are notably easier to implement than others. That being said, when your client’s money, your money and your license are all on the line, it’s not hard to justify taking steps to protect yourself, your clients and your firm.
- Monitor your accounts daily and review the internal controls surrounding your payment processes. This is understandably one of the hardest and most demanding requirements of protection, especially for small firms and solo practitioners. However, it is these same small firms that can be hit the hardest and lack the ability to recover if a fraudulent ACH charge goes through and wipes out the entirety of the IOLTA or operating account. Most banks are easily accessible online. In addition, most allow you to group your accounts so that you can view your operating account and IOLTA account under the same business username and password. Logging in daily and taking five minutes in the morning or evening to briefly look over the day’s transactions for both accounts can ultimately make the difference in protecting your livelihood and your client’s money.
- Segregating payment and bookkeeping duties can add another level of security. This would mean having one individual/employee issue payments for your firm’s expenses and disbursements and then have a separate individual record the transactions and balance the accounts against the bank statements and daily online account activity. For many firms this is not a realistic option because they are simply too small. However, if you are a firm that has the resources and ability to implement this measure, an internal system of checks and balances within your business can reduce your fraud exposure.
- Establish clear check acceptance policies for clients. This policy should include delineation of acceptable forms of identification from your clients and dollar amount limits for checks from clients. Make sure to train your staff to carefully examine identification presented by clients and comply with the limitations on these transactions.
- If your firm prints its own checks as opposed to using the bank issued checks, make sure to carefully evaluate your check printing technology. Law firms still using pre-printed check stock with a dot matrix printer are at greater risk for check fraud. Laser printers that print on blank check stock offer greater security.
Contact your bank and talk to them about what fraud prevention products are available to you and your firm that can help you reduce your firm’s exposure. In addition, periodically review federal and state law enforcement websites to keep up to date on the newest innovations in fraudulent activity. Perpetrators of fraud understand these tools are available to potential victims and as such, they periodically refine and update their schemes so as to present less of the characteristics law enforcement has identified as signs of fraudulent activity. Reviewing these sites will allow you and your firm to stay up to date with the most recent refinements and allow you to avoid being the next victim.
- Check with your firm’s bank and see if they offer any “positive pay” services. These types of services allow a customer to provide the bank with information on all checks issued, including the dollar amount, check number and payee of each check. The bank then monitors all checks presented, to make sure the information matches the checks issued by the business. “Suspicious” checks are reported back to the customer before being paid. This could be an option that is particularly suited to the smaller practice that does not have the resources to devote to account monitoring.
- Similar services are available for ACH monitoring. Customers can set up “allowable ACH debits” that are permitted based on your approved vendors and dollar amounts. The customer can then instruct the bank to block all ACH debits that don’t match with the pre-approved vendor list and dollar amounts. Once again, this is an option that could be ideal for the small or solo practitioner who does not have the time or resources to monitor his or her operating and IOLTA accounts daily, throughout the year.
- Also ask your banks about what products are available to help you and your firm protect against internal fraud including options to segregate different functions of your accounts.
- As always, just because the funds from a deposited check are available in your account for withdrawal, this DOES NOT mean that the funds have cleared the account. For any large or questionable checks, make sure to follow up with your bank and ensure the funds have actually cleared before withdrawing any funds from your IOLTA account.
Every legal practice has a different set of resources and circumstances. Some firms issue or accept more checks than others. Some practices have staff members solely devoted to bookkeeping and financial management whereas others have employees wearing several hats. Then there are the solo practitioners out there who are the do-it-yourselfers that handle every aspect of their firm’s client, business and financial management. However, no matter what your size, every law firm and attorney should take fraud seriously. Each firm has to evaluate its’ own risk for fraud related losses. Create and implement a plan that works for your firm and ensures you the protection that you need. Contact your bank and find out what they can do to alleviate some of the burden and ensure the protection of your license, your money and your client’s money. In the end, it could make the difference between maintaining your successful practice and professional and financial ruin.